be easy to convince people
this is a real problem.
(I've had better experiences elsewhere. And all of my friends and
family whose ISP's are not updated are using opendns.com.)
Chris Buxton
Professional Services
Men Mice
for
others. For example, setting allow-query to be more restrictive than
the defaults for the other two will restrict those two as well.
Setting either allow-recursion or allow-query-cache will usually set
the other to the same value.
Chris Buxton
Professional Services
Men Mice
On Aug 3, 2008
an
explicit named.conf if you want something other than the default
behaviors.
To make it run as a daemon but otherwise the same as above, simply
remove the -g argument from the command line:
/path/to/named -c /dev/null
It will log messages to syslogd if syslogd is running.
Chris Buxton
Professional
in named.conf.
Chris Buxton
Professional Services
Men Mice
On Aug 19, 2008, at 3:11 PM, JINMEI Tatuya / 神明達哉 wrote:
At Mon, 04 Aug 2008 16:12:47 -0700,
Doug Barton [EMAIL PROTECTED] wrote:
By default in FreeBSD the directory option is set to /etc/namedb (the
traditional name in *BSD
.
The OP should recompile, starting from the configure step. The
configure command must be given arguments setting prefix to /usr,
plus resetting the locations of named.conf and named.pid. Try './
configure --help | less' for a list of all available options.
Chris Buxton
Professional Services
Men
for negative answers (a cacheable SOA
record) and is required for referrals.
Chris Buxton
Professional Services
Men Mice
On Aug 26, 2008, at 11:04 AM, Luis Silva wrote:
Hi all! I'm detecting a strange behaviour in Portuguese server (at
least is
my opinion). I'm sending a query
server. As Mark Andrews noted on
this list not long ago, using RTT for forwarders is very, very tricky,
and often does not result in any kind of predictable choice of
forwarders from a list.
Chris Buxton
Professional Services
Men Mice
On Aug 29, 2008, at 12:12 PM, Thilanka Samarasekera wrote
your './configure' command
line from when you built BIND.
Chris Buxton
Professional Services
Men Mice
On Aug 30, 2008, at 5:26 PM, Robert Spangler wrote:
On Friday 29 August 2008 09:51, Larry Gross wrote:
1. /usr/etc/rndc.conf recreated. This is the one that rndc uses.
In a chroot env
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 2, 2008, at 7:49 PM, Robert Spangler wrote:
On Tuesday 02 September 2008 17:43, Chris Buxton wrote:
No, that's not quite it.
The problem here is that rndc is looking for the key in /usr/etc.
Which tells me that the build that created rndc
can completely merge the data. (There's no reason your Unix server
names can't live in, say, an Active Directory-integrated zone.
Chris Buxton
Professional Services
Men Mice
On Sep 4, 2008, at 10:22 AM, Wood, Mike wrote:
Hi All,
I'm fairly new to configuring bind, so please bear with me
query is coming from 127.0.0.1, and that address is probably not
listed in the allow-recursion ACL.
Chris Buxton
Professional Services
Men Mice
On Sep 4, 2008, at 2:16 PM, ListAcc wrote:
Hello,
For the life of me I can not find the details of the problem: I have
two servers in question
.
Views should only be used when necessary, and with full understanding
of their ups and downs.
One other note: The two query-source{,-v6} port 53 statements should
be removed. They are dangerous. allow recursion { any; } is also
generally a bad idea.
Chris Buxton
Professional Services
Men Mice
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 9, 2008, at 2:18 PM, Kevin Darcy wrote:
Chris Buxton wrote:
On Sep 8, 2008, at 8:11 PM, Kevin Darcy wrote:
If you are hosting zones to the Internet, then create a separate
view
for that (call it e.g. hosting or external), with a match
section, if there is
any conflict.
It is common for an authoritative answer to contain the NS records of
the zone containing the answer, along with any known addresses for
those servers.
Chris Buxton
Professional Services
Men Mice
On Sep 10, 2008, at 10:04 AM, Paul Vixie wrote:
i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 10, 2008, at 4:26 PM, Paul Vixie wrote:
From: Chris Buxton [EMAIL PROTECTED]
A name server may be authoritative for both a zone and its
subzone. Your
traversal tool is wrong - the server is giving an authoritative
answer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It was not recognized in BIND 9 version 9.3.0. With = 9.3.0, it
does, and it does check names. This was one of the 9.2-9.3 gotchas.
Chris Buxton
Professional Services
Men Mice
On Sep 12, 2008, at 2:17 PM, Cherney John-CJC030 wrote:
I'm
. Then if named is logging to /var/log (inside the
jail), you can access its logs at the path /var/log/named.
And you should turn SELinux off if you don't have experience
maintaining it.
Chris Buxton
Professional Services
Men Mice
On Sep 18, 2008, at 6:48 AM, aklist wrote:
File is relative
that for one or both instances.)
With views, each view has its own authoritative zones, its own cache
and resolver configuration (e.g. forward stub zones, root hints,
etc.), and optionally its own ACL's, keys, servers, and so forth. Each
view is almost a separate instance of named.
Chris
Why do you want this?
The setting that controls this is allow-query-cache.
Chris Buxton
Professional Services
Men Mice
On Sep 18, 2008, at 8:19 PM, [EMAIL PROTECTED] wrote:
I couldn't find anything obvious, which one is the setting to make
BIND
to respond to unknown zone queries? i.e
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Views are probably not the answer. Try allow-query instead:
zone backup.example.com {
type master;
file backup.db;
allow-query { restricted_networks_ACL; };
};
Chris Buxton
Professional Services
Men Mice
On Sep 23, 2008
likely possible to work around
this in some fashion, but you'll need to be creative.
Chris Buxton
Professional Services
Men Mice
On Sep 22, 2008, at 5:04 PM, Chris Buxton wrote:
First, do not use CNAME's for your name server names. That means, the
following is wrong and will not work reliably
then break its subdomains out into
even more files.
Chris Buxton
Professional Services
Men Mice
On Sep 23, 2008, at 2:00 PM, Michele Chubirka wrote:
Thanks. But one more question. We keep our subdomains in one main db
file. Can we break out one subdomain into a separate db file while
leaving
the right to bind to port 53; therefore, any interface that appears
after named drops privileges is unavailable. (You might be able to
work around this on Linux by setting capabilities [libcap2].)
Chris Buxton
Professional Services
Men Mice
than an appliance,
Men Mice Suite can provide that. It installs easily onto your
existing Linux (or other) DNS servers and offers:
- user accounts, with permissions
- auditing
- and much more
If you're interested, please contact me off-list.
Chris Buxton
Professional Services
Men Mice
The default for listen-on is { any; }. That's why it's listening on
your IPv4 interfaces. To disable this, use:
listen-on { none; };
To get it to listen on just a single IPv6 interface, have you tried
omitting the subnet mask? For example:
listen-on-v6 { ::1; };
Chris Buxton
Professional
That's right. However, it's performing the SOA query that precedes a
zone transfer from the first available IP. Set the query source for
each view:
query-source 192.168.1.7;
Chris Buxton
Professional Services
Men Mice
On Oct 5, 2008, at 1:24 PM, Jeff Palmer wrote:
Right, I
/)
Chris Buxton
Professional Services
Men Mice
On Oct 4, 2008, at 7:33 PM, seekuel wrote:
Hello,
Please take a look of this product.
http://www.infoweapons.com/
thanks
On Sat, Oct 4, 2008 at 11:16 PM, Larry Fahnoe
[EMAIL PROTECTED] wrote:
I did not expect quite such a spirited sub
and monitoring
products to make this more reliable, please feel free to contact me
off-list.
Chris Buxton
Professional Services
Men Mice
Probably not. If domain.com is actually a second-level domain
delegated from .com, and thus having an SOA record, it may not have a
CNAME record.
A CNAME record may not have the same name as any other record other
than RRSIG and NSEC, which are necessary for DNSSEC.
Chris Buxton
to list all of the names
of the public root servers. Just create a root zone that delegates
your private domain name, like this:
$TTL 1d
. SOA [put the 7 SOA data fields here]
NS your.server.foo.com.
foo.com. NS your.server.foo.com.
Chris Buxton
Professional Services
Men Mice
a common occurrence.
Chris Buxton
Professional Services
Men Mice
it. If you don't need it, then you're almost certainly better off
without it.
Your root hints file should just contain the actual root servers
(names and addresses, in the form of NS and A records).
Chris Buxton
Professional Services
Men Mice
the list archives for this topic, and specifically for a
message from Kevin Darcy where he outlined this in detail. One archive
of the list is available here:
http://readlist.com/lists/isc.org/bind-users/
Chris Buxton
Professional Services
Men Mice
On Nov 11, 2008, at 7:31 AM, Todd Snyder wrote
and so forth, please feel free to contact me off-list.
Chris Buxton
Professional Services
Men Mice
On Nov 11, 2008, at 9:25 AM, Steve Koon wrote:
I can get the total queries again my ESCAPIA.COM zone which is great
but
now I have been asked to report on the queries for certain A records
in the trusted
view.
If you absolutely must have separate views that contain the exact same
zones, make the external view of the master server a slave of the
internal view, and then use TSIG keys or {query,transfer,notify}-
source to allow the two views to talk to each other.
Chris Buxton
35 matches
Mail list logo
