Re: Bind/Named 9.9 auth-nxdomain question

2017-11-10 Thread Mark Andrews
> On 11 Nov 2017, at 3:38 am, Tony Finch wrote: > > Filipe Cifali wrote: >> >> I'm trying to have an Auth Server that says the auth flags ('aa') even on >> NXDOMAIN. > > BIND (well, all DNS servers) have to do that. It doesn't need to be > configured.

Re: EDNS0 client subnet in BIND 9.10

2017-11-10 Thread Mukund Sivaraman
I'm not sure how ECS would be useful for load-balancing, as in the best case scenario it would require one to control every client side to send the client-subnet option. On Fri, Nov 10, 2017 at 04:44:10PM +, Tony Finch wrote: > Ben Croswell wrote: > > > > I have

Re: EDNS0 client subnet in BIND 9.10

2017-11-10 Thread Tony Finch
Ben Croswell wrote: > > I have looked through the ARM and found references to setting the option in > a dig. However I was not able locate options for sourcing that option on > the DNS server. BIND currently supports ECS on authoritative servers in ACLs for selecting

Re: Bind/Named 9.9 auth-nxdomain question

2017-11-10 Thread Tony Finch
Filipe Cifali wrote: > > I'm trying to have an Auth Server that says the auth flags ('aa') even on > NXDOMAIN. BIND (well, all DNS servers) have to do that. It doesn't need to be configured. See the first example dig output below. However the example query in your first

EDNS0 client subnet in BIND 9.10

2017-11-10 Thread Ben Croswell
I would like to use the client subnet option to overcome some hurdles related to proximity load-balancing. I have looked through the ARM and found references to setting the option in a dig. However I was not able locate options for sourcing that option on the DNS server. Is anyone using ECS

Re: Bind/Named 9.9 auth-nxdomain question

2017-11-10 Thread Filipe Cifali
On 11/10/2017 10:05 AM, Tony Finch wrote: Filipe Cifali wrote: I need to make an authoritative server that gives 'AA' flags to every query, I would need to set only auth-nxdomain right? Don't use auth-nxdomain, it has been obsolete for 15 years. Ok, I understand that

Re: Bind/Named 9.9 auth-nxdomain question

2017-11-10 Thread Tony Finch
Filipe Cifali wrote: > > I need to make an authoritative server that gives 'AA' flags to every query, I > would need to set only auth-nxdomain right? Don't use auth-nxdomain, it has been obsolete for 15 years. > I'm running this config: That looks like a recursive