:ma...@isc.org]
Sent: Tuesday, March 29, 2016 5:19 PM
To: Mike Bernhardt
Cc: bind-us...@isc.org
Subject: Re: BIND started replying to queries for .com with .COM
Your monitoring probe is broken.
STD 13 says that that the DNS is case preserving. The problem is that lots
of servers aren't case preserv
I rebooted one of our BIND VMs this morning. It's running BIND 9.10.3-P3. We
noticed that queries for domains with domain.com were answered with
domain.COM with the .COM in capital letters. Other high-levels like .org
were not changed. It caused a monitoring probe to complain because it wasn't
if it's possible
to build a virtual interface for the IP, but I doubt it.
-Original Message-
From: Tony Finch [mailto:d...@dotat.at]
Sent: Tuesday, March 15, 2016 5:40 PM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject: Re: PCS, Corosync, Pacemaker, and Bind
Mike Bernhardt <ber
My apologies, never mind :-{
I don't know what the problem was, BIND seems to load up just fine today,
even when the option addresses don't match the virtual address. I must have
screwed up something else.
___
Please visit
.@dotat.at]
Sent: Tuesday, March 15, 2016 5:40 PM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject: Re: PCS, Corosync, Pacemaker, and Bind
Mike Bernhardt <bernha...@bart.gov> wrote:
>
> I'm setting up a new CentOS 7 DNS server cluster to replace our very
> old CentOS 4
Anyone have some input on this? No one has commented so far.
-Original Message-
From: Mike Bernhardt [mailto:bernha...@bart.gov]
Sent: Tuesday, October 14, 2014 11:59 AM
To: bind-users@lists.isc.org
Subject: BIND resource requirements
We are currently using 9.8. We have had
We are currently using 9.8. We have had it on the radar to move to 9.9 but
it's been low priority since 9.8 is still supported for now. But in reading
about all of the alleged issues with 9.10.x as well as possible increased
resource use starting with 9.9.5, I would like to ask a question: We have
: Upgrading from 9.8.3 to 9.9.4
On 01/16/14 16:39, Mike Hoskins (michoski) wrote:
-Original Message-
From: Mike Bernhardt bernha...@bart.gov
Date: Thursday, January 16, 2014 4:09 PM
To: bind-users@lists.isc.org bind-users@lists.isc.org
Subject: RE: Upgrading from 9.8.3 to 9.9.4
or not.
On 01/14/14 12:16, Mike Bernhardt wrote:
Is there anything I need to know regarding changes in default
operation when upgrading from 9.8.3 to 9.9.4? I'm specifically looking
for changes that must be addressed in named.conf options in order to
keep an upgrade as transparent as possible
has no RFC1918, I would leave it to the default
setting?
-Original Message-
From: Mike Bernhardt [mailto:bernha...@bart.gov]
Sent: Thursday, January 16, 2014 1:03 PM
To: 'bind-users@lists.isc.org'
Subject: RE: Upgrading from 9.8.3 to 9.9.4
Am I correct in understanding that the change
Is there anything I need to know regarding changes in default operation when
upgrading from 9.8.3 to 9.9.4? I'm specifically looking for changes that
must be addressed in named.conf options in order to keep an upgrade as
transparent as possible.
Thanks,
Mike
Reading the section on delegation in the O'Reilly book, I'm confused about
something: The parent is configured to delegate the subdomain to the child
with glue records, etc. But how does the child know who to ask if a host in
the subdomain requests a record in the parent zone? They don't show any
...@gmail.com]
Sent: Tuesday, May 08, 2012 12:21 PM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject: Re: How does a child find its parent?
The child doesn't know it's parent and goes up to the root like any other
server would.
-Ben Croswell
On May 8, 2012 2:13 PM, Mike Bernhardt
I don't think the child domain is on BIND so that may or may not be an
option. But, good idea. Thanks for your help!
_
From: Ben Croswell [mailto:ben.crosw...@gmail.com]
Sent: Tuesday, May 08, 2012 1:16 PM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject: RE: How does a child
In order to save me poring through lots of archives and posts for the answer
to a simple question: Are there any differences between 9.7x and 9.8x that
require a change in named.conf configuration? The bottom line is that if I
want to upgrade from 9.7 to 9.8, are there any Gotchas that I need to
28, 2012 4:36 PM
To: Mike Bernhardt
Cc: 'Chris Buxton'; bind-us...@isc.org
Subject: Re: Configuring a domain slave to look up subdomain hosts
Stub zones record the NS list and associated address records for
the zone. Think of it as pre-populating the cache.
Forwarder clauses override the normal
[mailto:b...@borg1911.com]
Sent: Monday, February 27, 2012 4:59 PM
To: Mike Bernhardt; bind-users@lists.isc.org
Subject: RE: Configuring a domain slave to look up subdomain hosts
Original Message
Subject: Configuring a domain slave to look up subdomain hosts
From: Mike
, what is the
value of a stub zone?
_
From: Nex6 [mailto:b...@borg1911.com]
Sent: Tuesday, February 28, 2012 9:32 AM
To: Mike Bernhardt; bind-users@lists.isc.org; 'Mark Andrews'
Subject: RE: Configuring a domain slave to look up subdomain hosts
Original Message
forwarding is disabled in the parent zone?
_
From: Chris Buxton [mailto:chris.p.bux...@gmail.com]
Sent: Tuesday, February 28, 2012 10:34 AM
To: Mike Bernhardt
Cc: 'Nex6'; bind-users@lists.isc.org; 'Mark Andrews'
Subject: Re: Configuring a domain slave to look up subdomain hosts
On Feb
So, it seems that the stub zone only works as I expected if I disable ALL
forwarding- not just in the parent zone but also in global options. Is that
the expected behavior for a stub zone? It's not consistent with what you
said below.
_
From: Mike Bernhardt [mailto:bernha...@bart.gov
What's really strange is that when we attempt a query, be it DIG or an
attempt to browse tools.cisco.com, they send some sort of query back to us
from/to UDP 53. We drop it at the firewall due to some sort of sanity
check so I can't see the contents. This is in addition to the SERVFAIL
message.
A few options:
1: once the LB knows that all back-ends are down, it can continue to answer
with the correct A, but drop the TTL to be much shorter -- this allows
things to recover faster.
This would work well because the actually web site wasn't down, at least not
yesterday. If I substituted the
I'd like to suggest an alternative reason for the presence of those records:
The Perl script H2N will install them by default for every single host in
the zone file, unless you use the -M option to suppress their creation.
Obviously this has nothing to do with the value, or lack thereof, of those
Dumb question perhaps, but does this patch serve any purpose if one is not
using DNSSEC?
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
So is the general recommendation in this group to NOT implement an empty
SPF2.0 record (i.e., spf2.0/pra) just in case, as recommended in the
5-year-old openspf document referenced below?
-Original Message-
From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk]
Sent: Friday, June 19,
I attempted to delegate a subdomain last night, but it didn't work. When I
slave that subdomain it works fine, so I know that connectivity is not the
problem. The server is running BIND 9.3.4. Here is the dig response:
; DiG 9.3.4 +norec @athena adm.bart.gov NS
; (1 server found)
;; global
]
Sent: Thursday, May 07, 2009 10:17 AM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject: Re: Delegation not working
On May 7, 2009, at 9:31 AM, Mike Bernhardt wrote:
I attempted to delegate a subdomain last night, but it didn't work.
When I
slave that subdomain it works fine, so I know
;; MSG SIZE rcvd: 102
-Original Message-
From: Chris Buxton [mailto:cbux...@menandmice.com]
Sent: Thursday, May 07, 2009 12:19 PM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject: Re: Delegation not working
On May 7, 2009, at 12:06 PM, Mike Bernhardt wrote:
dig -x +trace @athena
12:38:05 2009
;; MSG SIZE rcvd: 129
Without +norec, it times out.
-Original Message-
From: Chris Buxton [mailto:cbux...@menandmice.com]
Sent: Thursday, May 07, 2009 12:29 PM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject: Re: Delegation not working
Your delegation $GENERATE'd
Bernhardt
Cc: 'Chris Buxton'; bind-users@lists.isc.org
Subject: Re: Delegation not working
In message f43437ad793b466c9f4f93830225f...@netadmin.bart.gov, Mike
Bernhardt writes:
I found the problem. After the various delegation config issues were
cleared
and it still didn't work, I started doing some
We currently use h2n in a simple configuration. There are redundant DNS
servers that I have not shown here:
-M -y -I ignore -q
-d bart.gov spcl=spcl.bart mode=D
-n 148.165/16 -n
-h Athena
-T RR=IN A 98.129.93.250
-T RR=
We use h2n to generate our db files, but NOT to generate named.conf. We
recently add the network 10.160.0.0:255.240.0.0 to h2n, which then generated
db.10.160, db.10.161, etc.
All of these 16-bit networks will reside in the same zone. Is there a way to
either get h2n to generate one db for the
What youre seeing is ports your server has opened for queries. Then it
holds the port open while waiting for a reply and for some time after that.
For example, FROM ls1.tel.net.ba:29825 TO 203.64.139.9:domain. By design, if
someone does a lot of queries to crackerjack.net, your server is going
What we used to do is we had 2 masters. After an update was done on one of
them, we ran a perl script that would scp the db files to the other and then
send rndc reload to itself and the other master. That way both were always
up to date. It seems like if you had one master and one slave at each
34 matches
Mail list logo