This is boarderline not thinking on my part.
OF COURSE those FQDNs resolve fast; they are in local ZOne files. No
lookup needed.
Sheesh.
"Slow down, you move to fast. Got to make the Mornin' last!" :)
On 8/3/22 14:43, Robert Moskowitz wrote:
Perhaps this is only caching
exactly what IS cached.
On 8/3/22 10:52, Robert Moskowitz via bind-users wrote:
thanks Greg. Yes I need to figure out how to troubleshoot this. But
here is some stuff:
# cat resolv.conf
# Generated by NetworkManager
search attlocal.net htt-consult.com
nameserver 23.123.122.146
nameserver 2600
shed Engineer
--
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.
On 03-Aug-22 12:36, Robert Moskowitz wrote:
On 8/3/22 11:35, Timothe Litt wrote:
On 03-Aug-22 10:53, bind-users-requ...@lists.isc.org wrote:
# cat resolv.conf
My server is 23.123.122.146. T
On 8/3/22 13:10, Anand Buddhdev wrote:
On 03/08/2022 18:36, Robert Moskowitz wrote:
Hi Robert,
[snip]
ARGH!
I want the IPv6 addr from my firewall/gateway. But I don't want that
IPv6 nameserver!
Calm down. Just add "PEERDNS=no" in your ifcfg-eth0 file. This way,
the resolv
On 8/3/22 11:35, Timothe Litt wrote:
On 03-Aug-22 10:53, bind-users-requ...@lists.isc.org wrote:
# cat resolv.conf
My server is 23.123.122.146. That IPv6 addr is my ATT router.
You don't want to do that. The ATT router will not know how to
resolve internal names. There is no guarantee
, or whatever) the OS will
consult resolv.conf to determine where to send DNS queries. If that's
not your local instance of BIND then you could be looking for trouble
in the wrong place.
If you *do* have an address of the local machine as the first
'nameserver' entry in resolv.conf you will ne
dresses to send traffic either
unrestricted, or using a more relaxed version of the above.
HTH,
Michael
On Tue, 2022-08-02 at 16:02 -0400, Robert Moskowitz wrote:
Recently I have been having problems with my server not responding
to my
requests. I thought it was all sorts of issues, but I finally
Part of my problem is that caching does not seem to be working in my
internal view.
Something is happening such that my internal systems AND the server
itself cannot resolve names and looses it even 5 min later, indicating
not caching.
I read https://kb.isc.org/docs/aa-00851
In my include
On 8/2/22 17:30, Nathan Ollerenshaw via bind-users wrote:
On 8/2/22 1:02 PM, Robert Moskowitz wrote:
Recently I have been having problems with my server not responding to
my requests. I thought it was all sorts of issues, but I finally
looked at the logs and:
You're being used
Recently I have been having problems with my server not responding to my
requests. I thought it was all sorts of issues, but I finally looked at
the logs and:
Aug 2 15:47:19 onlo named[6155]: client @0xaa3cad80 114.29.194.4#11205
(.): view external: query (cache) './A/IN' denied
Aug 2
On 05/11/2017 10:46 AM, Timothe Litt wrote:
On 10-May-17 17:50, John W. Blue wrote:
>From the it-could-be-worse department:
https://arstechnica.com/tech-policy/2016/08/kansas-couple-sues-ip-mapping-firm-for-turning-their-life-into-a-digital-hell/
I am more a fan of continental geolocation
On 05/10/2017 05:41 PM, Mark Andrews wrote:
In message , Robert Mosko
witz writes:
I am kind of tired in my systems being reported as being in Plymouth MI
instead of Oak Park MI. That is the best Comcast seems to be willing to
do for
I am kind of tired in my systems being reported as being in Plymouth MI
instead of Oak Park MI. That is the best Comcast seems to be willing to
do for where my IP addresses (which are static) reside.
Is there anyway to provide location information for a server via DNS
that would feed into
File permission problems.
On 02/09/2017 10:38 AM, Ray Bellis wrote:
On 09/02/2017 15:32, Robert Moskowitz wrote:
Now doing it 'right' and seeing:
09-Feb-2017 09:59:52.191 could not open file '/run/named/named.pid':
Permission denied
09-Feb-2017 09:59:52.192 generating session key for dynamic
Strange..
On 02/09/2017 09:31 AM, Ray Bellis wrote:
On 09/02/2017 14:28, Robert Moskowitz wrote:
I am migrating to Centos7 from Centos6. Going from Bind 9.8.2 to 9.9.4,
I am building this on a new server. I currently do not have DNSSEC
enabled, and not enabling it for the initial migration
On 02/09/2017 09:55 AM, Alan Clegg wrote:
On 2/9/17 8:53 AM, Robert Moskowitz wrote:
On 02/09/2017 09:31 AM, Ray Bellis wrote:
On 09/02/2017 14:28, Robert Moskowitz wrote:
I am migrating to Centos7 from Centos6. Going from Bind 9.8.2 to 9.9.4,
I am building this on a new server. I
On 02/09/2017 09:31 AM, Ray Bellis wrote:
On 09/02/2017 14:28, Robert Moskowitz wrote:
I am migrating to Centos7 from Centos6. Going from Bind 9.8.2 to 9.9.4,
I am building this on a new server. I currently do not have DNSSEC
enabled, and not enabling it for the initial migration work.
I
On 02/09/2017 09:31 AM, Ray Bellis wrote:
On 09/02/2017 14:28, Robert Moskowitz wrote:
I am migrating to Centos7 from Centos6. Going from Bind 9.8.2 to 9.9.4,
I am building this on a new server. I currently do not have DNSSEC
enabled, and not enabling it for the initial migration work.
I
I am migrating to Centos7 from Centos6. Going from Bind 9.8.2 to 9.9.4,
I am building this on a new server. I currently do not have DNSSEC
enabled, and not enabling it for the initial migration work.
I have looked over changes in named.conf and believe I have made the
necessary changes. My
At least the 'right' way with turning down the SOA TTL for the zone.
This is one of the set it and forget it items (at least for me), and
once I started reading finding enough articles on secondaries it was an
oh yeah moment.
On 09/07/2015 04:09 PM, Robert Moskowitz wrote:
On the Samba list
inful, especially for longer TTL values."
Is there some way to get the secondary to check frequently, like once an
hour?
On 09/07/2015 03:12 PM, Robert Moskowitz wrote:
It seems I have this working, but...
I have a regular Centos7 Bind 9.9 server that I want to secondary a
Samba AD (Also Centos7
It seems I have this working, but...
I have a regular Centos7 Bind 9.9 server that I want to secondary a
Samba AD (Also Centos7) DLZ zone.
On the DNS server (192.168.192.5) I have:
zone "home.htt" {
type slave;
file "slaves/bak.home.htt";
On 09/03/2015 01:45 PM, Leandro wrote:
Dear All:
While installing bind still have not clear some issues:
Im using Centos 6.6 since Im not very comfortable with Centos7 yet.
My final goal is to get an updated and stable version and also use
json format for the statistics channel.
1) Some
On 09/03/2015 05:02 PM, Reindl Harald wrote:
Am 03.09.2015 um 22:59 schrieb Robert Moskowitz:
On 09/03/2015 04:35 PM, Leandro wrote:
Ok ...
I got BIND 9.10.2-P3 working.
I compiled with
./configure --with-openssl --enable-threads --with-libxml2
--with-libjson
make
make install
Json
;bind-users-boun...@lists.isc.org on behalf of
Robert
Moskowitz" <bind-users-boun...@lists.isc.org on behalf of
r...@htt-consult.com> wrote:
Ok
On 09/03/2015 01:45 PM, Leandro wrote:
Dear All:
While installing bind still have not clear some issues:
Im using Centos 6.6 since Im not
On 09/03/2015 04:09 AM, Matus UHLAR - fantomas wrote:
On 01.09.15 13:36, Robert Moskowitz wrote:
On the Fedora-arm list I was told about systemd-timesyncd.
Much better for these systems than chronyd which is suppose to be the
replacement for ntpdate...
chrony is replacement for ntpd
-timesync, but Fedora/redhat went the chrony route,
and I got more help figuring it out.
On to the next fun challenge.
On 09/01/2015 12:16 PM, Sam Wilson wrote:
In article <mailman.2626.1441122408.26362.bind-us...@lists.isc.org>,
Robert Moskowitz <r...@htt-consult.com> wrote:
I wil
On 09/01/2015 12:16 PM, Sam Wilson wrote:
In article <mailman.2626.1441122408.26362.bind-us...@lists.isc.org>,
Robert Moskowitz <r...@htt-consult.com> wrote:
I will be looking more into this. Obvious when you get ones nose
dragged into time wrong on boot. This is actual
. So there is something about
that resolution that does not like the early date.
So I am caught in a time bind here!
Is there anyway to get bind not to be particular about system time at first?
John
On Tue, Sep 1, 2015 at 9:09 AM, Robert Moskowitz <r...@htt-consult.com> wrote:
I ha
I have one nameserver running bind 9.8.2 and a new one running 9.9.4.
Both can resolve www.ietf.org
Only the 9.8.2 can resolve 0.centos.pool.ntp.org
I literally rsynced all the of the conf and zone files from the old to
the new, then changed all of the server name references. I have done
On 09/01/2015 09:36 AM, Reindl Harald wrote:
Am 01.09.2015 um 15:31 schrieb Robert Moskowitz:
On 09/01/2015 09:20 AM, John Miller wrote:
If you check pcap, logs, etc., is the server's following delegation
for 0.centos.pool.ntp.org? Where do outbound packets stop?
I don't believe
On 09/01/2015 10:38 AM, Reindl Harald wrote:
Am 01.09.2015 um 16:28 schrieb John Miller:
On Tue, Sep 1, 2015 at 9:31 AM, Robert Moskowitz
<r...@htt-consult.com> wrote:
On 09/01/2015 09:20 AM, John Miller wrote:
If you check pcap, logs, etc., is the server's following delegation
On 09/01/2015 10:28 AM, John Miller wrote:
On Tue, Sep 1, 2015 at 9:31 AM, Robert Moskowitz <r...@htt-consult.com> wrote:
On 09/01/2015 09:20 AM, John Miller wrote:
If you check pcap, logs, etc., is the server's following delegation
for 0.centos.pool.ntp.org? Where do outbound packet
I am trying to find out which comcast server is authoritative for
4.254.253.50.in-addr.arpa
and when the zone file for the ptr rr was last updated.
I was told a week ago that the ptr would be updated, but I am still not
seeing any change...
I am not really good at keeping good notes on
. Or at least I don't see it on the results page.
but thanks for the tip.
Frank
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Robert Moskowitz
Sent: Tuesday, February 03, 2015 4:01 PM
To: bind-users@lists.isc.org
On 02/03/2015 05:09 PM, Jeremy C. Reed wrote:
On Tue, 3 Feb 2015, Robert Moskowitz wrote:
I am trying to find out which comcast server is authoritative for
4.254.253.50.in-addr.arpa
and when the zone file for the ptr rr was last updated.
I was told a week ago that the ptr would be updated
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Robert Moskowitz
Sent: Tuesday, February 03, 2015 4:43 PM
To: Jeremy C. Reed
Cc: bind-users@lists.isc.org
Subject: Re: Finding authoritative server and last update
On 02/03/2015 05:09 PM, Jeremy C. Reed wrote:
On Tue, 3 Feb 2015, Robert Moskowitz wrote
I just found out that I had old garbage in my rgistrar setup for my
domain. To wit, an NS server that has not been an NS server for years.
And now that I use that host name for another usage on another address,
it was giving lots of problems. My bad, I should have caught this when
I moved
On 12/05/2014 12:30 PM, Casey Deccio wrote:
On Fri, Dec 5, 2014 at 11:47 AM, Robert Moskowitz r...@htt-consult.com
mailto:r...@htt-consult.com wrote:
I have 3 secondaries run by other domains. This was to give me
some geo-diversity. How do I create glue records for them? My
I have a server that is only running bind 9.8.2 (Centos 6.5). It has
2Gb memory and free reports ~1.7Gb used.
I am looking at replacing this server with an armv7 board running
Redsleeve (until Centos 7 is out and stable for armv7). I have a choice
of boards, one with 1Gb memory ($60) and
I solve the EDNS problem, probably on my Juniper SSG5. This will
initially have to wait until Juniper gets back to me, or I corner some
of their developers at IETF in a couple weeks. Alternatively I replace
the SSG5...
And I change my registry to one that supports DNSSEC.
Commenting all
On 03/03/2013 08:10 AM, Robert Moskowitz wrote:
I solve the EDNS problem, probably on my Juniper SSG5. This will
initially have to wait until Juniper gets back to me, or I corner some
of their developers at IETF in a couple weeks. Alternatively I
replace the SSG5...
And I change my
On 03/01/2013 06:42 PM, Mark Andrews wrote:
In message 5130fba0.3020...@htt-consult.com, Robert Moskowitz writes:
On 03/01/2013 01:50 PM, Jan-Piet Mens wrote:
I get this for all my secondaries for my reverse domain:
client 63.68.132.50 view external: bad zone transfer request:
'192
On 03/02/2013 09:14 PM, Robert Moskowitz wrote:
On 03/01/2013 06:42 PM, Mark Andrews wrote:
In message 5130fba0.3020...@htt-consult.com, Robert Moskowitz writes:
On 03/01/2013 01:50 PM, Jan-Piet Mens wrote:
I get this for all my secondaries for my reverse domain:
client 63.68.132.50 view
I got tipped off about this from logwatch report. On my public DNS
server had the following:
Feb 26 04:02:04 onlo named[19336]: validating @0xb2929ee0:
in-addr.arpa SOA: got insecure response; parent indicates it should be
secure
Feb 27 04:02:04 onlo named[32262]: validating @0xb37e25e0:
On 03/01/2013 08:57 AM, Tony Finch wrote:
Robert Moskowitz r...@htt-consult.com wrote:
I got tipped off about this from logwatch report. On my public DNS server had
the following:
Feb 26 04:02:04 onlo named[19336]: validating @0xb2929ee0: in-addr.arpa SOA:
got insecure response; parent
On 03/01/2013 09:22 AM, Michael W. Lucas wrote:
On Fri, Mar 01, 2013 at 09:19:42AM -0500, Robert Moskowitz wrote:
On 03/01/2013 08:57 AM, Tony Finch wrote:
Robert Moskowitz r...@htt-consult.com wrote:
I got tipped off about this from logwatch report. On my public DNS server had
On 03/01/2013 09:22 AM, Michael W. Lucas wrote:
On Fri, Mar 01, 2013 at 09:19:42AM -0500, Robert Moskowitz wrote:
On 03/01/2013 08:57 AM, Tony Finch wrote:
Robert Moskowitz r...@htt-consult.com wrote:
I got tipped off about this from logwatch report. On my public DNS server had
On 03/01/2013 09:19 AM, Robert Moskowitz wrote:
On 03/01/2013 08:57 AM, Tony Finch wrote:
Robert Moskowitz r...@htt-consult.com wrote:
I got tipped off about this from logwatch report. On my public DNS
server had
the following:
Feb 26 04:02:04 onlo named[19336]: validating @0xb2929ee0
I get this for all my secondaries for my reverse domain:
client 63.68.132.50 view external: bad zone transfer request:
'192-26.67.83.208.in-addr.arpa/IN': non-authoritative zone (NOTAUTH): 23
Time(s)
I don't get this for my forward domain and the SOA for both are
similarly structured. For
On 03/01/2013 01:03 PM, Robert Moskowitz wrote:
I get this for all my secondaries for my reverse domain:
client 63.68.132.50 view external: bad zone transfer request:
'192-26.67.83.208.in-addr.arpa/IN': non-authoritative zone (NOTAUTH):
23 Time(s)
I don't get this for my forward domain
Still not working even with htt. signed. See below. I guess what I
need for right now is to turn off DNSSEC checking of a branch in the
tree; in this case the tld htt.
On 02/27/2013 08:34 PM, Mark Andrews wrote:
In message 512e31ca.5030...@htt-consult.com, Robert Moskowitz writes
On 02/28/2013 12:37 PM, Doug Barton wrote:
On 02/28/2013 09:34 AM, Robert Moskowitz wrote:
Only for my internal tld does the lookup fail.
Are you distributing the trust anchor for htt to all of the servers
that are doing validation?
No. Of course I did not think of that! I just ASSuMEd
On 02/28/2013 12:57 PM, Vernon Schryver wrote:
From: Robert Moskowitz r...@htt-consult.com
Well one really shouldn't be creating one's own tlds.
As the instigator and a co-author of rfc 1918, I beg to differ.
Many people considered the notion in RFC 1918 harmful. See RFC 1627.
Um, I lived
On 02/28/2013 01:14 PM, Tony Finch wrote:
Robert Moskowitz r...@htt-consult.com wrote:
Feb 28 12:14:16 klovia named[22332]: validating @0xb421ba30: htt SOA: got
insecure response; parent indicates it should be secure
I think this suggests that one of the servers for htt doesn't have
On 02/28/2013 01:31 PM, Vernon Schryver wrote:
From: Tony Finch d...@dotat.at
Another reason not to use made-up domain names: CAs are going to stop
issuing X.509 certificates for them. (It baffles me why they ever did so.)
http://ssl.entrust.net/blog/?p=1831
That's another reason to publish
I MAY be doing something wrong, or my problem is elsewhere...
In zone htt. I have the DNSKEY RR:
htt.INDNSKEY257 3 7
AwEAAfEIWjDoEesqC4NLAwNFgviq+IGbUFmnFn0/2L8UvLWMjYiGFETi
NyA4CVaaG4GMekSJM8dI0FepyIKurxAhYzyV+phS5C6MoVmnYdF27dkP
On 02/28/2013 02:42 PM, Robert Moskowitz wrote:
I MAY be doing something wrong, or my problem is elsewhere...
In zone htt. I have the DNSKEY RR:
htt. IN DNSKEY 257 3 7
AwEAAfEIWjDoEesqC4NLAwNFgviq+IGbUFmnFn0/2L8UvLWMjYiGFETi
NyA4CVaaG4GMekSJM8dI0FepyIKurxAhYzyV+phS5C6MoVmnYdF27dkP
qS0pFDZ
On 02/28/2013 06:21 PM, Mark Andrews wrote:
In message 512fb319.7030...@htt-consult.com, Robert Moskowitz writes:
I MAY be doing something wrong, or my problem is elsewhere...
In zone htt. I have the DNSKEY RR:
htt.INDNSKEY257 3 7
AwEAAfEIWjDoEesqC4NLAwNFgviq+IGbUFmnFn0
For various testing reasons, I have been running a tld here of htt. It
has worked of old and continues to work on my new 9.8.2 Centos servers.
Problem came up from a namecaching server that 'forwards only' to my
internal server. It cannot resolve any hosts in this tld and on the
server
On 02/27/2013 08:34 PM, Mark Andrews wrote:
In message 512e31ca.5030...@htt-consult.com, Robert Moskowitz writes:
For various testing reasons, I have been running a tld here of htt. It
has worked of old and continues to work on my new 9.8.2 Centos servers.
Problem came up from a namecaching
Continuing to 'clean up' my new server by reviewing logged messages.
Researching a common one:
Feb 26 07:30:29 onlo named[19336]: error (unexpected RCODE SERVFAIL)
resolving 'foo.com/MX/IN': 1.2.3.4#53
I get the drift that my server has been directed to a 'lame server' and
logs that fact.
On 02/26/2013 08:38 AM, Robert Moskowitz wrote:
Continuing to 'clean up' my new server by reviewing logged messages.
Researching a common one:
Feb 26 07:30:29 onlo named[19336]: error (unexpected RCODE SERVFAIL)
resolving 'foo.com/MX/IN': 1.2.3.4#53
I get the drift that my server has been
On 02/26/2013 09:13 AM, Phil Mayers wrote:
On 26/02/13 13:54, Robert Moskowitz wrote:
I would be interested in which client is requesting these lookups that
end up going to lame servers. I am assuming the IP address in the log
is the address of the lame server, not the requesting client
On 02/26/2013 09:25 AM, Robert Moskowitz wrote:
On 02/26/2013 09:13 AM, Phil Mayers wrote:
On 26/02/13 13:54, Robert Moskowitz wrote:
I would be interested in which client is requesting these lookups that
end up going to lame servers. I am assuming the IP address in the log
is the address
On 02/26/2013 09:37 AM, Phil Mayers wrote:
On 26/02/13 14:31, Robert Moskowitz wrote:
On 02/26/2013 09:25 AM, Robert Moskowitz wrote:
On 02/26/2013 09:13 AM, Phil Mayers wrote:
On 26/02/13 13:54, Robert Moskowitz wrote:
I would be interested in which client is requesting these lookups
So now I am working on adding a name caching service to my mailserver.
And I am reading up on namecaching. For RHEL/Centos, there is not much
to doing this as the default install of bind SEEMS to be a name caching
server. But I want it to NOT go out on the net for queries, but to
direct all
On 02/26/2013 11:14 AM, Phil Mayers wrote:
On 26/02/13 16:07, Robert Moskowitz wrote:
And I am having challenges with the forward option. It reads that
'forward only' will always ask the forwarder about the query and seems
to defeat caching? And 'forward first' only looks in cache after
On 02/26/2013 11:43 AM, Sten Carlsen wrote:
On 26/02/13 15:50, Robert Moskowitz wrote:
I would expect that a namecaching server on the mailserver would
reduce traffic and resources all the way around.
I don't need my mailserver to constantly be asking my name server
about, say
On 02/26/2013 12:58 PM, Sten Carlsen wrote:
On 26/02/13 18:06, Robert Moskowitz wrote:
On 02/26/2013 11:43 AM, Sten Carlsen wrote:
On 26/02/13 15:50, Robert Moskowitz wrote:
I would expect that a namecaching server on the mailserver would
reduce traffic and resources all the way around
On 02/26/2013 01:19 PM, Doug Barton wrote:
You want to set up your resolver on your mail server to forward to
your main resolver, using the forward only option. This will allow
your mail server resolver to benefit from the cache already populated
on your main resolver, while still maintaining
hey, Kevin, hope you are hanging well back at the old stomping ground!
On 02/26/2013 01:42 PM, Kevin Darcy wrote:
On 2/26/2013 11:39 AM, Robert Moskowitz wrote:
On 02/26/2013 11:14 AM, Phil Mayers wrote:
On 26/02/13 16:07, Robert Moskowitz wrote:
And I am having challenges with the forward
On 02/26/2013 01:57 PM, Doug Barton wrote:
On 02/26/2013 10:38 AM, Robert Moskowitz wrote:
I would like a scalpel for lame logging, but probably would not discover
any actionable data.
There is a logging category for lame-servers. It's in the ARM.
So far 2 reads and I am not getting out
Yes, I know lots of places don't have DNSSEC signed zones. **I** have
not done mine yet, but I turned on DNSSEC checking on my server and I am
getting all too many messages like:
validating @0xb4247b50: 117.in-addr.arpa NSEC: no valid signature
found: 1 Time(s)
validating
On 02/25/2013 02:00 PM, Casey Deccio wrote:
On Mon, Feb 25, 2013 at 5:09 AM, Robert Moskowitz r...@htt-consult.com
mailto:r...@htt-consult.com wrote:
Yes, I know lots of places don't have DNSSEC signed zones. **I**
have not done mine yet, but I turned on DNSSEC checking on my
On 02/25/2013 02:33 PM, Robert Moskowitz wrote:
On 02/25/2013 02:00 PM, Casey Deccio wrote:
On Mon, Feb 25, 2013 at 5:09 AM, Robert Moskowitz
r...@htt-consult.com mailto:r...@htt-consult.com wrote:
Yes, I know lots of places don't have DNSSEC signed zones. **I**
have not done mine
On 02/25/2013 03:25 PM, Robert Moskowitz wrote:
On 02/25/2013 02:33 PM, Robert Moskowitz wrote:
On 02/25/2013 02:00 PM, Casey Deccio wrote:
On Mon, Feb 25, 2013 at 5:09 AM, Robert Moskowitz
r...@htt-consult.com mailto:r...@htt-consult.com wrote:
Yes, I know lots of places don't have
On 02/25/2013 08:15 PM, Mark Andrews wrote:
In message 512c09f5.4040...@htt-consult.com, Robert Moskowitz writes:
On 02/25/2013 03:25 PM, Robert Moskowitz wrote:
On 02/25/2013 02:33 PM, Robert Moskowitz wrote:
On 02/25/2013 02:00 PM, Casey Deccio wrote:
On Mon, Feb 25, 2013 at 5:09 AM
On 02/25/2013 08:38 PM, Mark Andrews wrote:
In message 512c1009.4060...@htt-consult.com, Robert Moskowitz writes:
dnssec-enable yes;
dnssec-validation yes;
digging back in the archive here, I find out this should be
dnssec-validation auto;
Actually it can be either. It's
On 02/25/2013 09:36 PM, Mark Andrews wrote:
In message 512c18eb.2050...@htt-consult.com, Robert Moskowitz writes:
On 02/25/2013 08:38 PM, Mark Andrews wrote:
In message 512c1009.4060...@htt-consult.com, Robert Moskowitz writes:
dnssec-enable yes;
dnssec-validation yes;
digging
On 02/22/2013 10:51 AM, Mike Hoskins (michoski) wrote:
I know this last bit from experience, having worked at CELECs back in
the day and running an ISP that was severely underfunded because the
Internet was new and couldn't be trusted like a telephone. Lots of
committed people working long
.
On 21/02/13 2:59, Robert Moskowitz wrote:
On 02/20/2013 08:28 PM, Robert Moskowitz wrote:
It looks like no system, internal or external could access the DNS
on my new server. IPTABLES was set for 53 both UDP and TCP.
Firewall was OK. In fact a local system on the same subnet, thus
NOT going
localhost.
On 21/02/13 2:59, Robert Moskowitz wrote:
On 02/20/2013 08:28 PM, Robert Moskowitz wrote:
It looks like no system, internal or external could access the DNS
on my new server. IPTABLES was set for 53 both UDP and TCP.
Firewall was OK. In fact a local system on the same subnet, thus
I am reading: https://www.isc.org/software/bind/faq and 'What has
changed in the behavior of allow-recursion and allow-query-cache '.
I am struggling here trying to match up the various access control
features, particularly when we are suppose to have different views for
different clients.
On 02/21/2013 10:40 AM, Matus UHLAR - fantomas wrote:
On 21.02.13 08:59, Robert Moskowitz wrote:
I am reading: https://www.isc.org/software/bind/faq and 'What has
changed in the behavior of allow-recursion and allow-query-cache '.
I am struggling here trying to match up the various access
On 02/21/2013 12:10 PM, Matus UHLAR - fantomas wrote:
On 21.02.13 08:59, Robert Moskowitz wrote:
I am reading: https://www.isc.org/software/bind/faq and 'What has
changed in the behavior of allow-recursion and
allow-query-cache '.
I am struggling here trying to match up the various access
On 02/21/2013 11:50 AM, Vernon Schryver wrote:
correct, no external hosts should query your cache.
OK.
There is no substitute for testing assumptions, mailing list assurances,
understandings of documentation, etc. Test from outside your network
to see that your DNS servers don't answer
On 02/21/2013 12:58 PM, Mike Hoskins (michoski) wrote:
-Original Message-
From: Robert Moskowitz r...@htt-consult.com
Date: Thursday, February 21, 2013 12:53 PM
To: Vernon Schryver v...@rhyolite.com
Cc: bind-users@lists.isc.org bind-users@lists.isc.org
Subject: Re: allow-query
On 02/21/2013 01:54 PM, Matus UHLAR - fantomas wrote:
On 21.02.13 12:45, Robert Moskowitz wrote:
Fact:
No clients could access DNS from my server, both internal and
external (I have hotspot on my cellphone, so I can attach a client to
it to get external testing) UNTIL I added the allow
On 02/21/2013 02:04 PM, Vernon Schryver wrote:
From: Robert Moskowitz r...@htt-consult.com
Whow... This is news. A hidden view? Where is this documented.
The ARM says in part:
Built-in server information zones
The server provides some helpful diagnostic information through
On 02/21/2013 02:16 PM, Vernon Schryver wrote:
The ARM says in part:
Built-in server information zones
The server provides some helpful diagnostic information through a
number of built-in zones under the pseudo-top-level-domain bind
in the CHAOS class. These zones are part of
On 02/21/2013 06:49 PM, Mark Andrews wrote:
In message
CANYsE-zYQh7Jv4QoVM45q-w1Vz1=YBk7j=K=ooq01ugyvw_...@mail.gmail.com, Nikita
Koshiko
v writes:
Hello list,
I'm trying to cut /24 network from the scope of /8 network, here is
example:
zone 11.2.10.in-addr.arpa {
Phase I is hopefully complete. A new onlo.htt-consult.com is up in
place of the old one.
This is a faster box with current software. I will 'leave it alone' for
a week, unless someone tells me something is wrong with it.
Next I unlock my domain from NetSol and choose my new registrar and
updates.
So I hope someone can point me to what I have missed.
On 02/20/2013 02:07 PM, Robert Moskowitz wrote:
Phase I is hopefully complete. A new onlo.htt-consult.com is up in
place of the old one.
This is a faster box with current software. I will 'leave it alone'
for a week, unless
On 02/20/2013 08:28 PM, Robert Moskowitz wrote:
It looks like no system, internal or external could access the DNS on
my new server. IPTABLES was set for 53 both UDP and TCP. Firewall was
OK. In fact a local system on the same subnet, thus NOT going through
my firewall was denied access
Delving further into my challenges.
Right now I use Network Solutions as my registrar. Just never changes
as they were the only show in town back then.
But they don't seem to support DNSSEC protected domains, and even IPv6
glue records are special requests, it seems.
My registration is up
I hope to roll out my DNS upgrade today, but without enabling DNSSEC;
that will take a bit longer.
One of my secondaries, though, does not support DNSSEC and it is the one
that gives me a bit of geographical diversity. So I am looking for
someplace that will accept my smallish domains.
On 02/17/2013 09:57 AM, David Forrest wrote:
On Sun, 17 Feb 2013, Vernon Schryver wrote:
In any case, some naming and shaming seems appropriate. Basic
Naming and shaming seems excessive for a free service.
Just like I am FINALLY moving to DNSSEC, the fellow running the system I
have
On 02/17/2013 09:44 AM, Vernon Schryver wrote:
From: Robert Moskowitz r...@htt-consult.com
One of my secondaries, though, does not support DNSSEC
How does a secondary authoritative DNS server fail to support DNSSEC?
It's not as if it would be doing any signature checking or automagic
(re
On 02/17/2013 11:48 AM, Vernon Schryver wrote:
From: David Forrest d...@maplepark.com
In any case, some naming and shaming seems appropriate. Basic
Naming and shaming seems excessive for a free service.
Services that do not charge users money are often not really free.
This is my concern
1 - 100 of 133 matches
Mail list logo