On Fri, May 17, 2024 at 03:25:01PM +0200,
Matus UHLAR - fantomas wrote
a message of 43 lines which said:
> I have noticed that BIND sends strange (for me) queries.
>
> 5 0.198221 192.168.0.1 → 193.108.88.128 DNS 105 Standard query 0x15a4 A
> _.net.akadns.net OPT
QNAME minimisation
On Wed, Dec 13, 2023 at 05:29:02PM +0100,
Michel Diemer via bind-users wrote
a message of 1723 lines which said:
> another virtual machine that uses the first one as ics dhcp and dns
> server.
An important thing about DNS: there are two types of DNS servers, very
different. Resolvers and
On Tue, Mar 14, 2023 at 11:35:38AM -0400,
Alexandra Yang wrote
a message of 183 lines which said:
> I wonder if any of your nameserver resolve it just fine, like 8.8.8.8
> works
Among RIPE Atlas probes, most succeed:
% blaeu-resolve --displayvalidation -r 100 --type A gpo.gov
[ (Authentic
On Tue, Mar 14, 2023 at 11:08:28AM -0400,
Alexandra Yang wrote
a message of 154 lines which said:
> I wonder if anyone can shed some light on this, our nameserver(BIND
> 9.16.37 )keeps giving error on resolving gpo.gov and ns3.gpo.gov,
> here are the
> errors:
"DS record for zone gpo.gov
On Mon, Jun 27, 2022 at 02:16:26PM -0400,
daniel jay foran wrote
a message of 370 lines which said:
> I cant be the only one that has racked his brains and written
> hundreds of lines of code trying to get ISC BIND 9 to authenticate
> Dmarc records correctly.
I'm not sure I understand you
On Wed, Apr 13, 2022 at 03:39:33PM +0200,
Bjørn Mork wrote
a message of 14 lines which said:
> Which problems do LOC solve?
>
> I remember adding LOC records for fun?() in the previous millennium when
> RFC 1876 was fresh out of the press. But even back then paranoia
> finally took over,
On Sat, Jan 08, 2022 at 06:10:26PM +,
Jason Vas Dias wrote
a message of 72 lines which said:
> What are "RIPE Atlas Probes" ?
Small boxes that volunteers from all over the world install in various
networks to run active measurements (DNS, ping, traceroute, etc). Very
handy to see the
On Sat, Jan 08, 2022 at 04:55:24PM +0100,
Stephane Bortzmeyer wrote
a message of 52 lines which said:
> This domain name seems OK for me but I notice that a fair number of
> RIPE Atlas probes in Ireland return a fake NXDOMAIN for this name:
On Twitter, an Irish DNS exper
On Sat, Jan 08, 2022 at 03:34:37PM +,
Jason Vas Dias wrote
a message of 146 lines which said:
>"Book An Appointment": https://covid19booster.healthservice.ie/
>
>to make an appointment, Firefox and Chrome both return
>"Server Not Found" errors .
This domain name seems OK
On Thu, Sep 09, 2021 at 12:33:22PM +0200,
Matus UHLAR - fantomas wrote
a message of 59 lines which said:
> Note that some domains can be horribly broken and different
> nameservers can send different NS, or no NS at all but SOA.
Doing this sort of survey on the wild (and wide) Internet leads
On Thu, Sep 09, 2021 at 03:20:14AM -0700,
Ronald F. Guilmette wrote
a message of 48 lines which said:
> I don't want and don't need SOA records. I want and need only the
> relevant NS records.
The algorithm proposed by Matt Pounsett uses the SOA but only to find
the NS (through the name of
On Tue, Sep 07, 2021 at 10:48:57AM -0400,
Matthew Pounsett wrote
a message of 32 lines which said:
> Yeah, you can pretty reliably get the answer in one or two steps by
> requesting the NS set for the FQDN. You'll either get your answer, or
> get an SOA with the name of the enclosing zone.
On Tue, Sep 07, 2021 at 12:40:14PM -0700,
Ronald F. Guilmette wrote
a message of 36 lines which said:
> >I'm not aware of a tool (free software or not) which does it. Some
> >programming will be required.
>
> I was afraid of that, but thank you for confirming.
Don't despair, see the other
On Tue, Sep 07, 2021 at 09:44:43AM +0200,
Stephane Bortzmeyer wrote
a message of 34 lines which said:
> I'm not aware of a tool (free software or not) which does it. Some
> programming will be required.
Attached is an example program. Free software licence, whatever you
prefer. Re
On Tue, Sep 07, 2021 at 12:33:59AM -0700,
Ronald F. Guilmette wrote
a message of 33 lines which said:
> My question is rather a simple one. Given some FQDN `D' and given
> some DNS record type 'T' (e.g. either A or or perhaps even PTR)
> does there exist some open source command line
On Thu, Oct 15, 2020 at 02:03:52PM -0400,
Kevin A. McGrail wrote
a message of 8 lines which said:
> Firewalls are cheap and the level of effort to run a bastion host are
> significant.
Firewalls are useful when you want to protect unamanaged printers and
Windows boxes (or Web servers with a
On Thu, Oct 15, 2020 at 11:16:05AM -0700,
Fred Morris wrote
a message of 50 lines which said:
> 2) If you want to run your own DNS nameservers, you will need to buy a
>book, read the (BIND) Administrator's Reference Manual, and/or some
>RFCs
Very bad advice. RFCs are not for the
On Thu, Oct 15, 2020 at 04:57:16PM +,
Jason Long via bind-users wrote
a message of 173 lines which said:
> I have two static IP addresses. One is for DNS server and one is for
> my website.
Note that you can put the two servers on the same machine, using the
same IP address, since the
On Thu, Oct 15, 2020 at 04:36:58PM +,
Jason Long via bind-users wrote
a message of 1594 lines which said:
> in the panel of it, I can enter my DNS server IP addresses.
I assume you refer to the panel of your domain name registrar. If so,
it would be useful to know which is the label near
On Thu, Oct 15, 2020 at 06:45:01PM +0200,
Michael De Roover wrote
a message of 65 lines which said:
> Your router can port forward traffic to port 53/udp to your local IP
> that your DNS server is on.
He said that the DNS server has a public IP address so port forwarding
is probably not
On Tue, Jul 07, 2020 at 03:00:13PM +0200,
Michael De Roover wrote
a message of 46 lines which said:
> The command used to test this was apparently "dig +short
> test.openresolver.com TXT @your.name.server".
ANY instead of TXT may be more efficient (specially with +dnssec), if
the goal is to
On Sun, Apr 12, 2020 at 01:41:52AM +,
sir izake wrote
a message of 153 lines which said:
> At specific times of day bind fails to respond to queries even
> though service is shown to run (configured to respond to my network
> IPs, this works fine till this time when service fails to
On Mon, Feb 10, 2020 at 02:32:55PM -0500,
Warren Kumari wrote
a message of 70 lines which said:
> Also, can you try:
> dig +tcp . axfr @192.0.32.132
> dig +tcp . axfr @192.0.47.132
> dig +tcp . axfr @b.root-servers.net
>
> (no, I'm not really sure why trying with the first 2 IPs instead of
>
On Mon, Jun 10, 2019 at 05:43:02PM +,
Jukka Pakkanen wrote
a message of 58 lines which said:
> Then, unfortunately our nameservers won't resolve ns.kpk.fi either.
Same authoritative name server, same problem. See my email.
% dig @ns.datatower.fi. NS kpk.fi.
;; Warning: Client COOKIE
On Mon, Jun 10, 2019 at 02:28:46PM +,
Jukka Pakkanen wrote
a message of 382 lines which said:
> An example, the client domain is raimoasikainenoy.fi.
dig clearly says it's a cookie issue:
% dig @193.184.54.212 NS raimoasikainenoy.fi
;; Warning: Client COOKIE mismatch
An DNSviz
On Tue, Jun 26, 2018 at 03:36:25PM +0200,
Matus UHLAR - fantomas wrote
a message of 19 lines which said:
> Some web DNS checkers do great job.
And some are really bad and/or broken. Let's mention the right ones:
https://dnsviz.net/
https://zonemaster.net/
On Sat, May 26, 2018 at 12:57:26PM -0400,
Rick Dicaire wrote
a message of 276 lines which said:
> Hi Thomas, obfuscating IP addresses doesn't help in the least.
No problem, the IP address is known by the TLD name servers.
% dig @a.gtld-servers.net ns1.sleepyvalley.net
;
On Sat, May 26, 2018 at 11:44:58AM -0500,
Thomas Strike wrote
a message of 269 lines which said:
> they say that the problem is with my server.
They were right.
> I am here asking for fresh sets of eyes to look at my setup file and the
> domain zone record that is
On Tue, Mar 13, 2018 at 10:52:50AM +0100,
Carsten Strotmann wrote
a message of 19 lines which said:
> is automatic DNSSEC Delegation Trust Maintenance (RFC 7344/8078)
> already support at the TLD level somewhere? I know it is implemented
> in BIND 9.11+ and Knot, but can it
On Fri, Mar 09, 2018 at 03:28:18PM +0300,
Diarmuid O Briain wrote
a message of 427 lines which said:
> However quite frankly I do not get how the AS112 service is accessed via
> anycast.
Did you configure your routing as mentioned in section 3.4 of RFC 7534?
> Another
On Fri, Mar 09, 2018 at 12:32:41PM +0300,
Diarmuid O Briain wrote
a message of 122 lines which said:
> Mar 09 08:11:43 as112 named[3787]: internal_send: 2620:4f:8000::42#53:
> Invalid argument
> Mar 09 08:11:43 as112 named[3787]: internal_send: 192.175.48.42#53: Invalid
On Thu, Mar 08, 2018 at 12:52:57PM +,
Tony Finch wrote
a message of 49 lines which said:
> Best way to achieve this is with anycast, which can be pretty
> time-consuming to set up - try searching for Nat Morris's
> presentation "anycast on a shoestring" which he gave at
On Thu, Aug 24, 2017 at 09:33:32AM +0600,
Ganga R. Dhungyel wrote
a message of 677 lines which said:
> # dig @localhost www.icann.org A +dnssec
When you suspect a DNSSEC issue, always retry dig with +cd (Checking
Disabled). And post the result.
On Thu, May 05, 2016 at 04:06:06PM +,
Cuttler, Brian R. (HEALTH) wrote
a message of 34 lines which said:
> I configured the change for my external test server only
> (199.184.16.7, which is _probably_ available for external query)
No.
% dig @199.184.16.7 A
On Thu, May 05, 2016 at 03:42:24PM +,
Cuttler, Brian R. (HEALTH) wrote
a message of 29 lines which said:
> External record in the zone file is actually
> wadsworth.org. 300 IN A 199.184.16.22
None of the three name servers for wadsworth.org serve this A
On Wed, May 04, 2016 at 02:02:24PM -0400,
Rob Heilman wrote
a message of 305 lines which said:
> We run BIND 9.9.5-9 on Debian x86_64 to support a moderately sized
> email hosting system. System info listed at the end of this
> message. We are seeing intermittent but
On Wed, May 04, 2016 at 07:03:13PM +1000,
Mark Andrews wrote
a message of 15 lines which said:
> fill in with the rest of the root servers names.
And if you don't like to type, or if you use another root:
sudo tcpdump -n -i ${INTERFACE} port 53 and \( $(for ns in $(dig
On Wed, Apr 27, 2016 at 07:32:48AM -0700,
Matthew Pounsett wrote
a message of 49 lines which said:
> One of these days I'd like to lead a serious lobbying effort against
> the browser developers at the W3C to have SRV records for HTTP
> standardized.
I fully agree and, if
On Wed, Apr 27, 2016 at 10:23:19AM -0400,
Barry Margolin wrote
a message of 28 lines which said:
> You would only be able to do this if you could put the CNAME record
> in the parent domain, instead of delegating domain.com to your own
> server. But do any domain
On Wed, Apr 27, 2016 at 05:26:53PM +0300,
Daniel Dawalibi wrote
a message of 50 lines which said:
> DNS registrar that can offer this option by using apex/naked/root
> domain redirection
Sorry, but I cannot parse this sentence.
Also, as I said, this is not about
On Wed, Apr 27, 2016 at 05:05:50PM +0300,
Daniel Dawalibi wrote
a message of 52 lines which said:
> our setup requires a CNAME record.
Bad setup. (And has always been bad.)
___
Please visit
On Wed, Apr 27, 2016 at 01:56:27PM -,
John Levine wrote
a message of 23 lines which said:
> Assuming you mean this (notice the dots):
>
> Domain.com. CNAME x.y.com.
> www CNAME x.y.com.
>
> it should work.
I disagree. I have the same experience as Daniel
On Wed, Apr 27, 2016 at 02:55:18PM +0300,
Daniel Dawalibi wrote
a message of 99 lines which said:
> We are facing a resolving problem on BIND DNS when adding a CNAME RR
> for root domain and other records.
I don't think that you manage the root domain so you
On Wed, Apr 27, 2016 at 02:33:26AM -0400,
digen wrote
a message of 169 lines which said:
> Any inputs on debugging this problem will be much appreciated.
The usual stuff:
1) Is the machine hosting the resolver overloaded? top, for instance
2) is the link to the
On Thu, Apr 14, 2016 at 11:55:04AM +0300,
Daniel Dawalibi wrote
a message of 22 lines which said:
> Do you think it is better to remove it from named.root?
Certainly not, your resolver removes it automatically from the list of
authoritative servers for the zone.
On Thu, Apr 14, 2016 at 08:35:00AM +0200,
Daniel Stirnimann wrote
a message of 14 lines which said:
> Looks like you are not alone!
>
> https://atlas.ripe.net/dnsmon/group/g-root
Only broken over UDP. Works on TCP and still replies to traceroute.
On Wed, Nov 18, 2015 at 12:19:57PM +,
Phil Mayers wrote
a message of 44 lines which said:
> I suspect getaddrinfo isn't parsing the DNS response for some reason.
...
> Obviously the *.thing on the RHS of the first CNAME is weird, but is it
> illegal?
Yes, for a
On Mon, Sep 07, 2015 at 03:33:00PM +0530,
Harshith Mulky wrote
a message of 60 lines which said:
> How do System administrators add DNS Zone records in DNS Servers?
By not using outlook.com for email :-) No, I'm kidding, there are
several ways:
> Is there a
[The domain has recently changed its configuration so do not test it.]
With Unbound, I get a SERVFAIL:
% dig DNSKEY cepn.asso.fr
; DiG 9.9.5-8-Debian DNSKEY cepn.asso.fr
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 62442
;; flags: qr rd ra; QUERY: 1,
On Tue, Feb 17, 2015 at 07:34:37AM +1100,
Mark Andrews ma...@isc.org wrote
a message of 171 lines which said:
The validator is *not* supposed to *check* if the zone has been
signed with all the alogorithms in the DS RRset. It is supposed to
keep trying all RRSIG/DS/DNSKEY combinations
On Fri, Aug 01, 2014 at 09:56:53AM +0700,
Xuan Hung hungn...@viettel.com.vn wrote
a message of 298 lines which said:
I think this problem of me, need have version new of Bind.
9.9.5 is quite recent. Actually, it is the latest in 9.9 branch. What
makes you think upgrading would change
On Mon, Jul 14, 2014 at 07:14:57PM -0700,
Paul B. Henson hen...@acm.org wrote
a message of 56 lines which said:
I also don't think this is what educause is doing, as I haven't had
any trouble entering DS records for published but not activated
KSK's in the past,
You can also note that it
On Mon, Jul 14, 2014 at 01:24:38PM -0700,
Paul B. Henson hen...@acm.org wrote
a message of 135 lines which said:
And finally, the new key I just created, for which I'm trying to add DS
records. The dsset file created by dnssec-signzone says these records should
be:
I find the same values
On Mon, Jul 14, 2014 at 10:40:19PM +0200,
Stephane Bortzmeyer bortzme...@nic.fr wrote
a message of 19 lines which said:
So, I suspect a bug in EDUCAUSE.
Your DNSKEY set being a little over 1500 bytes, you may suspect a MTU
issue.
___
Please visit
On Wed, May 21, 2014 at 12:56:32PM +0100,
Simon Waters simon.wat...@surevine.com wrote
a message of 58 lines which said:
BIND 9 logs report: RRSIG has expired for www.ise.gov
Indeed.
www.ise.gov.43200 IN RRSIG CNAME 5 3 43200 (
20140513120652
On Fri, Mar 14, 2014 at 12:33:47PM +,
Phil Mayers p.may...@imperial.ac.uk wrote
a message of 25 lines which said:
dig @server zone axfr file
diff file file.real
diff is not clever enough, you'll find many spurious differences. Try
feeding the two files (the local one and the AXFRed one)
On Fri, Mar 14, 2014 at 12:33:47PM +,
Phil Mayers p.may...@imperial.ac.uk wrote
a message of 25 lines which said:
dig @server zone axfr file
diff file file.real
If you're really paranoid, it may not be sufficient since a server may
reply differently to normal DNS queries and to zone
On Tue, Feb 04, 2014 at 10:40:46AM +0100,
ro...@ip-plus.net ro...@ip-plus.net wrote
a message of 19 lines which said:
I use the options query-source, notify-source, and transfer-source.
Still I get outgoing queries with another source address.
Are you sure they come from BIND and not from,
On Fri, Jan 17, 2014 at 01:34:00PM +,
John Horne john.ho...@plymouth.ac.uk wrote
a message of 40 lines which said:
log-only yes;
From the ARM:
Use commandlog-only yes/command to test rate limiting parameters
without actually dropping any requests.
I get 10
On Fri, Nov 15, 2013 at 02:47:10PM +0530,
benjamin fernandis benjo11...@gmail.com wrote
a message of 50 lines which said:
Can we use bind DNS for Gi/Gn DNS?
I have no idea what Gi/Gn is. Can anyone post an explanation?
___
Please visit
These name servers have another interesting feature: the serial number
is different depending on whether you set the DO bit or or:
% dig +short +dnssec +bufsize=4096 @ns1.uscg.mil SOA uscg.mil
osc-bloxmaster.iap.uscg.mil. hostmaster.uscg.mil. 2012079853 10800 1080 604800
900
...
% dig +short
I try to understand DNS64 and there is a problem I don't get. I have
BIND configured with:
dns64 2001:db8:1:64::/96 { // Network-Specific Prefix
clients { me; };
};
and it works, synthesis happens when the domain name has no records:
% dig +cd @localhost -p
On Tue, Oct 22, 2013 at 12:47:38AM +1100,
Mark Andrews ma...@isc.org wrote
a message of 98 lines which said:
dns64 {
clients { me; };
break-dnssec yes;
};
OK, it works without the DO bit (dig +nodnssec, I had +dnssec in my
~/.digrc) or with
I'm trying RRL on the new BIND 9.9.4.
When RRL steps in, if I understand the documentation properly, two
things are logged, a summary of the beginning and end of RRL, and one
message per rejected query (!) Since RRL is used when there is an
attack, there are *many* such messages. Worse, the
One of my contacts noticed that you cannot query 42.fr's SOA with
BIND: SERVFAIL. Querying other types, or using Unbound (or Google
Public DNS) instead of BIND works.
The only thing special he sees is the double SOA:
% dig SOA 42.fr
; DiG 9.9.2-P1 SOA 42.fr
;; global options: +cmd
;; Got
On Fri, Aug 02, 2013 at 10:49:22AM +0530,
rams brames...@gmail.com wrote
a message of 41 lines which said:
I have 9.7 bind installed and configured recursive. When i query
against forwader i am not getting AD flag. Could you please guide me
how to get AD flag.
Several possible reasons:
I have a zone maintained by:
inline-signing yes;
auto-dnssec maintain;
update-policy local;
I switched it from the default NSEC to NSEC3 with:
rndc signing -nsec3param 1 0 10 68f499ee auto.rd.nic.fr
It seems to work but the zone still contains NSEC signatures (but no
When I run a BIND with auto-dnssec maintain and inline-signing
yes, if I create no key, there is no error message and, worse, the
log file says the zone is signed:
Jul 30 16:31:42 u12-33673 named[1605]: zone auto.rd.nic.fr/IN (unsigned):
loaded serial 2013073000
Jul 30 16:31:42 u12-33673
On Tue, Jul 30, 2013 at 09:50:46AM -0500,
Jeremy C. Reed jr...@isc.org wrote
a message of 7 lines which said:
Of course, there is no signature:
% dig +multi @localhost SOA auto.rd.nic.fr
Add +dnssec
[I thought it was in my .digrc.] It changes nothing. Without a key,
BIND could not
On Thu, Jul 25, 2013 at 12:05:35AM +0100,
Tony Finch d...@dotat.at wrote
a message of 21 lines which said:
Obvious question: does BIND have permission to read the private key?
Yes, it runs (it is an experimental setup) as the same user which
owns the private key file.
I guess it does since
On Wed, Jul 24, 2013 at 09:58:08AM -0700,
David Newman dnew...@networktest.com wrote
a message of 89 lines which said:
Not sure if this is the problem, but have you tried with
managed-keys-directory in options instead of key-directory?
I just tried, and same warning:
26-Jul-2013
On Fri, Jul 26, 2013 at 08:54:26AM +0200,
Stephane Bortzmeyer bortzme...@nic.fr wrote
a message of 23 lines which said:
I just tried, and same warning:
But only at startup and not afterwards so it is an improvment.
___
Please visit https
On Fri, Jul 26, 2013 at 08:52:04AM +0200,
Stephane Bortzmeyer bortzme...@nic.fr wrote
a message of 24 lines which said:
Yes. I tested with two keys, a KSK and a ZSK and the warning
disappears.
Another solution, even if using only one key, is to add:
update-policy local; # Necessary
I'm trying auto-dnssec maintain; with a BIND 9.9.3-P1. My
configuration is:
options {
directory /tmp/bind;
key-directory /tmp/bind;
};
zone example {
type master;
file example;
inline-signing yes;
auto-dnssec maintain;
};
Apparently, everything
On Mon, Jul 22, 2013 at 03:01:47PM +1000,
Mark Andrews ma...@isc.org wrote
a message of 56 lines which said:
It SHOULD have record of type SPF as per RFC 4408. Named will
complain if both types are not present.
Then, named is now wrong, since RFC 6686.
On Mon, Jul 22, 2013 at 12:39:53PM +0200,
Matus UHLAR - fantomas uh...@fantomas.sk wrote
a message of 28 lines which said:
This was discussed here already, and imho this is anti-spf bullshit
like all those spf breaks forwarding FUD. The SPF RR is already
here and is preferred over TXT that
On Tue, Jul 23, 2013 at 02:30:49PM -0400,
Kevin Darcy k...@chrysler.com wrote
a message of 565 lines which said:
When you dial a telephone number, do you worry that your dialing may
have consequences against telephone numbers that you *didn't*
dial? Seems very unlikely.
OK, but switching
On Wed, Jul 24, 2013 at 10:52:51AM -0400,
James Chase chase1...@gmail.com wrote
a message of 64 lines which said:
However if I try to ping dns3.mandala-designs.com from different
network locations it still returns the IP address of our old server,
Probably the usual problem with in-zone
On Wed, Jul 17, 2013 at 05:05:31PM -0700,
Ray Van Dolson rvandol...@esri.com wrote
a message of 36 lines which said:
Tried dns-ad...@fbi.gov but got a bounce. :(
You want Sandra Bullock's, er, Sarah Ashburn's phone number?
http://en.wikipedia.org/wiki/The_Heat_%28film%29
On Fri, Jun 14, 2013 at 02:27:50PM +,
Manson, John john.man...@mail.house.gov wrote
a message of 138 lines which said:
We are running Bind 9.9.2 and would like to invoke the rate-limit
option but named says 'unknown option'.
RRL (Response Rate Limiting) is an unofficial patch. You'll
On Sun, Mar 24, 2013 at 04:55:13PM -0700,
blrmaani blrma...@gmail.com wrote
a message of 17 lines which said:
I am developing a monitoring script for internal use and this
requires extensive querying of TLD nameservers (a .. m).tld servers.
[TLD operator hat on.]
Hard to ansdwer without
On Mon, Jan 21, 2013 at 04:35:39PM +0200,
Georg Kahest georg.kah...@internet.ee wrote
a message of 19 lines which said:
I'm unable to figure out where does one register for jabber.isc.org
account.
I don't speak for ISC but may I ask why you need one? There are many
XMPP providers in the
On Mon, Jan 21, 2013 at 04:44:53PM +0200,
Georg Kahest georg.kah...@internet.ee wrote
a message of 19 lines which said:
I was interested of idling in bind 10 dev channel.
So? XMPP is federated, like any good system (like email). You don't
need an account in the isc.org email server to use
On Mon, Jan 21, 2013 at 05:09:16PM +0200,
Georg Kahest georg.kah...@internet.ee wrote
a message of 20 lines which said:
I'm failing to understand how i should configure my xmpp client (
pidgin ) without user credentials. Without entering
username/password i can't add the account, and with
On Mon, Jan 21, 2013 at 04:17:40PM +0100,
Stephane Bortzmeyer bortzme...@nic.fr wrote
a message of 19 lines which said:
1) Choose a XMPP provider. I would recommend Google Talk (gratis,
very reliable) since this is the one I use. If you don't like/use
Google, jabber.org offers a gratis
On Mon, Jan 14, 2013 at 06:36:44PM +0530,
Gaurav Kansal gaurav.kan...@nic.in wrote
a message of 156 lines which said:
I tried the following commands, but unfortunately didn't succeed.
Why do you want to limit? If it is against a DoS attack, I warn you
that most Netfilter modules (for
On Fri, Dec 14, 2012 at 09:00:31AM +,
Can Şirin sirin...@itu.edu.tr wrote
a message of 114 lines which said:
I mean, choosing the faster ones (root-servers) is gonna be better
for speed performans.
Yes, but BIND does it (testing the fastest) and probably better than
you.
Is there any
On Fri, Oct 26, 2012 at 06:08:32AM -0700,
enigmedia online-...@enigmedia.com wrote
a message of 29 lines which said:
TXT IN (v=spf1 a mx ptr ip4:65.49.39.152/29 ~all
DZC=DlaVBmG)
This is *one* TXT record made of two strings. Whether or not the SPF
standard
On Fri, Oct 26, 2012 at 06:31:31AM -0700,
enigmedia online-...@enigmedia.com wrote
a message of 34 lines which said:
I wasn't sure if I was allowed to have more than one TXT record in
a zone, and when I googled around the only references I saw were to
concatenating multiple name-value pairs
It may be a bug in BIND and it is certainly a bug in the zone
pcextreme.nl.
BIND validating resolvers are unable to get the IP address of
v1.pcextreme.nl.
I believe this is because of the strange NSEC:
tools-newerst.pcextreme.nl. 2315 IN NSECv2.pcextreme.nl. RRSIG NSEC
which says
On Tue, Oct 23, 2012 at 06:27:12AM -0700,
Casey Deccio ca...@deccio.net wrote
a message of 88 lines which said:
The issue here is that no delegation NS records exist for
v1.pcextreme.nlin its parent zone, pcextreme.nl. Thus when any
server (authoritative for both zones) is queried for
On Tue, Sep 18, 2012 at 08:31:13PM +0800,
pangj pa...@riseup.net wrote
a message of 12 lines which said:
do you know what dns software is used by cloudflare?
I don't know.
and how they defend the DDoS against DNS?
http://blog.cloudflare.com/65gbps-ddos-no-problem
On Mon, Sep 10, 2012 at 11:47:38AM -0700,
Ponga ponga2...@gmail.com wrote
a message of 55 lines which said:
But if I ask any root server, [...] DiG 9.7.3 -t ns intaq.com
@192.42.93.30
192.42.93.30 is not a root name server.
___
Please visit
On Thu, Sep 06, 2012 at 08:06:45AM -0400,
Timothe Litt l...@acm.org wrote
a message of 466 lines which said:
This is a script to automagically update the root hints file.
Since the first thing BIND does at startup is to check the root NS
set, and since DNSSEC guarantees that it is genuine,
On Wed, Sep 05, 2012 at 07:51:05AM +0100,
Phil Mayers p.may...@imperial.ac.uk wrote
a message of 18 lines which said:
See also:
http://publicsuffix.org/
And remember it is unofficial, not perfectly maintained and has
several holes. It's OK if you accept a few misclassifications.
On Wed, Sep 05, 2012 at 10:01:45AM +0300,
syed haq smu...@gmail.com wrote
a message of 66 lines which said:
EDNS not supported by ***.**.**.**
1) Test your name server to be sure the diagnostic is correct:
dig +bufsize=4096 @YOUR-NAME-SERVER SOA YOUR-DOMAIN
You should get in the answer
On Wed, Sep 05, 2012 at 11:11:43AM +0300,
syed haq smu...@gmail.com wrote
a message of 134 lines which said:
That means EDNS is not supported by that var of SunOS ,can you give
me the commands for checking the ENDS,BIND version in sunos
I already gave them (dig). You simply cannot expect to
On Wed, Sep 05, 2012 at 04:29:25PM +0300,
syed haq smu...@gmail.com wrote
a message of 769 lines which said:
That means I need to completely upgrade the OS to make the EDNS support
Personal opinion: you need to follow a serious Unix sysadmin training
first. From your messages, it seems you
On Thu, Aug 30, 2012 at 01:34:07PM +0100,
Niall O'Reilly niall.orei...@ucd.ie wrote
a message of 32 lines which said:
Don't waste your time.
This approach is superficial.
http://www.bortzmeyer.org/images/please-close-gate.jpg :-)
On Thu, Aug 30, 2012 at 03:16:32PM +0200,
fddi f...@gmx.it wrote
a message of 15 lines which said:
Actually many telephone companies in the world are doing this,
They're wrong politically (censorship) and they're wrong technically
(see O'Reilly's answer).
Copying telephone companies is not
1 - 100 of 304 matches
Mail list logo