On 13.01.22 14:29, Tim Daneliuk via bind-users wrote:
Environment: Master/Slave with Split Horizon both on FreeBSD-STABLE
Bind 9.16.24_1
Master out in a cloud server
Slave on a physical server with a static IP on Comcast Business
Problem: After years of
Environment: Master/Slave with Split Horizon both on FreeBSD-STABLE
Bind 9.16.24_1
Master out in a cloud server
Slave on a physical server with a static IP on Comcast Business
Problem: After years of stable behavior, Slave intermittently not resolving
On 10/1/2014 3:45 PM, Tony Finch wrote:
(Sorry for straying off topic. I have less experience of Cisco PIX/ASA
breaking DNS than of them breaking SMTP.)
I can't resist either..
I specifically remember a PIX that bit me by helpfully changing the
payload of an axfr so that the A records that
-Original Message-
From: Dave Sparro dspa...@gmail.com
Date: Friday, October 3, 2014 at 1:04 PM
To: bind-users@lists.isc.org bind-users@lists.isc.org
Subject: Re: Diagnostic help part 2
On 10/1/2014 3:45 PM, Tony Finch wrote:
(Sorry for straying off topic. I have less experience of Cisco
In article mailman.1035.1412133286.26362.bind-us...@lists.isc.org,
Eli Heady eli.he...@gmail.com wrote:
With response sizes growing (dnssec, ipv6), answers are more likely to be
too large for UDP.
That's unlikely. That's why EDNS was created, so that these large
answers wouldn't require TCP.
On 10/1/14 8:17 AM, Barry Margolin wrote:
In article mailman.1035.1412133286.26362.bind-us...@lists.isc.org,
Eli Heady eli.he...@gmail.com wrote:
With response sizes growing (dnssec, ipv6), answers are more likely to be
too large for UDP.
That's unlikely. That's why EDNS was created, so
-Original Message-
From: Doug Barton do...@dougbarton.us
Date: Wednesday, October 1, 2014 at 2:07 PM
To: bind-users@lists.isc.org bind-users@lists.isc.org
Subject: Re: Diagnostic help part 2
On 10/1/14 8:17 AM, Barry Margolin wrote:
In article mailman.1035.1412133286.26362.bind-us
Mike Hoskins (michoski) micho...@cisco.com wrote:
This isn't even specific to DNS...for example, there was a time when just
turning on what sounds good for cisco, netscreen and even checkpoint
would break other things like ESMTP.
You mean Cisco have fixed the grossly damaging bugs in the
If you would be so kind as to run the nmap test again from your location and
let me know if you're seeing the correct - or at least *more* correct
answers, I'd appreciate it.
Bill,
It looks good now.
Starting Nmap 5.51 ( http://nmap.org ) at 2014-10-01 12:47 MST
Nmap scan report for
In message 5D9044356DCF9341A7D1CDAE12FC601C2976D2A5@exch10-mb2.ccbill-hq.local
, John Anderson writes:
If you would be so kind as to run the nmap test again from your location and
let me know if you're seeing the correct - or at least *more* correct answe
rs, I'd appreciate it.
Bill,
It
Thanks! That cleared up a number of problems.
Now to tackle some of the others...
On 10/1/14, 2:51 PM, John Anderson wrote:
If you would be so kind as to run the nmap test again from your location and let
me know if you're seeing the correct - or at least *more* correct answers, I'd
On 2014-10-02 01:03, Mark Andrews wrote:
TCP has always been required for DNS except in very special
circumstances. Go read RFC 1123. Go look at the definition of
SHOULD. Unless you really knew what you were doing TCP as always
been expected to be ON.
Some people refuse to enable stuff
On 29.09.14 20:58, Ben Croswell wrote:
The default for allow query is local host local nets. Basically the server
itself and directly connected networks
no, that is the default for allow_recursion (and allow_query_cache).
the default for allow_query is all.
On Sep 29, 2014 8:03 PM, Bill
Ok, since I theoretically have the allow-query correct I need to move on
to what else may be wrong.
When I test with http://www.intodns.com/ or other online tools, I'm
getting ERROR: One or more of your nameservers did not respond (the
IP is the server in question)
BIND 9.10.1 *appears*
Fair enough.
http://localhost:10800/bind8/edit_master.cgi?zone=Africabound.orgAfricabound.org
SustainableSources.com
The server that's giving problems is ns1.sustainablesources.com
205.238.182.102
(yes, I'm aware of intermittent problems with ns3 as well. That one's
not under my control,
Hi--
On Sep 30, 2014, at 1:59 PM, Bill Christensen billc_li...@greenbuilder.com
wrote:
Fair enough.
Africabound.org
SustainableSources.com
The server that's giving problems is ns1.sustainablesources.com
205.238.182.102
Your 102 box doesn't seem responding to 53/udp or 53/tcp from
On 9/30/14, 4:15 PM, Charles Swiger wrote:
Hi--
On Sep 30, 2014, at 1:59 PM, Bill Christensen
billc_li...@greenbuilder.com mailto:billc_li...@greenbuilder.com
wrote:
Fair enough.
http://localhost:10800/bind8/edit_master.cgi?zone=Africabound.orgAfricabound.org
http://Africabound.org
If named is running and doesn't respond on the external interface, it's
possible that your listen-on {}; directive is set to only localhost.
TCP connections to 205.238.182.102 come back Connection refused, so
it's possible that BIND just isn't listening on the interface or perhaps
you're
On 9/30/14, 5:52 PM, Rich Goodson wrote:
If named is running and doesn't respond on the external interface,
it's possible that your listen-on {}; directive is set to only localhost.
You may have hit on hit there. It was set to
listen-on { 127.0.0.1; };
I just changed that to:
Hi folks,
Something got sideways on one of my DNS servers, and I would appreciate
some help in figuring out what's going on.
I'm running BIND 9.10.1. This server is authoritative master for a
number of domains.
First off, I may have the allow-query set incorrectly. Currently I have:
acl
The default for allow query is local host local nets. Basically the server
itself and directly connected networks
On Sep 29, 2014 8:03 PM, Bill Christensen billc_li...@greenbuilder.com
wrote:
Hi folks,
Something got sideways on one of my DNS servers, and I would appreciate
some help in
So if my server is authoritative for MyDomain.com, should Joe Sixpak be
able to resolve it via whatever DNS he's using, as mine is currently set up?
Do I need to change it to
|allow-query { any; };|
in order to allow that to happen? Will my restriction on recursion keep
the riffraff
22 matches
Mail list logo