Re: SERVFAIL from validating nameservers for advocaat.pro advocaten.pro
On Feb 6 2009, Mark Andrews wrote: In message prayer.1.3.1.0902051754210.4...@hermes-2.csi.cam.ac.uk, Chris Thompson writes: [...] More info about the not consistently bit. With nothing about them in the cache (rndc flushname advocaat.pro) looking up SOA or NS records for them gives SERVFAIL. But looking up A records does not, and after that SOA and NS lookups work OK as well. Hmmm... The TLD lies. DNSSEC is doing exactly what it is supposed to do and is blocking ibad answers. Mark ; DiG 9.3.6-P1 advocaat.pro soa @c.gtld.pro +dnssec ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 29667 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;advocaat.pro. IN SOA ;; AUTHORITY SECTION: pro. 14400 IN SOA a.gtld.pro. hostmaster.registrypro.pro. 2009020518 28800 7200 604800 300 Ah, yes -- many thanks for the elucidation. Indeed, looking up SOA for advocaat.pro via a non-validating nameserver (without it having already discovered the NS records for it) believes this crap and reports it back to the caller. The nameservers for pro seem to have some very odd bugs: * asked about the SOA for a sub-zone, they authoritatively deny its existence, as above. * asked about NS records for a sub-zone, they return the delegation set as the _answer_. That's also true of the *.gtld-servers.net lot, but these are worse, because unlike them they claim the answer is authoritative. * even when they do give a referral, it is marked authoritative. One hardly dares to ask how they achieve all this ... -- Chris Thompson Email: c...@cam.ac.uk ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Case For Microsoft DNS v. BIND 9 - Or Best Practices For Coexisting
wiskbr...@hotmail.com wrote: The case the windows team made was ease of adding entries, you simply add into the MMC, or even easier, when you join a host into a domain, it adds itself. This is not even true. To add a host to a domain you have to register it manually, either by going into ADS and adding it or a Domain Adminstrator has to enter it on the machine using his/her adminstrator password. There's nothing automatic about this. Danny ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
bind9-default.md5sum file
Hi I'm running bind on Debian Lenny. Does anyone know what the file /usr/share/bind9/bind9-default.md5sum is for ? Googling for it didn't reveal any desciptions. According to Debian's package installation checksums, this file has changed. Is that to be expected ? The bind package version is 1:9.5.0.dfsg.P2-5.1 Many thanks, Declan ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Case For Microsoft DNS v. BIND 9 - Or Best Practices ForCoexisting
Baird, Josh wrote: Actually, yes, if you have dynamic DNS registration enabled on the client/host and server, an 'A' record will automatically be created in the AD zone. It needs to be registered in the domain first. Otherwise any system could mascarade as another system. Danny Josh From: bind-users-boun...@lists.isc.org on behalf of Danny Mayer Sent: Sat 2/7/2009 2:29 PM To: wiskbr...@hotmail.com Cc: bind-users@lists.isc.org Subject: Re: Case For Microsoft DNS v. BIND 9 - Or Best Practices ForCoexisting wiskbr...@hotmail.com wrote: The case the windows team made was ease of adding entries, you simply add into the MMC, or even easier, when you join a host into a domain, it adds itself. This is not even true. To add a host to a domain you have to register it manually, either by going into ADS and adding it or a Domain Adminstrator has to enter it on the machine using his/her adminstrator password. There's nothing automatic about this. Danny ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
NS validation?
A business customer of ours could not change their DNS entry at Register.com from ns1.mtcnet.net/ns1.netins.net. After 10 failed attempts thru register.com to register domain to ns1.mtcnet.net and ns1.netins.net, I contacted Register.com and escalated this call to their highest tech authority. I found out that Register.com uses 'VeriSign' as its DNS Registered Validator. Apparently when I transferred this domain name from a different registrar I was supposed to use a special DNS Registration thru VeriSign option (who knew?) then transfer this to register.com For some reason VeriSign doesn't have NS1.MTCNET.NET on its list as registered DNS. Go figure. Ever heard of this before? Frank attachment: winmail.dat___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
