Re: Simple question about zone and CNAME
On 04/08/2013 06:59 PM, Novosielski, Ryan wrote: Someone can correct me if I'm wrong, but I think they'd be right if and only if the webserver they're adding the A record for happens to also be the AD server. In principle that's correct. In practice, running a publicly accessible webserver on your AD controllers is a bad move IMO. The security implications are gruesome. I think I almost dislike the idea so much that I'd suggest split DNS before this. And given how much I dislike split DNS, that's saying something. But hey, to each their own. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Simple question about zone and CNAME
In article mailman.49.1365191296.20661.bind-us...@lists.isc.org, wbr...@e1b.org wrote: And then there's theses folks: http://no-www.org/ On 04/08/2013 06:42 AM, Sam Wilson wrote: Is co-opting high-level name space for a single protocol a modern-day landgrab? On 08.04.13 20:58, Doug Barton wrote: Is holding on to the antiquated notion that every protocol needs a unique hostname charmingly anachronistic, or just plain obstructionist? (See what I did there?) it's kind of best practice for cases a domain contains more hosts with different usage. But you know this, don't you? For bonus points, list the number of services running on your typical server configuration, and then tell us how many of them have their own hostnames. Start with dns, ssh, and ntp. confinue with smtp/pop/imap. The www belongs to these, not to the dns/ssh/ntp The point being that the world moved on, and putting websites on hostnames that don't start with www. is the common case now. Can we save our energy for something more productive? Why did you post this then? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Eagles may soar, but weasels don't get sucked into jet engines. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Adding foreign DNSKEY with inline-signing
Hello, I'd like to change the DNS operator for a signed domain, where the parent does not allow a DS that is not pointing to an active DNSKEY (thus the double-DS procedure won't work). As a result I'd need to insert the old DNSKEYs in the new zone. However, bind tries to do something with them, and complains about missing private keys (which I obviously don't have). How could I tell bind to take these DNSKEYs and sign them, no questions asked? Zone config: auto-dnssec maintain; inline-signing yes; Gilles -- Fondation RESTENA - DNS-LU 6, rue Coudenhove-Kalergi L-1359 Luxembourg tel: (+352) 424409 fax: (+352) 422473 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
rndc stats - referral versus failure
Looking at rndc stats output on an older BIND 9.3 nameserver versus output on a new BIND 9.7 nameserver. It seems that the 9.3 and 9.7 referrals and failures are flipped in rndc stats output. Does that make sense? On the 9.3 nameserver I see a boatload of referrals and almost no failures. On the 9.7 nameserver it's flipped : a boatload of failures and almost no referrals. Named.conf on the 2 nameservers is set up identically. Thanks, Martin Meadows ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
clients-per-query increased to 15
Ive started having some issues with one of my subnets. Im seeing messages like the following in my log files: clients-per-query increased to 15 I did a little googling and found where this is adjustable per the named.conf. I currently dont have anything in my named.conf that outlines this. Im currently running BIND 9.9.1-P2 with 31 zone files (all on a seperate subnet). The server has 8 virtual interfaces that answer for each subnet. This worked fine in the past, but I think I may have reached my limit. DNS and DHCP run on the same server. Can I increase this limit to help my dns issue, or is this going to be counterproductive. Should I seperate and run a physical dns server at each site, instead of using one for all 8 sites? There is gig links between each site and my dns server. ddh -- Dwayne Hottinger Network Administrator Harrisonburg City Public Schools ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users