Stalling slave transfers
Hi, I have a problem with one of 3 slave servers, all set up the exact same way, with the exact same bind version and configuration. One slave has a problem transfering zones from the master. The logfiles are flooded with received notify for zone .. refresh in progress, refresh check queued lines and rndc status returns a constant high number of soa queries in progress. After a few hours the zones are transfers, so the connection to the master is working, but there is a major delay. I tried resetting the slave and transfering ALL slave zones again, which worked fine instantly. The problem still appeared again after a few hours though. The master has three network-paths, one on external IP, one on internal IP and one on IPv6. All 3 paths work fine, because the transfers happen after an hour or so. There is no hints in the master's log. The other two slaves are running perfectly, no errors or delays what so ever. Bind version 9.9.2-P2 (recently upgraded to). Any hints would be appreciated, as I feel like I've exhausted most options. Thank you. -- Tom Sommer ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Classless PTR query issue
On Tuesday, May 7, 2013 9:06:53 PM UTC-4, Doug Barton wrote: On 05/07/2013 01:50 PM, Matus UHLAR - fantomas wrote: On 07.05.13 11:06, Michael Varre wrote: So interestingly they did give me their setup and this is their response, and my warm and fuzzy feeling continues to go out the window: They use SimpleDNS Record Name: 65.246.59.108.in-addr.arpa DNS Server (FQDN): dns1.kishmish.com. TTL: 1 Hour I'd imagine this is wrong since 65 is my starting IP rather than my network IP, which is 64. they use that sucking djbdns-like way of delegating zones. Instead of creating one zone and pointing 16 CNAMEs into it, they want you to create 16 zones. Advise them to read RFC 2317 and do things right way. https://dougbarton.us/DNS/2317.html I sent them the RFC yesterday and even sent them the KB article from SimpleDNS.com but I think they still have something done incorrectly. It's amazing how large hosts take proper DNS administration for granted these days. I don't have time to teach them how to do this anymore, so unfortunately I think I'm going to throw in the towel and just have them create the PTR records for me...right now I just need them to resolve! Thanks everyone for your input. I will reference this thread for them in the next few weeks if I'm able to fine someone able to make the proper changes. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
resolver, search command....
my resolv.conf looks like nameserver 10.10.10.10 nameserver 10.10.10.20 search path1.mydomain.com path2.mydomain.com I would expect if I type the following: dig myhost It would search for that host in path1 or path2 listed above. It does not, a +trace shows the resolver querying the root servers for myhost. So it appears the search command does not work in environment. [root@server1 # dig myhost +trace ; DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 myhost +trace ;; global options: +cmd . 98386 IN NS k.root-servers.net. . 98386 IN NS m.root-servers.net. . 98386 IN NS b.root-servers.net. . 98386 IN NS i.root-servers.net. . 98386 IN NS e.root-servers.net. . 98386 IN NS f.root-servers.net. . 98386 IN NS a.root-servers.net. . 98386 IN NS d.root-servers.net. . 98386 IN NS j.root-servers.net. . 98386 IN NS c.root-servers.net. . 98386 IN NS g.root-servers.net. . 98386 IN NS l.root-servers.net. . 98386 IN NS h.root-servers.net. ;; Received 512 bytes from 10.176.156.20#53(10.16.16.20) in 9 ms ^C[root@server1]# vi /etc/resolv.conf ^C Any idea why? Thanks in advance... ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: resolver, search command....
On 05/08/2013 10:32 AM, John Williams wrote: my resolv.conf looks like nameserver 10.10.10.10 nameserver 10.10.10.20 search path1.mydomain.com path2.mydomain.com I would expect if I type the following: dig myhost You want dig +search myhost By default it ignores the searchlist in /etc/resolv.conf. -- Matthew Horsfall (alh) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: resolver, search command....
On May 8 2013, John Williams wrote: my resolv.conf looks like nameserver 10.10.10.10 nameserver 10.10.10.20 search path1.mydomain.com path2.mydomain.com I would expect if I type the following: dig myhost It would search for that host in path1 or path2 listed above. It does not, a +trace shows the resolver querying the root servers for myhost. So it appears the search command does not work in environment. [root@server1 # dig myhost +trace ; DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.2 myhost +trace ;; global options: +cmd .98386INNSk.root-servers.net. .98386INNSm.root-servers.net. .98386INNSb.root-servers.net. .98386INNSi.root-servers.net. .98386INNSe.root-servers.net. .98386INNSf.root-servers.net. .98386INNSa.root-servers.net. .98386INNSd.root-servers.net. .98386INNSj.root-servers.net. .98386INNSc.root-servers.net. .98386INNSg.root-servers.net. .98386INNSl.root-servers.net. .98386INNSh.root-servers.net. ;; Received 512 bytes from 10.176.156.20#53(10.16.16.20) in 9 ms [Presumably 10.16.16.20 is in your resolv.conf, rather than what you said above.] ^C[root@server1]# vi /etc/resolv.conf ^C Any idea why? Thanks in advance... You are (probably) under two misapprehensions. First, dig does not use the search path by default - you have to use the +search option for that. See the man page. Secondly, +trace always goes to the root nameservers and works its way down from there. That's what it is intended for - it's not some sort of debugging option as you seem to think. The only thing it uses the nameservers specified in resolv.conf, or by an @ option, for is to look up the nameservers for . to get it started. It isn't actually useful to combine +trace and +search - dig could start all over again with the search path(s) added after a negative result, but it doesn't. -- Chris Thompson Email: c...@cam.ac.uk ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
architecture question
I am building a lab environment where there are several separate domains, all of them ending in .local I've setup a server for the .local TLD, but I'm undecided (or perhaps ignorant) as to the best way to have the individual domains (domain1.local, domain2.local, etc) refer to the local zone on my TLD server. Currently I've also created a root server and set the root hints on domain1.local's dns server to refer to it. This works for local resolution, but this means that domain1.local can't perform Internet lookups. Thanks for any help, Jeremy ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: resolver, search command....
dig myhost By default dig only uses fully qualified domain names. dig +search does what you want. It would search for that host in path1 or path2 listed above.? It does not, a +trace shows the resolver querying the root servers for myhost.? So it appears the search command does not work in environment. [root@server1 # dig myhost +trace ...but dig +trace behaves completely differently, searching for the name from the root zone down and never touching the local resolver at all, so this would have queried the root server even if you'd used a FQDN. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: resolver, search command....
You probably want to use host myhost, that does use the resolv.conf as the system normally would. And it works better than nslookup. On 08/05/13 16:56, Evan Hunt wrote: dig myhost By default dig only uses fully qualified domain names. dig +search does what you want. It would search for that host in path1 or path2 listed above.? It does not, a +trace shows the resolver querying the root servers for myhost.? So it appears the search command does not work in environment. [root@server1 # dig myhost +trace ...but dig +trace behaves completely differently, searching for the name from the root zone down and never touching the local resolver at all, so this would have queried the root server even if you'd used a FQDN. -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
Enable recursion on your .local TLD server and point the domain1.local server to that server for DNS. Recursion will handle any internet queries and as .local is authoritative it will provide responses when queried. On 8 May 2013 15:56, Jeremy P jpcra...@gmail.com wrote: I am building a lab environment where there are several separate domains, all of them ending in .local I've setup a server for the .local TLD, but I'm undecided (or perhaps ignorant) as to the best way to have the individual domains (domain1.local, domain2.local, etc) refer to the local zone on my TLD server. Currently I've also created a root server and set the root hints on domain1.local's dns server to refer to it. This works for local resolution, but this means that domain1.local can't perform Internet lookups. Thanks for any help, Jeremy ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
Don't forget that Bonjour actually uses .local and will be very sour if it is sued for other purposes, I have tried. On 08/05/13 16:56, Jeremy P wrote: I am building a lab environment where there are several separate domains, all of them ending in .local I've setup a server for the .local TLD, but I'm undecided (or perhaps ignorant) as to the best way to have the individual domains (domain1.local, domain2.local, etc) refer to the local zone on my TLD server. Currently I've also created a root server and set the root hints on domain1.local's dns server to refer to it. This works for local resolution, but this means that domain1.local can't perform Internet lookups. Thanks for any help, Jeremy ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Mailing list reply-to setting
Any chance someone can correct the settings on this mailing list to reply to the list by default instead of the user posting the message? Thanks Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
On May 8, 2013, at 10.56, Jeremy P jpcra...@gmail.com wrote: I am building a lab environment where there are several separate domains, all of them ending in .local on a side note, i would strongly discourage you from using .local in dns. .local is a pseudo tld, reserved for use with mdns. -ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
Understood. This is an isolated lab full of openBSD boxes, so I'm not too worried about it. The lab will be torn down in a month or two. I will switch to something more out there in the future. I take it that .lan is safe? On Wed, May 8, 2013 at 11:03 AM, b...@bitrate.net wrote: On May 8, 2013, at 10.56, Jeremy P jpcra...@gmail.com wrote: I am building a lab environment where there are several separate domains, all of them ending in .local on a side note, i would strongly discourage you from using .local in dns. .local is a pseudo tld, reserved for use with mdns. -ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Mailing list reply-to setting
And, If I might add, adding a tag to the subject like [bind-users] would be extremely nice. regards ~Carlos On 5/8/13 12:02 PM, Steven Carr wrote: Any chance someone can correct the settings on this mailing list to reply to the list by default instead of the user posting the message? Thanks Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
From: b...@bitrate.net on a side note, i would strongly discourage you from using .local in dns. .local is a pseudo tld, reserved for use with mdns. This just came up with a site I support. Thanks to this list and the DNS-OARC list, I know better. Hopefully, I can redirect them to use something below their real domain for Active Directory such as ad.example.org. Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
On 8 May 2013 18:09, wbr...@e1b.org wrote: This just came up with a site I support. Thanks to this list and the DNS-OARC list, I know better. Hopefully, I can redirect them to use something below their real domain for Active Directory such as ad.example.org. FWIW: MS now advises not to use .local for internal AD anymore. They suggest you use your owned/registered namespace to prevent domain collisions. http://support.microsoft.com/kb/909264 Generally, we recommend that you register DNS names for internal and external namespaces with an Internet registrar... Registering your DNS name with an Internet registrar may help prevent a name collision. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Mailing list reply-to setting
From: Steven Carr sjc...@gmail.com Any chance someone can correct the settings on this mailing list to reply to the list by default instead of the user posting the message? Why, Are the settings wrong? I have used and later run lists for years, and supported Listserv(tm) servers for others for most of those years. There is no right or wrong for the reply settings. It's really a personal preference of the list owner as to how replies should be handled. If the message should go back to the list, use reply all. That's supported by all the major mail clients. Subject tagging is another preference item - no right or wrong. I have my mail client filter on the sender moving list traffic into the appropriate folder. Works just as well as filtering on the tag. Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
You could ask your institution for a subdomain to be reserved from their domain? .lan isn't AFAIK reserved for anything or in the process of being considered by ICANN. .test is reserved and will never be advertised on the internet (as are .example, .invalid and .localhost) On 8 May 2013 18:33, Jeremy P jpcra...@gmail.com wrote: I understand letter of the law, spirit of the law and playing it safe to avoid headaches. However, there are times where registering a real domain just isn't practical. For example, I'm not going to ask all of the students in my courses to go out and register a .com for the semester. It would be a waste of money as their systems never leave the local network, except through a NAT connection. So in those types of instances, I'm assuming .lan or .test are safest? On Wed, May 8, 2013 at 11:20 AM, Steven Carr sjc...@gmail.com wrote: On 8 May 2013 18:09, wbr...@e1b.org wrote: This just came up with a site I support. Thanks to this list and the DNS-OARC list, I know better. Hopefully, I can redirect them to use something below their real domain for Active Directory such as ad.example.org. FWIW: MS now advises not to use .local for internal AD anymore. They suggest you use your owned/registered namespace to prevent domain collisions. http://support.microsoft.com/kb/909264 Generally, we recommend that you register DNS names for internal and external namespaces with an Internet registrar... Registering your DNS name with an Internet registrar may help prevent a name collision. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
-Original Message- From: Jeremy P jpcra...@gmail.com Date: Wednesday, May 8, 2013 1:33 PM To: Steven Carr sjc...@gmail.com Cc: bind-users bind-users@lists.isc.org Subject: Re: architecture question I understand letter of the law, spirit of the law and playing it safe to avoid headaches. However, there are times where registering a real domain just isn't practical. For example, I'm not going to ask all of the students in my courses to go out and register a .com for the semester. It would be a waste of money as their systems never leave the local network, except through a NAT connection. So in those types of instances, I'm assuming .lan or .test are safest? I've seen .lan before, and .test should certainly suffice for student use. http://tools.ietf.org/html/rfc2606 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
You could also make a sub domain of your main domain and use that for all students, unless of course the purpose is to teach how to set this up. slight ironyI have used .home my self, now I would take something that nobody would ever think of using in the real world, in old days I did consider .xxx, that is now a whole other thing than just something odd. Generally you may want to consider the new options for people to make actual TLDs to be their company name. At the start of the course, you could make a draw among the students and use the selected persons first name, that any coming thing like mdsn would use that is not very likely. It also draws attention to the significance of those letters./slight irony On 08/05/13 19:33, Jeremy P wrote: I understand letter of the law, spirit of the law and playing it safe to avoid headaches. However, there are times where registering a real domain just isn't practical. For example, I'm not going to ask all of the students in my courses to go out and register a .com for the semester. It would be a waste of money as their systems never leave the local network, except through a NAT connection. So in those types of instances, I'm assuming .lan or .test are safest? On Wed, May 8, 2013 at 11:20 AM, Steven Carr sjc...@gmail.com mailto:sjc...@gmail.com wrote: On 8 May 2013 18:09, wbr...@e1b.org mailto:wbr...@e1b.org wrote: This just came up with a site I support. Thanks to this list and the DNS-OARC list, I know better. Hopefully, I can redirect them to use something below their real domain for Active Directory such as ad.example.org http://ad.example.org. FWIW: MS now advises not to use .local for internal AD anymore. They suggest you use your owned/registered namespace to prevent domain collisions. http://support.microsoft.com/kb/909264 Generally, we recommend that you register DNS names for internal and external namespaces with an Internet registrar... Registering your DNS name with an Internet registrar may help prevent a name collision. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org mailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Mailing list reply-to setting
On 2013-05-08, Steven Carr sjc...@gmail.com sent: Any chance someone can correct the settings on this mailing list to reply to the list by default instead of the user posting the message? I'd argue the settings are already correct. Having the mailing list software rewrite the Reply-to line causes information to be lost, and can make it difficult to reply to the original poster of a message. Mail-Followup-To is more appropriate for replying to the mailing list. See: http://cr.yp.to/proto/replyto.html -- Chip Marshall c...@2bithacker.net http://2bithacker.net/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
On 2013.05.08 13.20, Steven Carr wrote: On 8 May 2013 18:09, wbr...@e1b.org wrote: This just came up with a site I support. Thanks to this list and the DNS-OARC list, I know better. Hopefully, I can redirect them to use something below their real domain for Active Directory such as ad.example.org. FWIW: MS now advises not to use .local for internal AD anymore. They suggest you use your owned/registered namespace to prevent domain collisions. http://support.microsoft.com/kb/909264 Generally, we recommend that you register DNS names for internal and external namespaces with an Internet registrar... Registering your DNS name with an Internet registrar may help prevent a name collision. it's also mildly humorous that they used to quite religiously endorse .local, in some documents even categorizing use of the same domain name on an internal and external network as a security risk. -ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Stalling slave transfers
On 5/8/13 12:25 PM, Cathy Almond wrote: On 08/05/13 08:26, Tom Sommer wrote: Hi, I have a problem with one of 3 slave servers, all set up the exact same way, with the exact same bind version and configuration. One slave has a problem transfering zones from the master. The logfiles are flooded with received notify for zone .. refresh in progress, refresh check queued lines and rndc status returns a constant high number of soa queries in progress. After a few hours the zones are transfers, so the connection to the master is working, but there is a major delay. I tried resetting the slave and transfering ALL slave zones again, which worked fine instantly. The problem still appeared again after a few hours though. The master has three network-paths, one on external IP, one on internal IP and one on IPv6. All 3 paths work fine, because the transfers happen after an hour or so. There is no hints in the master's log. The other two slaves are running perfectly, no errors or delays what so ever. Bind version 9.9.2-P2 (recently upgraded to). Any hints would be appreciated, as I feel like I've exhausted most options. Thank you. Have a look at this KB article (you'll need to register to view - but registration is open to all): https://kb.isc.org/article/AA-00726/30/Tuning-your-BIND-configuration-effectively-for-zone-transfers-particularly-with-many-frequently-updated-zones.html Also - and this isn't covered in that article (yet) - if you're using views, then use-alt-transfer-source defaults to 'yes'. You might want to set it explicitly to 'no' or to define alt-transfer-source and/or alt-transfer-source-v6. Thank you, great resource. I think I solved it with raising serial-query-limit, it's just odd that it's not required on the other two servers. Another issue has arisen now though, the logfile is filled with lots of named[5596]: zone example.com/IN: refresh: failure trying master 1.2.3.4#53 (source 0.0.0.0#0): operation canceled But if I do a dig example.com @1.2.3.4 it's working just fine. Same server as with the previous issue. Any thoughts? Thank you. // Tom ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Stalling slave transfers
On 5/8/13 8:15 PM, Tom Sommer wrote: Another issue has arisen now though, the logfile is filled with lots of named[5596]: zone example.com/IN: refresh: failure trying master 1.2.3.4#53 (source 0.0.0.0#0): operation canceled and named[5596]: zone example.com/IN: refresh: retry limit for master 1.2.3.4#53 exceeded (source 0.0.0.0#0) // Tom ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I personally use localdomain. I'm not sure how safe it is, but I use it at home so it probably doesn't matter. On 05/08/2013 01:47 PM, Steven Carr wrote: You could ask your institution for a subdomain to be reserved from their domain? .lan isn't AFAIK reserved for anything or in the process of being considered by ICANN. .test is reserved and will never be advertised on the internet (as are .example, .invalid and .localhost) On 8 May 2013 18:33, Jeremy P jpcra...@gmail.com wrote: I understand letter of the law, spirit of the law and playing it safe to avoid headaches. However, there are times where registering a real domain just isn't practical. For example, I'm not going to ask all of the students in my courses to go out and register a .com for the semester. It would be a waste of money as their systems never leave the local network, except through a NAT connection. So in those types of instances, I'm assuming .lan or .test are safest? On Wed, May 8, 2013 at 11:20 AM, Steven Carr sjc...@gmail.com wrote: On 8 May 2013 18:09, wbr...@e1b.org wrote: This just came up with a site I support. Thanks to this list and the DNS-OARC list, I know better. Hopefully, I can redirect them to use something below their real domain for Active Directory such as ad.example.org. FWIW: MS now advises not to use .local for internal AD anymore. They suggest you use your owned/registered namespace to prevent domain collisions. http://support.microsoft.com/kb/909264 Generally, we recommend that you register DNS names for internal and external namespaces with an Internet registrar... Registering your DNS name with an Internet registrar may help prevent a name collision. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users - -- - _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$| |__| | | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlGKl7EACgkQmb+gadEcsb4dJwCg2sJl6x8gteSR/rt+6CIp7wK8 iycAoLt+BiL/gWptUEWNBIzaIOHFZMd6 =4y/9 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
On 2013.05.08 13.33, Jeremy P wrote: I understand letter of the law, spirit of the law and playing it safe to avoid headaches. However, there are times where registering a real domain just isn't practical. For example, I'm not going to ask all of the students in my courses to go out and register a .com for the semester. It would be a waste of money as their systems never leave the local network, except through a NAT connection. So in those types of instances, I'm assuming .lan or .test are safest? well, the thing is, in reality, there is almost *never* not an actual domain name [or subdomain] which is applicable. surely the organization has a domain name, within which there is plenty of latitude for various subdomains, to accommodate a given need. that's kind of the whole entire point of how dns was designed to begin with. even if formally sanctioned subdomains aren't available [e.g. non-technical issues], there's nothing at all stopping you from unilaterally inventing your own pretend subdomain to use for such things [effectively just the same as you'd do by inventing your own pretend tld - but without the potential for upstream collision]. doing that involves little more than a modicum of effort towards avoiding collisions with other existing [or potentially existing] subdomains, but that's of course relatively trivial. not only that, in an environment in which the goal is presumably instruction and learning, what better approach to take than actual particip ation in namespace? all of that being said, i think you'll find the unspoken [and quite informal] consensus is that either the .site or .internal tld are tolerable for such use - but to reiterate my soliloquy above - why bother, when you probably don't need to? -ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Mailing list reply-to setting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/08/2013 01:28 PM, wbr...@e1b.org wrote: From: Steven Carr sjc...@gmail.com Any chance someone can correct the settings on this mailing list to reply to the list by default instead of the user posting the message? Why, Are the settings wrong? I have used and later run lists for years, and supported Listserv(tm) servers for others for most of those years. There is no right or wrong for the reply settings. It's really a personal preference of the list owner as to how replies should be handled. If the message should go back to the list, use reply all. That's supported by all the major mail clients. Subject tagging is another preference item - no right or wrong. I have my mail client filter on the sender moving list traffic into the appropriate folder. Works just as well as filtering on the tag. My personal preference is to have subject tagging, and I know of no other list where it's not on. Reply-To: my understanding is that the way this list set up is the correct way to have the list set up. There are reply-to-list options in most decent mail clients that can handle this. - -- - _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$| |__| | | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlGKnCAACgkQmb+gadEcsb6KHwCfVxQfOY41XVxF3KAO4BAjX/U5 T6UAn06xQqwKTZF4j3qe6FBMCUJDuq26 =cVwP -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
Jeremy P jpcra...@gmail.com wrote: I will switch to something more out there in the future. I take it that .lan is safe? Don't use .lan either - it is very popular with malware and is likely to get you blacklisted. Use a real domain. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND Configuration
Hello all, I was wondering if someone could me out. I am using Bind 9.2 on a Redhat Linux server. We have two ISPS on separate networks Lets call them A and B. My Linux Server can listen on A's Network as well as B's network. I'm using fictitious IPs and names A 111.111.111.1 B 555.555.555.1 Secondary A 111.111.222.1 Redhat Bind Bind is listening on both IP addresses and we have a secondary server at 111.111.222.1 If A the ISP has a backbone router problem how can I get people trying to get to our web servers to use B's network? I have been think of different ways to do this, but have come up empty. Our network is really simple I just want to be able to use diverse ISPS in case we lose one we still have the other. Can anyone help me out. Any help appreciated. Thanks. == This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to which it is addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and delete this e-mail from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
Years ago we decided to create a private TLD of .campus What we did was make all our caching nameservers also be authoritative for this private TLD. And, this worksexcept for delegated subdomains, which are handled through using forwarding zones. later when the needed to be able to get real certificates for the systems, we went to split DNS -- for a number of subdomains, with .campus becoming campus.ksu.edu -- which has caused all sorts of problems... When we went split, all the names in .campus were copied over (minus their subdomain). And, it was decided that no more new hosts in .campus (except for the subdomains delegated to ADS - ads.campus users.campus - and the subdomin for network devices - net.campus) Used to be iso systems were in the as.ksu.edu subdomain, so later then got hosts in the as.campus subdomainbut shortly after the creating of .campus, we went to functional hostnaming servers used to have theme names, like hawkeye, radar, klingeror eagle, hawk, falcon this switched to iso-xxx type names. So iso-xxx.as.campus became iso-xxx.campus.ksu.edu We tried to make .campus go away, (which would've helped the search problem, since as.campus, cc.campus, foo.campus would compress into just campus.ksu.edu), but there are systems that would require the application to be reinstalled from scratch to make the change. Just like there's no more cns department, but our netbackup server was installed with a cns subdomain name. And, just about every resolv.conf has 6 entries in its search. Something about Oracle stuff needs search to have all the subdomains in it. So, along will come a request to add another entry to search (the big reason is the upgrades from Oracle 10 to 11 and needing those CRS ipswhich can't be in the same .campus domain as the rest of the system so need to add new subdomain to the list. Somebody will see cns.ksu.edu and say that hasn't been around for yearsremove that. And, then suddenly Oracle RMAN backups start failing - Original Message - I am building a lab environment where there are several separate domains, all of them ending in .local I've setup a server for the .local TLD, but I'm undecided (or perhaps ignorant) as to the best way to have the individual domains (domain1.local, domain2.local, etc) refer to the local zone on my TLD server. Currently I've also created a root server and set the root hints on domain1.local's dns server to refer to it. This works for local resolution, but this means that domain1.local can't perform Internet lookups. Thanks for any help, Jeremy ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator For: Enterprise Server Technologies (EST) -- SafeZone Ally Snail: Computing and Telecommunications Services (CTS) Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102 Phone: (785) 532-4916 - Fax: (785) 532-3515 - Email: lkc...@ksu.edu Web: http://www-personal.ksu.edu/~lkchen - Where: 11 Hale Library ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND Configuration
You will need to have some form of automation in place to update the DNS zone to change the IP address which should now be accessed when one of the links goes down. You will also need to ensure you have a low TTL value on the records you want to update on link change so that the records are refreshed quickly. On 8 May 2013 20:40, Ward, Mike S mw...@ssfcu.org wrote: Hello all, I was wondering if someone could me out. I am using Bind 9.2 on a Redhat Linux server. We have two ISPS on separate networks Lets call them A and B. My Linux Server can listen on A's Network as well as B's network. I'm using fictitious IPs and names A 111.111.111.1 B 555.555.555.1 Secondary A 111.111.222.1 Redhat Bind Bind is listening on both IP addresses and we have a secondary server at 111.111.222.1 If A the ISP has a backbone router problem how can I get people trying to get to our web servers to use B's network? I have been think of different ways to do this, but have come up empty. Our network is really simple I just want to be able to use diverse ISPS in case we lose one we still have the other. Can anyone help me out. Any help appreciated. Thanks. == This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to which it is addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and delete this e-mail from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND Configuration
I believe your major point is the routing tables because they determine how the response is trying to get out. On 08/05/13 22:22, Steven Carr wrote: You will need to have some form of automation in place to update the DNS zone to change the IP address which should now be accessed when one of the links goes down. You will also need to ensure you have a low TTL value on the records you want to update on link change so that the records are refreshed quickly. On 8 May 2013 20:40, Ward, Mike S mw...@ssfcu.org wrote: Hello all, I was wondering if someone could me out. I am using Bind 9.2 on a Redhat Linux server. We have two ISPS on separate networks Lets call them A and B. My Linux Server can listen on A's Network as well as B's network. I'm using fictitious IPs and names A 111.111.111.1 B 555.555.555.1 Secondary A 111.111.222.1 Redhat Bind Bind is listening on both IP addresses and we have a secondary server at 111.111.222.1 If A the ISP has a backbone router problem how can I get people trying to get to our web servers to use B's network? I have been think of different ways to do this, but have come up empty. Our network is really simple I just want to be able to use diverse ISPS in case we lose one we still have the other. Can anyone help me out. Any help appreciated. Thanks. == This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to which it is addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this message by mistake and delete this e-mail from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
It would be a waste of money as their systems never leave the local network, except through a NAT connection. Godaddy is selling .coms for $0.99 right now (US/Canada). In the spirit of an educational setting, it might be a viable exercise for students to understand how easy and affordable it is to establish a legitimate digital entity. On Wed, May 8, 2013 at 1:33 PM, Jeremy P jpcra...@gmail.com wrote: I understand letter of the law, spirit of the law and playing it safe to avoid headaches. However, there are times where registering a real domain just isn't practical. For example, I'm not going to ask all of the students in my courses to go out and register a .com for the semester. It would be a waste of money as their systems never leave the local network, except through a NAT connection. So in those types of instances, I'm assuming .lan or .test are safest? On Wed, May 8, 2013 at 11:20 AM, Steven Carr sjc...@gmail.com wrote: On 8 May 2013 18:09, wbr...@e1b.org wrote: This just came up with a site I support. Thanks to this list and the DNS-OARC list, I know better. Hopefully, I can redirect them to use something below their real domain for Active Directory such as ad.example.org. FWIW: MS now advises not to use .local for internal AD anymore. They suggest you use your owned/registered namespace to prevent domain collisions. http://support.microsoft.com/kb/909264 Generally, we recommend that you register DNS names for internal and external namespaces with an Internet registrar... Registering your DNS name with an Internet registrar may help prevent a name collision. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND Configuration
That's kind of how we do our DR... I have things scripted so that every update to our zone, results two versions of the zone file...the master server signs the first one and does its usual notifies, then the master signs the second and its scp'd to secondaries in another network. In the event we lose our connectivitywe can direct the remote slave to take over with with the alternate signed zone file. So that our main web presence will resolve to servers at our DR site.which we don't yet have :) - Original Message - You will need to have some form of automation in place to update the DNS zone to change the IP address which should now be accessed when one of the links goes down. You will also need to ensure you have a low TTL value on the records you want to update on link change so that the records are refreshed quickly. On 8 May 2013 20:40, Ward, Mike S mw...@ssfcu.org wrote: Hello all, I was wondering if someone could me out. I am using Bind 9.2 on a Redhat Linux server. We have two ISPS on separate networks Lets call them A and B. My Linux Server can listen on A's Network as well as B's network. I'm using fictitious IPs and names A 111.111.111.1 B 555.555.555.1 Secondary A 111.111.222.1 Redhat Bind Bind is listening on both IP addresses and we have a secondary server at 111.111.222.1 If A the ISP has a backbone router problem how can I get people trying to get to our web servers to use B's network? I have been think of different ways to do this, but have come up empty. Our network is really simple I just want to be able to use diverse ISPS in case we lose one we still have the other. Can anyone help me out. Any help appreciated. Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
-Original Message- From: Jonathan Reed cronst...@gmail.com Date: Wednesday, May 8, 2013 4:38 PM To: Jeremy P jpcra...@gmail.com Cc: bind-users bind-users@lists.isc.org Subject: Re: architecture question It would be a waste of money as their systems never leave the local network, except through a NAT connection. Godaddy is selling .coms for $0.99 right now (US/Canada). In the spirit of an educational setting, it might be a viable exercise for students to understand how easy and affordable it is to establish a legitimate digital entity. The spirit of education is often saving money based on a former life as a lab tech. While cheap, the proposal to just go register a real one! seems good for $registrar, but potentially bad for the Internet (will we end up with a bunch of garbage domains that are never used again, and might actually want to be used by someone else, but will then be squatted when they expire? yada yada), and better suited for business vs school networks. Also, I had a digital entity long before entering a college setting. I suspect kids these days are even more likely to have similar. If real is the answer, maybe most students wouldn't have to do anything at all. I really think a lab experiment would be fine using local TLDs, but I guess it's impossible to really know how valid some of the concerns are unless we sit through the class or see the course material. :-) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Mailing list reply-to setting
Any chance someone can correct the settings on this mailing list to reply to the list by default instead of the user posting the message? This is a religious argument. Please, leave it alone. And, If I might add, adding a tag to the subject like [bind-users] would be extremely nice. It's twelve years after RFC 2919 and people are still using mail software that can't filter on List-ID? Aw, come on. In gmail, it takes about 15 seconds to add a rule to apply a label to mail with a particular list-ID. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
On 2013-05-08 13:50, Mike Hoskins (michoski) wrote: The spirit of education is often saving money based on a former life as a lab tech. While cheap, the proposal to just go register a real one! seems good for $registrar, but potentially bad for the Internet (will we end up with a bunch of garbage domains that are never used again, and might actually want to be used by someone else, but will then be squatted when they expire? yada yada), and better suited for business vs school networks. Also, I had a digital entity long before entering a college setting. I suspect kids these days are even more likely to have similar. If real is the answer, maybe most students wouldn't have to do anything at all. I really think a lab experiment would be fine using local TLDs, but I guess it's impossible to really know how valid some of the concerns are unless we sit through the class or see the course material. :-) A reasonable compromise might be a single domain purchased for use in course, with students using subdomains. This would cover a best-of-all-worlds, including internal and external considerations. It would also let the students' environments talk to each other, if this is desirable (and if the teacher adds appropriate DNS records, and the students configure properly) This is the approach my girlfriend used with a WordPress course she taught since one of the goals was to allow students to experiment and play from home and it worked well, but it would just as well with NS delegations. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Mailing list reply-to setting
On Wed, 2013-05-08 at 13:59 -0400, Chip Marshall wrote: On 2013-05-08, Steven Carr sjc...@gmail.com sent: Any chance someone can correct the settings on this mailing list to reply to the list by default instead of the user posting the message? I'd argue the settings are already correct. Having the mailing list software rewrite the Reply-to line causes information to be lost, and can make it difficult to reply to the original poster of a message. I argue different, If I post on a list, I want anyone replying to my list post, to also be on list, and same expectation for others posting on list, ie, if you post on list like now, you replies should go on list, unless you (or I) specifically ask for off-list replies. If I want direct, I'll be bad and scrape the list and mail you all direct :) POC: This email address is for lists only, it is not my personal address, anything not put in its appropriate mailing list folder is placed in z_lists direct not my inbox, now I am a member of some 37 mailing lists, of which 26 are active non-new/announce types, so the z_lists direct folder named deliberately to sit at the bottom may not be noticed, and frankly I don't always bother checking it for days, given 99% of the posts in it ends up being spam that gets passed our anti-spam rules - years of lists web archiving see's to that. attachment: face-smile.png signature.asc Description: This is a digitally signed message part ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Mailing list reply-to setting
On Wed, 2013-05-08 at 13:59 -0400, Chip Marshall wrote: On 2013-05-08, Steven Carr sjc...@gmail.com sent: Any chance someone can correct the settings on this mailing list to reply to the list by default instead of the user posting the message? I'd argue the settings are already correct. Having the mailing list software rewrite the Reply-to line causes information to be lost, and can make it difficult to reply to the original poster of a message. Mail-Followup-To is more appropriate for replying to the mailing list. See: http://cr.yp.to/proto/replyto.html And just because DJB says it, doesn't make it so, it is just his opinion, and one only needs look at his track history to know that. signature.asc Description: This is a digitally signed message part ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Mailing list reply-to setting
On 5/8/13 9:43 AM, Carlos M. martinez wrote: Agreed, but, subject tagging is very useful for those who prefer to have things hit your inbox first, before archiving. And there seems to be a lot more agreement on the tagging issue than on the reply to. Unless your mail setup is extremely restricted in what it can filter on, you have several choices of header which can be used by an automated filter to detect and classify appropriately according to list. Personally I have procmail file bind-users traffic based on the List-Id: header, but I realize you may be in a different environment with different tools available.) List-Id: BIND Users Mailing List bind-users.lists.isc.org Michael McNally ISC Support ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Mailing list reply-to setting
On 5/8/2013 23:53, Michael McNally wrote: On 5/8/13 9:43 AM, Carlos M. martinez wrote: Agreed, but, subject tagging is very useful for those who prefer to have things hit your inbox first, before archiving. And there seems to be a lot more agreement on the tagging issue than on the reply to. Unless your mail setup is extremely restricted in what it can filter on, you have several choices of header which can be used by an automated filter to detect and classify appropriately according to list. Personally I have procmail file bind-users traffic based on the List-Id: header, but I realize you may be in a different environment with different tools available.) List-Id: BIND Users Mailing List bind-users.lists.isc.org Michael McNally ISC Support I use Sieve, this is my filter syntax for bind-users: if header :contains list-id bind-users.lists.isc.org { fileinto INBOX/ML/bind-users; stop; } Works with any other list that uses the list-id header. -- staticsafe O ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post - http://goo.gl/YrmAb Don't CC me! I'm subscribed to whatever list I just posted on. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
On 5/8/13 9:33 AM, Jeremy P wrote: However, there are times where registering a real domain just isn't practical. For example, I'm not going to ask all of the students in my courses to go out and register a .com for the semester. It would be a waste of money as their systems never leave the local network, except through a NAT connection. So in those types of instances, I'm assuming .lan or .test are safest? The flip side of this is that whatever you teach them they are going to take out into the wider world with them. If you teach them to use .local or .lan, some of them (at least) are going to continue using .local or .lan long after your class is over, at least until they run into enough problems to frustrate them into something more compatible with current practice. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: architecture question
On 2013-05-08 20:58, Michael McNally wrote: The flip side of this is that whatever you teach them they are going to take out into the wider world with them. If you teach them to use .local or .lan, some of them (at least) are going to continue using .local or .lan long after your class is over, at least until they run into enough problems to frustrate them into something more compatible with current practice. I made the same mistake many moons ago and I'm still stuck with it. I wish I'd known better. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users