Compiling BIND with DLS drivers.
Hello. I am trying to compile DLZ drivers with --with-dlopen=yes so no DLZ is compiled statically in bind. But there is a problem if I compile bind with --prefix=/opt/bind9 . The Makefiles of DLZ's does not have options to specify this path. Only manual editing of the Makefiles can do the trick. It will be nice to have options or environment variables to specify. Also there is no dinamycaly DLZ driver for postgres along with others. Why? -- Mimiko desu. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Re: AIX and 9.9.5 compiling
On 09-May-14 14:53, Alan Clegg wrote: > I do, but I don't have "early access", so other than a brief "yep, it > works", I can't get it into the README. 8-) I'm glad that you make that effort. I was responding to Jeremy's solicitation for suggestions on what should be done more officially/thoroughly. (Including routine builds during development.) Including ARM - native and cross-compiled - would support parts of the community that don't get much attention (nor make much noise.) Embedded and cross-architecture compilers. Timothe Litt ACM Distinguished Engineer -- This communication may not represent the ACM or my employer's views, if any, on the matters discussed. This communication may not represent my employer's views, if any, on the matters discussed. On 09-May-14 14:53, Alan Clegg wrote: > On 5/9/14, 2:06 PM, Timothe Litt wrote: >>> If you have a suggestion for an important or popular OS version I should >>> add to our build farm, please let me know why. >> I have one suggestion: get a Raspberry PI and build/run on it (the >> usual OS is Debian - 'Raspbian', but people run a variety of others.) > I do, but I don't have "early access", so other than a brief "yep, it > works", I can't get it into the README. 8-) > > > AlanC > smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Point domain name of my zone to name in somebody else's zone?
On 05/08/14 02:01, Dave Warren wrote: > On 2014-05-07 15:54, Lawrence K. Chen, P.Eng. wrote: > >> Though it was just a minor delayfor them to revert back to the old site, >> until they migrated their email accounts to the CNAME site as well > > You still can't CNAME the APEX of a zone even if you do migrate your email > accounts to the CNAME site as you can't have a CNAME and SOA/NS records at the > same level. > You're quoting out of context.I wasn't talking about CNAME for my APEX, but CNAME for somebody's host...they used to do their own website, while using our central email service. But asking to change their hostname to be a CNAME to an outside web hosting provider...kind of broke their email until they moved to using the web hosting's email service. Don't know if they moved their accounts there, or just defined aliases up there to send it back to our system on our side I had virtusertable entries to map the store email addresses to their real accounts, though we switched email providers recently...and I recently heard rumblings that some subdomains wanting to use google apps to solve the problems they're having with our email provider. Which is easier for those that have their subdomains delegated to themthough I haven't been told that I need to stop fulfilling requests to add verification strings for other department subdomains -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bin 9.10 verbose logging
In message <1399664632.4864.59.ca...@ns.five-ten-sg.com>, Carl Byington writes: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Sat, 2014-05-03 at 14:28 -0500, Jeremy C. Reed wrote: > > "We didn't get a OPT record in response to a EDNS query." and also > > says "We need to drop/remove the logging here when we have more > > experience." > > Is there a sample dig query that can reproduce this? I see such a > message in my log files regarding domain of interest to me. > > For the OP's question, presumably something like > > dig dns2.osogrande.com @207.66.8.132 +? Modern versions of DiG turn on EDNS by default. +[no]edns[=version] +[no]dnssec (implies +edns) If there is a OPT record in the response you will see something like this: ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 or ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; NSID: 72 6f 63 6b 2e 64 76 2e 69 73 63 2e 6f 72 67 ("rock.dv.isc.org") ; SIT: 8cd65ccfb9f282d53599db62536d5c39ec27d9c7420ccbbe (good) ; EXPIRE: 2389987 (3 weeks 6 days 15 hours 53 minutes 7 seconds) If you turn on some of the EDNS options (+sit +nsid +expire) in the request. +sit(source identity token) provides 64 additional bits of randomness to make of path spoofing virtually impossible to achieve. It also provides a method for servers to know they are talking to a client that have talked to before so they don't need to rate limit responses (uses a experimental code point). +nsid (name server identifier) +expire how long to go before the zone expires (code point 9 has been assigned for this, 9.10.0 uses a experimental code point and will be changed in 9.10.1 to the assigned code point). Mark > -BEGIN PGP SIGNATURE- > Version: GnuPG v2.0.14 (GNU/Linux) > > iEYEARECAAYFAlNtL94ACgkQL6j7milTFsGZ2wCfccgyulUODofPfOr1vG98U8t+ > ujYAnjdsOnfTFsJVDeHqycRoKLkT5o/G > =8OIw > -END PGP SIGNATURE- > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Point domain name of my zone to name in somebody else's zone?
On 05/07/14 23:32, Barry Margolin wrote: > In article , > "Lawrence K. Chen, P.Eng." wrote: > >> Oh...I misread the questionguess DNAME isn't what's wanted >> >> just the apex to somewhere else >> >> Yeah...I currently just look up the name and enter A records. But, I've >> wondered if there was another record type that allowed it to detect address >> changes of the requested 'CNAME'so I wouldn't have to. Especially, if >> the >> requested 'CNAME' is a name that is known to change its IP... > > Have the apex point to your own webserver, and have it send an HTTP > redirect to www.domain.com, which is CNAMEd to the third party domain. > I mentioned that option...but it doesn't work so well for https://example.com (except maybe if they gave me their certthough I have limited IPs - though the new appliance supposedly does SNI...) >> Either that...or come up with a way to script it. > > That's what we did when I was at Akamai. Their custom DNS servers have > an option to resolve the domain apex by looking up another name and > returning its IP. > -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Point domain name of my zone to name in somebody else's zone?
On 5/8/2014 5:13 PM, John Levine wrote: DNSMadeEasy calls this an "ANAME" record, internally they just lookup the destination's IP and cache it, updating it as needed. It works, but it would be nice if this could be done in DNS. Sadly, it can't, and probably won't in our lifetimes. I do a similar thing in my DNS crudware, a pseudo-entry in the zone, every time the background update script runs, it does A and lookups and puts the results in the real zone, bumping the SOA serial if the result changed since last time. It's a crock, but one that we all seem to want. I suppose we could invent something like an ANAME (that's A and name), that worked like a restricted CNAME and does an indirect lookup only for A or requests. Or overimplement it with a bitmap of the RR types to indirect for. Or, a bitmap of the RR types to *not* indirect for, which a) often if not usually will be a shorter list (even in the zone apex case, you have 2 exclusions -- NS and SOA -- and typically 2 or more of A//MX/SPF/TXT as inclusions, potentially even more if the zone is DNSSEC-signed), and b) would automatically cover new RR types as they are defined As an implementation detail, zone-loading logic could, if desired, *automatically* set these bits based on what other record types with the same owner name are explicitly defined in the zone file (on the reasonable assumption that a data owner wouldn't explicitly define an RRset in a zone file, only to have it be "hidden" forever by an indirection record with the same owner name). Of course, it's one thing to dream up a new RR type, quite another thing to get it standardized via the IETF and then change the installed base to actually recognize and use it. Also, during the (presumably long) transition period, you'd have to use EDNS0 signalling or something similar so that a server knows whether a client understands the new record type or not. If the client doesn't understand the new type, you need a fallback mechanism to cough up usable terminal-node records "the old-fashioned way". - Kevin ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multi-master (HA)
On 5/9/2014 3:01 PM, John Wobus wrote: ...if anyone has specific thoughts on how to make this sort of thing easier in BIND -- even just at the level of "boy, it irritates me that I can't make BIND do " -- such comments will fall on welcoming ears. I agree that it would be nice if effort were made into making flipping masters straight-forward, i.e., not require a change to every zone declaration and not force the operator to deal with zone files that suddenly need to switch between binary and ascii. (There may be good ways to do this now that I'm unaware of.) Where is the line drawn these days between DNS management protocols and provisioning protocols? Because, I've long thought the idea of feeding a config (i.e. the contents of a named.conf file) to a "named" instance via "rndc" would be an easy and secure way of quickly reconfiguring it to a different role (e.g. from master to slave, or _vice_versa_, for a whole bunch of views/zones in one fell swoop). Since the config is in a very regular, structured format, I'm sure some sort of encoding and/or compression could be employed to make the actual data transfer size fairly compact. The only big gotcha that comes to mind here is if the named.conf is segmented via include files with different access privileges (e.g. not letting key definitions be world-readable), that segmentation/protection would need to be preserved on the receiving side. - Kevin ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bin 9.10 verbose logging
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 2014-05-03 at 14:28 -0500, Jeremy C. Reed wrote: > "We didn't get a OPT record in response to a EDNS query." and also > says "We need to drop/remove the logging here when we have more > experience." Is there a sample dig query that can reproduce this? I see such a message in my log files regarding domain of interest to me. For the OP's question, presumably something like dig dns2.osogrande.com @207.66.8.132 +? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAlNtL94ACgkQL6j7milTFsGZ2wCfccgyulUODofPfOr1vG98U8t+ ujYAnjdsOnfTFsJVDeHqycRoKLkT5o/G =8OIw -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multi-master (HA)
...if anyone has specific thoughts on how to make this sort of thing easier in BIND -- even just at the level of "boy, it irritates me that I can't make BIND do " -- such comments will fall on welcoming ears. I agree that it would be nice if effort were made into making flipping masters straight-forward, i.e., not require a change to every zone declaration and not force the operator to deal with zone files that suddenly need to switch between binary and ascii. (There may be good ways to do this now that I'm unaware of.) (I've wondered why bind doesn't simply write an ascii copy of the zone file in addition to the binary copy.) Running multiple dynamic-dns masters would be absolutely fantastic except of course when it didn't work. Seems like a reason to have multiple masters is to handle the case where some are unreachable, in which case keeping them in synch becomes interesting. If the main point is to eliminate single points of failure, a "three masters with quorum" system might serve the purpose. I like the idea of configuring zone information in a zone, and think it would be fun to be on the team brainstorming how to guard against sneaky config attacks. John Wobus Cornell University IT ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AIX and 9.9.5 compiling
On 5/9/14, 2:06 PM, Timothe Litt wrote: >> If you have a suggestion for an important or popular OS version I should >> add to our build farm, please let me know why. > I have one suggestion: get a Raspberry PI and build/run on it (the > usual OS is Debian - 'Raspbian', but people run a variety of others.) I do, but I don't have "early access", so other than a brief "yep, it works", I can't get it into the README. 8-) AlanC signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Point domain name of my zone to name in somebody else's zone?
On 5/9/2014 6:59 AM, Tony Finch wrote: Dave Warren wrote: On 2014-05-08 15:09, Mark Andrews wrote: But that does not help when you want a MX record at the apex or some other record at the apex. I'd argue that it does -- Since the record is now CNAME'd, the MX record is now under the control of the destination of the CNAME record and MX records can still be set. Unfortunately CNAME-pointing-at-MX is an interop disaster area owing to different MTA's differing opinions about whether it makes sense to rewrite email addresses in this situation. Avoid. I actually think that MX records were a boneheaded thing to do, had email started using SRV records in the first place we might be in a position now where using SRV records is the defacto standard if not the actual standard for all services. (No offense to the folks that made MX records happen, I realize that in historical context it was the correct decision and it solved the very immediate problem -- I'm just saying that in an ideal world, SRV records instead of MX records would solved the same problem in a more generic fashion, and would have pushed us to a better place for other protocols) It is interesting to look at the old RFCs and see how many false starts it took to get to the MX design. Mail was the first heavily virtualized application so I think their failure to generalize was forgivable, especially since they were also dealing with the massive problem of gatewaying between dozens of balkanized mail networks. http://stuff.mit.edu/afs/athena/reference/net-directory/documents/JANET-Mail-Gateways.ps Indeed. Hindsight is 20/20. Mail was the "killer app" for the early Internet, and providing a way to route it over the Internet, with automatic load-balancing and failover, was a major achievement. Sure, the IETF could have spent a few more years coming up with a "generic" way to do things, throwing in -- as SRV eventually did -- port reassignment, weighting and namespace semantics, but how much would that delay have stunted the growth of the nascent technology? Maybe it would have resulted in OSI/X.400 surpassing SMTP as the predominant mail transport, and we'd all be *miserable*. - Kevin ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Answer for a specific host, but recurse for all others within a zone
On 09/05/2014 18:47, Jon Fullmer wrote: (Sorry, let's try that again WITHOUT "smart quotes":) Yeaaahhh that did not work out so well: Content-Type: text/plain; charset="big5" Your apostrophes ended up being a chinese character, CJK UNIFIED IDEOGRAPH-6613 according to Python's unicodedata. Maybe try a better mail client ;o) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Re: AIX and 9.9.5 compiling
> If you have a suggestion for an important or popular OS version I should > add to our build farm, please let me know why. I have one suggestion: get a Raspberry PI and build/run on it (the usual OS is Debian - 'Raspbian', but people run a variety of others.) Why: I don't run bind on RPI, but I do run bind on similar embedded ARM systems. The RPI is cheap (functional system with a HDD for ~$120 US), it's ARM-based, and it's disk and memory limited. Besides all the scale-up machines (zillions of zones, many GB of memory & disk) that you hear about, you do have scale-down customers. ARM-based systems are built native compile, and cross-compiled (typically from x86). So for a very small investment, you could validate ARM, cross-compilation and small-memory environments. (Yes, I know you do some in-family cross-compiles for Sun, but x86-ARM guarantees that compile-time checks - especially in configure - don't work unless they're validated. Well, *nothing* works unless it's validated, but this in particular!) I'm glad to see that big-endian is represented (by HPUX) - many embedded systems oriented toward network servers run big-endian to avoid byte-swapping. Why embedded systems? Well, for large home/small office environments, one can often squeeze bind (and dhcp & ntp) into a (jailbroken) router or network storage box. More than the cost of the box, there's the maintenance issue - or lack of one. These tend to run themselves. And they don't use much power, so a fairly inexpensive UPS will keep router, modem, phone up for many hours. I ported bind to optware many years ago for this. And no, I'm not suggesting that bind should be run on your favorite smartphone... Timothe Litt ACM Distinguished Engineer -- This communication may not represent the ACM or my employer's views, if any, on the matters discussed. > Currently, some of the systems that we automatically build and run > various tests on include: > > FreeBSD 4.11 i386 > FreeBSD 6.3 i386 > FreeBSD 8.4 i386 > FreeBSD 10.0-CURRENT i386 > Fedora 18 Linux 3.8.1-201.fc18.x86_64 x86_64 > Fedora 19 Linux 3.11.6-200.fc19.x86_64 x86_64 > HPUX B11.11 HPPA2.0w (HP 9000/800) > MacOSX 10.6.6 Darwin 10.8.0 x86_64 > NetBSD 5.2 i386 > NetBSD 6.0 i386 > NetBSD 6.0.2 amd64 > Solaris 10 SunOS 5.10 sun4u sparc SUNW,Sun-Fire-V240 > Solaris 10 SunOS 5.10 sun4u sparc SUNW,UltraAX-i2 > Solaris 11 SunOS 5.11 i86pc i386 > Ubuntu 13.10 Linux 3.11.0-15-generic x86_64 > > The developers also use a variety of other systems like FreeBSD > 9.1-RELEASE-p4 amd64, Mac OS 10.8.4 and 10.8.5, Ubuntu Linux 13.04, > Fedora 19 Linux, NetBSD 6, and others, but they may have newer versions > than these. There are also some Windows build systems with VS2005, > VS2008, VS2010express, VS2010, and VS2012 (and maybe others). > > I was also doing automated builds on OpenBSD, Debian, and Ubuntu LTS, > but need to replace the server. Also our AIX machine crashed. > > If you have a suggestion for an important or popular OS version I should > add to our build farm, please let me know why. Thanks > smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Answer for a specific host, but recurse for all others within a zone
(Sorry, let's try that again WITHOUT "smart quotes":) Rich, you and Barry both touched on my original tactic. I can define "something.xyz.com" as a master zone with a single entry. The problem, as you pointed out, is that this doesn't catch "www.something.xyz.com". Unfortunately, the "www" section will have any number of random hosts, so putting manually entries will be impractical. I'm intrigued by the RPZ option. I'm not familiar with it. I realize that it's only available in 9.8.1 and above (which will require me to upgrade; I'm using 9.7.3). I've been scouring the Net for examples, but they're typically targeted to one of RPZ's main purposes (spam blacklisting, etc.). IF I易m following the config right, let易s say that the local server in my example is 10.1.2.3: named.conf options { response-policy { "something.xyz.com"; }; }; zone "something.xyz.com" { type master; file "something.xyz.com.db"; }; something.xyz.com.db $TTL 900 @IN SOA soa.xyz.com. hostmaster.xyz.com. 0001 900 900 604800 30 IN NS localhost. @IN A 10.1.2.3 *IN CNAME . end Is this right? I guess the trick I'm trying to sort out is how to tell the zone file to "recurse, if not explicitly 'something.xyz.com'." What else am I leaving out? - Jon On 5/8/14, 10:05 PM, "Rich Goodson" wrote: >On your resolver, create a zone called >something.xyz.com >and only have one entry, an A record for the zone itself. something like >this:---begin something.xyz.com zonefile--- >something.xyz.com. in soa ns1.abc.com. hostmaster.abc.com. ( >2014050901 >3H >300 >2W >3600 ) >something.xyz.com. in ns ns1.abc.com. >something.xyz.com. in ns ns2.abc.com. >something.xyz.com. in a 192.168.100.15 >---end something.xyz.com zonefile--- > >This will still allow www.xyz.com and mail.xyz.com to resolve, but will >NOT >recurse for www.something.xyz.com. If you want that to resolve, you'll >have to >add that to the zone as well, as you're claiming authority for >something.xyz.com and everything "to the left" of that as well. > >It just occurred to me that you could also provide a local answer for a >single >name with RPZ, which would give the benefit of continuing to recurse for >www.something.xyz.com. > >-Rich > > > >On May 9, 2014, at 1:15 AM, fullme...@ldschurch.org wrote: > >> Does anyone know how I might configure bind to answer for a specific >>host within the zone, but perform a recursive lookup for the rest of the >>zone? >> >> For example, given the domain "xyz.com", how might I configure a local >>DNS server to reslove "something.xyz.com" to, maybe, a local server, but >>still allow "Wwww.xyz.com", "mail.xyz.com" and "www.something.xyz.com" >>to still recursively resolve? >> >> Is there a way? >> >> - Jon >> ___ >> Please visit >>https://urldefense.proofpoint.com/v1/url?u=https://lists.isc.org/mailman/ >>listinfo/bind-users&k=wlPCrglRP6kzT4RbABWMaw%3D%3D%0A&r=Ba5TSsfIG%2FGaAmY >>ncsVzcofx4V7vYqn9mL8OSu2ZU3A%3D%0A&m=uVzLIfZgMUTetuqtnP9GK6Ddz3XeGsxjEeZZ >>TlkIicI%3D%0A&s=639cc9d4a7f3a72cde94ea93443c8a9f748a5b3f0323cb447ecb57163 >>a95980c to unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> >>https://urldefense.proofpoint.com/v1/url?u=https://lists.isc.org/mailman/ >>listinfo/bind-users&k=wlPCrglRP6kzT4RbABWMaw%3D%3D%0A&r=Ba5TSsfIG%2FGaAmY >>ncsVzcofx4V7vYqn9mL8OSu2ZU3A%3D%0A&m=uVzLIfZgMUTetuqtnP9GK6Ddz3XeGsxjEeZZ >>TlkIicI%3D%0A&s=639cc9d4a7f3a72cde94ea93443c8a9f748a5b3f0323cb447ecb57163 >>a95980c >> > NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Answer for a specific host, but recurse for all others within a zone
Rich, you and Barry both touched on my original tactic. I can define ³something.xyz.com² as a master zone with a single entry. The problem, as you pointed out, is that this doesn¹t catch ³www.something.xyz.com². Unfortunately, the ³www² section will have any number of random hosts, so putting manually entries will be impractical. I¹m intrigued by the RPZ option. I¹m not familiar with it. I realize that it¹s only available in 9.8.1 and above (which will require me to upgrade; I¹m using 9.7.3). I¹ve been scouring the Net for examples, but they¹re typically targeted to one of RPZ¹s main purposes (spam blacklisting, etc.). IF I¹m following the config right, let¹s say that the local server in my example is 10.1.2.3: named.conf options { response-policy { ³something.xyz.com²; }; }; zone ³something.xyz.com² { type master; file ³something.xyz.com.db²; }; something.xyz.com.db $TTL 900 @IN SOA soa.xyz.com. hostmaster.xyz.com. 0001 900 900 604800 30 IN NS localhost. @IN A 10.1.2.3 *IN CNAME . end Is this right? I guess the trick I¹m trying to sort out is how to tell the zone file to ³recurse, if not explicitly Œsomething.xyz.com¹.² What else am I leaving out? - Jon On 5/8/14, 10:05 PM, "Rich Goodson" wrote: >On your resolver, create a zone called >something.xyz.com >and only have one entry, an A record for the zone itself. something like >this:---begin something.xyz.com zonefile--- >something.xyz.com. in soa ns1.abc.com. hostmaster.abc.com. ( >2014050901 >3H >300 >2W >3600 ) >something.xyz.com. in ns ns1.abc.com. >something.xyz.com. in ns ns2.abc.com. >something.xyz.com. in a 192.168.100.15 >---end something.xyz.com zonefile--- > >This will still allow www.xyz.com and mail.xyz.com to resolve, but will >NOT >recurse for www.something.xyz.com. If you want that to resolve, you'll >have to >add that to the zone as well, as you're claiming authority for >something.xyz.com and everything "to the left" of that as well. > >It just occurred to me that you could also provide a local answer for a >single >name with RPZ, which would give the benefit of continuing to recurse for >www.something.xyz.com. > >-Rich > > > >On May 9, 2014, at 1:15 AM, fullme...@ldschurch.org wrote: > >> Does anyone know how I might configure bind to answer for a specific >>host within the zone, but perform a recursive lookup for the rest of the >>zone? >> >> For example, given the domain "xyz.com", how might I configure a local >>DNS server to reslove "something.xyz.com" to, maybe, a local server, but >>still allow "Wwww.xyz.com", "mail.xyz.com" and "www.something.xyz.com" >>to still recursively resolve? >> >> Is there a way? >> >> - Jon >> ___ >> Please visit >>https://urldefense.proofpoint.com/v1/url?u=https://lists.isc.org/mailman/ >>listinfo/bind-users&k=wlPCrglRP6kzT4RbABWMaw%3D%3D%0A&r=Ba5TSsfIG%2FGaAmY >>ncsVzcofx4V7vYqn9mL8OSu2ZU3A%3D%0A&m=uVzLIfZgMUTetuqtnP9GK6Ddz3XeGsxjEeZZ >>TlkIicI%3D%0A&s=639cc9d4a7f3a72cde94ea93443c8a9f748a5b3f0323cb447ecb57163 >>a95980c to unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> >>https://urldefense.proofpoint.com/v1/url?u=https://lists.isc.org/mailman/ >>listinfo/bind-users&k=wlPCrglRP6kzT4RbABWMaw%3D%3D%0A&r=Ba5TSsfIG%2FGaAmY >>ncsVzcofx4V7vYqn9mL8OSu2ZU3A%3D%0A&m=uVzLIfZgMUTetuqtnP9GK6Ddz3XeGsxjEeZZ >>TlkIicI%3D%0A&s=639cc9d4a7f3a72cde94ea93443c8a9f748a5b3f0323cb447ecb57163 >>a95980c >> > NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
R: Bind 9.10 64 bit
Thanks for your reply. Regards Giovanni Paterno -Messaggio originale- Da: Mark Andrews [mailto:ma...@isc.org] Inviato: venerdì 9 maggio 2014 17.46 A: Giovanni Paterno' Cc: bind-users@lists.isc.org Oggetto: Re: Bind 9.10 64 bit In message , Giovanni Paterno' writes: > O.S. Windows 2008 R2 64 bit. Up to now I have used Bind 32 bit, now I > see t= hat a 64 bit version is available. > Should I move to 64 bit version ? If yes is there any how to doc ? > > Giovanni Paterno Uninstall the 32 bit version preserving data. Install the 64 bit version. 9.10.0 changes the default install location so you may want to move your data across. x86: CSIDL_PROGRAM_FILESX86 x64: CSIDL_PROGRAM_FILES -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind 9.10 64 bit
In message , Giovanni Paterno' writes: > O.S. Windows 2008 R2 64 bit. Up to now I have used Bind 32 bit, now I see t= > hat a 64 bit version is available. > Should I move to 64 bit version ? If yes is there any how to doc ? > > Giovanni Paterno Uninstall the 32 bit version preserving data. Install the 64 bit version. 9.10.0 changes the default install location so you may want to move your data across. x86: CSIDL_PROGRAM_FILESX86 x64: CSIDL_PROGRAM_FILES -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind 9.10 64 bit
O.S. Windows 2008 R2 64 bit. Up to now I have used Bind 32 bit, now I see that a 64 bit version is available. Should I move to 64 bit version ? If yes is there any how to doc ? Giovanni Paterno ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AIX and 9.9.5 compiling
Thank you all for your quick response I do appreciate it!! Regards, Ed On Fri, May 9, 2014 at 6:48 AM, Fajar A. Nugraha wrote: > On Fri, May 9, 2014 at 5:36 PM, Tony Finch wrote: > > > > Edward DeLargy wrote: > > > > > I just want to verify that 9.9.5 can be compiled in AIX > > > > The README says: > > > > Building > > > > BIND 9 currently requires a UNIX system with an ANSI C compiler, > > basic POSIX support, and a 64 bit integer type. > > > > We've had successful builds and tests on the following systems: > ... > > Fedora Core 6 > ... > > Ubuntu 7.04, 7.10 > > Wow. Fedora core 6 and Ubuntu 7.04? I wonder if anybody is actually > still using those. Makes you wonder just how often the README was > updated :) > > -- > Fajar > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AIX and 9.9.5 compiling
Currently, some of the systems that we automatically build and run various tests on include: FreeBSD 4.11 i386 FreeBSD 6.3 i386 FreeBSD 8.4 i386 FreeBSD 10.0-CURRENT i386 Fedora 18 Linux 3.8.1-201.fc18.x86_64 x86_64 Fedora 19 Linux 3.11.6-200.fc19.x86_64 x86_64 HPUX B11.11 HPPA2.0w (HP 9000/800) MacOSX 10.6.6 Darwin 10.8.0 x86_64 NetBSD 5.2 i386 NetBSD 6.0 i386 NetBSD 6.0.2 amd64 Solaris 10 SunOS 5.10 sun4u sparc SUNW,Sun-Fire-V240 Solaris 10 SunOS 5.10 sun4u sparc SUNW,UltraAX-i2 Solaris 11 SunOS 5.11 i86pc i386 Ubuntu 13.10 Linux 3.11.0-15-generic x86_64 The developers also use a variety of other systems like FreeBSD 9.1-RELEASE-p4 amd64, Mac OS 10.8.4 and 10.8.5, Ubuntu Linux 13.04, Fedora 19 Linux, NetBSD 6, and others, but they may have newer versions than these. There are also some Windows build systems with VS2005, VS2008, VS2010express, VS2010, and VS2012 (and maybe others). I was also doing automated builds on OpenBSD, Debian, and Ubuntu LTS, but need to replace the server. Also our AIX machine crashed. If you have a suggestion for an important or popular OS version I should add to our build farm, please let me know why. Thanks ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AIX and 9.9.5 compiling
Edward DeLargy wrote: > I just want to verify that 9.9.5 can be compiled in AIX On Fri, May 9, 2014 at 5:36 PM, Tony Finch wrote: The README says: We've had successful builds and tests on the following systems: ... Fedora Core 6 ... Ubuntu 7.04, 7.10 On 09.05.14 17:48, Fajar A. Nugraha wrote: Wow. Fedora core 6 and Ubuntu 7.04? I wonder if anybody is actually still using those. Makes you wonder just how often the README was updated :) yes, there are many people who will only understand when "and later" will be added... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. On the other hand, you have different fingers. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AIX and 9.9.5 compiling
Thank you! I figured that but given some of the oddities of six wasn't sure. Regards, Ed Sent from my iPhone > On May 9, 2014, at 6:36 AM, Tony Finch wrote: > > Edward DeLargy wrote: > >> I just want to verify that 9.9.5 can be compiled in AIX > > The README says: > > Building > >BIND 9 currently requires a UNIX system with an ANSI C compiler, >basic POSIX support, and a 64 bit integer type. > >We've had successful builds and tests on the following systems: > >COMPAQ Tru64 UNIX 5.1B >Fedora Core 6 >FreeBSD 4.10, 5.2.1, 6.2 >HP-UX 11.11 >Mac OS X 10.5 >NetBSD 3.x, 4.0-beta, 5.0-beta >OpenBSD 3.3 and up >Solaris 8, 9, 9 (x86), 10 >Ubuntu 7.04, 7.10 >Windows XP/2003/2008 > >NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of >Windows, including Windows NT and Windows 2000, are no longer >supported. > >We have recent reports from the user community that a supported >version of BIND will build and run on the following systems: > >AIX 4.3, 5L >CentOS 4, 4.5, 5 >Darwin 9.0.0d1/ARM >Debian 4, 5, 6 >Fedora Core 5, 7, 8 >FreeBSD 6, 7, 8 >HP-UX 11.23 PA >MacOS X 10.5, 10.6, 10.7 >Red Hat Enterprise Linux 4, 5, 6 >SCO OpenServer 5.0.6 >Slackware 9, 10 >SuSE 9, 10 > > Tony. > -- > f.anthony.n.finchhttp://dotat.at/ > Biscay, South FitzRoy: Westerly 4 or 5, backing southwesterly 5 to 7, except > in south. Moderate, occasionally rough in north. Occasional rain. Good, > occasionally poor. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: AIX and 9.9.5 compiling
I’ve been building bind on AIX for years with no problems. I’ve had successful builds of 9.9.5 with both GCC and XLC. Tedd From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Edward DeLargy Sent: Thursday, May 08, 2014 2:40 PM To: bind-users@lists.isc.org Subject: AIX and 9.9.5 compiling Good Afternoon, I just want to verify that 9.9.5 can be compiled in AIX with the binaries provided in the download the same you would compile in RHEL or SLES. I do understand that libraries have to be correct but want to be sure the BIND download works in AIX. Regards, Ed This e-mail and any attachments are intended only for the named recipient(s) and may contain information that is legally privileged, confidential, or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), you may not retain copy or use this e-mail or any attachment for any purpose or disclose all or any part of the contents to any other person. Any such dissemination, distribution or copying of this e-mail or its attachments is strictly prohibited. If you are not the intended recipient, please immediately notify the sender and permanently delete this e-mail and any attachment from your computer. This e-mail and any attachments are intended only for the named recipient(s) and may contain information that is legally privileged, confidential, or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), you may not retain copy or use this e-mail or any attachment for any purpose or disclose all or any part of the contents to any other person. Any such dissemination, distribution or copying of this e-mail or its attachments is strictly prohibited. If you are not the intended recipient, please immediately notify the sender and permanently delete this e-mail and any attachment from your computer. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Point domain name of my zone to name in somebody else's zone?
Dave Warren wrote: > On 2014-05-08 15:09, Mark Andrews wrote: > > But that does not help when you want a MX record at the apex or > > some other record at the apex. > > I'd argue that it does -- Since the record is now CNAME'd, the MX record is > now under the control of the destination of the CNAME record and MX records > can still be set. Unfortunately CNAME-pointing-at-MX is an interop disaster area owing to different MTA's differing opinions about whether it makes sense to rewrite email addresses in this situation. Avoid. > I actually think that MX records were a boneheaded thing to do, had email > started using SRV records in the first place we might be in a position now > where using SRV records is the defacto standard if not the actual standard for > all services. (No offense to the folks that made MX records happen, I realize > that in historical context it was the correct decision and it solved the very > immediate problem -- I'm just saying that in an ideal world, SRV records > instead of MX records would solved the same problem in a more generic fashion, > and would have pushed us to a better place for other protocols) It is interesting to look at the old RFCs and see how many false starts it took to get to the MX design. Mail was the first heavily virtualized application so I think their failure to generalize was forgivable, especially since they were also dealing with the massive problem of gatewaying between dozens of balkanized mail networks. http://stuff.mit.edu/afs/athena/reference/net-directory/documents/JANET-Mail-Gateways.ps Tony. -- f.anthony.n.finchhttp://dotat.at/ Trafalgar: Northerly 5 to 7, but mainly 4 in northwest. Moderate or rough. Mainly fair. Good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AIX and 9.9.5 compiling
On Fri, May 9, 2014 at 5:36 PM, Tony Finch wrote: > > Edward DeLargy wrote: > > > I just want to verify that 9.9.5 can be compiled in AIX > > The README says: > > Building > > BIND 9 currently requires a UNIX system with an ANSI C compiler, > basic POSIX support, and a 64 bit integer type. > > We've had successful builds and tests on the following systems: ... > Fedora Core 6 ... > Ubuntu 7.04, 7.10 Wow. Fedora core 6 and Ubuntu 7.04? I wonder if anybody is actually still using those. Makes you wonder just how often the README was updated :) -- Fajar ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AIX and 9.9.5 compiling
Edward DeLargy wrote: > I just want to verify that 9.9.5 can be compiled in AIX The README says: Building BIND 9 currently requires a UNIX system with an ANSI C compiler, basic POSIX support, and a 64 bit integer type. We've had successful builds and tests on the following systems: COMPAQ Tru64 UNIX 5.1B Fedora Core 6 FreeBSD 4.10, 5.2.1, 6.2 HP-UX 11.11 Mac OS X 10.5 NetBSD 3.x, 4.0-beta, 5.0-beta OpenBSD 3.3 and up Solaris 8, 9, 9 (x86), 10 Ubuntu 7.04, 7.10 Windows XP/2003/2008 NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of Windows, including Windows NT and Windows 2000, are no longer supported. We have recent reports from the user community that a supported version of BIND will build and run on the following systems: AIX 4.3, 5L CentOS 4, 4.5, 5 Darwin 9.0.0d1/ARM Debian 4, 5, 6 Fedora Core 5, 7, 8 FreeBSD 6, 7, 8 HP-UX 11.23 PA MacOS X 10.5, 10.6, 10.7 Red Hat Enterprise Linux 4, 5, 6 SCO OpenServer 5.0.6 Slackware 9, 10 SuSE 9, 10 Tony. -- f.anthony.n.finchhttp://dotat.at/ Biscay, South FitzRoy: Westerly 4 or 5, backing southwesterly 5 to 7, except in south. Moderate, occasionally rough in north. Occasional rain. Good, occasionally poor. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Slave zone intermittently not refreshing
Mart van de Wege wrote: > > > A lot of the refresh failure logging happens at debug level 1 so you can > > get more details by running `rndc trace 1`. > > Is there a way to filter that after setting it? Not without altering the server's logging configuration. Something like the following, perhaps. logging { category default { default_syslog; }; category general { default_debug; }; }; Tony. -- f.anthony.n.finchhttp://dotat.at/ Viking, North Utsire, South Utsire, Northeast Forties: Variable 4 in North Utsire, otherwise southeasterly 5 or 6. Slight or moderate. Showers. Good, occasionally poor. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users