Unexpected change in notify log format?
Folks, We'd had a discussion back in February (Bind query log format) about the perils of changes to the log formats. Just got bit by an earlier change used for logging notify messages. Had to run some regression tests. Looks like it occurred between 9.9.8 and 9.9.9: FROM: 24-Aug-2017 12:14:33 notify: info: client 10.10.10.10#27069: received notify for zone 'example.com' TO: 24-Aug-2017 12:55:31 notify: info: client @0x1bdcf300 10.10.10.10#56633: received notify for zone 'example.com' Wasn't noticed till recently when a utility script started failing. Field counting to find the zone name and the extra field caused it to run off the tracks... I did try some 'due diligence' and checked release notes for 9.9.9. Couldn't find anything, but might have missed it. In any case, especially in a large organization, I doubt it would have been noted by the original script writer Not sure if we had a consensus on this and balancing ISC developer's desires to give us good service and quick debug of issues (which we much appreciate!) and end user desires to keep things stable. How about: 1. Any future log format changes should attempt to add additional fields at the END of the existing message. 2. A debug-level mask option in the named.conf to activate a change in a log format. Best regards! John Murtari ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Need DNS records help for single server (and IP), and multi-domain mail server.
On Thu, Aug 24, 2017 at 03:17 Matus UHLAR - fantomaswrote: ... > I suggest > - replace X.TLD. with "@" (BIND uses this as current origin) > > the result is: > > @ IN A 142.54.186.2 > @ IN MX 10 mail.example.com. > @ IN TXT "v=spf1 mx -all" Thanks, Matus. -Tom ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Need DNS records help for single server (and IP), and multi-domain mail server.
On 23.08.17 19:28, Tom Browder wrote: I have a single remote server with one IP address (142.54.186.2) I am using it to host multiple, independent domains. I am working on configuring a single postfix instance to serve mail for all domains (assuming I can successfully rewrite appropriate parts of mail in and out). From referring to "DNS and BIND" and previous discusssions here and on the postfix users list I have re-examined my domain DNS records to see if I can cover my requirements more easily. Given such a configuration described in the first paragraph, does the following set of DNS records for a domain look look appropriate: # For each domain X.TLD: X.TLD. INA 142.54.186.2. *.X.TLD.IN CNAME X.TLD. X.TLD. INMX 10 142.54.186.2. X.TLD. INTXT "v=spf1 mx -all" as other suggested: - get rid of the wildcard whenever possible - get rid of the trailing dot in A record - point MX to canonical name of theserver I suggest - replace X.TLD. with "@" (BIND uses this as current origin) the result is: @ IN A 142.54.186.2 @ IN MX 10 mail.example.com. @ IN TXT "v=spf1 mx -all" -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Need DNS records help for single server (and IP), and multi-domain mail server.
Am 24.08.2017 um 04:57 schrieb Grant Taylor: On 08/23/2017 07:50 PM, Reindl Harald wrote: which means again: additional dns lookups while ip-adresses and ranges are done with a single lookup Yes, it does mean additional lookups, which there are a finite number of. besides it's not true because SPF has nothing to do with PTR and they won't get https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS how is that related to the topic at all? It's my understanding that some SPF implementations will do a reverse DNS lookup on the connecting IP and test the name from the PTR record against the SPF record of the purported sending domain. that's not the job of SPF at all and at least no sane implementation talkin g about mailservers and DNS is using just the PTR without verify it against the A-recrd *because* you can't froge both but you may control the PTR records of a random network like we do for our public /24 Thus the ability for Evil Spammer to arrange for the PTR record of their server to return a name that is allowed via SPF but again: SPF is not about dns names ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Need DNS records help for single server (and IP), and multi-domain mail server.
Am 24.08.2017 um 04:26 schrieb John Levine: This has nothing to do with BIND, but anyway. In articleyou write: I would personally try to use -all for new domains from the word go. Only if you want your mail to mysteriously disappear. There are a lot of perfectly legitimate ways to send and route mail that SPF cannot describe. Unless your name is Paypal or you are otherwise a giant phish target, -all is not want you want sorry but that is FUD we are hosting some hundret domains and have for *every* domain -all over *8 years* while the peak of hosted addresses was 25000 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users