Re: Default Outgoing Policy
What is the best course of action? I want to allow TCP and UDP for packets that do not already have a policy. Thanks --Original Message-- From: fw+misc Listmanager To: (Recipients of 'fw+misc' suppressed) ReplyTo: Miscellaneous Configuration Settings Sent: Apr 6, 2009 5:14 PM Subject: Default Outgoing Policy From: Bruce Briggs (bruce.bri...@gmail.com mailto:bruce.bri...@gmail.com ) Yes, but if the Outgoing Policy ends up with a higher precedence than the TCP-UDP policy, then the Outgoing Policy will be used to allow out TCP packets which are not allowed out by a higher precedent policy. --- To reply:fw+misc.107...@forum.watchguard.com mailto:fw+misc.107...@forum.watchguard.com?subject=default Outgoing Policy To start a new topic:fw+m...@forum.watchguard.com mailto:fw+m...@forum.watchguard.com To view discussion: http://www.watchguard.com/forum/?boardID=Firewareaction=9read=23885fid=52 http://www.watchguard.com/forum/?boardID=Firewareaction=9read=23885fid=52 To (un)subscribe:fw+misc.list-requ...@forum.watchguard.com mailto:fw+misc.list-requ...@forum.watchguard.com __ John D. Vo System-Network Administrator j...@eagle.net ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Default Outgoing Policy
Oops. Sorry. Plz ignore last post. __ John D. Vo System-Network Administrator j...@eagle.net -Original Message- From: John D. Vo j...@eagle.net Date: Mon, 6 Apr 2009 21:26:07 To: bind-users@lists.isc.org Subject: Re: Default Outgoing Policy What is the best course of action? I want to allow TCP and UDP for packets that do not already have a policy. Thanks --Original Message-- From: fw+misc Listmanager To: (Recipients of 'fw+misc' suppressed) ReplyTo: Miscellaneous Configuration Settings Sent: Apr 6, 2009 5:14 PM Subject: Default Outgoing Policy From: Bruce Briggs (bruce.bri...@gmail.com mailto:bruce.bri...@gmail.com ) Yes, but if the Outgoing Policy ends up with a higher precedence than the TCP-UDP policy, then the Outgoing Policy will be used to allow out TCP packets which are not allowed out by a higher precedent policy. --- To reply:fw+misc.107...@forum.watchguard.com mailto:fw+misc.107...@forum.watchguard.com?subject=default Outgoing Policy To start a new topic:fw+m...@forum.watchguard.com mailto:fw+m...@forum.watchguard.com To view discussion: http://www.watchguard.com/forum/?boardID=Firewareaction=9read=23885fid=52 http://www.watchguard.com/forum/?boardID=Firewareaction=9read=23885fid=52 To (un)subscribe:fw+misc.list-requ...@forum.watchguard.com mailto:fw+misc.list-requ...@forum.watchguard.com __ John D. Vo System-Network Administrator j...@eagle.net ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
DNS Appliance
Anyone has experience (good or bad) with a dns appliance? Bluecatnetwork infoblox infoweapons.. Thanks. -- Best Regards, John D. Vo Eagle Teleconferencing Services, Inc. Network-System Administrator j...@eagle.net Office: (212) 200-2000 Ext. 105 Cell: (212) 200-3016 --- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS Appliance
I am running Bind on two Solaris servers. It's pretty much command line, old school. I can see some GUI with Webmin but that's probably not as pretty as the appliances. My boss wants visibility so I'm looking. eh. meh. :) Thanks. Gainey, Joe (AT - Atlanta) wrote: blue cat Adonis/XMB provide a great GUI interfaces for dns power users with enough intuitive widgets for dns novices. they have been fairly stable and easy to manage and their support has been knowledgeable. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of John D. Vo Sent: Wednesday, March 25, 2009 11:41 AM To: bind-users@lists.isc.org Subject: DNS Appliance Anyone has experience (good or bad) with a dns appliance? Bluecatnetwork infoblox infoweapons.. Thanks. -- Best Regards, John D. Vo Eagle Teleconferencing Services, Inc. Network-System Administrator j...@eagle.net Office: (212) 200-2000 Ext. 105 Cell: (212) 200-3016 --- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS Appliance
Or they only have one or two support engineers..h :) Steve Lancaster wrote: [In a message on Wed, 25 Mar 2009 11:45:47 EDT, ""Eric C. Davis"" wrote:] Infoblox user: Love them. Support is fantastic. I can name actual support engineers. Is the fact that you can name support engineers a good thing or are you spending too much time talking to them? :-) Steve Lancaster -- ---- Best Regards, John D. Vo Eagle Teleconferencing Services, Inc. Network-System Administrator j...@eagle.net Office: (212) 200-2000 Ext. 105 Cell: (212) 200-3016 --- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Make changes en mass
Greetings: According to http://thednsreport.com, my expire time for my zones are too short (recommended 2-4 weeks) and my SOA record is not good. Is there a tool that I can use to make changes to all my zones in one swoop? Thanks, Solaris/Bind 9.2.2. (yes, it is ancient) -- Best Regards, John D. Vo Eagle Teleconferencing Services, Inc. Network-System Administrator j...@eagle.net Office: (212) 200-2000 Ext. 105 Cell: (212) 200-3016 --- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Make changes en mass [done]
I used WinSCP and just select a bunch of files and edit command and copy/paste the good' settings into the zone files. -Thanks. -John John D. Vo wrote: Greetings: According to http://thednsreport.com, my expire time for my zones are too short (recommended 2-4 weeks) and my SOA record is not good. Is there a tool that I can use to make changes to all my zones in one swoop? Thanks, Solaris/Bind 9.2.2. (yes, it is ancient) -- Best Regards, John D. Vo Eagle Teleconferencing Services, Inc. Network-System Administrator j...@eagle.net Office: (212) 200-2000 Ext. 105 Cell: (212) 200-3016 --- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
ACL ?
Greetings: Trying to implement acl in my named.conf... for Bind 9.2.2 acl eagle { 192.168.1.0/24; localhost; }; But when I issued an reload, I got: Mar 23 08:55:39 ns1 named[13578]: [ID 866145 daemon.error] /etc/named.conf:2: unknown option 'acl' Mar 23 08:55:39 ns1 named[13578]: [ID 866145 daemon.error] reloading configuration failed: failure Help? Thanks. -- Best Regards, John D. Vo Eagle Teleconferencing Services, Inc. Network-System Administrator j...@eagle.net Office: (212) 200-2000 Ext. 105 Cell: (212) 200-3016 --- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ACL ?
Worked like a charm. Thanks. -John Alan Clegg wrote: John D. Vo wrote: Greetings: Trying to implement acl in my named.conf... for Bind 9.2.2 acl eagle { 192.168.1.0/24; localhost; }; But when I issued an reload, I got: Mar 23 08:55:39 ns1 named[13578]: [ID 866145 daemon.error] /etc/named.conf:2: unknown option 'acl' Mar 23 08:55:39 ns1 named[13578]: [ID 866145 daemon.error] reloading configuration failed: failure Move the ACL out of the options { } stanza. AlanC -- Best Regards, John D. Vo Eagle Teleconferencing Services, Inc. Network-System Administrator j...@eagle.net Office: (212) 200-2000 Ext. 105 Cell: (212) 200-3016 --- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
zone transfer from slave to master not working
Greetings fellow bind users: We have two name servers: ns1, ns2. We have domain name: let's say abc.com Management decided to have a dns hosting company hosts that domain. LOL. Now they want to move that domain back to the ns1, ns2. ($$) I have changed the dns entries at the registrar to point to ns1, ns2. Now when I tried to do a zone transfer from ns2 to get the record from ns1 it does not work. I think because ns1 is still not yet authoritative for abc.com My questions: 1. If ns1 is not authoritative for abc.com, ns2 cannot do a zone transfer from ns1, correct? please confirm. 2. If yes on number 1, then WHY? Thank you. -John. -- Best Regards, John D. Vo Eagle Teleconferencing Services, Inc. Network-System Administrator j...@eagle.net Office: (212) 200-2000 Ext. 105 Cell: (212) 200-3016 --- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: number of zones not matching
Yes, Todd. 9.2.2. Todd Snyder wrote: I had to do this a couple times lately .. this is the simplest way I've found. It's not elegant or nifty, but it works. on the master: grep zone named.conf | awk '{print $2} | sort master.zones on the slave: grep zone named.conf | awk '{print $2} | sort slave.zones get the files on the same system and diff them. Are they both running the same version of BIND? -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of John D. Vo Sent: Friday, March 20, 2009 3:15 PM To: bind-users@lists.isc.org Subject: number of zones not matching Greetings: My master name server says it has 102 zones but my slave says it has 98. Without going through each and compare one with another, is there an easier way to see what's missing on the slave? Thanks. -- Best Regards, John D. Vo Eagle Teleconferencing Services, Inc. Network-System Administrator j...@eagle.net Office: (212) 200-2000 Ext. 105 Cell: (212) 200-3016 --- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users - This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. -- Best Regards, John D. Vo Eagle Teleconferencing Services, Inc. Network-System Administrator j...@eagle.net Office: (212) 200-2000 Ext. 105 Cell: (212) 200-3016 --- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: number of zones not matching
Hi Todd: Thank you for those magical commands. Works better than printing them out and crossing one by one with a pen. Think the problem was some of the domains I created on master(see my previous post) did not get transferred to the slave hence the mismatch. I just reloaded on the master and saw a bunch of stuff going to the slave so I must be doing something right. The number of zones now matched. Thanks, -John. Todd Snyder wrote: I know at some point in the recent past, BIND started loading RFC1918 zones, which can increase the zone count, even though they don't show up in named.conf. That caused me 5 minutes of wtf before I remembered. I think it was well after 9.2.2, so I'm guessing you should be safe. t. -Original Message- From: John D. Vo [mailto:j...@eagle.net] Sent: Friday, March 20, 2009 3:27 PM To: Todd Snyder Cc: bind-users@lists.isc.org Subject: Re: number of zones not matching Yes, Todd. 9.2.2. Todd Snyder wrote: I had to do this a couple times lately .. this is the simplest way I've found. It's not elegant or nifty, but it works. on the master: grep zone named.conf | awk '{print $2} | sort master.zones on the slave: grep zone named.conf | awk '{print $2} | sort slave.zones get the files on the same system and diff them. Are they both running the same version of BIND? -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of John D. Vo Sent: Friday, March 20, 2009 3:15 PM To: bind-users@lists.isc.org Subject: number of zones not matching Greetings: My master name server says it has 102 zones but my slave says it has 98. Without going through each and compare one with another, is there an easier way to see what's missing on the slave? Thanks. -- Best Regards, John D. Vo Eagle Teleconferencing Services, Inc. Network-System Administrator j...@eagle.net Office: (212) 200-2000 Ext. 105 Cell: (212) 200-3016 --- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users - This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. -- Best Regards, John D. Vo Eagle Teleconferencing Services, Inc. Network-System Administrator j...@eagle.net Office: (212) 200-2000 Ext. 105 Cell: (212) 200-3016 --- - This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. -- Best Regards, John D. Vo Eagle Teleconferencing Services, Inc. Network-System Administrator j...@eagle.net Office: (212) 200-2000 Ext. 105 Cell: (212) 200-3016 --- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users