Re: DoH credentials

2024-03-25 Thread Marco Moock 
Am 25.03.2024 um 17:09:43 Uhr schrieb Julien Salort:

> Because I am using an Apache proxy, bind9 sees the incoming requests
> as localhost, so allows all recursive requests from anybody.
> 
> Does it mean that credentials have to be implemented by the webserver
> ?

Yes, if you want to have a reverse proxy, this is a way to use auth.

If you don't want to have an open resolver, you have to control that at
the apache side.

-- 
Gruß
Marco

Send unsolicited bulk mail to 1711382983mu...@cartoonies.org
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: record PTR

2024-03-14 Thread Marco Moock 
Am 14.03.2024 schrieb sami.ra...@sofrecom.com:

> Hello, please, I want to know if I need to delegate a range of IP
> addresses to my authoritative DNS server with my registrar before
> creating a PTR record or not. In other words, if I want to create a
> PTR record on my authoritative server (ns1.mydomain.com) for
> mail.mydomain.com pointing to 41.226.22.50, should the range
> 41.226.22.0/24 be delegated to my authoritative DNS server
> ns1.mydomain.com?

The reverse zone for your net/IP needs to be delegated, nothing more.
That needs to be done by your ISP because not by your domain registrar.

If you only want to set some PTRs in your address range, the range will
be delegated and you only set the PTRs you need.
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND Upgrade

2024-02-15 Thread Marco Moock 
Am 15.02.2024 schrieb Semra Türkkal Nazlımoğlu
:

> Our bind version seems below. How can we upgrade bind version?

It comes from the OS you are using.
Upgrade to the current RHEL release.
If you prefer bleeding-edge versions, use Fedora instead.

> And if we upgrade bind version, is there any problem?

Install the new OS in a virtual machine and try running BIND there with
your configuration/zones and check for any errors.
In most cases, the upgrade works without any problems.
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: [Windows] [9.16.45] Missing IPv4 DNS prevents tools from working

2024-01-08 Thread Marco Moock 
Am 09.01.2024 um 01:41:46 Uhr schrieb Gentry Deng via bind-users:

> Due to an accident my local network is missing IPv4 DNS but has IPv6
> DNS so it has little impact on accessing the internet.
> 
> But I found that neither `dig `nor `nslookup` worked, and reported an
> error:

Windows Linux subsystem?

Does it have an IPv6 address?

Run ip a or ifconfig inside it.
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: unable-resolve-bank=domain

2023-12-17 Thread Marco Moock 
Am 17.12.2023 um 10:21:05 Uhr schrieb MEjaz via bind-users:

> One of the banking domain www.services.online-banking.gslb.sabbnet.com
>   unable to
> resolve with  our primary namservers 212.119.64.2 whearas as my
> another server 212.119.64.3 is ok

Problem at their side:

gslb.sabbnet.com.   7200IN  NS  ns3.sabb.com.
gslb.sabbnet.com.   7200IN  NS  ns4.sabb.com.
;; Received 161 bytes from 108.59.173.0#53(ns21.hsbc.uk) in 67 ms

;; communications error to 37.76.254.149#53: timed out
;; communications error to 37.76.254.149#53: timed out
;; communications error to 37.76.254.149#53: timed out
www.services.online-banking.gslb.sabbnet.com. 900 IN A 193.27.7.78
;; Received 89 bytes from 193.27.7.38#53(ns3.sabb.com) in 119 ms

ns4.sabb.com. is unreachable and one of your resolvers picks that first.
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How do I debug if the queries are not getting resolved?

2023-12-11 Thread Marco Moock 
Am 11.12.2023 um 23:37:36 Uhr schrieb Blason R:

> I require assistance in troubleshooting the resolution issue for
> specific domains that are not being resolved properly. The version of
> BIND I am currently using is BIND 9.18.20-1.

First, tell us if those queries are authoritative on that server or not.

Try using dig and post the output here.
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

automatic reverse and forwarding zones

2022-10-27 Thread Marco Moock 
Hello,

how do ISPs automatically create the reverse and forwaring zones for
their customers IP pools?

For example one of their clients has the IP 2001:db::3.

Its reverse zone
3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.d.0.0.1.0.0.2.ip6.arpa
includes a PTR pointing to
3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.d.0.0.1.0.0.2.isp.example.org

This has an  record of 2001:db::3.

Is it possible to let bind create that automatically for certain zones?

-- 
kind regards
Marco

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users