Re: why bind unable to find log files
On Saturday 11 June 2011 09:53, the following was written: On Jun 11, 2011, at 4:22 AM, kshitij mali wrote: Hi Mark , Thanks of taking intreast in my case , yes the rhel4 default bind named service is running in chroot jail , know tell we what config changes do i nedd to change. Create a directory inside the chroot jail called var/log/ -- so, if your chroot directory is called /foo/bar, create /foor/bar/var/log and make sure that bind is allowed to write there… The directory should be /var/named/chroot if you installed all defaults. Also be aware if selinux is active it will only allow bind to write to certain directories. This is good to know on your slaves. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Split DNS Configuration in BIND
On Tuesday 31 May 2011 00:56, the following was written: Its very simple, If you know basic firewall concept, we will configure source NATing from public IP address to original website private address in firewall. So when any users from internet access my company website, they should obviously get public IP of my company website and once they get the IP address from DNS, it can contact the website using source NATing in firewall. Here my concern is not with NATing or firewall. My basic requirement is how can i configure split DNS to maintain two different Ip address for a same website. I think you are getting your terminology mixed up here. Split DNS is when you have 2 DNS servers, one internal and the other external. Internal server serves the clients internally and the External services the people on the Internet. This setup is very easy as both server hold the same records with the proper ip addresses. The other would be VIEWS. This is when you have a single DNS server serving both internal and external requests but you want to supply different ip address for the same host name depending on where the request is coming from. If you are thinking/talking VIEWS then give this website a look: http://www.howtoforge.com/two_in_one_dns_bind9_views http://www.cyberciti.biz/faq/linux-unix-bind9-named-configure-views/ -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Split DNS Configuration in BIND
On Tuesday 31 May 2011 02:25, the following was written: Split DNS is when you have 2 DNS servers, one internal and the other external. Internal server serves the clients internally and the External services the people on the Internet. This setup is very easy as both server hold the same records with the proper ip addresses. The other would be VIEWS. This is when you have a single DNS server serving both internal and external requests but you want to supply different ip address for the same host name depending on where the request is coming from. ...the end result of which (just to check my own knowledge) is the same as a split DNS, just without needing a second set of servers, right? Thje end result is the same. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind slave not get DNS update
On Tuesday 04 January 2011 20:50, Steve Zeng wrote: I don't have NS record for both of the slaves (windows DNS slave and Linux DNS slave). I use also-notify and it works for Windows DNS slave. But not for BIND/Linux. Is SELinux running on this system? I seen you are running CentOS and in the RH setting of SELinux Bind is only allowed to make changes is certain directories. Please don't include me directly in your replies as I get the mailing list also. Thnx. -- Regards Robert Linux The adventure of a life time. Linux User #296285 Get Counted http://counter.li.org/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Could DNS help solve this?
On Thursday 11 November 2010 03:59, Sten Carlsen wrote: Yes, I do use whois, my problem is which of the many dozens of whois servers to ask. E.g. if you want to know who owns telephone.com(random example), do you ask whois.moniker.com, whois.markmonitor.com, whois.enum.com or ???. Why make things so difficult? How about a simple 'whois domain'? That should get you the information you are looking for. If you don't know who to ask, it can take maybe 20 attempts before you find a whois server tha gives some helpful info. In some cases looking at the NS records helps If the domain is registered properly then the above will get you your answer on the first attempt. Somebody put up the whois.uwhois.net, but that rarely gives an answer. Then logic would tell you not to use this server. How do you determine where to ask? I don't, I allow whois to do that for me. Using your example: whois telephone.com [Querying whois.verisign-grs.com] [Redirected to whois.tucows.com] [Querying whois.tucows.com] [whois.tucows.com] Please provide a real world example where you cannot get the whois information. -- Regards Robert Linux The adventure of a life time. Linux User #296285 Get Counted http://counter.li.org/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How does Yahoo/Google find unknown domains?
On Sunday 07 November 2010 20:02, Michelle Konzack wrote: I have (since several years) collected some domain names which do not exist (since years) and registered it in the last 4 month for the internal use of my Internet Service. If these domains are for internal use only, why did you list the DNS servers for them? You are aware that you can register a domain without listing a DNS Server? -- Regards Robert Linux The adventure of a life time. Linux User #296285 Get Counted http://counter.li.org/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Query denied errors on PTR records for delegated zone
On Monday 22 February 2010 19:26, Geoff Sweet wrote:
I have tried several different attempts to make this work, and the only
change that works is to set in the options allow-query{any;};. However the
problem with that is that it then permits anyone to make any query against
my nameservers and I don't want that.
That the purpose of having a public DNS server? So others can get your public
DNS information? You want them to be able to query your server for your
information but not allow recursion. By only allowing localhost, localnets
and wemadenets, everyone else is blocked thus they cannot get your
information.
Can anyone here offer me some advice as to what I am doing wrong? For
reference here is my config file:
acl wemadenets { 66.150.173.0/26; };
options {
directory /var/named;
dump-file /var/named/data/cache_dump.db;
statistics-file /var/named/data/named_stats.txt;
memstatistics-file /var/named/data/named_mem_stats.txt;
allow-query { localhost; localnets; wemadenets; };
allow-recursion { wemadenets; };
};
Edit allow-query and allow any. Then everyone can get your information and
still not use your server for recursion
I take it you are working off some sort of how-to for this.
--
Regards
Robert
Linux User #296285
http://counter.li.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: multi master primary nameserver.
On Friday 05 February 2010 17:41, fddi wrote: Hello I wanted to ask how could be possible in some way to have 2 or more multi master name servers authoritative for one domain, instead of the classical master slave model. Simple thing to do. I have a test lab here that I did this in a few years ago. 2 masters and 4 slaves. The setup was simple. Configure Master A to be a slave of Master B. Configure Master B to be a slave of Master A. Configure all slaves whit both masters. Depending on how you setup the rest ensure that the Masters notify each other of updates. Now when Master B is updated it will update the slaves and Master A also. Only thing you have to watch out for is that only one zone on one master is being updated at a time. -- Regards Robert Linux User #296285 http://counter.li.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Modified a zone, so when it becomes available?
On Wednesday 16 September 2009 02:52, Marcos Lorenzo de Santiago wrote: El mar, 15-09-2009 a las 17:27 -0400, Robert Spangler escribió: On Tuesday 15 September 2009 08:16, Frank Stanek wrote: Please forgive my naivety if this is totally wrong but I don't have a chrooted bind environment to verify this atm. I run a chroot environment But doesn't the init script in some distributions copy the configuration files (including zone files) into the chroot joil because bind cannot access them in /etc from there? Not that I am aware of. If you know of a distro that does this let us know. A chroot'ed bind has no knowledge of anything outside of it's chroot environment so the files have to exist there. I just link the chrooted file named.conf to /etc/bind/named.conf, so the file in /etc is actually a link to the file within then chrooted environment. In my environment I have the other way. named.conf, named.zones and rndc.key in /etc are linked to the chroot enviroment. -- Regards Robert Linux User #296285 http://counter.li.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Modified a zone, so when it becomes available?
On Tuesday 15 September 2009 08:16, Frank Stanek wrote: Please forgive my naivety if this is totally wrong but I don't have a chrooted bind environment to verify this atm. I run a chroot environment But doesn't the init script in some distributions copy the configuration files (including zone files) into the chroot joil because bind cannot access them in /etc from there? Not that I am aware of. If you know of a distro that does this let us know. A chroot'ed bind has no knowledge of anything outside of it's chroot environment so the files have to exist there. That could explain why it works when you use the init script to restart bind but it doesn't when you do rndc reload - the modified files don't get copied into the jail with rndc reload. And they do not with the init script either. The init script is shutting down bind and then reloading it again which forces a fresh read of all the files, as rndc is just telling bind to re-read the zone. -- Regards Robert Linux User #296285 http://counter.li.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: SPF record Syntax Update
On Friday 17 July 2009 16:33, Martin McCormick wrote: A person wrote me off list to say that it worked for them. I went to a different FreeBSD platform that happens to be the actual one that hosts our DNS and tried it there and it worked perfectly. I even verified that it is in the zone. I'm just curious, if you run named-checkzone against this zone does it spit back any errors? I'm just wondering as there is really nothing stopping you from placing what ever you want in a zone file, just wondering if the check tools will complain. -- Regards Robert Linux User #296285 http://counter.li.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
