date:20170522

Re: How to generate authoritative DNS64 reverse zone

2017-05-22 Thread Aleksi Suhonen

Hi,

On 05/20/2017 01:48 AM, Mark Andrews wrote:
> In message <57bf558b-f4eb-f2e4-c27c-9447ff4dd...@axu.tm>, Aleksi Suhonen 
> writes:
>> So how do I configure Bind9 to generate one authoritative DNS64 reverse
>> zone that contains CNAMEs to in-addr.arpa, but otherwise not mess with
>> anything?

> You should delegate
> 1.0.0.0.0.0.0.0.2.3.B.D.0.B.2.0.C.7.6.0.1.0.0.2.IP6.ARPA normally.
> This will let everyone in the world find the CNAME records.  This
> should be done even if you are just doing it for your recursive
> clients.

I created the delegation, tried the below config and created an empty
zone file for the above delegation. Rndc reconfig gave the following error:

22-May-2017 07:58:13.534 general: error: reloading configuration failed:
already exists

This was the entirety of the error message.

> If you don't want A to  mappings to happen then turn off the
> DNS64 mapping for everyone on the server.

> dns64 2001:67c:2b0:db32:0:1::/96 {
> clients { none; }
> };

When I removed the empty master zone, the error message went away. So it
seems that the dns64 declaration implicitly creates a new zone in Bind.
Makes sense. This could be added to documentation?

I think the above error message should also be improved, as it gave no
indication as to *what* exists already. I could have saved about an hour
of wondering what the hell is wrong with my config change, if the error
message was a bit more wordy. :-)

In hind sight, I guess I could have turned on debugging and seen what
messages would be generated then, but I suspect there would have been
too many messages for me to process.

Anyway, thanks for the help.

-- 
Aleksi Suhonen / Axu TM Oy
Internetworking Consulting
Cellular: +358 44 975 6548
World Wide Web: www.axu.tm
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS forwarding

2017-05-22 Thread Barry S. Finkel


On Wed, 17 May 2017 17:44:12,  Elias Pereira  wrote:


Hello,

Our scenario today consists of one:

- DNS Server (Authoritative to our subdomains. Ex: www.mydomain.com*,
moodle.mydomain.com, etc)
- samba3 PDC server
- Openldap server (user base for samba)

All our IPs are public.

This scenario above works like a charm!! :D

Now, I'm implementing a new samba4 AD server.

In order for me to be able to put users in the AD domain, I need to
configure the samba4 AD IP as primary dns on the computers. In the bind
installed on samba4 AD I configured the "forwarder" variable with the IP of
our DNS server.

The problem is that from this computer, if I need to access an internal
subdomain, for example our webserver*, I can not access. Gives resolution
error. For any other site, for example, google.com, I can access.

I'm not finding the problem. Any idea?

-- Elias Pereira


Maybe I am misinterpreting the problem.  When I was managing a mixed
AD-BIND DNS scenario, ALL of the computers used the BIND servers for
their DNS resolution; none used the AD servers.  But I had all of the
AD zones slaved on my BIND servers, so there was no need for any machine
to use the AD servers for DNS resolution.  The AD servers had only
the AD zones, so if any machine queried the AD server for a non-AD zone,
the request would have been forwarded to the BIND servers anyway.

--Barry Finkel

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS forwarding

2017-05-22 Thread Grant Taylor via bind-users


On 05/22/2017 07:16 AM, Barry S. Finkel wrote:

Maybe I am misinterpreting the problem.  When I was managing a mixed
AD-BIND DNS scenario, ALL of the computers used the BIND servers for
their DNS resolution; none used the AD servers.  But I had all of the
AD zones slaved on my BIND servers, so there was no need for any machine
to use the AD servers for DNS resolution.  The AD servers had only
the AD zones, so if any machine queried the AD server for a non-AD zone,
the request would have been forwarded to the BIND servers anyway.


Could your AD clients still reach the AD DNS servers?  (It sounds like 
they could.)


It's been my experience that AD clients still want to reach the master 
name server (in the SOA record) to do Dynamic DNS updates.


(I've also successfully forced those through a BIND secondary configured 
to forward the dynamic updates to the AD master.)




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

dkim cname records replication

2017-05-22 Thread Vidal Garza

Hello List,

I have this question about replication.

I have a replication between BIND 9.9.5-3.
We try to make dkim work with Microsoft office 365. In the documentation they 
said that it should be a CNAME record with the sectors and it works in the 
master. The problem is in the slave, with the name and the underscore character.

I wonder if bind support the underscore character? Or if someone has link that 
help me.

Reference:
https://technet.microsoft.com/en-us/library/mt695945(v=exchg.150).aspx

Thanks in advance!


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dkim cname records replication

2017-05-22 Thread McDonald, Daniel (Dan)

You need to add “check-names ignore; “ to the zone definition when dealing with 
active directory.  That ignores the invalid underscore character.

From: bind-users  on behalf of Vidal Garza 

Date: Monday, May 22, 2017 at 10:31
To: Bind Users 
Subject: dkim cname records replication

Hello List,

I have this question about replication.

I have a replication between BIND 9.9.5-3.
We try to make dkim work with Microsoft office 365. In the documentation they 
said that it should be a CNAME record with the sectors and it works in the 
master. The problem is in the slave, with the name and the underscore character.

I wonder if bind support the underscore character? Or if someone has link that 
help me.

Reference:
https://technet.microsoft.com/en-us/library/mt695945(v=exchg.150).aspx

Thanks in advance!

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS forwarding

2017-05-22 Thread Elias Pereira

Hello guys, thanks for all the answers!!!

I was provisioning the AD in the wrong way. As we have our main DNS and it
is authoritative for our domain "example.com" I needed to create a
subdomain "sandom.example.com" so that AD DNS would be authoritative only
for "samdom".

Now everything is working properly.

Thank you all!!!

On Mon, May 22, 2017 at 11:46 AM, Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:

> On 05/22/2017 07:16 AM, Barry S. Finkel wrote:
>
>> Maybe I am misinterpreting the problem.  When I was managing a mixed
>> AD-BIND DNS scenario, ALL of the computers used the BIND servers for
>> their DNS resolution; none used the AD servers.  But I had all of the
>> AD zones slaved on my BIND servers, so there was no need for any machine
>> to use the AD servers for DNS resolution.  The AD servers had only
>> the AD zones, so if any machine queried the AD server for a non-AD zone,
>> the request would have been forwarded to the BIND servers anyway.
>>
>
> Could your AD clients still reach the AD DNS servers?  (It sounds like
> they could.)
>
> It's been my experience that AD clients still want to reach the master
> name server (in the SOA record) to do Dynamic DNS updates.
>
> (I've also successfully forced those through a BIND secondary configured
> to forward the dynamic updates to the AD master.)
>
>
>
>
> --
> Grant. . . .
> unix || die
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>



-- 
Elias Pereira
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

named-compilezone errors

2017-05-22 Thread Chris Buxton

I'm having trouble using named-compilezone on a zone, and I was wondering if 
I'm doing something wrong or if perhaps I've found a bug (or two). I apologize 
in advance for the sanitizing of the zone name, but it's not my zone and I 
can't share it.

named-compilezone -i none -k ignore -o example.com.txt example.com 
example.com.dns
dns_master_load: example.com.dns:6785: bad escape
dns_master_load: example.com.dns:6789: bad escape

Those lines are:

mhtswfw-dellfi01\342\200\223mgmt A  10.152.224.231
mhtswfw-dellfi02\342\200\223mgmt A  10.152.224.232

After pruning out those lines:

named-compilezone -i none -k ignore -o example.com.txt example.com 
example.com.dns
example.com.dns:6: no TTL specified; using SOA MINTTL instead
example.com.dns:3556: TTL set to prior TTL (600)
zone example.com/IN: NS 'ausdc2k8amer21.example.com' has no address records (A 
or )
zone example.com/IN: NS 'ausdcx64amer07.example.com' has no address records (A 
or )
zone example.com/IN: NS 'ausdcx64amer08.example.com' has no address records (A 
or )
zone example.com/IN: NS 'ausdcx64amer09.example.com' has no address records (A 
or )
zone example.com/IN: NS 'ausdcx64amer10.example.com' has no address records (A 
or )
zone example.com/IN: not loaded due to errors.

There are NS records pointing to these names. The names belong to the zone I'm 
trying to compile. But the names are not defined. I would have expected that 
'-i none' would have allowed it to skip these errors. but it doesn't.

Regards,
Chris Buxton
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS forwarding

2017-05-22 Thread Grant Taylor via bind-users


On 05/22/2017 01:36 PM, Elias Pereira wrote:
I was provisioning the AD in the wrong way. As we have our main DNS and 
it is authoritative for our domain "example.com" I 
needed to create a subdomain "sandom.example.com"  
so that AD DNS would be authoritative only 
for "samdom".


You don't have to have AD be a sub-domain.  You can delegate the 
_msdcs.example.com sub-domain instead of samdom.example.com.  This will 
make AD appear as if it is example.com.


Note:  The merits / pros / cons of this are subject to debate.  -  I'm 
just advocating that you define what you want your infrastructure to be, 
not the other way around.



Now everything is working properly.


I'm glad that you got it working.


Thank you all!!!


*nod*



--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dkim cname records replication

2017-05-22 Thread Mark Andrews


In message , Vidal Garza writes:
>
> Hello List,
>
> I have this question about replication.
>
> I have a replication between BIND 9.9.5-3.
> We try to make dkim work with Microsoft office 365. In the documentation
> they said that it should be a CNAME record with the sectors and it works
> in the master. The problem is in the slave, with the name and the
> underscore character.
>
> I wonder if bind support the underscore character? Or if someone has link
> that help me.
>
> Reference:
> https://technet.microsoft.com/en-us/library/mt695945(v=exchg.150).aspx
>
> Thanks in advance!

Post the actual error messages or the actual zone content.  Your suppositions
are incorrect.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dkim cname records replication

2017-05-22 Thread Mark Andrews


In message , "McDonald, 
Daniel (Dan)" writes:
> You need to add check-names ignore;  to the zone definition when dealing
> with active directory.  That ignores the invalid underscore character.

DKIM is not active directory.  Named can serve DKIM records without
adding "check-names ignore;" to named.conf.

The latest versions of named don't need "check-names ignore;" to
serve AD zones with gc._msdcs. (BIND 9.9.10, 9.10.5, 9.11.1).

It also doesn't help that Microsoft confuses "Host Name" with "Owner
Name" / "Record Name" / "Domain Name" in the documentation referenced
below.  Host name has a specific meaning and the documentation
referenced there is just plain wrong in its use of "Host Name".

Mark

> From: bind-users  on behalf of Vidal
> Garza 
> Date: Monday, May 22, 2017 at 10:31
> To: Bind Users 
> Subject: dkim cname records replication
>
> Hello List,
>
> I have this question about replication.
>
> I have a replication between BIND 9.9.5-3.
> We try to make dkim work with Microsoft office 365. In the documentation
> they said that it should be a CNAME record with the sectors and it works
> in the master. The problem is in the slave, with the name and the
> underscore character.
>
> I wonder if bind support the underscore character? Or if someone has link
> that help me.
>
> Reference:
> https://technet.microsoft.com/en-us/library/mt695945(v=exchg.150).aspx
>
> Thanks in advance!
>
>

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dkim cname records replication

2017-05-22 Thread McDonald, Daniel (Dan)

In this case, Microsoft names the records selector1._domainkeys.example.com and 
selector2._domainkeys.example.com. The poster said he was running bind 9.9.5, 
which to my knowledge doesn't support leading underscores without check-names 
ignore.

Get Outlook for iOS

On Mon, May 22, 2017 at 8:45 PM -0500, "Mark Andrews" 
mailto:ma...@isc.org>> wrote:

In message , "McDonald, Daniel (Dan)" writes:
> You need to add check-names ignore;  to the zone definition when dealing
> with active directory.  That ignores the invalid underscore character.

DKIM is not active directory.  Named can serve DKIM records without
adding "check-names ignore;" to named.conf.

The latest versions of named don't need "check-names ignore;" to
serve AD zones with gc._msdcs. (BIND 9.9.10, 9.10.5, 9.11.1).

It also doesn't help that Microsoft confuses "Host Name" with "Owner
Name" / "Record Name" / "Domain Name" in the documentation referenced
below.  Host name has a specific meaning and the documentation
referenced there is just plain wrong in its use of "Host Name".

Mark

> From: bind-users  on behalf of Vidal
> Garza
> Date: Monday, May 22, 2017 at 10:31
> To: Bind Users
> Subject: dkim cname records replication
>
> Hello List,
>
> I have this question about replication.
>
> I have a replication between BIND 9.9.5-3.
> We try to make dkim work with Microsoft office 365. In the documentation
> they said that it should be a CNAME record with the sectors and it works
> in the master. The problem is in the slave, with the name and the
> underscore character.
>
> I wonder if bind support the underscore character? Or if someone has link
> that help me.
>
> Reference:
> https://technet.microsoft.com/en-us/library/mt695945(v=exchg.150).aspx
>
> Thanks in advance!
>
>

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dkim cname records replication

2017-05-22 Thread Mark Andrews


In message 
, 
"McDonald, Daniel 
(Dan)" writes:
> In this case, Microsoft names the records
> selector1._domainkeys.example.com and selector2._domainkeys.example.com.
> The poster said he was running bind 9.9.5, which to my knowledge doesn't
> support leading underscores without check-names ignore.

Named DOES support underscore.  It stops you using underscore in
HOSTNAME contexts which definitely don't apply to DKIM records.

* The owner name of a A record.  This is what bites with AD as
  there is a A record at gc._msdcs..  An exception has
  been added for this prefix (gc._msdcs) recently.
* The owner name of a  record.
* The names of nameservers (NS rdata).
* The owner names of MX records.
* The names of mail exchangers (MX rdata).

DKIM uses underscores so that the owner names of the records it
uses do not clash with the syntax of valid hostnames.  DKIM does
no use A,  or MX records at these names.  This is also why SRV
uses records with underscore prefixes.

Mark

> Get Outlook for iOS
>
>
>
> On Mon, May 22, 2017 at 8:45 PM -0500, "Mark Andrews"
> mailto:ma...@isc.org>> wrote:
>
>
>
> In message , "McDonald, Daniel (Dan)" writes:
> > You need to add check-names ignore;  to the zone definition when dealing
> > with active directory.  That ignores the invalid underscore character.
>
> DKIM is not active directory.  Named can serve DKIM records without
> adding "check-names ignore;" to named.conf.
>
> The latest versions of named don't need "check-names ignore;" to
> serve AD zones with gc._msdcs. (BIND 9.9.10, 9.10.5, 9.11.1).
>
> It also doesn't help that Microsoft confuses "Host Name" with "Owner
> Name" / "Record Name" / "Domain Name" in the documentation referenced
> below.  Host name has a specific meaning and the documentation
> referenced there is just plain wrong in its use of "Host Name".
>
> Mark
>
> > From: bind-users  on behalf of Vidal
> > Garza
> > Date: Monday, May 22, 2017 at 10:31
> > To: Bind Users
> > Subject: dkim cname records replication
> >
> > Hello List,
> >
> > I have this question about replication.
> >
> > I have a replication between BIND 9.9.5-3.
> > We try to make dkim work with Microsoft office 365. In the documentation
> > they said that it should be a CNAME record with the sectors and it works
> > in the master. The problem is in the slave, with the name and the
> > underscore character.
> >
> > I wonder if bind support the underscore character? Or if someone has
> link
> > that help me.
> >
> > Reference:
> > https://technet.microsoft.com/en-us/library/mt695945(v=exchg.150).aspx
> >
> > Thanks in advance!
> >
> >
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dkim cname records replication

2017-05-22 Thread McDonald, Daniel (Dan)

That's great! I've disabled checknames for over a decade because I couldn't get 
AD to work without it when I first set it up, and hadn't tried without it 
since. I'll go play in the lab tomorrow and see if I can turn that back on in 
production with the squirrelly version my distro provides ( they call it 
9.9.1-400, or something like that. Every security patch applied, since 9.9.1, 
some of the bug fixes applied)

Get Outlook for iOS

On Mon, May 22, 2017 at 9:11 PM -0500, "Mark Andrews" 
mailto:ma...@isc.org>> wrote:

In message , "McDonald, Daniel
(Dan)" writes:
> In this case, Microsoft names the records
> selector1._domainkeys.example.com and selector2._domainkeys.example.com.
> The poster said he was running bind 9.9.5, which to my knowledge doesn't
> support leading underscores without check-names ignore.

Named DOES support underscore.  It stops you using underscore in
HOSTNAME contexts which definitely don't apply to DKIM records.

* The owner name of a A record.  This is what bites with AD as
  there is a A record at gc._msdcs..  An exception has
  been added for this prefix (gc._msdcs) recently.
* The owner name of a  record.
* The names of nameservers (NS rdata).
* The owner names of MX records.
* The names of mail exchangers (MX rdata).

DKIM uses underscores so that the owner names of the records it
uses do not clash with the syntax of valid hostnames.  DKIM does
no use A,  or MX records at these names.  This is also why SRV
uses records with underscore prefixes.

Mark

> Get Outlook for iOS
>
>
>
> On Mon, May 22, 2017 at 8:45 PM -0500, "Mark Andrews"
> > wrote:
>
>
>
> In message , "McDonald, Daniel (Dan)" writes:
> > You need to add check-names ignore;  to the zone definition when dealing
> > with active directory.  That ignores the invalid underscore character.
>
> DKIM is not active directory.  Named can serve DKIM records without
> adding "check-names ignore;" to named.conf.
>
> The latest versions of named don't need "check-names ignore;" to
> serve AD zones with gc._msdcs. (BIND 9.9.10, 9.10.5, 9.11.1).
>
> It also doesn't help that Microsoft confuses "Host Name" with "Owner
> Name" / "Record Name" / "Domain Name" in the documentation referenced
> below.  Host name has a specific meaning and the documentation
> referenced there is just plain wrong in its use of "Host Name".
>
> Mark
>
> > From: bind-users  on behalf of Vidal
> > Garza
> > Date: Monday, May 22, 2017 at 10:31
> > To: Bind Users
> > Subject: dkim cname records replication
> >
> > Hello List,
> >
> > I have this question about replication.
> >
> > I have a replication between BIND 9.9.5-3.
> > We try to make dkim work with Microsoft office 365. In the documentation
> > they said that it should be a CNAME record with the sectors and it works
> > in the master. The problem is in the slave, with the name and the
> > underscore character.
> >
> > I wonder if bind support the underscore character? Or if someone has
> link
> > that help me.
> >
> > Reference:
> > https://technet.microsoft.com/en-us/library/mt695945(v=exchg.150).aspx
> >
> > Thanks in advance!
> >
> >
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to generate authoritative DNS64 reverse zone

2017-05-22 Thread Mark Andrews


In message <396e2fc9-3151-aad6-b5bc-28784bd15...@axu.tm>, Aleksi Suhonen writes:
> Hi,
> 
> On 05/20/2017 01:48 AM, Mark Andrews wrote:
> > In message <57bf558b-f4eb-f2e4-c27c-9447ff4dd...@axu.tm>, Aleksi Suhonen 
> > writes:
> >> So how do I configure Bind9 to generate one authoritative DNS64 reverse
> >> zone that contains CNAMEs to in-addr.arpa, but otherwise not mess with
> >> anything?
> 
> > You should delegate
> > 1.0.0.0.0.0.0.0.2.3.B.D.0.B.2.0.C.7.6.0.1.0.0.2.IP6.ARPA normally.
> > This will let everyone in the world find the CNAME records.  This
> > should be done even if you are just doing it for your recursive
> > clients.
> 
> I created the delegation, tried the below config and created an empty
> zone file for the above delegation. Rndc reconfig gave the following error:
> 
> 22-May-2017 07:58:13.534 general: error: reloading configuration failed:
> already exists
> 
> This was the entirety of the error message.
> 
> > If you don't want A to  mappings to happen then turn off the
> > DNS64 mapping for everyone on the server.
> 
> > dns64 2001:67c:2b0:db32:0:1::/96 {
> > clients { none; }
> > };
> 
> When I removed the empty master zone, the error message went away. So it
> seems that the dns64 declaration implicitly creates a new zone in Bind.
> Makes sense. This could be added to documentation?

The ARM already has this in the description for dns64.

  
Additionally a reverse IP6.ARPA zone will be created for
the prefix to provide a mapping from the IP6.ARPA names
to the corresponding IN-ADDR.ARPA names using synthesized
CNAMEs.  dns64-server and
dns64-contact can be used to specify
the name of the server and contact for the zones. These
are settable at the view / options level.  These are
not settable on a per-prefix basis.
  

> I think the above error message should also be improved, as it gave no
> indication as to *what* exists already. I could have saved about an hour
> of wondering what the hell is wrong with my config change, if the error
> message was a bit more wordy. :-)

Ticket opened.

> In hind sight, I guess I could have turned on debugging and seen what
> messages would be generated then, but I suspect there would have been
> too many messages for me to process.
> 
> Anyway, thanks for the help.
> 
> -- 
> Aleksi Suhonen / Axu TM Oy
> Internetworking Consulting
> Cellular: +358 44 975 6548
> World Wide Web: www.axu.tm
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to generate authoritative DNS64 reverse zone

Re: DNS forwarding

Re: DNS forwarding

dkim cname records replication

Re: dkim cname records replication

Re: DNS forwarding

named-compilezone errors

Re: DNS forwarding

Re: dkim cname records replication

Re: dkim cname records replication

Re: dkim cname records replication

Re: dkim cname records replication

Re: dkim cname records replication

Re: How to generate authoritative DNS64 reverse zone

14 matches

Site Navigation

Mail list logo

Footer information