On Sun, Jan 25, 2009 at 6:39 PM, Matus UHLAR - fantomas
uh...@fantomas.sk wrote:
When i tried this host did not resolve
the cname. i.e a host 1.1.1.1 returned metis.local. it did not know
to resolve metis.local as bob
the host 1.1.1.1 returned that 1.1.1.1.in-addr.arpa is a CNAME to
At 09:33 26/01/2009, Mark Andrews wrote:
In message 200901260742.n0q7gjqn029...@mail46.nsc.no, Jan Arild =?iso-8859-1?
Q?Lindstr=F8m?= writes:
Hi,
I was going to upgrade from BIND 9.4.3 to BIND 9.6.0-P1, but run into a =
strange bug in BIND 9.6.0-P1.
Exact same config for 9.4.3 and
Hello everyone,
I've been seeing these syslog messages for about a week on a FreeBSD
server running BIND 9.4.3-P1:
Jan 25 02:35:21 asimov named[145]: client 206.71.158.30#138: error
sending response: permission denied
Jan 25 03:43:32 asimov named[145]: client 206.71.158.30#138: error
sending
update de mon domaine andre chaudier___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
For someone to register a domain and listing our server name with a
bogus IP, the registry has to be incredibly careless
I wonder if he is seeing the same thing I was a few days ago. I had a
certain *.edu host listed as a nameserver of mine with several
registries (gandi for .com, arin for
I inherited a Bind DNS server set up for a company that runs a number
of web site. I'm in the process of cleaning up the zone files and
adding additional slave DNS servers and I haven't got my head around
NS records yet. When a domain is registered you specify what DNS
servers will be providing
I have not copied the entire thread.
You've added an additional step in your second paragraph that is
prohibited by the section you quoted in the first. The section from
the RFC describes a situation where A is queried for and an MX record
pointing to B is returned. When B is queried for,
I am looking to set up DHCP in an environment that does not support Dynamic
DNS. There are many servers that will not be using DHCP in this
environment. Ideally, I would like to do collision detection both by ping
(which I know can be done) and reverse DNS lookup.
I know that ping collision
On Jan 26 2009, Wolfgang S. Rupprecht wrote:
For someone to register a domain and listing our server name with a
bogus IP, the registry has to be incredibly careless
I wonder if he is seeing the same thing I was a few days ago. I had a
certain *.edu host listed as a nameserver of mine with
On 26.01.09 09:19, bsfin...@anl.gov wrote:
If I have in DNS
cn IN CNAME realname
and I query for cn, the DNS resolver will return realname.
BIND also returns the A record for realname. Is this a requirement?
If not, then
mx IN 10 MX cn
will result in:
1) the MX
Thus, if an alias is used as the value of an NS or MX record, no address
will be returned with the NS or MX value.
Above statement, belief, perception etc. has already been proven to be a
fallacy (see the network trace attached to one of the previous messages).
Both the CNAME and A record is
In message 497caef2.80...@yahoo.com, Andre LeClaire writes:
Hello everyone,
I've been seeing these syslog messages for about a week on a FreeBSD
server running BIND 9.4.3-P1:
Jan 25 02:35:21 asimov named[145]: client 206.71.158.30#138: error
sending response: permission denied
Jan 25
-Original Message-
[ ... ]
On 23.01.09 23:06, Barry Margolin wrote:
Why don't you just use normal reverse DNS:
zone for 1.1.1.in-addr.arpa
1 IN PTR metis.local.
IN PTR bob-www-sol-l01.local.
accorging to the above, metis.local is a CNAME, so the
reverse should
Folks
Warning - I know just enough about Bind to be dangerous. Which is why I'm
asking.
I just noticed that our small scale Bind server as a lot of the following lines.
26-Jan-2009 14:28:24.004 client 76.9.16.171#23101: query: . IN NS +
26-Jan-2009 14:28:58.254 client 63.217.28.226#28035:
On Tue, 2009-01-27 at 07:43, Danny Thomas wrote:
Al Stu wrote:
So within the zone SMTP requirements are in fact met when the
MX RR is a CNAME.
you might argue the line of it being OK when additional processing
includes an A record.
In all the time its taken him to type his rants and
To: comp-protocols-dns-b...@isc.org
From: Tony Toews [MVP] tto...@telusplanet.net
Subject: What are these entries in the log file - query: . IN NS +?
Date: Mon, 26 Jan 2009 21:45:18 GMT
Folks
Warning - I know just enough about Bind to be dangerous. Which is
why I'm asking.
I just
Without getting into how I managed to accomplish this, I have wound up
with a secondary DNS that has incorrect information in it but the
serial numbers are the same as on the master.
So, my question is: how can I get the secondary to sync up? I
presume all I would need to do is make a
In all the time its taken him to type his rants and raves and have his little
dummy spit, he could have gone and changed the MX to be a real name, ... -
Noel Butler
Wow, such narrow mindedness.
I like most I suspect stopped reading his rants days ago. - Noel Butler
And yet here you are
In message 2d378cb064ba4d06880aed8ed81f3...@ahsnbw1, Al Stu writes:
Thus, if an alias is used as the value of an NS or MX record, no address
will be returned with the NS or MX value.
Above statement, belief, perception etc. has already been proven to be a
fallacy (see the network trace
On 26-Jan-2009, at 17:50, Jeff Justice wrote:
Without getting into how I managed to accomplish this, I have wound
up with a secondary DNS that has incorrect information in it but the
serial numbers are the same as on the master.
So, my question is: how can I get the secondary to sync up?
Gregory Hicks ghi...@hicks-net.net wrote:
2) What are they?
They look like the DDoS being discussed on the NANOG list.
Have you implemented BCP38? If not, why not...
I have no idea what BCP38 is and how I can implement that. Would you be so
kind as
to supply links relevant to Windows 2003
Noel Butler noel.but...@ausics.net wrote:
This is not your config, so long as you are not answering thats fine.
How do I know I'm not answering those?
It's a forged request asking you to participate in a DDoS thats been
going on since last Wedensday,
it's best if you firewall off your replies
Hi Tony,
On Tue, 2009-01-27 at 09:35, Tony Toews [MVP] wrote:
Noel Butler noel.but...@ausics.net wrote:
This is not your config, so long as you are not answering thats fine.
How do I know I'm not answering those?
Since your on win, I can't help you, but whatever your packet monitor
is,
At Thu, 22 Jan 2009 09:12:11 +0300,
Dmitry Rybin kirg...@corbina.net wrote:
+50 views of zone data + memory for 10 clients +
You have a 32bit build which will give a maximum of 2G data.
You are just trying to cram too much into too small a place.
OK. May be you
How about these two?
nullmx.domainmanager.com
Non-authoritative answer:
Name:mta.dewile.net
Address: 69.59.189.80
Aliases: nullmx.domainmanager.com
smtp.secureserver.net
Non-authoritative answer:
Name:smtp.where.secureserver.net
Address: 208.109.80.149
Aliases:
In message fvhsn493t2pb75c93nm1s14lkttiu0i...@4ax.com, Tony Toews [MVP] wri
tes:
Gregory Hicks ghi...@hicks-net.net wrote:
2) What are they?
They look like the DDoS being discussed on the NANOG list.
Have you implemented BCP38? If not, why not...
I have no idea what BCP38 is and
In article gllha9$2ot...@sf1.isc.org,
Tony Toews [MVP] tto...@telusplanet.net wrote:
Gregory Hicks ghi...@hicks-net.net wrote:
2) What are they?
They look like the DDoS being discussed on the NANOG list.
Have you implemented BCP38? If not, why not...
I have no idea what BCP38 is
In article glleo1$2na...@sf1.isc.org,
Jeff Justice listacco...@starionline.com wrote:
Without getting into how I managed to accomplish this, I have wound up
with a secondary DNS that has incorrect information in it but the
serial numbers are the same as on the master.
So, my question
In article gllmur$2sh...@sf1.isc.org,
Mark Andrews mark_andr...@isc.org wrote:
In message fvhsn493t2pb75c93nm1s14lkttiu0i...@4ax.com, Tony Toews [MVP]
wri
tes:
Gregory Hicks ghi...@hicks-net.net wrote:
2) What are they?
They look like the DDoS being discussed on the NANOG
maybe this will help
http://peppyheppy.com/2008/1/18/bulk-zone-file-serial-number-increment
--- On Tue, 1/27/09, Barry Margolin bar...@alum.mit.edu wrote:
From: Barry Margolin bar...@alum.mit.edu
Subject: Re: Forcing a secondary update...
To: comp-protocols-dns-b...@isc.org
Date: Tuesday,
In message 0aa37ce829ba458b9ba2d199a6d96...@ahsnbw1, Al Stu writes:
How about these two?
nullmx.domainmanager.com
Non-authoritative answer:
Name:mta.dewile.net
Address: 69.59.189.80
Aliases: nullmx.domainmanager.com
smtp.secureserver.net
Non-authoritative answer:
Name:
On Jan 26, 2009, at 6:17 PM, Mark Andrews wrote:
Which just means you have not ever experienced the problems
causes. MTA are not required to look up the addresses of
all the mail exchangers in the MX RRset to process the MX
RRset. MTA usually learn their name
In message barmar-3c4a47.20101026012...@mara100-84.onlink.net, Barry Margolin
writes:
In article gllha9$2ot...@sf1.isc.org,
Tony Toews [MVP] tto...@telusplanet.net wrote:
Gregory Hicks ghi...@hicks-net.net wrote:
2) What are they?
They look like the DDoS being discussed on
In message ulssn453ohc7rj6lobgkje0g0prvqd3...@4ax.com, Tony Toews [MVP] wri
tes:
Tony Toews [MVP] tto...@telusplanet.net wrote:
How do I know I'm not answering those?
Since your on win, I can't help you, but whatever your packet monitor
is, see if you are replying to their requests,
Noel Butler noel.but...@ausics.net wrote:
Surely windows can block access to an inbound IP request from some IP
to local udp port 53 ?
Not the firewall software built into Windows 2003 Server.
If not, you know what my next reply will be don't you :)
chuckleYeah, well switching to Linux ain't
On Tue, 2009-01-27 at 13:16, Tony Toews [MVP] wrote:
Noel Butler noel.but...@ausics.net wrote:
Surely windows can block access to an inbound IP request from some IP
to local udp port 53 ?
Not the firewall software built into Windows 2003 Server.
Gawd...
If not, you know what my
If you refuse a CNAME then it is your SMTP server that is broken. The SMTP
RFC's clearly state that SMTP servers are to accept and lookup a CNAME.
- Original Message -
From: Scott Haneda talkli...@newgeo.com
To: Mark Andrews mark_andr...@isc.org
Cc: Al Stu al_...@verizon.net;
Tony Toews [MVP] tto...@telusplanet.net wrote:
As far as I can tell from the same 5 or 20 IP addresses. I haven't seen these
lines
before.
When I analyzed todays log I got three IP address.
204.15.80.50 might be smtp9.soma.ironport.com
63.217.28.226 might be Network solutions according to the
On Jan 26, 2009, at 7:54 PM, Al Stu wrote:
If you refuse a CNAME then it is your SMTP server that is broken.
The SMTP RFC's clearly state that SMTP servers are to accept and
lookup a CNAME.
[RFC974] explicitly states that MX records shall not point to an alias
defined by a CNAME. That
RFC 974:
There is one other special case. If the response contains an answer which
is a CNAME RR, it indicates that REMOTE is actually an alias for some other
domain name. The query should be repeated with the canonical domain name.
- Original Message -
From: Scott Haneda
In message 3c802402a28c4b2390b088242a91f...@ahsnbw1, Al Stu writes:
RFC 974:
There is one other special case. If the response contains an answer which
is a CNAME RR, it indicates that REMOTE is actually an alias for some other
domain name. The query should be repeated with the canonical
Yes, the response to an MX query, that is the subject here. And a CNAME is
in fact permitted and specified by the RFC's to be accepted as the response
to an MX lookup.
If the response does not contain an error response, and does not contain
aliases
See there, alias is permitted. You
In message b3ba5e37553642e28149093cdee78...@ahsnbw1, Al Stu writes:
Yes, the response to an MX query, that is the subject here. And a CNAME is
in fact permitted and specified by the RFC's to be accepted as the response
to an MX lookup.
No one is saying a CNAME is not permitted
In article gllr91$2vq...@sf1.isc.org,
Scott Haneda talkli...@newgeo.com wrote:
I have never got why this is such a hard thing for email admins to get
right, but it certainly causes me headaches. I personally wish
CNAME's would just go away, keep them around, but just stop talking
In article glm61r$5l...@sf1.isc.org, Al Stu al_...@verizon.net
wrote:
Yes, the response to an MX query, that is the subject here. And a CNAME is
in fact permitted and specified by the RFC's to be accepted as the response
to an MX lookup.
No, we're talking about the response to the A
On Jan 26, 2009, at 10:03 PM, Barry Margolin wrote:
In article gllr91$2vq...@sf1.isc.org,
Scott Haneda talkli...@newgeo.com wrote:
100% right. I refuse MX's that are cnamed, and I get emails from
customers asking what is up. What is strange, and I can not figure
it
out, is that the admins
On Jan 26, 2009, at 10:11 PM, Barry Margolin wrote:
In article gllr91$2vq...@sf1.isc.org,
Scott Haneda talkli...@newgeo.com wrote:
I have never got why this is such a hard thing for email admins to
get
right, but it certainly causes me headaches. I personally wish
CNAME's would just go
The paragraph you cite regarding LOCAL has a alias and the alias is listed
in the MX records for REMOTE... is a peripery issue which is handled by not
doing that.
No one is saying a CNAME is not permitted in response to a MX query.
Well good then, we agree. The MX record data value can be a
In message bc7c01a4-1803-4906-bd90-93037b4ae...@newgeo.com, Scott Haneda writ
es:
On Jan 26, 2009, at 10:03 PM, Barry Margolin wrote:
In article gllr91$2vq...@sf1.isc.org,
Scott Haneda talkli...@newgeo.com wrote:
100% right. I refuse MX's that are cnamed, and I get emails from
At 22:41 26/01/2009, Mark Andrews wrote:
In message 200901260955.n0q9tnvm010...@mail43.nsc.no, Jan Arild =?iso-8859-1?
Q?Lindstr=F8m?= writes:
At 09:33 26/01/2009, Mark Andrews wrote:
In message 200901260742.n0q7gjqn029...@mail46.nsc.no, Jan Arild=
=3D?iso-8859-1?
Q?Lindstr=3DF8m?=3D
50 matches
Mail list logo