On 09/26/2010 10:57 PM, David S. wrote:
I've removed additional-from-cache and restart bind, below part of
named.conf
Ok, bad guess on my part :o(
Not sure I'm afraid. I don't really understand your config; do you mean
to have recursion off in both views?
What is sending the queries?
On 27/09/10 09:45, David S. wrote:
Hi Pil,
In that case, don't you want recursion on in view mynetwork?
I won't recursion in my network, so recursion is no.
Sorry, I don't understand. Perhaps someone else can help you.
___
bind-users mailing list
On Mon, 27 Sep 2010, Thomas Elsgaard wrote:
Hello
Is it possible with BIND, to resolve the same name (like test.gl) to
different IP's based on the source network of the request?
Here is an example
A machine in network 10.3.0.0/16 is contacting DNS to lookup
test.gl, DNS returns - 10.0.0.2
A
Yes, by using view. I do it so all my internal machines are
XXX.maplepark.com, using the private network addresses while the external
world gets my public addresses. The internal machines are still able to get
the external addresses by specifying the server address to be the external
IP
Reconfigure Bind thus:
STD_CDEFINES='-DISC_SOCKET_MAXEVENTS=256' ./configure --your-options
then recompile
On 09/27/2010 01:27 PM, Samer Khattab wrote:
Hi all,
I'm using Bind as a caching name server and serving around 2000 req
per second, and recently have the following messages showing up
Are you sure? ;-P
I can't seem to get things working. It looks like the Windows machines are not
happy with the TKEY the DCs are giving them. I can kinit a user account from
the AD on the DNS server so our krb5.conf appears correct. I am getting errors
when I run kinit -k -t /etc/krb5.keytab
Thanks Sergey,
I want to know one more thing, if you can help me.
Will this error cause timeouts ? does it have impact on performance ?
On Mon, Sep 27, 2010 at 3:42 PM, Sergey V. Lobanov ser...@lobanov.inwrote:
Reconfigure Bind thus:
STD_CDEFINES='-DISC_SOCKET_MAXEVENTS=256' ./configure
A small correction:
The packets captured below were between one of the DCs and the DNS server not a
client.
Also, I am getting this as well when I run nsupdate -g and try to add an A
record:
dns_tkey_negotiategss: TKEY is unacceptable
_
Hello,
Were there ... more information on these developments early next week?
My apologies if I missed them.
Thank you.
- Original Message
From: Larissa Shapiro laris...@isc.org
To: bind-us...@isc.org
Sent: Sun, September 19, 2010 5:54:15 PM
Subject: Notice regarding BIND 9.7.2
Were there ... more information on these developments early next week?
I was just about to ask the same question. ;)
I noticed the absence of 9.7.2 on ftp.isc.org, read the announcement here a day
later and rolled back my 9.7.2rc1 servers to 9.7.1-P2.
It would be good to know the nature of
On Sep 27, 2010, at 9:00 AM, Thomas Elsgaard wrote:
Hello
Is it possible with BIND, to resolve the same name (like test.gl) to
different IP's based on the source network of the request?
Here is an example
A machine in network 10.3.0.0/16 is contacting DNS to lookup
test.gl, DNS returns -
Hi all.
I am setting up a new appliance-based DNS solution that will contain a fair
number of separately managed Windows DNS slave servers (in addition to the
DNS appliances that will handle the .
Currently there are just over 8000 host records that resolve to IP's in the
10.x.x.x space. I am
On Sep 27, 2010, at 1:03 PM, Christopher Cain wrote:
Hi all.
I am setting up a new appliance-based DNS solution that will contain a fair
number of separately managed Windows DNS slave servers (in addition to the
DNS appliances that will handle the .
Currently there are just over 8000
Hopefully you understand that when you turn recursion off, that means
you can only answer from zones that you actually *host* (i.e. for which
you are master or slave).
But you have no master or slave zones defined in the mynetwork view.
Therefore it is not possible for that view to do
While a single zone is perfectly fine from a standards point of view,
some clients might be served addresses they don't like 10.x.x.0 and
10.x.x.255.
Just a reminder that this could be a reason if something appears weird.
On 27/09/10 23:07, Chris Buxton wrote:
On Sep 27, 2010, at 1:03 PM,
On Sep 27, 2010, at 6:55 PM, Sten Carlsen wrote:
While a single zone is perfectly fine from a standards point of view, some
clients might be served addresses they don't like 10.x.x.0 and 10.x.x.255.
But that would be DHCP config, no?
Just a reminder that this could be a reason if
On Sep 27, 2010, at 3:55 PM, Sten Carlsen wrote:
While a single zone is perfectly fine from a standards point of view, some
clients might be served addresses they don't like 10.x.x.0 and 10.x.x.255.
Just a reminder that this could be a reason if something appears weird.
Don't confuse
On 9/27/2010 7:46 AM, Jerry Kemp wrote:
IMHO, the primary benefit of chrooting is security.
another, less painful option, again IMHO, is to run BIND in a jail if
you are using BSD,
The default configuration in FreeBSD is to run it chroot'ed. Given that
it's very unlikely that the chroot will
Date: Mon, 27 Sep 2010 09:46:44 -0500
From: Jerry Kemp dns.bind.l...@oryx.cc
Sender: bind-users-bounces+oberman=es@lists.isc.org
IMHO, the primary benefit of chrooting is security.
another, less painful option, again IMHO, is to run BIND in a jail if
you are using BSD, or a zone if
Under certain limited circumstances, it might make more sense to put
both/all addresses under the same name, and then use the sortlist
mechanism to present those addresses in an order which is suitable for
particular clients.
Among other things, this requires that all resolver/nameserver
On Sep 27, 2010, at 4:43 PM, Sten Carlsen wrote:
Well, it depends on your clients. If they don't like .0 or .255, you would
have to have a rather large amount of ranges.
E.g. range 10.1.1.1 10.1.1.254; range 10.1.2.1 10.1.2.254; ..
If OTOH you don't have any of those clients, other
On Sep 27, 2010, at 4:03 PM, Christopher Cain wrote:
Hi all.
I am setting up a new appliance-based DNS solution that will contain a fair
number of separately managed Windows DNS slave servers (in addition to the
DNS appliances that will handle the .
Currently there are just over 8000
On 28/09/10 2:08, Chris Buxton wrote:
On Sep 27, 2010, at 4:43 PM, Sten Carlsen wrote:
Well, it depends on your clients. If they don't like .0 or .255, you
would have to have a rather large amount of ranges.
E.g. range 10.1.1.1 10.1.1.254; range 10.1.2.1 10.1.2.254; ..
If OTOH you
23 matches
Mail list logo