On 02/21/2013 02:38 AM, Sten Carlsen wrote:
What about allow-query?
At some point the default changed to allow only localhost.
oh. Yes I see; at bind 9.4.1.P1... And my old server is a bit earlier
than that! So this is most likely my problem. Will change and test
again. thanks.
On
On 02/21/2013 02:38 AM, Sten Carlsen wrote:
What about allow-query?
OK. That was it. The default named.conf had:
allow-query { localhost; };
and I commented that out, but ASSuMEd that if the default conf was
forcing it to localhost, the default must be any. Yeah, right. So
I am reading: https://www.isc.org/software/bind/faq and 'What has
changed in the behavior of allow-recursion and allow-query-cache '.
I am struggling here trying to match up the various access control
features, particularly when we are suppose to have different views for
different clients.
Hello everyone,
Here's something I hadn't put much thought into until recently--it's
never been a problem--how do resolvers behave when they receive a
request for an expired entry in the cache, but cannot contact the
authoritative nameserver? I'd imagine they return a SERVFAIL, but I
could
On 21.02.13 08:59, Robert Moskowitz wrote:
I am reading: https://www.isc.org/software/bind/faq and 'What has
changed in the behavior of allow-recursion and allow-query-cache
'.
I am struggling here trying to match up the various access control
features, particularly when we are suppose to
On 21.02.13 10:38, John Miller wrote:
Here's something I hadn't put much thought into until recently--it's
never been a problem--how do resolvers behave when they receive a
request for an expired entry in the cache, but cannot contact the
authoritative nameserver? I'd imagine they return a
Thanks, Matus. Much appreciated--a SERVFAIL is much better than an
NXDOMAIN in this scenario.
John
On 02/21/2013 10:41 AM, Matus UHLAR - fantomas wrote:
On 21.02.13 10:38, John Miller wrote:
Here's something I hadn't put much thought into until recently--it's
never been a problem--how do
On 02/21/2013 10:40 AM, Matus UHLAR - fantomas wrote:
On 21.02.13 08:59, Robert Moskowitz wrote:
I am reading: https://www.isc.org/software/bind/faq and 'What has
changed in the behavior of allow-recursion and allow-query-cache '.
I am struggling here trying to match up the various access
correct, no external hosts should query your cache.
OK.
There is no substitute for testing assumptions, mailing list assurances,
understandings of documentation, etc. Test from outside your network
to see that your DNS servers don't answer requests they shouldn't and
answer those they
On 21.02.13 08:59, Robert Moskowitz wrote:
I am reading: https://www.isc.org/software/bind/faq and 'What has
changed in the behavior of allow-recursion and
allow-query-cache '.
I am struggling here trying to match up the various access
control features, particularly when we are suppose to
On 02/21/2013 12:10 PM, Matus UHLAR - fantomas wrote:
On 21.02.13 08:59, Robert Moskowitz wrote:
I am reading: https://www.isc.org/software/bind/faq and 'What has
changed in the behavior of allow-recursion and
allow-query-cache '.
I am struggling here trying to match up the various access
On 02/21/2013 11:50 AM, Vernon Schryver wrote:
correct, no external hosts should query your cache.
OK.
There is no substitute for testing assumptions, mailing list assurances,
understandings of documentation, etc. Test from outside your network
to see that your DNS servers don't answer
-Original Message-
From: Robert Moskowitz r...@htt-consult.com
Date: Thursday, February 21, 2013 12:53 PM
To: Vernon Schryver v...@rhyolite.com
Cc: bind-users@lists.isc.org bind-users@lists.isc.org
Subject: Re: allow-query and views
Whow... This is news. A hidden view? Where is this
Well, I have a stub zone on Windows 2008 server set-up to use two different
BIND server as its list of IPs to use as masters. In the DNS manager on
Windows, you can always right click on the zone and select Transfer zone
from Master. With Wireshark on Windows, I have found that this triggers a
From: Sowmya Manjanatha sowmy...@gmail.com
Well, I have a stub zone on Windows 2008 server set-up to use two
different BIND server as its list of IPs to use as masters. In the
DNS manager on Windows, you can always right click on the zone and
select Transfer zone from Master. With
-Original Message-
From: Sowmya Manjanatha sowmy...@gmail.com
Date: Thursday, February 21, 2013 1:11 PM
To: bind-users@lists.isc.org bind-users@lists.isc.org
Subject: Re: BIND master , Windows 2008 stub zone not transferring
Well, I have a stub zone on Windows 2008 server set-up to use
On 02/21/2013 12:58 PM, Mike Hoskins (michoski) wrote:
-Original Message-
From: Robert Moskowitz r...@htt-consult.com
Date: Thursday, February 21, 2013 12:53 PM
To: Vernon Schryver v...@rhyolite.com
Cc: bind-users@lists.isc.org bind-users@lists.isc.org
Subject: Re: allow-query and
On 21.02.13 12:45, Robert Moskowitz wrote:
Fact:
No clients could access DNS from my server, both internal and
external (I have hotspot on my cellphone, so I can attach a client to
it to get external testing) UNTIL I added the allow-query option.
Once added things started working right.
From: Robert Moskowitz r...@htt-consult.com
Whow... This is news. A hidden view? Where is this documented.
The ARM says in part:
Built-in server information zones
The server provides some helpful diagnostic information through a
number of built-in zones under the
On 02/21/2013 01:54 PM, Matus UHLAR - fantomas wrote:
On 21.02.13 12:45, Robert Moskowitz wrote:
Fact:
No clients could access DNS from my server, both internal and
external (I have hotspot on my cellphone, so I can attach a client to
it to get external testing) UNTIL I added the
On 21.02.2013 19:20, Nikita Koshikov wrote:
I haven't tested this in detail but here's what I would try:
I'm trying to cut /24 network from the scope of /8 network, here is
example:
zone 11.2.10.in-addr.arpa {
type forward;
forwarders { 192.168.1.23;
You need to ensure if the resolver that is doing the forwarding also loads
the blank 10/8 that you have the smaller /24 delegated in the 10/8.
The reason being if it loads the /8 with no /24 delegation it will ignore
the forward because it believes the /24 doesn't exist.
On Feb 21, 2013 1:21 PM,
The ARM says in part:
Built-in server information zones
The server provides some helpful diagnostic information through a
number of built-in zones under the pseudo-top-level-domain bind
in the CHAOS class. These zones are part of a built-in view (see
the section called
On 02/21/2013 02:04 PM, Vernon Schryver wrote:
From: Robert Moskowitz r...@htt-consult.com
Whow... This is news. A hidden view? Where is this documented.
The ARM says in part:
Built-in server information zones
The server provides some helpful diagnostic information through a
On 02/21/2013 02:16 PM, Vernon Schryver wrote:
The ARM says in part:
Built-in server information zones
The server provides some helpful diagnostic information through a
number of built-in zones under the pseudo-top-level-domain bind
in the CHAOS class. These zones are part of
On 02/21/2013 10:20 AM, Nikita Koshikov wrote:
Hello list,
I'm trying to cut /24 network from the scope of /8 network, here is
example:
zone 11.2.10.in-addr.arpa {
type forward;
forwarders { 192.168.1.23; 192.168.1.24; };
};
zone
In message
CANYsE-zYQh7Jv4QoVM45q-w1Vz1=YBk7j=K=ooq01ugyvw_...@mail.gmail.com, Nikita
Koshiko
v writes:
Hello list,
I'm trying to cut /24 network from the scope of /8 network, here is
example:
zone 11.2.10.in-addr.arpa {
type forward;
On 02/21/2013 06:49 PM, Mark Andrews wrote:
In message
CANYsE-zYQh7Jv4QoVM45q-w1Vz1=YBk7j=K=ooq01ugyvw_...@mail.gmail.com, Nikita
Koshiko
v writes:
Hello list,
I'm trying to cut /24 network from the scope of /8 network, here is
example:
zone 11.2.10.in-addr.arpa {
1) The issues with GoDaddy are FAR more then a few disgruntled customers...
2) We don't buy or maintain street addresses from a for profit company, why
should domain name be any different? Domain name registration should be a free
government/ ma'bell function.
Date: Tue, 19 Feb 2013
In message 5126e59a.3030...@htt-consult.com, Robert Moskowitz writes:
On 02/21/2013 06:49 PM, Mark Andrews wrote:
In message CANYsE-zYQh7Jv4QoVM45q-w1Vz1=YBk7j=K=OoQ01UGYvw_yLw@mail.gmail.
com, Nikita Koshiko
v writes:
Hello list,
I'm trying to cut /24 network from the scope of /8
30 matches
Mail list logo