Re: Access external hosts with internal split DNS resolver

2015-08-08 Thread Heiko Richter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 09.08.2015 um 06:58 schrieb Josh Kuo: > Add www.mydomain.co.nz to your internal zone, that is one common > way to deal with it. With BIND you can keep the common records in a > separate file and use "include" statement to avoid double entry. > > >

Re: Access external hosts with internal split DNS resolver

2015-08-08 Thread Josh Kuo
Add www.mydomain.co.nz to your internal zone, that is one common way to deal with it. With BIND you can keep the common records in a separate file and use "include" statement to avoid double entry. > On Aug 9, 2015, at 12:50 AM, Dave Koelmeyer > wrote: > >> On 09/08/15 16:44, Dave Koelmeyer

Re: Access external hosts with internal split DNS resolver

2015-08-08 Thread Dave Koelmeyer
On 09/08/15 16:44, Dave Koelmeyer wrote: > - lookups to www.mydomain.co.nz fail, where www.mydomain.com is my > public webserver defined in my domain registrar's zone file Correction: this should obviously read "lookups to www.mydomain.co.nz fail, where www.mydomain.co.nz is my public webserver d

Access external hosts with internal split DNS resolver

2015-08-08 Thread Dave Koelmeyer
Hi All, This question I imagine comes up regularly – I see online there are several potential solutions so thought it best to see what the accepted common practice is. I have configured an internal BIND 9.6 server to act as a split DNS resolver for an internal (home) network. It uses forwarding f

how to compile bind 9.10 with --with-libjson option

2015-08-08 Thread Leandro
Hi guys , any one can give me a tip about it? I downloaded bind-9.10.2-P3 package. OS is a Centos 2.6.32-504.23.4.el6.x86_64. while trying ./configure --with-openssl --enable-threads --with-libxml2 --with-libjson It complains about xml and json libraries. xml is solved installing yum install li

Re: do not stupidly delete ZSK files

2015-08-08 Thread Tony Finch
Lawrence K. Chen, P.Eng. wrote: > On 2015-07-31 06:33, Tony Finch wrote: > > > > The DNSSEC records come from the zone data like any other records. You > > don't need any special DNSSEC configuration to act as a secondary for a > > signed zone - it just works. > > Is that the case now? I recall w

Re: tsig zone sharing between zones check + scream

2015-08-08 Thread Heiko Richter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 08.08.2015 um 03:06 schrieb Lawrence K. Chen, P.Eng.: > > > On 2015-08-07 10:08, Heiko Richter wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> Am 07.08.2015 um 08:52 schrieb Lawrence K. Chen, P.Eng.: >>> Gjust noticed that