RE: getting not authoritative with some notifies - Solved

2016-07-28 Thread Carl Byington
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2016-07-28 at 12:13 -0400, Paul A wrote: > Now what is everyone using to make sure the zones in named.conf are > still pointing to your NS servers? I have a lot of stale DNS zones I > want to remove. script a loop to "dig $zone ns @8.8.8.8

Re: Multiple AD domains

2016-07-28 Thread Jeff Sadowski
Correct on the gist. All answers where extremely helpful. I am curious on Vinícius Ferrão query I would like it to be more secure. I'll have to read more on using GSS-TSIG with Kerberos. I seem to recall this is setup by the samba install of AD but I'll have to look at it more closely as now I

Re: Multiple AD domains

2016-07-28 Thread Chris Buxton
Absolutely agreed. Regards, Chris Sent from my iPhone > On Jul 28, 2016, at 12:40 PM, Darcy Kevin (FCA) > wrote: > > Yes, I did misread the original post; thanks for clarifying. > > But, the gist of the question seemed to be about mitigating the effects of >

RE: Multiple AD domains

2016-07-28 Thread Darcy Kevin (FCA)
Yes, I did misread the original post; thanks for clarifying. But, the gist of the question seemed to be about mitigating the effects of caching, for dynamically-changing data. At a high level, whether the zones are AD zones or not, whether the “master” is BIND or Microsoft DNS, doesn’t have a

Re: BIND 9 API & GUI

2016-07-28 Thread TCPWave Customercare
Please add TCPWave to your list of commercial vendors that provide GUI and API for managing DNS. Thanks TCPWave Customer Care http://www.tcpwave.com On 7/28/16 2:56 PM, Gary Wallis wrote: On 7/28/2016 14:00, Chris Buxton wrote: Kirk, Have a look at the commercial offerings. All of them

Re: BIND 9 API & GUI

2016-07-28 Thread Gary Wallis
On 7/28/2016 14:00, Chris Buxton wrote: Kirk, Have a look at the commercial offerings. All of them offer a GUI and an API for managing BIND servers, including managing zones and records. Some of them are limited to managing their own appliances. Some of them do offer the ability to overlay

Re: BIND 9 API & GUI

2016-07-28 Thread Chris Buxton
Kirk, Have a look at the commercial offerings. All of them offer a GUI and an API for managing BIND servers, including managing zones and records. Some of them are limited to managing their own appliances. Some of them do offer the ability to overlay on existing BIND servers, too, though.

Re: Multiple AD domains

2016-07-28 Thread Chris Buxton
The OP's question was about setting up BIND, not MS DNS, related to using Samba, not Windows, as the domain controller. Regards, Chris Sent from my iPhone > On Jul 27, 2016, at 12:36 PM, Darcy Kevin (FCA) > wrote: > > My preference? Have all your clients use BIND

RE: getting not authoritative with some notifies - Solved

2016-07-28 Thread Paul A
Tony, the zones that are giving me the not auth error are indeed off cache, as I see the RA flag and the AA is missing. I never really thought this was happening because I have all zones configure the same way and some are not getting the not auth error and have the aa flag present. I was

RE: getting not authoritative with some notifies

2016-07-28 Thread Paul A
Yes there is. p From: Casey Deccio [mailto:ca...@deccio.net] Sent: Thursday, July 28, 2016 10:39 AM To: Paul A Cc: Tony Finch ; bind-us...@isc.org Subject: Re: getting not authoritative with some notifies On Thu, Jul 28, 2016 at 10:34 AM, Paul A

Re: getting not authoritative with some notifies

2016-07-28 Thread Casey Deccio
On Thu, Jul 28, 2016 at 10:34 AM, Paul A wrote: > Yes on both server and the slave and primary are listed on the NS RR. I'm > really at a loss here, the zone updates on the slave but I keep getting > that > message. > There's a difference between a server being listed in the

RE: getting not authoritative with some notifies

2016-07-28 Thread Paul A
Yes on both server and the slave and primary are listed on the NS RR. I'm really at a loss here, the zone updates on the slave but I keep getting that message. Paul -Original Message- From: Tony Finch [mailto:d...@dotat.at] Sent: Thursday, July 28, 2016 6:20 AM To: Paul A

Re: Multiple AD domains

2016-07-28 Thread Vinícius Ferrão
I agree with using BIND as the default DNS server even on Active Directory environments. Windows DNS on 2012 R2 is still very bad and lacks basic features like disabling external recursion. This should change on Server 2016 but I will stay with BIND. Another thing that I would like to add to

Re: getting not authoritative with some notifies

2016-07-28 Thread Tony Finch
Paul A wrote: > > named[7062]: client xx.xx.64.2#51056: received notify for zone 'xxx: not > authoritative > > However some zones I don't get the message above some I do, I'm not using > views so I'm lost as to why this is happening. Are you sure the zone is actually

RE: bind-users Digest, Vol 2448, Issue 2

2016-07-28 Thread Amit Kumar Gupta
Dear Sir, For checking the source port randomness of your DNS please refer to below website tool. https://www.dns-oarc.net/oarc/services/dnsentropy Regards Manager(Internet-Systems) MTNL Delhi   -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf