Re: Problem looking up domain dryfire.com

Am 16.08.2016 um 11:04 schrieb Eivind Olsen: I'm seeing some odd problems where BIND (9.10.4-P2) has issues resolving getsurfed.com. This is when using the "510 Software Group" BIND 9.10 for RHEL/CentOS/Fedora. why do you use a 3rd party package? no problem here with

Re: DNS views setup help

That is correct, as I have not setup the TSIG keys yet. Also, I am still a bit confused on how this code should be implemented in my conf file. In the example you posted that refers back to the link, where would I place it in the context of my views on the master? Do I only need that one stanza

Re: DNS views setup help

I think you are pretty close. One detail that you appear to be missing are is in the linked document: server 10.0.1.1 { /* Deliver notify messages to external view. */ keys { external-key; }; }; Your slaves should have a similar statement in each view with the IP of the master and the relevant

DNS views setup help

I am running bind 9.8.2 on a pair of RHEL 6 DNS servers.. One server is the master, one is the slave. My goal is to setup 2 views so that our internal folks can resolve hostnames to internal IP's while still allowing our external customers to resolve from the outside. Both of these servers are

Re: OPenssl 1.1 and Bind

In message , The Doctor writes: > Vin?cius Ferr?o wrote: > : OpenSSL 1.0 will continue to be supported. There's no rush to go to 1.1 rel > ease. > > : I can't see this as an issue. > > Tell us that when openssl 1.0 starts to disappear. It

Spurious DNSKEY records on slave

I recently switched from external signing of my zone to use of BIND 9.9 inline signing. While things went fairly smoothly on the master server, my slave ended up with a bunch of spurious DNSKEY records that came from my previous keys (I generated new keys when I went to inline signing). The extra

RE: Selective forwarding from an internal only name server

Well, the cost/benefits/risks of separating authoritative and recursive on different *servers* (as opposed to different NICs, views, or whatever) is actually a hotly-debated topic among experts. I know some non-DNS-expert opinions, from the InfoSec side of the house, consider hardware-level

RE: Selective forwarding from an internal only name server

As I read it, you have to buy the "flattening" as an extra service from CloudFlare. Their default is to give CNAME at the apex, intentionally violating RFCs. What a concept: charging extra for RFC-compliance.

Re: OPenssl 1.1 and Bind

Vin?cius Ferr?o wrote: : OpenSSL 1.0 will continue to be supported. There's no rush to go to 1.1 release. : I can't see this as an issue. Tell us that when openssl 1.0 starts to disappear. : Sent from my iPhone : > On Aug 17, 2016, at 23:38, The Doctor

Re: Selective forwarding from an internal only name server

On 18 August 2016 at 01:04, anup albal wrote: > Does that mean I setup another forwarding zone called microsoft.com or > sharepoint.microsoft.com or both? Ideally you should setup a completely separate caching/forwarding server and not be using the external DNS box (NS1)

Re: Selective forwarding from an internal only name server

On 18 August 2016 at 02:07, Barry Margolin wrote: > That's why Cloudflare's method is "RFC-compliant", but what MS is doing > with sharepoint.com is not. Microsoft's DNS implementation allows CNAMEs at the zone apex, correct it's not RFC compliant, but this is Microsoft...