Am 16.08.2016 um 11:04 schrieb Eivind Olsen:
I'm seeing some odd problems where BIND (9.10.4-P2) has issues resolving
getsurfed.com. This is when using the "510 Software Group" BIND 9.10 for
RHEL/CentOS/Fedora.
why do you use a 3rd party package?
no problem here with
That is correct, as I have not setup the TSIG keys yet.
Also, I am still a bit confused on how this code should be implemented in
my conf file. In the example you posted that refers back to the link, where
would I place it in the context of my views on the master? Do I only need
that one stanza
I think you are pretty close. One detail that you appear to be missing are is
in the linked document:
server 10.0.1.1 {
/* Deliver notify messages to external view. */
keys { external-key; };
};
Your slaves should have a similar statement in each view with the IP of the
master and the relevant
I am running bind 9.8.2 on a pair of RHEL 6 DNS servers.. One server is the
master, one is the slave. My goal is to setup 2 views so that our internal
folks can resolve hostnames to internal IP's while still allowing our
external customers to resolve from the outside. Both of these servers are
In message , The Doctor writes:
> Vin?cius Ferr?o wrote:
> : OpenSSL 1.0 will continue to be supported. There's no rush to go to 1.1 rel
> ease.
>
> : I can't see this as an issue.
>
> Tell us that when openssl 1.0 starts to disappear.
It
I recently switched from external signing of my zone to use of BIND 9.9
inline signing. While things went fairly smoothly on the master server,
my slave ended up with a bunch of spurious DNSKEY records that came from
my previous keys (I generated new keys when I went to inline signing).
The extra
Well, the cost/benefits/risks of separating authoritative and recursive on
different *servers* (as opposed to different NICs, views, or whatever) is
actually a hotly-debated topic among experts. I know some non-DNS-expert
opinions, from the InfoSec side of the house, consider hardware-level
As I read it, you have to buy the "flattening" as an extra service from
CloudFlare. Their default is to give CNAME at the apex, intentionally violating
RFCs.
What a concept: charging extra for RFC-compliance.
Vin?cius Ferr?o wrote:
: OpenSSL 1.0 will continue to be supported. There's no rush to go to 1.1
release.
: I can't see this as an issue.
Tell us that when openssl 1.0 starts to disappear.
: Sent from my iPhone
: > On Aug 17, 2016, at 23:38, The Doctor
On 18 August 2016 at 01:04, anup albal wrote:
> Does that mean I setup another forwarding zone called microsoft.com or
> sharepoint.microsoft.com or both?
Ideally you should setup a completely separate caching/forwarding
server and not be using the external DNS box (NS1)
On 18 August 2016 at 02:07, Barry Margolin wrote:
> That's why Cloudflare's method is "RFC-compliant", but what MS is doing
> with sharepoint.com is not.
Microsoft's DNS implementation allows CNAMEs at the zone apex, correct
it's not RFC compliant, but this is Microsoft...
11 matches
Mail list logo