Re: Automatic . NS queries from BIND

? The hints file takes precedence over the hard-coded ones. Otherwise, how could you run BIND on a private network not connected to the real root servers? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users

Re: Doubt regarding acls and internal and external view.

it? -- Elias Pereira ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Barry Margolin Arlington

Re: Need assistance with configuring external zone on a 2nd CentOS 7 bind v9.4.4 dns slave

-md5; secret blahblahblahblahblah; }; Thanks, William Clarke ITS System Administrator Bard College at Simon's Rock 84 Alford Road Great Barrington, MA 01230 (413) 528-7428 (voice) (413) 528-7405 (fax) wcla...@simons-rock.edu On 4/8/2015 10:54 AM, Barry Margolin

Re: Need assistance with configuring external zone on a 2nd CentOS 7 bind v9.4.4 dns slave

to use TSIG keys. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: on TTL expiry BIND sends 'ANY' query, gets back 'NOANSWER'

the servicing of the next query from the client? And finally, is there something I can tweak in BIND to avoid this problem? Thanks. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: on TTL expiry BIND sends 'ANY' query, gets back 'NOANSWER'

for many years. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Variable in name of file for named.conf

based on the zone name. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: com.google how did they do that

/ [3] http://newgtlds.icann.org/en/program-status/delegated-strings -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https

Re: zone not updating

) 600; minimum (10 minutes) ) -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https

Re: BIND not loading into memory on first transfer

, it should update the in-memory version, and serve that, even though it wasn't able to save it to disk. That's what it does on the SECOND transfer, it just doesn't do it on the FIRST transfer. -- Barry Margolin Arlington, MA ___ Please visit https

Re: order of masters IP addresses in slave/stub zone?

. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: SRV records etc

their services so you don't use them to hijack other people's domains. I was talking about HINFO, not SRV. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Barry Margolin Sent: Tuesday, February 10, 2015 9:14 PM To: comp

Re: SRV records etc

about that. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS pointing question - Temporary moving webserver to another site

of the Internet will get the records from the secondary DNS. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https

Re: How to alias a domain

. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: can't-resolve

://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman

Re: [question] new bind option max-recursion-depth

of a chain of Akamai CNAMEs that exceeded the limit? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org

Re: [question] new bind option max-recursion-depth

In article mailman.1299.1418839938.26362.bind-us...@lists.isc.org, Evan Hunt e...@isc.org wrote: On Wed, Dec 17, 2014 at 03:32:30AM -0500, Barry Margolin wrote: Didn't someone post a problem they were having a few days ago because of a chain of Akamai CNAMEs that exceeded the limit

Re: Question about how forwarders work

. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Barry Margolin Arlington, MA ___ Please visit

Re: ipv6 AAAA register and ipv4 NS register with the same name

. Nameservers are listed in NS records, regardless of the IP version. Just use more nameserver records: @ IN NS v4-ns1 IN NS v4-ns2 IN NS v6-ns1 IN NS v6-ns1 v4-ns1 IN A 1.2.3.4 v4-ns2 IN A 9.8.7.6 v6-ns1 IN 11:22:33:44::1 v6-ns2 IN aa:bb:cc:dd::10 -- Barry Margolin Arlington, MA

Re: ipv6 AAAA register and ipv4 NS register with the same name

not possible. I suspect what he's actually having trouble with is registering nameservers with his registrar, and nothing actually to do with BIND. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users

Re: Forward vs Authoritative traffic

if its auth or fwd zone. If you don't have a zone file for the zone on the server, yet it returns the correct answer, then it must be forwarding. Where else would it get the answer? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org

Re: forwarding zone to another DNS server problem

rather than normal delegation, the likelihood is that the servers for the subdomain are not accessible from the public Internet. So stub won't help. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users

Re: forwarding zone to another DNS server problem

it for example www.test.com A record. What's wrong? Are you sending recursive queries to the first server? Forwarding will only be done if the client requests recursion. Recursive servers don't request recursion when they query the registered servers for a zone. -- Barry Margolin Arlington, MA

Re: Digging to the final IP

to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe

Re: BIND listen backlog too small

it to whatever somaxconn is? Or just set backlog to whatever is is set for somaxconn? Since TCP queries should be infrequent, why does it need a high backlog? It seems like it's already increasing it, IIRC the default is 5. -- Barry Margolin Arlington, MA

Re: Diagnostic help part 2

. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Two domains reporting errors

name from named.conf, and only changes when you use the $ORIGIN directive. Lines inherit their label from the previous line if they start with whitespace (i.e. they have no label of their own). -- Barry Margolin Arlington, MA ___ Please visit https

Re: Change in behaviour regarding ndots and searchlist

I'm seeing is even if I specify ralph.ex1.com it is looking up and failing on ralph.ex1.com.ex2.net. Without the final explicit . your name is not fully qualified. But if a name has more than ndots dots, it's supposed to be tried as given first, before adding search domains. -- Barry

Re: A record of domain name must be name server ?

to explain more details ? Thank you very much. NS records tell everyone where the DNS servers for the domain are. So xxx.com only has to be assigned the IP of the DNS server if you have an NS record that says that xxx.com is the DNS server for xxx.com. -- Barry Margolin Arlington, MA

Re: Root servers

still work (that's unlikely to ever happen), or some of the IPs have been reassigned to untrusted servers (I expect that IANA takes care not to allow this). -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND and listening on interfaces

an outgoing packet with the translated IP and port, it undoes the translation. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users

Re: slave zone files unreadable

consider the file contents to be reasonable if they could change spontaneously. Anyway, don't all modern disks have ECC codes in them? These will detect and correct bit flips in the mtime just as well as the contents. If you want extra safety, use RAID. -- Barry Margolin Arlington, MA

Re: problem resolving ardownload.adobe.com

. That said, the load balancer should know that if it returning CNAME to A and queries, that it should also return CNAME to all other query types. This is basic RFC 1034 behaviour. This is pretty common misbehavior for dedicated load balancers. -- Barry Margolin Arlington, MA

Re: Private IP address in A record

already removed that record for now. Is it possible to set DNS server for not show answer that be the private IP address? The other server may be behind a firewall that blocks private addresses. -- Barry Margolin Arlington, MA ___ Please visit https

Re: Default query type of dig

. Can this easily be done (I did not find a switch for .digrc nor another option) or is there a source code change needed? Dig isn't customizable, AFAIK. Use an alias/shell function. -- Barry Margolin Arlington, MA ___ Please visit https

Re: Name-server redundancy

for a reply. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: slave: WARNING: recursion requested but not available

know what kind of nameserver you're asking. It defaults to asking for recursion. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users

Re: Point domain name of my zone to name in somebody else's zone?

containing the ANAME, instead of routing each end user to their closest servers. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users

Re: Answer for a specific host, but recurse for all others within a zone

, and put the local server address in an A record at the apex. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https

Re: Point domain name of my zone to name in somebody else's zone?

side. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Point domain name of my zone to name in somebody else's zone?

to www.domain.com, which is CNAMEd to the third party domain. Either that...or come up with a way to script it. That's what we did when I was at Akamai. Their custom DNS servers have an option to resolve the domain apex by looking up another name and returning its IP. -- Barry Margolin

Re: Dig for a reverse zone transfer

do it. It's the same syntax as forward zone transfer, you just give the name of the reverse zone. You can also use the -x option to generate the reverse zone name automatically: dig @servername -x 192.168.1 axfr -- Barry Margolin Arlington, MA

Re: Master to Slave initial zone transfer question

??? To pick up new zones added to named.conf, you just need to use: rndc reconfig You don't need to restart the daemon on either the master or slave. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users

Re: Master to Slave initial zone transfer question

In article mailman.2653.1397662961.20661.bind-us...@lists.isc.org, Jim Glassford jmgl...@iup.edu wrote: On 4/16/2014 11:35 AM, Barry Margolin wrote: In article mailman.2651.1397662255.20661.bind-us...@lists.isc.org, Jeronimo L. Cabral jelocab...@gmail.com wrote: Dear, I've implemented

Re: Master to Slave initial zone transfer question

it on both, instead of restarting the daemon. First execute it on the master, then execute it on the slave. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing

Re: How can I increase the TTL for the cached entries in my local dns serveder?

to a new hosting provider, or if using DNS for failover), he has to be able to set a small TTL, and depend on the fact that everyone will obey it. You can set a maximum TTL, but there's no minimum TTL. -- Barry Margolin Arlington, MA ___ Please visit

Re: which Name sever is selected?

another server can't be better. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind

Re: how to modify the cache

operate the server itself, you can put anything you want into its memory. If you want to override a particular record that would normally be cached, just make the server authoritative for that name. -- Barry Margolin Arlington, MA ___ Please visit

Re: how to modify the cache

get into anyone else's cache. On Feb 14, 2014 10:20 AM, Barry Margolin bar...@alum.mit.edu wrote: In article mailman.2257.1392386898.20661.bind-us...@lists.isc.org, Ben Croswell ben.crosw...@gmail.com wrote: You can't modify cache. If that was allowed you could cache poison any

Re: I may be confused regarding sub delegated zone

https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Barry Margolin Arlington, MA ___ Please visit https

Re: Recursive no; implications?

of their value-added services. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind

Re: classless ptr setup

nothing special about reverse zones as far as BIND is concerned. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https

Re: Can we do a sub-domain delegation with godaddy?

that are in the delegated domain or any domain under the delegated domain. That's how you do it if you have control over the zone file. His question is how you do when Go Daddy controls the zone file and you have to use whatever web application they provide for managing your domain. -- Barry

Re: Generic reasons for recursive performance not to peg CPU?

anything until the response arrives. But an auth-only server doesn't spend any time waiting for responses. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users

Re: Is this scenario possible?

wanted? If you just want mail.example.com, it should be: @ IN A 20.20.20.21 IN A 30.30.30.30 -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list

Re: Is this scenario possible?

move the above A record into the subdomain, I don't see any problem with this. You should also make sure you're more careful when editing your real zone files than you have been when writing your post, there were LOTS of typoes (NA instead of NS, exmaple for example). :) -- Barry Margolin

Re: bad owner name - Unable to add forward map from Nintendo Wii U ... REFUSED

this, or should I look for a way to sanitize the hostname? Thanks in advance for any advice you can give. You can configure this with the check-names option in named.conf. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo

Re: Unable to transfer IPv4 reverse zone

binding TCP socket: address in use two times. Who is listening on TCP port 53? Apparently the one DNS server that is replying SERVFAIL... Try doing: lsof -i :53 to see what process is listening on port 53. -- Barry Margolin Arlington, MA ___ Please

Re: rndc refresh fails for signed zones

to notify A. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: error (no valid DS)

. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: script - automatic change A record

server that users put into their mail client configurations. DNS-based failover is a reasonable approach for these. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind

Re: Recursive BIND server doesn't execute recursion for IPv6 fd00::/8 reverse zone

zone. The query cannot go to the DNS root servers, must be forwarded to the authoritative server for the zone (ns1.mydomain.com). So configure it as type forward. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo

Re: Recursive BIND server doesn't execute recursion for IPv6 fd00::/8 reverse zone

. 604800 ; Expire after 1 week. 86400 ) ; Minimum TTL of 1 day. IN NS ns1.mydomain.com. You can only delegate subdomains. You can't delegate the zone itself. A server will NEVER recurse for a master or slave zone, as declared in named.conf. -- Barry Margolin Arlington, MA

Re: Allow recursion for esternal resources in a authoritative zone on a not open dns server

chain in this case? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Allow recursion for esternal resources in a authoritative zone on a not open dns server

In article mailman.1696.1384823151.20661.bind-us...@lists.isc.org, Mark Andrews ma...@isc.org wrote: In message barmar-90ddc3.19453818112...@news.eternal-september.org, Barry Margolin writes: In article mailman.1694.1384820048.20661.bind-us...@lists.isc.org, Mark Andrews ma...@isc.org

Re: Problem resolving my google country domain from certain servers

@ns.citmatel.com.cu show? From your +trace, it seems like there's something blocking you from communicating with those servers. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind

Re: stealth with views?

, you have bigger problems than this. DNS through a provider, so there doesnt seem like an easy way to monitor and confirm a zone transfer from our master alone. Any recommendations? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org

Re: [External] Re: intermittent resolution

with EDNS0, you would have problems like that. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman

Re: zone delegation/forwarding in a non-recursive view

-- external caching servers usually do iterative queries. I don't understand why this is a problem for you, though. You said you're delegating to an external nameserver, so when you return the referral they should be able to go there by themselves. -- Barry Margolin Arlington, MA

Re: authoritative rDNS

records they show it: $ dig @8.8.8.8 -x 23.235.75 ns ;; ANSWER SECTION: 75.235.23.in-addr.arpa. 21600 IN NS ns2.qcislands.net. 75.235.23.in-addr.arpa. 21600 IN NS ns.qcislands.net. -- Barry Margolin Arlington, MA ___ Please visit https

Re: Synthesized CNAME from NXDOMAIN

namespace. Anyway, there might not be an easy way to to do it, and we might just have to lose our safety net, but I wanted to ask users on the list if there's some obscure configuration that might be helpful. Isn't this what DNAME is for? -- Barry Margolin Arlington, MA

Re: Problem with authoritative answer

to update by DNZ zone file to make the other domains DNS, which only has forwarder records for us, authoritative by adding an NS record for it? Am I just barking up the wrong tree? I don't know anything about Amanda (I don't even know what it is), but I suspect so. -- Barry Margolin Arlington

Re: nxdomain

to names that it shouldn't. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Strange problem with a query deleting a record...

) is responding with NXDOMAIN instead of NOERROR. Maybe there's a configuration option in squid that tells it not to try to use IPv6, so it won't request records. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind

Re: Strange problem with a query deleting a record...

. If you ask it for the A record it's responsible for, it sends a reasonable reply. If you ask it for some other record type for that name, it sends NXDOMAIN instead of NOERROR. It's a design flaw in these load balancers. -- Barry Margolin Arlington, MA

Re: rndc flush and TTL values

behavior. Thanks S Do you use forwarders for other zones beside makemytrip.com? If you forward to a caching server, you'll get their TTLs when you re-query afte flushing, not the TTLs from the authoritative servers. -- Barry Margolin Arlington, MA

Re: rndc flush and TTL values

, 2013 at 5:11 PM, Barry Margolin bar...@alum.mit.edu wrote: In article mailman.1138.1377164540.20661.bind-us...@lists.isc.org, sumsum 2000 sum2h...@gmail.com wrote: This is my configuration for positive and negative cache TTL. view newDNS

Re: code understanding

-developers (but I don't know whether that's intended more for discussion of contributions to the public BIND code, not just personal interest). -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe

Re: How does it work, if I don't give the named.ca information for cache only dns server

is in the named.conf. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Internernal view is answering to external ping

dhcpupdate { algorithm hmac-md5; secret ddjsdfruifhrfr88r8rr5544==; }; Thanks in advance. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

Re: BIND slave stops updating from master after 1-3 days

domain. It *should* be. But if it gets an error loading the zone file, it will make itself non-authoritative, to avoid propagating the errors to slaves. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users

Re: IPv4 not working reverse on /24 cidr

.IN-ADDR.ARPA { type master; file /usr/named/rev/10.10.1.128.rev; }; Do you also have a 1.10.10.in-addr.arpa zone, and does it have all the necessary CNAME records pointing x.1.10.10.in-addr.arpa to x.128/27.1.10.10.in-addr.arpa? -- Barry Margolin Arlington, MA

Re: New warning message...

. Many people also have vanity domains with auto-forwarding enabled like this. Who should the sender be changed to? AFAIK, it has never been standard practice to rewrite the sender when simply forwarding to an alias, which is what this is. -- Barry Margolin Arlington, MA

Re: IPv4 not working reverse on /24 cidr

. Of course. How else do you expect DNS to figure out that it should look in the RFC 1918 zone? The CNAMEs are the link between the normal reverse DNS name and the CIDR-style name. There's nothing automatic about RFC 1918. -- Barry Margolin Arlington, MA

Re: RFC requirements for relative CNAME targets?

through 'em; was just hoping someone knew the answer off the top of their head. All names in a zone file that do not end with . get the $ORIGIN appended to them. This is required by the zone file specification. -- Barry Margolin Arlington, MA

Re: Reverse address entries

. If your hosts.allow file contains something like: sshd: *.yourdomain.com then the server will do a reverse lookup and forward validity check before testing whether the hostname ends in .yourdomain.com. -- Barry Margolin Arlington, MA ___ Please

Re: servfail response message question

to the LB, and then the caching server should query the LB. Regarding the problem as you state it, is the LB responding authoritatively? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe

Re: servfail response message question

in the mail-to-news gateway? Ryan From: Barry Margolin bar...@alum.mit.edu To: comp-protocols-dns-b...@isc.org Sent: Wednesday, June 26, 2013 10:24 AM Subject: Re: servfail response message question In article mailman.668.1372206152.20661.bind-us

Re: any requests

have given you the whole chain without further queries. Unless the links in the CNAME chain are in the same bailiwick, isn't the client going to ignore them and follow them itself, to avoid cache poisoning? -- Barry Margolin Arlington, MA ___ Please

Re: any requests

. The only time it should recurse is when it doesn't have the name in its cache yet. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users

Re: any requests

server, and get everything from there. But if it already has the name in cache, the ANY query will just return it, not force a recursion. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe

Re: any requests

MS DNS does, but I'm pretty certain that if you direct this to the BIND server the second query will only return the A record, not the MX record. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users

Re: Help on NXDOMAIN to try next forwarder in the list

may have different views of a record. TTLs, refresh times, and NOTIFY allow DNS administrators to limit the size of those windows. Application developers are expected to work around this at higher levels, as best they can. -- Barry Margolin Arlington, MA

Re: Help on NXDOMAIN to try next forwarder in the list

be to set the number of nameservers to be looked upon in the /etc/hosts file. nameserver 8.8.8.8 nameserver 4.4.2.2 nameserver 4.1.2.2 No. /etc/resolv.conf failover only happens on errors, not NXDOMAIN responses. -- Barry Margolin Arlington, MA

Re: Classless PTR query issue

, not the authoritative server. It should then follow the ISP's delegation. If you're using the same server for auth and caching, you need to put the local IPs in the allow-query ACL. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman

Re: Classless PTR query issue

to RFC2317, and get them to do it right. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo

Re: How does bind select what master to use?

value. But if all of them have the same serial (and they're all higher than the local value, of course), how does it decide which one to transfer from? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind

Re: “Foreign” name in the reverse lookup zone

anyone can put some-addr PTR foo.company.com. in their reverse zone. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org

Re: I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an updat

(including popular domains like www.google.com, www.yahoo.com, etc.), not just isc.org? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users

<    1   2   3   4   5   >