Re: how to read and answer to this mailing list

On 2010/03/30, at 19:04, Markus Feldmann wrote: > Warren Kumari schrieb: >> In the footer of every message lurks the following link: >> https://lists.isc.org/mailman/listinfo/bind-users > Yes ... i read this but you can not answer a mail this way. You can answer an email this way. I'm not sure

Re: Subdomain delegation only returns SOA on dig

On 2010/03/29, at 15:34, Prabhat Rana wrote: > > Hello all, > I'm running BIND 9.6.1-P1 on a Solaris box. This DNS (ns1.spx.net) is > authoritative to domain spx.net (this is just example). And I'm trying to > delegate nse.spx.net to ns1.nse.spx.net. I think I have configured correctly > but

Re: Using an MX record from a different domain

On 2010/03/30, at 16:57, Lear, Karen (Evolver) wrote: > > I'm adding a new domain to my existing authoritative name servers, and need > to add an MX record for a device residing on existing domain. When I run > named-checkzone, I get a message about the MX record being out of zone and > not

Re: MX records for new additional domain on existing authoritative name servers

Hi Karen. Please don't start a new thread by replying to an email in an existing discussion -- your message can get lost in that other discussion, rather than appearing as a new topic for anyone who threads their email. On 2010/03/30, at 16:30, Lear, Karen (Evolver) wrote: > I'm adding a new

Re: Intermittent failures resolving .org domains in BIND 9.7.0 with DLV enabled

On 2010/03/29, at 06:04, Roy Badami wrote: > >> It looks to me like your example, freebsd.org, is insecure. > > Yes, I agree freebsd.org is insecure, but I still want to be able to > resolve it :-) The point was, you should not be getting DNSSEC-related errors from a domain that is not secu

Re: Intermittent failures resolving .org domains in BIND 9.7.0 with DLV enabled

On 2010/03/28, at 18:48, Roy Badami wrote: > configured). The queries are resulting in SERVFAIL, and I'm pretty > sure the failures are DNSSEC-related, as when I've seen problems as > they occur (dig failing from the command line) then repeating the > query with the CD bit allowed it to succeed.

Re: Notify "storms"

On 2010/01/20, at 13:03, Dave Sparro wrote: >> We would like to make this better. >> Can anyone help with ideas on this? Are we missing something obvious? >> > > In that situation I'd consider using CVS on all of the servers to maintain > the DNS data. > Just make all of the servers masters

Re: Is an IPv6-only glue/delegation record a problem in a world of IPv4?

On 2010/01/11, at 15:16, Matthew Pounsett wrote: > By contrast, Verisign's servers have long included glue in the ANSWER > section. This is widely considered to be at best suboptimal, and by many (or > most) to be a bug. Verisign has indicated that this behaviour is comin

Re: Is an IPv6-only glue/delegation record a problem in a world of IPv4?

On 2010/01/11, at 14:48, Mathew J. Newton wrote: >> FWIW, at least one of the afilias hosts had the same IPv4 address for >> ns[12].v6ns.org. > >>> ns1.v6ns.org. 86400 IN A 77.103.161.36 >>> ns1.v6ns.org. 86400 IN 2a01:348:133::a1 >>> ns2.v6ns.org.

Re: Is an IPv6-only glue/delegation record a problem in a world of IPv4?

On 2010/01/11, at 12:29, Mathew J. Newton wrote: > Specifically, the Dig tool at http://www.kloth.net/services/dig.php seems > unable to resolve my records and I can't help but feel it's a problem at > my end rather than theirs! The problem may be at Kloth.. but at least one of the many possible

Re: Is an IPv6-only glue/delegation record a problem in a world of IPv4?

On 2010/01/11, at 12:57, Rick Dicaire wrote: > If I understand this correctly, the lack of an ANSWER section for > query would denote there is no ipv6 glue at the TLD? No, that would indicate that the name server you queried is not authoritative for the record you queried about. Glue, by

Re: BIND9 slave

On 07-Dec-2009, at 08:37, George wrote: Is there a way to make the slave server automatically get and update any new domains that are added to the master server? This question pops up about once every two months on the list. There are several other discussions on the subject that you could

Re: isc.org has signed delegation

On 22-Oct-2009, at 01:16, Loren M. Lang wrote: I just noticed that isc.org has a signed delegation from the .org name servers. I am curious what registrar you went through to get this. .org is doing a limited production release of DNSSEC right now, referred to as "Friends & Family." Ther

Re: Nslookup not showng TTL

On 15-Oct-2009, at 16:03, John Horne wrote: On Thu, 2009-10-15 at 13:15 -0400, Kevin Darcy wrote: Removing features from nslookup gets us that much closer to KILLING and BURYING it. Forever. So why does the ISC still distribute it? (Although I guess the answer may simply be "because peop

Re: Glue record miunderstanding

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01-Oct-2009, at 19:03, Scott Haneda wrote: So I see my NS is listed in the additional section. This to me tells me there is in fact glue, so I should consider the report at http://intodns.com/hostwizard.com to be inaccurate? Yeah, I just r

Re: Glue record miunderstanding

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01-Oct-2009, at 16:03, Scott Haneda wrote: Is it also correct, I only need a NS glue record for the actual NS itself. There does not need to be a glue record for very zone that I am providing DNS for? The only case where glue *must* be pre

Re: Dynamic DNS and Slave Servers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18-Jun-2009, at 14:25, Gregory Hicks wrote: Kevin: I'll bite! What is the difference between a sub*domain* and a sub*zone*? I don't see how you could have the one w/o the other. But that could be because I'm feeling especially slow today.

Re: proving a server doesn't have a zone

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01-Jun-2009, at 15:42, Todd Snyder wrote: I'm sure I'm just having a dumb moment, and that the return codes from dig can give me what I need, but I can't figure it out. Indeed, dig can help you here. Send the server a non-recursive query fo

Re: Delegation of DHCP blocks within same server?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20-May-2009, at 19:03, John Cole wrote: For a concrete example: 10.0.0.0/16 is presently handled by a single zone file. 10.1.3.0/24 is DHCP issued 10.1.4.0/24 is DHCP issued I haven't tested this... but I'm 99% certain that you can simply loa

Re: named-xfer?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02-Apr-2009, at 18:33, Michelle Konzack wrote: Hello, I have to fetch some zones from but it seems, "named-xfer" does not more exist in bind9. How can I now manualy download a zone? dig IN AXFR zone @server > fi

Re: TSIG verify failure

On 28-Feb-2009, at 04:11, Jeremie Le Hen wrote: AXFR fails invariably with the following error: "tsig verify failure". Do, by chance, TSIG packets use IP address during encryption? I've been struggling to understand the problem for maybe 8 hours, but I'm clueless now... Any help would be welco

Re: single-character host names

On 25-Feb-2009, at 17:14, Evan Hunt wrote: Actually, to be lawyerly about it, while RFC952 says you can't have a single-character name, it also defines names as including periods to delimit domain-name components. So, "m.google.com." is really a 13-character name, with a single-character compo

Re: single-character host names

On 25-Feb-2009, at 16:46, Mike Bernhardt wrote: So what is the accepted view on this currently? Is there another RFC that has made it OK now? I'm not going to say this definitively, because I'm not certain, but I think 952 may have been updated by a later RFC. Certainly there are sever

Re: BIND still will not resolve

On 02-Feb-2009, at 14:03, S. Jeff Cold wrote: BIND list, Well, I thought I had this DNS problem licked with my ISP volunteering as a secondary name server, but I guess not. My server still will not resolve my jatec.us domain. Maybe I have something wrong in named.conf or the zone fi

Re: A newbies Bind question

On 31-Jan-2009, at 13:24, Peter Privat wrote: My question: Is it possible for my friends out there somewhere in cybespace to also use my DNS server by entering its IP their DNS settings? So far I haven't managed to make it work. If another computer somewhere out there in the cloud is ente

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

On 31-Jan-2009, at 13:18, Al Stu wrote: And what business of yours would it be if I did? That is pretty much the point here. What business is it of yours, ISC, or anyone else if I chose to run my DNS with MX's pointing to CNAMES? If it is a "bad" practice, fine so be it. But it has p

Re: my DNS not resolving

On 29-Jan-2009, at 13:49, S. Jeff Cold wrote: BIND List, I have a server running OpenSuse 11.1 with BIND 9.5.0P2-18.1. This server has a dedicated IP address from my ISP. I want this server to resolve my registered domain jatec.us. The server has internet connectivity. If I dig j

Re: What are these entries in the log file - " query: . IN NS +"?

On 26-Jan-2009, at 23:03, Tony Toews [MVP] wrote: Ah, I think I see what is happening here. Searching at the below article for 63.217.28.226 http://tech.slashdot.org/tech/09/01/24/0113210.shtml shows a reply stating: "The problem seems to kick in for DNS servers that arent rejecting th

Re: Forcing a secondary update...

On 26-Jan-2009, at 17:50, Jeff Justice wrote: Without getting into how I managed to accomplish this, I have wound up with a secondary DNS that has incorrect information in it but the serial numbers are the same as on the master. So, my question is: how can I get the secondary to sync up?

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

On 25-Jan-2009, at 23:06 , Barry Margolin wrote: In article , Matthew Pounsett wrote: In the example above, when I query for "IN A mx.xyz.com?" I do not get an address record back (A, )..instead I get a CNAME record. Requirements NOT met. Then there's something

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

On 25-Jan-2009, at 13:15 , Al Stu wrote: Yes, blah was supposed to be srv1. I do receive both the CNAME and A records for the A mx.xyz.com query. See attached capture file. In the capture file three global search and replacements were performed to match the previous example. 1) domain

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

On 25-Jan-2009, at 12:41 , Al Stu wrote: "That domain name, when queried, MUST return at least one address record (e.g., A or RR) that gives the IP address of the SMTP server to which the message should be directed." @ 1800 IN A 1.2.3.4 srv1 1800 IN A 1.2.3.4 mx 1800 IN CNAME blah.xyz

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

On 25-Jan-2009, at 03:44 , Al Stu wrote: "When a domain name associated with an MX RR is looked up and the associated data field obtained, the data field of that response MUST contain a domain name.That domain name, when queried, MUST return at least one address record (e.g., A or

Re: allow-query-cache and resolution time

On 22-Jan-2009, at 16:00 , LENA MATUSOVSKAYA, BLOOMBERG/ 731 LEXIN wrote: Hello, Thank you for answering my quesiton yesterday. I have a new question about allow-query-cache and its effect on a dns server' response resolution time. allow-query-cache "specifies which hosts are allowed t

Re: unwanted delegations was: What to do about openDNS

On 21-Jan-2009, at 03:23 , Scott Haneda wrote: On Jan 20, 2009, at 6:42 PM, Matthew Pounsett wrote: Registries that implement host records (so, at least the gTLDs) could accept the word of the registrant of the zone that contains a name server (or the word of their registrar on their

Re: unwanted delegations was: What to do about openDNS

On 20-Jan-2009, at 21:24 , Danny Thomas wrote: Scott Haneda wrote: I brought this up a few months back. For me, it is getting worse, and I am not able to come up with a solution. I have many clients who reg domains. They all point to my NS. Sometimes, the client lapses hosting with me,

Re: Conflicting glue records?

On 08-Jan-2009, at 03:41 , Dawn Connelly wrote: Right, but his question was regarding the host record for the name server. You tell the registrar the name and IP address of the name servers that are authoritative for the domain. The registrar then pushes those glue records to the root servers.

Re: setup default DNS server with only one record

On 11-Dec-2008, at 04:08 , Chris Henderson wrote: I am trying to setup a default DNS server for one of my restricted network segment so that no matter what people type in their browser, they will be redirected to a single IP address or the hostname. The zone file that I have setup is partially

Re: bind-dlz and %client% token

On 27-Nov-2008, at 11:50 , Jakub Heichman wrote: Hello all, I'm looking to implementing a DNS server based on bind-dlz with mysql backend that would allow me to give different DNS responses based on clients' IP addresses. The closest match to this in BIND currently is views. If you've got

<    1   2