On 03/07/2023 19:36, Matthias Fechner wrote:
What I understood from the documentation:
*-s* /server/[#/port/]
I can maintain e.g. my zones from my local computer at home inside a git
repository and use nsdiff and nspatch to push the changes to the server
in the internet?
Correct.
Does the
On 02/07/2023 12:27, Matthias Fechner wrote:
I have the following problem that changes in a zone file do not get
active, no matter if I reload the zone using rndc or restarting bind
9.16.42 on FreeBSD.
If I update a zone I edit the zone file, adapt the serial in the SOA and
normally do a rndc
On 07/18/17 16:09, Abi Askushi wrote:
> I am trying to figure out how could I account the DNS traffic generated
> from clients in terms of bytes. My setup is a simple caching DNS with
> several clients querying the DNS server. I can measure the DNS traffic
> that is generated from the DNS server
On 2017/07/11 14:57, b...@zq3q.org wrote:
> I have several linux VMs, that are under used, so I want to use them
> for the nameservers for 'mynew.org'. **Neither are in 'mynew.org';
> is that going to work?**
Yes, that will work. There is no requirement for any of the NSes for a
zone to be part
On 2017/07/10 14:16, Matus UHLAR - fantomas wrote:
>>> But you do know the approximate speed of light in a vacuum?
>
> there's always dark in my vacuum, so the speed of light doesn't apply
> there.
>
> On 10.07.17 09:02, wbr...@e1b.org wrote:
>> More importantly, what is the speed of light in a
On 2016/11/01 14:45, Ben Croswell wrote:
> The other option being having a master owned by your company and then
> setting both external providers to secondary from your master. You to
> maintain control over data and hqve diversity.
Agreed. This works well -- it's what we do.
Cheers,
On 2016/10/31 16:09, Barry Margolin wrote:
> I heard that the impact of the attack was even narrower than just the
> US, it was mostly eastern US. That suggests some things about the
> granularity of Dyn's anycast network and the distribution of the Mirai
> botnet.
There were actually three
On 2016/10/31 14:53, Jim Popovitch wrote:
> On Mon, Oct 31, 2016 at 10:25 AM, Matthew Seaman
> <m.sea...@infracaninophile.co.uk> wrote:
>> This despite the fact that Dyn has a global anycast network with
>> plenty of bandwidth, points of presence all round the world
On 10/31/16 12:41, MURTARI, JOHN wrote:
> God only knows, the DDOS hackers are probably on this listbut I
> have to ask what protections DYN had in place before the attack
> occurred. RRL has been promoted as some protection against these
> types of attacks. If they had it in place, did it
On 31/03/2015 02:32, @lbutlr wrote:
Can you start the named process by hand -- the command line should be
something like:
# /usr/local/sbin/named -u bind -c /etc/namedb/named.conf \
-t /var/named
Yes, that works without reporting any errors, so the issue appears to
be with
On 03/30/15 00:35, @lbutlr wrote:
Downloaded and compiled bind-9.9.7 (FreeBSD 8.4-RELEASE) and it built fine
(./configure make make install).
On FreeBSD, building software out of the ports is definitely
recommended. It does the usual configure and make dance, but you also
get the benefit of
On 09/07/2012 01:40, Doug Barton wrote:
On 07/08/2012 17:33, Matthew Pounsett wrote:
On 2012/07/08, at 20:29, Matthew Pounsett wrote:
On 2012/07/08, at 20:26, Mark Andrews wrote:
One can also build named w/o GOST support if one wants. We statically
link all the engines when building
On 08/05/2012 10:09, Ben wrote:
I am new with bind.I am trying to configure bind as caching server for
our network.I configure it and it works successfully.
Can we get report or statistics something which shows which queries
resolved from cache and which resolved from internet?
Yes. Add a
On 01/03/2012 11:20, Emil Natan wrote:
Do any of you experience the same issue? Any ideas what I'm missing or
what's wrong?
Automatic empty zones?
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
On 01/03/2012 12:10, Emil Natan wrote:
On Thu, Mar 1, 2012 at 1:26 PM, Matthew Seaman
m.sea...@infracaninophile.co.uk wrote:
On 01/03/2012 11:20, Emil Natan wrote:
Do any of you experience the same issue? Any ideas what I'm missing or
what's wrong?
Automatic empty zones
On 08/01/2012 17:09, enigmedia (onl) wrote:
How do I point requests for http://mydomain.com; and
http://www.mydomain.com; to http://mydomain.myshopify.com;?
Look up an A record (or ) for mydomain.myshopify.com, then
create a similar A (or ) record pointing to the same address in your
On 25/11/2011 16:59, Marek Kozlowski wrote:
Is it allowed to use a few `zone' clauses for a single domain? Is
something like this correct:
zone mickey.mouse.com in {
type master;
file pri/mickey-public.zone;
allow-query { any; };
allow-transfer { xfer; };
On 17/11/2011 14:41, Aleksander Kurczyk wrote:
If not, it is possible to map traffic from 127.0.0.11:53,
127.0.0.12:53 and 127.0.0.13:53 to 127.0.0.1:2001, 127.0.0.1:2002 and
127.0.0.1:2003 or to setup new loopback interfaces for 127.0.0.11,
127.0.0.12 and 127.0.0.13 on Mac OS X or somehow do
On 17/11/2011 15:13, Michelle Konzack wrote:
my ISP http://www.hetzner.de/ is now offering an IPv6 /64 subnet for
free for each Server. Not only Root-Servers but for realy ALL!
OK, however, I like to setup my VHosts to use it, but I am puzzling
around how to do this with bind9 (I
On 15/11/2011 07:19, Chris Balmain wrote:
Let's say I have two domain names, d1.com and d2.com, and I want to
synchronise all records underneath them (one-way sync, that is). So if I
create an A record www.d1.com pointing at 1.2.3.4, www.d2.com is also
automatically created, with the same
On 15/11/2011 12:50, Jeremy MAURO wrote:
I asking you all for you best practice regarding your internal DNS and
zones.
I have a 2 DNS servers used as Internal DNS and Resolvers, here is the
dilemma, should I declare in each internal zone my NS with a glue record:
$ORIGIN example.internal.
On 05/11/2011 19:37, Gaurav Kansal wrote:
Is there any way in dig or nslookup utility to see the whole path which a
DNS Server follows for giving me the answer.
dig +trace www.nkn.in
is pretty close to what you ask.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil.
On 10/10/2011 15:42, enigmedia wrote:
Hi All: If I need to set a short TTL prior to an MX IP change, do I need to
modify the TTL of the MX record, or just the A record the MX points to?
(There's just a single A record for the MX).
You want to drop the TTL on the RR where the data -- the RHS of
On 03/10/2011 13:45, Torinthiel wrote:
On 2011-10-01 11:40, Matthew Seaman wrote:
dnssec-signzone will grok all the built-in dates and do the right thing
when you sign the zone.
BTW, how does dnssec-signzone behave when you pass -s option? Does it
take into account that date when
On 01/10/2011 09:25, CT wrote:
I have a few static zones that I sign via script
keydir = directory for both KSK and ZSK
$zone = zone file
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
Fetching KSK 4054/RSASHA256 from key repository.
Fetching ZSK 36948/RSASHA256
On 23/09/2011 00:39, Joachim Tingvold wrote:
Or replace :: with _,
'_' is an illegal character in hostnames in the DNS...
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP:
On 20/09/2011 08:20, Lucio Crusca wrote:
Hence I wonder if there existed any public DNS checker that could
check a DNS which is not the NS pointed server yet,
http://dnscheck.iis.se/ has an 'undelegated domain test'
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil.
On 20/09/2011 14:25, Lightner, Jeff wrote:
On going there and testing water.com domain I see:
Delegationjavascript:void(0);
· Nameserver dswadns1.water.com is listed for zone water.com without
address information.
· Nameserver dswadns2.water.com is listed for zone
On 11/09/2011 21:00, m...@smtp.fakessh.eu wrote:
I also think the creation of the reverse zone ipv6
i dont know how to
IPv6 reverse zones work in very much the same way as IPv4 reverse zones.
So, for an address 2001:8b0:151:1:e2cb:4eff:fe26:6481 you would generate
the LHS of a PTR record
On 23/07/2011 09:22, Vbvbrj wrote:
How to tell BIND to not stop listening on cable disconnected adapters?
Add to the options {} section of named.conf:
interface-interval 0;
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Spam detection software, running on the system
lucid-nonsense.infracaninophile.co.uk, has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
The
On 25/04/2011 13:30, Victor Hugo dos Santos wrote:
Yes.. I already readed about DNS amplifier attack.. but in
amplification attack, the query is about ., but in my case, the
queries isn't by the root, but for unused type
No -- confusion of terms: '.' is the *root* of the DNS hierarchy.
On 21/04/2011 19:54, Victor Hugo dos Santos wrote:
Hello masters.
the last week I had a strange queries logged in my DNS. In this
momment I only block the IP (77.204.11.139) source and forguet of this
theme.
but, today.. I have the same query registered in my logs and from
other source
On 24/02/2011 04:14, Noel Butler wrote:
You can pretty much remove the entire statement now, as all /8's are
issued as of about two weeks ago.
This works for me:
lucid-nonsense:~/src/namedb:% cat acl-ipv4-bogons.conf
// @(#) $Id: acl-ipv4-bogons.conf 800 2011-02-03 20:22:12Z matthew $
//
//
On 16/10/2010 21:48, Kevin Oberman wrote:
To be completely clear, unless there is special software on the client
to deal with PTRs, you really only want ONE PTR for each address. Most
standard network tools tend to assume only one PTR per address and some
get very confused when multiple PTRs
On 08/08/2010 11:29:52, Shiva Raman wrote:
I am running Bind caching and bind authoritative servers with current
9.7 version. I would like
to know the steps to be followed to protect bind from DNS Cache poisoning.
The bind DNS server
is running behind the firewall which allows only
On 24/07/2010 16:17:13, Joseph S D Yao wrote:
Quick, knee-jerk, which of these is
one day?
86300
68300
863000
It's a trick question, right?
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Dear list,
Is there a way of using dnssec-lookaside and forcing bind not to
maintain a managed-keys-zone for certain views? Or allowing it to start
up if the files are missing for some views? I have within my named.conf
this view, designed to hide bind.version and so forth from the world at
On 18/07/2010 17:58:15, Evan Hunt wrote:
Is there a way of using dnssec-lookaside and forcing bind not to
maintain a managed-keys-zone for certain views?
Sure, just do it the old way, without dnssec-lookaside auto.
Put these in the view statement:
dnssec-lookaside . trust-anchor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm DNSSEC enabling the .ip6.arpa zone for my IPv6 allocation and
registering it with dlv.isc.org. Using bind-9.7.0-p2 dnssec tools.
Everything seems to be working well, but when I test using the Sandia
Labs dnsviz.net tool I get inconsistent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/06/2010 18:49:44, Casey Deccio wrote:
This has been fixed. The problem had to do with establishing a canonical
ordering of RRs within an RRset for the purposes of verifying an RRSIG.
dnspython's default comparison operators don't follow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/05/2010 12:44:32, a.sm...@ukgrid.net wrote:
we will shortly start using IPv6 reverse DNS, and having never used it
before I thought Id ask those with some experience if they have any
words of wisdom before I make any horrible mistakes ;)
Cathy Almond wrote:
If you're running a BIND 9,6,1~ variant (I don't recognise
bind96-9.6.1.2 as an ISC version string), the assert line number does
not tally with the source code for bind9/lib/isc/unix/socket.c.
That's the FreeBSD package name version for bind-9.6.1-P2 but...
That assert
Is anyone out there using $GENERATE to create blocks of and PTR records
for IPv6? Particularly PTR records?
It seems easy enough to create records automatically:
$ORIGIN infracaninophile.co.uk.
$GENERATE 0-255 2001-8b0-151-1-240-0-1234-${0,0,x}
44 matches
Mail list logo