On 02/17/2013 12:11 PM, Vernon Schryver wrote:
From: Robert Moskowitz r...@htt-consult.com
The Redhat docs on bind had a warning about not implementing features,
like DNSSEC if your secondaries doesn't support it. That is all I am
going on. I think I also saw it in some isc.org doc.
In your
On 02/17/2013 12:43 PM, Evan Hunt wrote:
Should I put a single entry for my /48 allocation or 16 /64 entries for
the nets I am currently using?
Both ways work.
Does it make any difference for performance?
Possibly, but I doubt you could measure it. (Unless you're using a
really ancent
On 02/16/2013 07:25 PM, Tony Finch wrote:
Robert Moskowitz r...@htt-consult.com wrote:
I have been getting this warning, and wonder why?
I have read:
https://kb.isc.org/article/AA-00804/0/Why-does-named-log-an-error-disabling-RFC-1918-empty-zones-when-starting-up.html
named logs the message
Should I put a single entry for my /48 allocation or 16 /64 entries for
the nets I am currently using?
Does it make any difference for performance? Any other concerns? The
192.168 nets I use I have a /24 specified though typically I am only
using the lower /26.
In theory, no one out there
On 02/15/2013 12:37 PM, Chris Buxton wrote:
On Feb 14, 2013, at 8:49 AM, Shawn Bakhtiar wrote:
Running bind rooted on FC 16 using the standard package.
The ca file is located in /var/named/chroot/var/named/named.ca
The hints are not built in.
[shawn@www ~]$ strings /usr/sbin/named |
I am now running without chroot and relying on selinux for protection.
I created a /etc/named.d/ directory for all my many includes in
named.conf which I know I have to keep in /etc/
My rndc.key is in /etc/named.d/ and is an include in my named.conf. When
I first started bind, it reported
So it is past time for me to only use port 53 and support port
randomization. But I do run iptables (and ip6tables) and the server
sits behind a Juniper SSG firewall.
Where are there instructions for setting up iptables for port randomization
and for general firewall rules (I doubt I will
I commented out include for the root.hints and things are working still
so obviously it is built in even though the string search is not working
on my binary.
On 02/15/2013 12:57 PM, Robert Moskowitz wrote:
On 02/15/2013 12:37 PM, Chris Buxton wrote:
On Feb 14, 2013, at 8:49 AM, Shawn
I have been getting this warning, and wonder why?
I have read:
https://kb.isc.org/.../Why-does-named-log-an-error-disabling-RFC-1918-empty-zones-when-starting-up.html
I have a 128.168.192.in-addr.arpa.zone zone in my internal view. So
what might I be missing? Do I need to create my own
On 02/15/2013 03:40 PM, Chris Buxton wrote:
On Feb 15, 2013, at 9:57 AM, Robert Moskowitz wrote:
I will do some more testing with this to see if I can indeed remove the
root.hint includes. But I have a question. I have tried to dig in my server
for the root info like you can a root server
On 02/15/2013 03:40 PM, Chris Buxton wrote:
On Feb 15, 2013, at 9:57 AM, Robert Moskowitz wrote:
I will do some more testing with this to see if I can indeed remove the
root.hint includes. But I have a question. I have tried to dig in my server
for the root info like you can a root server
…
Is there anything needed in the named.conf to actuate this if you do
have it?
W
On Feb 14, 2013, at 8:35 AM, Robert Moskowitz r...@htt-consult.com wrote:
The Centos 6.3 bind and bind-chroot do not seem to come with a named.root.
Does have a named.ca, though.
So from my old named.root.hints include
Oops ignore that earlier send. Hit wrong button...
On 02/14/2013 08:42 AM, Steven Carr wrote:
On 14 February 2013 13:35, Robert Moskowitz r...@htt-consult.com wrote:
What went wrong here?
Which do I use?
Not sure what is up with your dig response (can you post the contents)
but it works
records.
Christian...
On 02/14/2013 08:35 AM, Robert Moskowitz wrote:
The Centos 6.3 bind and bind-chroot do not seem to come with a
named.root. Does have a named.ca, though.
So from my old named.root.hints include (also not provided; where did
I get this?) I tried:
wget ftp
On 02/14/2013 09:34 AM, Warren Kumari wrote:
On Feb 14, 2013, at 9:28 AM, Robert Moskowitz r...@htt-consult.com wrote:
On 02/14/2013 09:05 AM, Warren Kumari wrote:
BIND now comes with a baked in roots file (in the imaginatively named
lib/dns/rootns.c )
Not (at least by that name
On 02/14/2013 09:38 AM, Tony Finch wrote:
Robert Moskowitz r...@htt-consult.com wrote:
On 02/14/2013 09:05 AM, Warren Kumari wrote:
BIND now comes with a baked in roots file (in the imaginatively named
lib/dns/rootns.c )
Not (at least by that name) in the Redhat/Centos 6.3 bind 9.8.2
On 02/14/2013 09:47 AM, Tony Finch wrote:
Robert Moskowitz r...@htt-consult.com wrote:
Which begs the next question I was going to ask. How often should I download
a fresh named.zone?
Never. If you keep BIND reasonably up-to-date its built-in hints will work
fine.
More records 1/3
On 02/14/2013 10:18 AM, Tony Finch wrote:
Robert Moskowitz r...@htt-consult.com wrote:
More records 1/3/2013 than in the named.ca stub which IF my version has
it builtin raises the question about keeping current at this time in the
Internet (and trusting Redhat to roll in new builtin
On 02/14/2013 10:26 AM, Jaap Akkerhuis wrote:
You too are missing some A and records! Here is mine:
Use bufsize=4096 or at least something around 700, else the answer
doesn't fitand is truncated.
I was thinking it was something like that. Thanks.
jaap
dig
I am upgrading my server from bind-9.3.6 via Centos 5.5 to 9.8.2 in
Centos 6.3.
I have and will run bind chrooted and on my test setup I noticed a 'new'
subdirectory in the chroot tree:
/var/named/chroot/etc/named/
I cannot find any documentation as what is indended to be placed in this
On 02/13/2013 12:43 PM, Mike Hoskins (michoski) wrote:
-Original Message-
From: Robert Moskowitz r...@htt-consult.com
Date: Wednesday, February 13, 2013 10:53 AM
To: bind-users@lists.isc.org bind-users@lists.isc.org
Subject: chroot/etc/named/ directory?
I am upgrading my server from
: chroot/etc/named/ directory?
-Original Message-
From: Robert Moskowitz r...@htt-consult.com
Date: Wednesday, February 13, 2013 10:53 AM
To: bind-users@lists.isc.org bind-users@lists.isc.org
Subject: chroot/etc/named/ directory?
I am upgrading my server from bind-9.3.6 via Centos 5.5
On 02/13/2013 03:40 PM, Mike Hoskins (michoski) wrote:
-Original Message-
From: Robert Moskowitz r...@htt-consult.com
Date: Wednesday, February 13, 2013 2:15 PM
To: Mike Hoskins micho...@cisco.com
Cc: bind-users@lists.isc.org bind-users@lists.isc.org
Subject: Re: chroot/etc/named
Chris Thompson wrote:
On Oct 18 2009, Joseph S D Yao wrote:
On Sat, Oct 17, 2009 at 10:33:37PM -0400, Robert Moskowitz wrote:
I am trying to build up an environment where the user can maintain
custom files and leave the basic files alone.
So I have a named.acl that works, I add an include
I am NOT looking for one that automagically updates the various files.
I am more than happy with one that builds the files, even including
includes for 'non-supported types' (eg I am working with the HIP DNS
records).
I suppose I could design something, but then I would miss a lot.
I did
Mark Andrews wrote:
In message 4adb44a5.2060...@htt-consult.com, Robert Moskowitz writes:
Chris Thompson wrote:
On Oct 18 2009, Joseph S D Yao wrote:
On Sat, Oct 17, 2009 at 10:33:37PM -0400, Robert Moskowitz wrote:
I am trying to build up an environment where
I am trying to build up an environment where the user can maintain
custom files and leave the basic files alone.
So I have a named.acl that works, I add an include line:
acl hdanets {
192.168.1.0/24; // hda network
include custom.acl;
};
and get the error:
Starting named:
Here is what NSLOOKUP is doing:
# nslookup
set type=any
home.htt.
Server: 208.83.67.148
Address:208.83.67.148#53
Non-authoritative answer:
home.httnameserver = home.htt.
Authoritative answers can be found from:
home.httnameserver = home.htt.
When I ask about
Barry Margolin wrote:
In article mailman.696.1255498841.14796.bind-us...@lists.isc.org,
Robert Moskowitz r...@htt-consult.com wrote:
Barry Margolin wrote:
In article mailman.693.1255466849.14796.bind-us...@lists.isc.org,
Robert Moskowitz r...@htt-consult.com wrote:
I
. Things work well enough within the domain for its purposes,
but broken outside of that...
Robert Moskowitz wrote:
I have been running BIND here on my net for quite a few years time and
run 2 views on my main server, for internal and external users. I
also have a separate BIND server on a test
Barry Margolin wrote:
In article mailman.702.126893.14796.bind-us...@lists.isc.org,
Robert Moskowitz r...@htt-consult.com wrote:
SOLVED!!!
Problem was with the DNS server for home.htt. The zone files there are
built from scripts from a database, and there are problems with the SOA
I have been running BIND here on my net for quite a few years time and
run 2 views on my main server, for internal and external users. I also
have a separate BIND server on a test bed that uses a test TLD of htt.
It has worked well for the past year.
Now I have installed an Amahi server
Barry Margolin wrote:
In article mailman.693.1255466849.14796.bind-us...@lists.isc.org,
Robert Moskowitz r...@htt-consult.com wrote:
I have been running BIND here on my net for quite a few years time and
run 2 views on my main server, for internal and external users. I also
have
101 - 133 of 133 matches
Mail list logo