Re: Question about forwarders option access

2016-11-13 Thread S Carr
On 14 November 2016 at 02:54, Techs-yama wrote: > Does not this configuration parameter [server address] is sequential access? No, it will use both, it will calculate the RTT for both servers and work out which one is responding faster and use that one for the majority of the

Re: acl

2016-10-08 Thread S Carr
On 8 October 2016 at 14:14, Pol Hallen wrote: > acl test0 { !192.168.1.50/24; 192.168.1/24;}; acl test0 { !192.168.1.50; 192.168.1.0/24;}; ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: Slaves or Forwarders?

2016-08-25 Thread S Carr
On 25 August 2016 at 21:06, Matus UHLAR - fantomas wrote: > just IXFRs or AXFRs too? > Isn't edns over UDP enough in many cases? >From what I've seen in past testing any attempt to request an AXFR against BIND using UDP gets an immediate TC response. Steve

Re: Selective forwarding from an internal only name server

2016-08-19 Thread S Carr
On 19 August 2016 at 09:02, anup albal wrote: > Below are the options on the external name server. That's not the full configs, and from both DNS servers. I get you don't want to expose some of the information but you're asking for help, we can't do that if you keep things

Re: Selective forwarding from an internal only name server

2016-08-19 Thread S Carr
On 19 August 2016 at 07:25, anup albal wrote: > After that I cannot run a "dig sharepoint.com" or "dig microsoft.com" from > dns1. However it can resolve it if i run a "dig +trace sharepoint.com" or > "dig +trace microsoft.com" Can you post your full configs and the full

Re: Selective forwarding from an internal only name server

2016-08-18 Thread S Carr
On 18 August 2016 at 01:04, anup albal wrote: > Does that mean I setup another forwarding zone called microsoft.com or > sharepoint.microsoft.com or both? Ideally you should setup a completely separate caching/forwarding server and not be using the external DNS box (NS1)

Re: Selective forwarding from an internal only name server

2016-08-18 Thread S Carr
On 18 August 2016 at 02:07, Barry Margolin wrote: > That's why Cloudflare's method is "RFC-compliant", but what MS is doing > with sharepoint.com is not. Microsoft's DNS implementation allows CNAMEs at the zone apex, correct it's not RFC compliant, but this is Microsoft...

Re: allow-query does not seem to be working

2016-08-06 Thread S Carr
On 6 August 2016 at 21:41, Frank Even wrote: > If an IP is not allowed as part of an "allow-query" statement, should the > name server still be returning any responses? I would have expected the response to be one of REFUSED.

Re: help

2016-08-06 Thread S Carr
On 6 August 2016 at 09:07, RAM MOHAN, Hari Ganesh wrote: > The flow is working for mi-testw03.pt but not working for mi-testq03.pt. I > really puzzled with such behaviour. That's simple to answer, mi-testw03.pt is registered in the .pt zone, mi-testq03.pt is not. For

Re: help

2016-08-05 Thread S Carr
On 5 August 2016 at 19:26, RAM MOHAN, Hari Ganesh wrote: > > Dig SOA gives two different results, It tells SERVFAIL and then NXDOMAIN > Check your BIND logs to make sure the zone has been successfully transferred from the master.

Re: help

2016-08-05 Thread S Carr
On 5 August 2016 at 17:21, RAM MOHAN, Hari Ganesh wrote: > We are not able to understand that why we are not able to resolve > mi-testq03.pt whereas mi-testq03.fr is just working fine. There is an A record at the apex of the mi-testq03.pt zone, right? What do you get if

Re: outgoing-traffic

2016-07-27 Thread S Carr
On 27 July 2016 at 15:10, Matus UHLAR - fantomas wrote: > however, if no responses will come from his server, it's more likely that > the queries will stop. If you look at the capture there doesn't appear to be any responses being sent for the ANY queries to start with, yet

Re: outgoing-traffic

2016-07-27 Thread S Carr
On 27 July 2016 at 14:44, Ejaz wrote: > Such as, if someone is sending ANY request , by default it should be denied > when users requests for it.. Denying the request isn't going to solve anything in this case, they are still going to repeatedly ask for it and the

Re: outgoing-traffic

2016-07-27 Thread S Carr
On 27 July 2016 at 13:33, Ejaz wrote: > Thank you so much Abdul for you instant support. > > As requested, Find the attached. So the 3 IPs (212.118.122.99-101) are continuously sending ANY requests for cpsc.gov No responses I can see are going from port 0, they are coming

Re: outgoing-traffic

2016-07-27 Thread S Carr
On 27 July 2016 at 08:41, Ejaz wrote: > Thanks for all. > > But the strange thing is that if the request comes on 53 port then it should > go only from 53 is it?? Why goes out from 0, any clue would be highly > appreciate. > > Regards > Ejaz Where's the packet capture to

Re: outgoing-traffic

2016-07-26 Thread S Carr
On 26 July 2016 at 09:53, Tony Finch wrote: > Ejaz wrote: >> >> I am not using iptable firewall from my redhat Linux box, all traffic >> manged by network team.. You might want to check whether the requests are legitimate before completely blocking them,

Re: Ns records rfc

2016-03-05 Thread S Carr
On 6 March 2016 at 04:08, rams wrote: > Is there any rfc that a tld zone should have atleast two ns records when we > create the tld zone RFC 1034 Section 4.1 A given zone will be available from several name servers to insure its availability in spite of host or