Re: What is the equivalent of this dnsmasq configuration

Pretty much a precise use case for RPZ (Response Policy Zones). Google it or search the BIND docs for RPZ. On Sun, Jun 18, 2023 at 8:37 PM public1020 via bind-users < bind-users@lists.isc.org> wrote: > I need to hijack certain domains and not its subdomains, so I use dnsmasq > to achieve it: > >

What is the equivalent of this dnsmasq configuration

I need to hijack certain domains and not its subdomains, so I use dnsmasq to achieve it: ``` [host-record=example.com](http://host-record=google.com),1.2.3.4 ``` In bind I have to create a zone and copy everything there, is there a simple way for domains I have no authority for?-- Visit

Re: How to show run the active configuration on bind

Mik J via bind-users wrote: > How can I check which variables are loaded in memory and considered as active. As Ray said, usually it isn't ambiguous. But there are a couple of semi-relevant tools that are worth knowing about: You can use `named-checkconf -p` to canonicalize your configurat

Re: How to show run the active configuration on bind

On 04/01/2022 16:53, Mik J via bind-users wrote: Hello, How can I check which variables are loaded in memory and considered as active. For example, I would like to check that the value of lame-ttl is 0 In my named.conf configuration file I have include "myconf.conf"; la

How to show run the active configuration on bind

Hello, How can I check which variables are loaded in memory and considered as active. For example, I would like to check that the value of lame-ttl is 0In my named.conf configuration file I haveinclude "myconf.conf"; lame-ttl 600; And in the myconf.conf file I havelame-ttl 0; So how

Re: "minimal-any" configuration query

ShubhamGoyal wrote: > We have enabled " minimal-any yes;" in our Bind DNS Sever, Yet an ANY > query provides complete details instead of providing reduced details . Testing minimal-any with dig is tricky and very obscure! For an example of how to test it, try: dig cam.ac.uk any

Re: "minimal-any" configuration query

> > Dear sir, > We are running a public DNS resolver in > Centos 8 with bind software . We enable geoip feature at configuration time > now I want to know about > >" How can we i

RE: "minimal-any" configuration query

Without seeing your configuration, I can only suggest trying the minimal-responses option. Regards, Bob ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software

Re: "minimal-any" configuration query

I believe, "minimal-any" is for authoritative nameservers only and has no effect on recursive resolvers. Where did you configure "minimal-any yes"? Daniel On 08.09.20 13:30, ShubhamGoyal wrote: > Dear All, >    We have enabled " *minimal-any yes;"* in our Bind > DNS Sever,

"minimal-any" configuration query

Dear All, We have enabled " minimal-any yes;" in our Bind DNS Sever, Yet an ANY query provides complete details instead of providing reduced details . Please suggest a fix.

Can we use rndc addzone to add zone in rpz configuration?

Hi, Keen to know if rndc addzone functionality can be used to add zones in bind serving response-policy? If so then what would be my view? Do I need to define my view to make it work? I tried this and its failing hence wondering if rndc can be used to add zone or delete zone on the fly? Here is

Re: bind v9.16.2 build, inconsistent GeoIP2 configuration options usage ?

On 4/15/20 2:46 PM, PGNet Dev wrote: > On 4/15/20 1:50 PM, Ondřej Surý wrote: >> you are right this is a bit confusing, but you need to specify both: >> >> --enable-geoip (as the feature independent of used libraries) >> --with-maxmindsb (where to find the libraries) > > thx > > i'd also suggest

Re: bind v9.16.2 build, inconsistent GeoIP2 configuration options usage ?

On 4/15/20 1:50 PM, Ondřej Surý wrote: > you are right this is a bit confusing, but you need to specify both: > > --enable-geoip (as the feature independent of used libraries) > --with-maxmindsb (where to find the libraries) thx i'd also suggest - --with-maxmiddb +

Re: bind v9.16.2 build, inconsistent GeoIP2 configuration options usage ?

bled: >Mutex lock type: adaptive >IPv6 support (--enable-ipv6) >Python tools (--with-python) >XML statistics (--with-libxml2) >JSON statistics (--with-json-c): -I/usr/include/json-c -ljson-c >HTTP zlib compression (--with-zlib) >

bind v9.16.2 build, inconsistent GeoIP2 configuration options usage ?

th-python) XML statistics (--with-libxml2) JSON statistics (--with-json-c): -I/usr/include/json-c -ljson-c HTTP zlib compression (--with-zlib) LMDB database to store configuration for 'addzone' zones (--with-lmdb) IDN support (--with-

Re: Saurabh: Want to exclude the MX Record from my RPZ Configuration.

. > I want to exclude the MX Record for any domain in my RPZ Configration. > I only want to keep the A Record of any domain but want to exclude the MX > Record of that domain. > Can you please help me out to achieve this? > Means, in configuration, is it possible to exclude the MX R

Saurabh: Want to exclude the MX Record from my RPZ Configuration.

this? Means, in configuration, is it possible to exclude the MX Record of any domain? Please hep me out in this regard. Thanks, Saurabh Thanks & Regards, Saurabh Email: jp.saur...@gmail.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-u

Re: DNS RPZ Master/Slave configuration

> Hi there, >> >> Can someone please guide me on working configuration of Mater/Slave zone >> in DNS RPZ for reference? >> >> Is that available with someone? And does it work exactly as master/slave >> like any other zone? >> > > __

Re: DNS RPZ Master/Slave configuration

PM, Blason R <blaso...@gmail.com> wrote: > Hi there, > > Can someone please guide me on working configuration of Mater/Slave zone > in DNS RPZ for reference? > > Is that available with someone? And does it work exactly as master/sla

DNS RPZ Master/Slave configuration

Hi there, Can someone please guide me on working configuration of Mater/Slave zone in DNS RPZ for reference? Is that available with someone? And does it work exactly as master/slave like any other zone? ___ Please visit https://lists.isc.org/mailman

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Am 19.06.2017 um 16:56 schrieb Matus UHLAR - fantomas: since DNS don't care about the PTR but mail does what is your problem that you need stupid dicussions instead just agree that it can't do harm and in doubt is beneficial to have just one hostname, use that one hostname in helo_name and

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Am 19.06.2017 um 16:56 schrieb Matus UHLAR - fantomas: since DNS don't care about the PTR but mail does what is your problem that you need stupid dicussions instead just agree that it can't do harm and in doubt is beneficial to have just one hostname, use that one hostname in helo_name and

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Am 19.06.2017 um 15:25 schrieb Matus UHLAR - fantomas: those rejections were NOT caused by having two different PTRs. They were caused by something different that is not a subject of this thread - even one PTR of this format would cause rejections. On 19.06.17 15:32, Reindl Harald wrote: not

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Am 19.06.2017 um 15:25 schrieb Matus UHLAR - fantomas: * smtp_helo_name of your MTA matches the same name this one is incorrect and my next comment applies only to this one: On 19.06.17 15:14, Reindl Harald wrote: does it harm? NO is it easy to achive? YES can it be used for scoring on a

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

* smtp_helo_name of your MTA matches the same name this one is incorrect and my next comment applies only to this one: On 19.06.17 15:14, Reindl Harald wrote: does it harm? NO is it easy to achive? YES can it be used for scoring on a spamfilter? YES is it required? NO. Actually, this

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Am 19.06.2017 um 15:00 schrieb Matus UHLAR - fantomas: On 19.06.17 01:05, Reindl Harald wrote: it's nearly always misleading and results in randomness on the receiving server which name get logged and if A/PTR matches normally you should always have: * IP with *one* PTR * the A-Record for

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 19.06.17 01:05, Reindl Harald wrote: it's nearly always misleading and results in randomness on the receiving server which name get logged and if A/PTR matches normally you should always have: * IP with *one* PTR * the A-Record for the PTR matches these two are correct. *

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

In article you write: >>* IP with *one* PTR >>* the A-Record for the PTR matches >>* smtp_helo_name of your MTA matches the same name > >Even this is not required. In fact, requiring this breaks SMTP RFC. >The only requirement on helo name is

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Am 19.06.2017 um 08:49 schrieb Matus UHLAR - fantomas: On 18.06.17 16:26, Mark Elkins wrote: Put two reverse records in both the IPv4 and IPv6 reverse zones in the "125.124.123.in-addr.arpa" zone: 126 IN PTR mail.xxx.com. 126 IN PTR ns.xxx.com. Am 18.06.2017 um 17:38

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 06/19/2017 10:42 AM, Matus UHLAR - fantomas wrote: If I do what you say reverse IP for DNS will point on mail.xxx.com and not on ns.xxx.com. I have asked you twice: WHO TOLD YOU THIS IS A PROBLEM? IT IS NOT! There are only a few services on the net who currently use reverse DNS

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 06/19/2017 10:27 AM, Mark Elkins wrote: Another solution could be to make one of the names a CNAME pointing to the other name. -or- Just use one generic name for both services. rather than the two "service" names. Although in all honesty, I see nothing wrong with a lookup returning two

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 19.06.17 10:27, Mark Elkins wrote: Another solution could be to make one of the names a CNAME pointing to the other name. No. This would create a real problem, since NS and mail have different records. -or- Just use one generic name for both services. rather than the two "service"

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 06/19/2017 08:51 AM, Matus UHLAR - fantomas wrote: long story short: in the "125.124.123.in-addr.arpa" zone: 126 IN PTR mail.xxx.com. quoting your original message: What should I put for IPV4 reverse address : if I put mail.xxx.com, the reverse address will not point on

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Another solution could be to make one of the names a CNAME pointing to the other name. -or- Just use one generic name for both services. rather than the two "service" names. Although in all honesty, I see nothing wrong with a lookup returning two answers (in a single response packet) for the

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 06/19/2017 08:51 AM, Matus UHLAR - fantomas wrote: On 19.06.17 08:03, Pierre Couderc wrote: Ok, thank you all, now I need to understand your answers... long story short: in the "125.124.123.in-addr.arpa" zone: 126 IN PTR mail.xxx.com. quoting your original message: What should

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

t them all in the reverse configuration. After all, a NS record usually has at least two records ;-) there are cases when having two reverse records is misleading it's nearly always misleading and results in randomness on the receiving server which name get logged and if A/PTR matches normally

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 19.06.17 08:03, Pierre Couderc wrote: Ok, thank you all, now I need to understand your answers... long story short: in the "125.124.123.in-addr.arpa" zone: 126 IN PTR mail.xxx.com. quoting your original message: What should I put for IPV4 reverse address : if I put mail.xxx.com,

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 18.06.17 16:26, Mark Elkins wrote: Put two reverse records in both the IPv4 and IPv6 reverse zones in the "125.124.123.in-addr.arpa" zone: 126 IN PTR mail.xxx.com. 126 IN PTR ns.xxx.com. Am 18.06.2017 um 17:38 schrieb Matus UHLAR - fantomas: there are cases when having

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

t them all in the reverse configuration. After all, a NS record usually has at least two records ;-) there are cases when having two reverse records is misleading it's nearly always misleading and results in randomness on the receiving server which name get logged and if A/PTR matches no

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

s possible, it's not always a good idea. One reverse record is enough in most cases you need reverse DNS. (which mostly means, for outgoing mail) Nothing wrong with a machine (or interface on a machine) having more than one name for the same address. List them all in the reverse configuration. After

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

is enough in most cases you need reverse DNS. (which mostly means, for outgoing mail) Nothing wrong with a machine (or interface on a machine) having more than one name for the same address. List them all in the reverse configuration. After all, a NS record usually has at least t

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 18.06.17 15:40, Pierre Couderc wrote: Well, we have 2 computers in xxx.com subnet provided by ISP on 123.124.125.126 ipV4 address and corresponding IPV6 segment mail.xxx.com :2a01:e34:::::1122:3344 for mail server ns.xxx.com : 2a01:e34:::::aabb:ccdd for

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

d see what question dig asks. Nothing wrong with a machine (or interface on a machine) having more than one name for the same address. List them all in the reverse configuration. After all, a NS record usually has at least two records ;-) On 18/06/2017 15:40, Pierre Couderc wrote: > Well, we hav

reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Well, we have 2 computers in xxx.com subnet provided by ISP on 123.124.125.126 ipV4 address and corresponding IPV6 segment mail.xxx.com :2a01:e34:::::1122:3344 for mail server ns.xxx.com : 2a01:e34:::::aabb:ccdd for dns server In xxx.com bind : mail A

RE: Configuration advice for a post-8020 world

> -Original Message- > From: Mark Andrews [mailto:ma...@isc.org] > > Named does not check that a parent zone has NS records for a child > zone on the same server. Always add delegating NS records. > > As for ENT returning NXDOMAIN. Early versions of the specifications > of DNSSEC said

Re: Configuration advice for a post-8020 world

Named does not check that a parent zone has NS records for a child zone on the same server. Always add delegating NS records. As for ENT returning NXDOMAIN. Early versions of the specifications of DNSSEC said there were no NAMES, rather than NAMES with RECORDS, between names in a DNSSEC sorted

RE: Configuration advice for a post-8020 world

> -Original Message- > From: Woodworth, John R > -Original Message- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Phil > Mayers > > > > On 12/02/2017 11:09, Woodworth, John R wrote: > > > > > SAMPLE ZONES: > > > 101{redacted}.com. (REAL

RE: Configuration advice for a post-8020 world

-Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Phil Mayers > > On 12/02/2017 11:09, Woodworth, John R wrote: > > > SAMPLE ZONES: > > 101{redacted}.com. (REAL ZONE FILE) > > jwjw.sales.101{redacted}.com. (REAL ZONE FILE) > > You

Re: Configuration advice for a post-8020 world

On 12/02/2017 11:09, Woodworth, John R wrote: SAMPLE ZONES: 101{redacted}.com. (REAL ZONE FILE) jwjw.sales.101{redacted}.com. (REAL ZONE FILE) You are missing the glue NS records in the parent zone (just verified by local test of the before/after case). You need:

Configuration advice for a post-8020 world

All, I am asking for advice/ comments/ best-practices for bind configuration and zone RRs to avoid potential issues with Empty Non-Terminal (ENT) domain names. Before continuing, I feel I must point out I am a big fan of improvements in network and protocol efficiency including RFC-8020. I also

Re: High performance DNS server configuration?

Am 15.09.2016 um 17:19 schrieb Benny Pedersen: On 2016-09-15 15:42, John Levine wrote: Problem is procmail + postfix with rbl's (zen.spamhaus.org and others). Really big problem are spam botnet's and some day we can get over 5-6 million messages per day or even more. Procmail/postfix is

Re: High performance DNS server configuration?

>Problem is procmail + postfix with rbl's (zen.spamhaus.org and others). > >Really big problem are spam botnet's and some day we can get over 5-6 >million messages per day or even more. > >Procmail/postfix is doing every check per msg at localdns (localdns => >rbl's) server and average check time

Re: High performance DNS server configuration?

> memory and SSD disks (with raid controller). > > We have local bind running at same box (bind, caching) with default > configuration. Ask on a CentOS list if you don't wish to provide the configuration in use. We don't all know what "default" means there. &g

Re: High performance DNS server configuration?

Am 15.09.2016 um 13:20 schrieb Pekka Jalonen: Server is mail server with ~+150 K users. Problem is procmail + postfix with rbl's (zen.spamhaus.org and others). Really big problem are spam botnet's and some day we can get over 5-6 million messages per day or even more. Procmail/postfix is

RE: DNS's example of configuration with view and zones

will, by default, listen on all interfaces, and for outbound queries, it's left to the Operating System to decide, based on its routing configuration, what interface to use to send any given packet). From a forward-zone perspective, whether you have 3 interfaces, or 30, you should be able to use

DNS's example of configuration with view and zones

You would be able to send me some DNS's example of configuration with view and zones, for 3 interfaces of net, for favor as I can create the inverse zones for 3 different sub-nets I do not have access to internet in Cuba Greetings William - Mensaje original - De: Reindl Harald

Re: configuration error in lists.isc.org

On 2015-08-13 21:14, Mark Andrews wrote: In message 94ac3fe7e1948b9c0ce80a78f8a59...@lhaven.homeip.net, Lawrence K. C hen, P.Eng. writes: Earlier today had a request to add another entry...didn't notice that how close the string was to 255? characters. You just use multiple fields if there

Re: configuration error in lists.isc.org

Am 13.08.2015 um 23:15 schrieb Lawrence K. Chen, P.Eng.: On 2015-08-10 17:12, Reindl Harald wrote: well, when you can't say from where you send mail you should refrain from setup SPF at all Except there are external forces that demand an SPF, and that it contain specific strings at all

Re: configuration error in lists.isc.org

On 2015-08-10 17:12, Reindl Harald wrote: truncated the long, hard to understand and unrelated stuff Am 10.08.2015 um 23:49 schrieb Lawrence K. Chen, P.Eng.: that above is pure nonsense - your DOMAIN has either a strict SPF policy - or a testing policy ~ and no mix of both ~ means

Re: configuration error in lists.isc.org

In message calmep04fxiqa0mg7xfgflg+maztzeku4qvnw5vtrsbvinao...@mail.gmail.com , Steven Carr writes: On 14 August 2015 at 03:14, Mark Andrews ma...@isc.org wrote: You just use multiple fields if there isn't space. The field are concatenated together with no space to produce the full SPF

Re: configuration error in lists.isc.org

On 2015-08-13 18:47, Reindl Harald wrote: Am 13.08.2015 um 23:15 schrieb Lawrence K. Chen, P.Eng.: On 2015-08-10 17:12, Reindl Harald wrote: well, when you can't say from where you send mail you should refrain from setup SPF at all Except there are external forces that demand an SPF, and

Re: configuration error in lists.isc.org

On 14 August 2015 at 03:14, Mark Andrews ma...@isc.org wrote: You just use multiple fields if there isn't space. The field are concatenated together with no space to produce the full SPF entry. e.g. ab cd - abcd How does BIND know which order to send the TXT records in so that they

Re: configuration error in lists.isc.org

In message 94ac3fe7e1948b9c0ce80a78f8a59...@lhaven.homeip.net, Lawrence K. C hen, P.Eng. writes: Earlier today had a request to add another entry...didn't notice that how close the string was to 255? characters. You just use multiple fields if there isn't space. The field are concatenated

Re: configuration error in lists.isc.org

On 2015-08-10 16:49, Lawrence K. Chen, P.Eng. wrote: Though I realize my error not recalling that there is a middle (neutral) level, and which is more appropriate, since softfail is somewhere between fail and neutral which is not where I had intended the servers to be. Went to fix it, only to

Re: configuration error in lists.isc.org

On 2015-08-07 22:23, Reindl Harald wrote: Am 08.08.2015 um 05:13 schrieb Lawrence K. Chen, P.Eng.: So, when we were with this provider, our SPF had exclusive pool as good, but included the other pool prefixed with '~' can we stop that foolish discussion on the named list? How about an

Re: configuration error in lists.isc.org

truncated the long, hard to understand and unrelated stuff Am 10.08.2015 um 23:49 schrieb Lawrence K. Chen, P.Eng.: that above is pure nonsense - your DOMAIN has either a strict SPF policy - or a testing policy ~ and no mix of both ~ means testing, please don't reject if it don't pass and

Re: configuration error in lists.isc.org

BTW: your SPF is completly broken http://www.openspf.org/Why?s=mfrom;id=lkc...@ksu.edu;ip=54.200.129.228 The domain outbound._spf.mailhop.org has published an SPF policy, however, an error occurred while the receiving mail server tried to evaluate the policy: Missing required IPv4 address

Re: configuration error in lists.isc.org

On 11/08/2015 07:59, Lawrence K. Chen, P.Eng. wrote: On 2015-08-10 16:49, Lawrence K. Chen, P.Eng. wrote: Though I realize my error not recalling that there is a middle (neutral) level, and which is more appropriate, since softfail is somewhere between fail and neutral which is not

Re: [OT] Re: configuration error in lists.isc.org

On Aug 6, 2015, at 4:25 PM, Heiko Richter em...@heikorichter.name mailto:em...@heikorichter.name wrote: Whenever I post something to the list (I'm not using SMTP, I'm using a usenet server to post to comp.protocols.dns.bind), my postmaster address receives DMARC notifications from list members

Re: configuration error in lists.isc.org

On 2015-08-06 19:00, /dev/rob0 wrote: My SPF record doesn't include lists.ist.org, of course and it never will. Furthermore it ends with -all so all my messages to the list are being rejected by list members who have spf aware servers. No, GNU Mailman (which is the software behind

Re: [OT] Re: configuration error in lists.isc.org

On 07/08/15 02:03, Charles Swiger wrote: So ISC: please fix your list servers, let them rewrite the From headers! How would this help? Changing the From header breaks your domain's DKIM signing; are you asking them to take ownership of your messages and then DKIM sign them on behalf of

Re: configuration error in lists.isc.org

Am 07.08.2015 um 01:25 schrieb Heiko Richter: Whenever I post something to the list (I'm not using SMTP, I'm using a usenet server to post to comp.protocols.dns.bind), my postmaster address receives DMARC notifications from list members that have employed this wonderful protocol on their

Re: configuration error in lists.isc.org

On Fri, Aug 7, 2015 at 2:57 AM, Reindl Harald h.rei...@thelounge.net wrote: Am 07.08.2015 um 01:25 schrieb Heiko Richter: So ISC: please fix your list servers, let them rewrite the From headers! please try to understand the topic before blaming! http://wiki.list.org/DEV/DMARC * SPF is

Re: [OT] Re: configuration error in lists.isc.org

Am 07.08.2015 um 17:23 schrieb Heiko Richter: Am 07.08.2015 um 08:29 schrieb Matus UHLAR - fantomas: On Aug 6, 2015, at 4:25 PM, Heiko Richter em...@heikorichter.name mailto:em...@heikorichter.name wrote: Whenever I post something to the list (I'm not using SMTP, I'm using a usenet server to

Re: [OT] Re: configuration error in lists.isc.org

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 07.08.2015 um 08:29 schrieb Matus UHLAR - fantomas: On Aug 6, 2015, at 4:25 PM, Heiko Richter em...@heikorichter.name mailto:em...@heikorichter.name wrote: Whenever I post something to the list (I'm not using SMTP, I'm using a usenet server to

Re: [OT] Re: configuration error in lists.isc.org

On Fri, Aug 7, 2015 at 11:23 AM, Heiko Richter em...@heikorichter.name wrote: Correction: - All implementations of SPF always check 2 addresses: - Envelope-From address - From address SPF will fail whenever the client is not authorized to send for either the Envelope-From

Re: [OT] Re: configuration error in lists.isc.org

Am 07.08.2015 um 08:29 schrieb Matus UHLAR - fantomas: SPF must only check envelope address, not header From: address - it was never designed to do the latter. On 07.08.15 17:23, Heiko Richter wrote: Correction: - All implementations of SPF always check 2 addresses: -

Re: configuration error in lists.isc.org

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 07.08.2015 um 08:03 schrieb Lawrence K. Chen, P.Eng.: In looking through the received headers I see that there's no SPF for lists.isc.org Wether or not lists.isc.org was never in question. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22

Re: [OT] Re: configuration error in lists.isc.org

On 08/08/2015 01:23, Heiko Richter wrote: The spf2.0/pra ?all is SenderID, where pra forces the DMARC server to check only the Envelope-Sender against v=spf1 mx -all. If you don't set that, SPF will always check both Envelope-From and Header-From. Note that it's the SenderID

Re: configuration error in lists.isc.org

On 2015-08-07 07:34, wbr...@e1b.org wrote: From: Lawrence K. Chen, P.Eng. lkc...@ksu.edu OTOH, we have caved on adding systems that aren't 'ours'...though how much of Office365 is actually 'ours'but I think we currently have a couple includes for mass emailing solutions or our

Re: configuration error in lists.isc.org

Am 08.08.2015 um 05:13 schrieb Lawrence K. Chen, P.Eng.: So, when we were with this provider, our SPF had exclusive pool as good, but included the other pool prefixed with '~' can we stop that foolish discussion on the named list? that above is pure nonsense - your DOMAIN has either a strict

configuration error in lists.isc.org

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Nothing concerning Bind, but still relevant to all list users: Just wanted to let you all know about a configuration error on lists.isc.org. It doesn't rewrite any email headers, only reflects incoming messages to all list members which leads

[OT] Re: configuration error in lists.isc.org

On Aug 6, 2015, at 4:25 PM, Heiko Richter em...@heikorichter.name wrote: Whenever I post something to the list (I'm not using SMTP, I'm using a usenet server to post to comp.protocols.dns.bind), my postmaster address receives DMARC notifications from list members that have employed this

Question on --with-libxml2 option while compiling on Sparc Solaris 10 and the Configuration Summary output.

Hello This is what I get in the summary after I run configure on BIND 9.10.2P3 source code when I use the -with-libxml2 option for compiling . As we can see the summary says that the option has been enabled. Configuration summary

Re: ERROR : - writeable file 'data/udalgurijudiciarygov.hosts': already in use: /etc/nicnet2007.govdomain:15424 - loading configuration: failure

solution to this? Slave zones should be transferred using DNS. In a stealth master case, you need to populate also-notify lists, but perhaps in your case you can share some of that configuration with global or view level settings. (Better than having to set everything per zone.) To hold us/me

Re: ERROR : - writeable file 'data/udalgurijudiciarygov.hosts': already in use: /etc/nicnet2007.govdomain:15424 - loading configuration: failure

[7436]: loading configuration: failure Aug 3 09:59:34 govindnsvm named[7436]: exiting (due to fatal error) See if you have used these data/*.host as values with the file option multiple times in your named configuration. It may be that you have included a config snippet multiple times

Re: ERROR : - writeable file 'data/udalgurijudiciarygov.hosts': already in use: /etc/nicnet2007.govdomain:15424 - loading configuration: failure

09:59:34 govindnsvm named[7436]: loading configuration: failure Aug 3 09:59:34 govindnsvm named[7436]: exiting (due to fatal error) See if you have used these data/*.host as values with the file option multiple times in your named configuration. It may be that you have included a config snippet

Re: ERROR : - writeable file 'data/udalgurijudiciarygov.hosts': already in use: /etc/nicnet2007.govdomain:15424 - loading configuration: failure

This unfortunately looks like the thread for me to jump on to I missed installing the last two 9.9...-p# patches, first time I built everything and was pretty much ready to do it, and then forgot all about it due to health issues. More recent one...I had got it built for Solaris x64 and

Re: ERROR : - writeable file 'data/udalgurijudiciarygov.hosts': already in use: /etc/nicnet2007.govdomain:15424 - loading configuration: failure

': already in use: /etc/nicnet2007.govdomain:15473 Aug 3 09:59:34 govindnsvm named[7436]: /etc/nicnet2007.govdomain:15480: writeable file 'data/icggov.hosts': already in use: /etc/nicnet2007.govdomain:15480 Aug 3 09:59:34 govindnsvm named[7436]: loading configuration: failure Aug 3 09:59

Re: ERROR : - writeable file 'data/udalgurijudiciarygov.hosts': already in use: /etc/nicnet2007.govdomain:15424 - loading configuration: failure

/nicnet2007.govdomain:15424 - loading configuration: failure To: prakash prak...@nic.in Cc: bind-users@lists.isc.org Hi Prakash On Mon, Aug 03, 2015 at 10:14:50AM +0530, prakash wrote: Aug 3 09:59:34 govindnsvm named[7436]: /etc/nicnet2007.govdomain:15424: writeable file 'data

Re: ERROR : - writeable file 'data/udalgurijudiciarygov.hosts': already in use: /etc/nicnet2007.govdomain:15424 - loading configuration: failure

On 03/08/15 16:50, Heiko Richter wrote: Hi Heiko, Why use the file option at all on a slave? If you don't use the file option on a slave, then BIND does not write the zone to disk. This is okay for a small number of small zones. But if you have many zones, or they are large, then you usually

Re: ERROR : - writeable file 'data/udalgurijudiciarygov.hosts': already in use: /etc/nicnet2007.govdomain:15424 - loading configuration: failure

Am 03.08.2015 um 16:59 schrieb Anand Buddhdev: On 03/08/15 16:50, Heiko Richter wrote: Hi Heiko, Why use the file option at all on a slave? If you don't use the file option on a slave, then BIND does not write the zone to disk. This is okay for a small number of small zones. But if you

Getting an error on a simple DNS configuration

I put together a simple working DNS server and called it new-dns2 with the IP address of 206.117.115.93. My configuration files follow: [root@new-dns2 ~]# cat /etc/named.conf options { directory /var/named; }; zone 0.0.127.in-addr.arpa { type master; file db.127.0.0

Re: Getting an error on a simple DNS configuration

Dear Tony, Bob, Matus, Thank you very much for your advice, you guys are awesome. On Wed, Jun 3, 2015 at 1:03 PM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 03.06.15 12:34, Samad Agha wrote: So, when I query my new DNS server from itself (206.117.115.93), it resolves the name to an

Re: Getting an error on a simple DNS configuration

On 03.06.15 12:34, Samad Agha wrote: So, when I query my new DNS server from itself (206.117.115.93), it resolves the name to an IP, but when I query my new DNS server from another Linux box, it fails with the following error message. you must allow BIND to provide recursive DNS for other

Re: Getting an error on a simple DNS configuration

Samad Agha samad.agha2...@gmail.com wrote: So, when I query my new DNS server from itself (206.117.115.93), it resolves the name to an IP, but when I query my new DNS server from another Linux box, it fails with the following error message. ** server can't find google.com: REFUSED By

Re: Getting an error on a simple DNS configuration

-dns2 with the IP address of 206.117.115.93. My configuration files follow: [root@new-dns2 ~]# cat /etc/named.conf options { directory /var/named; }; zone 0.0.127.in-addr.arpa { type master; file db.127.0.0; }; [root@new-dns2 ~]# cat /var/named/db.127.0.0 $TTL

Re: Fwd: Getting an error on a simple DNS configuration

restart Stopping named: . [ OK ] Starting named: Error in named configuration: /etc/named.conf:3: '{' expected near '(207.151.36.0)' [FAILED] [root@new-dns2

Fwd: Getting an error on a simple DNS configuration

{ type master; file db.127.0.0; }; [root@new-dns2 ~]# [root@new-dns2 ~]# service named restart Stopping named: . [ OK ] Starting named: Error in named configuration: /etc/named.conf:3: '{' expected near '(207.151.36.0

Re: Getting an error on a very simple DNS configuration

[root@new-dns1 etc]# cat named.conf zone 0.0.127.in-addr.arpa { type master; file db.127.0.0; }; You're missing the directory directive, BIND doesn't know where your files are. Above the zone statement add: directory /var/named;

  1   2   3   >