Pretty much a precise use case for RPZ (Response Policy Zones). Google it
or search the BIND docs for RPZ.
On Sun, Jun 18, 2023 at 8:37 PM public1020 via bind-users <
bind-users@lists.isc.org> wrote:
> I need to hijack certain domains and not its subdomains, so I use dnsmasq
> to achieve it:
>
>
I need to hijack certain domains and not its subdomains, so I use dnsmasq to
achieve it:
```
[host-record=example.com](http://host-record=google.com),1.2.3.4
```
In bind I have to create a zone and copy everything there, is there a simple
way for domains I have no authority for?--
Visit
Mik J via bind-users wrote:
> How can I check which variables are loaded in memory and considered as active.
As Ray said, usually it isn't ambiguous.
But there are a couple of semi-relevant tools that are worth knowing
about:
You can use `named-checkconf -p` to canonicalize your configurat
On 04/01/2022 16:53, Mik J via bind-users wrote:
Hello,
How can I check which variables are loaded in memory and considered as
active.
For example, I would like to check that the value of lame-ttl is 0
In my named.conf configuration file I have
include "myconf.conf";
la
Hello,
How can I check which variables are loaded in memory and considered as active.
For example, I would like to check that the value of lame-ttl is 0In my
named.conf configuration file I haveinclude "myconf.conf";
lame-ttl 600;
And in the myconf.conf file I havelame-ttl 0;
So how
ShubhamGoyal wrote:
> We have enabled " minimal-any yes;" in our Bind DNS Sever, Yet an ANY
> query provides complete details instead of providing reduced details .
Testing minimal-any with dig is tricky and very obscure!
For an example of how to test it, try:
dig cam.ac.uk any
>
> Dear sir,
> We are running a public DNS resolver in
> Centos 8 with bind software . We enable geoip feature at configuration time
> now I want to know about
>
>" How can we i
Without seeing your configuration, I can only suggest trying the
minimal-responses option.
Regards,
Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software
I believe, "minimal-any" is for authoritative nameservers only and has
no effect on recursive resolvers. Where did you configure "minimal-any yes"?
Daniel
On 08.09.20 13:30, ShubhamGoyal wrote:
> Dear All,
> We have enabled " *minimal-any yes;"* in our Bind
> DNS Sever,
Dear All,
We have enabled " minimal-any yes;" in our Bind DNS
Sever, Yet an ANY query provides complete details instead of providing reduced
details .
Please suggest a fix.
Hi,
Keen to know if rndc addzone functionality can be used to add zones in bind
serving response-policy? If so then what would be my view? Do I need to
define my view to make it work?
I tried this and its failing hence wondering if rndc can be used to add
zone or delete zone on the fly?
Here is
On 4/15/20 2:46 PM, PGNet Dev wrote:
> On 4/15/20 1:50 PM, Ondřej Surý wrote:
>> you are right this is a bit confusing, but you need to specify both:
>>
>> --enable-geoip (as the feature independent of used libraries)
>> --with-maxmindsb (where to find the libraries)
>
> thx
>
> i'd also suggest
On 4/15/20 1:50 PM, Ondřej Surý wrote:
> you are right this is a bit confusing, but you need to specify both:
>
> --enable-geoip (as the feature independent of used libraries)
> --with-maxmindsb (where to find the libraries)
thx
i'd also suggest
- --with-maxmiddb
+
bled:
>Mutex lock type: adaptive
>IPv6 support (--enable-ipv6)
>Python tools (--with-python)
>XML statistics (--with-libxml2)
>JSON statistics (--with-json-c): -I/usr/include/json-c -ljson-c
>HTTP zlib compression (--with-zlib)
>
th-python)
XML statistics (--with-libxml2)
JSON statistics (--with-json-c): -I/usr/include/json-c -ljson-c
HTTP zlib compression (--with-zlib)
LMDB database to store configuration for 'addzone' zones
(--with-lmdb)
IDN support (--with-
.
> I want to exclude the MX Record for any domain in my RPZ Configration.
> I only want to keep the A Record of any domain but want to exclude the MX
> Record of that domain.
> Can you please help me out to achieve this?
> Means, in configuration, is it possible to exclude the MX R
this?
Means, in configuration, is it possible to exclude the MX Record of any
domain?
Please hep me out in this regard.
Thanks,
Saurabh
Thanks & Regards,
Saurabh
Email: jp.saur...@gmail.com
___
Please visit https://lists.isc.org/mailman/listinfo/bind-u
> Hi there,
>>
>> Can someone please guide me on working configuration of Mater/Slave zone
>> in DNS RPZ for reference?
>>
>> Is that available with someone? And does it work exactly as master/slave
>> like any other zone?
>>
>
>
__
PM, Blason R <blaso...@gmail.com> wrote:
> Hi there,
>
> Can someone please guide me on working configuration of Mater/Slave zone
> in DNS RPZ for reference?
>
> Is that available with someone? And does it work exactly as master/sla
Hi there,
Can someone please guide me on working configuration of Mater/Slave zone in
DNS RPZ for reference?
Is that available with someone? And does it work exactly as master/slave
like any other zone?
___
Please visit https://lists.isc.org/mailman
Am 19.06.2017 um 16:56 schrieb Matus UHLAR - fantomas:
since DNS don't care about the PTR but mail does what is your
problem that you need stupid dicussions instead just agree that
it can't do harm and in doubt is beneficial to have just one
hostname, use that one hostname in helo_name and
Am 19.06.2017 um 16:56 schrieb Matus UHLAR - fantomas:
since DNS don't care about the PTR but mail does what is your problem
that you need stupid dicussions instead just agree that it can't do
harm and in doubt is beneficial to have just one hostname, use that
one hostname in helo_name and
Am 19.06.2017 um 15:25 schrieb Matus UHLAR - fantomas:
those rejections were NOT caused by having two different PTRs.
They were caused by something different that is not a subject of this
thread - even one PTR of this format would cause rejections.
On 19.06.17 15:32, Reindl Harald wrote:
not
Am 19.06.2017 um 15:25 schrieb Matus UHLAR - fantomas:
* smtp_helo_name of your MTA matches the same name
this one is incorrect and my next comment applies only to this one:
On 19.06.17 15:14, Reindl Harald wrote:
does it harm? NO
is it easy to achive? YES
can it be used for scoring on a
* smtp_helo_name of your MTA matches the same name
this one is incorrect and my next comment applies only to this one:
On 19.06.17 15:14, Reindl Harald wrote:
does it harm? NO
is it easy to achive? YES
can it be used for scoring on a spamfilter? YES
is it required? NO.
Actually, this
Am 19.06.2017 um 15:00 schrieb Matus UHLAR - fantomas:
On 19.06.17 01:05, Reindl Harald wrote:
it's nearly always misleading and results in randomness on the
receiving server which name get logged and if A/PTR matches
normally you should always have:
* IP with *one* PTR
* the A-Record for
On 19.06.17 01:05, Reindl Harald wrote:
it's nearly always misleading and results in randomness on the
receiving server which name get logged and if A/PTR matches
normally you should always have:
* IP with *one* PTR
* the A-Record for the PTR matches
these two are correct.
*
In article you write:
>>* IP with *one* PTR
>>* the A-Record for the PTR matches
>>* smtp_helo_name of your MTA matches the same name
>
>Even this is not required. In fact, requiring this breaks SMTP RFC.
>The only requirement on helo name is
Am 19.06.2017 um 08:49 schrieb Matus UHLAR - fantomas:
On 18.06.17 16:26, Mark Elkins wrote:
Put two reverse records in both the IPv4 and IPv6 reverse zones
in the "125.124.123.in-addr.arpa" zone:
126 IN PTR mail.xxx.com.
126 IN PTR ns.xxx.com.
Am 18.06.2017 um 17:38
On 06/19/2017 10:42 AM, Matus UHLAR - fantomas wrote:
If I do what you say reverse IP for DNS will point on mail.xxx.com
and not on ns.xxx.com.
I have asked you twice:
WHO TOLD YOU THIS IS A PROBLEM? IT IS NOT!
There are only a few services on the net who currently use reverse DNS
On 06/19/2017 10:27 AM, Mark Elkins wrote:
Another solution could be to make one of the names a CNAME pointing to
the other name.
-or-
Just use one generic name for both services. rather than the two
"service" names.
Although in all honesty, I see nothing wrong with a lookup returning two
On 19.06.17 10:27, Mark Elkins wrote:
Another solution could be to make one of the names a CNAME pointing to
the other name.
No.
This would create a real problem, since NS and mail have different
records.
-or-
Just use one generic name for both services. rather than the two
"service"
On 06/19/2017 08:51 AM, Matus UHLAR - fantomas wrote:
long story short:
in the "125.124.123.in-addr.arpa" zone:
126 IN PTR mail.xxx.com.
quoting your original message:
What should I put for IPV4 reverse address : if I put mail.xxx.com, the
reverse address will not point on
Another solution could be to make one of the names a CNAME pointing to
the other name.
-or-
Just use one generic name for both services. rather than the two
"service" names.
Although in all honesty, I see nothing wrong with a lookup returning two
answers (in a single response packet) for the
On 06/19/2017 08:51 AM, Matus UHLAR - fantomas wrote:
On 19.06.17 08:03, Pierre Couderc wrote:
Ok, thank you all, now I need to understand your answers...
long story short:
in the "125.124.123.in-addr.arpa" zone:
126 IN PTR mail.xxx.com.
quoting your original message:
What should
t them all in the reverse
configuration. After all, a NS record usually has at least two
records ;-)
there are cases when having two reverse records is misleading
it's nearly always misleading and results in randomness on the
receiving server which name get logged and if A/PTR matches
normally
On 19.06.17 08:03, Pierre Couderc wrote:
Ok, thank you all, now I need to understand your answers...
long story short:
in the "125.124.123.in-addr.arpa" zone:
126 IN PTR mail.xxx.com.
quoting your original message:
What should I put for IPV4 reverse address : if I put mail.xxx.com,
On 18.06.17 16:26, Mark Elkins wrote:
Put two reverse records in both the IPv4 and IPv6 reverse zones
in the "125.124.123.in-addr.arpa" zone:
126 IN PTR mail.xxx.com.
126 IN PTR ns.xxx.com.
Am 18.06.2017 um 17:38 schrieb Matus UHLAR - fantomas:
there are cases when having
t them all in the reverse
configuration. After all, a NS record usually has at least two
records ;-)
there are cases when having two reverse records is misleading
it's nearly always misleading and results in randomness on the
receiving server which name get logged and if A/PTR matches
no
s possible, it's not always a good idea.
One reverse record is enough in most cases you need reverse DNS.
(which mostly means, for outgoing mail)
Nothing wrong with a machine (or interface on a machine) having more
than one name for the same address. List them all in the reverse
configuration. After
is enough in most cases you need reverse DNS.
(which mostly means, for outgoing mail)
Nothing wrong with a machine (or interface on a machine) having more
than one name for the same address. List them all in the reverse
configuration. After all, a NS record usually has at least t
On 18.06.17 15:40, Pierre Couderc wrote:
Well, we have 2 computers in xxx.com subnet provided by ISP on 123.124.125.126
ipV4 address and corresponding IPV6 segment
mail.xxx.com :2a01:e34:::::1122:3344 for mail server
ns.xxx.com : 2a01:e34:::::aabb:ccdd for
d see what question dig asks.
Nothing wrong with a machine (or interface on a machine) having more
than one name for the same address. List them all in the reverse
configuration. After all, a NS record usually has at least two records ;-)
On 18/06/2017 15:40, Pierre Couderc wrote:
> Well, we hav
Well, we have 2 computers in xxx.com subnet provided by ISP on 123.124.125.126
ipV4 address and corresponding IPV6 segment
mail.xxx.com :2a01:e34:::::1122:3344 for mail server
ns.xxx.com : 2a01:e34:::::aabb:ccdd for dns server
In xxx.com bind :
mail A
> -Original Message-
> From: Mark Andrews [mailto:ma...@isc.org]
>
> Named does not check that a parent zone has NS records for a child
> zone on the same server. Always add delegating NS records.
>
> As for ENT returning NXDOMAIN. Early versions of the specifications
> of DNSSEC said
Named does not check that a parent zone has NS records for a child
zone on the same server. Always add delegating NS records.
As for ENT returning NXDOMAIN. Early versions of the specifications
of DNSSEC said there were no NAMES, rather than NAMES with RECORDS,
between names in a DNSSEC sorted
> -Original Message-
> From: Woodworth, John R
> -Original Message-
> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Phil
> Mayers
> >
> > On 12/02/2017 11:09, Woodworth, John R wrote:
> >
> > > SAMPLE ZONES:
> > > 101{redacted}.com. (REAL
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Phil
Mayers
>
> On 12/02/2017 11:09, Woodworth, John R wrote:
>
> > SAMPLE ZONES:
> > 101{redacted}.com. (REAL ZONE FILE)
> > jwjw.sales.101{redacted}.com. (REAL ZONE FILE)
>
> You
On 12/02/2017 11:09, Woodworth, John R wrote:
SAMPLE ZONES:
101{redacted}.com. (REAL ZONE FILE)
jwjw.sales.101{redacted}.com. (REAL ZONE FILE)
You are missing the glue NS records in the parent zone (just verified by
local test of the before/after case). You need:
All,
I am asking for advice/ comments/ best-practices for bind
configuration and zone RRs to avoid potential issues with
Empty Non-Terminal (ENT) domain names.
Before continuing, I feel I must point out I am a big fan
of improvements in network and protocol efficiency
including RFC-8020. I also
Am 15.09.2016 um 17:19 schrieb Benny Pedersen:
On 2016-09-15 15:42, John Levine wrote:
Problem is procmail + postfix with rbl's (zen.spamhaus.org and others).
Really big problem are spam botnet's and some day we can get over 5-6
million messages per day or even more.
Procmail/postfix is
>Problem is procmail + postfix with rbl's (zen.spamhaus.org and others).
>
>Really big problem are spam botnet's and some day we can get over 5-6
>million messages per day or even more.
>
>Procmail/postfix is doing every check per msg at localdns (localdns =>
>rbl's) server and average check time
> memory and SSD disks (with raid controller).
>
> We have local bind running at same box (bind, caching) with default
> configuration.
Ask on a CentOS list if you don't wish to provide the configuration
in use. We don't all know what "default" means there.
&g
Am 15.09.2016 um 13:20 schrieb Pekka Jalonen:
Server is mail server with ~+150 K users.
Problem is procmail + postfix with rbl's (zen.spamhaus.org and others).
Really big problem are spam botnet's and some day we can get over 5-6
million messages per day or even more.
Procmail/postfix is
will, by default, listen on all interfaces, and for outbound queries, it's left
to the Operating System to decide, based on its routing configuration, what
interface to use to send any given packet). From a forward-zone perspective,
whether you have 3 interfaces, or 30, you should be able to use
You would be able to send me some DNS's example of configuration with view and
zones,
for 3 interfaces of net, for favor as I can create the inverse zones for 3
different sub-nets
I do not have access to internet in Cuba
Greetings
William
- Mensaje original -
De: Reindl Harald
On 2015-08-13 21:14, Mark Andrews wrote:
In message 94ac3fe7e1948b9c0ce80a78f8a59...@lhaven.homeip.net, Lawrence
K. C
hen, P.Eng. writes:
Earlier today had a request to add another entry...didn't notice that how
close the string was to 255? characters.
You just use multiple fields if there
Am 13.08.2015 um 23:15 schrieb Lawrence K. Chen, P.Eng.:
On 2015-08-10 17:12, Reindl Harald wrote:
well, when you can't say from where you send mail you should refrain from
setup SPF at all
Except there are external forces that demand an SPF, and that it contain
specific strings at all
On 2015-08-10 17:12, Reindl Harald wrote:
truncated the long, hard to understand and unrelated stuff
Am 10.08.2015 um 23:49 schrieb Lawrence K. Chen, P.Eng.:
that above is pure nonsense - your DOMAIN has either a strict SPF
policy -
or a testing policy ~ and no mix of both
~ means
In message calmep04fxiqa0mg7xfgflg+maztzeku4qvnw5vtrsbvinao...@mail.gmail.com
, Steven Carr writes:
On 14 August 2015 at 03:14, Mark Andrews ma...@isc.org wrote:
You just use multiple fields if there isn't space. The field are
concatenated together with no space to produce the full SPF
On 2015-08-13 18:47, Reindl Harald wrote:
Am 13.08.2015 um 23:15 schrieb Lawrence K. Chen, P.Eng.:
On 2015-08-10 17:12, Reindl Harald wrote:
well, when you can't say from where you send mail you should refrain from
setup SPF at all
Except there are external forces that demand an SPF, and
On 14 August 2015 at 03:14, Mark Andrews ma...@isc.org wrote:
You just use multiple fields if there isn't space. The field are
concatenated together with no space to produce the full SPF entry.
e.g. ab cd - abcd
How does BIND know which order to send the TXT records in so that they
In message 94ac3fe7e1948b9c0ce80a78f8a59...@lhaven.homeip.net, Lawrence K. C
hen, P.Eng. writes:
Earlier today had a request to add another entry...didn't notice that how
close the string was to 255? characters.
You just use multiple fields if there isn't space. The field are
concatenated
On 2015-08-10 16:49, Lawrence K. Chen, P.Eng. wrote:
Though I realize my error not recalling that there is a middle (neutral)
level, and which is more appropriate, since softfail is somewhere between
fail and neutral which is not where I had intended the servers to be.
Went to fix it, only to
On 2015-08-07 22:23, Reindl Harald wrote:
Am 08.08.2015 um 05:13 schrieb Lawrence K. Chen, P.Eng.:
So, when we were with this provider, our SPF had exclusive pool as good,
but included the other pool prefixed with '~'
can we stop that foolish discussion on the named list?
How about an
truncated the long, hard to understand and unrelated stuff
Am 10.08.2015 um 23:49 schrieb Lawrence K. Chen, P.Eng.:
that above is pure nonsense - your DOMAIN has either a strict SPF
policy -
or a testing policy ~ and no mix of both
~ means testing, please don't reject if it don't pass and
BTW: your SPF is completly broken
http://www.openspf.org/Why?s=mfrom;id=lkc...@ksu.edu;ip=54.200.129.228
The domain outbound._spf.mailhop.org has published an SPF policy,
however, an error occurred while the receiving mail server tried to
evaluate the policy:
Missing required IPv4 address
On 11/08/2015 07:59, Lawrence K. Chen, P.Eng. wrote:
On 2015-08-10 16:49, Lawrence K. Chen, P.Eng. wrote:
Though I realize my error not recalling that there is a middle (neutral)
level, and which is more appropriate, since softfail is somewhere between
fail and neutral which is not
On Aug 6, 2015, at 4:25 PM, Heiko Richter em...@heikorichter.name
mailto:em...@heikorichter.name wrote:
Whenever I post something to the list (I'm not using SMTP, I'm
using a usenet server to post to comp.protocols.dns.bind), my
postmaster address receives DMARC notifications from list members
On 2015-08-06 19:00, /dev/rob0 wrote:
My SPF record doesn't include lists.ist.org, of course and it never
will. Furthermore it ends with -all so all my messages to the
list are being rejected by list members who have spf aware servers.
No, GNU Mailman (which is the software behind
On 07/08/15 02:03, Charles Swiger wrote:
So ISC: please fix your list servers, let them rewrite the From headers!
How would this help? Changing the From header breaks your domain's DKIM
signing; are you asking them to take ownership of your messages and then DKIM
sign
them on behalf of
Am 07.08.2015 um 01:25 schrieb Heiko Richter:
Whenever I post something to the list (I'm not using SMTP, I'm using a
usenet server to post to comp.protocols.dns.bind), my postmaster
address receives DMARC notifications from list members that have
employed this wonderful protocol on their
On Fri, Aug 7, 2015 at 2:57 AM, Reindl Harald h.rei...@thelounge.net
wrote:
Am 07.08.2015 um 01:25 schrieb Heiko Richter:
So ISC: please fix your list servers, let them rewrite the From headers!
please try to understand the topic before blaming!
http://wiki.list.org/DEV/DMARC
* SPF is
Am 07.08.2015 um 17:23 schrieb Heiko Richter:
Am 07.08.2015 um 08:29 schrieb Matus UHLAR - fantomas:
On Aug 6, 2015, at 4:25 PM, Heiko Richter
em...@heikorichter.name mailto:em...@heikorichter.name
wrote:
Whenever I post something to the list (I'm not using SMTP,
I'm using a usenet server to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 07.08.2015 um 08:29 schrieb Matus UHLAR - fantomas:
On Aug 6, 2015, at 4:25 PM, Heiko Richter
em...@heikorichter.name mailto:em...@heikorichter.name
wrote:
Whenever I post something to the list (I'm not using SMTP,
I'm using a usenet server to
On Fri, Aug 7, 2015 at 11:23 AM, Heiko Richter em...@heikorichter.name
wrote:
Correction:
-
All implementations of SPF always check 2 addresses:
- Envelope-From address
- From address
SPF will fail whenever the client is not authorized to send for either
the Envelope-From
Am 07.08.2015 um 08:29 schrieb Matus UHLAR - fantomas:
SPF must only check envelope address, not header From: address - it
was never designed to do the latter.
On 07.08.15 17:23, Heiko Richter wrote:
Correction:
-
All implementations of SPF always check 2 addresses:
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 07.08.2015 um 08:03 schrieb Lawrence K. Chen, P.Eng.:
In looking through the received headers I see that there's no SPF
for lists.isc.org
Wether or not lists.isc.org was never in question.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22
On 08/08/2015 01:23, Heiko Richter wrote:
The spf2.0/pra ?all is SenderID, where pra forces the DMARC server
to check only the Envelope-Sender against v=spf1 mx -all. If you
don't set that, SPF will always check both Envelope-From and Header-From.
Note that it's the SenderID
On 2015-08-07 07:34, wbr...@e1b.org wrote:
From: Lawrence K. Chen, P.Eng. lkc...@ksu.edu
OTOH, we have caved on adding systems that aren't 'ours'...though how much
of
Office365 is actually 'ours'but I think we currently have a couple
includes for mass emailing solutions or our
Am 08.08.2015 um 05:13 schrieb Lawrence K. Chen, P.Eng.:
So, when we were with this provider, our SPF had exclusive pool as good,
but included the other pool prefixed with '~'
can we stop that foolish discussion on the named list?
that above is pure nonsense - your DOMAIN has either a strict
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
Nothing concerning Bind, but still relevant to all list users:
Just wanted to let you all know about a configuration error on
lists.isc.org. It doesn't rewrite any email headers, only reflects
incoming messages to all list members which leads
On Aug 6, 2015, at 4:25 PM, Heiko Richter em...@heikorichter.name wrote:
Whenever I post something to the list (I'm not using SMTP, I'm using a
usenet server to post to comp.protocols.dns.bind), my postmaster
address receives DMARC notifications from list members that have
employed this
Hello
This is what I get in the summary after I run configure on BIND 9.10.2P3
source code when I use the -with-libxml2 option for compiling . As we can
see the summary says that the option has been enabled.
Configuration summary
solution to this?
Slave zones should be transferred using DNS. In a stealth master
case, you need to populate also-notify lists, but perhaps in your
case you can share some of that configuration with global or view
level settings. (Better than having to set everything per zone.)
To hold us/me
[7436]: loading configuration: failure
Aug 3 09:59:34 govindnsvm named[7436]: exiting (due to fatal error)
See if you have used these data/*.host as values with the file
option multiple times in your named configuration. It may be that you
have included a config snippet multiple times
09:59:34 govindnsvm named[7436]: loading configuration: failure
Aug 3 09:59:34 govindnsvm named[7436]: exiting (due to fatal error)
See if you have used these data/*.host as values with the file
option multiple times in your named configuration. It may be that you
have included a config snippet
This unfortunately looks like the thread for me to jump on to
I missed installing the last two 9.9...-p# patches, first time I built
everything and was pretty much ready to do it, and then forgot all about it
due to health issues. More recent one...I had got it built for Solaris x64
and
': already in use:
/etc/nicnet2007.govdomain:15473
Aug 3 09:59:34 govindnsvm named[7436]: /etc/nicnet2007.govdomain:15480:
writeable file 'data/icggov.hosts': already in use:
/etc/nicnet2007.govdomain:15480
Aug 3 09:59:34 govindnsvm named[7436]: loading configuration: failure
Aug 3 09:59
/nicnet2007.govdomain:15424 - loading configuration: failure
To: prakash prak...@nic.in
Cc: bind-users@lists.isc.org
Hi Prakash
On Mon, Aug 03, 2015 at 10:14:50AM +0530, prakash wrote:
Aug 3 09:59:34 govindnsvm named[7436]:
/etc/nicnet2007.govdomain:15424: writeable file
'data
On 03/08/15 16:50, Heiko Richter wrote:
Hi Heiko,
Why use the file option at all on a slave?
If you don't use the file option on a slave, then BIND does not write
the zone to disk. This is okay for a small number of small zones. But if
you have many zones, or they are large, then you usually
Am 03.08.2015 um 16:59 schrieb Anand Buddhdev:
On 03/08/15 16:50, Heiko Richter wrote:
Hi Heiko,
Why use the file option at all on a slave?
If you don't use the file option on a slave, then BIND does not write
the zone to disk. This is okay for a small number of small zones. But if
you
I put together a simple working DNS server and called it new-dns2 with the
IP address of 206.117.115.93. My configuration files follow:
[root@new-dns2 ~]# cat /etc/named.conf
options {
directory /var/named;
};
zone 0.0.127.in-addr.arpa {
type master;
file db.127.0.0
Dear Tony, Bob, Matus,
Thank you very much for your advice, you guys are awesome.
On Wed, Jun 3, 2015 at 1:03 PM, Matus UHLAR - fantomas uh...@fantomas.sk
wrote:
On 03.06.15 12:34, Samad Agha wrote:
So, when I query my new DNS server from itself (206.117.115.93), it
resolves the name to an
On 03.06.15 12:34, Samad Agha wrote:
So, when I query my new DNS server from itself (206.117.115.93), it
resolves the name to an IP, but when I query my new DNS server from another
Linux box, it fails with the following error message.
you must allow BIND to provide recursive DNS for other
Samad Agha samad.agha2...@gmail.com wrote:
So, when I query my new DNS server from itself (206.117.115.93), it
resolves the name to an IP, but when I query my new DNS server from another
Linux box, it fails with the following error message.
** server can't find google.com: REFUSED
By
-dns2 with the
IP address of 206.117.115.93. My configuration files follow:
[root@new-dns2 ~]# cat /etc/named.conf
options {
directory /var/named;
};
zone 0.0.127.in-addr.arpa {
type master;
file db.127.0.0;
};
[root@new-dns2 ~]# cat /var/named/db.127.0.0
$TTL
restart
Stopping named: . [ OK ]
Starting named:
Error in named configuration:
/etc/named.conf:3: '{' expected near '(207.151.36.0)'
[FAILED]
[root@new-dns2
{
type master;
file db.127.0.0;
};
[root@new-dns2 ~]#
[root@new-dns2 ~]# service named restart
Stopping named: . [ OK ]
Starting named:
Error in named configuration:
/etc/named.conf:3: '{' expected near '(207.151.36.0
[root@new-dns1 etc]# cat named.conf
zone 0.0.127.in-addr.arpa {
type master;
file db.127.0.0;
};
You're missing the directory directive, BIND doesn't know where your
files are.
Above the zone statement add:
directory /var/named;
1 - 100 of 269 matches
Mail list logo