Re: bind_dlz and views and samba

On 15. 05. 24 17:21, Peter Carlson wrote: As I understand it bind_dlz does not support multiple views, I have to following scenario and am trying to figure out how to configure it: * Internal (192.168.10.0/24) o resolve internal domain xyz.com o resolve internal samba domain

bind_dlz and views and samba

As I understand it bind_dlz does not support multiple views, I have to following scenario and am trying to figure out how to configure it: * Internal (192.168.10.0/24) o resolve internal domain xyz.com o resolve internal samba domain xyz.lab o resolve single address xyz.3cx.us

How to use different views on DNS-over-HTTPS vs normal DNS on port 53

Hello, How can I configure BIND9 to reply to requests from DNS-over-HTTPS with view A, and if the requests is from normal DNS on port 53, reply with view B? Example: client 192.168.1.5 requests A record test.example.com with DNS over HTTPS, BIND should reply with view A client 192.168.1.5

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

Thanks all for the responses and guidance. This is just me doing some tweaky things with a few local bind servers with systems on multiple vlans trying to properly resolve traversing multiple subnets and thinking I could leverage views for something it wasn't meant for [but I think would be handy

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

Hi. Ah, I got the networks the wrong way round. Sorry, it wasn't until I saw Sten's response that it occurred to me that not everyone knows how views work. Indeed a query will be tested against each view, top down. If it satisfies the criteria for a view (either/both match-clients and match

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

On 6/29/23 6:44 AM, Matus UHLAR - fantomas wrote: bind has "sortlist" statement that could do what you want. It will provide all IPs but sorted differently. +1 to "sortlist". I couldn't remember the exact nomenclature nor how it was used. Otherwise, you can s

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

-policy { grant ddns-key wildcard *.20.32.10.in-addr.arpa PTR; }; }; zone "30.32.10.in-addr.arpa" { type master; forwarders {}; file "/var/lib/bind/db.30.32.10.in-addr.arpa"; update-policy { grant ddns-key wildcard *.30.32.10.in-addr.arpa PTR; }; }; I now realize

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

Hi Ubence. That is starting to get complex! Firstly, yes BIND parses views top down, so order matters. Secondly, most specific domain wins (like more specific routes). I now see that you have created three levels of zones: domain.com lab.domain.com system.lab.domain.com This config looks like

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

{ any; }. Please remember that ONLY ONE view is matched. Your main view is only used if none of the other views match. > > What I didn't mention in my original post was that I have other subnets > configured for this remote host through vlans with different IP addresses. > That'

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

vlans with different IP addresses. That's why there are so many other views. I was hoping the match-clients per each view would return the appropriate IP address per subnet making the request. include "/etc/bind/rndc.key"; include "/etc/bind/ddns-key.key"; view "192.168.

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

wise, you can set up multiple views with different versions of the same zone, configured to provide different verision according to source IP. This is much harder to set up. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail adverti

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

Hi Ubence. Firstly, may we see your configs please. It's impossible to say exactly what's going on from a human description. Secondly, views and different answers. Yes it *is* entirely possible to use views to provide answers based on client IP - `match-clients. I would start with the most

Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

lab.domain.com is a higher priority than domain.com even with the system.lab tacked onto the primary domain. I started dabbling with views and tried to set up specific views that would return a fully qualified hostname as a domain based on what network the request came from. If the request came from

Re: KASP: sharing policy and keys between views

Hi Carsten.I've been running split views with a DNSSEC zone using dnssec-policy for at least a couple of years.I'm using a CSK (i.e. combined KSK+ZSK) and haven't yet worked out the best way to automate key rollover wrt DS in parent zone, so my key rollovers are manual currently. Consequently

Re: KASP: sharing policy and keys between views

Hi Carsten, We did have some bugs in the past when it comes to sharing keys with dnssec-policy among different views. But the last one is from a year ago (fixed in 9.16.19). So while I don't have experience myself with a similar setup, we did have some bug reports that used dnssec-policy

KASP: sharing policy and keys between views

Hi, (please do not start a discussion on the usefulness of views. I'm not in favor of views, but sometimes I have to work with them). I have a client that runs a split horizon (internal / external view of the same domain namespace) setup with BIND 9 on Linux. Both the internal and external

Re: Views vs Separate Authoritative & Recursive DNS

Hi E R. My short answer would be, don't configure views unless you have a good use case for them. For example you are running resolvers that have two different kinds of clients that need to be handled differently - one client set needs RPZ, the other doesn't. Or something like that. BIND has

Views vs Separate Authoritative & Recursive DNS

New to BIND and just starting to read the 5th edition from O'Reilly after watching some videos online while it made its way to me. I am trying to understand why the view statement appears to be included by default in most Linux distributions if best practice says you should have separate servers

Re: DNSSEC signing common zone in views

e different. > > Best regards, > > Matthijs > > > > On 07-09-2022 15:19, Josef Vybíhal wrote: > > Hello all, > > I am consolidating our old split DNS consisting of internal and > > external dedicated servers(VMs) into one primary server with views

Re: DNSSEC signing common zone in views

dedicated servers(VMs) into one primary server with views (there will be secondaries, but they are not important to the question). The old previous configuration is using inline-signing and auto-dnssec. I will be switching to dnssec-policy with csk. This is fine. My question is what would be considered

DNSSEC signing common zone in views

Hello all, I am consolidating our old split DNS consisting of internal and external dedicated servers(VMs) into one primary server with views (there will be secondaries, but they are not important to the question). The old previous configuration is using inline-signing and auto-dnssec. I

Re: response policy zones (rpz) and views - memory consumption

Jiri Hromadka wrote: > > Is there any way to reuse already loaded rpz zone in memory for other > views ? I know in-view is not an option for rpz, using one master / > slave zones has same memory effect. Yeah, in-view would be perfect, if only :-) You might try setting up a view th

response policy zones (rpz) and views - memory consumption

Hi, I’ve read many archived mails here and I haven’t found solution / answer, so let me ask you guys. I’m running Bind 9.11+ and using views for around 10 clients on single server, all clients has different settings and everything was working great, until we’ve decided to implement RPZ

Re: Problem with internal/external VIEWs

Well!  That was the quickest & simplest WORKING solution I have ever received from a mailing list!  Thank you! On 2021-07-05 17:55, Mark Andrews wrote: If you want the content to be the same in both views and to be dynamically updatable then use view view1 { zone example

Re: Problem with internal/external VIEWs

If you want the content to be the same in both views and to be dynamically updatable then use view view1 { zone example.com { type primary; [ allow-update / update-policy ] { … }; … }; }; view view2 { zone example.com

Problem with internal/external VIEWs

Currently running Bind v9.11.4: Several years ago, I implemented multiple VIEWs using (almost) the exact example in the Reference Manual.  However, I wanted the "example-internal.db" and "example-external.db" to be the same file. This worked until I wanted to have &quo

Re: dnssec-policy & views

Hi Graham, On 2/29/20 5:27 PM, Graham Clinch wrote: > How does the new-in-9.16 dnssec-policy interact with views - in > particular for key generation/rollover? > > For example, we have a zone defined in multiple views with different > contents (and thus not suitable for in-view

dnssec-policy & views

How does the new-in-9.16 dnssec-policy interact with views - in particular for key generation/rollover? For example, we have a zone defined in multiple views with different contents (and thus not suitable for in-view), being signed by the same set of keys (currently maintained by dnssec

Re: "overlay" views

lve the same name (let's call it "gateway") to the address of their interface on Router. So that is, hosts on Network 1 want a query of "gateway." to resolve to 192.168.1.254 and hosts on Network 2 want a query of "gateway." to resolve to 192.168.2.254. Okay. S

Re: "overlay" views

the same name > (let's call it "gateway") to the address of their interface on Router. > So that is, hosts on Network 1 want a query of "gateway." to resolve to > 192.168.1.254 and hosts on Network 2 want a query of "gateway." to > resolve to 192.168.

Re: "overlay" views

hat I am looking for is a way to save the duplicate copying of Network > 3 resources to the views for Network 1 and Network 2. This is where > the term "overlay" comes in. What I'd like to do is reference a single > copy of data from Network 3 in Network 1 and 2's views but "

"overlay" views

lve to 192.168.1.254 and hosts on Network 2 want a query of "gateway." to resolve to 192.168.2.254. So this is currently all achievable through "views" in BIND 9, but requires that the zone data for each view be 98% duplicate (Network 3 resources) and continually copy-n-paste updated

Re: Bind with views: forward any public domain in one view

Thanks a lot !!! El jue., 15 ago. 2019 a las 13:09, Matus UHLAR - fantomas (< uh...@fantomas.sk>) escribió: > On 15.08.19 12:18, Roberto Carna wrote: > >Dear, I have a BIND 9 working with two views. > > > >One view forwards two public domains to our resolver. > &

Re: Bind with views: forward any public domain in one view

On 15.08.19 12:18, Roberto Carna wrote: Dear, I have a BIND 9 working with two views. One view forwards two public domains to our resolver. And I want the second view to forward any public domain to our resolver in order to let navigate withouth restrictions. what restricions and where

Bind with views: forward any public domain in one view

Dear, I have a BIND 9 working with two views. One view forwards two public domains to our resolver. And I want the second view to forward any public domain to our resolver in order to let navigate withouth restrictions. I need something like this: zone "ANY" { ty

Re: Bind 9 with Views: zone transfer refused from master to slave

Dear people, finalla I could put to work my zone transfers. I have review my config one more time and I am using one TSIG key for each view. Thanks a lot, regards!!! El jue., 4 jul. 2019 a las 9:38, Tony Finch () escribió: > Roberto Carna wrote: > > > > As I have shown above,

Re: Bind 9 with Views: zone transfer refused from master to slave

Roberto Carna wrote: > > As I have shown above, I use two views with a TSIG key for each view, but > the zone transfer doesn't work. The redacted config you posted did not consistently use key one in view one and key two in view two. I don't know if your real config has the sam

Re: Bind 9 with Views: zone transfer refused from master to slave

Dear, thanks for your help. As I have shown above, I use two views with a TSIG key for each view, but the zone transfer doesn't work. Please can you send me your Bind views configuration if you can, on master and slave sides? Thanks a lot again. Regards!!! El mié., 3 jul. 2019 a las 17:27

Re: Bind 9 with Views: zone transfer refused from master to slave

On 03/07/2019 22.14, Grant Taylor via bind-users wrote: > On 7/3/19 2:04 PM, Lightner, Jeffrey wrote: >> You have to use separate IPs for the separate views on the master and >> the slave. > > I thought you could use different TSIG keys to identify different > zones with

Re: Bind 9 with Views: zone transfer refused from master to slave

On 7/3/19 2:04 PM, Lightner, Jeffrey wrote: You have to use separate IPs for the separate views on the master and the slave. I thought you could use different TSIG keys to identify different zones with a single IP at each end. Is that not the case? -- Grant. . . . unix || die

RE: Bind 9 with Views: zone transfer refused from master to slave

You have to use separate IPs for the separate views on the master and the slave. Here we just put alias IPs on the primary interfaces and use those for the second view. From: bind-users On Behalf Of Roberto Carna Sent: Wednesday, July 03, 2019 3:21 PM To: ML BIND Users Subject: Bind 9

Bind 9 with Views: zone transfer refused from master to slave

Hi people, I have a master/slave Bind 9.10.3 servers configured with views and TSIG keys on a Debian 9 host. But the transfer from master to slave is refused in the slave side, there is no a descriptive error. In both Views I have delegated the same two zones: black.com and white.com

Views, Match-Destination, Alternate Ports

something here? Is it not possible to define multiple views with different destination ports? Stuart ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https

Re: Common zone file, on multiple views

On 11/12/2018 04:57 AM, Sabri MJAHED (VINC) wrote: Hi all, Hi, I want to have the same zone on multiple views, but i didn't find any solution that ease the use of this. I would think that the zone's "in-view" statement would do what you want. I don't want to make 3 file of

Re: Common zone file, on multiple views

Sabri MJAHED (VINC) wrote: > > I dont have the -l option on the named-checkconf command. > > My version of bind is 9.11 Oh, it seems you need 9.12. Your other option is to parse a zone list out of your other config files with a bit of perl, which is what I did previously. Tony. --

Re: Common zone file, on multiple views

Hi Tony, I dont have the -l option on the named-checkconf command. My version of bind is 9.11 Sabri. On 12/11/2018 13:09, Tony Finch wrote: Sabri MJAHED (VINC) wrote: I want to have the same zone on multiple views, but i didn't find any solution that ease the use of this. I have scripts

RE: TSIG error with BIND9 Views

BIND Users Subject: TSIG error with BIND9 Views Hi people, I've implemented a BIND9 service wit two views, and only one key for TSIG. The primary and secondary server start OK, but the transfer doesn't work because in the bind.log from secondary server I can see "TSIG error". Do I have

TSIG error with BIND9 Views

Hi people, I've implemented a BIND9 service wit two views, and only one key for TSIG. The primary and secondary server start OK, but the transfer doesn't work because in the bind.log from secondary server I can see "TSIG error". Do I have to use one Key for the first view and a dif

Re: Common zone file, on multiple views

Sabri MJAHED (VINC) wrote: > I want to have the same zone on multiple views, but i didn't find any solution > that ease the use of this. I have scripts that generate in-view configurations. In order to make these scripts easier to write, I contributed the `named-checkconf -l` feature

Common zone file, on multiple views

Hi all, I've been working with bind for a bit of time, but here is a new problem. I want to have the same zone on multiple views, but i didn't find any solution that ease the use of this. I don't want to make 3 file of zone conf with multiple in-view statements. Here is the server-fault post

RE: [Question] zone transfer issue with multiple views

Okay, I followed exactly like this - https://kb.isc.org/article/AA-00851/0/Understanding-views-in-BIND-9-by-example.html And it just worked. So I can do fine-tune now. Thanks guys. Eoin From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Eoin Kim Sent: Saturday, 9 December

Re: [Question] zone transfer issue with multiple views

issue with multiple views On 8 December 2017 at 17:37, Eoin Kim <eoin@rcst.com.au<mailto:eoin@rcst.com.au>> wrote: Hi, Thanks for your help. But is it possible to do it without additional IP address? I thought that I am not really bad with BIND but as soon as I started usin

Re: [Question] zone transfer issue with multiple views

On 8 December 2017 at 17:37, Eoin Kim <eoin@rcst.com.au> wrote: > Hi, > > > Thanks for your help. But is it possible to do it without additional IP > address? I thought that I am not really bad with BIND but as soon as I > started using views, I'm going nowhere [

Re: [Question] zone transfer issue with multiple views

Hi, Thanks for your help. But is it possible to do it without additional IP address? I thought that I am not really bad with BIND but as soon as I started using views, I'm going nowhere [] I found related links: * ​https://kb.isc.org/article/AA-00851/0/Understanding-views-in-BIND-9

RE: [Question] zone transfer issue with multiple views

When we did it here we setup separate notify-source and transfer-source within the views on both the master and the slave. view "internal" { match-clients { internaldns; }; notify-source 10.9.9.8.; transfer-source 10.9.9.8; allow-transfer { dnsservers; }; ...then our zones for int

[Question] zone transfer issue with multiple views

Hi all, I wonder if anyone can help me find the cause of the problem I am currently having. I am testing BIND with two views - internal, external. Everything seems okay except for one thing - zone transfer doesn't look happening for reverse zone for external view. On my slave server, I can see

Re: head scratcher: nsupdate, Bind views, and TLSA record updates

I think it's sorted, thanks all. -Kevin From: "Tony Finch" <d...@dotat.at> To: bind-us...@isc.org Sent: Wednesday, November 1, 2017 2:50:32 AM Subject: Re: head scratcher: nsupdate, Bind views, and TLSA record updates Mark Andrews <ma...@isc.org> wrote

Re: head scratcher: nsupdate, Bind views, and TLSA record updates

Mark Andrews wrote: > > More correctly _tcp.mail.thesandiegos.com is delegated to > ns1._tcp.mail.thesandiegos.com (75.149.33.153) but the machine is > not configured to serve that zone. This also explains the puzzling check-names problem earlier - ns1._tcp.mail.thesandiegos.com

Re: head scratcher: nsupdate, Bind views, and TLSA record updates

In message <1509508757.25100.19.ca...@ns.five-ten-sg.com>, Carl Byington writes: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Tue, 2017-10-31 at 17:16 -0700, Kevin via bind-users wrote: > > $ dig TLSA _25._tcp.mail.thesandiegos.com @75.149.33.153 +dnssec > > +short > > > > > I'm

Re: head scratcher: nsupdate, Bind views, and TLSA record updates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2017-10-31 at 17:16 -0700, Kevin via bind-users wrote: > $ dig TLSA _25._tcp.mail.thesandiegos.com @75.149.33.153 +dnssec > +short > > I'm really at a loss as to what's going on inside of Bind. dig TLSA _25._tcp.mail.thesandiegos.com

Re: head scratcher: nsupdate, Bind views, and TLSA record updates

- Original Message - > From: "Warren Kumari" <war...@kumari.net> > To: "Kevin" <bind-users...@thesandiegos.com> > Cc: "bind-users" <bind-users@lists.isc.org> > Sent: Tuesday, October 31, 2017 12:47:06 PM > Subject: Re: head

Re: head scratcher: nsupdate, Bind views, and TLSA record updates

e - >> From: "Kevin" <bind-users...@thesandiegos.com> >> To: "Kevin" <bind-users...@thesandiegos.com> >> Cc: "Warren Kumari" <war...@kumari.net>, "bind-users" >> <bind-users@lists.isc.org> >> Sent

Re: head scratcher: nsupdate, Bind views, and TLSA record updates

: Tuesday, October 31, 2017 12:33:56 PM > Subject: Re: head scratcher: nsupdate, Bind views, and TLSA record updates > - Original Message - > > From: "Kevin" <bind-users...@thesandiegos.com> > > To: "Warren Kumari" <war...@kumari.net> >&

Re: head scratcher: nsupdate, Bind views, and TLSA record updates

: Tuesday, October 31, 2017 12:18:41 PM > Subject: Re: head scratcher: nsupdate, Bind views, and TLSA record updates > From: "Warren Kumari" <war...@kumari.net> > To: "Kevin" <bind-users...@thesandiegos.com> > Cc: "bind-users" <bind-users@l

Re: head scratcher: nsupdate, Bind views, and TLSA record updates

From: "Warren Kumari" <war...@kumari.net> To: "Kevin" <bind-users...@thesandiegos.com> Cc: "bind-users" <bind-users@lists.isc.org> Sent: Tuesday, October 31, 2017 11:28:58 AM Subject: Re: head scratcher: nsupdate, Bind views, and TLSA record upda

Re: head scratcher: nsupdate, Bind views, and TLSA record updates

On Tue, Oct 31, 2017 at 1:50 PM, Kevin via bind-users wrote: > I'm running into an odd issue with Bind 9.9.4 whereby I'm trying to run a > scripted nsupdate to rotate TLSA records. I'm running nsupdate via a Bash > script that executes the following nsupdate batch

head scratcher: nsupdate, Bind views, and TLSA record updates

I'm running into an odd issue with Bind 9.9.4 whereby I'm trying to run a scripted nsupdate to rotate TLSA records. I'm running nsupdate via a Bash script that executes the following nsupdate batch commands which are directed to a Bind "view" that is accessible from the wider internet: server

Re: Experiences with RPZ in multiple views

On Tue, Jul 4, 2017 at 4:10 AM, Matthias Seitz <matthias.se...@switch.ch> wrote: > Hi, > > after a couple of test runs it looks like that multiple RPZs in multiple > views works fine, example code snippet bellow (for better understanding) > > view "view1" {

Experiences with RPZ in multiple views

Hi, after a couple of test runs it looks like that multiple RPZs in multiple views works fine, example code snippet bellow (for better understanding) view "view1" { ... response-policy { RPZ Feed 1 RPZ Feed 2 RPZ Feed 3 }; }; view "view2" {

Re: inline-signing a zone that exists in two views

On Fri, May 19, 2017 at 8:56 AM, Matus UHLAR - fantomas wrote: > Gordon Messmer wrote: >>> > Is it considered best-practice (or just normal) for authoritative >>> > servers to just not use the local server for resolution? >>> >> > On Wed, May 10,

Re: inline-signing a zone that exists in two views

Gordon Messmer wrote: > Is it considered best-practice (or just normal) for authoritative > servers to just not use the local server for resolution? On Wed, May 10, 2017 at 5:56 AM, Tony Finch wrote: Mine don't :-) On 18.05.17 16:38, Bob Harold

Re: inline-signing a zone that exists in two views

On Wed, May 10, 2017 at 5:56 AM, Tony Finch wrote: > Gordon Messmer wrote: > ... > > > Is it considered best-practice (or just normal) for authoritative > > servers to just not use the local server for resolution? > > Mine don't :-) > > Tony. > > My

Re: inline-signing a zone that exists in two views

Gordon Messmer wrote: > > I'm happy that it's working, but it seems like it was fairly difficult to get > right. Am I doing an unusual thing? Yes, it is fiddly, and a relatively common problem - which is why in-view was introduced! > Is it considered best-practice (or

Re: inline-signing a zone that exists in two views

On 05/09/2017 03:15 AM, Tony Finch wrote: The classic solution is to make one view a slave of the other. Configure the slave zone with `masters { localhost key my-tsig; };` and configure the master view with `match-clients { key my-tsig; };`. OK, I think I've got this nailed down. I had to

Re: inline-signing a zone that exists in two views

Gordon Messmer <gordon.mess...@gmail.com> wrote: > On 05/08/2017 03:26 AM, Tony Finch wrote: > > You can't have zones in different views (which sre by implication > > different zones, or different versions of the same zone) pointing to the > > same files on disk, bec

Re: inline-signing a zone that exists in two views

On 05/08/2017 03:26 AM, Tony Finch wrote: Gordon Messmer <gordon.mess...@gmail.com> wrote: I have a zone that I'd like to serve in two different views, with dnssec in both views. You can't have zones in different views (which sre by implication different zones, or different ve

Re: inline-signing a zone that exists in two views

Gordon Messmer <gordon.mess...@gmail.com> wrote: > I have a zone that I'd like to serve in two different views, with dnssec in > both views. You can't have zones in different views (which sre by implication different zones, or different versions of the same zone) pointing to th

inline-signing a zone that exists in two views

I have a zone that I'd like to serve in two different views, with dnssec in both views. However, this leads to a pair of error messages: named[858]: malformed transaction: dynamic/db.dragonsdawn.net.signed.jnl last serial 2017011485 != transaction first serial 2017011477 named[858

Re: views

On 04/19/2017 10:58 AM, Victoria Risk wrote: We have implemented ECS for recursive queries in 9.10.5-S, the subscriber preview edition of BIND, which will be released today. For now, ECS recursion is available only to users with a support contract with ISC. Development of this feature was a

Re: views

> On Apr 19, 2017, at 8:47 AM, Nico CARTRON wrote: > >> Nor did I see >> details on how to have BIND send ECS with queries when it's a recursive >> server. > > As far as I know, ECS for Recursive queries is not yet implemented by ISC, or > at least it is not publicly

Re: views

On 04/19/2017 09:49 AM, Nico CARTRON wrote: Of course I meant +subnet / +nosubnet ;-) Thank you for the pointers Nico & Tony. I'm sure I'll find a way to get myself into trouble with what you've provided. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic

Re: views

On 19-Apr-2017 16:47 BST, wrote: > On 19-Apr-2017 15:59 BST, wrote: > [...] > > I'd also like to see if it's possible to have dig send ECS info. > > +edns / +noedns , but you'll need a recent dig version. Of course I meant +subnet / +nosubnet

Re: views

Hi Grant, On 19-Apr-2017 15:59 BST, <bind-users@lists.isc.org> wrote: > On 04/19/2017 03:37 AM, Tony Finch wrote: > > This is what the EDNS client subnet option is about. You can use it in > > BIND by adding "ecs" clauses to your address match lists for view

Re: views

Grant Taylor via bind-users <bind-users@lists.isc.org> wrote: > > The only occurrences I found for "ecs" on the two release notes didn't > include more details about how to configure views to use it. Yes, it's a bit mysterious. > Nor did I see details on how to hav

Re: views

On 04/19/2017 03:37 AM, Tony Finch wrote: This is what the EDNS client subnet option is about. You can use it in BIND by adding "ecs" clauses to your address match lists for views or acls. However it isn't documented in the ARM and it has significant problems. See https://kb.isc.org/

Re: views

le.net.3599INAservice_server_wan_ip Can you spot anything wrong with it? Thanks On 19 April 2017 at 09:37, Tony Finch <d...@dotat.at> wrote: > Alberto Rinaudo <alberto.rina...@gmail.com> wrote: > > > I have a bind installation on a aws server and

Re: views

Alberto Rinaudo <alberto.rina...@gmail.com> wrote: > I have a bind installation on a aws server and I'm trying to set up views > to give different responses based on the source location. > > It works fine when this dns server is the first dns used by a client, I > guess becau

views

Hello, I have a bind installation on a aws server and I'm trying to set up views to give different responses based on the source location. It works fine when this dns server is the first dns used by a client, I guess because the source address used to discriminate between views is the last hop

Re: Master/Slave communication not working if I use HMAC-SHA* algorithms when views are implemented

Hi Nagesh On Fri, Oct 14, 2016 at 11:00:24AM +0530, Nagesh Thati wrote: > Hi, > > Can anybody implemented master/slave communication with views and algorithm > HMAC-SHA* algorithms. I tried with all the HMAC-SHA* algorithms it didn't > work for me, only HMAC-MD5 algorithm worked fo

Re: Master/Slave communication not working if I use HMAC-SHA* algorithms when views are implemented

On Fri, Oct 14, 2016 at 1:30 AM, Nagesh Thati <nagesh.th...@tcpwave.com> wrote: > Hi, > > Can anybody implemented master/slave communication with views and > algorithm HMAC-SHA* algorithms. I tried with all the HMAC-SHA* algorithms > it didn't work for me, only HMAC

Master/Slave communication not working if I use HMAC-SHA* algorithms when views are implemented

Hi, Can anybody implemented master/slave communication with views and algorithm HMAC-SHA* algorithms. I tried with all the HMAC-SHA* algorithms it didn't work for me, only HMAC-MD5 algorithm worked for communication. If anybody has any idea please help me. Thanks. -- Thanks, Nagesh Thati

Re: BIND-RPZ and Views

Tom <tomtux...@gmail.com> wrote: > > What is the supported/preferred way for implementing slave-rpz's in views? > I want to achieve, that view1 has a different policy-configuration (passthru, > given, nxdomain..) than the ones configured in view2 using the same > slave-rpz-fil

Re: BIND-RPZ and Views

Hi What is the supported/preferred way for implementing slave-rpz's in views? I want to achieve, that view1 has a different policy-configuration (passthru, given, nxdomain..) than the ones configured in view2 using the same slave-rpz-files. If not obligatory, I would not synchronize/transfer

Re: BIND-RPZ and Views

Anand Buddhdev <ana...@ripe.net> wrote: > > In newer versions of BIND, you cannot share a writable file in different > views. This is a bad configurtion, and newer versions of BIND reject it. > Just use different file names. To clarify, you couldn't in older versions of BIN

Re: BIND-RPZ and Views

On 16/09/16 09:06, Tom wrote: Hi Tom, > Using BIND 9.10.4-P2: I've a question about configuring DNS-RPZ and views: > I configured view1 and view2. After configuring all rpz-zones in both > views, I had errors like this (slave file in view2 is already in use > from view1): > conf

BIND-RPZ and Views

Hi Using BIND 9.10.4-P2: I've a question about configuring DNS-RPZ and views: I configured view1 and view2. After configuring all rpz-zones in both views, I had errors like this (slave file in view2 is already in use from view1): config: error: /etc/named/named.conf:403: writeable file 'slave

Re: DNS views and zone transfers, cont

On Tue, Sep 13, 2016 at 10:58 AM, project722 <project...@gmail.com> wrote: > I have moved the new views into production, and all seems to be working > fine. I have an "internal" view and an "external" view. I have noticed a > few re-occuring messages in the logs

Re: DNS views and zone transfers, cont

I have moved the new views into production, and all seems to be working fine. I have an "internal" view and an "external" view. I have noticed a few re-occuring messages in the logs of the master server that I'd like to suppress. Here is what I am seeing: 1) Warning: view ex

Re: DNS views and zone transfers, cont

I am not seeing that but thanks for the heads up. I will keep an eye on it. On Thu, Sep 8, 2016 at 10:14 AM, Bob Harold wrote: > I changed the subject slightly, because I had to cut out a lot of the > forwarded message - the list server was complaining about the size of the

Re: DNS views and zone transfers, cont

I changed the subject slightly, because I had to cut out a lot of the forwarded message - the list server was complaining about the size of the messages. I just found that my setup was not working completely as I expected. The view with only a few zones and forwarding to another view

  1   2   3   4   5   >