On 15. 05. 24 17:21, Peter Carlson wrote:
As I understand it bind_dlz does not support multiple views, I have to
following scenario and am trying to figure out how to configure it:
* Internal (192.168.10.0/24)
o resolve internal domain xyz.com
o resolve internal samba domain
As I understand it bind_dlz does not support multiple views, I have to
following scenario and am trying to figure out how to configure it:
* Internal (192.168.10.0/24)
o resolve internal domain xyz.com
o resolve internal samba domain xyz.lab
o resolve single address xyz.3cx.us
Hello,
How can I configure BIND9 to reply to requests from DNS-over-HTTPS with
view A, and if the requests is from normal DNS on port 53, reply with
view B?
Example:
client 192.168.1.5 requests A record test.example.com with DNS over
HTTPS, BIND should reply with view A
client 192.168.1.5
Thanks all for the responses and guidance.
This is just me doing some tweaky things with a few local bind servers with
systems on multiple vlans trying to properly resolve traversing multiple
subnets and thinking I could leverage views for something it wasn't meant
for [but I think would be handy
Hi.
Ah, I got the networks the wrong way round.
Sorry, it wasn't until I saw Sten's response that it occurred to me that
not everyone knows how views work. Indeed a query will be tested against
each view, top down. If it satisfies the criteria for a view (either/both
match-clients and match
On 6/29/23 6:44 AM, Matus UHLAR - fantomas wrote:
bind has "sortlist" statement that could do what you want. It will
provide all IPs but sorted differently.
+1 to "sortlist". I couldn't remember the exact nomenclature nor how it
was used.
Otherwise, you can s
-policy {
grant ddns-key wildcard *.20.32.10.in-addr.arpa PTR;
};
};
zone "30.32.10.in-addr.arpa" {
type master;
forwarders {};
file "/var/lib/bind/db.30.32.10.in-addr.arpa";
update-policy {
grant ddns-key wildcard *.30.32.10.in-addr.arpa PTR;
};
};
I now realize
Hi Ubence.
That is starting to get complex!
Firstly, yes BIND parses views top down, so order matters.
Secondly, most specific domain wins (like more specific routes).
I now see that you have created three levels of zones:
domain.com
lab.domain.com
system.lab.domain.com
This config looks like
{ any; }.
Please remember that ONLY ONE view is matched. Your main view is only used if
none of the other views match.
>
> What I didn't mention in my original post was that I have other subnets
> configured for this remote host through vlans with different IP addresses.
> That'
vlans with different IP addresses.
That's why there are so many other views. I was hoping the match-clients
per each view would return the appropriate IP address per subnet making the
request.
include "/etc/bind/rndc.key";
include "/etc/bind/ddns-key.key";
view "192.168.
wise, you can set up multiple views with different versions of the same
zone, configured to provide different verision according to source IP.
This is much harder to set up.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail adverti
Hi Ubence.
Firstly, may we see your configs please. It's impossible to say exactly
what's going on from a human description.
Secondly, views and different answers. Yes it *is* entirely possible to use
views to provide answers based on client IP - `match-clients. I would start
with the most
lab.domain.com is a higher priority than domain.com even with the
system.lab tacked onto the primary domain.
I started dabbling with views and tried to set up specific views that would
return a fully qualified hostname as a domain based on what network the
request came from. If the request came from
Hi Carsten.I've been running split views with a DNSSEC zone using dnssec-policy
for at least a couple of years.I'm using a CSK (i.e. combined KSK+ZSK) and
haven't yet worked out the best way to automate key rollover wrt DS in parent
zone, so my key rollovers are manual currently. Consequently
Hi Carsten,
We did have some bugs in the past when it comes to sharing keys with
dnssec-policy among different views. But the last one is from a year ago
(fixed in 9.16.19).
So while I don't have experience myself with a similar setup, we did
have some bug reports that used dnssec-policy
Hi,
(please do not start a discussion on the usefulness of views. I'm not in favor
of views, but sometimes I have to work with them).
I have a client that runs a split horizon (internal / external view of the same
domain namespace) setup with BIND 9 on Linux.
Both the internal and external
Hi E R.
My short answer would be, don't configure views unless you have a good use
case for them. For example you are running resolvers that have two
different kinds of clients that need to be handled differently - one client
set needs RPZ, the other doesn't. Or something like that.
BIND has
New to BIND and just starting to read the 5th edition from O'Reilly after
watching some videos online while it made its way to me. I am trying to
understand why the view statement appears to be included by default in most
Linux distributions if best practice says you should have separate servers
e different.
>
> Best regards,
>
> Matthijs
>
>
>
> On 07-09-2022 15:19, Josef Vybíhal wrote:
> > Hello all,
> > I am consolidating our old split DNS consisting of internal and
> > external dedicated servers(VMs) into one primary server with views
dedicated servers(VMs) into one primary server with views
(there will be secondaries, but they are not important to the
question). The old previous configuration is using inline-signing and
auto-dnssec. I will be switching to dnssec-policy with csk. This is
fine.
My question is what would be considered
Hello all,
I am consolidating our old split DNS consisting of internal and
external dedicated servers(VMs) into one primary server with views
(there will be secondaries, but they are not important to the
question). The old previous configuration is using inline-signing and
auto-dnssec. I
Jiri Hromadka wrote:
>
> Is there any way to reuse already loaded rpz zone in memory for other
> views ? I know in-view is not an option for rpz, using one master /
> slave zones has same memory effect.
Yeah, in-view would be perfect, if only :-)
You might try setting up a view th
Hi,
I’ve read many archived mails here and I haven’t found solution / answer, so
let me ask you guys.
I’m running Bind 9.11+ and using views for around 10 clients on single server,
all clients has different settings and everything was working great, until
we’ve decided to implement RPZ
Well! That was the quickest & simplest WORKING solution I have ever
received from a mailing list! Thank you!
On 2021-07-05 17:55, Mark Andrews wrote:
If you want the content to be the same in both views and to be dynamically
updatable then use
view view1 {
zone example
If you want the content to be the same in both views and to be dynamically
updatable then use
view view1 {
zone example.com {
type primary;
[ allow-update / update-policy ] { … };
…
};
};
view view2 {
zone example.com
Currently running Bind v9.11.4:
Several years ago, I implemented multiple VIEWs using (almost) the exact
example in the Reference Manual. However, I wanted the
"example-internal.db" and "example-external.db" to be the same file.
This worked until I wanted to have &quo
Hi Graham,
On 2/29/20 5:27 PM, Graham Clinch wrote:
> How does the new-in-9.16 dnssec-policy interact with views - in
> particular for key generation/rollover?
>
> For example, we have a zone defined in multiple views with different
> contents (and thus not suitable for in-view
How does the new-in-9.16 dnssec-policy interact with views - in
particular for key generation/rollover?
For example, we have a zone defined in multiple views with different
contents (and thus not suitable for in-view), being signed by the same
set of keys (currently maintained by dnssec
lve the same name
(let's call it "gateway") to the address of their interface on Router.
So that is, hosts on Network 1 want a query of "gateway." to resolve
to 192.168.1.254 and hosts on Network 2 want a query of "gateway." to
resolve to 192.168.2.254.
Okay.
S
the same name
> (let's call it "gateway") to the address of their interface on Router.
> So that is, hosts on Network 1 want a query of "gateway." to resolve to
> 192.168.1.254 and hosts on Network 2 want a query of "gateway." to
> resolve to 192.168.
hat I am looking for is a way to save the duplicate copying of Network
> 3 resources to the views for Network 1 and Network 2. This is where
> the term "overlay" comes in. What I'd like to do is reference a single
> copy of data from Network 3 in Network 1 and 2's views but "
lve to
192.168.1.254 and hosts on Network 2 want a query of "gateway." to
resolve to 192.168.2.254.
So this is currently all achievable through "views" in BIND 9, but
requires that the zone data for each view be 98% duplicate (Network 3
resources) and continually copy-n-paste updated
Thanks a lot !!!
El jue., 15 ago. 2019 a las 13:09, Matus UHLAR - fantomas (<
uh...@fantomas.sk>) escribió:
> On 15.08.19 12:18, Roberto Carna wrote:
> >Dear, I have a BIND 9 working with two views.
> >
> >One view forwards two public domains to our resolver.
> &
On 15.08.19 12:18, Roberto Carna wrote:
Dear, I have a BIND 9 working with two views.
One view forwards two public domains to our resolver.
And I want the second view to forward any public domain to our resolver in
order to let navigate withouth restrictions.
what restricions and where
Dear, I have a BIND 9 working with two views.
One view forwards two public domains to our resolver.
And I want the second view to forward any public domain to our resolver in
order to let navigate withouth restrictions.
I need something like this:
zone "ANY" {
ty
Dear people, finalla I could put to work my zone transfers.
I have review my config one more time and I am using one TSIG key for each
view.
Thanks a lot, regards!!!
El jue., 4 jul. 2019 a las 9:38, Tony Finch () escribió:
> Roberto Carna wrote:
> >
> > As I have shown above,
Roberto Carna wrote:
>
> As I have shown above, I use two views with a TSIG key for each view, but
> the zone transfer doesn't work.
The redacted config you posted did not consistently use key one in view
one and key two in view two. I don't know if your real config has the sam
Dear, thanks for your help.
As I have shown above, I use two views with a TSIG key for each view, but
the zone transfer doesn't work.
Please can you send me your Bind views configuration if you can, on master
and slave sides?
Thanks a lot again.
Regards!!!
El mié., 3 jul. 2019 a las 17:27
On 03/07/2019 22.14, Grant Taylor via bind-users wrote:
> On 7/3/19 2:04 PM, Lightner, Jeffrey wrote:
>> You have to use separate IPs for the separate views on the master and
>> the slave.
>
> I thought you could use different TSIG keys to identify different
> zones with
On 7/3/19 2:04 PM, Lightner, Jeffrey wrote:
You have to use separate IPs for the separate views on the master and
the slave.
I thought you could use different TSIG keys to identify different zones
with a single IP at each end.
Is that not the case?
--
Grant. . . .
unix || die
You have to use separate IPs for the separate views on the master and the slave.
Here we just put alias IPs on the primary interfaces and use those for the
second view.
From: bind-users On Behalf Of Roberto Carna
Sent: Wednesday, July 03, 2019 3:21 PM
To: ML BIND Users
Subject: Bind 9
Hi people, I have a master/slave Bind 9.10.3 servers configured with views
and TSIG keys on a Debian 9 host. But the transfer from master to slave is
refused in the slave side, there is no a descriptive error.
In both Views I have delegated the same two zones: black.com and white.com
something here? Is it not possible to define multiple views with
different destination ports?
Stuart
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https
On 11/12/2018 04:57 AM, Sabri MJAHED (VINC) wrote:
Hi all,
Hi,
I want to have the same zone on multiple views, but i didn't find any
solution that ease the use of this.
I would think that the zone's "in-view" statement would do what you want.
I don't want to make 3 file of
Sabri MJAHED (VINC) wrote:
>
> I dont have the -l option on the named-checkconf command.
>
> My version of bind is 9.11
Oh, it seems you need 9.12.
Your other option is to parse a zone list out of your other config files
with a bit of perl, which is what I did previously.
Tony.
--
Hi Tony,
I dont have the -l option on the named-checkconf command.
My version of bind is 9.11
Sabri.
On 12/11/2018 13:09, Tony Finch wrote:
Sabri MJAHED (VINC) wrote:
I want to have the same zone on multiple views, but i didn't find any solution
that ease the use of this.
I have scripts
BIND Users
Subject: TSIG error with BIND9 Views
Hi people, I've implemented a BIND9 service wit two views, and only one key for
TSIG.
The primary and secondary server start OK, but the transfer doesn't work
because in the bind.log from secondary server I can see "TSIG error".
Do I have
Hi people, I've implemented a BIND9 service wit two views, and only one key
for TSIG.
The primary and secondary server start OK, but the transfer doesn't work
because in the bind.log from secondary server I can see "TSIG error".
Do I have to use one Key for the first view and a dif
Sabri MJAHED (VINC) wrote:
> I want to have the same zone on multiple views, but i didn't find any solution
> that ease the use of this.
I have scripts that generate in-view configurations. In order to make
these scripts easier to write, I contributed the `named-checkconf -l`
feature
Hi all,
I've been working with bind for a bit of time, but here is a new problem.
I want to have the same zone on multiple views, but i didn't find any
solution that ease the use of this.
I don't want to make 3 file of zone conf with multiple in-view statements.
Here is the server-fault post
Okay,
I followed exactly like this -
https://kb.isc.org/article/AA-00851/0/Understanding-views-in-BIND-9-by-example.html
And it just worked. So I can do fine-tune now. Thanks guys.
Eoin
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Eoin Kim
Sent: Saturday, 9 December
issue with multiple views
On 8 December 2017 at 17:37, Eoin Kim
<eoin@rcst.com.au<mailto:eoin@rcst.com.au>> wrote:
Hi,
Thanks for your help. But is it possible to do it without additional IP
address? I thought that I am not really bad with BIND but as soon as I started
usin
On 8 December 2017 at 17:37, Eoin Kim <eoin@rcst.com.au> wrote:
> Hi,
>
>
> Thanks for your help. But is it possible to do it without additional IP
> address? I thought that I am not really bad with BIND but as soon as I
> started using views, I'm going nowhere [
Hi,
Thanks for your help. But is it possible to do it without additional IP
address? I thought that I am not really bad with BIND but as soon as I started
using views, I'm going nowhere []
I found related links:
*
https://kb.isc.org/article/AA-00851/0/Understanding-views-in-BIND-9
When we did it here we setup separate notify-source and transfer-source within
the views on both the master and the slave.
view "internal" {
match-clients { internaldns; };
notify-source 10.9.9.8.;
transfer-source 10.9.9.8;
allow-transfer { dnsservers; };
...then our zones for int
Hi all,
I wonder if anyone can help me find the cause of the problem I am currently
having. I am testing BIND with two views - internal, external. Everything seems
okay except for one thing - zone transfer doesn't look happening for reverse
zone for external view. On my slave server, I can see
I think it's sorted, thanks all.
-Kevin
From: "Tony Finch" <d...@dotat.at>
To: bind-us...@isc.org
Sent: Wednesday, November 1, 2017 2:50:32 AM
Subject: Re: head scratcher: nsupdate, Bind views, and TLSA record updates
Mark Andrews <ma...@isc.org> wrote
Mark Andrews wrote:
>
> More correctly _tcp.mail.thesandiegos.com is delegated to
> ns1._tcp.mail.thesandiegos.com (75.149.33.153) but the machine is
> not configured to serve that zone.
This also explains the puzzling check-names problem earlier -
ns1._tcp.mail.thesandiegos.com
In message <1509508757.25100.19.ca...@ns.five-ten-sg.com>, Carl Byington writes:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On Tue, 2017-10-31 at 17:16 -0700, Kevin via bind-users wrote:
> > $ dig TLSA _25._tcp.mail.thesandiegos.com @75.149.33.153 +dnssec
> > +short
> >
>
> > I'm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Tue, 2017-10-31 at 17:16 -0700, Kevin via bind-users wrote:
> $ dig TLSA _25._tcp.mail.thesandiegos.com @75.149.33.153 +dnssec
> +short
>
> I'm really at a loss as to what's going on inside of Bind.
dig TLSA _25._tcp.mail.thesandiegos.com
- Original Message -
> From: "Warren Kumari" <war...@kumari.net>
> To: "Kevin" <bind-users...@thesandiegos.com>
> Cc: "bind-users" <bind-users@lists.isc.org>
> Sent: Tuesday, October 31, 2017 12:47:06 PM
> Subject: Re: head
e -
>> From: "Kevin" <bind-users...@thesandiegos.com>
>> To: "Kevin" <bind-users...@thesandiegos.com>
>> Cc: "Warren Kumari" <war...@kumari.net>, "bind-users"
>> <bind-users@lists.isc.org>
>> Sent
: Tuesday, October 31, 2017 12:33:56 PM
> Subject: Re: head scratcher: nsupdate, Bind views, and TLSA record updates
> - Original Message -
> > From: "Kevin" <bind-users...@thesandiegos.com>
> > To: "Warren Kumari" <war...@kumari.net>
>&
: Tuesday, October 31, 2017 12:18:41 PM
> Subject: Re: head scratcher: nsupdate, Bind views, and TLSA record updates
> From: "Warren Kumari" <war...@kumari.net>
> To: "Kevin" <bind-users...@thesandiegos.com>
> Cc: "bind-users" <bind-users@l
From: "Warren Kumari" <war...@kumari.net>
To: "Kevin" <bind-users...@thesandiegos.com>
Cc: "bind-users" <bind-users@lists.isc.org>
Sent: Tuesday, October 31, 2017 11:28:58 AM
Subject: Re: head scratcher: nsupdate, Bind views, and TLSA record upda
On Tue, Oct 31, 2017 at 1:50 PM, Kevin via bind-users
wrote:
> I'm running into an odd issue with Bind 9.9.4 whereby I'm trying to run a
> scripted nsupdate to rotate TLSA records. I'm running nsupdate via a Bash
> script that executes the following nsupdate batch
I'm running into an odd issue with Bind 9.9.4 whereby I'm trying to run a
scripted nsupdate to rotate TLSA records. I'm running nsupdate via a Bash
script that executes the following nsupdate batch commands which are directed
to a Bind "view" that is accessible from the wider internet:
server
On Tue, Jul 4, 2017 at 4:10 AM, Matthias Seitz <matthias.se...@switch.ch>
wrote:
> Hi,
>
> after a couple of test runs it looks like that multiple RPZs in multiple
> views works fine, example code snippet bellow (for better understanding)
>
> view "view1" {
Hi,
after a couple of test runs it looks like that multiple RPZs in multiple
views works fine, example code snippet bellow (for better understanding)
view "view1" {
...
response-policy {
RPZ Feed 1
RPZ Feed 2
RPZ Feed 3
}; };
view "view2" {
On Fri, May 19, 2017 at 8:56 AM, Matus UHLAR - fantomas
wrote:
> Gordon Messmer wrote:
>>> > Is it considered best-practice (or just normal) for authoritative
>>> > servers to just not use the local server for resolution?
>>>
>>
> On Wed, May 10,
Gordon Messmer wrote:
> Is it considered best-practice (or just normal) for authoritative
> servers to just not use the local server for resolution?
On Wed, May 10, 2017 at 5:56 AM, Tony Finch wrote:
Mine don't :-)
On 18.05.17 16:38, Bob Harold
On Wed, May 10, 2017 at 5:56 AM, Tony Finch wrote:
> Gordon Messmer wrote:
> ...
>
> > Is it considered best-practice (or just normal) for authoritative
> > servers to just not use the local server for resolution?
>
> Mine don't :-)
>
> Tony.
>
>
My
Gordon Messmer wrote:
>
> I'm happy that it's working, but it seems like it was fairly difficult to get
> right. Am I doing an unusual thing?
Yes, it is fiddly, and a relatively common problem - which is why in-view
was introduced!
> Is it considered best-practice (or
On 05/09/2017 03:15 AM, Tony Finch wrote:
The classic solution is to make one view a slave of the other. Configure
the slave zone with `masters { localhost key my-tsig; };` and configure
the master view with `match-clients { key my-tsig; };`.
OK, I think I've got this nailed down. I had to
Gordon Messmer <gordon.mess...@gmail.com> wrote:
> On 05/08/2017 03:26 AM, Tony Finch wrote:
> > You can't have zones in different views (which sre by implication
> > different zones, or different versions of the same zone) pointing to the
> > same files on disk, bec
On 05/08/2017 03:26 AM, Tony Finch wrote:
Gordon Messmer <gordon.mess...@gmail.com> wrote:
I have a zone that I'd like to serve in two different views, with dnssec in
both views.
You can't have zones in different views (which sre by implication
different zones, or different ve
Gordon Messmer <gordon.mess...@gmail.com> wrote:
> I have a zone that I'd like to serve in two different views, with dnssec in
> both views.
You can't have zones in different views (which sre by implication
different zones, or different versions of the same zone) pointing to th
I have a zone that I'd like to serve in two different views, with dnssec
in both views. However, this leads to a pair of error messages:
named[858]: malformed transaction:
dynamic/db.dragonsdawn.net.signed.jnl last serial 2017011485 !=
transaction first serial 2017011477
named[858
On 04/19/2017 10:58 AM, Victoria Risk wrote:
We have implemented ECS for recursive queries in 9.10.5-S, the
subscriber preview edition of BIND, which will be released today. For
now, ECS recursion is available only to users with a support contract
with ISC. Development of this feature was a
> On Apr 19, 2017, at 8:47 AM, Nico CARTRON wrote:
>
>> Nor did I see
>> details on how to have BIND send ECS with queries when it's a recursive
>> server.
>
> As far as I know, ECS for Recursive queries is not yet implemented by ISC, or
> at least it is not publicly
On 04/19/2017 09:49 AM, Nico CARTRON wrote:
Of course I meant +subnet / +nosubnet
;-)
Thank you for the pointers Nico & Tony. I'm sure I'll find a way to get
myself into trouble with what you've provided.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic
On 19-Apr-2017 16:47 BST, wrote:
> On 19-Apr-2017 15:59 BST, wrote:
> [...]
> > I'd also like to see if it's possible to have dig send ECS info.
>
> +edns / +noedns , but you'll need a recent dig version.
Of course I meant +subnet / +nosubnet
Hi Grant,
On 19-Apr-2017 15:59 BST, <bind-users@lists.isc.org> wrote:
> On 04/19/2017 03:37 AM, Tony Finch wrote:
> > This is what the EDNS client subnet option is about. You can use it in
> > BIND by adding "ecs" clauses to your address match lists for view
Grant Taylor via bind-users <bind-users@lists.isc.org> wrote:
>
> The only occurrences I found for "ecs" on the two release notes didn't
> include more details about how to configure views to use it.
Yes, it's a bit mysterious.
> Nor did I see details on how to hav
On 04/19/2017 03:37 AM, Tony Finch wrote:
This is what the EDNS client subnet option is about. You can use it in
BIND by adding "ecs" clauses to your address match lists for views or
acls. However it isn't documented in the ARM and it has significant
problems. See
https://kb.isc.org/
le.net.3599INAservice_server_wan_ip
Can you spot anything wrong with it?
Thanks
On 19 April 2017 at 09:37, Tony Finch <d...@dotat.at> wrote:
> Alberto Rinaudo <alberto.rina...@gmail.com> wrote:
>
> > I have a bind installation on a aws server and
Alberto Rinaudo <alberto.rina...@gmail.com> wrote:
> I have a bind installation on a aws server and I'm trying to set up views
> to give different responses based on the source location.
>
> It works fine when this dns server is the first dns used by a client, I
> guess becau
Hello,
I have a bind installation on a aws server and I'm trying to set up views
to give different responses based on the source location.
It works fine when this dns server is the first dns used by a client, I
guess because the source address used to discriminate between views is the
last hop
Hi Nagesh
On Fri, Oct 14, 2016 at 11:00:24AM +0530, Nagesh Thati wrote:
> Hi,
>
> Can anybody implemented master/slave communication with views and algorithm
> HMAC-SHA* algorithms. I tried with all the HMAC-SHA* algorithms it didn't
> work for me, only HMAC-MD5 algorithm worked fo
On Fri, Oct 14, 2016 at 1:30 AM, Nagesh Thati <nagesh.th...@tcpwave.com>
wrote:
> Hi,
>
> Can anybody implemented master/slave communication with views and
> algorithm HMAC-SHA* algorithms. I tried with all the HMAC-SHA* algorithms
> it didn't work for me, only HMAC
Hi,
Can anybody implemented master/slave communication with views and
algorithm HMAC-SHA* algorithms. I tried with all the HMAC-SHA*
algorithms it didn't work for me, only HMAC-MD5 algorithm worked for
communication. If anybody has any idea please help me.
Thanks.
--
Thanks,
Nagesh Thati
Tom <tomtux...@gmail.com> wrote:
>
> What is the supported/preferred way for implementing slave-rpz's in views?
> I want to achieve, that view1 has a different policy-configuration (passthru,
> given, nxdomain..) than the ones configured in view2 using the same
> slave-rpz-fil
Hi
What is the supported/preferred way for implementing slave-rpz's in views?
I want to achieve, that view1 has a different policy-configuration
(passthru, given, nxdomain..) than the ones configured in view2 using
the same slave-rpz-files. If not obligatory, I would not
synchronize/transfer
Anand Buddhdev <ana...@ripe.net> wrote:
>
> In newer versions of BIND, you cannot share a writable file in different
> views. This is a bad configurtion, and newer versions of BIND reject it.
> Just use different file names.
To clarify, you couldn't in older versions of BIN
On 16/09/16 09:06, Tom wrote:
Hi Tom,
> Using BIND 9.10.4-P2: I've a question about configuring DNS-RPZ and views:
> I configured view1 and view2. After configuring all rpz-zones in both
> views, I had errors like this (slave file in view2 is already in use
> from view1):
> conf
Hi
Using BIND 9.10.4-P2: I've a question about configuring DNS-RPZ and views:
I configured view1 and view2. After configuring all rpz-zones in both
views, I had errors like this (slave file in view2 is already in use
from view1):
config: error: /etc/named/named.conf:403: writeable file
'slave
On Tue, Sep 13, 2016 at 10:58 AM, project722 <project...@gmail.com> wrote:
> I have moved the new views into production, and all seems to be working
> fine. I have an "internal" view and an "external" view. I have noticed a
> few re-occuring messages in the logs
I have moved the new views into production, and all seems to be working
fine. I have an "internal" view and an "external" view. I have noticed a
few re-occuring messages in the logs of the master server that I'd like to
suppress. Here is what I am seeing:
1) Warning: view ex
I am not seeing that but thanks for the heads up. I will keep an eye on it.
On Thu, Sep 8, 2016 at 10:14 AM, Bob Harold wrote:
> I changed the subject slightly, because I had to cut out a lot of the
> forwarded message - the list server was complaining about the size of the
I changed the subject slightly, because I had to cut out a lot of the
forwarded message - the list server was complaining about the size of the
messages.
I just found that my setup was not working completely as I expected. The
view with only a few zones and forwarding to another view
1 - 100 of 459 matches
Mail list logo