Steven,
Your solution is very good. It can forward the queries to the specified name
servers first.
But if the specified name server is enabled only when normal dns query process
is down. How to configure the local DNS server? The detailed scenario is
descibed in below figure:
Hi!
We are investigating an interoperatibility issue with bind and powerdns.
Scenario:
We have DNSSEC secured domain using NSEC, pasilehto.fi.
This domain has two insecure delegations
0.0.0.0.pasilehto.fi
and
1.0.0.0.pasilehto.fi
We have A records
At Wed, 19 Feb 2014 00:33:11 +0200,
Daniel Dawalibi wrote:
Kindly note that the number of recursive clients is increasing during
the problem : recursive clients: 3700/14900/15000
I think it's likely that you have a connectivity problem.
I'ld suggest checking whether your server which is
Aki Tuomi cmo...@cmouse.fi wrote:
We have A records
5.2.0.0.0.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.1.0.0.0.pasilehto.fi
and
5.2.0.0.0.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.0.0.0.pasilehto.fi
Now. If I ask DNSSEC validating BIND version 9.9.3-P2 or 9.9.4-P2 to
resolve either of those A records, I get
On Wed, Feb 19, 2014 at 12:16:19PM +0200, Aki Tuomi wrote:
Hi!
We are investigating an interoperatibility issue with bind and powerdns.
It would appear that PowerDNS is not adding non-terminals with NSEC zones.
This causes that 0.pasilehto.fi returns NXDOMAIN instead of NOERROR,
causing
On 19 February 2014 09:51, houguanghua houguang...@hotmail.com wrote:
But if the specified name server is enabled only when normal dns query
process is down. How to configure the local DNS server? The detailed
scenario is descibed in below figure:
I'm not sure if that is possible, you either
On Wed, Feb 19, 2014 at 11:50:24AM +, Tony Finch wrote:
Aki Tuomi cmo...@cmouse.fi wrote:
We have A records
5.2.0.0.0.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.1.0.0.0.pasilehto.fi
and
5.2.0.0.0.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.0.0.0.pasilehto.fi
Now. If I ask DNSSEC validating BIND
Aki Tuomi cmo...@cmouse.fi wrote:
Hi, can you try again? Just to be sure.
This time it failed in the way you described earlier:
19-Feb-2014 12:23:27.043 queries: info: client ::1#32049
(5.2.0.0.0.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.1.0.0.0.pasilehto.fi): view rec:
query:
On Wed, Feb 19, 2014 at 12:27:05PM +, Tony Finch wrote:
Aki Tuomi cmo...@cmouse.fi wrote:
Hi, can you try again? Just to be sure.
This time it failed in the way you described earlier:
19-Feb-2014 12:23:27.043 queries: info: client ::1#32049
markus weber bumpemacve...@googlemail.com wrote:
Hey Guys,
I am new to administer a Bind server and after a few problems i ran into i
need to monitor the zonefile transfers of my slave server.
I have searched on google and nagios plugin sites but could not find
anything that fits my needs
A few problems i discovered:
- sometimes have a higher serial then all masters have, is this normal on
an AD DNS? or am I doing something wrong i thought this could not happen.
Only transfer from one AD master. Microsoft AD doesn't maintain
consistent serials across the
Only transfer from one AD master. Microsoft AD doesn't maintain
consistent serials across the servers. The serials should be
monotonically increasing from a individual server.
Oh, i didn't know that. Thats weird behavior isn't it? I will give it
definitely a try, I just added 3
Hello
I am able to reach the root servers and I can resolve other domains.
; DiG 9.8.0 . ns
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 32217
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14
;; QUESTION SECTION:
;.
On Tue, Feb 18, 2014 at 10:34 PM, /dev/rob0 r...@gmx.co.uk wrote:
On Tue, Feb 18, 2014 at 11:44:15PM +0100, markus weber wrote:
I am new to administer a Bind server and after a few problems i ran
into i need to monitor the zonefile transfers of my slave server.
I think the terminology you use
On 2014-02-19 16:06, Barry S. Finkel wrote:
See MS KB article 282826, where MS documents the handling of zone
serial numbers in an AD environment.
My experience is that it tends to work pretty well if BIND only points
to one particular MS DNS server at a time, with a failover script that
Not a good solution. Even under normal circumstances, there will be
temporary bottlenecks, dropped packets, etc.. that will trigger failover
and users will get different answers at different times. Not good for
support, maintainability, user experience/satisfaction, etc.
If all you want is
Hello
is there a link to a documentation that lists the main differences between
BIND 9.8 and 9.9 ?
I would like to read it before swiching from 9.8
thank you
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this
What is the right way ... or maybe I should be asking IS there a right
way ... to change a zone that has been signed by inline signing (i.e. with
inline-signing yes; auto-dnssec maintain; in it zone statement) to unsigned?
When I change the zone statement to remove the inline signing part, and
From: BONNET, Frank frank.bon...@esiee.fr
Date: Wednesday, February 19, 2014 at 12:41 PM
To: bind-users@lists.isc.org bind-users@lists.isc.org
Subject: Difference between BIND 9.8 and 9.9
Hello
is there a link to a documentation that lists the main differences
between BIND 9.8 and 9.9 ?
I
On Wed, Feb 19, 2014 at 06:00:42PM +, Mike Hoskins (michoski) wrote:
From: BONNET, Frank frank.bon...@esiee.fr
is there a link to a documentation that lists the main differences
between BIND 9.8 and 9.9 ?
I would like to read it before swiching from 9.8
I generally browse the release
On 2/19/14, 1:33 AM, Daniel Dawalibi wrote:
Kindly note that the number of recursive clients is increasing during
the problem : recursive clients: 3700/14900/15000
rndc recursing and look to see what is plugging up your pipes.
AlanC
signature.asc
Description: OpenPGP digital signature
On 2/19/14, 8:59 PM, Chris Thompson wrote:
What is the right way ... or maybe I should be asking IS there a right
way ... to change a zone that has been signed by inline signing (i.e. with
inline-signing yes; auto-dnssec maintain; in it zone statement) to
unsigned?
When I change the zone
On 2014-02-19 16:06, Barry S. Finkel wrote:
See MS KB article 282826, where MS documents the handling of zone
serial numbers in an AD environment.
And Dave Warren replied:
My experience is that it tends to work pretty well if BIND only points
to one particular MS DNS server at a time, with
Hi, I know this is the BIND list but I’m thinking folks who deal with DNS
probably may be able to answer this question about whois.
We recently transferred and renewed a domain by 2 years which pushed its
expiration to 01/25/2025. The order confirmation shows that expiration and
looking at
On Wed, 19 Feb 2014, Lightner, Jeff wrote:
Hi, I know this is the BIND list but I???m thinking folks who deal with
DNS probably may be able to answer this question about whois.
We recently transferred and renewed a domain by 2 years which pushed its
expiration to 01/25/2025. The order
On 2014-02-19 20:44, Lightner, Jeff wrote:
Hi, I know this is the BIND list but I’m thinking folks who deal with
DNS probably may be able to answer this question about whois.
We recently transferred and renewed a domain by 2 years which pushed
its expiration to 01/25/2025. The order
Thanks. My thinking was the limit was on the whois database since the
Registrar was telling me it was registered for more than 10 years.
It appears based on this Registration FAQ regarding “compliance” that the
registrar may simply be showing it as 2024 because they can’t really report
2025
Stealth slave doesn't fully meet the requirement. It's just part of the
requirement to not publish the slave name server in the NS records. Further
more, the 'stealth' slave is quired by local DNS server only when all name
servers in the NS records are out of service ( maybe in case of
On 2014-02-19 23:29, Lightner, Jeff wrote:
Thanks. My thinking was the limit was on the whois database since the
Registrar was telling me it was registered for more than 10 years.
It appears based on this Registration FAQ regarding “compliance” that
the registrar may simply be showing it
29 matches
Mail list logo