Re: Version statement...
In message <342bc321-feb7-4b82-bdff-1848fcc60...@starionline.com>, Jeff Justice writes: > Doesn't seem to work with or without the brackets. Does it matter what order > it appears in the > options list? Or a limit on number of characters? > > Jeff Make sure you are updating the correct named.conf and have reloaded the server. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Version statement...
You can specifically set version, authors, etc. but why not just block all "CHAOS" queries? Do you really need it? view "chaos" chaos { match-clients { any; }; allow-transfer { none; }; allow-query { none; }; allow-recursion { none; }; recursion no; zone "." { type hint; file "/dev/null"; }; }; PROD:54 root@adns3:namedb# dig @localhost version.bind chaos txt ; <<>> DiG 9.8.3-P1-RedHat-9.8.3-1.P1 <<>> @localhost version.bind chaos txt ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 48486 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;version.bind. CH TXT ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Aug 16 22:57:20 2012 ;; MSG SIZE rcvd: 30 Not to mention: view "hesiod" hesiod { match-clients { any; }; allow-transfer { none; }; allow-query { none; }; allow-recursion { none; }; recursion no; zone "." { type hint; file "/dev/null"; }; }; view "hs" hs { match-clients { any; }; allow-transfer { none; }; allow-query { none; }; allow-recursion { none; }; recursion no; zone "." { type hint; file "/dev/null"; }; }; -Original Message- From: Jeff Justice Date: Thursday, August 16, 2012 10:53 PM To: "bind-users@lists.isc.org" Subject: Re: Version statement... >Doesn't seem to work with or without the brackets. Does it matter what >order it appears in the options list? Or a limit on number of characters? > >Jeff > > >On Aug 17, 2012, at 12:34 AM, David Miller wrote: > >> >> On 8/17/2012 1:13 AM, Jeff Justice wrote: >>> I am trying to mask our DNS servers version output to a custom string, >>>but it doesn't seem to be working for me. In a nutshell, I have added >>>this to my options block of my named.conf: >>> >>> version "[DNS Server]"; >> >> options { >> version "string"; >> >> works for me in 9.8. Maybe BIND doesn't like the square brackets? >> >> >>> But when I do a query, it still shows the actual version number i.e. >>>BIND 9.9.1-P2, both from the command line and from an outside query >>>tool. >>> >>> What am I missing? >>> >>> Jeff >>> ___ >>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >>>unsubscribe from this list >>> >>> bind-users mailing list >>> bind-users@lists.isc.org >>> https://lists.isc.org/mailman/listinfo/bind-users >>> >> >> > >___ >Please visit https://lists.isc.org/mailman/listinfo/bind-users to >unsubscribe from this list > >bind-users mailing list >bind-users@lists.isc.org >https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Version statement...
Doesn't seem to work with or without the brackets. Does it matter what order it appears in the options list? Or a limit on number of characters? Jeff On Aug 17, 2012, at 12:34 AM, David Miller wrote: > > On 8/17/2012 1:13 AM, Jeff Justice wrote: >> I am trying to mask our DNS servers version output to a custom string, but >> it doesn't seem to be working for me. In a nutshell, I have added this to >> my options block of my named.conf: >> >> version "[DNS Server]"; > > options { > version "string"; > > works for me in 9.8. Maybe BIND doesn't like the square brackets? > > >> But when I do a query, it still shows the actual version number i.e. BIND >> 9.9.1-P2, both from the command line and from an outside query tool. >> >> What am I missing? >> >> Jeff >> ___ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> > > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Version statement...
On 8/17/2012 1:13 AM, Jeff Justice wrote: > I am trying to mask our DNS servers version output to a custom string, but it > doesn't seem to be working for me. In a nutshell, I have added this to my > options block of my named.conf: > >version "[DNS Server]"; options { version "string"; works for me in 9.8. Maybe BIND doesn't like the square brackets? > But when I do a query, it still shows the actual version number i.e. BIND > 9.9.1-P2, both from the command line and from an outside query tool. > > What am I missing? > > Jeff > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Version statement...
I am trying to mask our DNS servers version output to a custom string, but it doesn't seem to be working for me. In a nutshell, I have added this to my options block of my named.conf: version "[DNS Server]"; But when I do a query, it still shows the actual version number i.e. BIND 9.9.1-P2, both from the command line and from an outside query tool. What am I missing? Jeff ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: playing with 9.9.2b1 and ECDSA
On 08/16/2012 03:49 AM, Tony Finch wrote: > Tony Finch wrote: > >> 15-Aug-2012 19:56:31.969 general: error: zone fanf2.ucam.org/IN: >> update_sigs:add_sigs -> sign failure > > This turned out to be because /dev/random inside my chroot was set up > incorrectly. FreeBSD has a somewhat unusual way of dealing with device > nodes. The default configuration for named in FreeBSD handles chroot, including all of the required device nodes, for you. What I always suggest to users is to start with the defaults, and then modify it to suit. Good luck, Doug ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: SRV query with no domain?
On 16 Aug 2012, at 15:42, Christopher Cain wrote: > Of course a dig query will fail without the domain appended. Dig takes > you query at face value and will not append domains from your search > suffix list like nslookup and ping will. You ALWAYS have to fully qualify > your requests when using dig. unless you use the +search option ... /Niall ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: SRV query with no domain?
Of course a dig query will fail without the domain appended. Dig takes you query at face value and will not append domains from your search suffix list like nslookup and ping will. You ALWAYS have to fully qualify your requests when using dig. Chris. On 12-08-15 3:29 PM, "wbr...@e1b.org" wrote: >kevin wrote on 08/15/2012 12:52:18 PM: > >> I don't believe SRV lookups use the "search" directive in /etc/ >> resolv.conf; I think that's only for A (name-to-address) lookups. >> But I could be wrong on that... > >Using host I was able to do a search for _sip._tcp for the search domain >on my system (domain changed to example.org): > >wbrown@wbrown-D630:~$ host -t srv _sip._tcp >_sip._tcp.example.org has SRV record 0 0 5060 tandberg-vcse.example.org. >wbrown@wbrown-D630:~$ host -t srv _sip._tcp.example.org >_sip._tcp.example.org has SRV record 0 0 5060 tandberg-vcse.example.org. > >Dig fails on same query without domain, succeeds if it is included: > >wbrown@wbrown-D630:~$ dig +short _sip._tcp srv >wbrown@wbrown-D630:~$ dig +short _sip._tcp.example.org srv >0 0 5060 tandberg-vcse.example.org. > > > >Confidentiality Notice: >This electronic message and any attachments may contain confidential or >privileged information, and is intended only for the individual or entity >identified above as the addressee. If you are not the addressee (or the >employee or agent responsible to deliver it to the addressee), or if this >message has been addressed to you in error, you are hereby notified that >you may not copy, forward, disclose or use any part of this message or >any >attachments. Please notify the sender immediately by return e-mail or >telephone and delete this message from your system. > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: playing with 9.9.2b1 and ECDSA
Tony Finch wrote: > 15-Aug-2012 19:56:31.969 general: error: zone fanf2.ucam.org/IN: > update_sigs:add_sigs -> sign failure This turned out to be because /dev/random inside my chroot was set up incorrectly. FreeBSD has a somewhat unusual way of dealing with device nodes. Tony. -- f.anthony.n.finchhttp://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Anycast and views match-destination
So I use match-destination in BIND views on a server with multiple interfaces. If I want to configure one of these interfaces to be part of an anycast network, should I change match-destination to the anycast loopback address in that particular view? Any thoughts? Thanks ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users