On 12/05/2012 06:10 AM, Nick Edwards wrote:
Hi All,
Is there a way for RPZ zone file to act on domain AND subdomains
without using two separate entries?
At present I can only get them to match on one or the other unless I do
example.comblah
*.example.com blah
I'm sure I've
On 12/04/2012 06:35 PM, Barry S. Finkel wrote:
A question from the OP that has not yet been answered -
Make the zones masters on all servers.
Surely not for RPZ? The whole point with RPZ is that you have one zone
containing all the blacklists, master in one place, and slave it in all
the
On Wed, 2012-12-05 at 09:13 +, Phil Mayers wrote:
On 12/04/2012 06:35 PM, Barry S. Finkel wrote:
A question from the OP that has not yet been answered -
Make the zones masters on all servers.
Surely not for RPZ? The whole point with RPZ is that you have one zone
containing all the
On Wed, 2012-12-05 at 10:23 +0100, Daniele Imbrogino wrote:
/etc/bind/named.conf.option
WTF is that file? it certainly is not an ISC named file.
if you are using some butchered to buggery distros file, please ask on
your distros mailing list
we are not to know what that file contains, or
On 05.12.2012 10:23, Daniele Imbrogino wrote:
I restarted BIND9 and then I tried, for example, 'dig www.apple.com'
obtaining connection timed out; no servers could be reached.
But if I try 'dig @10.0.2.3 www.apple.com' it works correctly and I obtain
the correct answer.
Why? How can I resolve
On 12/05/2012 11:45 AM, Noel Butler wrote:
RPZ:
dig bobi.at
;; Query time: 996 msec
You're correct that blackhole zones and RPZ have different performance
characteristics. For others reading, this is because with RPZ, the real
name is queried first, then RPZ applies to the answers, so if
On 28.11.12 18:38, Tony Finch wrote:
Yes it does. For example, have a look at responses to queries for
dotat.at
in mx for various buffer sizes and observe that RRsets are dropped but
the
TC bit is not set.
On 11/30/2012 01:30 PM, Matus UHLAR - fantomas wrote:
Nice to see. I'm seeing
On 02.12.12 18:10, Paul Romano wrote:
Thanks for the correction on the term TTL instead of timer. The engineer I
inherited this environment from has the refresh set to 40 minutes and the
zone expiration set to 2 hours. The explanation I got was that since we
are authoritative for AD we want
On 03.12.12 21:32, Daniele Imbrogino wrote:
I edited the working directory to /etc/bind because this is the directory
where I have all the zone data files.
If I use the default /var/cache/bind do I have to move also the zone data
files
no, you will just have to provide full path in zones'
In message 20121205125024.gc11...@fantomas.sk, Matus UHLAR - fantomas writes:
On 28.11.12 18:38, Tony Finch wrote:
Yes it does. For example, have a look at responses to queries for
dotat.at
in mx for various buffer sizes and observe that RRsets are dropped but
the
TC bit is not set.
On 29.11.12 11:44, Chiesa Stefano wrote:
I created an application to delegate zone management to collegues that
are used to ask changes to that zones.
I would set up a small zone administration test to verify a minimal
dns knowledge (right use of main RR such A-CNAME-MX.)
Can you suggest me
I don't have any source of a a DNS exam, but since you seem to be
expecting a limited set of skills, how about a few questions of the sort
What is an A record?
What is an MX record?
What does the SOA record contain
What does the serial number control
Think about what they will be working
On Wed, 2012-12-05 at 10:23 +0100, Daniele Imbrogino wrote:
/etc/bind/named.conf.option
On 05.12.12 21:47, Noel Butler wrote:
WTF is that file? it certainly is not an ISC named file.
It's file containing the options section, installed by default in debian.
From the changelog:
* Do
resolv.conf contains only 127.0.0.1 as nameserver.
The syslog contains a lot of errors as insecurity proof failed, no valid
RRSIG, got insecure response that I don't understand.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
Finally I solved it!
The problem was in the write permission of /etc, while in /var/cache/bind
it works perfectly!
Thank you for the assistance!
2012/12/5 Matus UHLAR - fantomas uh...@fantomas.sk
On 03.12.12 21:32, Daniele Imbrogino wrote:
I edited the working directory to /etc/bind because
Hi,
The make test stuff is failing miserably for me on Linux (Redhat
6.3, x64) with 9.9.2-P1:
if test -f ./runall.sh; then sh ./runall.sh; fi
S:acl:Wed Dec 5 08:10:01 EST 2012
T:acl:1:A
A:System test acl
I:Couldn't start server ns2 (pid=7621)
R:FAIL
S:allow_query:Wed Dec 5 08:10:15 EST 2012
On 05.12.2012 14:59, Daniele Imbrogino wrote:
resolv.conf contains only 127.0.0.1 as nameserver.
The syslog contains a lot of errors as insecurity proof failed, no valid
RRSIG, got insecure response that I don't understand.
Your forwarder probably doesn't handle DNSSEC responses well.
Mark Andrews ma...@isc.org wrote:
In message 20121205125024.gc11...@fantomas.sk, Matus UHLAR - fantomas
writes:
I'm curious if there's any case where the AUTHORITY section is needed to
proper function of DNS.
Yes. Referrals.
And, (to a lesser extent) negative answers, since the
Hello, I have a domain called mydomain.org
I would need a way to allow access with nsupdate not to the entire
domain mydomain.org
but only to specific hosts and specific IP Address do be modified using
nsupdate.
here is my config
zone mydomain.org IN {
type master;
On 12/05/2012 11:29 AM, fddi wrote:
Hello, I have a domain called mydomain.org
I would need a way to allow access with nsupdate not to the entire
domain mydomain.org
but only to specific hosts and specific IP Address do be modified using
nsupdate.
here is my config
zone mydomain.org
In message 50bfaba3.5040...@dougbarton.us, Doug Barton writes:
On 12/05/2012 11:29 AM, fddi wrote:
Hello, I have a domain called mydomain.org
I would need a way to allow access with nsupdate not to the entire
domain mydomain.org
but only to specific hosts and specific IP Address do be
On 12/05/2012 07:29 PM, fddi wrote:
Hello, I have a domain called mydomain.org
I would need a way to allow access with nsupdate not to the entire
domain mydomain.org
but only to specific hosts and specific IP Address do be modified using
nsupdate.
here is my config
zone mydomain.org IN {
On 12/05/2012 04:46 AM, Carl Byington wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/util/bind-9.9.2-0.2.P1.fc18.src.rpm
Carl,
Thanks for this. One minor thing - the -P1 is missing from the embedded
tarball. I think there might be something going on with the
On 12/05/2012 12:30 PM, Mark Andrews wrote:
grant mykey. name host1.mydomain.org. A
Ah, cool ... learned something new today. :)
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
I have some questions and would really appreciate if someone would be able
to assist. I just started a new job at a hosting company and am in a little
bit over my head.
Question 1:
In our secondary / slave name servers we specify the master name servers in
the normal manner:
zone mysample.me.uk {
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2012-12-05 at 21:04 +, Phil Mayers wrote:
Thanks for this. One minor thing - the -P1 is missing from the
embedded tarball. I think there might be something going on with the
%{VERSION} macro?
major - that version was actually 9.9.2,
This may be a silly question, but are SPF records supposed to be
supported in reverse zones? I'm thinking of a mail server that has no
entry in the DNS.
Regards, K.
--
~~~
Karl Auer (ka...@biplane.com.au)
On Thu, 6 Dec 2012, Karl Auer wrote:
This may be a silly question, but are SPF records supposed to be
supported in reverse zones? I'm thinking of a mail server that has no
entry in the DNS.
Well, most mail servers will reject such a server (i.e. one with NO rdns).
However, there's another
In article mailman.818.1354751059.11945.bind-us...@lists.isc.org,
Karl Auer ka...@biplane.com.au wrote:
This may be a silly question, but are SPF records supposed to be
supported in reverse zones? I'm thinking of a mail server that has no
entry in the DNS.
Many anti-spam rules block mail
In message alpine.bsf.2.00.1212052345240.58...@bikeshed.isc.org, Dan Mahoney w
rites:
On Thu, 6 Dec 2012, Karl Auer wrote:
This may be a silly question, but are SPF records supposed to be
supported in reverse zones? I'm thinking of a mail server that has no
entry in the DNS.
Well,
Hi Shane, Mark, Evan
On Tue, 2012-10-16 at 08:22 +0200, Shane Kerr wrote:
Noel,
These changes are in our review queue now, so will go in future
releases.
Cheers,
I guess this was not pushed in? After update to 9.9.2-p1 the old
logging returned, eg:
huge snip
Dec 6 10:47:30 ns1
31 matches
Mail list logo
