authoritative rDNS
I set up a subnet on my server, complete with rdns, and ARIN has been adjusted for my two dns servers (ns.qcislands.net ns2.qcislands.net) the subnet: 23.235.75.0/24 if you do a lookup of, for instance: 23.235.75.10 and bounce that nslookup off of other dns servers, SOME say: Authoritative answers can be found from: ns ns2 others, well, at least google 8.8.8.8 do not show anything as authoritative, altho the IP DOES resolve. I am curious if 8.8.8.8 isn't trying, or instead, am I missing something which 8.8.8.8 considers incomplete and therefore un-authoritative ? I just want to make sure my setup is accurate. Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: authoritative rDNS
In article mailman.1483.1381387501.20661.bind-us...@lists.isc.org, Jim Pazarena b...@paz.bz wrote: I set up a subnet on my server, complete with rdns, and ARIN has been adjusted for my two dns servers (ns.qcislands.net ns2.qcislands.net) the subnet: 23.235.75.0/24 if you do a lookup of, for instance: 23.235.75.10 and bounce that nslookup off of other dns servers, SOME say: Authoritative answers can be found from: ns ns2 others, well, at least google 8.8.8.8 do not show anything as authoritative, altho the IP DOES resolve. I am curious if 8.8.8.8 isn't trying, or instead, am I missing something which 8.8.8.8 considers incomplete and therefore un-authoritative ? I just want to make sure my setup is accurate. Thanks. Including the Authority Section in a response is optional (unless it's a delegation or negative response). If you ask them explicitly for the NS records they show it: $ dig @8.8.8.8 -x 23.235.75 ns ;; ANSWER SECTION: 75.235.23.in-addr.arpa. 21600 IN NS ns2.qcislands.net. 75.235.23.in-addr.arpa. 21600 IN NS ns.qcislands.net. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Forwarding requests when DNS name doesn't exist?
(This is probably a silly question, but I want to explore every possibility.) We have a proxy firewall, with no contact between inside and outside. We have a fake internal DNS root for zones that we use internally. This works fine, since lookup of external names are only made from the outside of the proxy servers. We are about to change to a transparent firewall, which means that we remove the proxy servers. Then we have to let the inside get access to real outside DNS. Is there any way with bind, or any other DNS product, to keep our internal fake zones and have them selectively forwarded to external DNS for all names that don't exist in the internal fake zones? Clients would first ask internal DNS, and if the name exists there they will use that, but if the name doesn't exist internally they won't get a negative response. Instead their request would be forwarded to external DNS. Thanks! Peter Olsson ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Install DNS Server
Hi All, I am running Centos 5.7 32 bit server machine. I have installed and successfully run qmail,web,ftp with the same machine. Now am DNS hosting with third party. I would like to install and keep DNS hosting myself. How to do that , How to install Dns server with the same machine or different machine as well what is the complete procedure and steps. Any one help me. -- *Thanks,* *Manikandan.C* *System Administrator* ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Install DNS Server
Hi I do that and more on an ATOM machine with 2GB RAM. I use Postfix instead of qmail but see no reason qmail would not work. I installed all the relevant RPMs, configured them and it works. One thing to remember is that you need two or more DNS servers, I do that by being a stealth master with several slaves on my 3rd party provider. On 10/10/13 12.27, Chandran Manikandan wrote: Hi All, I am running Centos 5.7 32 bit server machine. I have installed and successfully run qmail,web,ftp with the same machine. Now am DNS hosting with third party. I would like to install and keep DNS hosting myself. How to do that , How to install Dns server with the same machine or different machine as well what is the complete procedure and steps. Any one help me. -- *Thanks,* *Manikandan.C* *System Administrator* ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Forwarding requests when DNS name doesn't exist?
An unwise decision, from security point of view ! You are about to open the DNS channel - public DNS resolving available for internal clients. Consequently data leakage, file transfer in/out over DNS become possible ... As far as the question about internal fake zones is concerned : if the name server has knowledge, because it is authoritative, it will use that knowledge and will not try to query name servers on the Internet. It becomes bogus for that zone : no delegation, but having knowledge. Kind regards, Marc On Thu, Oct 10, 2013 at 10:28 AM, Peter Olsson p...@leissner.se wrote: (This is probably a silly question, but I want to explore every possibility.) We have a proxy firewall, with no contact between inside and outside. We have a fake internal DNS root for zones that we use internally. This works fine, since lookup of external names are only made from the outside of the proxy servers. We are about to change to a transparent firewall, which means that we remove the proxy servers. Then we have to let the inside get access to real outside DNS. Is there any way with bind, or any other DNS product, to keep our internal fake zones and have them selectively forwarded to external DNS for all names that don't exist in the internal fake zones? Clients would first ask internal DNS, and if the name exists there they will use that, but if the name doesn't exist internally they won't get a negative response. Instead their request would be forwarded to external DNS. Thanks! Peter Olsson ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Install DNS Server
Any reason why you’re using CentOS 5.7 given that 6.4 (and maybe later) is available? if this is a new system you really ought to think about use the 6.x stuff. 5.x is long in the tooth even though still supported it has many older upstream packages of things including BIND. CentOS does put bug and security fixes in (or RedHat does and CentOS gets them because they build from RHEL source) but you still end up with something very old (BIND 9.3.x) that most folks on this list don’t want to talk about because it is long past EOL for BIND. From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Sten Carlsen Sent: Thursday, October 10, 2013 6:38 AM To: Chandran Manikandan Cc: bind-users@lists.isc.org Subject: Re: Install DNS Server Hi I do that and more on an ATOM machine with 2GB RAM. I use Postfix instead of qmail but see no reason qmail would not work. I installed all the relevant RPMs, configured them and it works. One thing to remember is that you need two or more DNS servers, I do that by being a stealth master with several slaves on my 3rd party provider. On 10/10/13 12.27, Chandran Manikandan wrote: Hi All, I am running Centos 5.7 32 bit server machine. I have installed and successfully run qmail,web,ftp with the same machine. Now am DNS hosting with third party. I would like to install and keep DNS hosting myself. How to do that , How to install Dns server with the same machine or different machine as well what is the complete procedure and steps. Any one help me. -- Thanks, Manikandan.C System Administrator ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.orgmailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! Athena®, Created for the Cause™ Making a Difference in the Fight Against Breast Cancer How and Why I Should Support Bottled Water! Do not relinquish your right to choose bottled water as a healthy alternative to beverages that contain sugar, calories, etc. Your support of bottled water will make a difference! Your signatures count! Go to http://www.bottledwatermatters.org/luv-bottledwater-iframe/dswaters and sign a petition to support your right to always choose bottled water. Help fight federal and state issues, such as bottle deposits (or taxes) and organizations that want to ban the sale of bottled water. Support community curbside recycling programs. Support bottled water as a healthy way to maintain proper hydration. Our goal is 50,000 signatures. Share this petition with your friends and family today! - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Install DNS Server
On 10/10/13 4:26 AM, Lightner, Jeff wrote: CentOS does put bug and security fixes in (or RedHat does and CentOS gets them because they build from RHEL source) but you still end up with something very old (BIND 9.3.x) that most folks on this list don’t want to talk about because it is long past EOL for BIND. Another incentive is that when you enable DNSSEC (and I hope you will, but not until you first get DNS itself working), you'll need a current version of bind to take advantage of its key management features. dn ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Install DNS Server
While I mostly agree, simply doing a 'yum update' against the CentOS repos will pull you up to 5.9...which isn't really old, it was released around the same time as 6.4. Then at least your base OS is up to date, and you don't have to use the community RPMs. You can build from source, generate your own packages, or use community SRPMs that are available. Newer is generally better, but depending upon what you're doing moving from 5.x to 6.x (or changing major versions in general) is often not as easy as it sounds. I personally still have to maintain 5.x and 6.x to keep our developers happy. That said, running 5.x is still not an excuse to be out of date. Based on the question, this might just be lack of experience...but moving to the latest minor release is very simple. http://www.tecmint.com/how-to-upgrade-from-centos-5-x-to-centos-5-9/ http://www.howtoforge.com/bind-installation-on-centos http://www.linuxfromscratch.org/blfs/view/svn/server/bind.html http://www.five-ten-sg.com/mapper/bind -Original Message- From: Lightner, Jeff jlight...@water.com Date: Thursday, October 10, 2013 7:26 AM To: Sten Carlsen st...@s-carlsen.dk, Chandran Manikandan tech2m...@gmail.com Cc: bind-users@lists.isc.org bind-users@lists.isc.org Subject: RE: Install DNS Server Any reason why you¹re using CentOS 5.7 given that 6.4 (and maybe later) is available? if this is a new system you really ought to think about use the 6.x stuff. 5.x is long in the tooth even though still supported it has many older upstream packages of things including BIND. CentOS does put bug and security fixes in (or RedHat does and CentOS gets them because they build from RHEL source) but you still end up with something very old (BIND 9.3.x) that most folks on this list don¹t want to talk about because it is long past EOL for BIND. From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Sten Carlsen Sent: Thursday, October 10, 2013 6:38 AM To: Chandran Manikandan Cc: bind-users@lists.isc.org Subject: Re: Install DNS Server Hi I do that and more on an ATOM machine with 2GB RAM. I use Postfix instead of qmail but see no reason qmail would not work. I installed all the relevant RPMs, configured them and it works. One thing to remember is that you need two or more DNS servers, I do that by being a stealth master with several slaves on my 3rd party provider. On 10/10/13 12.27, Chandran Manikandan wrote: Hi All, I am running Centos 5.7 32 bit server machine. I have installed and successfully run qmail,web,ftp with the same machine. Now am DNS hosting with third party. I would like to install and keep DNS hosting myself. How to do that , How to install Dns server with the same machine or different machine as well what is the complete procedure and steps. Any one help me. -- Thanks, Manikandan.C System Administrator ___Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing listbind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-us ers -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! Athena®, Created for the Cause Making a Difference in the Fight Against Breast Cancer How and Why I Should Support Bottled Water! Do not relinquish your right to choose bottled water as a healthy alternative to beverages that contain sugar, calories, etc. Your support of bottled water will make a difference! Your signatures count! Go to http://www.bottledwatermatters.org/luv-bottledwater-iframe/dswaters and sign a petition to support your right to always choose bottled water. Help fight federal and state issues, such as bottle deposits (or taxes) and organizations that want to ban the sale of bottled water. Support community curbside recycling programs. Support bottled water as a healthy way to maintain proper hydration. Our goal is 50,000 signatures. Share this petition with your friends and family today! - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users