RE: Delegation questions

Kevin Darcy wrote: > > In any case, multi-hop forwarding is always the least-preferred option. > I wonder for which reason do you think this. Of course, any forwarding adds a additional hop and therefore additional delay and an additional possible point of failure. But this is true for any

Re: named[10663]: network unreachable resolving

Your system has IPv6 addresses configured so named attempts to use IPv6 to resolve names. Ask your ISP for IPv6. You may need to upgrade your router to support IPv6. The world ran out of enough IPv4 addresses to give every machine its own unique address in about 1996 and we have been using NAT

named[10663]: network unreachable resolving

I use Bind as a local caching nameserver at my house mainly to speed up spamassassin queries. Until I upgraded my Ubuntu 14.04 to 16.04 last week all was working great. After the upgrade bind has been filling up my syslog with the above error. Running 'named -V' outputs: chris@localhost:~$ named

Re: Delegation questions

On 8/11/2016 12:22 PM, bind-users-requ...@lists.isc.org wrote: I have a child domain that is delegated to a second site. Pretty straightforward situation. In the parent zone I have NS records that point to the DNS servers at the second site. The issue comes up when a slaved copy of the parent

RE: Delegation questions

Sorry, I left out the option of fixing the firewall rules. Depending on your performance/resilience requirements, available bandwidth, latency, query patterns, etc. this may or may not be preferable to slaving the zone to your site. It’s hard to say without knowing a lot of details about your

RE: Delegation questions

No, you would never get rid of a valid delegation of a child zone; why *reduce* the resolvability of that zone? Whatever you do to get around this connectivity issue would be *in*addition*to* the delegation, not as a replacement for it. That having been said, I outlined your options in a

Re: Delegation questions

> Your problem here is not directly related to the delegation. Your problem is that you have a recursive server (C) which is blocked from reaching a part of the Internet > where there is an authoritative server (B) it needs to contact. I thought I had said that... > That's a very convoluted way

Re: Delegation questions

On 11 August 2016 at 10:14, Bob McDonald wrote: > > Currently, clients sending queries for domain child.example.com. to > server A get good results. > However, clients sending queries for domain child.example.com. to server > C get SERVFAIL because server C has no access

RE: Delegation questions

The bottom line is: any resolver which is using iterative resolution (as opposed to just forwarding) to resolve names in a zone, needs to be able to talk to at least *some* of the published nameservers for the zone, or to “override” the regular referral-chain using something like a “stub” zone.

Re: Delegation questions

Let me be a bit more clear... This is strictly internal. There are no external clients or servers involved. All three of the servers have recursion turned ON. Server A has a domain (example.com.) example.com. has an NS record that points to server B and delegate child.example.com. (yes there's

Re: Delegation questions

On 11 August 2016 at 09:13, Bob McDonald wrote: > I have a child domain that is delegated to a second site. Pretty > straightforward situation. In the parent zone I have NS records that point > to the DNS servers at the second site. > > The issue comes up when a slaved

Delegation questions

I have a child domain that is delegated to a second site. Pretty straightforward situation. In the parent zone I have NS records that point to the DNS servers at the second site. The issue comes up when a slaved copy of the parent domain is running at a third site and that third site doesn't have