Local firewall rules on the server? Did you have to make any firewall
changes for IPv4? Did you do the same for IPv6?
On Mon, Mar 18, 2019 at 10:20 PM Mark Andrews wrote:
>
> On the server run "dig version.bind txt ch @::1”. This should get a response
> and
> work from there. e.g. "dig
On the server run "dig version.bind txt ch @::1”. This should get a response
and
work from there. e.g. "dig version.bind txt ch @other_addresses”, then try from
different machines. Named has had IPv6 support for 2 decades now. The problem
will almost certainly be with the environment not the
Hello ALL,
I set up a recursion DNS in our college. It works well in ipv4
request,but can not resolve ipv6 request. The named.conf file is as follows:
acl "trusted"{202.115.253.0/24;202.112.16.0/24;202.112.14.0/23;};
acl "ipv6" {2001:da8:6000::/48;};
options{
directory
> On 19 Mar 2019, at 10:59 am, LeBlanc, Daniel James
> wrote:
>
> Thanks Mark for your quick response.
>
> On page 29 of the Bv9-12-3-P1ARM I had seen the following, which is why I
> thought that I "needed" to have one of those statements:
>
>
> " Using the auto-dnssec option requires the
On 3/18/19 7:33 PM, LeBlanc, Daniel James wrote:
> I have a pair of ISC BIND 9.12.3-P1 servers that are configured as
> slaves to a pair of Hidden Master servers. The Hidden Masters are a
> proprietary product and unfortunately when used to sign the zones, the
> SOA records are not populated as
Thanks Mark for your quick response.
On page 29 of the Bv9-12-3-P1ARM I had seen the following, which is why I
thought that I "needed" to have one of those statements:
" Using the auto-dnssec option requires the zone to be configured to allow
dynamic updates, by adding an allow-update or
You don’t need update-policy local. In inline-signing mode named maintains its
own copy
of the zone with the DNSSEC records in addition to the copy from upstream.
DNSSEC is
controlled by rndc.
> On 19 Mar 2019, at 10:33 am, LeBlanc, Daniel James
> wrote:
>
> Hello All.
>
> I have a pair
Hello All.
I have a pair of ISC BIND 9.12.3-P1 servers that are configured as slaves to a
pair of Hidden Master servers. The Hidden Masters are a proprietary product
and unfortunately when used to sign the zones, the SOA records are not
populated as expected. As a result, I was looking into
On Mon, 18 Mar 2019 12:32:56 -0700
Victoria Risk wrote:
> Regarding allow-update:
> [...]
> Regards,
>
> Vicky Risk
> Product Manager for BIND
Thank you for this very professional statement and for noting my suggestion
regarding "zone templates". Generally I would have voted for Alans' way of
On Sun, 17 Mar 2019 at 13:34, Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:
>
> > I mean, sure you can use it perfectly, only not good if hosting hundreds
> > or thousands domains
>
> Why can't you use BIND to host hundreds or thousands of domains?
>
You definitely can. My
Regarding allow-update:
- We do try to avoid ‘breaking existing deployments’ with this sort of change.
We do also have to balance maintaining existing deployments with making
improvements in security and usability.
- When we ‘clarified’ behavior of BIND in 9.13.5 preventing the use of
On Mon, 18 Mar 2019 12:06:57 -0400
Bob Harold wrote:
>>[...]
> Thanks for the explanation, and for asking for input.
> And thanks for maintaining BIND, we depend on it.
>
> My group manages about 3000 zones.
> In my opinion, 'everything' should be inherited, to make the configuration
> as simple
On Sun, Mar 17, 2019 at 4:38 PM Alan Clegg wrote:
> On 3/17/19 2:51 PM, Alan Clegg wrote:
> > On 3/17/19 7:13 AM, Stephan von Krawczynski wrote:
> >> Hello all,
> >>
> >> I am using "BIND 9.13.7 (Development Release) " on arch
> linux. Up
> >> to few days ago everything was fine using "certbot
Hello again,
On Mon, 18 Mar 2019, Alan Clegg wrote:
Take the personal attacks elsewhere if you don't mind.
My post was not intended to be a personal attack. I did explain that
it was sent in more haste than I'd have liked, and perhaps it might
have been better if I'd have left it until I
On 3/18/19 7:57 AM, Alan Clegg wrote:
Let me say that I didn't mean to disparage or discount small operators.
I didn't take anything you said as disparaging or as if it was trying to
discount small operators.
You asked what seemed to me as legitimate questions. I tried to provide
what I
On Mon, 2019-03-18 at 09:57 -0400, Alan Clegg wrote:
> Having said that, my $DAYJOB revolves (just a bit) around doing
> BIND/DHCP stuff all day long, so I may have a leg up on being able to
> twiddle with my configurations a bit more. ;-)
Put that leg down, young man, and stop twiddling with
On 3/17/19 10:43 PM, Grant Taylor via bind-users wrote:
> On 3/17/19 6:31 PM, Alan Clegg wrote:
>> The change was an unintended consequence ending up in what was thought
>> to have been the correct behavior all along, so.. Yes.
>>
>> How many zones are you authoritative for?
> I think most people
Time and time again, it has been shown that
there is huge value in diversity. If you
were to invest a million dollars in Africa,
it most places you would get a million
dollars' worth of grass huts. If you invest
a million dollars in
computer-programmer-designed software, most
of what you will
On Mon, 18 Mar 2019 11:37:50 +
Tony Finch wrote:
> Stephan von Krawczynski wrote:
> >
> > But to us it was clearly time to at least present the idea to configure
> > zones based on a user-defined default zone entry.
>
> Catalog zones have that kind of structure: there are options at the
On 3/18/19 6:53 AM, G.W. Haywood via bind-users wrote:
> I've been reading this exchange with growing frustration, and I hope a
> forthright response will be excused - especially since I now have to
> dash out to the hospital so I don't have more time to work on this.
>
> On Mon, 18 Mar 2019, or
Stephan von Krawczynski wrote:
>
> But to us it was clearly time to at least present the idea to configure
> zones based on a user-defined default zone entry.
Catalog zones have that kind of structure: there are options at the level
of the whole catalog which individual zones can override.
Hi there,
I've been reading this exchange with growing frustration, and I hope a
forthright response will be excused - especially since I now have to
dash out to the hospital so I don't have more time to work on this.
On Mon, 18 Mar 2019, or possibly earlier, Alan Clegg wrote:
The change was
Please let me re-phrase the above suggestion to:
zone-default "default1" { type master; allow-update { 127.0.0.1; }; };
zone-default "default-slave" { type slave; masters { 10.0.0.1; 10.0.0.2; }; };
zone "mytest.domain" { default1; file "a_zone_file_for_mytest.domain"; };
zone
Ok, first let me thank Alan et al for clearing up the initial topic and making
the problem more visible than me was able to.
Just for the papers, we are hosting some hundred domains, and of course we are
able to handle sed. We can change the config regarding this issue. But to us
it was clearly
24 matches
Mail list logo
