Re: Zoneformat
[ Classification Level: PUBLIC ] It's not like "speed dialing" consists of prepending a bunch of more-or-less arbitrary area codes and exchanges and hoping that eventually you'll get the right combination of numbers to reach the intended recipient. THAT would be the proper analogy for suffix-searching. A better analogy of "speed dialing", in the TCP/IP context, would be browser bookmarks and the like, i.e. a limited, simplified list of choices, on the frontend, each of which translates to the appropriate protocol- and/or technology-specific identifiers, on the backend. I don't have a problem with app features that make people's lives more convenient, as long as what ends up in the DNS ecosystem is an unambiguous FQDN. As for addressing coworkers by their short names, that works and sometimes doesn't. I once worked regularly with 5 people who all had the first name "Matt" (now we're down to only 3 in our area :-) - Kevin On Mon, Oct 28, 2019 at 6:02 PM Paul Kosinski via bind-users < bind-users@lists.isc.org> wrote: > "... long ago adapted to using full numbers, including area codes, for > pretty much *all* phone dialing ..." > > Except that that proved to be so onerous that people often use "speed > dialing" for commonly dialed numbers. (Not to mention the fact that > people usually address their friends and coworkers by short names.) > > > On Mon, 28 Oct 2019 12:19:35 -0400 > Kevin Darcy wrote: > > > [ Classification Level: PUBLIC ] > > > > My opinion? It's better to wean your users away from shortnames than > > to try to cobble together kludges, on the client side or the BIND > > side, to support a bad habit. Shortnames introduce ambiguity, lead to > > nasty surprises, are inefficient and insecure. Just like we (in the > > U.S. at least) long ago adapted to using full numbers, including area > > codes, for pretty much *all* phone dialing, people can adapt to using > > FQDNs. They've already adapted to it, overwhelmingly, for Internet > > web traffic (notwithstanding some "helpful" browsers that will tack > > on "www" to the front of a shortname, and ".com" at the end, which is > > often *not* what is wanted or safe). Why have a different user > > experience, when on or off the enterprise network, a perimeter that > > is quickly eroding? Just use FQDNs everywhere, keep it consistent. > > > > Anyway, that's my 2-cents, from someone who has been battling the > > "shortname disease" for decades, with a substantial amount of > > (although not perfect) success. > > > > > > - Kevin > > > > On Mon, Oct 28, 2019 at 8:56 AM MEjaz wrote: > > > > > Noxexistent domain error . > > > > > > Here is my configuration. > > > === > > > > > > zone "crm365app" { > > > type master; > > > file "crm365app.cyberia.net.sa.hosts"; > > > allow-query {any;}; > > > }; > > > > > > > > > File > > > > > > > > > [root@ns1 ~]# cat /var/named/crm365app.cyberia.net.sa.hosts > > > $TTL 3600 > > > ; Addresses and other host information > > > ; > > > ; > > > > > > @ IN SOA ns1.cyberia.net.sa. root.cyberia.net.sa. ( > > > 2015034459 ; serial > > > 43200 ; refresh every 12 hours > > > 4320; retry after 1 hour > > > 1209600 ; expire after 2 weeks > > > 21600 ) ; minimum > > > > > > ; Define the name servers and mail servers > > > > > > IN NS ns1.cyberia.net.sa. > > > IN NS ns2.cyberia.net.sa. > > > > > > IN MX 10 smtp.cyberia.net.sa. > > > > > > ; Define localhost > > > *INA 127.0.0.1 > > > > > > ; Define hosts in this zone > > > > > > > > > www IN CNAME webhost.cyberia.net.sa. > > > crm365app IN A 212.71.33.252 > > > > > > =zone file > > > end= > > > > > > [root@ns1 named]# host crm365app > > > Host crm365app not found: 3(NXDOMAIN) > > > [root@ns1 named]# named-checkzone crm365app > > > crm365app.cyberia.net.sa.hosts > > > zone crm365app/IN: loaded serial 2015034459 > > > OK > > > > > > -Original Message- > > > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On > > > Behalf Of Reindl Harald > > > Sent: Monday, October 28, 2019 1:46 PM > > > To: bind-users@lists.isc.org > > > Subject: Re: Zoneformat > > > > > > > > > > > > Am 28.10.19 um 11:01 schrieb MEjaz: > > > > *From:* MEjaz [mailto:me...@cyberia.net.sa] > > > > *Sent:* Monday, October 28, 2019 10:27 AM > > > > *To:* 'bind-users-boun...@lists.isc.org' > > > > > > > > *Subject:* Zoneformat > > > > > > > > Is ther any way I can create the zone without the (.) I mean non > > > > fully qualified domain name just as "example" instead > > > > "example.com"' > > > > > > > > > what is the problem you try to solve? > ___ > Please visit https://lists.isc.org/mai
Re: Zoneformat
Neither analogy would work to the detail here. But search domains is the butt dial of DNS… You are better if you don’t use it as it works well until it doesn’t and you send your data to the wrong party. Ondrej > On 28 Oct 2019, at 17:01, Paul Kosinski via bind-users > wrote: > > "... long ago adapted to using full numbers, including area codes, for > pretty much *all* phone dialing ..." > > Except that that proved to be so onerous that people often use "speed > dialing" for commonly dialed numbers. (Not to mention the fact that > people usually address their friends and coworkers by short names.) > > > On Mon, 28 Oct 2019 12:19:35 -0400 > Kevin Darcy wrote: > >> [ Classification Level: PUBLIC ] >> >> My opinion? It's better to wean your users away from shortnames than >> to try to cobble together kludges, on the client side or the BIND >> side, to support a bad habit. Shortnames introduce ambiguity, lead to >> nasty surprises, are inefficient and insecure. Just like we (in the >> U.S. at least) long ago adapted to using full numbers, including area >> codes, for pretty much *all* phone dialing, people can adapt to using >> FQDNs. They've already adapted to it, overwhelmingly, for Internet >> web traffic (notwithstanding some "helpful" browsers that will tack >> on "www" to the front of a shortname, and ".com" at the end, which is >> often *not* what is wanted or safe). Why have a different user >> experience, when on or off the enterprise network, a perimeter that >> is quickly eroding? Just use FQDNs everywhere, keep it consistent. >> >> Anyway, that's my 2-cents, from someone who has been battling the >> "shortname disease" for decades, with a substantial amount of >> (although not perfect) success. >> >> >> - Kevin >> >> On Mon, Oct 28, 2019 at 8:56 AM MEjaz wrote: >> >>> Noxexistent domain error . >>> >>> Here is my configuration. >>> === >>> >>> zone "crm365app" { >>> type master; >>> file "crm365app.cyberia.net.sa.hosts"; >>> allow-query {any;}; >>> }; >>> >>> >>> File >>> >>> >>> [root@ns1 ~]# cat /var/named/crm365app.cyberia.net.sa.hosts >>> $TTL 3600 >>> ; Addresses and other host information >>> ; >>> ; >>> >>> @ IN SOA ns1.cyberia.net.sa. root.cyberia.net.sa. ( >>> 2015034459 ; serial >>>43200 ; refresh every 12 hours >>>4320; retry after 1 hour >>>1209600 ; expire after 2 weeks >>>21600 ) ; minimum >>> >>> ; Define the name servers and mail servers >>> >>>IN NS ns1.cyberia.net.sa. >>>IN NS ns2.cyberia.net.sa. >>> >>>IN MX 10 smtp.cyberia.net.sa. >>> >>> ; Define localhost >>> *INA 127.0.0.1 >>> >>> ; Define hosts in this zone >>> >>> >>> www IN CNAME webhost.cyberia.net.sa. >>> crm365app IN A 212.71.33.252 >>> >>> =zone file >>> end= >>> >>> [root@ns1 named]# host crm365app >>> Host crm365app not found: 3(NXDOMAIN) >>> [root@ns1 named]# named-checkzone crm365app >>> crm365app.cyberia.net.sa.hosts >>> zone crm365app/IN: loaded serial 2015034459 >>> OK >>> >>> -Original Message- >>> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On >>> Behalf Of Reindl Harald >>> Sent: Monday, October 28, 2019 1:46 PM >>> To: bind-users@lists.isc.org >>> Subject: Re: Zoneformat >>> >>> >>> >>> Am 28.10.19 um 11:01 schrieb MEjaz: *From:* MEjaz [mailto:me...@cyberia.net.sa] *Sent:* Monday, October 28, 2019 10:27 AM *To:* 'bind-users-boun...@lists.isc.org' *Subject:* Zoneformat Is ther any way I can create the zone without the (.) I mean non fully qualified domain name just as "example" instead "example.com"' >>> >>> >>> what is the problem you try to solve? > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Zoneformat
"... long ago adapted to using full numbers, including area codes, for pretty much *all* phone dialing ..." Except that that proved to be so onerous that people often use "speed dialing" for commonly dialed numbers. (Not to mention the fact that people usually address their friends and coworkers by short names.) On Mon, 28 Oct 2019 12:19:35 -0400 Kevin Darcy wrote: > [ Classification Level: PUBLIC ] > > My opinion? It's better to wean your users away from shortnames than > to try to cobble together kludges, on the client side or the BIND > side, to support a bad habit. Shortnames introduce ambiguity, lead to > nasty surprises, are inefficient and insecure. Just like we (in the > U.S. at least) long ago adapted to using full numbers, including area > codes, for pretty much *all* phone dialing, people can adapt to using > FQDNs. They've already adapted to it, overwhelmingly, for Internet > web traffic (notwithstanding some "helpful" browsers that will tack > on "www" to the front of a shortname, and ".com" at the end, which is > often *not* what is wanted or safe). Why have a different user > experience, when on or off the enterprise network, a perimeter that > is quickly eroding? Just use FQDNs everywhere, keep it consistent. > > Anyway, that's my 2-cents, from someone who has been battling the > "shortname disease" for decades, with a substantial amount of > (although not perfect) success. > > > - Kevin > > On Mon, Oct 28, 2019 at 8:56 AM MEjaz wrote: > > > Noxexistent domain error . > > > > Here is my configuration. > > === > > > > zone "crm365app" { > > type master; > > file "crm365app.cyberia.net.sa.hosts"; > > allow-query {any;}; > > }; > > > > > > File > > > > > > [root@ns1 ~]# cat /var/named/crm365app.cyberia.net.sa.hosts > > $TTL 3600 > > ; Addresses and other host information > > ; > > ; > > > > @ IN SOA ns1.cyberia.net.sa. root.cyberia.net.sa. ( > > 2015034459 ; serial > > 43200 ; refresh every 12 hours > > 4320; retry after 1 hour > > 1209600 ; expire after 2 weeks > > 21600 ) ; minimum > > > > ; Define the name servers and mail servers > > > > IN NS ns1.cyberia.net.sa. > > IN NS ns2.cyberia.net.sa. > > > > IN MX 10 smtp.cyberia.net.sa. > > > > ; Define localhost > > *INA 127.0.0.1 > > > > ; Define hosts in this zone > > > > > > www IN CNAME webhost.cyberia.net.sa. > > crm365app IN A 212.71.33.252 > > > > =zone file > > end= > > > > [root@ns1 named]# host crm365app > > Host crm365app not found: 3(NXDOMAIN) > > [root@ns1 named]# named-checkzone crm365app > > crm365app.cyberia.net.sa.hosts > > zone crm365app/IN: loaded serial 2015034459 > > OK > > > > -Original Message- > > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On > > Behalf Of Reindl Harald > > Sent: Monday, October 28, 2019 1:46 PM > > To: bind-users@lists.isc.org > > Subject: Re: Zoneformat > > > > > > > > Am 28.10.19 um 11:01 schrieb MEjaz: > > > *From:* MEjaz [mailto:me...@cyberia.net.sa] > > > *Sent:* Monday, October 28, 2019 10:27 AM > > > *To:* 'bind-users-boun...@lists.isc.org' > > > > > > *Subject:* Zoneformat > > > > > > Is ther any way I can create the zone without the (.) I mean non > > > fully qualified domain name just as "example" instead > > > "example.com"' > > > > > > what is the problem you try to solve? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: per-zone query-source on recursive resolver
Erich Eckner wrote: > > I'm undecided whether they're authoritative or not. On one hand, they are > distributed via DHCP as default DNS servers, speaking for "recursive", on > the other hand, they have matching SOA records (and I think, that means, > they're authoritative) - maybe they're both? If they are advertised via DHCP they have to be recursive, otherwise stub resolvers would not work :-) The key thing to look for is the RA bit (recursion available) in answers you get from the server. The servers can also be authoritative with AA=1 (authoritaive answer) for some zones, but that won't prevent you from using them as forwarders. For choosing between the alternatives I should have been more precise and said you have to use static-stub instead of forwarding if the target server is "authoritative-only" (i.e. RA=0). If you use static-stub the target server must be authoritative for the zone, regardless of whether it offers recursion. Tony. -- f.anthony.n.finchhttp://dotat.at/ a fair, free and open society ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: per-zone query-source on recursive resolver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On Mon, 28 Oct 2019, Tony Finch wrote: Erich Eckner wrote: RPZ rewrites responses as they are going out of your nameserver, so you can't use RPZ to change the way the nameserver's resolver works (because the resolver depends on incoming responses not outgoing responses). Ah, right, the name should have turned me away from it (it's "*response* policy zone", not "*question* policy zone" :-D) There are two ways to do what you want, depending on the DNS servers on the other end of the VPN: * If they are recursive, use a forward zone. This applies to all the subdomains as well, since the recursive server is expected to follow referrals/delegations itself as necessary. I'm undecided whether they're authoritative or not. On one hand, they are distributed via DHCP as default DNS servers, speaking for "recursive", on the other hand, they have matching SOA records (and I think, that means, they're authoritative) - maybe they're both? * If they are authoritative, use a static-stub zone. In this case your server will follow referrals/delegations from the remote zone, which will need to make sense wrt your split horizon network topology. Due to the SOA, I took this path and it works like a charm :-) Googling the difference between forward and static-stub zones I found this: https://jpmens.net/2011/01/25/binds-new-static-stub-zone-type/ which made me understand it - I'll use static-stub, because I want to do the recursion myself (because I can and because it's slower :-D) If you need special source addresses as well as special target addresses, add server clauses for each of the target servers on the other end of the VPN to specify which query-source address to use for them. I tried without forcing the source address and it works out-of-the box. Most probably, some iptables-MASQUERADE action gets triggered (in the end, this box also *routes* network traffic through the vpn). Thanks! Cheers, Erich Tony. -- f.anthony.n.finchhttp://dotat.at/ Humber, Thames, Dover: North 3 or 4, veering northeast 4 or 5. Slight or moderate in Humber, otherwise slight, occasionally smooth. Showers. Good. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl23FjcACgkQCu7JB1Xa e1qceg//ZMavRLfEby1qXiBFCJxU8+dDFs3AyZd+k7XQec5K2BZgn+MaEOOBRiZ0 /WfSqe3pwTJ++SPNCPPGKEB2TH4JJV9R/tepMhI8t7x5ka91dGCW9uLWcfbaF2fo 2hewwMREFk6oUL59uqfEEvT5VZx8DCissjs4RpKuhX7NXCilnDM8upDnu41XK2gR JLlOoH6PwGXAgKajDS+JdGvSwr2vJVli+1PqKeJTg2BKzIhBoP7TzucAGy9Eb612 z17WV58KmnuFobURnghe2pgU9i/nfrXy0JcS72VcYZvsVDSTVBVyeE4Lh29ifxBR b/ivDu3P8VOCLW8tLB4ealTaCWqfYbdccRlr+XHG04a1KkEWRhAvLo+isosa/ION bRqrusn9I6dOsxQxAFPxdthIRB0yUoOi36PnjTrMnpjyXhyp0UKK011ZX93D3vuT hSk5luBD0ZFsF6D6NmSkVSilsrUV5AopmKc2wt6sj6pFFDfqYxuod2CAABJVQ0eC Kj7xA77XPqTXDCviVJs+0cRReQu7CILGOVFZkiXSep1cmtsICEWtLHaKjA3gMsMA idiVNcS6jEW9QEr0QrDMmdILyxC760GtwBg5L+1t+GnyWvN13TD5AbIqUAbb+1nL +xLNhCCWydJbILCDjsHyAdasfbYQFmQBCaE6n/50zOxZoTlU3tg= =ow+h -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Zoneformat
[ Classification Level: PUBLIC ] My opinion? It's better to wean your users away from shortnames than to try to cobble together kludges, on the client side or the BIND side, to support a bad habit. Shortnames introduce ambiguity, lead to nasty surprises, are inefficient and insecure. Just like we (in the U.S. at least) long ago adapted to using full numbers, including area codes, for pretty much *all* phone dialing, people can adapt to using FQDNs. They've already adapted to it, overwhelmingly, for Internet web traffic (notwithstanding some "helpful" browsers that will tack on "www" to the front of a shortname, and ".com" at the end, which is often *not* what is wanted or safe). Why have a different user experience, when on or off the enterprise network, a perimeter that is quickly eroding? Just use FQDNs everywhere, keep it consistent. Anyway, that's my 2-cents, from someone who has been battling the "shortname disease" for decades, with a substantial amount of (although not perfect) success. - Kevin On Mon, Oct 28, 2019 at 8:56 AM MEjaz wrote: > Noxexistent domain error . > > Here is my configuration. > === > > zone "crm365app" { > type master; > file "crm365app.cyberia.net.sa.hosts"; > allow-query {any;}; > }; > > > File > > > [root@ns1 ~]# cat /var/named/crm365app.cyberia.net.sa.hosts > $TTL 3600 > ; Addresses and other host information > ; > ; > > @ IN SOA ns1.cyberia.net.sa. root.cyberia.net.sa. ( > 2015034459 ; serial > 43200 ; refresh every 12 hours > 4320; retry after 1 hour > 1209600 ; expire after 2 weeks > 21600 ) ; minimum > > ; Define the name servers and mail servers > > IN NS ns1.cyberia.net.sa. > IN NS ns2.cyberia.net.sa. > > IN MX 10 smtp.cyberia.net.sa. > > ; Define localhost > *INA 127.0.0.1 > > ; Define hosts in this zone > > > www IN CNAME webhost.cyberia.net.sa. > crm365app IN A 212.71.33.252 > > =zone file > end= > > [root@ns1 named]# host crm365app > Host crm365app not found: 3(NXDOMAIN) > [root@ns1 named]# named-checkzone crm365app > crm365app.cyberia.net.sa.hosts > zone crm365app/IN: loaded serial 2015034459 > OK > > -Original Message- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of > Reindl Harald > Sent: Monday, October 28, 2019 1:46 PM > To: bind-users@lists.isc.org > Subject: Re: Zoneformat > > > > Am 28.10.19 um 11:01 schrieb MEjaz: > > *From:* MEjaz [mailto:me...@cyberia.net.sa] > > *Sent:* Monday, October 28, 2019 10:27 AM > > *To:* 'bind-users-boun...@lists.isc.org' > > > > *Subject:* Zoneformat > > > > Is ther any way I can create the zone without the (.) I mean non fully > > qualified domain name just as "example" instead "example.com"' > > > what is the problem you try to solve? > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Zoneformat
On Mon, Oct 28, 2019 at 6:08 AM MEjaz wrote: > > > > > > From: MEjaz [mailto:me...@cyberia.net.sa] > Sent: Monday, October 28, 2019 10:27 AM > To: 'bind-users-boun...@lists.isc.org' > Subject: Zoneformat > > > > Hi all, > > > > Is ther any way I can create the zone without the (.) I mean non fully > qualified domain name just as “example” instead “example.com”’ > > Your messages are so terse that it is often hard to know what you are trying to accomplish, and so hard to answer. It sounds like the 'search' directive in /etc/resolv.conf will do what you want -- see https://en.wikipedia.org/wiki/Search_domain for more info. If you add 'search cyberia.net.sa' to /etc/resolv.conf, then lookups for 'crm365app' will first be tried as crm365app.cyberia.net.sa and then just crm365app. Note that this is done by the stub resolver, and so you will need to do this on each machine -- DHCP may help with this (see https://kb.isc.org/docs/isc-dhcp-44-manual-pages-dhcp-options ) Please note that this is almost definitely a bad idea -- it leads to all sorts of security issues; it's much better to just get into the habit of typing 'crm365app.cyberia.net.sa' instead... W > > Thanks in advance for your assistance > > > > Ejaz > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Zoneformat
On 28.10.19 15:49, MEjaz wrote: Noxexistent domain error . Here is my configuration. === zone "crm365app" { type master; file "crm365app.cyberia.net.sa.hosts"; allow-query {any;}; }; [root@ns1 named]# host crm365app Host crm365app not found: 3(NXDOMAIN) [root@ns1 named]# named-checkzone crm365app crm365app.cyberia.net.sa.hosts zone crm365app/IN: loaded serial 2015034459 OK is your server in resolv.conf? What does log say when you reload named? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Silvester Stallone: Father of the RISC concept. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Zoneformat
Noxexistent domain error . Here is my configuration. === zone "crm365app" { type master; file "crm365app.cyberia.net.sa.hosts"; allow-query {any;}; }; File [root@ns1 ~]# cat /var/named/crm365app.cyberia.net.sa.hosts $TTL 3600 ; Addresses and other host information ; ; @ IN SOA ns1.cyberia.net.sa. root.cyberia.net.sa. ( 2015034459 ; serial 43200 ; refresh every 12 hours 4320; retry after 1 hour 1209600 ; expire after 2 weeks 21600 ) ; minimum ; Define the name servers and mail servers IN NS ns1.cyberia.net.sa. IN NS ns2.cyberia.net.sa. IN MX 10 smtp.cyberia.net.sa. ; Define localhost *INA 127.0.0.1 ; Define hosts in this zone www IN CNAME webhost.cyberia.net.sa. crm365app IN A 212.71.33.252 =zone file end= [root@ns1 named]# host crm365app Host crm365app not found: 3(NXDOMAIN) [root@ns1 named]# named-checkzone crm365app crm365app.cyberia.net.sa.hosts zone crm365app/IN: loaded serial 2015034459 OK -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Reindl Harald Sent: Monday, October 28, 2019 1:46 PM To: bind-users@lists.isc.org Subject: Re: Zoneformat Am 28.10.19 um 11:01 schrieb MEjaz: > *From:* MEjaz [mailto:me...@cyberia.net.sa] > *Sent:* Monday, October 28, 2019 10:27 AM > *To:* 'bind-users-boun...@lists.isc.org' > > *Subject:* Zoneformat > > Is ther any way I can create the zone without the (.) I mean non fully > qualified domain name just as "example" instead "example.com"' what is the problem you try to solve? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: per-zone query-source on recursive resolver
Erich Eckner wrote: > > 1. Set a custom query-source (the one of the vpn interface) for that > second-level domain. (This would also be applied to all subdomains thereof, > right?) > > 2. Overwrite (by rpz?) the name-servers for that domain to the (somehow > obtained) internal nameservers (they differ from the external ones and have > adresses which are automatically routed through the vpn anyways). RPZ rewrites responses as they are going out of your nameserver, so you can't use RPZ to change the way the nameserver's resolver works (because the resolver depends on incoming responses not outgoing responses). There are two ways to do what you want, depending on the DNS servers on the other end of the VPN: * If they are recursive, use a forward zone. This applies to all the subdomains as well, since the recursive server is expected to follow referrals/delegations itself as necessary. * If they are authoritative, use a static-stub zone. In this case your server will follow referrals/delegations from the remote zone, which will need to make sense wrt your split horizon network topology. If you need special source addresses as well as special target addresses, add server clauses for each of the target servers on the other end of the VPN to specify which query-source address to use for them. Tony. -- f.anthony.n.finchhttp://dotat.at/ Humber, Thames, Dover: North 3 or 4, veering northeast 4 or 5. Slight or moderate in Humber, otherwise slight, occasionally smooth. Showers. Good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Zoneformat
Am 28.10.19 um 11:01 schrieb MEjaz: > *From:* MEjaz [mailto:me...@cyberia.net.sa] > *Sent:* Monday, October 28, 2019 10:27 AM > *To:* 'bind-users-boun...@lists.isc.org' > *Subject:* Zoneformat > > Is ther any way I can create the zone without the (.) I mean non fully > qualified domain name just as “example” instead “example.com”’ what is the problem you try to solve? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Zoneformat
From: MEjaz [mailto:me...@cyberia.net.sa] Sent: Monday, October 28, 2019 10:27 AM To: 'bind-users-boun...@lists.isc.org' Subject: Zoneformat Hi all, Is ther any way I can create the zone without the (.) I mean non fully qualified domain name just as "example" instead "example.com"' Thanks in advance for your assistance Ejaz ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
per-zone query-source on recursive resolver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I'm running bind as a recursive resolver. This box also has a vpn tunnel to another network (not mine) with split-horizon dns (internal clients see different NS entries than external clients; those in turn resolve different addresses). I would like to resolve the majority of requests directly (e.g. not through the vpn), but some requests (all below a certain second-level domain) through the vpn.[1] I had two ideas to accomplish that: 1. Set a custom query-source (the one of the vpn interface) for that second-level domain. (This would also be applied to all subdomains thereof, right?) 2. Overwrite (by rpz?) the name-servers for that domain to the (somehow obtained) internal nameservers (they differ from the external ones and have adresses which are automatically routed through the vpn anyways). Any idea which approach is the best and how I best accomplish that? (an even better third idea would be welcome, also) 1] sry for not handing out details about *which* second-level domain that is, but because you're not inside its network, most probably, you couldn't take a peek at the internal dns servers anyway. cheers, Erich -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl22k8MACgkQCu7JB1Xa e1pn4xAAoKHhd6shEJy2E5/nrZPQhQRQl+u9w8nyz5xPgmnJcs2JxgBf2jVMT4fl D6/xlTD2tlEgtpPRy+/I0VluSsRGut2HgizH9G12vbrqGS0FI4tBd+qiTB/UH1Xh 2mUbEykdjH8u9dUEARZPaM6ZvVauyQCpQybTRc1Y6HMbzv6jd6CalNDeeuVmIxTc KvfoVD2Ixk0jWL8Bel+ScW660sHK0NaG/RNg494/hXnITp+uR/NesHEGeUeEa9rJ 3egtzsdFuIANl9Y1UCnF51u1eZNPlCbYVfekyFopsHBAeQ1bnJn6STKnGpie9oSK wUL9D9W1LNOOz2ahpYgU3Vueh+T50OFjPmA6BF95qq/OfTk2Qi7syWz1ReYvvBH+ grpjbxAhrM/hK7aroepdvz2E5pCyZQ0IhzpPAxTccbzZAxzFgy0e5uR68R1OjoKn yQEw6pgj6NonIlPPqKeOXYzrQwfojwvU4MS3P29lwODH+NBbhEXegbGXn2XJrlZN n7kvZDFzqfwyTclEJjtJENk+hbUb2GoCty2xiNB7cFV0T0lTzUYTbMg/86hRtmVX pMfLk3RchEYuMSqTodfL6sQjXBEItPkCdwI/bleMRTo/NlQIEPa90cuameokHoII /2xFx8hGcs5KbyTnUhJj2ZCcZruDTtE68O+/S9dAOucS2Biy5tE= =Rdho -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users