I am in the process of developing a DR (disaster recovery) plan for my primary
masters. Could someone please confirm (or correct me) that a second server in
the masters {} statement of a slave zone will only be used in the event that
the first master cannot be reached? Example:
zone
I have one instance of named that is listening on multiple IP's. I am
looking to see how many queries are destined to one of those IP's that named
is listening on. I do have query logging enabled, but I don't see it
revealing the destination interface. Is there a way make it log this as
well?
We also run in a mixed MSDNS/BIND environment. All of our AD domain
controllers run MSDNS and are authoritative for the AD domain only. They
forward all non-authoritative requests (all non AD domain queries) to
caching BIND9/Linux servers which also contain slave zones for all of our
internal
In my case, we let AD/MSDNS do dynamic updates.. no dynamic updates are
necessary with BIND. Not sure I understand your split lookups - but your
external authoritative nameservers should NOT allow recursion.
Josh
-Original Message-
From: bind-users-boun...@lists.isc.org
I can vouch for Men Mice. I currently have the enterprise version running
in an environment managing 2000+ domains and 15+ DNS servers. Support is
great as well.
Josh
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of
In addition, TCP is used for queries 512bytes.
Josh
From: bind-users-boun...@lists.isc.org on behalf of Eduardo JĂșnior
Sent: Mon 5/4/2009 8:35 PM
To: Martin McCormick
Cc: bind-us...@isc.org
Subject: Re: tcp versus udp
Hi,
On Mon, May 4, 2009 at 9:28
You struggled to find anything about SPF?
http://www.zytrax.com/books/dns/ch9/spf.html
Josh
From: bind-users-bounces+jbaird=follett@lists.isc.org
[mailto:bind-users-bounces+jbaird=follett@lists.isc.org] On Behalf
Of Security Admin (NetSec)
Sent: Wednesday, March 24, 2010 1:54
Hi,
I currently have three authoritative servers in the RRset for my
internal zones:
NS dns01.blah.com.
NS dns02.blah.com.
NS dns03.blah.com.
DNS01 is the sole master for my internal zones. I have a number of
resolving DNS servers throughout my
Would there be any benefit in assigning them as additional master's for all of
my zones (in addition to DNS01), or would this just complicate the entire
environment?
Thanks
In article mailman.1534.1274300384.21153.bind-us...@lists.isc.org,
Baird, Josh jba...@follett.com wrote:
Hi,
I
Hi,
We have clients that have started to report that they are not able to
resolve certain hosts from our recursing/caching resolvers (BIND
9.3.6-4/EL5). I am wondering if this has something to do with EDNS or
the DNSSEC rollout to root servers on May 5th.. or perhaps with our
Cisco ASA's at the
Ok, so I answered my own question. It was indeed our ASA's at the
border.
Thanks,
Josh
-Original Message-
From: bind-users-bounces+jbaird=follett@lists.isc.org
[mailto:bind-users-bounces+jbaird=follett@lists.isc.org] On Behalf
Of Baird, Josh
Sent: Tuesday, June 29, 2010 4:55 PM
Hi,
I am having problems with recursion for domains that reside on two
particular nameservers. My BIND9 servers return a SERVFAIL and do not
attempt to recurse to the authoritative nameservers for
ugabookstore.com.
I have verified that my caching servers are not contacting
ugabookstore.com's
Check out the queryperf tool.
Thanks,
Josh
From: bind-users-bounces+jbaird=follett@lists.isc.org
[mailto:bind-users-bounces+jbaird=follett@lists.isc.org] On Behalf
Of Samad Agha
Sent: Thursday, August 19, 2010 10:13 AM
To: bind-users@lists.isc.org
Subject: How do I stress test my
For new deployments, I would likely choose RHEL6 over RHEL5; unless you
have a compelling reason to run RHEL5. RHEL6 includes BIND 9.7.0. You
mention that you would like to keep your DNS boxes appliance like. If
this is the case, rolling out source code and compiling on each box may
not be the
We have used the commercial Men Mice suite for 3 years now and have
had great success with it. It meets all of your requirements listed
below. It has an intuitive Windows based console as well as a web
application that can be used to manage DNS, IPAM and DHCP. It works
directly on top of BIND
We typically override malware-ish domains's by creating a zone on our
caching servers for them and create a wildcard similar to:
* IN A 127.0.0.1
That way, when clients try to resolve xyz.com, our caching/resolvers
return 127.0.0.1, not the real IP address.
Josh
-Original
I'm having trouble with the resolution of www.pncactivepay.com. It
appears that most nameservers will resolve this host to 208.86.144.222.
Resolution for this host only works about half of the time, as shown by
my logs below. When my resolvers are not able to get the real IP
(208.86.144.22),
All,
Just upgraded some authoritative boxes to RHEL6, thus upgrading to BIND
9.7.3. On RHEL5 (BIND 9.3.x), I had scripts that parsed the output of
the named.stats file, and piped them through net-snmpd so my NMS could
monitor query statistics. On 9.3.x, the named.stats looked like:
+++
@lists.isc.org] On Behalf
Of Alan Clegg
Sent: Wednesday, September 07, 2011 1:16 PM
To: bind-users@lists.isc.org
Subject: Re: Stats ouput 9.3 vs 9.7
On 9/7/2011 11:13 AM, Baird, Josh wrote:
Is there a way to revert back to the old stats format? Is there an
easier way to reveal query stats via SNMP in 9.7
Hi,
I'm looking at the output from 9.7's rndc stats, and I see both
incoming and outgoing statistics. I'm trying to get a true queries per
second stat from these numbers. Wouldn't this be both incoming+outgoing
queries? Or, from a performance standpoint should I only be concerned
about
Hi,
My resolvers seem to be having problems resolving ed.gov hosts. Others
have reported similar problems, but I am having trouble figuring out
where the problem lies. Some other resolvers seem to be resolving
ed.gov correctly. I am able to query their authoritative servers
directly from the
Ugly fix, but it does work. I already had that in place as a band-aid
anyways.
Josh
-Original Message-
From: wbr...@e1b.org [mailto:wbr...@e1b.org]
Sent: Thursday, January 19, 2012 2:36 PM
To: Baird, Josh
Cc: bind-users@lists.isc.org
Subject: Re: Problem with ed.gov
Josh wrote on 01
Nope, no firewall in front or behind these particular boxes.
Josh
-Original Message-
From: Faehl, Chris [mailto:cfa...@rightnow.com]
Sent: Thursday, January 19, 2012 3:34 PM
To: Baird, Josh
Cc: bind-users@lists.isc.org
Subject: Re: Problem with ed.gov
Josh - are you using Cisco
Hi,
We currently use the Men Mice DNS/IPAM/DHCP suite which is essentially a
front-end wrapper for BIND. We deploy our own BIND boxes and simply install
the Men Mice agent on them which allows us to centrally manage the zones from
a GUI (or CLI) based interface.
I'm curious about the other
is appreciated!
(apologies for the top-post)
Thanks,
Josh
-Original Message-
From: Ray Van Dolson [mailto:rvandol...@esri.com]
Sent: Monday, April 28, 2014 12:35 PM
To: Baird, Josh
Cc: bind-users@lists.isc.org
Subject: Re: Enterprise IPAM/DNS Solutions
On Mon, Apr 28, 2014 at 04:31:28PM +
, filesystems, devices, etc. it might make sense to stick with an agent-
or wrapper-based solution like you already have (MM). I think IPControl (by
British Telecom) is also a strong player in that space.
- Kevin
On 4/28/2014 12:31 PM, Baird, Josh wrote:
Hi,
We
Hi,
For those of you who operate at multiple sites or datacenters, are you doing
any HA for your BIND masters? Ideally, we would have a master in each
datacenter; maybe not an active one, but one that is standing by in case your
primary master becomes unavailable.
Do you have multiple
Hi,
Can someone recommend a modern/new-ish book on DNS (specifically BIND)? I know
there have been several O'Reily books throughout the years, but haven't kept up
on anything in the past few years. I'm looking for architecture design, best
practices in designing enterprise and service
Cricket's DNS BIND seems rather dated at this point with the last edition
over 8 years old.
Josh
-Original Message-
From: Warren Kumari [mailto:war...@kumari.net]
Sent: Tuesday, May 27, 2014 7:24 PM
To: Baird, Josh
Cc: bind-users@lists.isc.org
Subject: Re: Book recomendations?
On Tue
Hi,
I have historically hosted authoritative slave zones on my internal
caching/recursive servers to override recursion for internal zones. These
servers are not directly reachable from the internet. Generally speaking, I
realize that it is considered a bad practice for any authoritative
Enable query logging or run tcpdump on port 53. A quick Google search should
explain exactly how to do either of these very easily.
Josh
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Barry S. Finkel
Sent: Friday, June
Hi,
Does anyone see anything strange about the two hosts?
www.ca.greattextbookgiveaway.com
www.sorteodelibrospucmm.com.do
My BIND 9.9.4 servers are unable to resolve these hosts, but I have older
servers that can. I noticed that I am unable to resolve the two authoritative
servers
Any thoughts on a service like Cloudfare's 'CNAME Flattening' [1]?
[1]
https://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cnames-at-a-domains-root/
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of
Hi,
In the past, when I have had a requirement to bring a slave zone into our
environment; I created a slave zone on my master(s) (defining the external
nameserver as a master) and then created slave zones on my slaves using *my*
master as a master (not the master outside of my environment).
Hi Ray,
I'm not quite sure why you would have your caching servers forward to other DNS
servers (Google, OpenDNS, etc). I would enable recursion on them and would
not forward anything. I would also consider making these caching servers at
each location slave your *internal* authoritative
35 matches
Mail list logo