ed.
Only if he has an explicit allow-query-cache ACL. Otherwise, it
defaults to a copy of allow-recursion, and the expected behavior occurs.
You only need both options if you want to configure them differently,
which is kind of a strange thing to do.
--
Barry Margolin, bar...@alum.mit.edu
Ar
bind 9.6.1 on RH ES 5 64 bit O/S. Any ideas? Thanks!!
Is that log on the recursive nameserver or the authoritative nameserver?
If it's on the recursive server, is the client in the allow-recursion
ACL on the server?
If it's on the authoritative server, is the recursive server in the
all
then if recursion != no
then allow-query-cache = allow-query
else allow-query-cache = none
else allow-query-cache = (localnets; localhost;)
I hope I translated it right -- the clause about allow-query and
recursion is confusing.
--
Barry Margolin, bar...@alu
s to use RFC 2317-style classless delegation for all 256
entries in the reverse domain:
$GENERATE 0-255 $ IN CNAME $.0/24
0/24 IN NS ns1.midwestfirst.com.
0/24 IN NS ns2.midwestfirst.com.
Then have the customer change the name of their reverse zone to
0/24.188.134.63.in-addr.arpa.
-
/len] {bogus yes;};"
> can be used to block outgoing queries.]
I think it's for backwards compatibility with the old BIND 4.x blackhole
option. I don't think 4.x had anything analogous to the bogus server
option, all you could do was blackhole individual IPs in both direction
In article ,
Dmitry Rybin wrote:
> Hello!
>
> I can't find in docs how disable answer (Refused), if recursion for IP
> is not allowed?
What do you expect it to do instead? Not respond at all?
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't co
legal:
>
> a CNAME b
> b CNAME c
> c CNAME d
> d CNAME extra-ordinary
I think he misunderstood you to be saying that the name that has a CNAME
can never appear on the *righthand* side of a RR. This is true for
records like MX and NS -- they mustn't p
her suggestion, to program the router to redirect port 25 to his
SMTP proxy, seems to be the better way to go. BIND doesn't have any
type-specific wildcards, so doing this in DNS would require a customized
server.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don'
ad A) record, the GSLB
NetScaler appliance returned a response with root hint records and the
bind returned the SERVFAIL response.
Do they really think that the record type is an abbreviation for
that? It's just Address Address Address Address -- IPv6 addresses are
4x the length of IP
ing another 5 seconds
> to the delay (total of 10 now). The resolver then finally starts the whole
> process again for ipv4 and gets the proper answer with the first query.
If you're not actually using IPv6, you might consider disabling it on
your system. That should stop all the unne
In article ,
Stephane Bortzmeyer wrote:
> On Wed, Nov 11, 2009 at 07:44:05PM -0500,
> Barry Margolin wrote
> a message of 27 lines which said:
>
> > I'm not sure if there is one, but it should be pretty easy to write
> > a program that calls res_query().
>
But it doesn't seem like this would be much help in troubleshooting,
because when it gets an error you won't be able to tell why. There's no
way for it to indicate that the error is because it was stuck on the
third server.
--
Barry Margolin, bar...@alum.mit.edu
Arlington,
d I could think of to ask it. Also, it may or may
> not be relevant but if I ssh in I can ping (and hence resolve) the
> mail.alexandertelecominc.com.
When it's failing, make a cache dump. Check the cache for the NS
records of the domain, and the A records for the names
f file, not order of
specificity. So you need to have the /24 view before the /16 view.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
m in ccTLDs, where you have to pay
> your "in-country agent" a fee for every registry change. It's quite a
> racket.
You don't have to change all the domain registrations. You just have to
change the A records of the nameserver names. Hopefully you haven't
don
e delegated to the slave server.
There's nothing special about forward versus reverse zones in this
regard.
Forward and reverse zones don't have to be hosted on the same servers,
although most organizations use the same servers for all their zones for
simplicity.
--
Barry Margolin, bar
t; So is there a way to do health check for destination IPs before
> responding the DNS answers?
>
> Thanks.
If you call Directory Assistance, do you expect them to not give you a
phone number if there's no one home?
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE
ds if they're
in-bailiwick. These take precedence over the delegation and glue
records in the parent zone, which is why the cache is "ruined".
This is a common cause of intermittent DNS failures out on the public
Internet, when the NS records in a zone don't match the registered
nam
t. I thought things worked correctly when you queried the
DNS server for home.htt, and the problem was only when you queried the
htt server.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
question is. When you use type=any, you get
whatever happens to be in cache at the time. The server will only
recurse if there's nothing cached for the name. So if you have a
delegation record, that's what you'll see -- it won't go and fetch the
other records.
--
Bar
In article ,
Robert Moskowitz wrote:
> Barry Margolin wrote:
> > In article ,
> > Robert Moskowitz wrote:
> >
> >
> >> I have been running BIND here on my net for quite a few years time and
> >> run 2 views on my main server, for internal and
gt; * IN MX 10 home.htt.
>
> h001A 192.168.1.1
> .
> .
> .
> hda A 192.168.1.2
> search A 192.168.1.2
> setup A 192.168.1.2
> calendarA 192.168.1.2
> helpA
e answer will be venemous.
Nameservers should only set the RD flag in the queries they send if
they're configured to use forwarders. It should never be sent when
they're following the delegation chain themselves.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don'
without any complains.
>
> I'd say it was bad configuration, not necessarily a bad firewall. The
> tcpdump would help us, unless you are satisfied with using linux iptables...
Anyone want to bet that he has {query-source * port 53;} in his
named.conf, and this is what the fi
how many hits the systems gets on port 53
> identified from some form of logging software?
BIND logs hit statistics periodically to syslog, and you can use "rndc
stats" to append statistics immediately to a file. See the BIND manual
for details.
--
Barry Margolin, bar.
onsumer based
> router..
In private email, he told me he has 59 forward and reverse records in
the internal view, and 22 of each in the external view.
This is nothing. A 10-year-old Pentium should be able to handle this
without breaking a sweat.
--
Barry
;t mentioned how many zones and records you're hosting,
how do you expect anyone to guess how much hardware you need?
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
_
hy I am seeing errors on
> PA not IA system?
Use "ldd" on the named binary to see what libraries it depends on, and
make sure all of them are in /usr/lib.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the g
mbolic links, on the other hand, are pointers from one filename to
another. A symbolic link in a chroot environment can't point outside of
it, because the target is interpreted relative to the chroot.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
; >
> > Regards, Adam
> >
>
> Thanks a lot... I feel stupid now, but thanks for opening my eyes! :D
Don't feel stupid. Older versions of BIND queried for the root servers
even with this option set.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don
rward request to serverA ?
Yes.
> 3- This server is only caching secondary server ?
No. It's authoritative for example.com, caching for everything else.
> 4- If server A doesn't konw query answer, this server gets nxdomain ?
Yes, assuming serverA has recursion enabled and is able to
In article ,
Sam Wilson wrote:
> In article ,
> Barry Margolin wrote:
>
> > It looks like there are two mail-to-news gateways running for
> > bind-users, so every message to the list is being posted twice to the
> > newsgroup. ...
>
> But at least mes
protocols.dns.bind:2014
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
fic to go through
that NIC. The choice of interface is almost always based on the
destination address, not the source address. And even if the OS
provides a way to force traffic through a particular interface, I don't
think BIND will use it.
--
Barry Margolin, bar...@alum.mit.edu
Arlington
uery since recursive decides who can query my server?
Allow-query allows the clients to query the zones that your server is
authoritative for.
Allow-recursion allows them to request recursion, which is needed to
look up names in remote zones.
Allow-query-cache allows them to query th
IN NS ns2.qualdns.net.
> ;; Received 119 bytes from 192.33.14.30#53(B.GTLD-SERVERS.NET) in 249 ms
>
> rejuvenatetraining.com. 14400 IN A 174.132.225.20
> rejuvenatetraining.com. 86400 IN NS ns1.qualdns.net.
> rejuvenatetraining.com. 86400 IN
ants, what would be the point
of dig +trace?
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
lver is querying the caching servers it's configured
to use.
2. When a DNS server is following "forwarders" directives.
When a caching server is following NS records, the records are supposed
to point to authoritative servers, and recursion is never requested.
--
Barry Margolin,
In article ,
Thomas Manson wrote:
> Is there a mean to query the DNS Server on UDP port 53 with something like
> dig ? so I can be sure that it's not my server that is wrong ?
Why do you think dig doesn't default to port 53?
dig soa @
should do what you want.
--
Bar
TION:
> gdpu.cn.21600 IN NS dns1.gdpu.cn.
> gdpu.cn.21600 IN NS dns2.gdpu.cn.
>
> ;; ADDITIONAL SECTION:
> dns1.gdpu.cn. 21600 IN A 219.136.229.41
> dns2.gdpu.cn
ponse was sent too late, and the client had
already closed the port. One of the subtypes of host unreachable is
used for UDP port unreachable.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
sting for compliant servers then a failed TCP query
> should flag the server as non-working, as would a failed UDP query.
DNS servers MUST support UDP, and only SHOULD support TCP. So a failed
TCP query should not flag the server as non-working.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
up the routes to the other endpoint are set, and named
> trys to querie the forward domain name server. The problem is that the
> queries do not timeout and named hangs there:
I recall a thread about a similar problem a year or two ago, I suggest
you search the comp.protocols.dns.bind archiv
ry
NS"?
>
> On my Windows DC (server2008), the change was also picked up after 5
> minutes.
>
> When I use some other lookup services, however (like samspade.org), the old
> IP address shows up for much longer...like it's caching it and ignoring the
> TTL for the
In article ,
Scott Haneda wrote:
> On Apr 29, 2009, at 5:03 PM, Barry Margolin wrote:
>
> > In article ,
> > Scott Haneda wrote:
> >>
> >>
> >> like my machine, .14 is refusing their refresh request. Do I need to
> >> allow-recursi
Try setting notify-source to xx.xx.37.14.
>
> Those are the only two they gave me, but the general problem is, I can
> update a zone, change the serial, issue rndc reload, and see my logs
> show a notify sent their way. It can then take anywhere from a few
> minutes, to hou
19fX19fX19fX19fX19fX19fXwpiaW5kLXVzZXJzIG1haWxpbmcg
> bGlzdApiaW5kLXVzZXJzQGxpc3RzLmlzYy5vcmcKaHR0cHM6Ly9saXN0cy5pc2Mub3JnL21haWxt
> YW4vbGlzdGluZm8vYmluZC11c2Vycw==
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
in the past (iirc). Archives should mention
> this.
>
> On 15.04.09 20:43, Barry Margolin wrote:
> > Configure the server as a root server and put a wildcard A record in the
> > root zone.
>
> However you (Thomas) should know that this configuration may break many
> a
address in the case of an A RR), or something else?
If it's based on the name, I suppose he could set up a forward zone for
each filtered hostname that forwards to a fake root server that returns
NXDOMAIN for everything except the root.
zone "www.isc.org" {
type forward;
.
Static IPs are typically more expensive than dynamic ones, and that
extra expense may not be justified for many people.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
e a zone receiving a guest before
> authenticating itself through a web site.
Configure the server as a root server and put a wildcard A record in the
root zone.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I
ecial exception made for "glue" records, since they're
needed to prevent an infinite recursion. The parent zone will include
this A record.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
In article ,
"Jeff Pang" wrote:
> what's the correct way to set up a slave for a named master which has
> multi-views?
If the slave also needs to support multiple views, TSIG keys is probably
the best way to have it transfer all of them.
--
Barry Margolin, bar...@alum.
n unable to resolve these sites, no? As I
> mentioned, only two were failing while the rest were resolving properly.
Maybe those two servers had cached something bad in the delegation to
akadns.net. It's hard to say after the fact. If it happens again, dump
your cache.
>
>
&
27;t pinpoint the cause, the problem went on for about 5
> hours and then magically fixed itself... we were all left scratching our
> heads.
Both those domains use CNAME chains that go through akadns.net. Was
this common to all the domains you had problems with?
--
Barry Margolin, bar...
mains hosted by Akamai. Their custom
servers don't currently support TCP at all.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailin
master, it will time out when it tries to
perform a zone transfer.
I'm not sure why this would cause slow response times, though. I assume
the zone transfer is done in a separate thread from query processing.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy
r views) and the server
> answered queries for the zones it hosted regardless of whether it was set
> to "allow-query { internal; customer; };" or "allow-query { any; };".
Do you still have views configured? I think the view options override
the global options.
--
Ba
statements.
>
> Also, the external view doesn't provide recursion, while the customer
> and internal ones do.
And this is a job for allow-query and allow-query-cache.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll re
ecking is only done by
slaves when checking whether they need to perform a zone transfer from
the master.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-use
e has given much thought to this before. The DNS
RFC's say that UDP MUST be tried first for everything other than zone
transfers, and TCP is only used as a fallback if the response is
truncated. And the reasons for truncation have been obviated by EDNS0,
so the general expectation is that t
In article ,
Ronan Flood wrote:
> Barry Margolin wrote:
>
> > This suggests one of the following problems:
> >
> > 1. 95.102.17.107 is pointing to your nameserver in its resolver
> > configuration, but your server doesn't allow them to use you as a
>
t.
It doesn't look like #2. The zone is delegated to ns1.force9.net and
ns2.force9.net, and they appear to be responding properly.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
_
slaves continue to serve the last known good version of the
zone.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
; Rather than have to enter loads of lines to match up wide spans of ranges
> I would like to define them using CIDR, but it seems it does not support
> it.
Maybe you can do what you want with $GENERATE?
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me o
locking the requests at the border of the network would do anything
> meaningful?
If you block it on the firewall, then the requests will never hit the
server, so of course it will mitigate its effect on the server. It
won't help with the downstream bandwidth on your DSL, but it will
's a forward zone for it, obey it (send to its forwarders if
any, otherwise follow NS records).
If there's global forwarding enabled, send to them.
Follow the NS records.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEA
ion, though, the distinction between URL
and URI is probably irrelevant.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
nk you can do this with BIND. Its database is organized by
names, not types. If a server is authoritative for a name, it will
never recurse for that name.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
en you should make the PTR record point to this name. E.g. the
forward zone for myzone.com would contain:
ws IN A 1.2.3.1
IN A 1.2.3.2
IN A 1.2.3.3
ws-1 IN A 1.2.3.1
ws-2 IN A 1.2.3.2
ws-3 IN A 1.2.3.3
and the reverse zone 3.2.1.in-addr.arpa would contain:
1 IN PTR ws-1.myzone.com.
2
t out. I only have a web
> client such as ie or firefox to access the above url? Do you mean
> that I must setup a local webserver, say by using apache to do that thing?
The operators of the dynamic DNS service may offer an HTTP redirect
service that does this for you.
--
Barry Marg
In article ,
Nuno Ribeiro wrote:
> Is it possible to send a query to a external nameserver that can be a CNAME
> for a record located in other nameserver zone where we are authoritive?
It's hard to parse this. Could you give an example of what you're asking
about?
--
Bar
sfer from ALL of them. If any of them are down, the rest will still
be used.
Like I said, the SOA record is totally irrelevant for zone transfers.
All it cares about is the list of masters in named.conf.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on repl
subnets: eg 10.228.88.x,
> 10.228.89.x and 10.228.90.x)?
>
> Thanks in advance for any advice or help.
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Barry Margolin
amed.conf. You can list multiple masters there, and the slaves will
pull from any master that has a higher serial number than the one they
have.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
__
if I am wrong, I thought that for cache update it should
> update only one record. So why so many updates are been made.
The response probably contained NS records in the Authority Section and
the corresponding A records in the Additional Section. These update the
cache as well.
--
Barry
we found that there was a reverse lookup for some
> IP address which was in the dnscache file. (dnscache is the root hint file)
The only things that should be in the dnscache file are NS and A records
for the root servers. I have no idea if it uses any of the other
records.
--
Barry Mar
to happen if you overflow in the Additional
section, is it? These records are already optional, so they can be left
out if it would cause the packet to exceed the maximum UDP size.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I
on't leave the local LAN.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
to me?
It's sessions from clients to you.
> what is the meaning of tcp clients:3?
TCP is usually used for zone transfers, but may also be used if a
response is too big for UDP.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll
ction, the client will do
its own A query.
There's no requirement that the response to the MX record include the A
record. It's nice if it does, since it saves a query, but this is just
an optimization.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't cop
In article ,
mlel...@serpens.de (Michael van Elst) wrote:
> Barry Margolin writes:
>
> >customer.com. IN MX 10 mx.yourdomain.com.
> >mx.yourdomain.com. IN CNAME mx.outsourcer.com.
> >mx.outsourcer.com. IN A ...
>
> That's just the same as
>
> |
In article ,
Mark Andrews wrote:
> Liberal in what you accepts means don't die on arbitary
> input. You should still reject rubbish.
But MX pointing to CNAME is not "rubbish". It's a violation of the
letter of the spec, but it's very clear what i
x27;s clearly state that SMTP servers are to accept and lookup a
> >> >> CNAME.
> >> >
> >> >
> >> > [RFC974] explicitly states that MX records shall not point to an alias
> >> > defined by a CNAME. That is what I was talking abou
your CNAME record. And if
the outsourcing company re-IPs their server, they change the A record.
Everyone can perform their job without having to make any of the
downstream customers adjust their records.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on
have heard of it.
So you're not following the "be liberal in what you accept" half of the
Interoperability Principle, which is intended specifically to avoid
problems due to such confusion.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on
> > >Have you implemented BCP38? If not, why not...
> >
> > I have no idea what BCP38 is and how I can implement that.
>
> http://www.ietf.org/rfc/rfc3704.txt
That's BCP84.
But in either case, implementing it doesn't protect you from attacks
like
esn't find zone files, it will have to
pull them from the master.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
om their customers.
Since there are many ISPs out there that are too lazy, incompetent, or
just don't care, where probably never going to be rid of these kinds of
attacks.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in t
authoritative"
than the delegation records in the parent zone. If your server includes
the NS records in the Authority Records section of the response, they
will override the ones cached from the parent server.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't c
;re supposed
to follow CNAME records automatically, and return the requested record
type from the canonical name.
There isn't even an option in the DNS spec to tell the resolver not to
follow CNAMEs. The only way to avoid it is to query for the CNAME
explicitly.
--
Barry Margolin,
anything would be
> appreciated and i do still have the option of telling them its not
> possible so if it is a bad idea please let me know.
Why don't you just use normal reverse DNS:
zone for 1.1.1.in-addr.arpa
1 IN PTR metis.local.
IN PTR bob-www-sol-l01.loc
inutes to drive here.
The documentation even says that the purpose of returning the PID is so
that you can tell when the process has actually gone away. What would
be the point if the command didn't returning until the process had
exited?
--
Barry Margolin,
, Tatuya
> Internet Systems Consortium, Inc.
>
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
in" in {
>
>
> match-clients { trusted; };
>
>
> recursion yes;
>
>
> additional-from-auth yes;
>
>
> additional-from-cache yes;
>
>
> zone "." in {
>
>
> type hint;
>
>
> file "db.rootcache"
sed to point to authoritative servers, so there's no reason to send
these as recursive (many, if not most, authoritative servers have
recursion disabled, so sending them recursive queries is pointless).
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me
__
> > bind-users mailing list
> > bind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users
>
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/b
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> >
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Barry Margo
: 0
;; QUESTION SECTION:
;crm.share-ideas.com. IN CNAME
;; ANSWER SECTION:
crm.share-ideas.com. 3600 IN CNAME share-ideas.com.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
__
mes (with
no trailing "."), but if you want to use the zone name (or origin)
itself you need to use "@" to achieve this.
There's nothing wrong with using it on the RHS, although this is
relatively uncommon because it's unusual to point anything to the zone
itself exc
401 - 500 of 506 matches
Mail list logo