Re: strange dig behavior

ed. Only if he has an explicit allow-query-cache ACL. Otherwise, it defaults to a copy of allow-recursion, and the expected behavior occurs. You only need both options if you want to configure them differently, which is kind of a strange thing to do. -- Barry Margolin, bar...@alum.mit.edu Ar

Re: strange dig behavior

bind 9.6.1 on RH ES 5 64 bit O/S. Any ideas? Thanks!! Is that log on the recursive nameserver or the authoritative nameserver? If it's on the recursive server, is the client in the allow-recursion ACL on the server? If it's on the authoritative server, is the recursive server in the all

Re: questions on bind cache with views

then if recursion != no then allow-query-cache = allow-query else allow-query-cache = none else allow-query-cache = (localnets; localhost;) I hope I translated it right -- the clause about allow-query and recursion is confusing. -- Barry Margolin, bar...@alu

Re: Delegating in reverse lookup zones

s to use RFC 2317-style classless delegation for all 256 entries in the reverse domain: $GENERATE 0-255 $ IN CNAME $.0/24 0/24 IN NS ns1.midwestfirst.com. 0/24 IN NS ns2.midwestfirst.com. Then have the customer change the name of their reverse zone to 0/24.188.134.63.in-addr.arpa. -

Re: Disable Refused answer

/len] {bogus yes;};" > can be used to block outgoing queries.] I think it's for backwards compatibility with the old BIND 4.x blackhole option. I don't think 4.x had anything analogous to the bogus server option, all you could do was blackhole individual IPs in both direction

Re: Disable Refused answer

In article , Dmitry Rybin wrote: > Hello! > > I can't find in docs how disable answer (Refused), if recursion for IP > is not allowed? What do you expect it to do instead? Not respond at all? -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't co

Re: Parent is a CNAME

legal: > > a CNAME b > b CNAME c > c CNAME d > d CNAME extra-ordinary I think he misunderstood you to be saying that the name that has a CNAME can never appear on the *righthand* side of a RR. This is true for records like MX and NS -- they mustn't p

Re: How reply the same MX RRs list for all kind of MX request

her suggestion, to program the router to redirect port 25 to his SMTP proxy, seems to be the better way to go. BIND doesn't have any type-specific wildcards, so doing this in DNS would require a customized server. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don'

Re: System Resolver Test App?

ad A) record, the GSLB NetScaler appliance returned a response with root hint records and the bind returned the SERVFAIL response. Do they really think that the record type is an abbreviation for that? It's just Address Address Address Address -- IPv6 addresses are 4x the length of IP

Re: System Resolver Test App?

ing another 5 seconds > to the delay (total of 10 now). The resolver then finally starts the whole > process again for ipv4 and gets the proper answer with the first query. If you're not actually using IPv6, you might consider disabling it on your system. That should stop all the unne

Re: System Resolver Test App?

In article , Stephane Bortzmeyer wrote: > On Wed, Nov 11, 2009 at 07:44:05PM -0500, > Barry Margolin wrote > a message of 27 lines which said: > > > I'm not sure if there is one, but it should be pretty easy to write > > a program that calls res_query(). >

Re: System Resolver Test App?

But it doesn't seem like this would be much help in troubleshooting, because when it gets an error you won't be able to tell why. There's no way for it to indicate that the error is because it was stuck on the third server. -- Barry Margolin, bar...@alum.mit.edu Arlington,

Re: One A record fails on one server on Sunday evening

d I could think of to ask it. Also, it may or may > not be relevant but if I ssh in I can ping (and hence resolve) the > mail.alexandertelecominc.com. When it's failing, make a cache dump. Check the cache for the NS records of the domain, and the A records for the names

Re: multiple internal views not working

f file, not order of specificity. So you need to have the /24 view before the /16 view. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Feature request - disable internal recursion cache

m in ccTLDs, where you have to pay > your "in-country agent" a fee for every registry change. It's quite a > racket. You don't have to change all the domain registrations. You just have to change the A records of the nameserver names. Hopefully you haven't don

Re: Reverse DNS & slave server

e delegated to the slave server. There's nothing special about forward versus reverse zones in this regard. Forward and reverse zones don't have to be hosted on the same servers, although most organizations use the same servers for all their zones for simplicity. -- Barry Margolin, bar

Re: cache dead records

t; So is there a way to do health check for destination IPs before > responding the DNS answers? > > Thanks. If you call Directory Assistance, do you expect them to not give you a phone number if there's no one home? -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE

Re: SOLVED -- Re: Problems with a BIND server

ds if they're in-bailiwick. These take precedence over the delegation and glue records in the parent zone, which is why the cache is "ruined". This is a common cause of intermittent DNS failures out on the public Internet, when the NS records in a zone don't match the registered nam

Re: SOLVED -- Re: Problems with a BIND server

t. I thought things worked correctly when you queried the DNS server for home.htt, and the problem was only when you queried the htt server. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group ***

Re: Why isn't NSLOOKUP querying for sub-zone

question is. When you use type=any, you get whatever happens to be in cache at the time. The server will only recurse if there's nothing cached for the name. So if you have a delegation record, that's what you'll see -- it won't go and fetch the other records. -- Bar

Re: Problems with a BIND server

In article , Robert Moskowitz wrote: > Barry Margolin wrote: > > In article , > > Robert Moskowitz wrote: > > > > > >> I have been running BIND here on my net for quite a few years time and > >> run 2 views on my main server, for internal and

Re: Problems with a BIND server

gt; * IN MX 10 home.htt. > > h001A 192.168.1.1 > . > . > . > hda A 192.168.1.2 > search A 192.168.1.2 > setup A 192.168.1.2 > calendarA 192.168.1.2 > helpA

Re: recursion on auth-only server

e answer will be venemous. Nameservers should only set the RD flag in the queries they send if they're configured to use forwarders. It should never be sent when they're following the delegation chain themselves. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don'

Re: DNS server works but keep getting "host unreachable resolving" error

without any complains. > > I'd say it was bad configuration, not necessarily a bad firewall. The > tcpdump would help us, unless you are satisfied with using linux iptables... Anyone want to bet that he has {query-source * port 53;} in his named.conf, and this is what the fi

Re: Migrating DNS servers, need advice on hardware

how many hits the systems gets on port 53 > identified from some form of logging software? BIND logs hit statistics periodically to syslog, and you can use "rndc stats" to append statistics immediately to a file. See the BIND manual for details. -- Barry Margolin, bar.

Re: Migrating DNS servers, need advice on hardware

onsumer based > router.. In private email, he told me he has 59 forward and reverse records in the internal view, and 22 of each in the external view. This is nothing. A 10-year-old Pentium should be able to handle this without breaking a sweat. -- Barry

Re: Migrating DNS servers, need advice on hardware

;t mentioned how many zones and records you're hosting, how do you expect anyone to guess how much hardware you need? -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** _

Re: named and chroot

hy I am seeing errors on > PA not IA system? Use "ldd" on the named binary to see what libraries it depends on, and make sure all of them are in /usr/lib. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the g

Re: Modified a zone, so when it becomes available?

mbolic links, on the other hand, are pointers from one filename to another. A symbolic link in a chroot environment can't point outside of it, because the target is interpreted relative to the chroot. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: forwarder that doesn't ask root servers

; > > > Regards, Adam > > > > Thanks a lot... I feel stupid now, but thanks for opening my eyes! :D Don't feel stupid. Older versions of BIND queried for the root servers even with this option set. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don&#

Re: cache server (slave)

rward request to serverA ? Yes. > 3- This server is only caching secondary server ? No. It's authoritative for example.com, caching for everything else. > 4- If server A doesn't konw query answer, this server gets nxdomain ? Yes, assuming serverA has recursion enabled and is able to

Re: Double messages in comp.protocols.dns.bind

In article , Sam Wilson wrote: > In article , > Barry Margolin wrote: > > > It looks like there are two mail-to-news gateways running for > > bind-users, so every message to the list is being posted twice to the > > newsgroup. ... > > But at least mes

Double messages in comp.protocols.dns.bind

protocols.dns.bind:2014 -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: zone transfers

fic to go through that NIC. The choice of interface is almost always based on the destination address, not the source address. And even if the OS provides a way to force traffic through a particular interface, I don't think BIND will use it. -- Barry Margolin, bar...@alum.mit.edu Arlington

Re: allow query or recursive?

uery since recursive decides who can query my server? Allow-query allows the clients to query the zones that your server is authoritative for. Allow-recursion allows them to request recursion, which is needed to look up names in remote zones. Allow-query-cache allows them to query th

Re: Odd issue with some domain queries

IN NS ns2.qualdns.net. > ;; Received 119 bytes from 192.33.14.30#53(B.GTLD-SERVERS.NET) in 249 ms > > rejuvenatetraining.com. 14400 IN A 174.132.225.20 > rejuvenatetraining.com. 86400 IN NS ns1.qualdns.net. > rejuvenatetraining.com. 86400 IN

Re: BIND do not listen on udp port 53

ants, what would be the point of dig +trace? -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS Forwarding and RD flag set to 0

lver is querying the caching servers it's configured to use. 2. When a DNS server is following "forwarders" directives. When a caching server is following NS records, the records are supposed to point to authoritative servers, and recursion is never requested. -- Barry Margolin,

Re: BIND do not listen on udp port 53

In article , Thomas Manson wrote: > Is there a mean to query the DNS Server on UDP port 53 with something like > dig ? so I can be sure that it's not my server that is wrong ? Why do you think dig doesn't default to port 53? dig soa @ should do what you want. -- Bar

Re: glue record

TION: > gdpu.cn.21600 IN NS dns1.gdpu.cn. > gdpu.cn.21600 IN NS dns2.gdpu.cn. > > ;; ADDITIONAL SECTION: > dns1.gdpu.cn. 21600 IN A 219.136.229.41 > dns2.gdpu.cn

Re: host unreachable

ponse was sent too late, and the client had already closed the port. One of the subtypes of host unreachable is used for UDP port unreachable. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group ***

Re: tcp versus udp

sting for compliant servers then a failed TCP query > should flag the server as non-working, as would a failed UDP query. DNS servers MUST support UDP, and only SHOULD support TCP. So a failed TCP query should not flag the server as non-working. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA

Re: named daemon hangs

up the routes to the other endpoint are set, and named > trys to querie the forward domain name server. The problem is that the > queries do not timeout and named hangs there: I recall a thread about a similar problem a year or two ago, I suggest you search the comp.protocols.dns.bind archiv

Re: TTLs on A records?

ry NS"? > > On my Windows DC (server2008), the change was also picked up after 5 > minutes. > > When I use some other lookup services, however (like samspade.org), the old > IP address shows up for much longer...like it's caching it and ignoring the > TTL for the

Re: slave transfer problems

In article , Scott Haneda wrote: > On Apr 29, 2009, at 5:03 PM, Barry Margolin wrote: > > > In article , > > Scott Haneda wrote: > >> > >> > >> like my machine, .14 is refusing their refresh request. Do I need to > >> allow-recursi

Re: slave transfer problems

Try setting notify-source to xx.xx.37.14. > > Those are the only two they gave me, but the general problem is, I can > update a zone, change the serial, issue rndc reload, and see my logs > show a notify sent their way. It can then take anywhere from a few > minutes, to hou

Stupid comp.protocols.dns.bind gateway

19fX19fX19fX19fX19fX19fXwpiaW5kLXVzZXJzIG1haWxpbmcg > bGlzdApiaW5kLXVzZXJzQGxpc3RzLmlzYy5vcmcKaHR0cHM6Ly9saXN0cy5pc2Mub3JnL21haWxt > YW4vbGlzdGluZm8vYmluZC11c2Vycw== -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___

Re: Specific DNS configuration

in the past (iirc). Archives should mention > this. > > On 15.04.09 20:43, Barry Margolin wrote: > > Configure the server as a root server and put a wildcard A record in the > > root zone. > > However you (Thomas) should know that this configuration may break many > a

Re: can bind filter the result

address in the case of an A RR), or something else? If it's based on the name, I suppose he could set up a forward zone for each filtered hostname that forwards to a fake root server that returns NXDOMAIN for everything except the root. zone "www.isc.org" { type forward;

Re: MX records for dynamic IP?

. Static IPs are typically more expensive than dynamic ones, and that extra expense may not be justified for many people. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group ***

Re: Specific DNS configuration

e a zone receiving a guest before > authenticating itself through a web site. Configure the server as a root server and put a wildcard A record in the root zone. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I

Re: about resolving on a child zone

ecial exception made for "glue" records, since they're needed to prevent an infinite recursion. The parent zone will include this A record. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: slave for views

In article , "Jeff Pang" wrote: > what's the correct way to set up a slave for a named master which has > multi-views? If the slave also needs to support multiple views, TSIG keys is probably the best way to have it transfer all of them. -- Barry Margolin, bar...@alum.

Re: Strange DNS Resolution Issues

n unable to resolve these sites, no? As I > mentioned, only two were failing while the rest were resolving properly. Maybe those two servers had cached something bad in the delegation to akadns.net. It's hard to say after the fact. If it happens again, dump your cache. > > &

Re: Strange DNS Resolution Issues

27;t pinpoint the cause, the problem went on for about 5 > hours and then magically fixed itself... we were all left scratching our > heads. Both those domains use CNAME chains that go through akadns.net. Was this common to all the domains you had problems with? -- Barry Margolin, bar...

Re: Using TCP for checking

mains hosted by Akamai. Their custom servers don't currently support TCP at all. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailin

Re: Unreachable IP in allow transfer

master, it will time out when it tries to perform a zone transfer. I'm not sure why this would cause slow response times, though. I assume the zone transfer is done in a separate thread from query processing. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy

Re: NOTIFY from masters when slave provides several views

r views) and the server > answered queries for the zones it hosted regardless of whether it was set > to "allow-query { internal; customer; };" or "allow-query { any; };". Do you still have views configured? I think the view options override the global options. -- Ba

Re: NOTIFY from masters when slave provides several views

statements. > > Also, the external view doesn't provide recursion, while the customer > and internal ones do. And this is a job for allow-query and allow-query-cache. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll re

Re: Servers loading zones with lower serials

ecking is only done by slaves when checking whether they need to perform a zone transfer from the master. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-use

Re: TCP support in clients and servers

e has given much thought to this before. The DNS RFC's say that UDP MUST be tried first for everything other than zone transfers, and TCP is only used as a fallback if the response is truncated. And the reasons for truncation have been obviated by EDNS0, so the general expectation is that t

Re: query (cache) 'coriander.plus.com/A/IN' denied

In article , Ronan Flood wrote: > Barry Margolin wrote: > > > This suggests one of the following problems: > > > > 1. 95.102.17.107 is pointing to your nameserver in its resolver > > configuration, but your server doesn't allow them to use you as a >

Re: query (cache) 'coriander.plus.com/A/IN' denied

t. It doesn't look like #2. The zone is delegated to ns1.force9.net and ns2.force9.net, and they appear to be responding properly. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** _

Re: zone transfer from slave to master not working

slaves continue to serve the last known good version of the zone. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Zonefiles & CIDR

; Rather than have to enter loads of lines to match up wide spans of ranges > I would like to define them using CIDR, but it seems it does not support > it. Maybe you can do what you want with $GENERATE? -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me o

Re: will blocking getting hammered by cache request do anything?

locking the requests at the border of the network would do anything > meaningful? If you block it on the firewall, then the requests will never hit the server, so of course it will mitigate its effect on the server. It won't help with the downstream bandwidth on your DSL, but it will

Re: how to create a private "test." zone?

's a forward zone for it, obey it (send to its forwarders if any, otherwise follow NS records). If there's global forwarding enabled, send to them. Follow the NS records. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEA

Re: [OT] Is it possible to set a ddns hostname to access a name-based virtual host?

ion, though, the distinction between URL and URI is probably irrelevant. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Adding records to a domain I don't control for anyone who uses my nameserver

nk you can do this with BIND. Its database is organized by names, not types. If a server is authoritative for a name, it will never recurse for that name. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group ***

Re: ARPA entries for a host with multiple IPs

en you should make the PTR record point to this name. E.g. the forward zone for myzone.com would contain: ws IN A 1.2.3.1 IN A 1.2.3.2 IN A 1.2.3.3 ws-1 IN A 1.2.3.1 ws-2 IN A 1.2.3.2 ws-3 IN A 1.2.3.3 and the reverse zone 3.2.1.in-addr.arpa would contain: 1 IN PTR ws-1.myzone.com. 2

Re: Is it possible to set a ddns hostname to access a name-based virtual host?

t out. I only have a web > client such as ie or firefox to access the above url? Do you mean > that I must setup a local webserver, say by using apache to do that thing? The operators of the dynamic DNS service may offer an HTTP redirect service that does this for you. -- Barry Marg

Re: query an external nameserver doubt

In article , Nuno Ribeiro wrote: > Is it possible to send a query to a external nameserver that can be a CNAME > for a record located in other nameserver zone where we are authoritive? It's hard to parse this. Could you give an example of what you're asking about? -- Bar

Re: Multiple SOA

sfer from ALL of them. If any of them are down, the rest will still be used. Like I said, the SOA record is totally irrelevant for zone transfers. All it cares about is the list of masters in named.conf. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on repl

Re: Question about views

subnets: eg 10.228.88.x, > 10.228.89.x and 10.228.90.x)? > > Thanks in advance for any advice or help. > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Barry Margolin

Re: Multiple SOA

amed.conf. You can list multiple masters there, and the slaves will pull from any master that has a higher serial number than the one they have. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** __

Re: Caching-only Name server does Zone Updates

if I am wrong, I thought that for cache update it should > update only one record. So why so many updates are been made. The response probably contained NS records in the Authority Section and the corresponding A records in the Additional Section. These update the cache as well. -- Barry

Re: Caching-only Name server does Zone Updates

we found that there was a reverse lookup for some > IP address which was in the dnscache file. (dnscache is the root hint file) The only things that should be in the dnscache file are NS and A records for the root servers. I have no idea if it uses any of the other records. -- Barry Mar

Re: How many nameservers?

to happen if you overflow in the Additional section, is it? These records are already optional, so they can be left out if it would cause the packet to exceed the maximum UDP size. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I

Re: A newbies Bind question

on't leave the local LAN. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Open Ports in BIND

to me? It's sessions from clients to you. > what is the meaning of tcp clients:3? TCP is usually used for zone transfers, but may also be used if a response is too big for UDP. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

ction, the client will do its own A query. There's no requirement that the response to the MX record include the A record. It's nice if it does, since it saves a query, but this is just an optimization. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't cop

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

In article , mlel...@serpens.de (Michael van Elst) wrote: > Barry Margolin writes: > > >customer.com. IN MX 10 mx.yourdomain.com. > >mx.yourdomain.com. IN CNAME mx.outsourcer.com. > >mx.outsourcer.com. IN A ... > > That's just the same as > > |

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

In article , Mark Andrews wrote: > Liberal in what you accepts means don't die on arbitary > input. You should still reject rubbish. But MX pointing to CNAME is not "rubbish". It's a violation of the letter of the spec, but it's very clear what i

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

x27;s clearly state that SMTP servers are to accept and lookup a > >> >> CNAME. > >> > > >> > > >> > [RFC974] explicitly states that MX records shall not point to an alias > >> > defined by a CNAME. That is what I was talking abou

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

your CNAME record. And if the outsourcing company re-IPs their server, they change the A record. Everyone can perform their job without having to make any of the downstream customers adjust their records. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

have heard of it. So you're not following the "be liberal in what you accept" half of the Interoperability Principle, which is intended specifically to avoid problems due to such confusion. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on

Re: What are these entries in the log file - " query: . IN NS +"?

> > >Have you implemented BCP38? If not, why not... > > > > I have no idea what BCP38 is and how I can implement that. > > http://www.ietf.org/rfc/rfc3704.txt That's BCP84. But in either case, implementing it doesn't protect you from attacks like

Re: Forcing a secondary update...

esn't find zone files, it will have to pull them from the master. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: What are these entries in the log file - " query: . IN NS +"?

om their customers. Since there are many ISPs out there that are too lazy, incompetent, or just don't care, where probably never going to be rid of these kinds of attacks. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in t

Re: Newbie question about registrar DNS servers and NS records

authoritative" than the delegation records in the parent zone. If your server includes the NS records in the Authority Records section of the response, they will override the ones cached from the parent server. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't c

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

;re supposed to follow CNAME records automatically, and return the requested record type from the canonical name. There isn't even an option in the DNS spec to tell the resolver not to follow CNAMEs. The only way to avoid it is to query for the CNAME explicitly. -- Barry Margolin,

Re: reverse lookup to CNAME

anything would be > appreciated and i do still have the option of telling them its not > possible so if it is a bad idea please let me know. Why don't you just use normal reverse DNS: zone for 1.1.1.in-addr.arpa 1 IN PTR metis.local. IN PTR bob-www-sol-l01.loc

Re: rndc halt -p behavior

inutes to drive here. The documentation even says that the purpose of returning the PID is so that you can tell when the process has actually gone away. What would be the point if the command didn't returning until the process had exited? -- Barry Margolin,

Re: SERVFAIL issues

, Tatuya > Internet Systems Consortium, Inc. > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Zone Transfer Problem - Keep getting not authoritative

in" in { > > > match-clients { trusted; }; > > > recursion yes; > > > additional-from-auth yes; > > > additional-from-cache yes; > > > zone "." in { > > > type hint; > > > file "db.rootcache"

Re: Any options in named.conf to force recursion?

sed to point to authoritative servers, so there's no reason to send these as recursive (many, if not most, authoritative servers have recursion disabled, so sending them recursive queries is pointless). -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me

Re: Issues in delegating to subdomain owned by other company

__ > > bind-users mailing list > > bind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/b

Re: Conflicting glue records?

> > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Barry Margo

Re: Help tracing out a strange lookup case

: 0 ;; QUESTION SECTION: ;crm.share-ideas.com. IN CNAME ;; ANSWER SECTION: crm.share-ideas.com. 3600 IN CNAME share-ideas.com. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** __

Re: Bind 9.5 configuration doubt

mes (with no trailing "."), but if you want to use the zone name (or origin) itself you need to use "@" to achieve this. There's nothing wrong with using it on the RHS, although this is relatively uncommon because it's unusual to point anything to the zone itself exc

<    1   2   3   4   5   6   >