dcard stuff is
helpful or not.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
Please visit https://
o change the name in the PTR record I edit 1 file instead
of every zone file.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-33
truncated.
It can cause more subsequent queries, to get the information which would have
been in the first response, but they'll probably all be UDP which might be
better than fallback to TCP.
________
Jay Ford, Network Engineering Gro
at's about?
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
Ple
problem.
If the traffic is spoofed as being from your clients, stop accepting traffic
from elsewhere sourced from your client address space.
____
Jay Ford, Network Engineering Group, Information Technology Services
University
bxml2 version: 2.7.6
RHEL6 has kernel variable net.ipv6.bindv6only set to 0, which might or might
not be related. BIND 9.8.5-P2 works correctly on a RHEL5 system which also
has it set to 0. There are some comments in some of the 9.9 release notes
about bindv6only, but I couldn't find anything specific to this situation.
Is this a configuration problem or somethi
On Thu, 5 Dec 2013, Shumon Huque wrote:
On 12/5/13 11:49 AM, Jay Ford wrote:
I'm testing BIND 9.9.4-P1 on a RHEL6 system & am getting this log message:
/etc/named.conf:56: couldn't add command channel 127.0.0.1#953:
address in use
I'm going to take a guess: you mig
om" {
type slave;
file "/var/named/slaves/example.com.zone";
masters { 10.0.0.1; };
also-notify { ::1; }; // internal->external trickery
};
};
The relatively new ability to specify a key in a "masters" statement can
als
On Thu, 6 Feb 2014, Chuck Anderson wrote:
Neat. Is there any problem with using the exact same zone file in
both views? I worry that one view might fight with the file from the
other view...
Oh yeah, sorry, I left that bit out. The slave files do need to be unique or
they will over-write ea
some sparse subnets delegated at /56 & such to avoid
having a bunch of zones with almost nothing in them.
____
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
emai
ight or
might not be a problem.
If you do split-view games, things get even more interesting.
____
Jay Ford, Network Engineering Group, Information Technology Services
University
ve some fun,
purposefully break some part of your test zone & see how the above tools show
it.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 5224
oken.
dnsviz.net reports a couple of warnings, including a non-AA answer from
authoritative servers, but it doesn't say it's bogus.
If anybody can spot something broken for www.hrsa.gov, I'd be very glad to
hear about it.
llent as always & crazy fast,
too!
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-
___
Please visit https
ies? If not, then RRL is probably
not your trouble. Other things like insufficient UDP buffering, lacking CPU
horsepower, or overwhelmed iptables connection tracking can also cause
time-outs.
____
Jay Ford, Network Engin
don't see anything that will help?
Assuming zone transfers are allowed:
dig -t axfr zone_name @127.0.0.1 >rescued_zone_file
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Io
though.
Right.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
bind-users mailing list
bind-users@list
dr.arpa & define records like
"d.c.b PTR name." for address a.b.c.d.
Note the order of the address components in the zone file, with least
significant furthest left.
________
Jay Ford, Network Engineering Group, Information
st code ever written & I
didn't increment any of the version headers, but it might be useful to some
anyway.
ISC folk:
Please consider incorporating this or something similar into the stock
dnssec-signzone.
____
Ja
rt signing
the zones for DNSSEC, but you might be able to play symlink games with the
unsigned file names to deal with that.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, I
above the delegation cut,
instead of the NS records as known by the child below the delegation cut.
Differences in those sets can sometimes be, shall we say, interesting.
____
Jay Ford, Network Engineering Group, Information Technolo
subject line includes "private". What is it that's private about this
situation?
____
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa
On Mon, 6 Dec 2010, Barry Margolin wrote:
In article ,
Jay Ford wrote:
On Mon, 6 Dec 2010, Martin McCormick wrote:
the config for this private zone is:
zone "r.ds" {
type master;
file "/etc/namedb/master/r.ds.zone";
allow-update {
key updsrv;
}
e on the slaves. I am running 9.7.2-P3. Thanks.
Does the "-b" option not suffice?
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiow
er DNSSEC-related scripts here (at least for now):
http://seatpost.its.uiowa.edu/bind_stuff
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.
with routine DNS tasks related to
multiple views & DNSSEC. The "check-keys" script might be close to what
you're after.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of I
obably handle it, but only after
dealing with the fact that 2 of the 5 servers don't work. You'll see delays
& possibly failures.
________
Jay Ford, Network Engineering Group, Information Technology Services
Univer
to get them & others to fix it. Further, if it's a systemic F5...
problem, then a different approach is probably in order.
Jay Ford, Network Engineering Group, Information Technology Services
University o
uses this broken behavior?
____
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
bind-user
On Thu, 17 Mar 2011, Mark Bergsma wrote:
On Mar 17, 2011, at 6:48 AM, Jay Ford wrote:
On Thu, 17 Mar 2011, Mark Andrews wrote:
The nameservers for wikipedia.org are broken. They put the wrong
SOA record in the negative response, wikipedia.org != wikimedia.org.
The adminstrators of
serial number. See if that works.
____
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
b
. That is, have 3 files:
1. internal view file: SOA, NS..., internal-only data, & an $INCLUDE of
file #3
2. external view file: SOA, NS..., external-only data, & an $INCLUDE of
file #3
3. common view file: common data (no SOA...)
If the
0.c.0.0.3.9.1.1.0.0.2.ip6.arpa
in which the PTR RR would be:
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR www.example.com
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa Ci
pertinent.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
__
ust split-view, such is if you want the same
data in multiple IPv6 prefixes because they're laid onto the same net.)
The backup files on the slaves are written by named, so each (zone,view)
instance has to have its own file.
_
y defined views (i.e., it unfortunatley doesn't allow forward
references).
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu,
On Wed, 19 Oct 2016, Mark Andrews wrote:
In message , Jay Ford
writes:
Right. "in-view" can be useful for this, as long as you only need to refer
to previously defined views (i.e., it unfortunatley doesn't allow forward
references).
So put the zone in the first view. Update
.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-___
Please visit https://lists.isc.org/mailman/listinfo/bind
On Sun, 10 Sep 2017, Mark Andrews wrote:
I suspect that you are forwarding your queries and that your forwarder is
returning out-of-date addresses.
No forwarding here.
Jay Ford, Network Engineering Group, Information
em,
but it's a little early to tell, & it's not a desirable fix.
I'd appreciate it if somebody who knows the code would comment on the threads
vs DNSTAP possibility or point me in some other direction to figure this out.
I have a named core file & can provide more config..
s a bug... And
a perfect thing to find in rc1. 8-)
AlanC
On 1/2/18 3:00 PM, Jay Ford wrote:
I'm having some odd trouble with DNSTAP output file rolling in BIND
9.12.0rc1.
I have named built like:
BIND 9.12.0rc1
running on Linux x86_64 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-1
(201
or anycast servers;
that's broken in 9.11 but seems to work correctly in 9.12
Jay Ford, Network Engineering, University of Iowa
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ll resolve most of the time, but then fail (NXDOMAIN) for a while.
In the ULA space it doesn't seem trivial to own the top zone (ip6.arpa)
without breaking stuff. Any suggestions for that case?
__________
Jay Ford ,
On Fri, 12 Jul 2019, Mark Andrews wrote:
On 12 Jul 2019, at 1:00 pm, Mark Andrews wrote:
On 12 Jul 2019, at 11:12 am, Jay Ford wrote:
I have a similar problem with zones for IPv6 ULA space. I'm running BIND
9.14.3. I had hoped that validate-except would do the trick, such as:
val
round?
______
Jay Ford , Network Engineering, University of Iowa
On Sat, 13 Jul 2019, Mark Andrews wrote:
I suspect this will be negative response synthesis. The cache has learnt that
d.f.ip6.arpa doesn’t exist in ip6.arpa and when the name in question is looked
up the covering NS
45 matches
Mail list logo