RE: reverse dns for IPV6 ranges

2012-03-12 Thread Jay Ford
dcard stuff is helpful or not. ________ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951 ___ Please visit https://

Re: reverse dns for IPV6 ranges

2012-03-19 Thread Jay Ford
o change the name in the PTR record I edit 1 file instead of every zone file. ________ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu, phone: 319-33

Re: Truncated DNS message over UDP

2012-06-27 Thread Jay Ford
truncated. It can cause more subsequent queries, to get the information which would have been in the first response, but they'll probably all be UDP which might be better than fallback to TCP. ________ Jay Ford, Network Engineering Gro

RSA warnings & errors in 9.8.4

2013-01-04 Thread Jay Ford
at's about? ________ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951 ___ Ple

Re: DDOS attack Bind 9.9 - P2

2013-04-30 Thread Jay Ford
problem. If the traffic is spoofed as being from your clients, stop accepting traffic from elsewhere sourced from your client address space. ____ Jay Ford, Network Engineering Group, Information Technology Services University

IPv4 control socket binding failure with BIND 9.9.4-P1 on RHEL6

2013-12-05 Thread Jay Ford
bxml2 version: 2.7.6 RHEL6 has kernel variable net.ipv6.bindv6only set to 0, which might or might not be related. BIND 9.8.5-P2 works correctly on a RHEL5 system which also has it set to 0. There are some comments in some of the 9.9 release notes about bindv6only, but I couldn't find anything specific to this situation. Is this a configuration problem or somethi

Re: IPv4 control socket binding failure with BIND 9.9.4-P1 on RHEL6

2013-12-05 Thread Jay Ford
On Thu, 5 Dec 2013, Shumon Huque wrote: On 12/5/13 11:49 AM, Jay Ford wrote: I'm testing BIND 9.9.4-P1 on a RHEL6 system & am getting this log message: /etc/named.conf:56: couldn't add command channel 127.0.0.1#953: address in use I'm going to take a guess: you mig

Re: Disabling RPZ for a few clients / views sharing zones

2014-02-06 Thread Jay Ford
om" { type slave; file "/var/named/slaves/example.com.zone"; masters { 10.0.0.1; }; also-notify { ::1; }; // internal->external trickery }; }; The relatively new ability to specify a key in a "masters" statement can als

Re: Disabling RPZ for a few clients / views sharing zones

2014-02-06 Thread Jay Ford
On Thu, 6 Feb 2014, Chuck Anderson wrote: Neat. Is there any problem with using the exact same zone file in both views? I worry that one view might fight with the file from the other view... Oh yeah, sorry, I left that bit out. The slave files do need to be unique or they will over-write ea

Re: IPv6 PTR Records

2014-03-10 Thread Jay Ford
some sparse subnets delegated at /56 & such to avoid having a bunch of zones with almost nothing in them. ____ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 emai

RE: Cloud DNS providers for secondary DNS

2015-12-30 Thread Jay Ford
ight or might not be a problem. If you do split-view games, things get even more interesting. ____ Jay Ford, Network Engineering Group, Information Technology Services University

Re: dnskey algorithm update

2016-01-06 Thread Jay Ford
ve some fun, purposefully break some part of your test zone & see how the above tools show it. ________ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 5224

DNSSEC validation failures for www.hrsa.gov

2016-06-24 Thread Jay Ford
oken. dnsviz.net reports a couple of warnings, including a non-AA answer from authoritative servers, but it doesn't say it's bogus. If anybody can spot something broken for www.hrsa.gov, I'd be very glad to hear about it.

Re: DNSSEC validation failures for www.hrsa.gov

2016-06-24 Thread Jay Ford
llent as always & crazy fast, too! ________ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu, phone: 319-335- ___ Please visit https

Re: Disabling rate-limit?

2016-08-15 Thread Jay Ford
ies? If not, then RRL is probably not your trouble. Other things like insufficient UDP buffering, lacking CPU horsepower, or overwhelmed iptables connection tracking can also cause time-outs. ____ Jay Ford, Network Engin

Re: Recover deleted zone file

2010-10-05 Thread Jay Ford
don't see anything that will help?  Assuming zone transfers are allowed: dig -t axfr zone_name @127.0.0.1 >rescued_zone_file ________ Jay Ford, Network Engineering Group, Information Technology Services University of Io

Re: non-24 bit subnets

2010-10-06 Thread Jay Ford
though. Right. ________ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951 ___ bind-users mailing list bind-users@list

Re: non-24 bit subnets

2010-10-06 Thread Jay Ford
dr.arpa & define records like "d.c.b PTR name." for address a.b.c.d. Note the order of the address components in the zone file, with least significant furthest left. ________ Jay Ford, Network Engineering Group, Information

more flexible serial number handling in dnssec-signzone

2010-10-15 Thread Jay Ford
st code ever written & I didn't increment any of the version headers, but it might be useful to some anyway. ISC folk: Please consider incorporating this or something similar into the stock dnssec-signzone. ____ Ja

Re: Multiple zones pointing to same zone file

2010-10-19 Thread Jay Ford
rt signing the zones for DNSSEC, but you might be able to play symlink games with the unsigned file names to deal with that. ________ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, I

Re: how to see ALL NS records in a zone file with dig

2010-11-12 Thread Jay Ford
above the delegation cut, instead of the NS records as known by the child below the delegation cut. Differences in those sets can sometimes be, shall we say, interesting. ____ Jay Ford, Network Engineering Group, Information Technolo

Re: Private Zones and Deligation bind9.7.2

2010-12-06 Thread Jay Ford
subject line includes "private". What is it that's private about this situation? ____ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa

Re: Private Zones and Deligation bind9.7.2

2010-12-07 Thread Jay Ford
On Mon, 6 Dec 2010, Barry Margolin wrote: In article , Jay Ford wrote: On Mon, 6 Dec 2010, Martin McCormick wrote: the config for this private zone is: zone "r.ds" { type master; file "/etc/namedb/master/r.ds.zone"; allow-update { key updsrv; }

Re: Telling rndc Which IP Address to Use

2011-01-19 Thread Jay Ford
e on the slaves. I am running 9.7.2-P3. Thanks. Does the "-b" option not suffice? ________ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiow

Re: Some dnssec-signzone questions

2011-02-01 Thread Jay Ford
er DNSSEC-related scripts here (at least for now): http://seatpost.its.uiowa.edu/bind_stuff ________ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.

Re: tools for searching/removing stale keys

2011-02-28 Thread Jay Ford
with routine DNS tasks related to multiple views & DNSSEC. The "check-keys" script might be close to what you're after. ________ Jay Ford, Network Engineering Group, Information Technology Services University of I

Re: Advice wanted on Nameserver switchover

2011-03-15 Thread Jay Ford
obably handle it, but only after dealing with the fact that 2 of the 5 servers don't work. You'll see delays & possibly failures. ________ Jay Ford, Network Engineering Group, Information Technology Services Univer

FORMERR for wikipedia...

2011-03-16 Thread Jay Ford
to get them & others to fix it. Further, if it's a systemic F5... problem, then a different approach is probably in order. Jay Ford, Network Engineering Group, Information Technology Services University o

Re: FORMERR for wikipedia...

2011-03-17 Thread Jay Ford
uses this broken behavior? ____ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951 ___ bind-user

Re: FORMERR for wikipedia...

2011-03-17 Thread Jay Ford
On Thu, 17 Mar 2011, Mark Bergsma wrote: On Mar 17, 2011, at 6:48 AM, Jay Ford wrote: On Thu, 17 Mar 2011, Mark Andrews wrote: The nameservers for wikipedia.org are broken. They put the wrong SOA record in the negative response, wikipedia.org != wikimedia.org. The adminstrators of

Re: slave timers

2011-04-18 Thread Jay Ford
serial number. See if that works. ____ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951 ___ b

Re: Split-DNS + Views + master/slave

2011-07-07 Thread Jay Ford
. That is, have 3 files: 1. internal view file: SOA, NS..., internal-only data, & an $INCLUDE of file #3 2. external view file: SOA, NS..., external-only data, & an $INCLUDE of file #3 3. common view file: common data (no SOA...) If the

Re: Format of the IPv6 reversed zone

2011-07-28 Thread Jay Ford
0.c.0.0.3.9.1.1.0.0.2.ip6.arpa in which the PTR RR would be: 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR www.example.com ________ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa Ci

Re: Differences between 9.3 and later versions

2010-02-23 Thread Jay Ford
pertinent. ________ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951 __

Re: Split View DNS

2010-03-11 Thread Jay Ford
ust split-view, such is if you want the same data in multiple IPv6 prefixes because they're laid onto the same net.) The backup files on the slaves are written by named, so each (zone,view) instance has to have its own file. _

Re: view problem

2016-10-18 Thread Jay Ford
y defined views (i.e., it unfortunatley doesn't allow forward references). ________ Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu,

Re: view problem

2016-10-18 Thread Jay Ford
On Wed, 19 Oct 2016, Mark Andrews wrote: In message , Jay Ford writes: Right. "in-view" can be useful for this, as long as you only need to refer to previously defined views (i.e., it unfortunatley doesn't allow forward references). So put the zone in the first view. Update

Re: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints

2017-09-09 Thread Jay Ford
. Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu, phone: 319-335-___ Please visit https://lists.isc.org/mailman/listinfo/bind

Re: Re: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints

2017-09-09 Thread Jay Ford
On Sun, 10 Sep 2017, Mark Andrews wrote: I suspect that you are forwarding your queries and that your forwarder is returning out-of-date addresses. No forwarding here. Jay Ford, Network Engineering Group, Information

DNSTAP output file rolling trouble in BIND 9.12.0rc1

2018-01-02 Thread Jay Ford
em, but it's a little early to tell, & it's not a desirable fix. I'd appreciate it if somebody who knows the code would comment on the threads vs DNSTAP possibility or point me in some other direction to figure this out. I have a named core file & can provide more config..

Re: DNSTAP output file rolling trouble in BIND 9.12.0rc1

2018-01-02 Thread Jay Ford
s a bug... And a perfect thing to find in rc1. 8-) AlanC On 1/2/18 3:00 PM, Jay Ford wrote: I'm having some odd trouble with DNSTAP output file rolling in BIND 9.12.0rc1. I have named built like:    BIND 9.12.0rc1    running on Linux x86_64 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-1 (201

Re: Concerns/warnings in upgrading from 9.9 to 9.11?

2018-01-09 Thread Jay Ford
or anycast servers; that's broken in 9.11 but seems to work correctly in 9.12 Jay Ford, Network Engineering, University of Iowa ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: static stub zone not working as expected

2019-07-11 Thread Jay Ford
ll resolve most of the time, but then fail (NXDOMAIN) for a while. In the ULA space it doesn't seem trivial to own the top zone (ip6.arpa) without breaking stuff. Any suggestions for that case? __________ Jay Ford ,

Re: static stub zone not working as expected

2019-07-12 Thread Jay Ford
On Fri, 12 Jul 2019, Mark Andrews wrote: On 12 Jul 2019, at 1:00 pm, Mark Andrews wrote: On 12 Jul 2019, at 11:12 am, Jay Ford wrote: I have a similar problem with zones for IPv6 ULA space. I'm running BIND 9.14.3. I had hoped that validate-except would do the trick, such as: val

Re: static stub zone not working as expected

2019-07-13 Thread Jay Ford
round? ______ Jay Ford , Network Engineering, University of Iowa On Sat, 13 Jul 2019, Mark Andrews wrote: I suspect this will be negative response synthesis. The cache has learnt that d.f.ip6.arpa doesn’t exist in ip6.arpa and when the name in question is looked up the covering NS