When are tcp dns queries necessary?
It was my understanding that clients could user tcp or
udp.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
___
bind
/bind/named.conf.local:38: unknown option 'allow-transfer'
/etc/bind/named.conf.local:42: unknown option 'check-names'
/etc/bind/named.conf.local:43: unknown option 'check-names'
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications
not supported
How serious is this? What likely isn't working as things
look quite normal on this test system?
rndc works and the status shows exactly the same output
I used to see in 9.3.6.
Thanks.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information
and, well,
that's another war story. The main thing is that each slave is a
perfect backup for your whole operation. It takes very little
effort to set them up and almost no maintenance afterwards. They
just run themselves quite nicely.
Martin McCormick
___
bind
Hauke Lampe writes:
When BIND writes zone files, it uses $origin to group records that share
a common base name. Just update delete/add all records and the mixed
case $origin disappears.
It did. Many thanks.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology
and the
rest just keeps working.
Thanks for any and all suggestions.
Martin McCormick
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
for now.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
collected if left untouched
after 7 days IIRC)
plus much more great information. Thanks for an excellent
answer.
Martin McCormick
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
our legs as we climb up.
Many thanks.
Martin McCormick
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Niobos writes:
Definitely consider the 9.7 series! You can enable auto-dnssec which
will maintain your signatures for you out-of-the-box. It also supports
key rollover, but IIRC doesn't generate new keys at this moment.
That's not much of a problem. Thanks for reminding me of 9.7.
Martin
what a few of the
flags are capable of. If it can read named.conf, it should get
the zone file name from that.
Thank you.
Martin McCormick
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
to a member of this list for helping me better use the
available tools.
I had been using named-checkzone and named-checkconf for
years to check syntax but these do so much more. Many thanks to
the ISC community for designing such good applications.
Martin McCormick
This compiles a useble zone, ignores name warnings and prints
all the dodgy MX records and other possible issues you may have
with this zone.
Martin McCormick
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo
For the sake of thoroughness, the -j flag causes
named-compilezone to also look at the .jnl files so that the
zone you getis as up to date as possible.
Martin
___
bind-users mailing list
bind-users@lists.isc.org
.
Martin McCormick
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
.
This is my week for asking novice questions, but I don't
get to see what happens when the master goes away all that often
and what I saw wasn't pretty.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
there was no more input to be read, one could
never see it. I expect the file descripter gets lost in the
rollover.
I built another system and used the same script to set
things up and it had the same problem but it was logging so
that's how I found out what to fix.
Martin McCormick
site lookups.
Any ideas are appreciated. Most of the error messages in
bind9.7.1 are fairly self-explanitory but this one has me
scratching my head.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
.
To be truthful, the firewall was low on the trouble-shooting
list because it had worked for so long.
Thanks very much.
Martin McCormick
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
similar to
category lame-servers { null; };
directive that will make these messages stopp logging without
effecting other possibly important types of messages?
Thank you.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department
Paul Ebersman writes:
category edns-disabled { null; };
should make you happier.
I must get a newer edition of DNS and Bind, but thanks
to you and the list for your patience.
Actually, I am not sure whether it is mentioned in the
4TH edition but searching for something
.
Martin McCormick
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
the problem.
Thank you.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Barry Margolin writes:
Do you have recursion enabled on your server?
A good question. I have never explisitly disabled it and
it appears to be on.
We have an allow-query list based on ACL's so that
callers from inside our networks get both recursive and
nonrecursive lookups.
it good script where it
just chown's everything to the proper directories? That would be
very helpful.
Martin McCormick
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
. this totally breaks nsupdate unless
you force the server and zone information.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
___
bind-users mailing list
bind-users
Is there a recommended set of firewall rules that insure that all
necessary DNS traffic can enter and leave, even the larger
packets that result from dns-sec?
We want port 53 traffic from anywhere, in this case and
can send it anywhere, and want to be sure that no port 53
traffic is being
leak out of
this experiment is treated as junk and ignored.
Many thanks.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
___
bind-users mailing list
bind-users
John Wobus writes:
I think you want a *.com entry as well as the * entry.
I have now put in an entry like:
*.com. IN A 139.78.6.193
I still have the same behavior as before. The allowed
domain succeeds and all others get a SERVFAIL where they should
resolve to 139.78.2.193
Stacey Marshall writes:
The master NS would only need to load the
root.zone file,
Other name servers within the private network would load the hint file.
That was it! The bogus DNS now does it's special
resolution like it should. Many thanks.
Martin McCormick
dhcpd?
I guess I was lucky before that there wre no spaces in the
previous key.
Thanks for any help.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
___
bind-users mailing
Torinthiel writes:
Try deleting the space. Just this. dnssec-keygen inserts space for
readability purposes only. If you still have original *.key and
*.private files, you can check it yourself, that the Key field in
*private contains exactly the same as *.key, minus the space.
It actually had
thanks.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
of that A record
also show up in the log?
Thank you.
Martin McCormick
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind
Kevin Darcy writes:
Don't think that's a logging option, but if the Dynamic Update is still in
the zone's journal file, you could use journalprint (or
named-journalprint as it's called in later versions) to see the gory
details...
Thank you. That should do the job.
Martin
will keep whatever value we originally
had.
Many thanks.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
Phil Mayers writes:
If you want TTL, you will need to use DNS-specific functions like the
res_*
API. You need to be sure you are querying the master, otherwise the TTL
will be the one from cache, not the real value.
I appreciate this information as it sounds like I am
using the wrong
for any light you can shed on why host still thinks there
is something there.
Martin McCormick
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https
Kevin Darcy writes:
I don't use host very much, but I would assume it returns a successful
exit code as long as the RCODE of the response is NOERROR. This would
explain the behavior you are seeing, since by creating a name
www.physicscourses.okstate.edu, if its parent
any
problems like this.
There seems to be no reason why some remote domains
work and others don't. I am asking on this list in hopes that
somebody has seen something like this somewhere else and found
the cause.
Thank you.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU
John Miller writes:
Just to clarify, how many domain names are doing this for you? Are they
all
remote domains, or are some of them okstate.edu domains?
They are all remote as far as I can tell.
I will have some answers for Barry Margolin's questions a bit
later. It seems like the tear of
I described a case where one of our remote campuses can't
resolve a number of remote domains. One example is noaa.gov. It
also successfully resolves random remote domains without
seemingly any rime or reason.
Here is a bad dig trace for noaa.gov
; DiG 9.7.7 @localhost +trace noaa.gov
the
hurricane is not to blame.
I will let the group know what happened as soon as we
find out, ourselves.
Martin McCormick
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
If I do:
dig @localhost +short +trace somehost.okstate.edu
on a server authoritative for the okstate.edu domain, I would
expect resolution via that authoritative system. I do get it but
the query takes the scenic route and I get all the root name
servers just as if the query was for some host
Thanks to all who reminded me how dig resolves lookups.
I have since learned that we are apparently having
intermittent network issues that are causing a lot of systems to
behave oddly and our DNS's are only reflecting those conditions.
We were taking anywhere from 0 milliseconds
of internal and external-facing
DNS's that we can do to be sure that local resolution stays up?
Thank you very much.
Martin McCormick Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
___
Please visit
itself
by downloading all its zones again. What should we expect from a
master DNS?
Martin McCormick
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
only knows what is actually being received by
bind. Is there any way to narrow down wht part of the request is
broken/missing?
Thank you.
Martin McCormick
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
48 matches
Mail list logo