is really allowed.
Then what is the basic recursion option for now? Is it just a
hold-over from more trusting days?
it's kind of general switch to allow/deny recursion.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertisi
-stub;
server-addresses { 192.168.1.23; 192.168.1.24; };
};
so a "type static-stub" works, while "type forward" does not?
Is this another difference between those two types?
("type forward" has one advantage: it allows standard resolving to
file.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
said: ANYONE, DO NOT ALLOW RECURSION FOR OUTSIDE CLIENTS. EVER.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's sp
re people just can not put their own domain anywhere in
the DNS tree, because they simply do not have any domain seen in the public
available (no company's domain, using multiple ISPs etc)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-m
On 28.02.13 08:41, Abdul Khader wrote:
Is there a way to flush MX records from the cache of a caching DNS server ?
No. You only can flush whole cache (rndc flush) or flush records for given
domain (rndc flushname).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
ssibly detect the link outage sooner
and switch to another link, maybe with NATting to other IP. However, your
DNS problem chould be solved by BIND configuration.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this addre
ed AS number for this, provider-independent IP Addresses are
quite enough (at least here in Europe)
I just did not want to explain this more deeply - that is question for the
OP and their ISP.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e
l.com :
; <<>> DiG 9.8.1-P1 <<>> mail.com
[...]
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
this is clearly a cached answer (aa flag is missing). How did you come to
the conclusion that caching does not work?
--
Matus UHLAR - fanto
27;t see anything in the release notes for 9.8.4/9.8.5 - any ideas?
This is with the Spamhaus DBL, in case it matters.
do you have local copy of spamhaus DBL?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address
from TCP+UDP port 53 coming to any >=1024 port on
your nameserver.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for g
. Are there other limitations I should be aware of while developing my script?
Yes, you should not abuse any service, whether you monitor it or not.
For example, you should not send extensive queries to foreign servers.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warni
ve DNS that are declared as
a forwarder in the named.conf.options settings.
Why do you define such forwarders in named.conf at all?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu c
l
incoming traffic to your DNS server where source port is 53.
all the "security" is useless if blocks your service. Luckily, most of
firewalls can track the "connection" state.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to rece
answer the
authoritative data.
You have said you do not have recursion allowed, why do you expect it to be
allowed now?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
ame result as Chris. Please show us how you do the "dig".
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up
like this:
On 28.03.13 17:00, Ben-Eliezer, Tal (ITS) wrote:
Hi Chris, this looks interesting, I'll do some testing and report back!
Note that this way you won't maintain two copies of the same file, but three
different files and with each change you'll have to choose where to
firewall level.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept
root dns populate issue or
something else? Is there a way to force DNS server to update from root?
dopmain positivebrain.asia has invalid NS records. maybe a web DNS checker
could provide correct answer, although you must try more of them...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
lid record?
because while delegation NS records are OK, the NS records in domain itself
are broken. With the first lookup you may get the answer from the parent
servers, but later lookups will use broken NS records and thus they will
fail.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.f
ames that don't start with www. is the common case now. Can we
save our energy for something more productive?
Why did you post this then?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie:
ND servers, although you may want to have
at least two of them, to have backup if one fails.
imho you should first answer my first question and then you see if you need
to increase clients-per-query or not.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT
s to three servers, of which one
returns positive answer and two reply NXDOMAIN (no such host).
seems someone configured invalid serial to reverse zone and now slaves don't
fetch updates...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-m
why securedns is the only way to avoid this
attack.
Once the spoofed answer with guessed ID and containing NS records of
attacker's servers is accepted, the attacker owns the domain at least within
your nameserver.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
52538: view
external: query (cache) 'hao.360.cn/A/IN' denied
Aren't thosedomains pointing their NS onto your nameserver? What's your IP,
if it's not secret?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-ma
also complain if the service does not work
properly
if you want to be really a bitch, you can set up recursive view with "."
domain providing * records.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this
13 00:45:37.447 general: warning: zone
/IN: gc._msdcs./A: bad owner name (check-names)
default.log:12-Apr-2013 00:45:37.447 general: warning: zone
/IN: gc._msdcs./A: bad owner name (check-names)
Hmm, aren't those supposed to be SRV reco
bind 9.4 has also "check-names response";
Ok, I'm reading up on that now. Should I be able to suppress the logging
using: "check-names response ignore;" ?
This should be the default. Also, current version could have better handling
of this issue...
--
Matus UH
accessible and their RTT. It tends to prefer
theone with shoertet RTT but ocasionally re-tries (RTT can change over
time. If notice comes, BIND tends to prefer server that has sent it.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising
t way.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite?
don't like to see. The filtering or
diferentiating messages can be done on better way than modifying subject.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
heir job and home.
...I still think it would be better to have reserved private TLD for
intranets as we have IP's in rfc1918 (plus rfc6598 for ISPs)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Va
On 09.05.13 10:21, Tony Finch wrote:
> Right. Give each student a subdomain of some existing domain, even if the
> subdomains aren't publicly delegated.
Matus UHLAR - fantomas wrote:
yes, so they will start using it in their job and home.
On 09.05.13 16:01, Tony Finch w
e services broken like this of
any ISP. I'd even recommend not to use ANY services of such ISPs.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu pos
oot";
masters { 192.5.5.241; };
notify no;
};
I thought this is not oficially recommended for ordinary users to prevent
root servers from being overloaded (transfers use much more resources than
ordinary lookups). Has this changed?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http:/
On 21.05.13 11:03, Mark Andrews wrote:
>The simplest solution is to slave the root zone and
>turn off notify to so you don't spam the official
>root servers. 192.5.5.241 is f.root-servers.net.
In message <20130521072352.ga17...@fantomas.sk>, Matus UHLAR -
m which are specific authoritative
DNS servers to mycompany.com But administrator does not know which one has
it
So, is that mytestdomain101.com or mycompany.com or mygeo1.mycompany.com?
It would be easier to look at the problem if you provided us correct data.
--
Matus UHLAR - fantomas, uh..
logical to ask again if
someone replies THERE IS NO SUCH RECORD. You need to fix your DNS
infrastructure, not try to circumvent it's issues.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie:
;t do that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a tal
ould a loop not occur if the forwarder
matches this view?
local domains are served locally. Only recursive queries are being
forwarded.
To ask the question another way, does the zone statement take precedence on
matching queries over any forwarding?
yes.
--
Matus UHLAR - fantomas, uh...@fanto
ers { stealthMasters; };
notify explicit;
also-notify { publicSlaves; };
allow-transfer { localhost; transferees; };
};
Have you looked carefuly enough, and to the correct file if there is no
missed character that makes the configuration invalid?
Have you run named-checkconf w
resubmitting a query after NXDOMAIN is received is an ugly hack and
violates the DNS principles. The problem must be solved by DNS tools.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tu
.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watson. --
above, authoritative and glue NS records should
be the same). But don't tell me that you use TTL so small that someone
would notice.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto ad
On 21.06.13 02:00, blrmaani wrote:
The additional-from-auth yes_or_no ; option is a global option. I would
like to know if there is a per-zone configuration to do the same in BIND9
configuration? I couldn't find it in BIND9 ARM.
What is the point of your question?
--
Matus UHLAR - fan
I would be interested to hear about any red flags you may see.
I don't see any ... since the problems reported were not true, we may assume
there was no problem causer by one of your servers' outage.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I w
message, it can mean anything. Which MX server started
bouncing meil? Is ns1.starionhost.net reachable from that server?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
as it is. However if you want to have clean
shield, there's one thing abovbe to fix (PTR to nonexistent name).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
ional records being
sent from a selected list of zone in our configuration..
You still have not answered my question, so I repeat it:
> What is the point of your question?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising
you have
no SOA set for for ns1.starionhost.net:
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only
On 24.06.13 07:41, Frank Bulk wrote:
Interesting to note that querying for ANY does return an SOA. I can't
explain that behavior.
On 24.06.13 14:54, Matus UHLAR - fantomas wrote:
I can guess a kind of DNS filter/firewall. Some l3 switches or load
balancers tend to produce strange result
r the zone, the given NS records prevail over delegation
from parent zone.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, wh
mail/bind-users/2013-June/090970.html or pcap
format at http://test.fantomas.sk/74.87.108.83.dns.pcap
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu
f DNS load
balancers...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windo
alling software from scratch.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective
ssues and overall my DNS was just erratic. I have now moved all of my
secondary to BuddyNS with much better redundancy, and I figured out what
was causing my ns1 to be glitchy.
Can you tell us what, just for evidence?
Thank you.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantom
.
If they are accessible from us, of course. We could check it ourselves and
see how it behaves from the net.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
pen. I don't know of anything to be gained by
requiring a reverse lookup after a forward lookup.
He apparently meant exactly the same. Also calles FcRDNS - "forward
confirmed" or "full circle" reverse DNS.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantoma
>In article ,
> Charles Swiger wrote:
>> Certainly. Various software performs what's called a double-reverse
>> lookup
>> to confirm that the A and PTR records match.
In article ,
Matus UHLAR - fantomas wrote:
He apparently meant exactly the same. Also calle
to implement packet rate limiting - a patch was
discussed here a few days/weeks ago.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etr
tware should get NXDOMAIN answer. in such
case there's nothing to wait for any longer.
Are you sure that was not a case of unreachable servers?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovani
/ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html#id2576269
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu pos
UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's
o.za.
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +norec any rbcaa.co.za.
; @babylon.mitsol.co.za.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 52980
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
--
M
changed to
zone "110.252.173.in-addr.arpa" IN {
All the requests for
173.252.110.0-173.252.110.255 is forwarded to 10.10.96.1.
Use 110.252.173.in-addr.arpa then. You should be aware that the IP range
belongs to facebook, as already noted.
--
Matus UHLAR - fantoma
ts.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Matus
; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ns1.alfransi.com.sa. IN ANY
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT aku
ragraph 6.2; and Appendix A point 4.
This was discussed here already, and imho this is anti-spf bullshit like
all those "spf breaks forwarding" FUD. The SPF RR is already here and is
preferred over TXT that is generik RR type, unlike SPF.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ;
g without
changing envelope address is already broken, it's just people don't care
without SPF.
I have a case I am researching right now
where forwarded mail is undeliverable due to SPF checking at the
new destination.
Rewrite the sender's address. You have more choices,
-addr.arpa
maintained by the client.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BS
In article ,
Matus UHLAR - fantomas wrote:
No, it does not. If a mail gets delivered to address, which is sending it
further ("forwarding it"), the envelope sender has to be changed, because
it's not the original sender who sends the another mail. Forwarding without
changing e
nd charge you for it.
... and please, do not tell me that is to keep the spammers out
because that so far has not proven to be true. The bad guys have an
unlimited number of domains to do their dirt work everyday.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish N
On 8/10/13 3:37 AM, Matus UHLAR - fantomas wrote:
however, reverse DNS records must not be zero-filled (those won't be taken
into account)
On 10.08.13 10:26, Eduardo Bonsi wrote:
I put zeros just as an example.
it can be 111.111.111.111 where 1= (any ipv4 number) or
000.000.000.000. wh
On 17.08.13 10:36, Mimiko wrote:
I created a zone with the following:
[...]
But the answer is always un-authoritative. Why is this?
did you also configure the server to be master forthe zone?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to
t blocks DNS?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamili
do dig -x 7.7.7.7, which is in the configured zone for DNS
10.212.24.11, i am not able to get the responses cached.
what is the TTL of those NXDOMAIN answers?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
to forward 7.7.7.in-addr.arpa, 7.7.in-addr.arpa or
7.in-addr.arpa, depending on what is configured on 10.212.24.11.
BTW, are you aware that 7.7.7.7 is used by DoD and 9.9.9.9 by IBM?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail adverti
?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them you
simply provides you the remaining TTL. If you do it again, you will see
TTL has either decreased in the time difference, or the records were fetched
again.
the discussion a few days ago has revealed that BIND does not recursively
fetch records when you send ANY query.
--
Matus UHLAR - fantomas, uh..
ws machines (I still feel it's better to install bind9 with "tools
only" on windows than using nslookup). using ping is not a good idea for DNS
testing.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this addres
issue.
you apparently have not configured views properly. only clients that are
supposed to get internal private addresses should be in internal view.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address
should NOT mention both IPs in any view.
hosts from internal view should get internal IP and hosts from external view
should get external IP.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto ad
includes (I recommend you
not goind more than one level of inclusion) were are the view definitions.
you said Check their match-* directives, post them here if possible.
check all used files and view definitions for "match-" directives.
--
Matus UHLAR - fantomas, uh...@fantomas
makes me wonder:
-Is this addressed by a standard? E.g.,
the nameserver's A record have the same
TTL as NS records pointing at it.
It should be the same, when the server is in the domain. I met exactly
those issues when NS record had longer ttl then the A record in the same
domain.
to sane standard value (e.g. 43200).
You may ask for access to win2003 servers to manipulate their caches, or
configure your zone as slave on them and send notifies to them, so they
notice as soon as possible.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish
On 15.10.13 22:53, babu dheen wrote:
To: Matus UHLAR - fantomas , "bind-users@lists.isc.org"
Hi Matus,
you don't need to send me private copies - we are using a mailing list for
a purpose... thank you.
If I change the TTL value on the particular zone after modifying a
com.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her frie
o was it?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
There's a long-standing bug relating to the x86 architecture that
allows you
s.net.
. 518400 IN NS m.root-servers.net.
;; Received 520 bytes from 201.76.40.2#53(201.76.40.2) in 235 ms
I would expect root NS referrals to be in additional section, therefore not
causing truncation.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish N
acket sizes or disable EDNS for that
domain? Could you also, please, share the tcpdump line you used to get
that package details?
seems their nameservers are working correctly now, with or without TCP (even
with EDNS0)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warni
work, unless your firewall blocks those too...
I'm trying to reach the my client's network team and check if their DNS
servers are allowed to make outbound connections to port 53. Which seems
it is not the case.
I'll reply to this thread once I contact the firewall's owner.
-only, it is only contacted by other (recursive) DNS servers
that would (or, at least should) not trust what it says in ADDITIONAL
section of its responses (where the CNAME content in non-authoritative cases
belongs to).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
d the directory and/or made it writable by that user, CPU
consumption fell down to reasonable values
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel uni
58.27.124.225
a336.g.akamai.net. 6 IN A 58.27.124.200
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Quantum mechanics: The dreams stuff is made of
.
emp-live.bbc.net.uk.140 IN CNAME emp.bbci.co.uk.edgesuite.net.
emp.bbci.co.uk.edgesuite.net. 2576 IN CNAME a336.g.akamai.net.
a336.g.akamai.net. 20 IN A 80.239.149.26
a336.g.akamai.net. 20 IN A 80.239.247.14
--
Matus UHLAR - fantoma
question...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site
SERVFAIL.
Out of 5 zones (3 forward, 1 IPv6 reverse, 1 IPv4 Reverse) the IPv4
reverse zone is the only one which fails.
Does the master answer SOA requests for all requests correctly?
Does it answer AXFR requests from slave correctly?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
r.arpa/IN' from 192.168.5.1#53: failed while receiving
responses: SERVFAIL
Dec 19 17:51:48 server2 named[7866]: transfer of
'5.168.192.in-addr.arpa/IN' from 192.168.5.1#53: Transfer completed: 0
messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
what's in logs on ma
nt-category yes;
print-severity yes;
print-time yes;
};
category xfer-out {
xfer;
};
};
that's why I prefer logging everything somewhere...
maybe it's in other category...
--
Matus UHLAR - fa
101 - 200 of 1048 matches
Mail list logo
