On Mon, 2010-10-04 at 17:29 -0500, Lyle Giese wrote:
> Dotan Cohen wrote:
> > The ports aren't blocked as another site (example.eu) hosted on the
> > 1.1.1.1 server works fine. The working site has both nameservers
> > pointed to that same server (on two different IP addresses on eth0 and
> >
apart from my dig for you not giving real information..
On Mon, 2010-10-04 at 23:08 +0200, Dotan Cohen wrote:
>
> // On 1.1.1.1
> [r...@1.1.1.1]# cat /etc/named.conf
> options {
> directory "/etc";
>
Why are you specifying /etc here?
I suggest you use /var/named
>pid-
On Tue, 2010-11-23 at 14:34 -0800, Kevin Oberman wrote:
> It makes the thread hard to follow!
what rot, its no worse than bottom posters, nor those who forget how to
trim replies to what's relevant, once you become responsible for this
list server, then you can choose, until then, please desist
On Thu, 2010-12-02 at 17:09 +1100, Stelios Georgi wrote:
> I’ve just upgraded my version of bind on my Solaris 10 servers to
> 9.5.1-P3, and it worked for a week until the TTL’s expired after 7
> days.
> I’ve restarted the named daemon but it fails to update any of slave
> servers. It’s deemed usel
On Thu, 2010-12-02 at 13:15 +0700, David S. wrote:
> Hi Mark,
>
> Yes, bind work fine without allow-query statement in view.
> Here is my named.conf and view:
>
> options {
> allow-query { "trusted"; };
> };
>
Correct
> view "mynetwork" in {
> match-clients {"trusted"; };
>
On Thu, 2010-12-30 at 22:42 +0100, Lazy wrote:
> 2010/12/30 Tony Finch :
> > On 30 Dec 2010, at 19:56, Lazy wrote:
> >>
> >> qmail uses ANY so m$ is not getting any mail from us
> >
> > This is several bugs in qmail. It is making the query in order to
> > canonicalize the domain in outgoing emai
Further to my private message, is your border router using bogon
filters?
I can actually get your local NS's using a U.S host on an old IP, but
not from my connection, this suggests an outdated bogon filter
since i'm on 27.x IP range.
On Thu, 2011-02-24 at 15:00 +1300, Gregory Machin wrote:
> H
Hi,
You can pretty much remove the entire statement now, as all /8's are
issued as of about two weeks ago.
(Confirming, with my 27.x IP I can now get answers from your local NS's
so all looks good)
Cheers
On Thu, 2011-02-24 at 17:04 +1300, Gregory Machin wrote:
> Hi.
> Thanks for the support a
In addition to my pvt email Evan
The dev link page still shows 9.7.3 as current production, no 9.8.0, but
going to all downloads shows 9.8.0 as current production, and as things
happen in three's ...
bind-9.8.0.tar.gz clicking on this yields a file called
bind-980targzno periods, l
It should work too, it was fixed within in a few minutes :)
On Thu, 2011-03-03 at 04:47 -0500, Dennis Clarke wrote:
> > In addition to my pvt email Evan
> >
> > The dev link page still shows 9.7.3 as current production, no 9.8.0, but
> > going to all downloads shows 9.8.0 as current productio
On Thu, 2011-03-10 at 19:11 -0600, Dan wrote:
>
> I'll second that, I think everyone starts off on linux as new admins,
> then eventually figures out how great freebsd ports collection is.
> Also have openbsd's PF firewall at our disposal, along with rebuilding
> complete OS in one command, unli
I think you have something broken, bind uses UDP by default, if it can
not connect to a dns server on UDP it then retries on TCP.
It also uses TCP for AXFR's
On Sun, 2011-10-23 at 05:50 +0200, Benny Pedersen wrote:
> On Sat, 22 Oct 2011 20:42:08 -0700, Kevin Oberman wrote:
> > On Sat, Oct 22, 20
because ns3 has only ipv6 address and no ipv4 address and the
server you are checking from has no ipv6 capability.
You are asking for big problems using this method.
You should give all NS records an IPv4 address, and then add in IPv6 on
the ones you can
eg:
ns2 A ip.
Hi,
A question about "$GENERATE", what I'm looking for though is if there's
an option or some way that if an entry is manually made, it will be used
in place of the "generated" entry, at present lookups will return both.
I'm trying to see where we can have-
$GENERATE 1-254 $.9 PTR cpe-9-$.qld.gu
On Sat, 2009-03-14 at 19:19, sth...@nethelp.no wrote:
> > I'm trying to see where we can have-
> >
> > $GENERATE 1-254 $.9 PTR cpe-9-$.qld.guilty_party.removed
> >
> > . and if a client wishes custom rDNS we can insert-
> >
> > 123.9PTRfoo.example.com
>
> You need to have separate
Ed (I didn't see your post to the list?),
I tend to agree with Ben, I looked into this a few years ago and
couldn't see a way, decided it was less time to write a perl script to
automate it all than to keep experimenting.
It creates the PTR zone, adds to named.conf and adds the corresponding A
re
On Thu, 2009-04-30 at 19:38, Scott Haneda wrote:
> On Apr 30, 2009, at 1:43 AM, Kal Feher wrote:
>
> > When I clicked on that link the only error was an MNAME error. Did
> > you see
> > another error? (I wonder if it was a transient error you observed,
> > because
> > it appears different to
Scott,
On Sun, 2009-05-03 at 08:39, Scott Haneda wrote:
> I client of mine has thousands of DNS zones that will need a ttl
> chance and a serial bump. I want to set a relevant ttl to 300 for a
> few days.
>
> After that, an IP address change will be made, and I would like to
> change the
On Sun, 2009-05-03 at 10:12, Scott Haneda wrote:
> On May 2, 2009, at 4:25 PM, Noel Butler wrote:
> >> Any suggestions
> >
> > perl substitutions would be your friend, had to do this myself a
> > few years back, but the key is do fresh backup /var/named first,
On Tue, 2009-06-02 at 13:08 +1000, dantian...@optusnet.com.au wrote:
> Hi,
> I have a bind server I now use as a caching.
>
> In allowing my work desktop to access i found that it was being refused using
> allow-query, but if i add it to recursion it works, have i mis-understood the
> use of al
On Tue, 2009-06-02 at 16:52 -0500, travis+ml-b...@subspacefield.org
wrote:
> Hello,
>
> My primary bind9 name server which does double-duty as a server and recursive
> lookup
> is becoming "wedged" where it does not respond to queries or stop events from
> rndc.
> Sending SIGTERM does not work;
Jason,
Looks like a DNS delegation error, login to your 'MyApnic' and make
sure everything is good.
I can not get an external response here
~$ host 203.22.30.47
Host 47.30.22.203.in-addr.arpa not found: 2(SERVFAIL
~$ dig 30.22.203.in-addr.arpa NS
; <<>> DiG 9.4.2-P2 <<>> 30.22.203.in-addr.ar
On Wed, 2009-06-10 at 11:20 +0100, Jason Crummack wrote:
> dig @82.138.243.4 30.22.203.in-addr.arpa NS
>
I get a response from that IP as well, however from mine, I don't, I
suspect that's the server cache.
Is this IP range still delegated to you?
dig 30.22.203.in-addr.arpa NS
; <<>> Di
My comments below will be to all in general, not to anyone specific and
no offence intended to anyone...
> RE: Advogato:
Who?
> RE: Circlied:
Who ?
Ok enough of the sarcasm :)
Is someone here seriously trying to use those sites as a "reason" to not
do something, might as well reference
RR type SPF *is* the recommended way. SPF RR was ratified some time
ago, any modern resolver knows about it.
If you are using an outdated resolver system that spits errors on that,
that's hardly any ones fault but your own.
However the suggested method at present is to run the TXT as well,
becau
Firstly, I feel this really belongs on mailops not bind list :)
secondly...
On Mon, 2010-02-01 at 00:00 +0300, Wael Shaheen wrote:
> Blocking port 25 is much worse IMHO because it forces users out of the
> service, by restricting their ability to use their own mail servers that can
> be hosted e
On Sat, 2010-04-10 at 21:19 +0300, Mihamina Rakotomandimby wrote:
> Manao ahoana, Hello, Bonjour,
>
> In a zone (the zone == the domain, here), I want a basic thing:
> - mails for the domain goes to smtp1.mg.tambazotra.net.
> - http://the-domain.tld and http://www.the-domain.tld
> both resolve
On Sat, 2010-05-01 at 13:10 -0400, Server Administrator wrote:
> I tried OARC's DNS Reply Size Test on two of my name servers, both on
> the same network, behind the same firewall & router.
>
> Both came back and reported "DNS reply size limit is at least 3843"
> (results below).
>
I'd image s
On Thu, 2010-05-06 at 22:37 -0400, Dave Filchak wrote:
> Our master server machine had a drive failure and looks like it will
> be offline for some time. Somewhere in the back of my mind, I thought
> I remembered that something bad can happen to the dns resolution for
> your zones if the master is
Dave, You are missing the "X" in the -zuka-rw-MailScanner: Found to be
clean line.
and it appears to not match the other X-zuka-RWMailScanner headers, this
may lead to problems, and no doubt if you --lint mailscanner it will
throw errors saying mismatch for SA.
On Fri, 2010-05-07 at 13:47 +1000
Hi,
On Wed, 2010-07-14 at 16:29 +, Kebba Foon wrote:
> Hi List
>
> i have been having issues with my dns server for a while now,
> my server suddently stops answering to queries. i notice that this
> happen when every my recursive clients is more that a thousand, as per
> the result of rndc
On Thu, 2010-07-15 at 10:18 +, Kebba Foon wrote:
> i did i set my recursive-clients to 1 but it does not help.
>
> On Thu, 2010-07-15 at 20:21 +1000, Noel Butler wrote:
> > UDP
>
What version of Bind are you running and un
On Fri, 2010-07-16 at 08:41 +, Kebba Foon wrote:
> am running 9.6-ESV-R1 on Debian 5.0 lenny
>
You might need to ensure your operating system can handle more than 1024
file descriptors as it sounds like it is not, but the logs should
reflect this, this could be your problem, if it's not, th
On Mon, 2010-08-02 at 22:13 -0400, donovan jeffrey j wrote:
> Greetings
>
> i have an internal dns server it resolvs all my queries from the inside.
> I have a mail system requesting an spf record. Should i add the same record
> on the inside as i do for the outside ? i don't want internal addr
in your SMTP/WWW_Module configs, like, for
example in postfix:
reject_rbl_client dul.dnsbl.sorbs.net
I wont go into the fact bind 9.8 is so old its unsupported :)
--
Kind Regards,
Noel Butler
This Email, including any attachments, may contain legally
privileged
informat
ew times what John Blue suggested,
might not stop my resources being abused, but it gets the point across
:)
--
Kind Regards,
Noel Butler
This Email, including any attachments, may contain legally
privileged
information, therefore remains confidential and subject to copyright
p
-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Kind Regards,
Noel Butler
This Email, including any attachments, may contain legally
privileged
information, therefore remains confidential and subject to copyright
protec
On 01/01/2019 12:54, John W. Blue wrote:
> nuff said, eh?
>
> I thought that Let's Encrypt wanted to roll / revalidate SSL certs every 90
> days. IIRC they have automation for apache and DNS tools when it comes to
> revalidation.
acme.sh FTW
--
Kind Re
On 02/01/2019 04:48, Doug Barton wrote:
> I've had LE fail after a cerbot upgrade because it grew a dependency that
> didn't automatically get installed with the upgrade.
>
> So yes, automation good, but not perfect.
Yes likewise on the one box I could actually get certbot to run on, just
would
; Would you like some help?"
>
> Kidding aside, Slackware is old school awesome.
>
> ;)
>
> FROM: bind-users [mailto:bind-users-boun...@lists.isc.org] ON BEHALF OF Noel
> Butler
> SENT: Tuesday, January 01, 2019 5:32 PM
> TO: bind-users@lists.isc.org
> SUBJ
>
> Doing the following recreated the .signed file, but still didn't add the new
> subdomains.
>
> Freeze, flush, edit, thaw,
>
> Then service named stop, service named start.
freeze, edit, thaw, rndc_reload is all thats needed
--
Kind Regards,
Noel Butler
eff:feda:9842 prefixlen 64 scopeid 0x20
You might also want to read up on gai.conf and set some precedence's,
I dont use it, but on slackware I dont have the problems you have, it
might help - I recall having to use it well over 10 years ago on a few
centos servers we inherited at the time.
this not the key that is wanted? It appears to be the only key I have. Do
> I need to change to some different key type for bind 9.14, or am I forgetting
> something else.
>
> I did make some changes to the DNS back in 9/12 several months ago, and I
> don't recall having t
o blindly accepted and enacted
the block.
To put it in RFC terms for non aussies, s313 is a SHOULD, and _not_ a
MUST.
If theres genuine reason, ie mass collateral damage, you can lawfully
refuse to carry out such requests.
--
Kind Regards,
Noel Butler
This Email, including any a
ary after
> noticing the the issue.
> Then, on *both* servers:
--
Kind Regards,
Noel Butler
This Email, including any attachments, may contain legally
privileged
information, therefore remains confidential and subject to copyright
protected under international law. You may
at it is binded to or internal, if it is binded to 127.0.0.1 and
> 192.168.0.1 ?
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
101 - 146 of 146 matches
Mail list logo