On Jun 3, 2011, at 11:44 AM, Tony Finch wrote:
Carl Byington c...@byington.org wrote:
ns.il. 86400 IN CNAME relay.huji.ac.il.
il. 86400 IN NS nse.ns.il.
With that cname, how are NS records like nse.ns.il supposed to work?
The
On May 31, 2011, at 3:22 PM, Kevin Darcy wrote:
On 5/31/2011 2:38 PM, Supersonic wrote:
I have a BIND 9.8.0-P2 server instance running on a production server.
Doing what, exactly? Resolving internal names only? Resolving Internet names?
Acting as an authoritative server for internal
Does anyone else find the bind-users list to be very slow?
webster.isc.org (localhost [IPv6:::1]) Tue, 31 May 2011 19:48:30 + -
webster.isc.org (webster.isc.org) Tue, 31 May 2011 20:52:09 +
Or is it just me seeing this?
W
On May 31, 2011, at 4:17 PM, Warren Kumari wrote:
On May
Warren Kumari
--
Please excuse typing, etc -- This was sent from a device with a tiny keyboard.
On May 29, 2011, at 5:52 PM, Alan Clegg acl...@isc.org wrote:
On 5/29/2011 5:12 PM, Maren S. Leizaola wrote:
IT is a poor man’s replacement for BGP multihoming and IP anycast.
Hey
Warren Kumari
--
Please excuse typing, etc -- This was sent from a device with a tiny keyboard.
On May 29, 2011, at 9:32 PM, Mark Andrews ma...@isc.org wrote:
In message 2c591af8-860d-45a5-9f3a-3603f3733...@kumari.net, Warren Kumari
writes:
Um, how?
Surely you can just sign
On May 24, 2011, at 1:55 PM, Igor da Silva Cagnin wrote:
Hi list,
I have a doubt about querys, as fact I’d like to deny just querys type MX.
Other querys types must be available. Is it possible?
Yes.
1: Don't list the MX record in your zone.
or
2: Have multiple views, one with MX
On May 24, 2011, at 2:28 PM, Lightner, Jeff wrote:
Is anyone else seeing odd results with news.google.com? My BIND 9 master
and slave are getting different results.
Presumably your slave and master are in different subnets?
Google (and many other large networks) perform geolocation and
I'd be getting separate location specific
IPs handed to the two servers.
-Original Message-
From: Warren Kumari [mailto:war...@kumari.net]
Sent: Tuesday, May 24, 2011 4:06 PM
To: Lightner, Jeff
Cc: bind-users@lists.isc.org
Subject: Re: Getting different name resolution
On May 17, 2011, at 1:17 PM, Michelle Konzack wrote:
69th Spam/Mailinglist (I am subscribed to 137 lists)
How is it possibel, this guy is spaming at least 69 mailinglists where
most are subscriber only?
Um, maybe his claims are true -- if Mind Intrusion exists and works well, its
it
On May 17, 2011, at 3:11 PM, David Miller wrote:
On 5/17/2011 2:07 PM, Warren Kumari wrote:
On May 17, 2011, at 1:17 PM, Michelle Konzack wrote:
69th Spam/Mailinglist (I am subscribed to 137 lists)
How is it possibel, this guy is spaming at least 69 mailinglists where
most
On Apr 5, 2011, at 8:23 AM, iharrathi@orange-ftgroup.com wrote:
Hi,
can i make priority on a A or NS record? Since with round robin if i put the
same record record 2 or 3 time, Bind ignore the duplicates Records, means
this:
wikipedia NS ns2.wikimedia.org.
wikipedia
Enable query logging, then:
cat queries.log | grep 'query: example.com' | awk '{print $6}' | sed
's/#.*//' | sort -n | uniq -c | sort -rn | head -100 | more
or something similar?
W
On Mar 20, 2011, at 10:09 AM, babu dheen wrote:
Hi,
I am getting below status on this command.. Only
Nah, that's fine (and normal).
BIND comes configured with the roots so that it can start resolution. I guess I
don't fully understand your concern here -- is it that you are worried that the
root might see queries and so know your internal hostnames?
W
Warren Kumari
--
Please excuse
So, how many servers are you talking about?
After having tried to use the distribution supplied packages (for multiple
distributions) my opinion is that building from source is the right answer for
BIND. The distributions lag more than I'm comfortable with, and BIND builds
cleanly from source
On Mar 9, 2011, at 1:09 PM, Matt Rae wrote:
Hi, I'm working on setting up a slave dns server. Dots have
historically been used in the hostnames here. The dots cause the
resulting zone file from a zone transfer to have $ORIGIN automatically
set assuming the dots are indicating a subdomain.
On Mar 3, 2011, at 3:30 PM, Nate Homier wrote:
I got my logging setup but named-checkconf is spitting out an error.
$named-checkconf /home/nate/named.conf.local
/home/nate/named.conf.local:11: missing ';' before '3'
/home/nate/named.conf.local:11: unknown option '3'
I'm pretty sure we don't
On Mar 1, 2011, at 5:27 PM, Kevin Darcy wrote:
See my other post. This is designed-in behavior for Cisco GSSes,
since there is no service unavailable, try again later RCODE.
Yes[0].
W
[0]: there is no service unavailable, try again later RCODE.
On Mar 2, 2011, at 1:20 PM, Kevin Darcy wrote:
On 3/2/2011 10:34 AM, David Sparro wrote:
On 3/1/2011 5:27 PM, Kevin Darcy wrote:
See my other post. This is designed-in behavior for Cisco GSSes,
since
there is no service unavailable, try again later RCODE.
When the question is what is
On Mar 2, 2011, at 1:21 PM, Mike Bernhardt wrote:
What's really strange is that when we attempt a query, be it DIG or an
attempt to browse tools.cisco.com, they send some sort of query back
to us
from/to UDP 53
Many GSLB solutions attempt to figure out what the best location to
serve
On Mar 2, 2011, at 8:49 PM, ShanyiWan wrote:
bind-dlz (BDB as backend)
[root@flyinweb ~]# dig @ns1.dnssafe.cn www.djytest.com
; DiG 9.7.0-P2 @ns1.dnssafe.cnwww.djytest.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status:
In PIX versions 6.3.2 and below you had to do:
fixup protocol dns maximum-length 4096
In later versions you need:
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 4096
or to increase the response size length:
policy-map global_policy
class inspection_default
On Feb 14, 2011, at 12:54 PM, Torinthiel wrote:
Dnia 2011-02-14 15:52 Mike Mitchell napisał(a):
I'd keep two copies of the BIND config, one that has all the zones as
master, and one that has all the zones as slave. When the
master dies,
run a little script on a slave that freezes the
On Feb 8, 2011, at 10:56 AM, Nikhil Joshi wrote:
Hello,
Can any one tell how can I provide a ip dynamically to a DNS query ?
In other words, I want the ip to be dynamic and the program should be able to
determine it based on a criteria (which varies with runtime ie.dynamic).
Sorry, but you
On Feb 8, 2011, at 10:47 AM, fddi wrote:
I need really something very simple:
I have 2 domain name servers, I need them to be multi-master
Please explain -- *why* do you need multimaster?
so I will put a mysql instance on each one,
the two mysql servers in sync whith each other.
On Feb 4, 2011, at 1:11 PM, Chris Buxton wrote:
+trace does not do what you think it does. It does not query the target name
server for each successive query. Rather, it causes the 'dig' command to
perform recursion on its own, only using the indicated server (@server) to
seed its root
I must admit, I'm kinda confused by what you are actually trying to achieve
?A foo.joshfeb1.com. should be getting returning 1.1.1.1
?A www.joshfeb1.com. should be returning noerror / nodata because:
1: There is a record at www.joshfeb1.com (so it's not NXDOMAIN), but
2: the record is not an
On Jan 13, 2011, at 12:08 PM, Barry Finkel wrote:
I am running bind-9.7.2-P3, and I am having a problem with BIND or
the network or the Ubuntu operating system. I send a DNS query from
one of my DNS servers to another of my DNS servers. I see in a tshark
trace that the reply packet is
A question like this comes along avery few weeks
Just download the latest bind source from: http://www.isc.org/software/bind
, configure, make, make test, install.
This is my cheat sheet (I do this every few months on ~10 servers -- I
keep meaning to set up a puppet / similar script to
On Dec 9, 2010, at 9:51 AM, John Williams wrote:
If I have a Linux host with multiple IP's, is there a way to utilize the DIG
command such that the query appears like it's coming from different IP
addresses?
So If I have 10 virtual IP's, is there a way to control the source IP of the
Warren Kumari
--
Please excuse typing, etc -- This was sent from a device with a tiny keyboard.
On Oct 7, 2010, at 1:55 AM, Beat Jucker b...@juckers.ch wrote:
Hello BIND users
I have a very strange problem with AXFR. We are using a master and a
secondary DNS Server with an internal
On Sep 27, 2010, at 9:00 AM, Thomas Elsgaard wrote:
Hello
Is it possible with BIND, to resolve the same name (like test.gl) to
different IP's based on the source network of the request?
Here is an example
A machine in network 10.3.0.0/16 is contacting DNS to lookup
test.gl, DNS returns -
On Sep 27, 2010, at 6:55 PM, Sten Carlsen wrote:
While a single zone is perfectly fine from a standards point of view, some
clients might be served addresses they don't like 10.x.x.0 and 10.x.x.255.
But that would be DHCP config, no?
Just a reminder that this could be a reason if
On Sep 21, 2010, at 10:14 PM, Doug Barton wrote:
On 9/21/2010 7:46 AM, Kalman Feher wrote:
It may well be analogous to that (though I disagree), but the quote does not
substantiate why knowing public information is bad. In the example above,
you've simply saved your switchboard and the
On Aug 19, 2010, at 2:17 PM, Samad Agha wrote:
#nslookup
set query=mx
rimm.com
*** No mail exchanger (MX) records available for rimm.com
Obviously Rimm's DNS cannot be down! What gives? Any ideas?
A: Why obviously?
B: Who is rimm.com?
Methinks that you mean rim.com, the blackberry
On Aug 10, 2010, at 11:01 AM, Matus UHLAR - fantomas wrote:
On 09.08.10 20:09, donovan jeffrey j wrote:
my isp has some private address space which has dns resolution and can be
queried from the outside world.
I asked them about this because we use this private address space and it
is
On Jul 25, 2010, at 4:33 AM, Danny Mayer wrote:
On 7/24/2010 5:10 AM, Warren Kumari wrote:
On Jul 23, 2010, at 2:37 PM, Danny Mayer wrote:
On 7/22/2010 11:08 PM, Merton Campbell Crockett wrote:
Thanks for the confirmation that the problem was related to DNSSEC.
I didn't see your
On Jul 23, 2010, at 2:37 PM, Danny Mayer wrote:
On 7/22/2010 11:08 PM, Merton Campbell Crockett wrote:
Thanks for the confirmation that the problem was related to DNSSEC.
I didn't see your message until I got home from work; however, I did
find the root of the problem late this afternoon.
On Jul 8, 2010, at 3:42 PM, Peter Laws wrote:
BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
From the host itself, a slave for all my zones, I can resolve all my
zones. I cannot, however, resolve anything else.
For example, if I dig google.com I get a timeout.
Further, if I do a blank dig, I
On Jun 23, 2010, at 2:41 PM, Torsten wrote:
Am Wed, 23 Jun 2010 11:01:29 +0200
schrieb Erwin Lansing er...@freebsd.org:
On Wed, Jun 23, 2010 at 05:51:24PM +1000, Mark Andrews wrote:
In message
aanlktinjqorplnyqj5tso2tdwlt_ropzdmrymoiph...@mail.gmail.com,
Piff writes:
Mark,
more than once
On Jun 23, 2010, at 11:06 PM, Peter Macko wrote:
How can I fake a part of domain?
Explanation of what I mean:
- There is example.com domain somewhere on internet (not under my
control) that contains:
www.example.com IP: 1.2.3.4
www2.example.com ...IP: 11.22.33.44
Hi all,
I'm not sure if I'm just missing something obvious, but I haven't
figured out a clean way to accomplish this.
For various reasons I would like to be able to query my own nameserver
while traveling -- I don't want to make it an open recursive, so I
figured I should just be able to
Warren Kumari
--
Please excuse typing, etc -- This was sent from a device with a tiny
keyboard.
On Jun 13, 2010, at 9:15 AM, sasa sasa sasasa20...@yahoo.com wrote:
Hi list,
Is it ok to upgrade from 9.4.2 to 9.7.0-P2 directly?
Yup, no worries...
i mean i already have 9.4.2, i
So not awake, may be crazy...
wkum...@xxx~$ dig @ns1.dns-diy.com 35.com
; DiG 9.4.2-P2.1 @ns1.dns-diy.com 35.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 3253
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0,
On Jun 8, 2010, at 6:26 AM, Jan Buchholz wrote:
Thanks @all, sorry i was out of office yesterday. I'll discuss the
issue this week on the german Linux Tag in Berlin.
What your meaning off firewalls, who looks into packets and block them
if the filter don´t know a flag.
Some high security
wkum...@lisa:~$ man dnssec-signzone
[SNIP]
-N soa-serial-format
The SOA serial number format of the signed zone. Possible
formats are keep (default), increment and unixtime.
keep
Do not modify the SOA serial number.
On Jun 7, 2010, at 12:44 PM, kebba.f...@qcell.gm wrote:
Hi list,
i keep having this error repeatedly on my bind 9.5.1-P3 and it crash
my
server am using debian lenny 5.0 and there is not upgrade for bind on
thier repository.
Install BIND from source -- it's not hard and you'll end up
One obvious solution to keeping the firewall guys happy would just be
to make them not burn state entries for the nameserver at all
Firewalls in front of nameservers cause an ungodly amount of issues
for no real benefit...
Just sayin'...
W
On Jun 1, 2010, at 8:35 AM, Techi wrote:
On May 25, 2010, at 9:57 PM, Yunfeng Xu wrote:
Hi, all
I tried to add one A record on the master, but the slave did not get
the new record.
my slave settting is :
zone mydomain.com.cn IN {
type slave;
file mydomain.com.cn.zone;
masters {10.69.3.1;};
};
10.69.3.1
On May 10, 2010, at 6:48 PM, Michelle Konzack wrote:
Hello Chris Hills,
Am 2010-05-10 09:02:35, hacktest Du folgendes herunter:
I sent a requests to isc for a new option in dig, enabled by
default:-
+[no]idn
automatically convert input to IDN
So entering:-
digتامايدوجان.سى
would give
I am *so* not an IDN person (although I did follow the IDNA WG for a
while), but I *believe* that the process is just to convert the native
UTF8 representation (تامايدوجان.سى) to punycode (xn--
mgbaajmr6mmaps.xn--ygb8b). There are a bunch of tools that will do
this for you, I suspect that
On May 4, 2010, at 11:01 AM, Linux Addict wrote:
On Tue, May 4, 2010 at 10:43 AM, Stephane Bortzmeyer bortzme...@nic.fr
wrote:
On Tue, May 04, 2010 at 10:27:25AM -0400,
Linux Addict linuxaddi...@gmail.com wrote
a message of 89 lines which said:
lacks EDNS, defaults to 512
DNS reply size
On Apr 27, 2010, at 12:50 AM, Barry Margolin wrote:
In article mailman.1278.1272292131.21153.bind-us...@lists.isc.org,
Warren Kumari war...@kumari.net wrote:
On Apr 26, 2010, at 3:10 AM, Josh Kuo wrote:
What is happening is I suspect the DNS resolved IP given by my ISP
is
actually
think so, and Mark confirmed it.
On Sunday, April 25, 2010, Warren Kumari war...@kumari.net wrote:
On Apr 25, 2010, at 12:01 AM, Josh Kuo wrote:
You need administrative access to see the overides to the normal
resolution
process.
Just so I understand this completely, by administrative access
also your resolver?
Can you check by just going to www.damia.com (or whatismyip.com or
ipchicken.com or sshing into something and looking what your source is
or or or...)
W
-Original Message-
From: Warren Kumari [mailto:war...@kumari.net]
Sent: Monday, April 26, 2010 2:20 PM
my my ISP
(Verizon), and www.damia.com reports that my IP is: 71.114.43.183
(which it is!)
and that the resolver I am using is: 71.252.0.36.
Anyway, this has wandered offtopic.
W
-Original Message-
From: Warren Kumari [mailto:war...@kumari.net]
Sent: Monday, April 26, 2010 3:14
On Apr 25, 2010, at 12:01 AM, Josh Kuo wrote:
You need administrative access to see the overides to the normal
resolution
process.
Just so I understand this completely, by administrative access you
mean I need to be able to log in to each of the resolvers (not
administrative access on
Message-
From: Warren Kumari [mailto:war...@kumari.net]
Sent: Tuesday, April 13, 2010 3:43 PM
To: Khuu, Linh MicroTech
Cc: 'bind-users@lists.isc.org'
Subject: Re: Question about message your system is lacking dev/
random (or equivalent)
On Apr 13, 2010, at 3:28 PM, Khuu, Linh MicroTech wrote:
I
On Apr 13, 2010, at 3:28 PM, Khuu, Linh MicroTech wrote:
I just turned on the dnssec-validation today, and I saw lots of
messages:
13-Apr-2010 15:17:17.122 dnssec: debug 3: validating @202be918:
3e77469i48du24agcu5ftfumd6iocmrk.org NSEC3: verify rdataset
(keyid=47948): You must use
On Apr 12, 2010, at 1:58 PM, Sergiu Bivol wrote:
Hi,
We need to use rndc commands on a zone in a view with a name
containing spaces. For example:
sed 's/ /_/g' ?!
rndc freeze test.zone.com My Default View
So far we were unable to execute a command with such a view name. We
tried
On Apr 8, 2010, at 10:52 AM, Stephane Bortzmeyer wrote:
On Thu, Apr 08, 2010 at 09:46:04AM -0500,
Michael Hare michael.h...@doit.wisc.edu wrote
a message of 29 lines which said:
Doesn't DDNS rely on a single SOA? If so, is there a best practice
on how to deal with this?
Are you sure the
On Apr 5, 2010, at 2:06 AM, sasa sasa wrote:
Hello everyone,
Any one used any load balancer for DNSs? any recommendation? it's 2
caching-only DNSs, and I'd like to make a load balance between them
using software.
They all suck, some just seem to suck less than others -- the Foundry
Try add this:
options {
default-key feld-server.feldland.lan.;
default-server 127.0.0.1;
default-port 953;
};
On Mar 30, 2010, at 4:05 PM, Markus Feldmann wrote:
I changed my key to
key feld-server.feldland.lan. {
algorithm hmac-md5;
secret
On Mar 21, 2010, at 2:22 AM, Barry Margolin wrote:
In article mailman.897.1269129914.21153.bind-us...@lists.isc.org,
groups gro...@obsd.us wrote:
I did not know there were MACROs available.. as I just inheirited
this
legacy system less than one month ago..
There aren't macros, just one
On Mar 21, 2010, at 11:21 AM, michael peters wrote:
Is it a problem to get a message from a DNS checking tool that
indicates Error fetching SOA from ns1.example.com? Both of my
external BIND 9.6.1 servers respond the same way and I'm assuming
that I need to add something to my
38400 )
@ IN NS castor.lazarusalliance.com.
115 IN PTR castor.lazarusalliance.com.
116 IN PTR pollux.lazarusalliance.com.
118 IN PTR lazarusalliance.com.
On Sun, Mar 21, 2010 at 2:02 PM, Warren Kumari war...@kumari.net
wrote
On Mar 16, 2010, at 11:39 AM, Niobos wrote:
On 2010-03-16 15:57, prock...@yahoo.com wrote:
I'm trying to figure out how many tests I need to run for an
individual product (layer 2, 3, 4, and 7) before I can say it is
completely DNSSEC compliant.
By definition, any layer 2, 3 and 4 product is
On Feb 24, 2010, at 11:23 AM, Tony Finch wrote:
On Wed, 24 Feb 2010, Stephane Bortzmeyer wrote:
On Tue, Feb 23, 2010 at 09:56:55PM -0500,
Diosney Sarmiento Herrera diosne...@gmail.com wrote:
Have any sense to blacklist the private address ranges on a server
that is facing Internet?
I am
On Feb 7, 2010, at 4:00 AM, fddi wrote:
Hello,
is anyone using a mysql backend for bind9 ?
how to setup it ?
http://lmgtfy.com/?q=mysql+backend+for+bind9
thanks
Rick
___
bind-users mailing list
bind-users@lists.isc.org
You haven't provided very much detail (e.g: example domains, your
nameservers, config files, versions, dig +trace output, etc), but from
first glance it sounds like your secondaries are not updating until
you restart named.
When you query a random nameserver there is a 50/50 chance (ok,
201 - 269 of 269 matches
Mail list logo