,
Frank Bulk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
There are free ones:
http://www.frankb.us/dns/
http://networking.ringofsaturn.com/Unix/freednsservers.php
Regards,
Frank
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Robert Moskowitz
Sent: Tuesday, February 03, 2015
Rob,
I like to use DNSstuff because it can check each path:
http://www.dnsstuff.com/tools#dnsTraversal|type=domainvalue=4.254.253.50.i
n-addr.arparecordType=PTR
Frank
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Robert
for www.revk.uk from some of our servers
On 24/12/14 17:08, Frank Bulk wrote:
Except queries from 96.31.0.5 and 199.120.69.24 reliably return the
while queries from 96.31.0.20 do not. And we're all the same ISP, and in
the one case, from the same /24. I don't think Google is that granular.
And
we do
Except queries from 96.31.0.5 and 199.120.69.24 reliably return the
while queries from 96.31.0.20 do not. And we're all the same ISP, and in
the one case, from the same /24. I don't think Google is that granular. And
we do have good IPv6 connectivity.
Regards,
Frank Bulk
-Original
From time to time there are certain domains that don't properly resolve on
our corporate Windows DNS servers, but flushing the Windows DNS server cache
resolves that. But yesterday I ran into an issue with resolving the
for www.revk.uk on just some our ISP DNS servers and I have time to dig
the \- ;-$NXRRSET mean?
Working server shows this in the dump:
; authanswer
ghs.l.google.com. 287 2607:f8b0:4001:c08::79
;
Regards,
Frank Bulk
-Original Message-
From: Mark Andrews [mailto:ma...@isc.org]
Sent: Tuesday, December 23, 2014 2:53 PM
To: Frank Bulk
Cc
:503:a83e::2:30#53(a.gtld-servers.net) in 150
ms
;; connection timed out; no servers could be reached
-Original Message-
From: Mark Andrews [mailto:ma...@isc.org]
Sent: Tuesday, December 23, 2014 6:01 PM
To: Frank Bulk
Cc: bind-us...@isc.org
PM
To: Frank Bulk
Cc: bind-us...@isc.org
Subject: Re: Unable to get for www.revk.uk from some of our servers
In message 001e01d01f0e$980b6070$c8222150$@iname.com, Frank Bulk writes:
Thanks, Mark.
When I queried for the of ghs.l.google.com from ns[1-4].google.com
the
Google servers
Here’s some suggestions from ISC on capturing information on this memory growth
issue:
https://kb.isc.org/article/AA-01208
Frank
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Kevin Oberman
Sent: Saturday, December 13, 2014 12:07 PM
To:
On 09.12.14 21:36, Frank Bulk wrote:
Perhaps it wasn't NXDOMAIN -- I didn't capture the output. But there
definitely was not answer. The institution only has two authoritative
nameserver entries, both pointing to the same IP, so all it was all
down.
In any case, why doesn't flushing the name work
Our ISP operations are running a mixture of 9.7.3 and 9.8.4 on several
Debian servers and we've noticed that rndc flushname doesn't work many
times.
This weekend we had a local institution whose own authoritative DNS servers
[all of them] were offline for 48+ hours and so there were several
21, 2014 8:21 PM
To: Frank Bulk
Cc: bind-users
Subject: Re: Digging to the final IP
On Oct 19, 2014, at 1:26, Frank Bulk frnk...@iname.com wrote:
Is there a dig option that will list out the final (IPs) or query result??
By default, even with +short, it can list intermediate CNAME(s
We’re using this in a bash shell script. I don’t think there’s a native shell
command to get the IP, so I’ll use a mixture of host and dig as necessary.
Thanks,
Frank
From: Fajar A. Nugraha [mailto:w...@fajar.net]
Sent: Sunday, October 19, 2014 11:04 PM
To: Frank Bulk
Cc: comp
Of Phil Mayers
Sent: Monday, October 20, 2014 8:39 AM
To: bind-users@lists.isc.org
Subject: Re: Digging to the final IP
On 20/10/14 14:22, Frank Bulk (iname.com) wrote:
We're using this in a bash shell script. I don't think there's a native
shell command to get the IP, so I'll use a mixture
Sten Carlsen
No improvements come from shouting:
MALE BOVINE MANURE!!!
On 19 Oct 2014, at 08:05, Karl Auer ka...@biplane.com.au wrote:
On Sun, 2014-10-19 at 00:26 -0500, Frank Bulk wrote:
Is there a dig option that will list out the final (IPs) or query
result
Is there a dig option that will list out the final (IPs) or query result??
By default, even with +short, it can list intermediate CNAME(s) and not what
IP(s) that CNAME may have.
For example,
root@nagios:/tmp# dig mail.automatedwastesystems.net +short
mail3.sandhills.com.
that? As far as I know I haven't had any issues until now...
Jeff
On Jun 25, 2013, at 6:26 AM, Matus UHLAR - fantomas uh...@fantomas.sk
wrote:
On 24.06.13 07:41, Frank Bulk wrote:
Interesting to note that querying for ANY does return an SOA. I can't
explain that behavior.
On 24.06.13 14:54
[mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of
Frank Bulk
Sent: Saturday, June 22, 2013 8:56 PM
To: 'SH Development'; bind-users@lists.isc.org
Subject: RE: Secondary DNS question...
stariononline.com has two NSes listed, ns1.starionhost.net [74.87.108.83]
and ns2
stariononline.com has two NSes listed, ns1.starionhost.net [74.87.108.83]
and ns2.starionhost.net [64.136.200.138]. But the first one does not seem
to want to respond (http://goo.gl/s41wN and http://dnscheck.iis.se/ and
http://www.zonecut.net/dns/index.cgi are just a few examples) to a few of
the
There's more: both ns1.netbcp.com and ns2.netbcp.net don't respond to
queries about nbc.com and ns1.netbcp.com doesn't respond over TCP.
Frank
From: bind-users-bounces+frnkblk=iname@lists.isc.org
[mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of
Kevin Darcy
For the domains that we're primary and authoritative we check the listing of
each customer's WHOIS record to confirm they're using the right DNS servers
and then query our upstream's DNS server (which is slaving it) to make sure
they're responding authoritatively. We also query a public DNS
One possible default setting is to say a certain percentages or volume of
disk space free.
Frank
-Original Message-
From: bind-users-bounces+frnkblk=iname@lists.isc.org
[mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of
Anand Buddhdev
Sent: Wednesday, November
We had the same thing, affected only one of our DNS servers (behind a
load-balancer). Here's the relevant log snippet:
Nov 15 23:03:33 mail1 named[4601]: query.c:1781: INSIST(!
dns_rdataset_isassociated(sigrdataset)) failed, back trace
Nov 15 23:03:33 mail1 named[4601]: #0 0x7f1b1e97686f in
Would be nice if the error output or log would indicate such failures.
Frank
-Original Message-
From: bind-users-bounces+frnkblk=iname@lists.isc.org
[mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of
Tony Finch
Sent: Wednesday, August 17, 2011 9:31 AM
To:
Yes, this message arrived in my Inbox 44 minutes after it was sent.
Frank
-Original Message-
From: bind-users-bounces+frnkblk=iname@lists.isc.org
[mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of
Warren Kumari
Sent: Tuesday, May 31, 2011 4:59 PM
To: Warren
Yes, this message arrived in my Inbox 44 minutes after it was sent.
Frank
-Original Message-
From: bind-users-bounces+frnkblk=iname@lists.isc.org
[mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of
Warren Kumari
Sent: Tuesday, May 31, 2011 4:59 PM
To: Warren
Not all firewalls can hairpin a public IP back to a private IP. We've had
to do this, too.
Yes, we could have create a separate zone, but that would requiring training
our staff to use on FQDN internally and another with the customers. Easier
to teach one thing to the staff and push the
...@dougbarton.us]
Sent: Monday, May 30, 2011 2:19 PM
To: frnk...@iname.com
Cc: 'babu dheen'; bind-users@lists.isc.org
Subject: Re: Split DNS Configuration in BIND
On 05/30/2011 09:15, Frank Bulk wrote:
Not all firewalls can hairpin a public IP back to a private IP. We've
had to do this, too
Which DNS server are you digging? It's possible that (by default) you're
digging against a server that has the old entry still cached.
Frank
-Original Message-
From: bind-users-bounces+frnkblk=iname@lists.isc.org
[mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf
You can do an ipconfig /displaydns to see some TTL info.
Frank
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of John Horne
Sent: Thursday, October 15, 2009 3:07 AM
To: Bind users
Subject: Nslookup not showng TTL
Hello,
Perhaps the inverse would be more interesting: what's the lowest-spec
hardware that could host an OS that would run the latest version of BIND. =)
Frank
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Barry Margolin
Sent:
Your name servers are reporting:
t1dns1.anl.gov.
t1dns2.anl.gov.
ns-lvk.es.net.
ns-aoa.es.net.
oxygen.aps.anl.gov.
ns1.es.net.
nsx.lbl.gov.
The first two are results of CNAMES for dns1.aps.anl.gov and
dns2.aps.anl.gov, respectively. According to RFC 1912 2.4 and RFC 2181
10.3, you ought not to
Sounds interesting.
How is it different than these?:
http://whois.webhosting.info
http://www.domaintools.com/reverse-ip/
Frank
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Jay Ess
Sent: Tuesday, June 16, 2009 7:19 PM
Just to add to the excellent comments already posted here, using +trace can
be helpful in seeing how things are delegated. I use the paid version of
DNSreports to provide a non-tech friendly version of the delegation, which
has the added benefit of beings able to trace it down other branches as
It appears that dig is printing results that it attributes to the wrong
server.
While troubleshooting an inconsistent NS issue (upstream from us), a trace
(at the end of this message) shows that DNS3.UIOWA.EDU listed two NS
records, when in fact, if you query DNS3.UIOWA.EDU for the domain in
Thanks for the response. The wheels are already in motion to get this
inconsistency resolved. Unfortunately, the stated response time for this
state agency is 2 weeks. =(
Frank
-Original Message-
From: sth...@nethelp.no [mailto:sth...@nethelp.no]
Sent: Saturday, May 16, 2009 11:20 AM
Ok, now I'm following youI don't live and breathe this like you and
Chris do. =)
If the dns3.uiowa.edu's cache was flushed for sioux-center.k12.ia.us, what
do you think the query results for
dig @DNS3.UIOWA.EDU sioux-center.k12.ia.us ns +noall +answer
would be?
Frank
-Original
: SM [mailto:s...@resistor.net]
Sent: Saturday, May 16, 2009 12:46 PM
To: Frank Bulk
Cc: bind-users@lists.isc.org
Subject: Re: dig printout doesn't appear to match reality
At 08:53 16-05-2009, Frank Bulk wrote:
It appears that dig is printing results that it attributes to the wrong
server.
While
I've had a rough time with BlueCat's Adonis product on the DHCP side of
things. There are feature and stability gaps that take months and years to
resolve. Their releases are always just a few weeks or months away, but
take longer to materialize. I've been waiting over a year for code that
they
There are other DNS servers that do a better job for RBLs.
Frank
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Stephen Ward
Sent: Sunday, March 08, 2009 5:20 AM
To: comp-protocols-dns-b...@isc.org
Subject: Zonefiles CIDR
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Matus UHLAR -
fantomas
Sent: Monday, February 09, 2009 3:15 AM
To: bind-users@lists.isc.org
Subject: Re: NS validation?
On 07.02.09 20:58, Frank Bulk - iName.com wrote
A business customer of ours could not change their DNS entry at Register.com
from ns1.mtcnet.net/ns1.netins.net.
After 10 failed attempts thru register.com to register domain
to ns1.mtcnet.net and ns1.netins.net, I contacted Register.com
and escalated this call to their
Al:
If you read RFC 2181 section 10.3, RFC 1034 section 3.6, RFC 1912 (page 6),
the average person would understand that it's strongly discouraged. Perhaps
illegal is too strong a word, but the weight of the RFCs and best
practices appears to disagree with your assessment that there is no
Margolin
Sent: Monday, January 19, 2009 9:47 PM
To: comp-protocols-dns-b...@moderators.individual.net
Subject: Re: SERVFAIL issues
In article gl3gns$1is...@sf1.isc.org,
Frank Bulk frnk...@iname.com wrote:
Sorry for not being more clear. It's my understanding that rndc stats
dumps only a subset
That's being discussed on NANOG, here's one thread:
http://markmail.org/message/ydiqnztzmz5qmusf
See here for more details in blocking them:
http://www.cymru.com/Documents/secure-bind-template.html
specifically:
blackhole {
// Deny anything from the bogon networks as
//
...@iname.com
Cc: BIND Users Mailing List
Subject: Re: denied NS/IN
On Jan 20, 2009, at 3:52 PM, Frank Bulk wrote:
That's being discussed on NANOG, here's one thread:
http://markmail.org/message/ydiqnztzmz5qmusf
See here for more details in blocking them:
http://www.cymru.com/Documents/secure
Sorry for not being more clear. It's my understanding that rndc stats
dumps only a subset of what ARM provides.
Regards,
Frank
-Original Message-
From: JINMEI Tatuya / 神明達哉 [mailto:jinmei_tat...@isc.org]
Sent: Monday, January 19, 2009 1:38 PM
To: Frank Bulk
Cc: bind-us...@isc.org
setting would need to be considered for the environment BIND is
running in.
FWIW, we use max-cache-size 0 ; without issue.
You can search this list archives for max-cache-size for previous
discussions on this.
Thanks.
- Original Message
From: Frank Bulk frnk...@iname.com
To: bind
...@iname.com
Cc: 'Fr34k'; bind-us...@isc.org
Subject: Re: SERVFAIL issues
At Fri, 16 Jan 2009 14:24:28 -0600,
Frank Bulk - iName.com frnk...@iname.com wrote:
Yes, I read that last night before posting. I changed it to 256M. Is
there a way using rndc to see if that took?
No, but...
And how do I
http://marc.info/?l=bind-usersm=122239920822324w=2
http://marc.info/?l=bind-usersm=122243068905656w=2
We upgraded to 9.5.0-P1 when the Kaminsky DNS vulnerability was announced
and have had intermittent issues with SERVFAIL problems for some DSL modems
that don't properly fail over to a secondary
51 matches
Mail list logo
