?
__
Jay Ford , Network Engineering, University of Iowa
On Sat, 13 Jul 2019, Mark Andrews wrote:
I suspect this will be negative response synthesis. The cache has learnt that
d.f.ip6.arpa doesn’t exist in ip6.arpa and when the name in question is looked
up the covering NSEC
On Fri, 12 Jul 2019, Mark Andrews wrote:
On 12 Jul 2019, at 1:00 pm, Mark Andrews wrote:
On 12 Jul 2019, at 11:12 am, Jay Ford wrote:
I have a similar problem with zones for IPv6 ULA space. I'm running BIND
9.14.3. I had hoped that validate-except would do the trick, such as:
validate
solve most of the time, but then fail (NXDOMAIN) for a while.
In the ULA space it doesn't seem trivial to own the top zone (ip6.arpa)
without breaking stuff. Any suggestions for that case?
______
Jay Ford , Network E
ms to work correctly in 9.12
________
Jay Ford, Network Engineering, University of Iowa
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
thing to find in rc1. 8-)
AlanC
On 1/2/18 3:00 PM, Jay Ford wrote:
I'm having some odd trouble with DNSTAP output file rolling in BIND
9.12.0rc1.
I have named built like:
BIND 9.12.0rc1
running on Linux x86_64 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-1
(2016-03-06)
built by make
who knows the code would comment on the threads
vs DNSTAP possibility or point me in some other direction to figure this out.
I have a named core file & can provide more config... details if required.
________
Jay Ford, Network Engin
On Sun, 10 Sep 2017, Mark Andrews wrote:
I suspect that you are forwarding your queries and that your forwarder is
returning out-of-date addresses.
No forwarding here.
Jay Ford, Network Engineering Group, Information
.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-___
Please visit https://lists.isc.org/mailman/listinfo/bind
On Wed, 19 Oct 2016, Mark Andrews wrote:
In message <alpine.deb.2.20.1610181109390.8...@headset.its.uiowa.edu>, Jay Ford
writes:
Right. "in-view" can be useful for this, as long as you only need to refer
to previously defined views (i.e., it unfortunatley doesn't allow fo
ined views (i.e., it unfortunatley doesn't allow forward
references).
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 31
, then RRL is probably
not your trouble. Other things like insufficient UDP buffering, lacking CPU
horsepower, or overwhelmed iptables connection tracking can also cause
time-outs.
________
Jay Ford, Network Engineering Group, I
; crazy fast,
too!
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-
___
Please visit https://lists.isc.org/mai
uthoritative servers, but it doesn't say it's bogus.
If anybody can spot something broken for www.hrsa.gov, I'd be very glad to
hear about it.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of
fun,
purposefully break some part of your test zone & see how the above tools show
it.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: j
iew games, things get even more interesting.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiow
such to avoid
having a bunch of zones with almost nothing in them.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-
know how/if this interacts with
RPZ. It also assumes you don't do anything else with DNS via loopback
addresses. ...
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
On Thu, 6 Feb 2014, Chuck Anderson wrote:
Neat. Is there any problem with using the exact same zone file in
both views? I worry that one view might fight with the file from the
other view...
Oh yeah, sorry, I left that bit out. The slave files do need to be unique or
they will over-write
?
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
On Thu, 5 Dec 2013, Shumon Huque wrote:
On 12/5/13 11:49 AM, Jay Ford wrote:
I'm testing BIND 9.9.4-P1 on a RHEL6 system am getting this log message:
/etc/named.conf:56: couldn't add command channel 127.0.0.1#953:
address in use
I'm going to take a guess: you might have portreserve
is spoofed as being from your clients, stop accepting traffic
from elsewhere sourced from your client address space.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email
?
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
Please visit https
to change the name in the PTR record I edit 1 file instead
of every zone file.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319
or not.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
Please visit https://lists.isc.org/mailman/listinfo/bind
be:
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR www.example.com
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-
...)
If the SOA, NS... are the same between the views, they can also be in the
common file.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu
.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
bind-users mailing list
bind-users
?
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
bind-users mailing list
bind-users
On Thu, 17 Mar 2011, Mark Bergsma wrote:
On Mar 17, 2011, at 6:48 AM, Jay Ford wrote:
On Thu, 17 Mar 2011, Mark Andrews wrote:
The nameservers for wikipedia.org are broken. They put the wrong
SOA record in the negative response, wikipedia.org != wikimedia.org.
The adminstrators
is probably in order.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
dealing with the fact that 2 of the 5 servers don't work. You'll see delays
possibly failures.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu
with routine DNS tasks related to
multiple views DNSSEC. The check-keys script might be close to what
you're after.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
(at least for now):
http://seatpost.its.uiowa.edu/bind_stuff
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335
-P3. Thanks.
Does the -b option not suffice?
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
this
situation?
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
the delegation cut,
instead of the NS records as known by the child below the delegation cut.
Differences in those sets can sometimes be, shall we say, interesting.
Jay Ford, Network Engineering Group, Information Technology
for DNSSEC, but you might be able to play symlink games with the
unsigned file names to deal with that.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f
increment any of the version headers, but it might be useful to some
anyway.
ISC folk:
Please consider incorporating this or something similar into the stock
dnssec-signzone.
Jay Ford, Network Engineering Group
.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
bind-users mailing list
bind-users@lists.isc.org
https
d.c.b PTR name. for address a.b.c.d.
Note the order of the address components in the zone file, with least
significant furthest left.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa
, but don't see anything that will help?
Assuming zone transfers are allowed:
dig -t axfr zone_name @127.0.0.1 rescued_zone_file
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa
the same net.)
The backup files on the slaves are written by named, so each (zone,view)
instance has to have its own file.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA
.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
bind
43 matches
Mail list logo