On Wed, Aug 29, 2018 at 10:59 AM, Grant Taylor via bind-users
wrote:
> On 08/29/2018 04:05 AM, John Miller wrote:
>>
>> Does anyone know of a good intro-level book that explains how DNS works
>> and gives an current overview of the different DNS servers out there?
>
>
&
ives to BIND, like PowerDNS, NSD, MS DNS, etc. Jan-Piet Mens'
book did this, but again, it's pretty dated at this point.
Does anyone know of a good intro-level book that explains how DNS
works and gives an current overview of the different DNS servers out
there?
John
--
John Miller
Senior Sys
On Wed, Aug 8, 2018 at 9:10 AM, Bob Harold wrote:
>
> On Tue, Aug 7, 2018 at 5:01 PM John Miller wrote:
>>
>> Hal, we've done this before - it's not particularly hard, just takes a
>> bit for everyone to pick up the new set of NS records. You just make
>> the c
Hal, we've done this before - it's not particularly hard, just takes a
bit for everyone to pick up the new set of NS records. You just make
the change upstream and also remove the NS records that reference the
system. It's kind of weird: during the interim, you'll have a running
nameserver that
Hi Alex,
What does your query volume look like on this server? Depending on
volume, the BIND defaults for:
- clients-per-query
- max-clients-per-query
- recursive-clients
- tcp-clients
and others may not be set high enough. Check pp. 106-108 in the
latest 9.11 manual for more details on each
users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
John Miller
Senior Systems Engineer
Brandeis University ITS
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs
2022IN NS ns03.army.mil.
>>>> aro.army.mil. 2022IN NS ns02.army.mil.
>>>> aro.army.mil. 2022IN NS ns01.army.mil.
>>>>
>>>> ;; Query time: 163 msec
>>>> ;; SERVER: 192.8
Hello,
On bind recursive server I am seeing lots of queries for "." with type ANY.
Is there any use case which requires devices to send queries for "." with
type ANY ?
Appreciate your support.
Thanks
John
___
Please visit
Hello there,
We are setting up a secondary server and seeing something that may be
normal, but I wanted to check. The time stamp on each zone file on the
secondary is changing with each refresh cycle, even if there are no changes
to the file.
Is this normal or am I missing something.
Hi Anvar,
I see you have your named.conf file listed here; can you please paste
your named.rpz file as well?
John
On Wed, Jan 24, 2018 at 4:19 PM, Anvar Kuchkartaev via bind-users
wrote:
> Hello,
>
> I am trying to update RPZ zone records dynamically using nsupdate.
e on this list. Just
> providing info.
>
> Thanks
> James
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> htt
> UUOtQnMJgAZQAPS0J259CtXri0WyuDnJsdA5Glqt7FUAnvOFXNCEO8K6
> 0Kpyp/JHSM6hfeWKoAW3P0IaEeY+nYm91jdZ1Z214sWpiGmjvtE46KV4
> oVwvwnhyMjqI6gIZ9tTmm67iKz5E4UF524d/liZL9RMqSoy5uL94VUSm tSs=
> ;; Received 483 bytes from 69.36.157.30#53(a.gov-servers.net) in 49 ms
>
> ;; connection t
Hi Ricky,
Try running a "dig +trace www.nhc.noaa.gov," then query each record in
the chain and see which one's slow to respond. I don't see anything
crazy in your named.conf. Something you didn't mention: does clearing
cache make a difference?
John
--
John Miller
Systems Enginee
Hi Tom,
You'll want to change your MX records to point to the name, rather
than the IP, of your mail server. Note that your MX target does _not_
have to be in the same domain as the one it's serving mail for. For
example:
X.TLD IN MX 10 mail.example.com.
is perfectly valid, and quite
gt;
> With warmest regards,
>
> -Tom
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
J
On Thu, Feb 23, 2017 at 2:52 PM, Eldridge, Rod A [ITNET]
wrote:
>
> Iowa State University is replacing 7 ISC NAMED/BIND servers and 4 ISC DHCP
> servers with Infoblox servers on March 14th. We want to keep the domain names
> of our external servers the same (with one
ite have the guts to recommend PowerDNS on
the BIND list!
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
On Fri, Sep 30, 2016 at 1:15 PM, Tim Daneliuk wrote:
> On 09/30/2016 11:17 AM, Hrant Dadivanyan wrote:
>> Won't port redirection work better then ?
> get sudo for even limited access to things on their sandboxes. So, we're
> trying to figure out a way to work around the
ng list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https://lists.isc.org/mailman/listinfo/bind-
Hi Sandeep,
The redirect part isn't a DNS issue: I telnetted to port 80 on the IP
address and got:
john@millspad:~$ telnet 146.142.7.113 80
Trying 146.142.7.113...
Connected to 146.142.7.113.
Escape character is '^]'.
GET / HTTP/1.1
Host: 146.142.7.113
HTTP/1.1 302 Found
Date: Sat, 17 Sep 2016
with how named handle the NS of this
> domain, or there is other parameter to tell named to try to loop through
> other nameservers if one fails.
>
>
>
> On Fri, Sep 9, 2016 at 7:20 PM, John Miller <johnm...@brandeis.edu> wrote:
>>
>> Hi Hillary,
>&
Hi Hillary,
By default, BIND will return SERVFAIL to the client if it can't
complete the full iteration process within 10 seconds. This is
controllable by the "resolver-query-timeout" parameter. As for why
your recursive server doesn't just try elsewhere, it _will_, but it
assumes that it's
On Mon, Aug 15, 2016 at 11:23 PM, blrmaani wrote:
> From tcpdump, it appears that customers are receiving delayed response and
> are too sensitive for timeouts.
>
> The queries they are sending are authoritative i.e the zone is on our
> nameserver.
>
> How do I trouble-shoot
__
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
John Miller
Systems Engineer
Brandei
Ok--I see what's up now! This has been one of the stranger DNS setups
I've ever seen: different NS records pointing to overlapping sets of
IP addresses, EDNS disabled, really short TTLs on both NS and A
records. Even though you're not querying at the name listed in the NS
records, it's usually
On Wed, May 4, 2016 at 3:57 PM, John Miller <johnm...@brandeis.edu> wrote:
> On Wed, May 4, 2016 at 3:23 PM, Rob Heilman <rheil...@echolabs.net> wrote:
>> Could it be that the “adberr:2” logs entries are indicating that it
>> periodically can’t find the name
On Wed, May 4, 2016 at 3:23 PM, Rob Heilman wrote:
> Could it be that the “adberr:2” logs entries are indicating that it
> periodically can’t find the name servers?
>
> -Rob Heilman
>
>
>
> # dig zulily-com.mail.protection.outlook.com.
>
>
> dig mail.protection.outlook.com. ns
> @ns1-proddns.glbdns.o365filtering.com. +noedns
> ;; ANSWER SECTION:
> mail.protection.outlook.com. 10 IN NS
> ns1-proddns.glbdns.o365filtering.com.
> mail.protection.outlook.com. 10 IN NS
> ns2-proddns.glbdns.o365filtering.com.
>
>
>
> Note the short TTL
> But this is getting way off topic for BIND-users, and should probably be
> moved to dns-operati...@dns-oarc.net if we want to continue.
Much obliged!
John
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this
If your domain is ourweddingaccount.com, and you're looking to have
the apex record
ourweddingaccount.com.CNAME some.other.domain.
but still host other records in the ourweddingaccount.com zone, you
can't. That's not how CNAME records work. A CNAME record is an alias
for a particular
On Thu, Apr 7, 2016 at 3:42 PM, Ben Wilson wrote:
> Hi,
>
> I'm not sure what is different on a new server I'm setting up, but when
> querying the port configured for statistics-channels, no rdtype records are
> included.
>
> resstat, socket, task, etc are all there, but
On Thu, Mar 31, 2016 at 2:00 PM, Michael Brunnbauer wrote:
>
> hi all,
>
> On Thu, Mar 31, 2016 at 07:32:21PM +0200, Michael Brunnbauer wrote:
>> Is is possible that is this connected to rndc stats? I will stop doing
>> rndc stats for a while to test (it currently runs every
nd-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from th
On Fri, Feb 19, 2016 at 9:26 PM, Barry Margolin <bar...@alum.mit.edu> wrote:
> In article <mailman.268.1455921931.73610.bind-us...@lists.isc.org>,
> John Miller <johnm...@brandeis.edu> wrote:
>
>> And if you actually want people to use your zone or you want
;127.0.0.1;
> };
>
> };
>
> For VM2 named.conf
>
> options {
>
> directory "/var/named";
> allow-query {
>10.4.3/24;
>127.0.0.1;
> };
>
> };
>
> On Fri, Feb 19, 2016 at 12:33 PM, John Miller <johnm...
Hi David,
Something I'm not seeing in your config is an options {} block that
lays out your defaults for allow-transfer, allow-notify, also-notify,
etc. Those are important things to know when it comes to
troubleshooting zone transfer issues. Unless you've got a specific
reason for not doing
>> I was going to respond with the same advice --
>> slave your internal zones -- but then I somehow convinced myself that "recurs
>> ive-clients" was merely the quota of concurrent RD=1 queries that named would
>> handle, thus slaving wouldn't help in a network-outage situation, since name
>> d
On Thu, Feb 18, 2016 at 5:06 PM, Mark Andrews wrote:
> For some reason people are afraid to slave internal zones. Back
> when I was working for CSIRO I used to slave all the internal zones
> for all of the sites the division had. Each site administered its
> own zones but all
Thanks for the reply, Tony. With the recent glibc bug, I figured most
folks would be off putting out those fires!
On Thu, Feb 18, 2016 at 3:04 PM, Tony Finch <d...@dotat.at> wrote:
> John Miller <johnm...@brandeis.edu> wrote:
>
>> A couple of weeks ago, we experienced a
A couple of weeks ago, we experienced an outage on our external
Internet links. Ideally, this shouldn't affect queries for internal
resources - we expect those queries to continue to be answered.
That being said, we saw a bunch of messages in our logs such as:
client 192.168.1.2#56075: no more
On Thu, Jan 14, 2016 at 4:01 PM, Reindl Harald <h.rei...@thelounge.net> wrote:
>
>
> Am 14.01.2016 um 21:48 schrieb John Miller:
>>
>> Thanks for the advice, Mike. We chrooted our install because it was
>> "best practice" security-wise, but from an ad
Thanks for the advice, Mike. We chrooted our install because it was
"best practice" security-wise, but from an administration standpoint,
it's been a bit of a headache: for example, you have to keep straight
what goes in /etc and /var/named/chroot/etc, you end up setting a
$BIND_CHROOT
On Wed, Jan 13, 2016 at 8:35 AM, Tomas Hozza wrote:
> On 12.01.2016 18:16, Tony Finch wrote:
>> Tomas Hozza wrote:
>>>
>>> Recently I was trying to find a mechanism in BIND that could prevent the
>>> server from processing a recursive query for non-existing
google.com.
>
> You'll see additional queries like this if you look up servers hosted by
> the Akamai CDN, because the CNAME points from the original domain to one
> of Akamai's domains.
Hi Barry,
I just did a double-check (stock RHEL 6 BIND, 9.8.2), and BIND indeed
does do the second loo
for CDN or load-balanced sites which don't
> have fixed IP address.
>
> Any hint's what I am doing wrong?
>
> Many thanks,
> Wolfgang
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscrib
On Fri, Sep 18, 2015 at 2:35 PM, Danny Sinang wrote:
> Hi,
>
> Our vendor is changing their FTP server's IP address tomorrow.
>
> 1. How can I tell how long their DNS change will propagate to us ?
Whatever TTL you have cached when the vendor makes the switch is how
long it'll
after my clearing the cache
> or restarting BIND, won't BIND find an old cache of "ftp.example.com" in the
> ".com" top level DNS server ?
>
> Regards,
> Danny
>
> On Fri, Sep 18, 2015 at 2:51 PM, John Miller <johnm...@brandeis.edu> wrote:
>>
>&g
On Fri, Sep 4, 2015 at 3:29 PM, wrote:
>> One Firewall should be enough.
>> So, what you consider this firewall should do ?
>> In my opinion:
>> Block requests coming from a blacklist (Who will generate this list ?)
>> Block denial of service requests. It needs to measure the
On Tue, Sep 1, 2015 at 9:31 AM, Robert Moskowitz <r...@htt-consult.com> wrote:
>
>
> On 09/01/2015 09:20 AM, John Miller wrote:
>>
>> If you check pcap, logs, etc., is the server's following delegation
>> for 0.centos.pool.ntp.org? Where do outbound packets stop?
If you check pcap, logs, etc., is the server's following delegation
for 0.centos.pool.ntp.org? Where do outbound packets stop?
John
On Tue, Sep 1, 2015 at 9:09 AM, Robert Moskowitz wrote:
> I have one nameserver running bind 9.8.2 and a new one running 9.9.4.
>
> Both can
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
doesn't try to use it for its AXFRs.
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
On Fri, Jul 24, 2015 at 11:52 AM, Mark Elkins m...@posix.co.za wrote:
On Fri, 2015-07-24 at 15:44 +, Managed Pvt nets wrote:
On 24/07/2015 5:05:24 PM, Alan Clegg a...@clegg.com wrote:
Possible problems:
Mismatched keys.
Mismatched key names.
Mismatched clocks.
Hi Donovan,
Your zone file(s) as well as your named.conf config would be best here. We
really need more information from you than a single fqdn.
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
On Thu, Jul 23, 2015 at 12:40 PM, lists - euca li...@euca.us wrote
On Thu, Jul 23, 2015 at 2:22 PM, lists - euca li...@euca.us wrote:
Here is the file that smbind created (note that I have been making some
changes):
$TTL 21600
@ IN SOA ns10.euca.us. hostmaster.euca.us. (
2015072342 ; Serial
within an hour, the second
will stop working.
This is just a guess, but network communication/failed zone transfer seems
the most likely culprit for something like this (entire zone returns
SERVFAIL).
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
On Mon, Jul 13
On Mon, Jul 13, 2015 at 2:15 PM, Lucio Crusca lu...@sulweb.org wrote:
You have been persuasive enough, I'm definitely going to raise the expire
value, but now the question is: are the SERVFAIL replies a consequence of
the low expire value?
It doesn't help your cause _at_all_. There could
For my part, I'd be curious to know what sort of problem you're trying to
solve with dig. We might be able to shed a little more light on what the
best command would be for you.
The +recurse gets overridden when you use +trace:
+[no]recurse
... Recursion is automatically disabled
Semicolons! You need one for the second ip range in your list, and you
need one after the zone file for your localhost zone. The error message
really does tell you what you need in this case ;-) The config you pasted
only has nine lines, so I'm assuming that the last error really is on line
8/9
using some sort of DDNS
publishing that gets triggered when a client does something
suspicious.
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
On Tue, Jan 6, 2015 at 5:52 PM, Anne Bennett a...@encs.concordia.ca wrote:
I'm playing with RPZ with a view to both
here is that you shouldn't take down the 9.3.2
server until you're _sure_ the 9.8.1 server is fully ready to roll.
Ideally you should be able to do this with zero downtime, but much
depends on your setup. It's certainly not something you want to rush.
John
--
John Miller
Systems Engineer
Brandeis
the 9.8.1 server is fully ready to roll.
Ideally you should be able to do this with zero downtime, but much
depends on your setup. It's certainly not something you want to rush.
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
.
**
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
John Miller
Systems Engineer
Brandeis
https://lists.isc.org/mailman/listinfo/bind-users
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
, John Miller wrote:
On NS #2, if you run rndc freeze/rndc thaw, what does the actual zone
file look like? Also, what does your cache look like? Is
101.250.168.192.in-addr.arpa PTR cached?
John
On Thu, Jul 24, 2014 at 10:25 AM, Ricardo Esteves maverick...@gmail.com
wrote:
Hi,
I've got
(or even host) are much better than nslookup
for diagnostic purposes.
hth
On Thursday, July 24, 2014 8:00 AM, John Miller johnm...@brandeis.edu
wrote:
To check your cache, just run rndc dump. It'll write a dump of the BIND
cache to your data directory (wherever you've got it configured
:)
its almost the same, as creating a local zone for something your not
authoritative for and then having to maintain those records. but, i
guess their may be cases where it may be useful i guess
On Monday, June 2, 2014 1:33 PM, John Miller johnm...@brandeis.edu wrote:
Evil? Seems
On Monday, June 2, 2014 2:18 PM, John Miller johnm...@brandeis.edu
wrote:
Not quite, Bill. You point the zone at a different name server, but
_your_own_nameserver_ still does the iterative queries to make things
happen. It just queries a different set of nameservers than would
happen through
visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
/mailman/listinfo/bind-users
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
Thanks to both Mark and Nicholas for the help. Unfortunately, still not
able to get this working (BIND 9.8.2 (RHEL 6) AD 2008R2). It's a case
of AD negotiating a TKEY (successfully), then reverting back to unsigned
updates. If an update's not signed, doesn't matter what your
update-policy
129.64.8.232#49802: next
Even though it sends valid TKEY credentials, why doesn't Windows actually
sign its updates or use a TCP connection for them? Any way to actually get
the Windows side of things to send signed updates?
John
--
John Miller
Systems Engineer
Brandeis University
johnm
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https
company.com domain, independently if this
record is in DNS1 or DNS2.
Thanks again, regards.
JeLo
On Wed, Apr 30, 2014 at 5:21 PM, John Miller johnm...@brandeis.eduwrote:
Hi Jeronimo,
First of all, please just tell us the real domain. Yes, we could try and
talk about a fictitious
Thanks a lot !!!
JeLo
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
John Miller
Systems
.
--
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
John
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
John Miller
Systems Engineer
Brandeis University
johnm
On Fri, Jan 31, 2014 at 11:10 AM, Steve Presser st...@pressers.name wrote:
Hey all,
Please forgive me if any of my terminology is off - I have not spent as
much time in the documentation as I'd like.
I have an odd situation that I would like to know if it is possible and
would much
public--presumably you set up trust between your internal mail servers in
other ways. It's not required for SMTP to work--plenty of domains don't
use it.
Thank you for the correction, Vernon.
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
On 12/11/2013 08:42 PM, Mark Andrews wrote:
In message 52a8e44a.1070...@brandeis.edu, John Miller writes:
Hello folks,
I'm getting ready to revamp our dynamic DNS setup here on campus, and am
curious: what is everyone doing for update forwarding? Have you seen
certain clients that will send
Hello folks,
I'm getting ready to revamp our dynamic DNS setup here on campus, and am
curious: what is everyone doing for update forwarding? Have you seen
certain clients that will send updates based on NS records rather than
the SOA record?
Perhaps a better question is: has anyone been
to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https
Hi Manish,
You can always grab a pre-canned ISO from turnkeylinux.org. You could
also use Puppet or Chef recipes to get BIND up and running. I'm sure
someone also has a Vagrant box available -- try vagrantbox.es.
Generally speaking, though, if you're using an appliance in production,
you
Hey there folks,
I know that for the following record in a zone file:
host.example.com.
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
IN CNAME otherhost.
be equally valid from an RFC perspective? Obviously this would also
pertain to NS, MX, SRV, PTR, etc. records.
John
On Thu, Jul 18, 2013 at 4:12 PM, John Miller johnm...@brandeis.edu wrote:
Hey there folks,
I know that for the following record in a zone file
On Thu, Jul 18, 2013 at 4:29 PM, Charles Swiger cswi...@mac.com wrote:
On Jul 18, 2013, at 1:18 PM, John Miller johnm...@brandeis.edu wrote:
I know that for the following record in example.com's zone file:
host.example.com. IN CNAME otherhost
BIND will return:
host.example.com
:
Are you asking if the target of a CNAME need be an FQDN if $ORIGIN is
defined? If so, no, I use short names (no trailing dot) all the time.
*From*: John Miller [mailto:johnm...@brandeis.edu]
*Sent*: Thursday, July 18, 2013 05:49 PM
*To*: Bind Users Mailing List bind-users@lists.isc.org
*Subject
On 07/18/2013 06:07 PM, Barry Margolin wrote:
In article mailman.844.1374184195.20661.bind-us...@lists.isc.org,
John Miller johnm...@brandeis.edu wrote:
I think what I was getting at was whether appending $ORIGIN to an
unqualified target--only talking target, not label--was _required_
-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
-usersto
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/**listinfo/bind-usershttps://lists.isc.org/mailman/listinfo/bind-users
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
Hi Mike,
To keep my answer simple, if BIND is set up to allow recursion, and gets
a recursive query for a zone it's not authoritative for, it'll:
1) Answer from cache
2) pass the query off to the configured forwarders
3) If the forwarders are unavailable, follow delegation itself to answer
Probably should've wrote that is the first case it was:
$ORIGIN foo.example.com.
...
ads NS ads.foo.example.com.
...
ads A a.b.c.d
dc2 A a.b.c.e
dc3 A a.b.c.f
And, the modified case was:
$ORIGIN foo.example.com
...
ads NS dc2.foo.example.com.
NS
Hi Lawrence,
I'm going to answer your questions a bit out of order, but hopefully
things'll still be clear.
How do you have an AD domain where your AD servers aren't authoritative
for itself?
This is how our AD domain is set up -- the root of the AD domain is
brandeis.edu, but the domain
On 03/04/2013 03:26 PM, Verne Britton wrote:
my test server (its up and down a lot) is at yournameserver with these two test
zones ... what I want to be able to do is:
1. serve the A records as authoritative
Looks like it's working in that regard:
jm@workstation:~$ dig +norecurse
Hello everyone,
Here's something I hadn't put much thought into until recently--it's
never been a problem--how do resolvers behave when they receive a
request for an expired entry in the cache, but cannot contact the
authoritative nameserver? I'd imagine they return a SERVFAIL, but I
could
Thanks, Matus. Much appreciated--a SERVFAIL is much better than an
NXDOMAIN in this scenario.
John
On 02/21/2013 10:41 AM, Matus UHLAR - fantomas wrote:
On 21.02.13 10:38, John Miller wrote:
Here's something I hadn't put much thought into until recently--it's
never been a problem--how do
Just to cover all the bases, you're doing your lookup directly against
your server, correct? Easy to accidentally query a different nameserver
and not see what you're expecting.
Otherwise I'd second Warren's suggestion to double-check your serial number.
John
On 02/20/2013 12:40 PM,
, and wanted to be sure I had
my ducks in a row.
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
Thanks, Phil. Those were my thoughts as well. For the present, I'll
write my own monitoring plugin to parse the XML data.
John
On 11/15/2012 11:47 AM, Phil Mayers wrote:
On 15/11/12 16:44, John Miller wrote:
Hello everyone,
When did BIND 9 switch over from the older
I think
On 11/15/2012 11:58 AM, Carsten Strotmann wrote:
Hello John,
John Miller johnm...@brandeis.edu writes:
Hello everyone,
When did BIND 9 switch over from the older
+++ Statistics Dump +++ (timestamp)
success #
referral #
nxrrset #
nxdomain #
recursion #
failure #
--- Statistics Dump
1 - 100 of 115 matches
Mail list logo