Re: Introductory DNS Books

On Wed, Aug 29, 2018 at 10:59 AM, Grant Taylor via bind-users wrote: > On 08/29/2018 04:05 AM, John Miller wrote: >> >> Does anyone know of a good intro-level book that explains how DNS works >> and gives an current overview of the different DNS servers out there? > > &

Introductory DNS Books

ives to BIND, like PowerDNS, NSD, MS DNS, etc. Jan-Piet Mens' book did this, but again, it's pretty dated at this point. Does anyone know of a good intro-level book that explains how DNS works and gives an current overview of the different DNS servers out there? John -- John Miller Senior Sys

Re: Removing an NS server

On Wed, Aug 8, 2018 at 9:10 AM, Bob Harold wrote: > > On Tue, Aug 7, 2018 at 5:01 PM John Miller wrote: >> >> Hal, we've done this before - it's not particularly hard, just takes a >> bit for everyone to pick up the new set of NS records. You just make >> the c

Re: Removing an NS server

Hal, we've done this before - it's not particularly hard, just takes a bit for everyone to pick up the new set of NS records. You just make the change upstream and also remove the NS records that reference the system. It's kind of weird: during the interim, you'll have a running nameserver that

Re: SERVFAIL and peak utilization

Hi Alex, What does your query volume look like on this server? Depending on volume, the BIND defaults for: - clients-per-query - max-clients-per-query - recursive-clients - tcp-clients and others may not be set high enough. Check pp. 106-108 in the latest 9.11 manual for more details on each

Re: DNS can be a subdomain

users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- John Miller Senior Systems Engineer Brandeis University ITS johnm...@brandeis.edu (781) 736-4619 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs

Re: extranet.aro.army.mil - not resolving

2022IN NS ns03.army.mil. >>>> aro.army.mil. 2022IN NS ns02.army.mil. >>>> aro.army.mil. 2022IN NS ns01.army.mil. >>>> >>>> ;; Query time: 163 msec >>>> ;; SERVER: 192.8

Use case for "." queries

Hello, On bind recursive server I am seeing lots of queries for "." with type ANY. Is there any use case which requires devices to send queries for "." with type ANY ? Appreciate your support. Thanks John ___ Please visit

Odd behavior on a secondary server

Hello there, We are setting up a secondary server and seeing something that may be normal, but I wanted to check. The time stamp on each zone file on the secondary is changing with each refresh cycle, even if there are no changes to the file. Is this normal or am I missing something.

Re: Update RPZ zone records

Hi Anvar, I see you have your named.conf file listed here; can you please paste your named.rpz file as well? John On Wed, Jan 24, 2018 at 4:19 PM, Anvar Kuchkartaev via bind-users wrote: > Hello, > > I am trying to update RPZ zone records dynamically using nsupdate.

Re: Email & PTR Issues

e on this list. Just > providing info. > > Thanks > James > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > htt

Re: NOAA.GOV domain not working

> UUOtQnMJgAZQAPS0J259CtXri0WyuDnJsdA5Glqt7FUAnvOFXNCEO8K6 > 0Kpyp/JHSM6hfeWKoAW3P0IaEeY+nYm91jdZ1Z214sWpiGmjvtE46KV4 > oVwvwnhyMjqI6gIZ9tTmm67iKz5E4UF524d/liZL9RMqSoy5uL94VUSm tSs= > ;; Received 483 bytes from 69.36.157.30#53(a.gov-servers.net) in 49 ms > > ;; connection t

Re: NOAA.GOV domain not working

Hi Ricky, Try running a "dig +trace www.nhc.noaa.gov," then query each record in the chain and see which one's slow to respond. I don't see anything crazy in your named.conf. Something you didn't mention: does clearing cache make a difference? John -- John Miller Systems Enginee

Re: Need DNS records help for single server (and IP), and multi-domain mail server.

Hi Tom, You'll want to change your MX records to point to the name, rather than the IP, of your mail server. Note that your MX target does _not_ have to be in the same domain as the one it's serving mail for. For example: X.TLD IN MX 10 mail.example.com. is perfectly valid, and quite

Re: Bind DNS servers: can they coexist with httpd and mail servers?

gt; > With warmest regards, > > -Tom > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- J

Re: switching entire DNS system to new servers and IP addresses

On Thu, Feb 23, 2017 at 2:52 PM, Eldridge, Rod A [ITNET] wrote: > > Iowa State University is replacing 7 ISC NAMED/BIND servers and 4 ISC DHCP > servers with Infoblox servers on March 14th. We want to keep the domain names > of our external servers the same (with one

Re: Few questions on Bind

ite have the guts to recommend PowerDNS on the BIND list! John -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing

Re: Multiple IPs Associated With A Single Name

On Fri, Sep 30, 2016 at 1:15 PM, Tim Daneliuk wrote: > On 09/30/2016 11:17 AM, Hrant Dadivanyan wrote: >> Won't port redirection work better then ? > get sudo for even limited access to things on their sandboxes. So, we're > trying to figure out a way to work around the

Re: Multiple IPs Associated With A Single Name

ng list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu (781) 736-4619 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-

Re: Organization IP address is getting redirected to a website which does not belong to the organization.

Hi Sandeep, The redirect part isn't a DNS issue: I telnetted to port 80 on the IP address and got: john@millspad:~$ telnet 146.142.7.113 80 Trying 146.142.7.113... Connected to 146.142.7.113. Escape character is '^]'. GET / HTTP/1.1 Host: 146.142.7.113 HTTP/1.1 302 Found Date: Sat, 17 Sep 2016

Re: why this query cause ServFail

with how named handle the NS of this > domain, or there is other parameter to tell named to try to loop through > other nameservers if one fails. > > > > On Fri, Sep 9, 2016 at 7:20 PM, John Miller <johnm...@brandeis.edu> wrote: >> >> Hi Hillary, >&

Re: why this query cause ServFail

Hi Hillary, By default, BIND will return SERVFAIL to the client if it can't complete the full iteration process within 10 seconds. This is controllable by the "resolver-query-timeout" parameter. As for why your recursive server doesn't just try elsewhere, it _will_, but it assumes that it's

Re: Disabling rate-limit?

On Mon, Aug 15, 2016 at 11:23 PM, blrmaani wrote: > From tcpdump, it appears that customers are receiving delayed response and > are too sensitive for timeouts. > > The queries they are sending are authoritative i.e the zone is on our > nameserver. > > How do I trouble-shoot

Re: Disabling rate-limit?

__ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- John Miller Systems Engineer Brandei

Re: Intermittent Issues Resolving Microsoft Hostnames

Ok--I see what's up now! This has been one of the stranger DNS setups I've ever seen: different NS records pointing to overlapping sets of IP addresses, EDNS disabled, really short TTLs on both NS and A records. Even though you're not querying at the name listed in the NS records, it's usually

Re: Intermittent Issues Resolving Microsoft Hostnames

On Wed, May 4, 2016 at 3:57 PM, John Miller <johnm...@brandeis.edu> wrote: > On Wed, May 4, 2016 at 3:23 PM, Rob Heilman <rheil...@echolabs.net> wrote: >> Could it be that the “adberr:2” logs entries are indicating that it >> periodically can’t find the name

Re: Intermittent Issues Resolving Microsoft Hostnames

On Wed, May 4, 2016 at 3:23 PM, Rob Heilman wrote: > Could it be that the “adberr:2” logs entries are indicating that it > periodically can’t find the name servers? > > -Rob Heilman > > > > # dig zulily-com.mail.protection.outlook.com. >

Re: Intermittent Issues Resolving Microsoft Hostnames

> > dig mail.protection.outlook.com. ns > @ns1-proddns.glbdns.o365filtering.com. +noedns > ;; ANSWER SECTION: > mail.protection.outlook.com. 10 IN NS > ns1-proddns.glbdns.o365filtering.com. > mail.protection.outlook.com. 10 IN NS > ns2-proddns.glbdns.o365filtering.com. > > > > Note the short TTL

Re: Adding CNAME for the root domain issue

> But this is getting way off topic for BIND-users, and should probably be > moved to dns-operati...@dns-oarc.net if we want to continue. Much obliged! John ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this

Re: Adding CNAME for the root domain issue

If your domain is ourweddingaccount.com, and you're looking to have the apex record ourweddingaccount.com.CNAME some.other.domain. but still host other records in the ourweddingaccount.com zone, you can't. That's not how CNAME records work. A CNAME record is an alias for a particular

Re: statistics-channels not serving rdtype records

On Thu, Apr 7, 2016 at 3:42 PM, Ben Wilson wrote: > Hi, > > I'm not sure what is different on a new server I'm setting up, but when > querying the port configured for statistics-channels, no rdtype records are > included. > > resstat, socket, task, etc are all there, but

Re: Recursive bind becomes unresponsive with high load

On Thu, Mar 31, 2016 at 2:00 PM, Michael Brunnbauer wrote: > > hi all, > > On Thu, Mar 31, 2016 at 07:32:21PM +0200, Michael Brunnbauer wrote: >> Is is possible that is this connected to rndc stats? I will stop doing >> rndc stats for a while to test (it currently runs every

Re: Multiple A records and reverse DNS

nd-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu (781) 736-4619 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from th

Re: A Zone Transfer Question

On Fri, Feb 19, 2016 at 9:26 PM, Barry Margolin <bar...@alum.mit.edu> wrote: > In article <mailman.268.1455921931.73610.bind-us...@lists.isc.org>, > John Miller <johnm...@brandeis.edu> wrote: > >> And if you actually want people to use your zone or you want

Re: A Zone Transfer Question

;127.0.0.1; > }; > > }; > > For VM2 named.conf > > options { > > directory "/var/named"; > allow-query { >10.4.3/24; >127.0.0.1; > }; > > }; > > On Fri, Feb 19, 2016 at 12:33 PM, John Miller <johnm...

Re: A Zone Transfer Question

Hi David, Something I'm not seeing in your config is an options {} block that lays out your defaults for allow-transfer, allow-notify, also-notify, etc. Those are important things to know when it comes to troubleshooting zone transfer issues. Unless you've got a specific reason for not doing

Re: Tuning for lots of SERVFAIL responses

>> I was going to respond with the same advice -- >> slave your internal zones -- but then I somehow convinced myself that "recurs >> ive-clients" was merely the quota of concurrent RD=1 queries that named would >> handle, thus slaving wouldn't help in a network-outage situation, since name >> d

Re: Tuning for lots of SERVFAIL responses

On Thu, Feb 18, 2016 at 5:06 PM, Mark Andrews wrote: > For some reason people are afraid to slave internal zones. Back > when I was working for CSIRO I used to slave all the internal zones > for all of the sites the division had. Each site administered its > own zones but all

Re: Tuning for lots of SERVFAIL responses

Thanks for the reply, Tony. With the recent glibc bug, I figured most folks would be off putting out those fires! On Thu, Feb 18, 2016 at 3:04 PM, Tony Finch <d...@dotat.at> wrote: > John Miller <johnm...@brandeis.edu> wrote: > >> A couple of weeks ago, we experienced a

Tuning for lots of SERVFAIL responses

A couple of weeks ago, we experienced an outage on our external Internet links. Ideally, this shouldn't affect queries for internal resources - we expect those queries to continue to be answered. That being said, we saw a bunch of messages in our logs such as: client 192.168.1.2#56075: no more

Re: What is the use of having a chroot path during installation of Bind

On Thu, Jan 14, 2016 at 4:01 PM, Reindl Harald <h.rei...@thelounge.net> wrote: > > > Am 14.01.2016 um 21:48 schrieb John Miller: >> >> Thanks for the advice, Mike. We chrooted our install because it was >> "best practice" security-wise, but from an ad

Re: What is the use of having a chroot path during installation of Bind

Thanks for the advice, Mike. We chrooted our install because it was "best practice" security-wise, but from an administration standpoint, it's been a bit of a headache: for example, you have to keep straight what goes in /etc and /var/named/chroot/etc, you end up setting a $BIND_CHROOT

Re: Mitigation of server's load by queries for non-existing domains

On Wed, Jan 13, 2016 at 8:35 AM, Tomas Hozza wrote: > On 12.01.2016 18:16, Tony Finch wrote: >> Tomas Hozza wrote: >>> >>> Recently I was trying to find a mechanism in BIND that could prevent the >>> server from processing a recursive query for non-existing

Re: Why two lookups for a CNAME?

google.com. > > You'll see additional queries like this if you look up servers hosted by > the Akamai CDN, because the CNAME points from the original domain to one > of Akamai's domains. Hi Barry, I just did a double-check (stock RHEL 6 BIND, 9.8.2), and BIND indeed does do the second loo

Re: RPZ - override TXT records

for CDN or load-balanced sites which don't > have fixed IP address. > > Any hint's what I am doing wrong? > > Many thanks, > Wolfgang > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscrib

Re: Speeding up DNS change propagation

On Fri, Sep 18, 2015 at 2:35 PM, Danny Sinang wrote: > Hi, > > Our vendor is changing their FTP server's IP address tomorrow. > > 1. How can I tell how long their DNS change will propagate to us ? Whatever TTL you have cached when the vendor makes the switch is how long it'll

Re: Speeding up DNS change propagation

after my clearing the cache > or restarting BIND, won't BIND find an old cache of "ftp.example.com" in the > ".com" top level DNS server ? > > Regards, > Danny > > On Fri, Sep 18, 2015 at 2:51 PM, John Miller <johnm...@brandeis.edu> wrote: >> >&g

Re: Installing bind is not very clear for me

On Fri, Sep 4, 2015 at 3:29 PM, wrote: >> One Firewall should be enough. >> So, what you consider this firewall should do ? >> In my opinion: >> Block requests coming from a blacklist (Who will generate this list ?) >> Block denial of service requests. It needs to measure the

Re: A tale of two nameservers - resolution problems

On Tue, Sep 1, 2015 at 9:31 AM, Robert Moskowitz <r...@htt-consult.com> wrote: > > > On 09/01/2015 09:20 AM, John Miller wrote: >> >> If you check pcap, logs, etc., is the server's following delegation >> for 0.centos.pool.ntp.org? Where do outbound packets stop?

Re: A tale of two nameservers - resolution problems

If you check pcap, logs, etc., is the server's following delegation for 0.centos.pool.ntp.org? Where do outbound packets stop? John On Tue, Sep 1, 2015 at 9:09 AM, Robert Moskowitz wrote: > I have one nameserver running bind 9.8.2 and a new one running 9.9.4. > > Both can

Re: separation of authoritative and recursive functions on internal networks

-- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman

Re: tsig indicates error

doesn't try to use it for its AXFRs. John -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users

Re: tsig indicates error

On Fri, Jul 24, 2015 at 11:52 AM, Mark Elkins m...@posix.co.za wrote: On Fri, 2015-07-24 at 15:44 +, Managed Pvt nets wrote: On 24/07/2015 5:05:24 PM, Alan Clegg a...@clegg.com wrote: Possible problems: Mismatched keys. Mismatched key names. Mismatched clocks.

Re: stumped on sub domain addition

Hi Donovan, Your zone file(s) as well as your named.conf config would be best here. We really need more information from you than a single fqdn. John -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu On Thu, Jul 23, 2015 at 12:40 PM, lists - euca li...@euca.us wrote

Re: stumped on sub domain addition

On Thu, Jul 23, 2015 at 2:22 PM, lists - euca li...@euca.us wrote: Here is the file that smbind created (note that I have been making some changes): $TTL 21600 @ IN SOA ns10.euca.us. hostmaster.euca.us. ( 2015072342 ; Serial

Re: servfail only for a zone

within an hour, the second will stop working. This is just a guess, but network communication/failed zone transfer seems the most likely culprit for something like this (entire zone returns SERVFAIL). John -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu On Mon, Jul 13

Re: servfail only for a zone

On Mon, Jul 13, 2015 at 2:15 PM, Lucio Crusca lu...@sulweb.org wrote: You have been persuasive enough, I'm definitely going to raise the expire value, but now the question is: are the SERVFAIL replies a consequence of the low expire value? It doesn't help your cause _at_all_. There could

Re: dig @server foobar +trace +recurse

For my part, I'd be curious to know what sort of problem you're trying to solve with dig. We might be able to shed a little more light on what the best command would be for you. The +recurse gets overridden when you use +trace: +[no]recurse ... Recursion is automatically disabled

Re: #service named restart fails with a weird message

Semicolons! You need one for the second ip range in your list, and you need one after the zone file for your localhost zone. The error message really does tell you what you need in this case ;-) The config you pasted only has nine lines, so I'm assuming that the last error really is on line 8/9

Re: How reliable is RPZ in production? I'm seeing flakiness in testing.

using some sort of DDNS publishing that gets triggered when a client does something suspicious. John -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu On Tue, Jan 6, 2015 at 5:52 PM, Anne Bennett a...@encs.concordia.ca wrote: I'm playing with RPZ with a view to both

Re: Bind Migration best practice steps

here is that you shouldn't take down the 9.3.2 server until you're _sure_ the 9.8.1 server is fully ready to roll. Ideally you should be able to do this with zero downtime, but much depends on your setup. It's certainly not something you want to rush. John -- John Miller Systems Engineer Brandeis

Re: Bind Migration best practice steps

the 9.8.1 server is fully ready to roll. Ideally you should be able to do this with zero downtime, but much depends on your setup. It's certainly not something you want to rush. John -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu (781) 736-4619

Re: Promoting slave to master DNS server with dynamic updates

. ** ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- John Miller Systems Engineer Brandeis

Re: DNS slave not synced after successfully zone transfer

https://lists.isc.org/mailman/listinfo/bind-users -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu (781) 736-4619 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users

Re: DNS slave not synced after successfully zone transfer

, John Miller wrote: On NS #2, if you run rndc freeze/rndc thaw, what does the actual zone file look like? Also, what does your cache look like? Is 101.250.168.192.in-addr.arpa PTR cached? John On Thu, Jul 24, 2014 at 10:25 AM, Ricardo Esteves maverick...@gmail.com wrote: Hi, I've got

Re: DNS slave not synced after successfully zone transfer

(or even host) are much better than nslookup for diagnostic purposes. hth On Thursday, July 24, 2014 8:00 AM, John Miller johnm...@brandeis.edu wrote: To check your cache, just run rndc dump. It'll write a dump of the BIND cache to your data directory (wherever you've got it configured

Re: stub zones

:) its almost the same, as creating a local zone for something your not authoritative for and then having to maintain those records. but, i guess their may be cases where it may be useful i guess On Monday, June 2, 2014 1:33 PM, John Miller johnm...@brandeis.edu wrote: Evil? Seems

Re: stub zones

On Monday, June 2, 2014 2:18 PM, John Miller johnm...@brandeis.edu wrote: Not quite, Bill. You point the zone at a different name server, but _your_own_nameserver_ still does the iterative queries to make things happen. It just queries a different set of nameservers than would happen through

Re: Reply Code 0x8083 vs 0x8080

visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu (781) 736-4619

Re: Book recomendations?

/mailman/listinfo/bind-users -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu (781) 736-4619 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users

Re: GSS-TSIG updates from Windows clients

Thanks to both Mark and Nicholas for the help. Unfortunately, still not able to get this working (BIND 9.8.2 (RHEL 6) AD 2008R2). It's a case of AD negotiating a TKEY (successfully), then reverting back to unsigned updates. If an update's not signed, doesn't matter what your update-policy

GSS-TSIG updates from Windows clients

129.64.8.232#49802: next Even though it sends valid TKEY credentials, why doesn't Windows actually sign its updates or use a TCP connection for them? Any way to actually get the Windows side of things to send signed updates? John -- John Miller Systems Engineer Brandeis University johnm

Re: Forwarding request to another DNS server but the same domain

-- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu (781) 736-4619 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https

Re: Forwarding request to another DNS server but the same domain

company.com domain, independently if this record is in DNS1 or DNS2. Thanks again, regards. JeLo On Wed, Apr 30, 2014 at 5:21 PM, John Miller johnm...@brandeis.eduwrote: Hi Jeronimo, First of all, please just tell us the real domain. Yes, we could try and talk about a fictitious

Re: Dig for a reverse zone transfer

Thanks a lot !!! JeLo ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- John Miller Systems

Re: Can Master replicate zone options in Slave's named.conf.local file ???

. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- John

Re: how to modify the cache

___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- John Miller Systems Engineer Brandeis University johnm

Re: DNS passthrough on no explicit result?

On Fri, Jan 31, 2014 at 11:10 AM, Steve Presser st...@pressers.name wrote: Hey all, Please forgive me if any of my terminology is off - I have not spent as much time in the documentation as I'd like. I have an odd situation that I would like to know if it is possible and would much

Re: DNS passthrough on no explicit result?

public--presumably you set up trust between your internal mail servers in other ways. It's not required for SMTP to work--plenty of domains don't use it. Thank you for the correction, Vernon. John -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu

Re: DDNS update forwarding

On 12/11/2013 08:42 PM, Mark Andrews wrote: In message 52a8e44a.1070...@brandeis.edu, John Miller writes: Hello folks, I'm getting ready to revamp our dynamic DNS setup here on campus, and am curious: what is everyone doing for update forwarding? Have you seen certain clients that will send

DDNS update forwarding

Hello folks, I'm getting ready to revamp our dynamic DNS setup here on campus, and am curious: what is everyone doing for update forwarding? Have you seen certain clients that will send updates based on NS records rather than the SOA record? Perhaps a better question is: has anyone been

Re: how-to configure BIND or any DNS implementation for cloud infrastructure

to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu (781) 736-4619 ___ Please visit https

Re: ISO or virtual appliance

Hi Manish, You can always grab a pre-canned ISO from turnkeylinux.org. You could also use Puppet or Chef recipes to get BIND up and running. I'm sure someone also has a Vagrant box available -- try vagrantbox.es. Generally speaking, though, if you're using an appliance in production, you

RFC requirements for relative CNAME targets?

Hey there folks, I know that for the following record in a zone file: host.example.com. -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu (781) 736-4619 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users

Re: RFC requirements for relative CNAME targets?

IN CNAME otherhost. be equally valid from an RFC perspective? Obviously this would also pertain to NS, MX, SRV, PTR, etc. records. John On Thu, Jul 18, 2013 at 4:12 PM, John Miller johnm...@brandeis.edu wrote: Hey there folks, I know that for the following record in a zone file

Re: RFC requirements for relative CNAME targets?

On Thu, Jul 18, 2013 at 4:29 PM, Charles Swiger cswi...@mac.com wrote: On Jul 18, 2013, at 1:18 PM, John Miller johnm...@brandeis.edu wrote: I know that for the following record in example.com's zone file: host.example.com. IN CNAME otherhost BIND will return: host.example.com

Re: RFC requirements for relative CNAME targets?

: Are you asking if the target of a CNAME need be an FQDN if $ORIGIN is defined? If so, no, I use short names (no trailing dot) all the time. *From*: John Miller [mailto:johnm...@brandeis.edu] *Sent*: Thursday, July 18, 2013 05:49 PM *To*: Bind Users Mailing List bind-users@lists.isc.org *Subject

Re: RFC requirements for relative CNAME targets?

On 07/18/2013 06:07 PM, Barry Margolin wrote: In article mailman.844.1374184195.20661.bind-us...@lists.isc.org, John Miller johnm...@brandeis.edu wrote: I think what I was getting at was whether appending $ORIGIN to an unqualified target--only talking target, not label--was _required_

Re: Secondary DNS question...

-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu (781) 736-4619 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users

Re: PTR files

-usersto unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/**listinfo/bind-usershttps://lists.isc.org/mailman/listinfo/bind-users -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu (781) 736-4619

Re: Queries using forwarders

Hi Mike, To keep my answer simple, if BIND is set up to allow recursion, and gets a recursive query for a zone it's not authoritative for, it'll: 1) Answer from cache 2) pass the query off to the configured forwarders 3) If the forwarders are unavailable, follow delegation itself to answer

Re: This didn't work....

Probably should've wrote that is the first case it was: $ORIGIN foo.example.com. ... ads NS ads.foo.example.com. ... ads A a.b.c.d dc2 A a.b.c.e dc3 A a.b.c.f And, the modified case was: $ORIGIN foo.example.com ... ads NS dc2.foo.example.com. NS

Re: This didn't work....

Hi Lawrence, I'm going to answer your questions a bit out of order, but hopefully things'll still be clear. How do you have an AD domain where your AD servers aren't authoritative for itself? This is how our AD domain is set up -- the root of the AD domain is brandeis.edu, but the domain

Re: 3rd party CNAMEs and open recursion

On 03/04/2013 03:26 PM, Verne Britton wrote: my test server (its up and down a lot) is at yournameserver with these two test zones ... what I want to be able to do is: 1. serve the A records as authoritative Looks like it's working in that regard: jm@workstation:~$ dig +norecurse

Resolver behavior on expired TTLs

Hello everyone, Here's something I hadn't put much thought into until recently--it's never been a problem--how do resolvers behave when they receive a request for an expired entry in the cache, but cannot contact the authoritative nameserver? I'd imagine they return a SERVFAIL, but I could

Re: Resolver behavior on expired TTLs

Thanks, Matus. Much appreciated--a SERVFAIL is much better than an NXDOMAIN in this scenario. John On 02/21/2013 10:41 AM, Matus UHLAR - fantomas wrote: On 21.02.13 10:38, John Miller wrote: Here's something I hadn't put much thought into until recently--it's never been a problem--how do

Re: Cannot create A record issue

Just to cover all the bases, you're doing your lookup directly against your server, correct? Easy to accidentally query a different nameserver and not see what you're expecting. Otherwise I'd second Warren's suggestion to double-check your serial number. John On 02/20/2013 12:40 PM,

Change in statistics format

, and wanted to be sure I had my ducks in a row. -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users

Re: Change in statistics format

Thanks, Phil. Those were my thoughts as well. For the present, I'll write my own monitoring plugin to parse the XML data. John On 11/15/2012 11:47 AM, Phil Mayers wrote: On 15/11/12 16:44, John Miller wrote: Hello everyone, When did BIND 9 switch over from the older I think

Re: Change in statistics format

On 11/15/2012 11:58 AM, Carsten Strotmann wrote: Hello John, John Miller johnm...@brandeis.edu writes: Hello everyone, When did BIND 9 switch over from the older +++ Statistics Dump +++ (timestamp) success # referral # nxrrset # nxdomain # recursion # failure # --- Statistics Dump

  1   2   >