from:"King, Harold Clyde \(Hal\)"

Re: DNS DDoS protection

2023-02-24 Thread King, Harold Clyde (Hal) via bind-users

I would like to hear the latest configurations for BIND to help with DDoS.


--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:10d03447-7c44-45f3-af46-cced14a24d4b]

From: bind-users  on behalf of Marco 

Sent: Friday, February 24, 2023 2:20 PM
To: bind-users@lists.isc.org 
Subject: Re: DNS DDoS protection

Am 24.02.2023 um 13:25:40 Uhr schrieb Bob Harold:

> Before answering this question, can you tell me the proper place
> where I should be asking this question?
>
> "We are researching DDoS protection, including DNS.  What companies or
> products or methods should I be looking at?"

If it is about the proper BIND configuration to avoid DoS, it is the
right place. It isn't the right place to look for companies that
provide such a service.
--
Visit 
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users=05%7C01%7Chck%40utk.edu%7C7e22da4bbcb746cb3e2208db169c2a8a%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C638128632210135360%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=kySXDwZ6CPoWCboliXpvuty9N1vlWnMvE2QRgi%2BCnqw%3D=0
 to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at 
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.isc.org%2Fcontact%2F=05%7C01%7Chck%40utk.edu%7C7e22da4bbcb746cb3e2208db169c2a8a%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C638128632210135360%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=8Ae0GXW%2FtYi322%2F%2FJpgy%2B0vEV3Od1svX%2FA3wnfi1RPw%3D=0
 for more information.


bind-users mailing list
bind-users@lists.isc.org
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users=05%7C01%7Chck%40utk.edu%7C7e22da4bbcb746cb3e2208db169c2a8a%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C638128632210135360%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=kySXDwZ6CPoWCboliXpvuty9N1vlWnMvE2QRgi%2BCnqw%3D=0
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: I need to find statistics on a running server.

2023-01-12 Thread King, Harold Clyde (Hal) via bind-users

Thank you very much. I forgot about rndc stats


--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:d47c2196-1345-4deb-b3ea-048bab50a21f]

From: Howard, Christopher 
Sent: Thursday, January 12, 2023 1:42 PM
To: bind-users@lists.isc.org ; King, Harold Clyde 
(Hal) 
Subject: Re: I need to find statistics on a running server.

You can use "rndc stats" to have bind dump a file with stats in it.  This is 
how I get stats from our servers.  I store the values every 2 minutes and 
create a dashboard from that.  Stuff like total queries, total queries from 
ipv4 clients, total queries from ipv6 clients, total A//CNAME/PTR/NXDOMAIN 
requests/answers.  With it stored every 2 minutes it's easy to chart out number 
per second, of course that's averaged out over the 2 minute window.

-Christopher


On Thu, 2023-01-12 at 18:30 +0000, King, Harold Clyde (Hal) via bind-users 
wrote:
That's not bad idea.


--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:f2542891-ff64-48e7-b76e-8dcf8558e0d7]

From: Jeff Sumner 
Sent: Thursday, January 12, 2023 1:22 PM
To: King, Harold Clyde (Hal) ; bind-users 

Subject: Re: I need to find statistics on a running server.

You don't often get email from kc4...@gmail.com. Learn why this is 
important<https://aka.ms/LearnAboutSenderIdentification>

I’ve turned on query logging, then grepped for the count of lines logged in a 
particular second.



Worked well enough for the job at the time.



J



De: bind-users  em nome de "King, Harold 
Clyde (Hal) via bind-users" 
Responder A: "King, Harold Clyde (Hal)" 
Data: quinta-feira, 12 de janeiro de 2023 1:20 PM
Para: bind-users 
Assunto: I need to find statistics on a running server.



I need to find some answers like queries per second.  Any fast ideas folks?

--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599

[cid:ddc53916-50a2-4e86-8dac-18eabfd73205]

-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list ISC funds the development of this software with paid support 
subscriptions. Contact us at https://www.isc.org/contact/ for more information. 
bind-users mailing list bind-users@lists.isc.org 
https://lists.isc.org/mailman/listinfo/bind-users
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: I need to find statistics on a running server.

2023-01-12 Thread King, Harold Clyde (Hal) via bind-users

That's not bad idea.


--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:f2542891-ff64-48e7-b76e-8dcf8558e0d7]

From: Jeff Sumner 
Sent: Thursday, January 12, 2023 1:22 PM
To: King, Harold Clyde (Hal) ; bind-users 

Subject: Re: I need to find statistics on a running server.

You don't often get email from kc4...@gmail.com. Learn why this is 
important<https://aka.ms/LearnAboutSenderIdentification>

I’ve turned on query logging, then grepped for the count of lines logged in a 
particular second.



Worked well enough for the job at the time.



J



De: bind-users  em nome de "King, Harold 
Clyde (Hal) via bind-users" 
Responder A: "King, Harold Clyde (Hal)" 
Data: quinta-feira, 12 de janeiro de 2023 1:20 PM
Para: bind-users 
Assunto: I need to find statistics on a running server.



I need to find some answers like queries per second.  Any fast ideas folks?

--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599

[cid:ddc53916-50a2-4e86-8dac-18eabfd73205]

-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list ISC funds the development of this software with paid support 
subscriptions. Contact us at https://www.isc.org/contact/ for more information. 
bind-users mailing list bind-users@lists.isc.org 
https://lists.isc.org/mailman/listinfo/bind-users
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

I need to find statistics on a running server.

2023-01-12 Thread King, Harold Clyde (Hal) via bind-users

I need to find some answers like queries per second.  Any fast ideas folks?

--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:ddc53916-50a2-4e86-8dac-18eabfd73205]
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: getting answers from DNS queries

2022-04-25 Thread King, Harold Clyde (Hal) via bind-users

That's fair. I can see queries come into my DNS server, but I can't find 
answers to thoughts queries. I have an RPZ zone and I get a log file that says 
PASSTHROUGH or NXDOMAIN. That tells me that the request was served or denied. I 
want something that will tell me the answer to each query. I have my server set 
to denied requests for recursion. So I know those will be denied, I want that 
for every query. I compile each new release and use that for production. Is 
there something I can set at compile-time? Perhaps I add an option to the 
logging statement? I kinda lost my google-fu on this one and I really am 
thankful to y'all for any help that you might have.

--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:f96c691b-14fb-43c3-81bb-27c0801dd170]

From: Ondřej Surý
Sent: Monday, April 25, 2022 10:37 AM
To: King, Harold Clyde (Hal)
Cc: bind-users
Subject: Re: getting answers from DNS queries

> I asked this last week, but I didn't an answer.

Probably because I still don’t know what you mean. You need to better
articulate your problem and your question.

Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org

My working hours and your working hours may be different. Please do not feel 
obligated to reply outside your normal working hours.

> On 25. 4. 2022, at 16:11, King, Harold Clyde (Hal) via bind-users 
>  wrote:
>
> I asked this last week, but I didn't an answer. Who can I tell if a DNS query 
> is refused or answered? Is it in the log files? Can a compile-time option 
> help me access it? Sorry to repeat but I really need to know this.
>
> Thank in advance.
>
>
> --
>
> Hal King  - h...@utk.edu
> Systems Administrator
> Office of Information Technology
> Shared Services
>
> The University of Tennessee
> 103c5 Kingston Pike Building
> 2309 Kingston Pk. Knoxville, TN 37996
> Phone: 974-1599
> 
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
> this list
>
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

getting answers from DNS queries

2022-04-25 Thread King, Harold Clyde (Hal) via bind-users

I asked this last week, but I didn't an answer. Who can I tell if a DNS query 
is refused or answered? Is it in the log files? Can a compile-time option help 
me access it? Sorry to repeat but I really need to know this.

Thank in advance.


--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:00350bec-9764-4740-8d61-e8bec49334bc]
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How can I tell if a quiry is answered or denied

2022-04-20 Thread King, Harold Clyde (Hal) via bind-users

That's not in my version of bind-9.16.23.

Thanks anyway!


--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:d0cf86b5-1da2-47ba-9a66-0e3522260ce4]

From: Jeff Sumner 
Sent: Wednesday, April 20, 2022 4:25 PM
To: King, Harold Clyde (Hal) ; bind-users 

Subject: Re: How can I tell if a quiry is answered or denied

You don't often get email from kc4...@gmail.com. Learn why this is 
important<http://aka.ms/LearnAboutSenderIdentification>





***

You can turn on answer logging:



rndc answerlog







Apologies- I believe the above is likely specific to EIP DNS builds.



J
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

How can I tell if a quiry is answered or denied

2022-04-20 Thread King, Harold Clyde (Hal) via bind-users

I'm trying to find bad actors stretching out my load on my main DNS server I 
can't tell from the query log if a host is denied an answer, or given an 
answer. Also, can I get the answer in my logs? I got one great answer today, 
maybe I'm pushing my luck, but I do feel lucky.


--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:fe5c07f5-ef0a-4dd8-a8d0-f22481933b6b]
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Reading secondary PTR files

2022-04-20 Thread King, Harold Clyde (Hal) via bind-users

Thank you that did the trick!


--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:7843e9a7-77dc-4edb-92f4-95ba78de367b]

From: Larry Rosenman 
Sent: Wednesday, April 20, 2022 9:56 AM
To: King, Harold Clyde (Hal) 
Cc: bind-users 
Subject: Re: Reading secondary PTR files

You don't often get email from l...@lerctr.org. Learn why this is 
important<http://aka.ms/LearnAboutSenderIdentification>

this is what I use with 9.18.1
named-compilezone -f raw -F text -o - 0.1.0.0.0.0.0.0.b.d.c.f.2.0.6.2.ip6.arpa 
0.1.0.0.0.0.0.0.b.d.c.f.2.0.6.2.ip6.arpa.signed


On 04/20/2022 8:42 am, King, Harold Clyde (Hal) via bind-users wrote:

I  need to read the reverse zone in txt and I'm not sure how to decode the file 
with named-compilezone. Does anyone know the part I'm missing?
named-compilezone -f raw -F text -o 
/etc/named/secondary/9.249.192.in-addr.arpa.db 9.249.192 
/etc/named/secondary/9.249.192.in-addr.arpa.db


--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:16504630076260111f6e158884917586@lerctr.org]




--
Larry Rosenman 
http://www.lerctr.org/~ler<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.lerctr.org%2F~ler=05%7C01%7Chck%40utk.edu%7C6cebeb03aae44b96901908da22d5a086%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C637860598513880738%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C=lstRONgc2LQLeer%2FBMd52bIRmIenyDC0PukWdDamADM%3D=0>
Phone: +1 214-642-9640 E-Mail: 
l...@lerctr.org<mailto:l...@lerctr.org>
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reading secondary PTR files

2022-04-20 Thread King, Harold Clyde (Hal) via bind-users

I  need to read the reverse zone in txt and I'm not sure how to decode the file 
with named-compilezone. Does anyone know the part I'm missing?
named-compilezone -f raw -F text -o 
/etc/named/secondary/9.249.192.in-addr.arpa.db 9.249.192 
/etc/named/secondary/9.249.192.in-addr.arpa.db

--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:36fbaf98-8bc3-4d0b-8a9a-8eeade380eaa]
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Combining forward with master zone.

2019-02-22 Thread King, Harold Clyde (Hal)

Thank you all for your help with this. 

--
Hal 

On 2/21/19, 4:04 AM, "bind-users on behalf of Matus UHLAR - fantomas" 
 wrote:

>On Wed, Feb 20, 2019 at 3:40 PM King, Harold Clyde (Hal) 
>wrote:
>> Could I just define needs.example.com as a zone in a separate file so:
>>
>> zone "example.com" { type master; notify no; file "static/antiphish.db";
>> };
>>
>> zone "needs.example.com" { type forward; forwards{8.8.8.8;};

On 20.02.19 16:08, Kevin Darcy wrote:
>Delegate needs.example.com from example.com and you should be set.

if this is not clear enough, it means that the "example.com" zone stored in
"static/antiphish.db" file must contain NS record for "needs":

needs   NS  your.name.server.
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"The box said 'Requires Windows 95 or better', so I bought a Macintosh".
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Combining forward with master zone.

2019-02-20 Thread King, Harold Clyde (Hal)

Could I just define needs.example.com as a zone in a separate file so:



zone "example.com" { type master; notify no; file "static/antiphish.db"; };

zone "needs.example.com" { type forward; forwards{8.8.8.8;};





--

Hal





We have a URL phishing setup that causes URLs we detect to redirect to a 
warning page. We have run into a problem. One of our clients has scripts that 
he calls from a host in that domain.

Needs.example.com when we block example.com.

Can I create a root zone to define a wildcard pointing to our warning page with 
one hostname defined going to a forward’ed DNS source? I could just give it an 
IP, but can I forward that one domain to outside DNS (Google or their NS 
repository)?



Here’s a very rough draft of the root zone:



$ORIGIN .

$TTL 3600

example.com  IN SOA   us.ourdns.com.  helpdesk.ourdns.com.



*CNAME  url-blocking.ourdns.com

needsforward(8.8.8.8)



--

Hal


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Combining forward with master zone.

2019-02-20 Thread King, Harold Clyde (Hal)

We have a URL phishing setup that causes URLs we detect to redirect to a 
warning page. We have run into a problem. One of our clients has scripts that 
he calls from a host in that domain.
Needs.example.com when we block example.com.
Can I create a root zone to define a wildcard pointing to our warning page with 
one hostname defined going to a forward’ed DNS source? I could just give it an 
IP, but can I forward that one domain to outside DNS (Google or their NS 
repository)?

Here’s a very rough draft of the root zone:

$ORIGIN .
$TTL 3600
example.com  IN SOA   us.ourdns.com.  helpdesk.ourdns.com.

*CNAME  url-blocking.ourdns.com
needsforward(8.8.8.8)

--
Hal

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to create an SRV record for the CSTA service

2018-09-13 Thread King, Harold Clyde (Hal)

OK I made mistakes. I’m sorry for wasting anyone's time, I really am. 

I was trying to see if anyone had even made an SRV record for the CSTA service. 
My presentation of the dig example was a poor choice.


-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900

On 9/13/18, 12:30, "Reindl Harald"  wrote:



Am 13.09.18 um 18:03 schrieb King, Harold Clyde (Hal):
> You have me dead to rights on that. I was trying to make an example and 
failed. Here's my record:
> _csta._tcp.csta.example.com.   3600   IN   SRV   20   0   1040 
hostname.example.com

so why don't you just send an unaltered record instead of 3 mails?

the first two ending with a dot but missing fields, the last one seems
to have all fields but the traling dot is missing

csta.example.com. is a subdomain "csta" below example.com
is that desired?

"hostname.example.com" instead "hostname.example.com." means
"hostname.example.com.example.com"

again: don't provide mangeled informations when you need help - frankly
the only obfusction you can make es replace your domain name and ONLY
that with example.com

the first is a working example from a microsoft SIP record and now
compare it to your real setup

_sipfederationtls._tcp   3600 IN SRV 1 100 5061 sipfed.online.lync.com.
_csta._tcp.csta.example.com. 3600 IN SRV 20  0 1040 hostname.example.com





___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to create an SRV record for the CSTA service

2018-09-13 Thread King, Harold Clyde (Hal)

You have me dead to rights on that. I was trying to make an example and failed. 
Here's my record:
_csta._tcp.csta.example.com.   3600   IN   SRV   20   0   1040 
hostname.example.com


-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900

On 9/13/18, 11:54, "Gary O'Brien"  wrote:

You're missing the priority weight and port.

_service._proto.name. TTL class SRV priority weight port target


On 09/13/2018 09:40 AM, King, Harold Clyde (Hal) wrote:
> There's a typo in my record. It's _csta._tcp.csta-example.com. 3600 IN 
SRV hostname.example.com.
>
>

-- 
Gary O'Brien
Secure64 Software Corporation
970.372.0009
gary.obr...@secure64.com




___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to create an SRV record for the CSTA service

2018-09-13 Thread King, Harold Clyde (Hal)

There's a typo in my record. It's _csta._tcp.csta-example.com. 3600 IN SRV 
hostname.example.com.


-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900

On 9/13/18, 11:39, "bind-users on behalf of King, Harold Clyde (Hal)" 
 wrote:

I'm kinda stuck. I am tasked with creating an SRV record for the CSTA 
service. But I must be doing it wrong.

Here's what I thought it should be:
_csta_tcp.csta-example.com. 3600 IN SRV hostname.example.com.

Am I even close?



-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

How to create an SRV record for the CSTA service

2018-09-13 Thread King, Harold Clyde (Hal)

I'm kinda stuck. I am tasked with creating an SRV record for the CSTA service. 
But I must be doing it wrong.

Here's what I thought it should be:
_csta_tcp.csta-example.com. 3600 IN SRV hostname.example.com.

Am I even close?



-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Perfomance tuning CPUs

2018-08-23 Thread King, Harold Clyde (Hal)

It looks like our named process is getting inturrupted  when too many queries 
come in. What I think I see is the main named process sitting on one CPU and 
child processes on the others. We have 16 CPUs and 19 named processes. Looks 
like everything is fine if the main process stays on a CPU, but if it gets 
knocked off, packets get dropped. 

I’m trying to replicate that on our test box but wondered if anyone had run 
into this before and had some advice.


-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Removing an NS server

2018-08-08 Thread King, Harold Clyde (Hal)

I want to thank you all for the recommendations. I’m having a bit of mail list 
troubles so I don’t know Alberto’s email but thanks to you all!

--
Hal King  - h...@utk.edu<mailto:h...@utk.edu>
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900

From: Bob Harold 
Date: Wednesday, August 8, 2018 at 09:10
To: John Miller , Hal King 
Cc: Bind Users 
Subject: Re: Removing an NS server

On Tue, Aug 7, 2018 at 5:01 PM John Miller 
mailto:johnm...@brandeis.edu>> wrote:
Hal, we've done this before - it's not particularly hard, just takes a
bit for everyone to pick up the new set of NS records.  You just make
the change upstream and also remove the NS records that reference the
system.  It's kind of weird: during the interim, you'll have a running
nameserver that doesn't return itself in its NS records.  If the same
set of servers also serves your reverse zones, don't forget to update
ARIN as well as Educause.

Educause sets their upstream TTLs to two days (ARIN's 1 day), but
people shouldn't be caching the referral, only your actual NS records.
If you're at all concerned, you can always set a low TTL ahead of time
on your NS records, so everyone will pull the updated records
relatively quickly once you make your changes.

John

On Tue, Aug 7, 2018 at 4:46 PM, King, Harold Clyde (Hal) 
mailto:h...@utk.edu>> wrote:
> I don't think I made my point. I need to pull/remove a DNS nameserver from my 
> set of nameservers.
> My plan was to put the reference to it from our domain name provider. Then 
> pull it from the list of NS records. I am not changing my SOA record. Just 
> the nameserver. Did I make a mistake? Did you mean pull the NS reord for that 
> server, then pull it from the name provider. I'll still have 4 servers 
> running the SOA, and I don't plan to stop the old nameserver until well after 
> a week of running.
>
>
> --
> Hal King  - h...@utk.edu<mailto:h...@utk.edu>
> Systems Administrator
> Office of Information Technology
> Shared Systems Services

If I remember correctly, setting my NS ttl lower than my parent caused a 
problem when one of my servers failed and I took it out of the NS record set.  
I think it went something like this:

resolver asks tld (before the change) and gets:
example.com<http://example.com> 2d NS dns1.example.com<http://dns1.example.com>
example.com<http://example.com> 2d NS dns2.example.com<http://dns2.example.com>
example.com<http://example.com> 2d NS dns3.example.com<http://dns3.example.com>

dns3 fails and I remove it from the NS records, both locally and at the parent 
TLD.

Resolver talks to my servers (a few hours later, after the change) and gets:
example.com<http://example.com> 1h NS dns1.example.com<http://dns1.example.com>
example.com<http://example.com> 1h NS dns2.example.com<http://dns2.example.com>

Resolver cache now has:
example.com<http://example.com> 1h NS dns1.example.com<http://dns1.example.com>
example.com<http://example.com> 1h NS dns2.example.com<http://dns2.example.com>
example.com<http://example.com> 2d NS dns3.example.com<http://dns3.example.com>

An hour later the two shorter NS records expire and the resolver is left with:
example.com<http://example.com> 2d NS dns3.example.com<http://dns3.example.com>

If dns3.example.com<http://dns3.example.com> is down, the resolver will fail to 
reach my zone, and will not ask the TLD until that record expires.

So I think the TTL on NS records needs to match the parent zone, whether I like 
that ttl or not.

In your case, removing the NS records from both your zone and the parent zone, 
two days (or whatever the ttl) before you turn off the server, should be fine.

--
Bob Harold

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Removing an NS server

2018-08-07 Thread King, Harold Clyde (Hal)

I don't think I made my point. I need to pull/remove a DNS nameserver from my 
set of nameservers. 
My plan was to put the reference to it from our domain name provider. Then pull 
it from the list of NS records. I am not changing my SOA record. Just the 
nameserver. Did I make a mistake? Did you mean pull the NS reord for that 
server, then pull it from the name provider. I'll still have 4 servers running 
the SOA, and I don't plan to stop the old nameserver until well after a week of 
running.


-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Need to move an NS server out of service

2018-08-06 Thread King, Harold Clyde (Hal)

I have ns2.example.com one of my DNS servers. The building, and the reason for 
the NS server, is ending. Should I remove the host from our domain name 
provider then my actual NS record in DNS, or NS record then provider?

I'd appreciate any help I could get.


-- 
Hal King


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Separate DNS slaves as internal and external

2018-03-19 Thread King, Harold Clyde (Hal)

I have DNS slaves for internal and external entities. I don't know how to work 
the NS records so that outside users would only get the external slave and 
internal would only get the internal slave.

How can I do this? If I put only the internal slaves with NS records external 
users query the internal servers. If I put both external users still see and 
use internal slave. If I put only external, internal users get the external 
slave. I have put the external slave in our registrar. 

Any help would be appreciated.

Thanks in advance 


-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can bind works without defining root servers

2017-08-15 Thread King, Harold Clyde (Hal)

How does Bind update the root servers? Does it go out and check, or is a 
release made for each change?


-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900

On 8/15/17, 11:02, "bind-users on behalf of Alan Clegg" 
 wrote:

Root hints have been built in forever.  (and that's "forever" in
Internet years)

On 8/15/17 10:58 AM, Duleep Thilakarathne wrote:
> Hi,
> 
> I can observe, bind can resolve host names without following entry  in
> named.conf. could anyone help me to understand this default behavior.
> 
> 
> zone "." {
>   type hint;
>   file "root.servers";
> };
> 
> regards
> DT
> 
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
unsubscribe from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Transition from BIND 9.9 to 9.10

2017-07-27 Thread King, Harold Clyde (Hal)

I have not found any problems so far on my test machines, but I was wondering 
what changes there are to look forward to in moving from 9.9 to 9.10? 


-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can anyone tell me a good DNS server testing program

2016-06-27 Thread King, Harold Clyde (Hal)

Thanks everyone for your suggestions. I’ll go forward with dnsperf.


-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900

On 6/22/16, 08:58, "Warren Kumari" <war...@kumari.net> wrote:

Kinda depends on what you are testing, but there is also Nominum's
dnsperf: http://nominum.com/measurement-tools/

This is easy to install, simple to use, and comes with a sample query file.
W

On Wed, Jun 22, 2016 at 8:48 AM, Emil Natan <shly...@gmail.com> wrote:
> queryperf, supplied with BIND, found under contrib.
> What we usually do is "record" some real traffic, then run queryperf on
> multiple machines against a server. If I'm not mistaken similar topic was
> discussed here recently so you can search the archives.
>
> Emil
>
> On Wed, Jun 22, 2016 at 3:34 PM, King, Harold Clyde (Hal) <h...@utk.edu>
> wrote:
>>
>> I have a new DNS BIND setup that I need to stress test. There are many
>> test for hitting a web server to simulate traffic, but I can’t find a one
>> for doing the same thing to a DNS server. Does anyone have any
>> recommendations?
>>
>>
>> --
>> Hal King  - h...@utk.edu
>> Systems Administrator
>> Office of Information Technology
>> Shared Systems Services
>>
>> The University of Tennessee
>> 103C5 Kingston Pike Building
>> 2309 Kingston Pk. Knoxville, TN 37996
>> Phone : 974-1599
>> Helpdesk 24/7 : 974-9900
>>
>> ___
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Can anyone tell me a good DNS server testing program

2016-06-22 Thread King, Harold Clyde (Hal)

I have a new DNS BIND setup that I need to stress test. There are many test for 
hitting a web server to simulate traffic, but I can’t find a one for doing the 
same thing to a DNS server. Does anyone have any recommendations?


-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

How to block part of a zone

2014-09-16 Thread King, Harold Clyde (Hal)

I need to block a host in an exterior domain.

Resolve all traffic for example.com from example.com¹s dns servers, but
stop badhost.example.com.
I guess I could become authoritative for badhost.example.com and point the
host to 127.0.0.1.
Does that sound like bad things would happen?

Zone ³badhost.example.com² {
type master;
file ³/etc/named/badhost.example.com.db²;
}

Badhost.example.com. IN SOA localhost (
Admin.localhost
2014091601
3600
900
86
3600 )
NS localhost.
A 127.0.0.1

-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599

/--\
| One Contact  865-974-9900|
| Many Solutions   help.utk.edu|
\--/



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Sites that points their A Record to localhost

2014-01-10 Thread King, Harold Clyde (Hal)

-Original Message-
From: Dave Warren da...@hireahit.com
Date: Friday, January 10, 2014 at 15:47
To: Bind Users bind-users@lists.isc.org
Subject: Re: Sites that points their A Record to localhost

On 2014-01-10 12:36, wbr...@e1b.org wrote:
 From: Alan Clegg a...@clegg.com
 Yes, it seems that they have an A record for that label that
 provides the IP address 127.0.0.1.

 You probably want to ask the owner of the zone about this, as I?m
 not sure what the community can do about it.
 They have an MX record, so perhaps the domain is only intended for
email.

 # host p3net.net
 p3net.net has address 127.0.0.1
 p3net.net mail is handled by 10 aspmx.l.google.com.

 Although, they should have more MX records if using google.

And less A records if they don't intend to do anything but email. But
it's an imperfect world.

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren

Isn¹t there a ³rule² (note lower case) that says ŒZones _should_ have an A
record. CNAMEs _should_not_ point to CNAMES.¹ Things that work, but
shouldn¹t.
 I may be wrong on the rules, I can¹t find my reference.

-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Blocking private addresses with a optionq

2013-03-08 Thread King, Harold Clyde (Hal)

Is there an option for bind like the allow-recursion { network-acl }
For blocking out going records of 10.0.0.0/8 and 192.168.0.0/16 so I could do a 
view like:

View outsiders {
block-private  { other-networks };
…
}

Thanks!

--
Hal King  - h...@utk.edumailto:h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
/--\
| One Contact  865-974-9900|
| Many Solutions   help.utk.edu|
\--/
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

User wanting to use a .local domain to host DNS

2012-11-14 Thread King, Harold Clyde (Hal)

I'm a bit confused by a user request. I think he is trying to keep some hosts 
on the private side of DNS, but he wants to use a DNS name like host.sub.local. 
I do not know of the use of the .local TLD except in bonjure. Can anyone shed 
some light on the use of the .local TLD?

--
Hal King  - h...@utk.edumailto:h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

NS record outside of our name space

2012-03-13 Thread King, Harold Clyde (Hal)

How can I make a record that will allow outside DNS to control a subdomain in 
our space.

We own example.com
We have a zone call wordpress.example.com
If I make an NS record in the zone nothing seems to happen?

ORIGIN wordpress.example.com
NS wordpress.outside.com

--
Hal King  - h...@utk.edumailto:h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: NS record outside of our name space

2012-03-13 Thread King, Harold Clyde (Hal)

Here's an example of my zone record:

$ORIGIN .
$TTL 1800   ; 30 minutes
Wordpress.example.com. IN SOA  hiddenmaster.example.com. 
ipmgr.example.com. (
2012020601 ; serial
10800  ; refresh (3 hours)
1800   ; retry (30 minutes)
604800 ; expire (1 week)
900; minimum (15 minutes)
)
$TTL 28800  ; 8 hours
NS  NS1.WORDPRESS.COM.
NS  NS2.WORDPRESS.COM.
NS  NS3.WORDPRESS.COM.
$ORIGIN wordpress.example.com.
$TTL 900; 15 minutes
www CNAME   wordpress.example.com.


--
Hal King  - h...@utk.edumailto:h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599

From: Hal King h...@utk.edumailto:h...@utk.edu
Date: Tue, 13 Mar 2012 13:40:54 +
To: Bind Users bind-users@lists.isc.orgmailto:bind-users@lists.isc.org
Subject: NS record outside of our name space

How can I make a record that will allow outside DNS to control a subdomain in 
our space.

We own example.com
We have a zone call wordpress.example.com
If I make an NS record in the zone nothing seems to happen?

ORIGIN wordpress.example.com
NS wordpress.outside.com

--
Hal King  - h...@utk.edumailto:h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
___ Please visit 
https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list 
bind-users mailing list 
bind-users@lists.isc.orgmailto:bind-users@lists.isc.org 
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: NS record outside of our name space

2012-03-13 Thread King, Harold Clyde (Hal)

I tried adding the NS records but it looked like the entire example.com
was now subject to the NS of wordpress.com. I just want the sub domain to
get it's DNS from the wordpress.com NS servers. Not to give away my  whole
example.com domain.
 

-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599





On 3/13/12 11:04 AM, Alan Clegg a...@clegg.com wrote:

On 3/13/2012 9:49 AM, King, Harold Clyde (Hal) wrote:
 Here's an example of my zone record:
 
 $ORIGIN .
 $TTL 1800   ; 30 minutes
 Wordpress.example.com. IN SOA  hiddenmaster.example.com.
 ipmgr.example.com. (
 2012020601 ; serial
 10800  ; refresh (3 hours)
 1800   ; retry (30 minutes)
 604800 ; expire (1 week)
 900; minimum (15 minutes)
 )
 $TTL 28800  ; 8 hours
 NS  NS1.WORDPRESS.COM.
 NS  NS2.WORDPRESS.COM.
 NS  NS3.WORDPRESS.COM.
 $ORIGIN wordpress.example.com.
 $TTL 900; 15 minutes
 www CNAME   wordpress.example.com.

What are you actually trying to do?  If all you are trying to do is
give away the zone, you want these NS records to be in the
example.com. zone .. ie:

example.com.   IN SOA ( ... )
   IN NS  ns1.example.com.
   IN NS  ns2.example.com.

wordpress  IN NS  ns1.wordpress.com.
   IN NS  ns2.wordpress.com.
   IN NS  ns3.wordpress.com.

AlanC
-- 
a...@clegg.com | 1.919.355.8851

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Not able to resolve a domain

2011-11-18 Thread King, Harold Clyde (Hal)

I have found that www.thisisgame.com does not resolve on our DNS servers. 
Google DNS works fine. According to dns.14x.org the top level domain com is 
w. I do not see a w server. I have the most recent named.root file from June. 
What have I done wrong?

Thanks for looking during this busy time.

--
Hal King  - h...@utk.edumailto:h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Not able to resolve a domain

2011-11-18 Thread King, Harold Clyde (Hal)

This is the trace I get trying to resolve the domain.

dig +trace thisisgame.com

;  DiG 9.8.1-P1  +trace thisisgame.com
;; global options: +cmd
.   456080  IN  NS  d.root-servers.net.
.   456080  IN  NS  h.root-servers.net.
.   456080  IN  NS  l.root-servers.net.
.   456080  IN  NS  f.root-servers.net.
.   456080  IN  NS  e.root-servers.net.
.   456080  IN  NS  b.root-servers.net.
.   456080  IN  NS  i.root-servers.net.
.   456080  IN  NS  m.root-servers.net.
.   456080  IN  NS  j.root-servers.net.
.   456080  IN  NS  k.root-servers.net.
.   456080  IN  NS  a.root-servers.net.
.   456080  IN  NS  c.root-servers.net.
.   456080  IN  NS  g.root-servers.net.
;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 364 ms

com.172800  IN  NS  f.gtld-servers.net.
com.172800  IN  NS  d.gtld-servers.net.
com.172800  IN  NS  c.gtld-servers.net.
com.172800  IN  NS  j.gtld-servers.net.
com.172800  IN  NS  k.gtld-servers.net.
com.172800  IN  NS  e.gtld-servers.net.
com.172800  IN  NS  i.gtld-servers.net.
com.172800  IN  NS  m.gtld-servers.net.
com.172800  IN  NS  g.gtld-servers.net.
com.172800  IN  NS  h.gtld-servers.net.
com.172800  IN  NS  a.gtld-servers.net.
com.172800  IN  NS  l.gtld-servers.net.
com.172800  IN  NS  b.gtld-servers.net.
;; Received 504 bytes from 192.33.4.12#53(192.33.4.12) in 496 ms

thisisgame.com. 172800  IN  NS  ns1.thisisgame.com.
dig: couldn't get address for 'ns1.thisisgame.com': not found

--
Hal King  - h...@utk.edumailto:h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599

From: Hal King h...@utk.edumailto:h...@utk.edu
Date: Fri, 18 Nov 2011 15:19:18 +
To: Bind Users bind-users@lists.isc.orgmailto:bind-users@lists.isc.org
Subject: Not able to resolve a domain

I have found that www.thisisgame.com does not resolve on our DNS servers. 
Google DNS works fine. According to dns.14x.org the top level domain com is 
w. I do not see a w server. I have the most recent named.root file from June. 
What have I done wrong?

Thanks for looking during this busy time.

--
Hal King  - h...@utk.edumailto:h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
___ Please visit 
https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list 
bind-users mailing list 
bind-users@lists.isc.orgmailto:bind-users@lists.isc.org 
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Not able to resolve a domain

2011-11-18 Thread King, Harold Clyde (Hal)

Never mind it's blocked on the IP level. Sorry to bring up stuff on a busy
week.

Thanks for all the help folks!

-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599





On 11/18/11 10:49 AM, /dev/rob0 r...@gmx.co.uk wrote:

On Friday 18 November 2011 09:19:18 King, Harold Clyde (Hal) wrote:
 I have found that www.thisisgame.com does not resolve on our DNS
 servers. Google DNS works fine.

Looks fine from here.

 According to dns.14x.org the top
 level domain com is w. I do not see a w server. I have the
 most recent named.root file from June. What have I done wrong?

I don't know what that means. IWFM using both normal recursion and
direct-to-NS:

;; ANSWER SECTION:
www.thisisgame.com.1800IN  A   1.234.35.120

;; AUTHORITY SECTION:
thisisgame.com.1800IN  NS  ns1.thisisgame.com.

;; ADDITIONAL SECTION:
ns1.thisisgame.com.1800IN  A   1.234.35.141

I'll toss out a couple of WAGs at no extra charge!

1. When was 1/8 allocated, recently? Maybe you need to update your
   bogon filter?
2. It's Korean, are you blocking APNIC space?
-- 
Offlist mail to this address is discarded unless
/dev/rob0 or not-spam is in Subject: header
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can't compile bind 9.8.1-P1 on Solaris

2011-11-17 Thread King, Harold Clyde (Hal)

That's just the thing. I compile on my test box and it works. Move it to
production and it fails with the error stated. Bind-9.8.1 worked with the
same environment settings. No chroot on my end. Same version of ssl
(1.0.0d).

-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599





On 11/17/11 12:40 PM, Cathy Almond cat...@isc.org wrote:

On 17/11/11 05:33, King, Harold Clyde (Hal) wrote:
 With great help I got Bind 9.8.1 to compile on solaris but I can not get
 Bind to start up. I am getting:
 
 17-Nov-2011 00:31:23.609 initializing DST: openssl failure
 17-Nov-2011 00:31:23.609 exiting (due to fatal error)
 
 Is anyone else seeing this?
 
It's a problem with accessing the openssl libs - if you're running
chrooted, you'll need to to copy them into the chroot environment.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can't compile bind 9.8.1-P1 on Solaris

2011-11-17 Thread King, Harold Clyde (Hal)

Well I recompiled everything within the environment and now I seem to have
a working Bind.

Thanks 

-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599





On 11/17/11 2:26 PM, King, Harold Clyde (Hal) h...@utk.edu wrote:

That's just the thing. I compile on my test box and it works. Move it to
production and it fails with the error stated. Bind-9.8.1 worked with the
same environment settings. No chroot on my end. Same version of ssl
(1.0.0d).

-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599





On 11/17/11 12:40 PM, Cathy Almond cat...@isc.org wrote:

On 17/11/11 05:33, King, Harold Clyde (Hal) wrote:
 With great help I got Bind 9.8.1 to compile on solaris but I can not
get
 Bind to start up. I am getting:
 
 17-Nov-2011 00:31:23.609 initializing DST: openssl failure
 17-Nov-2011 00:31:23.609 exiting (due to fatal error)
 
 Is anyone else seeing this?
 
It's a problem with accessing the openssl libs - if you're running
chrooted, you'll need to to copy them into the chroot environment.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Can't compile bind 9.8.1-P1 on Solaris

2011-11-16 Thread King, Harold Clyde (Hal)

I get an error compiling Bind at:

make[4]: Entering directory 
`/usr/local/src/bind-9.8.1-P1/bin/tests/system/dlzexternal'
ld -G -z text -o driver.so driver.o
ld: invalid number `-z'

Giving –G a number makes –z unrecognized.

I'm in Solaris 10, Sparc, GCC 3.4.6

--
Hal King  - h...@utk.edumailto:h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can't compile bind 9.8.1-P1 on Solaris

2011-11-16 Thread King, Harold Clyde (Hal)

Is anyone else having problems with the compile?

--
Hal King  - h...@utk.edumailto:h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599

From: Hal King h...@utk.edumailto:h...@utk.edu
Date: Wed, 16 Nov 2011 21:17:31 +
To: Bind Users bind-users@lists.isc.orgmailto:bind-users@lists.isc.org
Subject: Can't compile bind 9.8.1-P1 on Solaris

I get an error compiling Bind at:

make[4]: Entering directory 
`/usr/local/src/bind-9.8.1-P1/bin/tests/system/dlzexternal'
ld -G -z text -o driver.so driver.o
ld: invalid number `-z'

Giving –G a number makes –z unrecognized.

I'm in Solaris 10, Sparc, GCC 3.4.6

--
Hal King  - h...@utk.edumailto:h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
___ Please visit 
https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list 
bind-users mailing list 
bind-users@lists.isc.orgmailto:bind-users@lists.isc.org 
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can't compile bind 9.8.1-P1 on Solaris

2011-11-16 Thread King, Harold Clyde (Hal)

Thanks! 

-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599





On 11/16/11 4:44 PM, Dennis Clarke dcla...@blastwave.org wrote:


 I get an error compiling Bind at:

 make[4]: Entering directory
 `/usr/local/src/bind-9.8.1-P1/bin/tests/system/dlzexternal'
 ld -G -z text -o driver.so driver.o
 ld: invalid number `-z'

 Giving -G a number makes -z unrecognized.

 I'm in Solaris 10, Sparc, GCC 3.4.6


I'm not seeing any problems yet .. but I use Sun Studio 11 for the builds.
If you are willing to wait a few hours I'll have packages released pretty
quick.

Dennis


-- 
--
http://pgp.mit.edu:11371/pks/lookup?op=vindexsearch=0x1D936C72FA35B44B
+-+---+
| Dennis Clarke   | Solaris and Linux and Open Source |
| dcla...@blastwave.org   | Respect for open standards.   |
+-+---+




___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can't compile bind 9.8.1-P1 on Solaris

2011-11-16 Thread King, Harold Clyde (Hal)

I compiled 9.8.1 on the same server with the same setup. So it is not in
9.8.1.

-- 

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599





On 11/16/11 8:30 PM, Evan Hunt e...@isc.org wrote:


 I get an error compiling Bind at:
 
 make[4]: Entering directory
`/usr/local/src/bind-9.8.1-P1/bin/tests/system/dlzexternal'
 ld -G -z text -o driver.so driver.o
 ld: invalid number `-z'
 
 Giving ?G a number makes ?z unrecognized.
 
 I'm in Solaris 10, Sparc, GCC 3.4.6

Thanks for the report.  We didn't touch that code in the security
patch, so this bug must have also been in 9.8.1; we'll try to address
it in 9.8.2.

That isn't critical code; it's just one of the system tests.
Just touch bin/tests/system/dlzexternal/driver.o and then
run make again.  The dlzexternal system test will fail
when you run make check, but otherwise your server will
be fine.

In general, issues like this are best sent to the bind9-b...@isc.com
alias, which opens a ticket in our bug database.   I'll do so now.

-- 
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

named web statistics

2011-07-06 Thread King, Harold Clyde (Hal)

Hi;
I know there is a web front end to DNS stats, but I can not remember the option 
in the named.conf that defines the port.
I'm running 9.8.0-P4 (just now being able to upgrade to a version that supports 
the statistics)

Does anyone remember this?
--
Hal King  - h...@utk.edumailto:h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named web statistics

2011-07-06 Thread King, Harold Clyde (Hal)

Thanks!

-- 
Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems

The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599





On 7/6/11 11:15 AM, Jeremy C. Reed jr...@isc.org wrote:

On Wed, 6 Jul 2011, King, Harold Clyde (Hal) wrote:

 I know there is a web front end to DNS stats, but I can not remember the
 option in the named.conf that defines the port.
 I'm running 9.8.0-P4 (just now being able to upgrade to a version that
 supports the statistics)

statistics-channels  has optional port



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

44 matches

Mail list logo