ix by having CFEngine copy from internal to external,
and "if repaired" do an 'rndc reload'
Surprised it held together for 3 monthshad figured that it would do for a
couple of weeksbut wanted it out of the way should I end up put out on
disability.
--
Who: Lawrence K. Che
to separate things again.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
with LOPSA Professional Recognition.
For: Enterprise Server Technologies (EST) -- SafeZone Ally
___
Please visit https
if there isn't space. The field are
concatenated together with no space to produce the full SPF entry.
e.g. ab cd - abcd
Mark
I had thought that was the way...what I had forgotten were the parens...
so (ab cd) - abcd
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems
On 2015-08-10 17:12, Reindl Harald wrote:
truncated the long, hard to understand and unrelated stuff
Am 10.08.2015 um 23:49 schrieb Lawrence K. Chen, P.Eng.:
that above is pure nonsense - your DOMAIN has either a strict SPF
policy -
or a testing policy ~ and no mix of both
~ means
On 2015-08-13 18:47, Reindl Harald wrote:
Am 13.08.2015 um 23:15 schrieb Lawrence K. Chen, P.Eng.:
On 2015-08-10 17:12, Reindl Harald wrote:
well, when you can't say from where you send mail you should refrain from
setup SPF at all
Except there are external forces that demand an SPF
On 2015-08-10 16:49, Lawrence K. Chen, P.Eng. wrote:
Though I realize my error not recalling that there is a middle (neutral)
level, and which is more appropriate, since softfail is somewhere between
fail and neutral which is not where I had intended the servers to be.
Went to fix it, only
On 2015-08-07 22:23, Reindl Harald wrote:
Am 08.08.2015 um 05:13 schrieb Lawrence K. Chen, P.Eng.:
So, when we were with this provider, our SPF had exclusive pool as good,
but included the other pool prefixed with '~'
can we stop that foolish discussion on the named list?
How about
On 2015-08-07 09:50, Heiko Richter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 07.08.2015 um 07:16 schrieb Lawrence K. Chen, P.Eng.:
On 2015-08-06 19:26, Heiko Richter wrote:
Though back then I was still building bind 32-bit, and the
hardware as much slower. A full signing
and most people haven't noticed yet that the new
listserv did not go live on June 1st.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
with LOPSA Professional Recognition.
For: Enterprise Server Technologies (EST) -- SafeZone
from monitor that I can barely see now
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
with LOPSA Professional Recognition.
For: Enterprise Server Technologies (EST) -- SafeZone Ally
On 2015-08-07 10:08, Heiko Richter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 07.08.2015 um 08:52 schrieb Lawrence K. Chen, P.Eng.:
Gjust noticed that about 12 hours ago, the business office
person finally update our KSK with registrar. (where window was
last month
On 2015-08-07 07:34, wbr...@e1b.org wrote:
From: Lawrence K. Chen, P.Eng. lkc...@ksu.edu
OTOH, we have caved on adding systems that aren't 'ours'...though how much
of
Office365 is actually 'ours'but I think we currently have a couple
includes for mass emailing solutions or our
/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
with LOPSA Professional
to do what we do now
I had thought I'd have solution to our current DNS problem in place by
now
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
with LOPSA Professional Recognition.
For: Enterprise Server Technologies (EST
. They also won't let me remove the company info without
some kind of impossible proof...from the company to allow it. Wasn't until
their request for proof the companies existence that I remembered that I had
run into the problem before.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix
don't recall what the issue was with those now.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
with LOPSA Professional Recognition.
For: Enterprise Server Technologies (EST) -- SafeZone Ally
On 2015-08-03 10:06, Reindl Harald wrote
.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
On 05/07/14 23:32, Barry Margolin wrote:
In article mailman.160.1399503258.26362.bind-us...@lists.isc.org,
Lawrence K. Chen, P.Eng. lkc...@ksu.edu wrote:
Oh...I misread the questionguess DNAME isn't what's wanted
just the apex to somewhere else
Yeah...I currently just look
On 05/08/14 02:01, Dave Warren wrote:
On 2014-05-07 15:54, Lawrence K. Chen, P.Eng. wrote:
Though it was just a minor delayfor them to revert back to the old site,
until they migrated their email accounts to the CNAME site as well
You still can't CNAME the APEX of a zone even
the change in forwarding on my caching resolvers to
AD?
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
___
Please visit https://lists.isc.org/mailman/listinfo/bind
/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
to:
https://someCNAME/some/path
I can do http, by bouncing them off a redirector, https is harder (and require
me to pass it over to a WSE.)
On 05/07/14 17:10, Lawrence K. Chen, P.Eng. wrote:
DNAME ?
On 05/06/14 11:44, Rom, Gloria wrote:
Yup, that’s what I was asking. Thanks.
Gloria Rom
UCLA
, Lawrence K. Chen, P.Eng. wrote:
Awww...I found messages about version.bind.
My workaround I use is like:
# for builtin tests do not rate-limit
# redefine chaos builtin zones
# can't redefine builtin view '_bind'
view _dnsbench_bind chaos {
recursion no;
notify
Awww...I found messages about version.bind.
On 05/02/14 09:23, Jeremy C. Reed wrote:
On Thu, 1 May 2014, Lawrence K. Chen, P.Eng. wrote:
Does compiling in RRL mean its active, even without a rate-limit {}
control block?
Only for the built-in Chaos _bind view (for id.server, authors.bind
-limit {
exempt-clients { k-state; };
};
where k-state is the same acl used with allow-query {} and allow-recursion {}.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
On 04/01/14 19:49, Lawrence K. Chen, P.Eng. wrote:
Having problems with a particular insecure delegation (most are) from our zone
file, that is only not working for local users (our caching resolvers running
BIND 9.9.4-P2 or 9.9.5)
But, everybody else reports its workingits working
A: can't validate existing
negative responses (no DS)
flushing the cache or restarting doesn't help.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
___
Please
to see what the client counts were. Though another time when
the Procera had stopped passing any traffic, the counts did get really high
before they stopped working.
Need to work on figuring out how to have it resolve local domains when
Internet connection is down.
--
Who: Lawrence K. Chen, P.Eng
. leads to correct work of zone local
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
___
Please visit https
On 03/12/14 06:50, Tony Finch wrote:
Lawrence K. Chen, P.Eng. lkc...@ksu.edu wrote:
If you have FQDN for machines, the problem might be that the domain
isn't set in resolv.conf?
The machines are configured with a bare hostname. If there isn't a search
or domain directive in /etc
behaviour. What can we do to
stop it?
Option 1: put the FQDN in /etc/hostname on each machine.
Option 2: populate /etc/hosts on each machine.
Option 3: slave the root zone on your name servers.
Tony.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
resolver that only responds to localhost) I think there are 8 of these
still in existence. They were to be refreshed or eliminated in the near
future ~5 years ago (I did remove one or two from my pseudo-script to
update bind everywhere, last year...)
--
Who: Lawrence K. Chen, P.Eng
by hand, instead of the normal copy-paste-modify
way I normally do things.
On 02/26/14 09:42, Phil Mayers wrote:
On 26/02/14 14:57, Lawrence K. Chen, P.Eng. wrote:
How can I get an initial transfer of the zone from a stealth master? Or
do I have to wait to get the administrator of the master
to replace them with appliances.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind
.
So now to think of how to add NSEC3 salt changing to my current
automation scripts
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
___
Please visit https
-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
___
Please visit
-forwarded-since-upgrading-to-BIND-9.9.0.html
Though, from 9.9.4 Release Notes, that's probably addressed by this bug fix:
Fix forwarding for forward only zones beneath automatic empty zones.
[RT #34583]
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise
://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST
to be localhost, (or perhaps its sites like these that result
in some sites rejecting such domains?)
What's p3net.net?
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
___
Please
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
On 2013-12-19 14:54, /dev/rob0 wrote:
On Thu, Dec 19, 2013 at 02:48:59PM -0600,
Lawrence K. Chen, P.Eng. wrote:
Got reports that users are unable to send mail to usda.gov
sites using our campus SMTP server (where we have usda.gov
sites on campus.)
The users have said they were able to send
and suggestions first. Specifically, I
suppose that whatever work that is done should be compatible with
the DocBook source and other BIND9-ARM formats.
We'd certainly be glad to have help with it.
hehe, oops, I guess I'm committed now :)
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems
On 2013-11-18 17:57, Lawrence K. Chen, P.Eng. wrote:
On 2013-11-14 17:04, Mark Andrews wrote:
In message
fd9b2cb2b33e394fae3b7466954760571d666...@dfwx10hmptc01.amer.dell.co
M, vinny_abe...@dell.com writes:
Hi Everyone,
I recently had a recursive server running BIND 9.9.4 on FreeBSD 9.2
(nut).
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
to switch to using ports.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
Well, drifting away from bind now
- Original Message -
FWIW, you could also add -4 to ntpd args or use -4 prefix in
ntpd.conf.
I was positive that I had that setbut I see now that somebody had made our
cfengine system force different options on ntpd, which doesn't include
- Original Message -
On Fri, Sep 6, 2013 at 1:32 PM, Lawrence K. Chen, P.Eng.
lkc...@ksu.edu wrote:
So, can I just remove the Revoke line (is there an option in
dnssec-settime to do this?) and have things fixed...
guess dnssec-settime -A none -R none will remove
.key Kk-state.edu.+008+43119.private
Kk-state.edu.+008+52261.key Kk-state.edu.+008+52261.private
The prior ZSK was 43119
None of the Alg 7 keys have these IDs as well.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies
- Original Message -
Lawrence K. Chen, P.Eng. lkc...@ksu.edu wrote:
And, the prior ZSK was 14565
; This is a zone-signing key, keyid 14565, for ksu.edu.
; Created: 2013060109 (Sat Jun 1 04:00:00 2013)
; Publish: 20130601090007 (Sat Jun 1 04:00:07 2013)
; Activate
- Original Message -
On Fri, Sep 6, 2013 at 10:22 AM, Evan Hunt e...@isc.org wrote:
The revoke bit has no defined meaning for a ZSK.
While it's true the revoke bit really has no use for a true ZSK
(i.e., a key where there's another key, a KSK, that is used to
authenticate it),
- Original Message -
So, can I just remove the Revoke line (is there an option in
dnssec-settime to do this?) and have things fixed...
guess dnssec-settime -A none -R none will remove itbut guessing there's
more to fixing my current mess?
--
Who: Lawrence K. Chen, P.Eng
- Original Message -
On 1 August 2013 18:58, Lawrence K. Chen, P.Eng. lkc...@ksu.edu
wrote:
Did I miss something... what does ICMP ping have anything to do
with bind?
Yes, you missed the actual question. The use of the word 'ping' is a
misnomer, what he really meant to say
- Original Message -
Post your*full* config not half of it. How the hell do you expect
people to identify problems unless you give them the neccessary
details.
Do you give you car mechanic only access to the boot when you have
a engine problem?
You said you created
- Original Message -
I think that's what you asked for. In case I misunderstood, here's a
zone entry from the slave's named.conf (this immediately follows the
options block in my first email:
zone example.com {
type slave;
file /var/named/slaves/example.com.db;
masters {
.1 IPs are the addresses of the masters.
On Tue, Jul 30, 2013 at 4:43 PM, Lawrence K. Chen, P.Eng.
lkc...@ksu.edu wrote:
I think that's what you asked for. In case I misunderstood,
here's
a
zone entry from the slave's named.conf (this immediately follows
the
options block
than two external
resources requiring SSL. And, that somebody that knows the cost of incommon
certs has started working for them
9.9.3 also marks the switch to compiling it 64-bit instead of 32-bit for
Solaris.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing and Telecommunications Services
- Original Message -
I have just set up DNSSEC on bind 9.9.3. I had set up the zone and
put a DS record out at the registrar. Several days later I found
that I had set up the keys incorrectly using only NSEC verses NSEC3
so i changed the keys. I deleted the old keys and DS record,
... by year end?
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing and Telecommunications Services (CTS)
Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102
Phone: (785) 532-4916 - Fax
for fbi.gov to
get things fixed.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing and Telecommunications Services (CTS)
Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102
Phone: (785
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing and Telecommunications Services (CTS
the
in-addr.arpa recor
ds instead of ip6.arpa records for mapped addresses. If you only
have a limit
ed range of addresses one could use $generate to add cname records
which map
from ip6.arpa to in-addr.arpa.
Mark
On 09/07/2013, at 8:12, Lawrence K. Chen, P.Eng.
lkc...@ksu.edu
to get people to upgrade from these old forgotten servers.
Is there an easy way for me to provide reverse lookups for those?
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing and Telecommunications
Oops, images were too bighere's links.
- Original Message -
All very interesting, but I'm afraid at my level of expertise on
DNS, I'm
not following. If I'm broken, how do I attempt to fix? Someone
mentioned
that our ns1.starionhost.net was not authoritative. How does one
Message -
192.168.0.101 is in the non-routeable address block
https://en.wikipedia.org/wiki/Private_network
On Sat, Jun 22, 2013 at 2:00 PM, Lawrence K. Chen, P.Eng.
lkc...@ksu.edu wrote:
None of what you've described seems to have anything to do with
bind
://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing and Telecommunications
for everything coming
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing and Telecommunications Services (CTS)
Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102
Phone: (785
://lists.isc.org/mailman/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing and Telecommunications Services (CTS)
Kansas State University, 109 East Stadium, Manhattan, KS 66506
-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing
- Original Message -
Dear All,
I was just thinking whether it is possible to have a some type of
health checking of servers through BIND DNS Server and DNS Server
should replied to clients based on that only.
i.e., Suppose I have two entries of www record for domain xyz.in
is limited to 10.2.4 and we only have LTM.
Though if I did put the BigIP in front, would the DDoS traffic towards the
nameserver VIPs, impact other services on the BigIP?
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST
,
Mike
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing and Telecommunications Services (CTS)
Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102
Phone: (785) 532-4916 - Fax
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server
That's kind of how we do our DR...
I have things scripted so that every update to our zone, results two versions
of the zone file...the master server signs the first one and does its usual
notifies, then the master signs the second and its scp'd to secondaries in
another network.
In the event
- Original Message -
From: Lawrence K. Chen, P.Eng. lkc...@ksu.edu
So does rate limiting cover when the attacker walks my DNS zone to
attack an IP?
that depends on what is meant by rate limiting and walking a DNS
zone.
Simple rate limiting that counts all requests
and the rest are X4100's)
To something all FreeBSD based.
In the meantimeI'm debating the impact of setting minimal responses on my
authoritative-only nameservers. 4 of the Solaris10-x64 servers are my
authorititative only nameservers... and one is my stealth master.
--
Who: Lawrence K. Chen
anything
Anyways...I guess at this point the problem lies with the ADS setup
--
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing and Telecommunications Services (CTS)
Kansas State
at?
Meanwhileif things do start workingthe 'host.foo.example.com' that
started this problem will resolve to a 10.b.c.d address. Which is another
problem I've been trying to quash...
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server
- Original Message -
In our case it would be impossible for the University's public web
presence and the AD domain controllers to be the same machines. It
is
conceivable that we could do some magic in load balancers to divide
traffic appropriately, but I'd rather not do that if I
- Original Message -
On Apr 5, 2013, at 3:48 PM, wbr...@e1b.org wrote:
Incidentally, we have just been asked for an A record for
cam.ac.uk to
duplicate www.cam.ac.uk because, and I quote, all the publicity
material
sent out by the nominator [for an award for the web site]
- Original Message -
From: Lawrence K. Chen, P.Eng. lkc...@ksu.edu
... So, being able to filter out these 'bad' things when responding
queries against that data might be a good thing.
RPZ might be used for such things. However, by design RPZ rewrites
entire responses
- Original Message -
In message 22783305.318587.1364508740276.javamail.r...@k-state.edu,
Lawrence
K. Chen, P.Eng. writes:
Hmmm, I forget just what all I muttered when I upgraded from 9.7 to
9.9.2-P1.
I think the main beef I had was doing it the day before I left
, that were helped by upgrading to bind
9.9 wildcards and DNSSEC :)
Fortunately, I don't have to support dynamic zones on the central serverits
a delegated subdomain.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST
postu.
Save the whales. Collect the whole set.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing and Telecommunications Services (CTS)
Kansas State University, 109 East Stadium, Manhattan, KS 66506
of caching DNS servers with public
IPs.
So, how would I make forwarding not prevent resolution? Or can I get bind to
try both IPs in trying to do queries?
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
/mailman/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing and Telecommunications Services (CTS)
Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102
Phone
-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing and Telecommunications Services (CTS)
Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102
Phone: (785) 532-4916 - Fax
).
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing and Telecommunications Services (CTS)
Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102
Phone: (785) 532-4916 - Fax: (785
:)
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing and Telecommunications Services (CTS)
Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102
Phone: (785) 532-4916 - Fax: (785) 532
going to a longer lifetime KSK.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
Snail: Computing and Telecommunications Services (CTS)
Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102
Phone
that there isn't anything different now in the configurations for
these two DNS servers and the rest of my DNS servers.
So, the only other difference I can think of is, is that these two servers are
in a pool behind our F5.
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems
have to research.
Along with other things I'm wanting to dowonder when the slides from the
DNSSEC presentation at LISA are going to be made availableoh look, they're
out now...
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies
96 matches
Mail list logo