Re: resolving www.ecb.europa.eu tages ages

2022-06-20 Thread Matus UHLAR - fantomas
I believe this is what Borja mentioned: https://lists.isc.org/pipermail/bind-users/2022-June/106338.html https://lists.isc.org/pipermail/bind-users/2022-June/106339.html (thanks). so there are some delegations that SOMETIMES cause long delays in resolution. -- Matus UHLAR - fantomas, uh

resolving www.ecb.europa.eu tages ages

2022-06-17 Thread Matus UHLAR - fantomas
#53(ns3lux.europa.eu) in 15 ms www.ecb.europa.eu. 300 IN CNAME www-ecb-europa-eu.ax4z.com. ;; Received 86 bytes from 156.154.65.109#53(pdns109.ultradns.net) in 11 ms real0m5.117s user0m0.011s sys 0m0.035s -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning

Re: Bind failures following update/reboot w/ 9.18.1

2022-05-14 Thread Matus UHLAR - fantomas
signature found May 12 19:24:06 OpenWrt named[11061]: no valid RRSIG resolving 'com/DS/IN': 66.232.64.10#53 doesn't your ISP block or intercept DNS queries? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address

Re: DNS traffic tracking

2022-05-09 Thread Matus UHLAR - fantomas
700MB of DNS traffic for 2GB of Internet browsing within one month. On 09.05.22 10:47, Petr Špaček wrote: Sounds like either: - Broken caching or, - Random subdomain attack to me. maybe someone uses VPN over DNS... in such case, rate limiting of client comes to mind... -- Matus UHLAR - fantomas

Re: Is anyone here forwarding your bind-users messages to gmail or a google-hosted domain?

2022-04-20 Thread Matus UHLAR - fantomas
st and also got customer ticket with the same problem. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Where do you want to go to die?&q

Re: Access denied Bind9

2022-03-07 Thread Matus UHLAR - fantomas
ranges) However, when i reload rdnc and tail the syslogs all i get is "(.xx.com): query (cache) '.xx.com/A/IN' denied" does your server provide domain xx.com? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail a

Re: Forwarding zone, setup

2022-03-01 Thread Matus UHLAR - fantomas
data (authoritative and / or cache), then it's recursion setting comes into play. If I'm mistaken, please correct me. you are right, forwarding queries requires recursion. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail

Re: copy EDNS options to resolver response

2022-02-19 Thread Matus UHLAR - fantomas
yet do EDE itself, I am hoping for an option in BIND to just blindly copy whatever EDNS options it receives to it's client. no, bind uses edns as it needs, not as client asks it to. communication with clients is independent from communication with servers -- Matus UHLAR - fantomas, uh

Re: Using Wildcards in Subdomain Records

2022-02-17 Thread Matus UHLAR - fantomas
CNAME wildcard.example.com. cc.aa.example.com. CNAME wildcard.example.com. etc. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. LSD will make you

Re: ISC BIND & Windows

2022-02-01 Thread Matus UHLAR - fantomas
in may and june -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Saving Private Ryan... Private Ryan exists. Overwrite? (Y/N) -- Visit https

Re: test - ignore

2022-01-26 Thread Matus UHLAR - fantomas
On 26 Jan 2022, at 17.14, Matus UHLAR - fantomas wrote: Altering the body or headers at all (whch lists do) will often break the hashing. For this reason, most recent versions of mailman have an option to rewrite your mail from: On 26.01.22 17:30, Sten Carlsen wrote: When the dkim is set

Re: test - ignore

2022-01-26 Thread Matus UHLAR - fantomas
one was signed by mailman because of his domains' restrictive policy. I missed this part before. I've argued that it should be possible to do so for *any* dmarc policy, even p=none, but that option is not present in mailman 3, at least. I agree. spam filter is something that can use

Re: zone forwarding

2022-01-17 Thread Matus UHLAR - fantomas
or 5.6.7.8 So my question is: Is it possible to configure what I am trying to do? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu post

Re: Failing DNS Server Diagnostic Help Requested

2022-01-15 Thread Matus UHLAR - fantomas
/IN': 192.33.4.12#53 13-Jan-2022 14:28:09.938 resolver: info: resolver priming query complete So ... could this be Comcast munging about in the DNS traffic? looks like exactly it. Other suggestions of where to look appreciated as well ... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http

Re: DNS cache poisoning - am I safe if I limit recursion to trusted local networks?

2022-01-03 Thread Matus UHLAR - fantomas
g servers. then, you should understand the need for separation of roles well. just the "recursive only" and "authoritative only" have a bit different meaning I tried to explain above. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to r

Re: transfer-source / notify-source warnings if a port is specified

2021-12-29 Thread Matus UHLAR - fantomas
. what's the reason for specifying source port for zone transfers? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. There's a long-standing bug

Re: Strange named freezing

2021-12-27 Thread Matus UHLAR - fantomas
Druba wrote: What can be wrong here? How I can more localize the problem? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 42.7 percent

Re: Millions of './ANY/IN' queries denied

2021-12-16 Thread Matus UHLAR - fantomas
nameservers for root domain information. Note I haven't done anything yet; I'm asking if there _is_ a way to do it presently implemented in Bind. none I know so far. I'd be glad if someone told me there's better way and what it is. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas

Re: insecurity proof failed for a domain

2021-12-14 Thread Matus UHLAR - fantomas
On 13.12.21 08:18, John Thurston wrote: If you update your resolver to 9.16, I think you can do exactly what you want with the "validate-execpt" option. {rolls eyes} been there. done that. for exactly the same reason :/ On 14.12.21 16:58, Matus UHLAR - fantomas wrote: thanks, this

Re: insecurity proof failed for a domain

2021-12-14 Thread Matus UHLAR - fantomas
into validate-except {}. This should not be a problem since .local is reserved. I guess .local should have negative trust anchor in root zone. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie:

insecurity proof failed for a domain

2021-12-13 Thread Matus UHLAR - fantomas
quot;? I have tried to create empty "local" domain but then I only received empty responses for any requests. (I know .local is for mdns, but I can't do anything with that). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail adverti

Re: BIND caching of nxdomain responses

2021-10-23 Thread Matus UHLAR - fantomas
this to happen, and just opting to use the SOA >TTL value (and not the SOA.minimum value if they disagree)? On Fri, Oct 22, 2021 at 10:29 AM Matus UHLAR - fantomas wrote: are you authoritative server for azure.mongodb.net? if not, BIND will use cache time that came from authoritative serv

Re: BIND caching of nxdomain responses

2021-10-22 Thread Matus UHLAR - fantomas
(and not the SOA.minimum value if they disagree)? are you authoritative server for azure.mongodb.net? if not, BIND will use cache time that came from authoritative server adn won't parse the SOA itself. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e

Re: bind9 forwarder query

2021-09-23 Thread Matus UHLAR - fantomas
always, sometime it forward it in round robin way. bind keeps track of servers that responds fastest and periodically rechecks the rest. it's called SRTT algorithm, web search should give some explanations. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish

Re: Getting the name of responding server(s)

2021-09-09 Thread Matus UHLAR - fantomas
is not of any relevance. what exactly is your goal? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. REALITY.SYS corrupted. Press any key to reboot

Re: Does BIND supports ANAME RR

2021-08-09 Thread Matus UHLAR - fantomas
oritative server. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I intend to live forever - so fa

Re: Does BIND supports ANAME RR

2021-08-09 Thread Matus UHLAR - fantomas
t help, and wouldn't need protocol change at all, but the problem above is crucial (what would you do in case of failure? refuse whole zone?) and hence would work for every client/resolver as client/resolver never sees the ANAME but only the A/ record. -- Matus UHLAR - fantomas, uh...@fanto

Re: Odd A record in our hosts zone file

2021-06-25 Thread Matus UHLAR - fantomas
xxx.xxx.52; dhbex1 mail2m IN A xxx.xxx.xxx.54; dhbex2 would be incorrect and server will choose one of those to implement for all RRs (see rfc 2182 section 5.2) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail a

Re: Reverse Lookup / PTR record

2021-06-21 Thread Matus UHLAR - fantomas
, no reverse lookup. if your ISP provides reverse lookup, you don't need reverse zone file at all. Any thoughts are much appreciated. what is your question? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address

Re: Need Help with BIND9

2021-06-15 Thread Matus UHLAR - fantomas
and fails. Most probably it's the "ns1" and "ns2" in zone end with "." which means that current $ORIGIN (apparently keiththewebguy.com) is not appended to them. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-ma

Re: Need Help with BIND9

2021-06-15 Thread Matus UHLAR - fantomas
p!! it's apparently down again. some registrars provide you with their own nameservers that don't go down, why don't you use those? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem

Re: Disable limitation

2021-06-14 Thread Matus UHLAR - fantomas
by default. Is there anything in logs? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 42.7 percent of all statistics are made up o

Re: Need Help with BIND9

2021-06-12 Thread Matus UHLAR - fantomas
eleIJQhn3E/1CGApoSTxJTaw== couldn't get address for 'NS1.KEITHTHEWEBGUY.COM': failure couldn't get address for 'ns2.KEITHTHEWEBGUY.COM': failure dig: couldn't get address for 'NS1.KEITHTHEWEBGUY.COM': no more -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to rece

Re: [UNSOLVED] Re: Strange DNS behaviour

2021-05-09 Thread Matus UHLAR - fantomas
for 'm.root-servers.net': not found None of the root servers can't be found. My root hint file is up to date. Sorry, typed too quickly. Problem stands. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie

Re: How to return REFUSED

2021-05-07 Thread Matus UHLAR - fantomas
On 06.05.21 18:41, Axel Rau wrote: This NS has some other clients in the DMZ LAN, so I need Views. you need multiple views if you are going to provide multiple versions of the same zones, different forwardings for different domains or alike. Not just if you have other clients. -- Matus UHLAR

Re: How to return REFUSED

2021-05-06 Thread Matus UHLAR - fantomas
30(490) (ttl 63, id 11754, len 518) ... exactly because of this reason. Which named version do you run? do you use views? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDO

Re: Need Help With Setting up a Recursive Nameserver

2021-04-30 Thread Matus UHLAR - fantomas
from working correctly? It's most probably the reason. Ask your ISP. Or maybe I have incorrectly configured something? Can anyone help me figure out what exactly is the problem? your ISP probably -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish

Re: NXDOMAIN processing

2021-04-27 Thread Matus UHLAR - fantomas
t to another forwarder. It's not possible. the NXDOMAIN response means that the rquested domain definitely does not exist, so there's no logical need to verify this from another source. maybe if you explained us what you're trying to do, we could give you better advice. -- Matus UHLAR - fant

Re: Name server delegation

2021-04-26 Thread Matus UHLAR - fantomas
ame server ? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Eagles may soar, but weasels don't get sucked into j

Re: Re: Does bind9 support adding acl and view through commands, not by updating config file?

2021-04-15 Thread Matus UHLAR - fantomas
to make this via rndc. You'll have to generate named config per-client. Updating config file frequently may affect other zones in this dns server. I don't understand how/why it should affect other zones. At 2021-04-15 15:08:26, "Matus UHLAR - fantomas" wrote: On 15.04.21 15:35,

Re: Does bind9 support adding acl and view through commands, not by updating config file?

2021-04-15 Thread Matus UHLAR - fantomas
iew". I don't think so, looks a bit too complicated. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Save the whales. C

Re: forwarding zone setup from a BIND slave (without recursion?)

2021-04-07 Thread Matus UHLAR - fantomas
am using is 9.11.2.x. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. It's now safe to throw off your computer. __

Re: Local resolution first and then public resolution for "google.com" domain

2021-03-31 Thread Matus UHLAR - fantomas
forwarding from BIND to public nameservers. El mié, 31 mar 2021 a las 13:48, Matus UHLAR - fantomas () escribió: On 31.03.21 13:07, Roberto Carna wrote: >Dear Matus, maybe I have not understood very well... > >I can setup a master zone as you said: > >zone "www.google

Re: Local resolution first and then public resolution for "google.com" domain

2021-03-31 Thread Matus UHLAR - fantomas
l "if foo.google.com is not present in the google.com private zone, you have to forward the query to another server (public forwarder) in order to be publicly resolved" ??? that above will cover www.google.com and *.www.google.com El mié, 31 mar 2021 a las 12:56, Matus UHLAR - fantomas ()

Re: Local resolution first and then public resolution for "google.com" domain

2021-03-31 Thread Matus UHLAR - fantomas
es, simply define zone zone "www.google.com" { type master; file "..."; }; note that for this kind setup, using dnsmasq with two forwarders and www.google.com overriden through /etc/hosts would be easier solution. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://ww

Re: resolv.conf question / timeout behaviour

2021-03-31 Thread Matus UHLAR - fantomas
explained the reason for the 9000ms so that Oracle and its many processes all come together to resolve the DNS name and they *keep hitting* the first resolver - and "timeout" can't kick in due to parallel requests from different processes, hence the high overall response time. -- Matus UHLAR

Re: Authoritative for one domain, caching for the rest

2021-03-24 Thread Matus UHLAR - fantomas
ost2.foo.lan if entry not present in /etc/bind/db.foo.lan "file" is used in master and slave zones. "forwarders" is used in "type forward" zones. those are mutually-exclusice, so forwarders aren't used for master and slave zones, while "file" is not used for &q

Re: Zone transfer is happening intermittently between slave and master bind

2021-03-17 Thread Matus UHLAR - fantomas
. (there are measures if it's to be wrapped around zero). what is your real problem? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Enter

Re: underscore in A or PTR records

2021-02-17 Thread Matus UHLAR - fantomas
useless here, since you posted this to public mailing list. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Remember half the peo

Re: underscore in A or PTR records

2021-02-17 Thread Matus UHLAR - fantomas
ote sites. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux IS user friendly, it's just selective who its frie

Re: [SOLVED] Re: bind listening on UDP port 53 using 2 fd

2021-01-26 Thread Matus UHLAR - fantomas
El lun, 25 ene 2021 a las 14:33, Matus UHLAR - fantomas () escribió: On 25.01.21 14:05, Bernardo wrote: >Yes. This causes serious problems. > >The problem is that these perfectly valid configuration lines in >/etc/named.conf file (provided that 192.168.10.100 is the IPv4 address of >

Re: [SOLVED] Re: bind listening on UDP port 53 using 2 fd

2021-01-25 Thread Matus UHLAR - fantomas
t; (except loopback, if course), or if that is the primary address of your interface, those defitions are useless, otherwise you should keep them there. El lun, 25 ene 2021 a las 11:13, Matus UHLAR - fantomas () escribió: On 23.01.21 12:44, Bernardo wrote: >Finally I've found the solution

Re: [SOLVED] Re: bind listening on UDP port 53 using 2 fd

2021-01-25 Thread Matus UHLAR - fantomas
-source 192.168.10.100 port 53; this should not cause a problem and may cause troubles when 192.168.10.100 is not the primary address. the "port 53" is usually useless (unless you have stateless firewall) and may be what caused your problem. -- Matus UHLAR - fantomas, uh...@fantomas

Re: Choosing A records based on hosts' load?

2021-01-18 Thread Matus UHLAR - fantomas
for BIND nor for DNS. Due to DNS caching it won't work properly and if you shorten the TTLs, at first DNS issue it will fail globally. Install some load balancers in front of those servers. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail

Re: Getting "query failed (REFUSED) for ./IN/ANY"

2021-01-13 Thread Matus UHLAR - fantomas
ery time: 17 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jan 13 11:01:08 CET 2021 ;; MSG SIZE rcvd: 2272 this way, server will respond with >2KB packet which may flood the destination IP. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to rec

Re: SRV Record Server Availability

2021-01-06 Thread Matus UHLAR - fantomas
cks on it. However, if you go deep into a far more complicated, custom use of BIND, you could set up a process that monitors the availability and changes the SRV record accordingly. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertis

Re: How does query denial actually work?

2020-12-23 Thread Matus UHLAR - fantomas
can filter DNS requests from the internet. I can't figure it out from reading the source code; I haven't so far been able to trace back from where the messages are logged to where (if any) a response packet would be transmitted. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http

Re: Two copies of recent posts

2020-11-26 Thread Matus UHLAR - fantomas
(The one I previously indicated was mx.pao1.isc.org, which is the one and only MX for lists.isc.org.) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu po

Re: Two copies of recent posts

2020-11-23 Thread Matus UHLAR - fantomas
as long: List-Post: <mailto:bind-users@lists.isc.org> in this case, this seems to be OP's fault, when first reply went to bind-us...@isc.org together with bind-users@lists.isc.org and people who replied continued sending to multiple addresses. -- Matus UHLAR - fantomas, uh...@fantomas.sk

Re: Servfail on Bind -9.16.1

2020-11-22 Thread Matus UHLAR - fantomas
> cache hit (com/DS) > lame-servers.log:21-Nov-2020 15:11:18.008 broken trust chain resolving ' > www.facebook.com/A/IN':<http://www.facebook.com/A/IN':> 129.134.31.12#53 it seems to be an error in dnssec. So I suppose that "dig +nodnssec " works. May be &quo

Re: reload but the old value linger

2020-11-21 Thread Matus UHLAR - fantomas
on is thus used only when it has to resolve under ucsf.edu something that is not in cache. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.

Re: NXDOMAIN problems

2020-11-16 Thread Matus UHLAR - fantomas
closest to the other side of VPN tunnel. Usually it's the IP with the default route set. you can often override it in the VPN configuration. Note this is not bind issue. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising

Re: NXDOMAIN problems

2020-11-16 Thread Matus UHLAR - fantomas
cond query is asking for a non-existent domain, and so maybe that is the proximate source of the NXDOMAIN. this could be controlled by option "ndots:1" in resolv.conf, so search list ignored for every hostname with one or more dots ... this is not BIND issue but the stub resolver issue. -- Ma

Re: nested $GENERATE possible?

2020-11-16 Thread Matus UHLAR - fantomas
On 12.11.20 15:32, Matus UHLAR - fantomas wrote: is it possible to nest $GENERATE directives? I have to create DNS for /16 subnet... so I assume it's not possible. just wanted to be sure... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e

nested $GENERATE possible?

2020-11-12 Thread Matus UHLAR - fantomas
Hello, is it possible to nest $GENERATE directives? I have to create DNS for /16 subnet... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu

Re: Malformed transaction errors

2020-10-19 Thread Matus UHLAR - fantomas
rimary on on machine and a secondary server on a separate machine. Errors are on the primary server.) what's the primary server? maybe broken DNS implementation -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Var

Re: forwarders used in order or based on RTT ?

2020-10-16 Thread Matus UHLAR - fantomas
selected based on an RTT(round-trip-time)-based algorithm" So which is correct? both are. The ARM does not say they are queried in defined order. The order is defined by RTT And did it change at some point? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I w

Re: How to compute db.192.168.x names from network addresses ?

2020-10-01 Thread Matus UHLAR - fantomas
verlooked something ? it's just a file name. You can use "myrevzone" as long, but using db.192.168.42 is much more explanatory. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adres

Re: different TTLs for multiple TXT records

2020-09-26 Thread Matus UHLAR - fantomas
means it's not there. This is not just documented standard - doing it differently would make DNS unreliable. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek rekl

Re: It is too hard for me to read from this mailing list

2020-09-22 Thread Matus UHLAR - fantomas
in one email. Let the reader focus on one subject. I am using Thunderbird to read the emails. Should I use something else to read it? Any suggestions are welcome. This is my feeling. But, maybe you are happy with it. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning

Re: "forward first" set on a master zone not working as expected

2020-09-03 Thread Matus UHLAR - fantomas
DOMAIN note that nslookup is very bad program for tracking DNS errors. use "host" or "dig" for that case. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chc

Re: VS: CNAME / TXT

2020-08-24 Thread Matus UHLAR - fantomas
tware with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish N

Re: Error "Query section mismatch : got"

2020-08-21 Thread Matus UHLAR - fantomas
ried to query directly to the hosting that managed it to determine the cause. your query of course makes sense under there curcumstances. But delegating /24 subnet using RFC2317 delegation is useless, because in fact you can delegate whole /24 directly >> On Wed, Aug 19, 2020 at 7:42 AM Mat

Re: Error "Query section mismatch : got"

2020-08-19 Thread Matus UHLAR - fantomas
On 20 Aug 2020, at 00:41, Matus UHLAR - fantomas wrote: On Wed, Aug 19, 2020 at 7:42 AM Matus UHLAR - fantomas wrote: again, why you query for 250.0-24.199.212.125.in-addr.arpa under normal circumstances there's no point of querying that name. On 19.08.20 10:05, tale via bind-users wrote

Re: Error "Query section mismatch : got"

2020-08-19 Thread Matus UHLAR - fantomas
On Wed, Aug 19, 2020 at 7:42 AM Matus UHLAR - fantomas wrote: again, why you query for 250.0-24.199.212.125.in-addr.arpa under normal circumstances there's no point of querying that name. On 19.08.20 10:05, tale via bind-users wrote: Well yes and no. While an individual user would

Re: Error "Query section mismatch : got"

2020-08-19 Thread Matus UHLAR - fantomas
ey should not block it. again, why you query for 250.0-24.199.212.125.in-addr.arpa ? under normal circumstances there's no point of querying that name. there -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this addre

Re: CNAME restrictions

2020-08-04 Thread Matus UHLAR - fantomas
*.datavoiceint.com will cover .datavoiceint.com but not anything under it. you will have to strip the part or get other certificate. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem

Re: issue of Amplification attack

2020-07-12 Thread Matus UHLAR - fantomas
: https://lists.isc.org/pipermail/bind-users/2020-July/103389.html I find it more readable. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. (R

Re: [Non-DoD Source] Re: [DoD Source -- ssshhhh Top Secret] Re: Dumb Question is an A or AAAA record required?

2020-07-10 Thread Matus UHLAR - fantomas
was whether the A record is needed at zone apex. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The only substitute for good manners

Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Matus UHLAR - fantomas
y returned NODATA for MX record (effectively saying there's no MX). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam = (S)tupid (P)eople's (A)

Re: [Non-DoD Source] Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Matus UHLAR - fantomas
pretty sure this is *technically* allowed, but is it really OK to do or are there reasons not to do this?) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek

Re: your mail

2020-06-28 Thread Matus UHLAR - fantomas
elf, so it really only matters if 1.1.1.1 is not accessible from internet. }; So, in this configuration, the abc.com will be forward to 8.8.8.8 or 1.1.1.1? the latter. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this addr

Re: Question about Recommended stress test tools for bind.

2020-06-26 Thread Matus UHLAR - fantomas
that xml statistics are better than rndc stads, I admin that they are kind fo better solution, however, I haven't found anything better for cacti, that could process those than what we currently have: https://docs.cacti.net/usertemplate:host:bind9.7 snmp support would be great. -- Matus UHLAR

Re: Recursive Client Rate limiting in BIND applicable in forward mode

2020-06-19 Thread Matus UHLAR - fantomas
you mean client request _rate_ is too large? 2. why forward to 8.8.8.8 ? BIND can resolve by itself, it does not to forward to 8.8.8.8 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu

Re: VS: A And Cname-record

2020-06-18 Thread Matus UHLAR - fantomas
can be used without checking with an authoritative server for other RR types. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fighting for p

Re: Fwd: DNS Misconfiguration on- http://cyberia.net.sa/

2020-06-05 Thread Matus UHLAR - fantomas
hreaded>* *Find attached POC Video. * *Dear Team Waiting for your response and I want bounty(money) with an Appreciation letter for my work and effort which I have given for * *Thanks in advance * *Ejaz * -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NO

Re: Upgrade from 9.14 to 9.16 - transfer-source with low source port no longer works.

2020-05-26 Thread Matus UHLAR - fantomas
-forgery-resilience-05 I guess source port 53 was meant long ago to avoid DNS from being firewalled. However nowadays it's long time obsolete and unsecure. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie

Re: oddity with trubuiltpambula.com.au

2020-04-19 Thread Matus UHLAR - fantomas
to themselves, so why the different names? it's common when registrar is not the same as DNS master. better contact either to fix that While it may work, it can also cause unexpected problems. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail

Re: bind 9.11.2 - domain and subdomain with one zone does not work

2020-04-03 Thread Matus UHLAR - fantomas
On 03.04.20 14:20, David Alexandre M. de Carvalho wrote: Where can I find about alternatives to point 2? I have a windows subdomain configured in that way, never realized there was a better way. On 03.04.20 16:35, Matus UHLAR - fantomas wrote: if you want to have subdomain with different set

Re: bind 9.11.2 - domain and subdomain with one zone does not work

2020-04-03 Thread Matus UHLAR - fantomas
s a valid option and it worked in small scale on the testsystem, so we decieded to go this way. If this needs to be changed, I need a reason besides of 'that is this way more easy', because these zones get generated from an automated system and I need an argument to get a permission for a change request.

Re: bind 9.11.2 - domain and subdomain with one zone does not work

2020-04-03 Thread Matus UHLAR - fantomas
an automated system and I need an argument to get a permission for a change request. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu

Re: How to get random subset of large rrset (30+ IPs for round robin)?

2020-03-21 Thread Matus UHLAR - fantomas
list, but this sounds like an almost >perfect example of PowerDNS's LUA record type (or something with >CoreDNS) >Other than that, the only thing I can think of is BIND with DLZ and a >database that returns a random subset from a DB query, but that sounds >awful... On Fri, Mar 20, 2

Re: How to get random subset of large rrset (30+ IPs for round robin)?

2020-03-20 Thread Matus UHLAR - fantomas
. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully

Re: how can we restart bind-9.14.11

2020-03-16 Thread Matus UHLAR - fantomas
install from tar file, you must maintain it yourself (fix security bugs etc). I recommend installing from distro. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT

Re: Fwd: Re: recursive resolver

2020-03-12 Thread Matus UHLAR - fantomas
< shubhamgo...@cdac.in <mailto:shubhamgo...@cdac.in> > wrote: Dear sir, how can we improve my DNS Recursive resolver speed. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to

Re: bind as "reverse-proxy"

2020-02-26 Thread Matus UHLAR - fantomas
authoritative server, or you have not. What is the point of your request? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Where do you want

Re: Unable to completely transfer root zone

2020-02-14 Thread Matus UHLAR - fantomas
Matus UHLAR - fantomas wrote: If you use cisco routers, ask network admins to disable any DNS "fixup" functionality, because that usually causes problems. On 14.02.20 12:47, Tony Finch wrote: In my experience all Cisco PIX/ASA fuxup options are horribly broken and should be turne

Re: Unable to completely transfer root zone

2020-02-14 Thread Matus UHLAR - fantomas
internet? one bind is superflous there, isdn't it? The error above occurred on the forwarding bind in the proxy dmz. so the problem firewall is between "forwarding bind" and "internet bind" -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wi

Re: Weird behaviour in wildcard CNAME - is this feature or bug? Can it be changed?

2020-02-11 Thread Matus UHLAR - fantomas
empty domain payis.prod.app.pcp.cn.prod, and since it exists (although empty), the *.prod.app.pcp.cn.prod does not apply to payis.prod.app.pcp.cn.prod nor to any subdomain under it. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail

Re: Getting all IP adresses for a domain name

2020-01-29 Thread Matus UHLAR - fantomas
nd to send different IPs for different clients, often just the one that is tropologically closest to the client. Unfortunately, such CDNs don't provide all possible addresses so I guess you are unlucky here. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to

  1   2   3   4   5   6   7   8   9   >