Re: Question abut reserv zone
Good morning, Am 2018-02-13 hackte Mark Andrews in die Tasten: > ISPâs are only scared of it because people may add â.sucksâ as > the name in the > PTR record. ROTFL! > Mark Have a nice day -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Minimum TTL?
Hello Harald, Am 2018-02-08 hackte Reindl Harald in die Tasten: > you miss the topic > > many DNSBL's have a very short TTL and at the same time a limit of > queries froma single IP until you need to pay for the service > > so if you have a inbound MX and the RBL has 2 seconds TTL and a botnet > is trying to deliver spam to you override the 2 scodn TTL with 90 > seconds or whatever makes sense reduces the total amount of DNS requests > dramatically Sounds logic. And this feature was rejected by the Bind Developers? -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Minimum TTL?
Thankyou for clarification... Am DATE hackte AUTHOR in die Tasten: Karol Augustin > On 2018-02-08 10:10, Michelle Konzack wrote: >> Hi, >> >> Am 2018-02-08 hackte LuKreme in die Tasten: >>> Is it possible to tell bind to ignore very short TTLs and enforce >>> a...say... 5 second minimum TTL? >> >> VERY SHORT TTL? >> >> 5 sec minimum? >> >> What Du you mean with ignoring? >> It is you YOU have to configure Bind9 correctly to longer TTLs. >> >> If the NS Entry is not a Dyn-DNS entry, >> it should have anyway at least 3600 seconds. >> > This situation is relevant if bind is acting as recursive DNS server and > upstream record has very short TTL. In that case the record is not kept > cached for longer than 5 seconds and it might be not optimal if this > record is looked up frequently. Some recursive servers have an option to > set minimum TTL and thus overwrite upstream TTL for such records with > some minimal value (like 90s for example). > > It has nothing to do with the authoritative mode when yo set up TTL for > zones locally hosted. > > > k. -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Minimum TTL?
Hi, Am 2018-02-08 hackte LuKreme in die Tasten: > Is it possible to tell bind to ignore very short TTLs and enforce > a...say... 5 second minimum TTL? VERY SHORT TTL? 5 sec minimum? What Du you mean with ignoring? It is you YOU have to configure Bind9 correctly to longer TTLs. If the NS Entry is not a Dyn-DNS entry, it should have anyway at least 3600 seconds. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: disable dnssec for particular domain
Thankyou, Am 2018-02-08 hackte Warren Kumari in die Tasten: > On Wed, Feb 7, 2018 at 7:41 AM, Tony Finch <d...@dotat.at> wrote: >> Michelle Konzack <linux4miche...@tamay-dogan.net> wrote: >> >>> If someone is interested making a slave for me, I can do >>> the same with him/her/whatelse. >> >> I'm cheap, so for my personal domains I use free secondaries from >> https://puck.nether.net/dns/ and https://admin.gratisdns.com/ > > Not adding anything relevant to the thread (shocking, I know!), but a > number of us use puck --- and I wanted to give a quick shout-out to > Jared Mauch for providing this to the community. > > W True, I have my own NS since 2007 and hav slaved a bunch of zones. Funny, my dedicated has a traffic allowance of 1 TByte (!) which I have including System Upgrades arround 200 MByte only. Now I got a Slave in London and a second in the USA. Thanks in advance -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: disable dnssec for particular domain
Guten Abend, Am 2018-02-07 hackte Reindl Harald in die Tasten: > Am 07.02.2018 um 18:38 schrieb Matus UHLAR - fantomas: >> neither is possible for now. as I said, neither our customer not >> itsupstream does maintain the domain. > > i will point at that case when someone asks why i insist of be registrar > as well as dns-provider for anything i have to deal with it - to avoid > that someone is repsonsible for something but without responsibility aka > not reachable nor cooperative 1+ Thanks in advance -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: disable dnssec for particular domain
Ahoi Matus, Am 2018-02-07 hackte Matus UHLAR - fantomas in die Tasten: > yes. even web whois shows no 'nameserver' information. > > the name is "testa.eu". Oi, the owner is the European Commission! It seems, they have the privileg, not to attribute Name Server to the domain. A normal registrant has not the right to do this! > I'm not good at dnssec to find out more. > > thanks you And it becomes even more worse. Now ICANN and others request, that a Domain has not only TWO Name Server but instead MINIMUM THREE! Time to get my server in Tallinn running to get my back. Note: If someone is interested making a slave for me, I can do the same with him/her/whatelse. My is located in Nürnberg/Germany and a dedicated machine. is the same as my . I will change in the future the servers to the domain to make things shorter! will be located in Tallinn/Estonia I would prefer a NS-Slave in Paris/France and/or in the USA Thanks in advance -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: disable dnssec for particular domain
Am DATE hackte AUTHOR in die Tasten: Ray Bellis > Perhaps, although I'm not sure why given that .eu is signed with NSEC3 > and opt-out.> On 06/02/2018 16:31, Matus UHLAR - fantomas wrote: > >> what's the difference, when the domain doesn't exist? >> >> is it because .eu is signed? > > Are you *sure* that the domain doesn't now actually exist in the DNS? Can it be, that when they have registered the domain and entered no DNS in the form, so that the registrar has assigned the obligatory 3 NS? > Ray Thanks in advance -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: disable dnssec for particular domain
Hello Matus, Am 2018-02-06 hackte Matus UHLAR - fantomas in die Tasten: >>Am 2018-02-06 hackte Matus UHLAR - fantomas in die Tasten: >>> our customer uses a domain that is registered, but hidden >>> (doesn't exist in DNS). > > On 06.02.18 18:24, Michelle Konzack wrote: >>I hope you know what are you doing, because the DNS MUST exist! >>Please read the general conditions for the EU Domain Registry! > > if the domain gets delisted, it's their problem. > for now it exists in internal network. OK, however, the .eu Registry is very picky... I know several domains which where registered trough WHOIS annonymiser and the .eu Registry has unregistered them. I have several .eu Domains on my name in behalf of my customers which was the only possibility for the customers not being known in public, but is officially not legal... Maybe you should inform your customers about it. But what about puting example.eu www.example.eu into the DNS and then use another hostname or a subdomain for the communication? To prevent, beeing captured/spidered by some bots, I use at my ISP per server only one IP and associate it with a fqdn like and the bots can get the server ony by IP which default to a big middle-finger. The realdomain is a CNAME to the FQDN of the server and can not more be found. If you now use a random TLD with nice SLD and have this in your "private" NS, nobody will get the domain and spider it against your will. I have this setup now which a buch of domains and since last year, I got now access I do not like... > don't ask me, it's the customer... Hmmm. > what's the difference, when the domain doesn't exist? You can avoid anything and can do everything of you manage your own NS > is it because .eu is signed? Yes. Thanks in advance -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: disable dnssec for particular domain
Good evening, Am 2018-02-06 hackte Matus UHLAR - fantomas in die Tasten: > Hello, > > our customer uses a domain that is registered, but hidden > (doesn't exist in DNS). I hope you know what are you doing, because the DNS MUST exist! Please read the general conditions for the EU Domain Registry! > The domain is used by multiple organizations and we are required to > forward > lookups for the domain to foreign internal servers. WHY register an .eu Domain at all? If it is for internal use, setup your bind9 to serv the TLD .uhlar and config all your clients to use your bin9 as there NS. I do this with a bunch of TLDs which are only known to me and not a singel bot is aware of it... > The problem is, that parent domain (.eu) indicates that the domain is to > be > signed and since default bind installation validates DNSSEC, lookups are > refused: Forget about this and use your own private TLD Thanks in advance -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Something is trying to update one of my domains...
Hello Grant, On 2017-12-23 23:32:16 Grant Taylor via bind-users hacked into the keyboard: > On 12/23/2017 11:07 PM, Michelle Konzack wrote: > >I have just discovered several entries of > > > >Dec 24 06:26:49 dns1 named[16591]: update-security: error: client > >+37.157.109.77#2936: update 'tdnet.eu/IN' denied > > > >Which is realy bizzar, because this is the 4G/LTE IP of my > >ThinkPad T400 with Windows 7 Home Edition installed... > > Does Windows think it's FQDN is .tdnet.eu? I do not know. The last three Windows versions I was using where NT 3.51, NT 4.0 and WfW 3.11. I have absolutely no clue how Windows today is working. The only thing is that Windows has cost me thos month 40€ of GSM traffic which I was not aware of it. Windows downloaded without any intervention 12 GByte. and also it does not accept the providd Registration Key (My ThinkPad T400 is a refurbished one and has an OEM version of Windows 7 for refurbished Computers which is written on the M$ sticker). > >Can someone give me a hint what is trying to update my > > and only this one? > > It sounds like it's trying to do a Dynamic DNS update to the MNAME > server listed in the SOA record, namely dns1.tamay-dogan.net. Aha, the question is: How has Windows 7 choosen tdnet.eu? OK, the Compaq CQ58 (Debian GNU/Linux) has a local DNS which know, the IP Address <192.168.0.202> (my Lenovo ThinkPad T400) has the name while the broken Compaq CQ58 has <192.168.0.201> and . <192.168.0.1> it the ZyXel LTE3311. So, if Windows 7 know about too, it sucks, if it want to to update an already given DN. > >In the logfiles I do not find more infos. > > Run a packet sniffer on your ThinkPad and see what it's trying to > do. If it is what I think it is, you can probably cause it to > attempt to happen by restarting the NetLogon and / or Workstation > service. > > Note: This is one of the reasons to use a sub-domain for office > networks, particularly with Windows machines. Exact. Once my Farm-House (I have a Bio Farm in Estonia) is complete, the local Network get the subdomain where I also have an 24/7 running intranet server with bind9 I know this problems since MANY years. Thanks for your Help and Mery X-Mas -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Something is trying to update one of my domains...
I have just discovered several entries of Dec 24 06:26:49 dns1 named[16591]: update-security: error: client +37.157.109.77#2936: update 'tdnet.eu/IN' denied Which is realy bizzar, because this is the 4G/LTE IP of my ThinkPad T400 with Windows 7 Home Edition installed... Can someone give me a hint what is trying to update myand only this one? In the logfiles I do not find more infos. -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Zone give from one second to another error...
Hello Harald, On 2017-12-24 06:26:03 Reindl Harald hacked into the keyboard: > https://intodns.com/24v-technic.info This site is realy cool! However... > Nameserver records returned by the parent servers are: > dns3.tamay-dogan.net. ['78.47.247.21'] (NO GLUE) [TTL=86400] > dns2.tamay-dogan.net. ['217.147.94.23'] (NO GLUE) [TTL=86400] > dns1.tamay-dogan.net. ['78.47.104.44'] (NO GLUE) [TTL=86400] ...can you explain me the thing with the GLUE? I do not understand this. How to GLUE someting? Note: will be removed soon, as I migrate my servers to Estonia and will be reenabled as which is much shorter. I have only to convince my Registrar, that I need more then three DNS in the setup (this is currently a technical limitation @ISP). Also 2 additional MX will be re-added... Unfortunately I have not gotten bind9 running with PostgreSQL yet which is realy annoying. Thanks -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Zone give from one second to another error..
Good evening, I was just working on a Website when from one second to anoter the site went offline... Apache2 is running and has no problems, but it seems bind9 has a problem because: [ c 'dig www.24v-technic.info' ]-- ; <<>> DiG 9.9.5-4~bpo70+1-Debian <<>> www.24v-technic.info ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48792 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 6 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.24v-technic.info. IN A ;; AUTHORITY SECTION: 24v-technic.info. 64208 IN NS dns2.tamay-dogan.net. 24v-technic.info. 64208 IN NS dns1.tamay-dogan.net. 24v-technic.info. 64208 IN NS dns3.tamay-dogan.net. ;; ADDITIONAL SECTION: dns1.tamay-dogan.net. 3600IN A 78.47.104.44 dns1.tamay-dogan.net. 3600IN 2a01:4f8:d13:c83::2 dns2.tamay-dogan.net. 3600IN A 217.147.94.23 dns3.tamay-dogan.net. 3600IN A 78.47.247.21 dns3.tamay-dogan.net. 3600IN 2a01:4f8:d12:1300::2 ;; Query time: 98 msec ;; SERVER: 78.47.247.21#53(78.47.247.21) ;; WHEN: Sun Dec 24 01:09:02 EET 2017 ;; MSG SIZE rcvd: 225 -- [ c 'named-checkzone 24v-technic.info info.24v-technic.zone' ] info.24v-technic.zone:3: using RFC1035 TTL semantics zone 24v-technic.info/IN: 24v-technic.info/MX 'mail.tamay-dogan.net' (out of zone) has no addresses records (A or ) zone 24v-technic.info/IN: loaded serial 1514070069 OK -- Ehm??? -- How can this be? The server is working since years! And this looks right too: [ '/etc/bind/master/info/24v-technic/info.24v-technic.zone' ]--- @ 3600IN SOA dns1.tamay-dogan.net. hostmaster.tamay-dogan.net. ( 1514070069 14400 3600 604800 86400 ) IN NS dns1.tamay-dogan.net. IN NS dns2.tamay-dogan.net. IN NS dns3.tamay-dogan.net. IN MX 10 mail.tamay-dogan.net. IN TXT "v=spf1 a mx ~all" www.24v-technic.info. IN CNAMEmail.tamay-dogan.net. lists.24v-technic.info. IN CNAMEmail.tamay-dogan.net. $include /etc/bind/master/info/24v-technic/K24v-technic.info.+005+58908.key $include /etc/bind/master/info/24v-technic/K24v-technic.info.+005+11542.key I have just added the listserver. [ c 'named-checkzone tamay-dogan.net net.tamay-dogan.zone' ] net.tamay-dogan.zone:3: using RFC1035 TTL semantics zone tamay-dogan.net/IN: loaded serial 1514070070 OK ANd this is correct too: [ '/etc/bind/master/net/tamay-dogan/net.tamay-dogan.zone' ]- @ 3600IN SOA dns1.tamay-dogan.net. hostmaster.tamay-dogan.net. ( 1514070070 14400 3600 604800 86400 ) IN NS dns1.tamay-dogan.net. IN NS dns2.tamay-dogan.net. IN NS dns3.tamay-dogan.net. IN MX 10 mail.tamay-dogan.net. tamay-dogan.net.IN TXT "v=spf1 a mx ~all" mail.tamay-dogan.net. IN A78.47.247.21 mail.tamay-dogan.net. IN 2a01:4f8:d12:1300::2 dns1.tamay-dogan.net. IN A78.47.104.44 dns1.tamay-dogan.net. IN 2a01:4f8:d13:c83::2 dns2.tamay-dogan.net. IN A217.147.94.23 dns3.tamay-dogan.net. IN A78.47.247.21 dns3.tamay-dogan.net. IN 2a01:4f8:d12:1300::2 So, why does it complain about a missin A or record? Thanks in avance Michelle ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Creating a blackhole zone...
Hello *, I try to blackhole several 1000 domains and try to redirect them to the host I have following files: [ /etc/bind/blackhole.zones ]--- @ 86400 IN SOA dns1.tamay-dogan.net. hostmaster.tamay-dogan.net. ( 1514061768 86400 86400 2419200 86400 ) IN NS dns1.tamay-dogan.net. IN CNAMEblock.itsystems.tamay-dogan.net. * IN CNAMEblock.itsystems.tamay-dogan.net. [ /etc/bind/blackhole.domains ]- zone "microsoft.com" { type master; file "/etc/bind/blackhole.zones"; }; [ c 'named-checkzone microsoft.com /etc/bind/blackhole.zones' ]- named-checkzone microsoft.com blackhole.zones blackhole.zones:3: using RFC1035 TTL semantics dns_master_load: blackhole.zones:5: microsoft.com: CNAME and other data dns_master_load: blackhole.zones:5: microsoft.com: CNAME and other data zone microsoft.com/IN: loading from master file blackhole.zones failed: CNAME and other data zone microsoft.com/IN: not loaded due to errors. What have I overseen here? Thanks in avance and Merry X-Mas Michelle ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Zone give from one second to another error...
On 2017-12-23 20:39:21 Grant Taylor via bind-users hacked into the keyboard: > On 12/23/2017 08:22 PM, Michelle Konzack wrote: > > So, whats going on here? > > I get timeouts while trying to talk to dns2.tamay-dogan.net. and > dns1.tamay-dogan.net returns a SERVFAIL when I query for the SOA of > tamay-dogan.net. > > I don't see dns3.tamay-dogan.net listed in the ADDITIONAL SECTION when > querying the the gtld root servers. - I'm guessing that > dns3.tamay-dogan.net doesn't have glue records. > > > Any suggestions? > > Check dns1.tamay-dogan.net and dns2.tamay-dogan.net. I think they are > the current primary source of your trouble. After fixing that, check > out dns3.tamay-dogan.net's glue records. Now I have removed a third time the jourmal files and oh wonder, it seems to work again. How can it be, that 3 journals out of sync can block more then 2000 domains? It seems to me like a design error! -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Zone give from one second to another error...
Good evening Grant, On 2017-12-23 20:39:21 Grant Taylor via bind-users hacked into the keyboard: > On 12/23/2017 08:22 PM, Michelle Konzack wrote: > > So, whats going on here? > > I get timeouts while trying to talk to dns2.tamay-dogan.net. and > dns1.tamay-dogan.net returns a SERVFAIL when I query for the SOA of > tamay-dogan.net. is offline since some years already. is the primary NS... > I don't see dns3.tamay-dogan.net listed in the ADDITIONAL SECTION when > querying the the gtld root servers. - I'm guessing that > dns3.tamay-dogan.net doesn't have glue records. ...and is hostet on and normaly used only local. > > Any suggestions? > > Check dns1.tamay-dogan.net and dns2.tamay-dogan.net. I think they are > the current primary source of your trouble. After fixing that, check > out dns3.tamay-dogan.net's glue records. The weird thing is, it was working for the last 10 years! I know, it must be a problem with bust I search noch sinde nearly 6 hours and do not find a singel indice what could happen. And even more worse, because I am currently under Windows 7 because the screen of my Compaq Laptop (GNU/Linux) went off... have to accessall the tools trough Putty and WindSCP, which is a real mess! However, Linux is simply working even without local screen! ;-) Hmmm, maybe I remove temporary all zones except and see, what happen. Have a nice day. -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Zone give from one second to another error...
Good morning, I am searching now sind more then 4 hours and do not find the error, or to be more precise, I do not even know what happen... I was arround midnight editing my website https://www.24v-technic.info/ when the site stoped working. So I checked this and I discovered, that after 43 days uptime the server was hard rebooted. and now, some of my domains are not more working. The biggest problem is now the use of GMail to solv this problem! GRMPF! [ c 'dig www.24v-technic.info' ] ; <<>> DiG 9.9.5-4~bpo70+1-Debian <<>> www.24v-technic.info ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 52657 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.24v-technic.info. IN A ;; Query time: 109 msec ;; SERVER: 78.47.104.44#53(78.47.104.44) ;; WHEN: Sun Dec 24 05:05:44 EET 2017 ;; MSG SIZE rcvd: 49 There is something gone, but my say [ c '' ]-- @ 3600IN SOA dns1.tamay-dogan.net. hostmaster.tamay-dogan.net. ( 1514083014 14400 3600 604800 86400 ) IN NS dns1.tamay-dogan.net. IN NS dns2.tamay-dogan.net. IN NS dns3.tamay-dogan.net. IN MX 10 mail.tamay-dogan.net. IN TXT "v=spf1 a mx ~all" www.24v-technic.info. IN A78.47.247.21 lists.24v-technic.info. IN CNAMEmail.tamay-dogan.net. $include /etc/bind/master/info/24v-technic/K24v-technic.info.+005+43431.key $include /etc/bind/master/info/24v-technic/K24v-technic.info.+005+08143.key This is all correct, but now I have done this: [ c 'ssh dns1.tamay-dogan.net "named-checkzone 24v-technic.info /etc/bind/master/info/24v-technic/info.24v-technic.zone"' ]-- /etc/bind/master/info/24v-technic/info.24v-technic.zone:3: using RFC1035 TTL semantics zone 24v-technic.info/IN: 24v-technic.info/MX 'mail.tamay-dogan.net' (out of zone) has no addresses records (A or ) zone 24v-technic.info/IN: loaded serial 1514083014 OK WTF? -- My mail server got lost? [ c 'ssh dns1.tamay-dogan.net "named-checkzone tamay-dogan.net /etc/bind/master/net/tamay-dogan/net.tamay-dogan.zone"' ]-- /etc/bind/master/net/tamay-dogan/net.tamay-dogan.zone:3: using RFC1035 TTL semantics zone tamay-dogan.net/IN: loaded serial 1514083014 OK Oi, seems to be OK. Lets check the zone: [ c 'ssh dns1.tamay-dogan.net "cat /etc/bind/master/net/tamay-dogan/net.tamay-dogan.zone"' ]-- @ 3600IN SOA dns1.tamay-dogan.net. hostmaster.tamay-dogan.net. ( 1514083014 14400 3600 604800 86400 ) IN NS dns1.tamay-dogan.net. IN NS dns2.tamay-dogan.net. IN NS dns3.tamay-dogan.net. IN MX 10 mail.tamay-dogan.net. tamay-dogan.net.IN TXT "v=spf1 a mx ~all" mail.tamay-dogan.net. IN A78.47.247.21 mail.tamay-dogan.net. IN 2a01:4f8:d12:1300::2 webmail.tamay-dogan.net.IN CNAMEmail.tamay-dogan.net. dns1.tamay-dogan.net. IN A78.47.104.44 dns2.tamay-dogan.net. IN A217.147.94.23 dns3.tamay-dogan.net. IN A78.47.247.21 vserver04.tamay-dogan.net. IN A217.147.94.23 www.tamay-dogan.net.IN CNAMEmail.tamay-dogan.net. $include /etc/bind/master/net/tamay-dogan/Ktamay-dogan.net.+005+58608.key $include /etc/bind/master/net/tamay-dogan/Ktamay-dogan.net.+005+16654.key Seems to be ok. So, whats going on here? Any suggestions? I have checked all files and the sha512 for all where correct, so files where not altered when the server rebooted unexpected. Thanks in avance -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Problem with Zones (recursion?)
Good day, I have created a file [ /etc/bind/db.block ]-- @ 86400 IN SOA dns1.. hostmaster.. ( a b c d e ) IN NSdns1.. * IN CNAME block.. [ /etc/bind/named.conf.block ]-- zone "101com.com" {type master; notify no; file "/etc/bind/db.block"; }; zone "101order.com" {type master; notify no; file "/etc/bind/db.block"; }; Since is my own server, I have it prepend in my dhclient.conf of my Laptop but if I now querry [ command 'nslookup 101com.com' ]--- ;; Got recursion not availlable from 7847104.44, trying next server Server: 192.168.43.1 Address:192.168.43.1#53 Non-authoritative answer: Name: 101com.com Address: 66.77.93.51 [ command 'named-checkzone 101com.com db.block' ]--- db.block:3: using RFC1035 TTL semantics zone 101com.com/IN: loaded serial 1508068518 OK What I am missing here? It should point to the server block. Thanks in avance -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400 signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind9 and PostgreSQL
Sorry for the PM... Hello Petr, thankyou for your fast answer. I am a little bit outdated, because I was since 2012 more or less Off-Line and have to recover! :-/ On 2017-02-01 05:47:42 Petr Mensik hacked into the keyboard: > Hello Michelle, > > There is some documentation on > http://bind-dlz.sourceforge.net/postgresql_driver.html. It seems old, > but DLZ driver did not get major changes in last years. There is also > example at http://bind-dlz.sourceforge.net/postgresql_example.html. Of > course there is source code in bind source package in > contrib/dlz/drivers/dlz_postgres_driver.c. Is that all you need? > > I have to say I have never used DLZ myself, this is what I just > googled. I will give it a try. Thanks in avance - End forwarded message - -- Michelle KonzackITSystems GNU/Linux Developer 0033-6-61925193 signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind9 and PostgreSQL
Hello *, I wan to move back to Bind9 with DLZ and PostgreSQL support, but I need the infos for Debian 7 (Wheeze). However, I find only instructions for LDAP support and MySQL, which do not work for me. Is there a HowTo how to do this? Thanks in avance -- Michelle KonzackITSystems GNU/Linux Developer 0033-6-61925193 signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How to get the CNAME for a domain?
Hello experts, I do not want to querry the world, but only my own Name Server for CNAME configured (or not). Currently I am updating my web administration interface and I have lost over the time a script, which queried my Name Server for CNAMES. E.g. if I have a physical server I like to know, which CNAMEs (on MY Name Server) pointing to it as www.electronica.tamay-dogan.netIN CNAMEvserver04.tamay-dogan.net OK, I can grep the whole /etc/bind/master/ directory, but since my Name Server is responsable for several 1000 (sub)domains, the execution of the script takes ages! [tdgetincname]-- #!/bin/bash VSERVER="$1" LIST=`cd /etc/bind/master/ && find -type f |grep -v -E "(.conf|.signed|.private|.key)$" |sed 's|^\./||' |sort` for FILE in ${LIST} do RET=`cd /etc/bind/master/ && grep -E "IN CNAME.*${VSERVER}" ${FILE} |sed "s|\.[ \t]*IN CNAME.*||"` if [ -n "${RET}" ] then echo "${RET}" fi done Note: If I do not the "cd /etc/bind/master/ &&", I exceed the maximum lenght of the commandline. Any ideas how to do this better? Thanks in avance -- Michelle KonzackITSystems GNU/Linux Developer 0033-6-61925193 signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multi-master DNS with Bind
Hello Evan Hunt, Am 2012-08-05 20:26:06, hacktest Du folgendes herunter: Not at this time. We've discussed the subject at some length and it may appear in a future release, but it's not on the near-term roadmap. Something for bind10? BIND 9 does support update forwarding (i.e., slaves receiving updates and passing them on to the master), but that doesn't sound like what you're looking for. I do not think, because if the master goes Off-Line you are screwed I have some automated scripts, which check the MASTER if it is On-Line or not, and if not, a SLAVE switch to MASTER. Requires that all SLAVES have rsynced backupfiles from the MASTER. Another method would be that you do NOT USE SLAVES at all but instead install on all MASTERS a CGI script and put the DATA for the ZONES in CSV files, do cross-updates and let a script create the Zones automaticaly. Currently I am working on this kind of setup because I have an ADMIN workstation/server with a PostgreSQL database with all required infos in my office and replicated 3 times in the Internet in differnt countries. It does not mather, on which ADMIN workstation/server I am working. It will always update all 12 name servers correctly. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing http://www.itsystems.tamay-dogan.net/ itsystems@tdnet Jabber linux4miche...@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Weird stuff with one host... :-S
Hello Barry, Am 2012-07-16 00:18:37, hacktest Du folgendes herunter: In article mailman.1349.1342397875.63724.bind-us...@lists.isc.org, Michelle Konzack linux4miche...@tamay-dogan.net wrote: ANY hosts are working from any workstations/servers except onlinestore on work1. Views? No, it is a Debian standard installation and I have nothing special. Can views be configured by Host/IP? I think, it was only possibel by zone And all of the workstations and servers are in the same subdomain intranet1.tamay-dogan.net which make the error realy bizzar... because I have only added the new host to the config, updated the serialnumber and reloaded the zone. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing http://www.itsystems.tamay-dogan.net/ itsystems@tdnet Jabber linux4miche...@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: named.conf splitting
Hello Noel Butler, Am 2012-02-18 11:25:10, hacktest Du folgendes herunter: If the OP is trying to avoid inline editing, does not the above become pointless? Yes, and the wish of the OP is my wish too! Still requires inline editing to remove the include /path/to/etc/zone1.conf, else named will have an error on reload. Right Being involved in the apache discussion I think I see where he wants to do, but I'm not sure if bind works like that. I like to see bind working like this ;-) (/me fires up dev box) ... OK, Nick, it will not do what you want. Perhaps this is better off as a feature request, and, one that makes sound sense to me, although I include one hosts.conf file and put all entries in that and like most are very happy that way, if people are including singular zone files from another include file, it would make far better sense, less messy too (I think) I think, the best would be the solution from apache, which read entire directories if the include ends with a /. How and where can I send this wish-list bug? Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing http://www.itsystems.tamay-dogan.net/ itsystems@tdnet Jabber linux4miche...@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNSSEC made simple, is this possible?
Hello Howard Leadmon, Am 2012-01-11 10:31:11, hacktest Du folgendes herunter: Then I go to make a change to my DNS file, whoa was I in for a shock, as :-D So I guess my million dollar question is, I want to use DNSSEC (it's actually working now), but I want to be able to edit my zone files the way I always have for many years, and just have BIND sign the zones with the keys and update as needed to keep DNS running smoothly. Is there some easy way to do this, some scripts someone has made, or some documentation to walk me through accomplishing this? Why not use nsupdate? Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing http://www.itsystems.tamay-dogan.net/ itsystems@tdnet Jabber linux4miche...@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can someone know Sub-Domains?
OK, first thanks to Carsten S. which pointed me to ldns-walk and yes, I can see all hosts configured with NSEC and. If I use 'ldns-walk debian.org' which is secured through DNSSEC too, I get only tonns of no rrlist which my NS should do too! How can I solv this problem? Thanks and merry X-Mas Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing http://www.itsystems.tamay-dogan.net/ itsystems@tdnet Jabber linux4miche...@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
New problem with lame-server after Dist-Upgrade
]: lame-servers: info: error (connection refused) resolving 'feeds.feedburner.com/A/IN': 217.147.94.23#53 Dec 25 00:27:01 dns named[29004]: lame-servers: info: error (unexpected RCODE REFUSED) resolving 'www4.l.google.com/A/IN': 78.47.104.44#53 Dec 25 00:27:01 dns named[29004]: lame-servers: info: error (unexpected RCODE REFUSED) resolving 'www4.l.google.com/A/IN': 78.47.247.21#53 Dec 25 00:27:01 dns named[29004]: lame-servers: info: error (connection refused) resolving 'www4.l.google.com/A/IN': 217.147.94.23#53 Can someone tell me whats going wrong here and what has changed? Can it be, that the forwarder is not more working? If yes, whats ging on here? Note: The Dist-Upbgrade has not changed the bind9 config in any way. It was working from Debian Woody/3.0 over Sarge/3.1 and Etch/4.0. Thanks and happy X-Mas Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing http://www.itsystems.tamay-dogan.net/ itsystems@tdnet Jabber linux4miche...@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How can someone know Sub-Domains?
Hello *, I have installed inside my corporated domain a subdomain for a customer and now this subdomain is under attack, exactly, the Domains with 37 Courier-Servers and 140 Web-Servers are DoS'ed. This mean, someone is trying to bring down the whole network using 200k IPs. I use a CISCO 12008 which work nicely with its filters, but not always. My Dual 1 GE connection is nearly fucked! And yes, I have a big problem with extortion since arround 2 weeks and I am not willing to pay. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing http://www.itsystems.tamay-dogan.net/ itsystems@tdnet Jabber linux4miche...@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: New problem with lame-server after Dist-Upgrade
Hello Ben Croswell, Am 2011-12-24 18:42:09, hacktest Du folgendes herunter: Did the BIND version change with the OS upgrade? Yes. I had this problem some years ago: 8-- Mark Andrews marka at isc.org Tue Aug 3 22:32:29 UTC 2010 * Previous message: unexpected RCODE (REFUSED) resolving * Next message: unexpected RCODE (REFUSED) resolving * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] In message 20100803142625.GC27217 at tamay-dogan.net, Michelle Konzack writes: This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. Hello, since today morning (~06:30 CEST) I get several 1.000 errors like: [ '/var/log/named.log' ] Aug 3 10:12:39 dns1 named[26425]: 03-Aug-2010 10:12:39.951 lame-servers: i= nfo: unexpected RCODE (REFUSED) resolving 'lists.colo.xensource.com/A/IN': = 68.156.138.136#53 Basically you need to complain to the administators for xensource.com to get the delegation cleaned up or the server configured. xensource.com is delegated to 68.156.138.136 but that server is refusing to answer queries for the xensource.com. Additionally according to ns1.xensource.com both ns0.xensource.com and ns2.xensource.com no longer exist. The administrators for xensource.com need to clean up the delegation by contacting their registrar and removing ns0.xensource.com from delegation. They also need to clean up the delegation for colo.xensource.com as that has ns0 and ns2 listed which don't exist. 8-- but if I follow his answer, it mean, more than 800 servers have this issue! This can not be... Or are those admins realy braindamaged? Sometimes I see a bunch of lines lame-servers and following by edns-disabled lines with the same servers queried... Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing http://www.itsystems.tamay-dogan.net/ itsystems@tdnet Jabber linux4miche...@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can someone know Sub-Domains?
Forgotten one thing: The Sub-Domain has IPv6 addresses and the Serves are not hit by IP, but there FQDN, which mean, someone has gotten the list of the hostnames since I can not believe, the attacker has scanned my 4 IPv6 Networks to find out, where the servers are. (I do not use continiously IP-Range) Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing http://www.itsystems.tamay-dogan.net/ itsystems@tdnet Jabber linux4miche...@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: New problem with lame-server after Dist-Upgrade
[29649]: general: info: zone onlinestore.tamay-dogan.net/IN: next key event: 25-Dec-2011 13:36:10.541 Dec 25 01:36:10 storage000 named[29649]: notify: info: zone onlinestore.tamay-dogan.net/IN: sending notifies (serial 1324032239) Dec 25 01:36:10 storage000 named[29649]: notify: info: zone tdvoip.net/IN: sending notifies (serial 1324032240) Dec 25 01:39:02 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'www4.l.google.com//IN': 2001:503:231d::2:30#53 Dec 25 01:40:10 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'ns2.roka.net//IN': 2001:500:1::803f:235#53 Dec 25 01:40:10 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'dns.roka.net//IN': 2001:748:100:70::2#53 Dec 25 01:42:02 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'www.kaleme.com//IN': 2001:503:a83e::2:30#53 Dec 25 01:42:02 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'pdns3.ultradns.org/A/IN': 2001:500:2f::f#53 Dec 25 01:42:02 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'pdns4.ultradns.org/A/IN': 2001:500:2f::f#53 Dec 25 01:42:02 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'pdns3.ultradns.org//IN': 2001:503:c27::2:30#53 Dec 25 01:42:02 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'pdns4.ultradns.org//IN': 2001:503:ba3e::2:30#53 Dec 25 01:42:02 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'pdns3.ultradns.org/A/IN': 2001:dc3::35#53 Dec 25 01:42:02 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'pdns4.ultradns.org/A/IN': 2001:503:c27::2:30#53 Dec 25 01:42:02 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'pdns4.ultradns.org/A/IN': 2001:503:ba3e::2:30#53 Dec 25 01:42:02 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'pdns4.ultradns.org/A/IN': 2001:7fd::1#53 Dec 25 01:42:02 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'pdns3.ultradns.org//IN': 2001:7fd::1#53 Dec 25 01:42:02 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'pdns5.ultradns.info/A/IN': 2001:500:19::1#53 Dec 25 01:42:02 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'pdns5.ultradns.info/A/IN': 2001:500:1a::1#53 Dec 25 01:42:02 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'pdns4.ultradns.org//IN': 2001:500:40::1#53 Dec 25 01:42:02 storage000 named[29649]: lame-servers: info: error (network unreachable) resolving 'pdns4.ultradns.org/A/IN': 2001:502:4612::1#53 ...and it seems, it does not work. Effect is the same. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing http://www.itsystems.tamay-dogan.net/ itsystems@tdnet Jabber linux4miche...@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can someone know Sub-Domains?
Hello Larry Brower, Am 2011-12-24 19:54:05, hacktest Du folgendes herunter: Why would you give them a subdomain? Why does AKAMAI do suh things? ;-) How do you know they weren't being targeted prior to coming to you? I was admin of the servers for 12 years Why haven't you nulled them yet? ??? Why do you think this belongs on this list? I like to know, which possibilities are for attackers to get whole zone infos out of my bind9 config... All host have gotten new names but someone is targeting the hosts. To prevent DoS Attacks, the Servers and Workstations have an auto-setup which can change IPs and FQDN randomly. SO if someone like to find the IPs or Hostnames, s/he can scan the entired Internet. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing http://www.itsystems.tamay-dogan.net/ itsystems@tdnet Jabber linux4miche...@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Puzzeling about IPv6
Hello *, my ISP http://www.hetzner.de/ is now offering an IPv6 /64 subnet for free for each Server. Not only Root-Servers but for realy ALL! OK, however, I like to setup my VHosts to use it, but I am puzzling around how to do this with bind9 (I run Debian) I have gotten this: IPs: 2a01:4f8:d12:1300:: /64 Gateway: 2a01:4f8:d12:1300::1 /64 Verwendbare IP-Adressen: 2a01:4f8:d12:1300::2 bis 2a01:4f8:d12:1300:::: sounds very much! Question: How should I choose the IPs? Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing http://www.itsystems.tamay-dogan.net/ itsystems@tdnet Jabber linux4miche...@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS Sinkhole in BIND
Hello G.W. Haywood, Am 2011-10-27 16:56:44, hacktest Du folgendes herunter: On Thu, 27 Oct 2011 Michelle Konzack wrote: ...and you get the hell on you ass if you have several 1000 of them! In this case, bind9 with RPZ is cheaper. Maybe look at ipsets. Currently we firewall almost 76,000 networks. [root@mail3 ~]# ipset -L | grep -v BLOCK | wc -l 75845 ...by accepting, IPT consum 90% of the CPU resources. =8O Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing http://www.itsystems.tamay-dogan.net/ itsystems@tdnet Jabber linux4miche...@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: auto-dnssec maintain stoped working again...
( 20111002151603 56865 tamay-dogan.net. PcQU5MfFk/9+i/+dbD99fw1Fh7XlwqwiFvHt YyVMx/ABeHSy8waMHkasXiSTrgBqP2AnFKgx gnAKnNkkFieB8VHkGyx2tyVylz7kKbi3geJh 2WfH9q8q6DuDeAMa8TYSlHaaZRom6HQQdoiZ sin/3FvPsEgOROHbQSt/URugkWU= ) 86400 NSECdocs.tamay-dogan.net. A RRSIG NSEC 86400 RRSIG NSEC 5 3 86400 2001151603 ( 20111002151603 56865 tamay-dogan.net. FLLuDIucutfjCcizqD5QtgXplNRpYCxTK6LF 6TLJzfWQFOoOczGKKcGhUjWPRzUVIfpWuXff sTq5nGjNTMdl8/xypFZsQfwG2O4KcTt8l0xq lIhbzJ8twqoXkPXK3XzXQBFFowf2YpyT/KOT 0jBxf+IkoBq/6+7kLKsu+Folm3s= ) mail.tamay-dogan.net. 3600IN A78.47.247.21 3600RRSIG A 5 3 3600 2001151603 ( 20111002151603 56865 tamay-dogan.net. NXKJfBUEQJfQvQUVEp+goCRDijx1bhVhzlmo lTNdpbLkJZgDaGEQue1UFBirW5MHOaJumS05 KZqZu07K4dWQ4cWa+KUzPuHTWnYlN2MVrfti WZK8UmeB1oSOilYJW/mt6e6jX9pHVB05mx3H IYr9K1kD2rT0wyhOUcU5rjZdZ7Q= ) 86400 NSECmobilica.tamay-dogan.net. A RRSIG NSEC 86400 RRSIG NSEC 5 3 86400 2001151603 ( 20111002151603 56865 tamay-dogan.net. oG5PfuuIMainJz3keBqE8xDkq3IecSEj7Hg3 wEX2aiU2kR03iMOv1IhCSmSpTnMQXntY8Nss e/cQdNPzeROvmf+232oDNGV2UGcCJ4ZoWd8+ srB+2miPmt9CYW4xYt2rRiCfRzNQc9i+69DY 0pmPIvo3S5mEZP/MzDVZk68RfL4= ) webmail.tamay-dogan.net. 3600 IN CNAME mail.tamay-dogan.net. 3600RRSIG CNAME 5 3 3600 2001151603 ( 20111002151603 56865 tamay-dogan.net. NozewfqP2mR/2i0b5itaCQCeDuHvRxpXDL54 CZqYh1nv2kPK8XBBsw43ED986cH9qmp73WbE isNEbGbO4CiWjWQvolp8wjBg58JEfSiffQFP 988giKszrzy+EhfCVM5Bwpt5cpRyH5XDJJDF 6xmphnc7cOMcaS2ntZ0anRvWEIs= ) 86400 NSECwikileaks.tamay-dogan.net. CNAME RRSIG NSEC 86400 RRSIG NSEC 5 3 86400 2001151603 ( 20111002151603 56865 tamay-dogan.net. Lm6mSWyhLQPV+Z1gUX6J2mAzQDyr+3F530IC 2EoVJxiyW5t2xrU2yM5+ZUfYzdMsgqTrkvGe ZDGfwqc0ul9a8HyZtgpOQHEfGMkOuLF6KFcg CbKxeVV6YxldD5scBxmRhf1ipWJPtEt38Qbq 6LvkJq2dxFOr7uGsD7npa9DAxnY= ) Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet Franceitsystems@tdnet Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) Gewerbe Straße 3 50, rue de Soultz 77694 Kehl/Germany 67100 Strasbourg/France Tel: +49-177-9351947 mobil Tel: +33-6-61925193 mobil Tel: +49-176-86004575 office http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: auto-dnssec maintain stoped working again...
Hello Hauke Lampe, Am 2011-10-01 02:02:56, hacktest Du folgendes herunter: Do you mean expired signatures or no signatures at all? I have expired signatures... In the latter case, have you checked that the zone's keys are readable by named and still active? Ehm yes root@dns1 /etc/bind # ls -Al /etc/bind/master/net/tamay-dogan/*tamay-dogan* -rw-r--r-- 1 bind adm 502 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/KSK_Kintranet1.tamay-dogan.net.+005+12154.key -rw--- 1 bind adm 1.2K Oct 2 18:01 /etc/bind/master/net/tamay-dogan/KSK_Kintranet1.tamay-dogan.net.+005+12154.private -rw-r--r-- 1 bind adm 502 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/KSK_Kintranet2.tamay-dogan.net.+005+45271.key -rw--- 1 bind adm 1.2K Oct 2 18:01 /etc/bind/master/net/tamay-dogan/KSK_Kintranet2.tamay-dogan.net.+005+45271.private -rw-rw-r-- 1 bind adm 2.2K Jul 3 17:10 /etc/bind/master/net/tamay-dogan/net.tamay-dogan -rw-rw-r-- 1 bind adm 249 Jun 17 22:33 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.conf -rw-r--r-- 1 bind adm 256 Jul 3 17:10 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.conf.signed -rw-rw-r-- 1 bind adm 1.1K Oct 2 18:01 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.intranet1 -rw-rw-r-- 1 bind adm 238 Oct 2 17:59 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.intranet1.conf -rw-r--r-- 1 bind adm 245 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.intranet1.conf.signed -rw-r--r-- 1 bind adm 13K Oct 2 18:01 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.intranet1.signed -rw-rw-r-- 1 bind adm 798 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.intranet2 -rw-rw-r-- 1 bind adm 238 Oct 2 17:59 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.intranet2.conf -rw-r--r-- 1 bind adm 245 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.intranet2.conf.signed -rw-r--r-- 1 bind adm 8.2K Oct 2 18:01 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.intranet2.signed -rw-r--r-- 1 bind adm 7.1K Jul 26 04:22 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.signed -rw-r--r-- 1 bind adm 15K Jul 26 04:10 /etc/bind/master/net/tamay-dogan/net.tamay-dogan.signed.jnl -rw-r--r-- 1 bind adm 459 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/ZSK_Kintranet1.tamay-dogan.net.+005+28905.key -rw--- 1 bind adm 1010 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/ZSK_Kintranet1.tamay-dogan.net.+005+28905.private -rw-r--r-- 1 bind adm 459 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/ZSK_Kintranet2.tamay-dogan.net.+005+36762.key -rw--- 1 bind adm 1010 Oct 2 18:01 /etc/bind/master/net/tamay-dogan/ZSK_Kintranet2.tamay-dogan.net.+005+36762.private -rw-r--r-- 1 bind adm 439 Jul 3 17:10 /etc/bind/master/net/tamay-dogan/ZSK_Ktamay-dogan.net.+005+30945.key -rw--- 1 bind adm 1010 Jul 3 17:10 /etc/bind/master/net/tamay-dogan/ZSK_Ktamay-dogan.net.+005+30945.private If I am right, this looks right. Try dnssec-settime -p all /path/to/keys/Kexample.com.+005+12345.key and look for Activate: and Inactive: root@dns1 /etc/bind # dnssec-settime -p all /etc/bind/master/net/tamay-dogan/KSK_Ktamay-dogan.net.+005+12268.key Created: Sun Jul 3 17:10:49 2011 Publish: Sun Jul 3 17:10:49 2011 Activate: Sun Jul 3 17:10:49 2011 Revoke: UNSET Inactive: UNSET Delete: UNSET seems not very good... root@dns1 /etc/bind # dnssec-settime -p all /etc/bind/master/net/tamay-dogan/KSK_Kintranet1.tamay-dogan.net.+005+12154.key Created: Sun Oct 2 18:01:29 2011 Publish: Sun Oct 2 18:01:29 2011 Activate: Sun Oct 2 18:01:29 2011 Revoke: UNSET Inactive: UNSET Delete: UNSET root@dns1 /etc/bind # dnssec-settime -p all /etc/bind/master/net/tamay-dogan/KSK_Kintranet2.tamay-dogan.net.+005+45271.key Created: Sun Oct 2 18:01:34 2011 Publish: Sun Oct 2 18:01:34 2011 Activate: Sun Oct 2 18:01:34 2011 Revoke: UNSET Inactive: UNSET Delete: UNSET I have added this two today... There have been a few bugfixes to automatic signing between 9.7.3 and 9.8. Maybe you hit one of those bugs. Hmmm, i will ask the Debian Maintainers... Hauke. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet Owner Michelle Konzack Tel: +49-176-86004575 office Gewerbe Straße 3Tel: +49-177-9351947 mobil 77694 Kehl/Germany Tel: +33-6-61925193 mobil (France) http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users
auto-dnssec maintain stoped working again...
Good evening*, I run my three NS with DNSSEC and now I have encountered, that it has stoped maintaining the Zone since september and has not changed to october. It was working for 4 month only. I have no error messages in my logs. Any hints, why this happen from time to time? I use bind 9.7.3 from the Debian GNU/Linux Distribution 6.0.2 (Squeeze). Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet Owner Michelle Konzack Tel office: +49-176-86004575 Gewerbe Strasse 3 Tel mobil: +49-177-9351947 77694 Kehl/Germany Tel mobil: +33-6-61925193 (France) http://www.itsystems.tamay-dogan.net/ http://www.debian.tamay-dogan.net/ Jabber linux4miche...@jabber.ccc.de Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Slaves do not more update
Hello Chris Buxton, Am 2011-06-21 19:01:57, hacktest Du folgendes herunter: This sounds like a failure of the DNS Notify system. Have you checked the logs? If nothing interesting is logged, have you checked the logging statement? I have nothing found relevant. I will delay the next changement directly after the logrotate and I will see whats going on here. And as I sayed, it happen AFTER I have added DNSSEC. So, if I clean on the SLAVE the Cache, it suck automatical the new zones from the MASTER, which mean, the SLAVE is OK, right? This would mean the MASTER does not send the notifiication to the SLAVE if a zone has changed, but the weird thing is, I see the MTIME changeing on the SLAVE, which mean, there was a changement... but the zone was not updated. Regards, Chris Buxton BlueCat Networks Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet Franceitsystems@tdnet Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) Gewerbe Straße 3 50, rue de Soultz 77694 Kehl/Germany 67100 Strasbourg/France Tel: +49-177-9351947 mobil Tel: +33-6-61925193 mobil Tel: +49-176-86004575 office http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Slaves do not more update
Hello Chris Buxton, Am 2011-06-22 06:26:47, hacktest Du folgendes herunter: If the mtime of the slave's file changes, then there's something else wrong. It's refreshing, and resetting the refresh timer, but it's not seeing an update. Right and I do not find the error... If I clear the cache while named is running it sucks all mising cache zones from the MASTER if the time come to expire the zone. If I clear the cache and then go to the MASTER, change one zone and reload it, the SLAVE download immediately the changed zone and then it sucks the rest. So, it seems, the SLAVE has gotten the zone notification This error happen, as I already mentioned, since I changed the MASTER to DNSSEC. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet Franceitsystems@tdnet Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) Gewerbe Straße 3 50, rue de Soultz 77694 Kehl/Germany 67100 Strasbourg/France Tel: +49-177-9351947 mobil Tel: +33-6-61925193 mobil Tel: +49-176-86004575 office http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to Setup a Name Servers visible on Internet?
Hello Eric Kom, are you sure, you want this: ns1 IN A 41.134.194.90 ns2 IN A 41.134.194.91 ns1 IN A 10.0.0.80 ns2 IN A 10.0.0.82 This results in a round-robing and I would not get in 50% of all cases the right domain. www IN A 10.0.0.81 www IN A 10.0.0.82 mailIN A 10.0.0.84 backup IN A 10.0.0.102 How can someone reach your Web- and Mail-Server, if you have setup them in a private network? ftp IN CNAME www img IN CNAME www * IN CNAME www imapIN CNAME mail pop IN CNAME mail pop3IN CNAME mail smtpIN CNAME mail Are you sure, this is working? The * wildcard will even catch the imap, pop, pop3 and smtp hosts and redirect them to www 80 IN PTR ns1.metropolitanbuntu.co.za. 82 IN PTR ns2.metropolitanbuntu.co.za. 81 IN PTR www.metropolitanbuntu.co.za. 102 IN PTR backup.metropolitanbuntu.co.za. 108 IN PTR printer-server.metropolitanbuntu.co.za. 31 IN PTR ldap.metropolitanbuntu.co.za. How should this work? are the servers only accessibel from the local and private network? Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet Franceitsystems@tdnet Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) Gewerbe Straße 3 50, rue de Soultz 77694 Kehl/Germany 67100 Strasbourg/France Tel: +49-177-9351947 mobil Tel: +33-6-61925193 mobil Tel: +49-176-86004575 office http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to Setup a Name Servers visible on Internet?
Hello Metropolitan College Eric Kom, root@nina:/home/erickom# nslookup 41.134.194.90 Server:196.28.80.139 Address:196.28.80.139#53 Non-authoritative answer: 90.194.134.41.in-addr.arpaname = ns1.metropolitanbuntu.co.za. Authoritative answers can be found from: 194.134.41.in-addr.arpanameserver = ns1.mweb.co.za. 194.134.41.in-addr.arpanameserver = ns2.mweb.co.za. ns1.mweb.co.zainternet address = 196.2.16.3 ns2.mweb.co.zainternet address = 196.2.46.254 and [michelle.konzack@devel:~ ] dig -x 41.134.194.90 90.194.134.41.in-addr.arpa. 600 IN PTR metropolitanstaff.co.za. 194.134.41.in-addr.arpa. 172798 IN NS ns2.mweb.co.za. 194.134.41.in-addr.arpa. 172798 IN NS ns1.mweb.co.za. root@nina:/home/erickom# nslookup 41.134.194.91 Server:196.28.80.139 Address:196.28.80.139#53 Non-authoritative answer: 91.194.134.41.in-addr.arpaname = ns2.metropolitanbuntu.co.za. Authoritative answers can be found from: 194.134.41.in-addr.arpanameserver = ns2.mweb.co.za. 194.134.41.in-addr.arpanameserver = ns1.mweb.co.za. ns1.mweb.co.zainternet address = 196.2.16.3 ns2.mweb.co.zainternet address = 196.2.46.254 91.194.134.41.in-addr.arpa. 588 IN PTR ns2.metropolitanbuntu.co.za. 194.134.41.in-addr.arpa. 172686 IN NS ns2.mweb.co.za. 194.134.41.in-addr.arpa. 172686 IN NS ns1.mweb.co.za. ns1.mweb.co.za. 488 IN A 196.2.16.3 ns2.mweb.co.za. 488 IN A 196.2.46.254 The reverses are well configured, so I don't know why bind still complaints: has 0 SOA records, has no NS records and not loaded due to errors. It works, because the configs for the PTR are on your ISPs nameservers like ns1.mweb.co.za and ns2.mweb.co.za you need to ask isp to set this, this is common error at home Do you have read this? You Truly Eric Kom System Administrator - Metropolitan College Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet Franceitsystems@tdnet Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) Gewerbe Straße 3 50, rue de Soultz 77694 Kehl/Germany 67100 Strasbourg/France Tel: +49-177-9351947 mobil Tel: +33-6-61925193 mobil Tel: +49-176-86004575 office http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: An Invitation to Neuroscientists and Physicists: Singapore Citizen Mr. Teo En Ming (Zhang Enming) Reports First Hand Account of Mind Intrusion and Mind Reading
Hello Jan-Piet Mens, Am 2011-05-17 17:53:29, hacktest Du folgendes herunter: Mark my words. You will know the truth in future. Ah: DNSSEC -- the guy is on topic. ??? He use gmail to spam which has NO DNSSEC! [ command 'dig ANY gmail.com' ]- gmail.com. 86300 IN SOA ns1.google.com. dns-admin.google.com. 1450725 21600 3600 1209600 300 gmail.com. 200 IN TXT v=spf1 redirect=_spf.google.com gmail.com. 3500IN MX 30 alt3.gmail-smtp-in.l.google.com. gmail.com. 3500IN MX 40 alt4.gmail-smtp-in.l.google.com. gmail.com. 3500IN MX 5 gmail-smtp-in.l.google.com. gmail.com. 3500IN MX 10 alt1.gmail-smtp-in.l.google.com. gmail.com. 3500IN MX 20 alt2.gmail-smtp-in.l.google.com. gmail.com. 168 IN A 209.85.149.18 gmail.com. 168 IN A 209.85.149.19 gmail.com. 168 IN A 209.85.149.83 gmail.com. 168 IN A 209.85.149.17 gmail.com. 345500 IN NS ns3.google.com. gmail.com. 345500 IN NS ns1.google.com. gmail.com. 345500 IN NS ns4.google.com. gmail.com. 345500 IN NS ns2.google.com. gmail.com. 345500 IN NS ns1.google.com. gmail.com. 345500 IN NS ns3.google.com. gmail.com. 345500 IN NS ns2.google.com. gmail.com. 345500 IN NS ns4.google.com. ns1.google.com. 312010 IN A 216.239.32.10 ns2.google.com. 312011 IN A 216.239.34.10 ns3.google.com. 312011 IN A 216.239.36.10 ns4.google.com. 312011 IN A 216.239.38.10 Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet France EURL itsystems@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +49-176-86004575 office http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [OT] Test message
Hello Dan Mahoney, here the third message... Sorry, fpor the late answer, your message was eaten by my samfilter and I found it today... Thanks, Greetings and nice Day/Evening Michelle Konzack Am 2011-05-10 23:42:58, hacktest Du folgendes herunter: I'm still not seeing it show up in bind-users -- it makes it as far as mailman, then I see nothing in the logs. Can you send a third test? -Dan Mahoney On Tue, 10 May 2011, Michelle Konzack wrote: Test message because the listserver eat my messages... Thanks, Greetings and nice Day/Evening Michelle Konzack END OF REPLIED MESSAGE Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsystems@tdnet France EURL itsystems@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +49-176-86004575 office http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
nsupdate problem after DNSSEC
I have update my dns1 to DNSSEC and now I have two probems... 1) dns2 does not more update 2) nsupdate from my admin website does not more work and give me an ExitStatus 2. Unfortunately the manpage does not tell me what 2 is. But I assume it hast the same problem like dns2 Can someone tell me what I have to change that my TSIG work again? Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: nsupdate problem after DNSSEC upgrade
Note: My nsupdate script us an autogenerated file like: if ($_GET['nsupdate'] == 'on') { $tmp_file = tempnam('/tmp', 'tdphp-vserver.'); chmod($tmp_file, 0700); $fh = fopen($tmp_file, 'a'); fwrite($fh, server dns1.tamay-dogan.net\n); fwrite($fh, update delete . $_GET['vhost'] . A\n); fwrite($fh, prereq nxdomain . $_GET['vhost'] . \n); fwrite($fh, update add . $_GET['vhost'] . 86400 CNAME . $_SERVER['SERVER_NAME'] . \n); fwrite($fh, send\n); fseek($fh, 0); exec(nsupdate . $tmp_file, $array, $ret); but this give me as I sayed already an ExitStatus 2 Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: nsupdate problem after DNSSEC
Hello Phil Mayers, Am 2011-01-05 09:19:11, hacktest Du folgendes herunter: Do you mean you have signed your zone? Yes If so, you are aware that bind requires the zone-signing key to be available in order to perform updates - like this: zone $name { type master; allow-update { ... }; allow-update or allow-transfer? I have the later one and it seems, my zones where transfered after a forced reboot of dns2, but only the ZONEs which have an IP in allow-transfer. tamay-dogan.net use a key and it does not work. key-directory /var/named/data/keys/$name; }; Ahh, I have to add this? ...and in /var/named/data/keys/$name you need the: K$name.+005+id.key K$name.+005+id.private many of them Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Entired NS crashed
Hello Torinthiel, thanks for your explanation. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Entired NS crashed
Hello *, since ZKT is not able to work over 200.000 Domains on a singel server I have coded my own tool which does it! Now my NS is running DNSSEC and crashed! To load the 230.000 zones it created a very huge load and consumed the entire memory of 8 GByte. Question to power hosters: 1) How many ZONEs do you host per NS? 2) Whats your CPU speed? 3) How much memory do yo use? As far as I can see, 'dig +dnssec www.tamay-dogan.net' give a nice output but how can I know, the expiration date? Is this the timestamp here: tamay-dogan.net.3600IN RRSIG SOA 5 2 3600 20110131191903 [ command 'dig +dnssec tamay-dogan.net' ]--- tamay-dogan.net.3600IN SOA dns1.tamay-dogan.net. hostmaster.tamay-dogan.net. 1292829280 10800 3600 604800 86400 tamay-dogan.net.3600IN RRSIG SOA 5 2 3600 20110131191903 20110101191903 12795 tamay-dogan.net. lti7l2JlLeIATApQfWp3BdPTH4MiP75crl4921bC1qdOXfWJH4La+L58 t0hVMmzNaNbLDH36cQwrYdQvaBJHPkQEwi2Mr8WP0jCSp+bpc2lEP6sz f+kRGWYITjuxAwFsSdhVR+EQd4pIupa16ylJ65OWcBGlIHbC5eA5KSN4 lTk= tamay-dogan.net.86400 IN NSECadmin.tamay-dogan.net. NS SOA MX TXT RRSIG NSEC DNSKEY tamay-dogan.net.86400 IN RRSIG NSEC 5 2 86400 20110131191903 20110101191903 12795 tamay-dogan.net. YS5Y44ywYrsjbSJmtFgF9hk8K80VWLuyLRuDxLeO84kXA/hN9i8mzzDy XYIoiUwWbyeKxEIhqAdA6gekLU2Z+ZuNsSGnPUcCdfZD+GiWEneeWGg/ LcIi9FWTf7J++yGnVMA5Ng6vZ3SgTtiC7r74ZZytm7FkijxCwd8tRyKy a9c= which I could grep? And what is NSEC entry? Why is the VHost admin.tamay-dogan.net there? Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Best practize to store the ZONE files
Hello *, I am hosting on my 6 NameServers 200.000 Domains and now in the meantime it becomes complicate because they are arround 230.000 files now including sub domains. There are currrently 18 TLs. My Question is: How do you handel such amount of files and where is the best place to store them on a Debian System (Lenny/Squeeze). Do you recommend to store it on a seperated partition, even if they have currently only arround 87 MByte? Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How to get easily (from a script) all CNAME of a A record?
Hello *, does someone know, how to get easily all CNAME records for a Host? For example I have: vserver09.tamay-dogan.net. 604800 IN A88.168.69.36 www.can4linux.org. 86400 IN CNAMEvserver09.tamay-dogan.net. www.fexray4linux.org.86400 IN CNAMEvserver09.tamay-dogan.net. So I have only the vserver09 and want to know from a script the CNAMEs which mean, I need a revers search. How can I query this and which is the best (shell) tool? I mean, currently I have a spider script installed on the NS which I can run using 'ssh ${NS} query_script ${OPTS}' and on STDOUT I have what I need, but I like to get a better solution, since sometimes it dos not work with DNSSEC and with more then 8 Domains and more than 1million hosts I run into timing problems. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to get easily (from a script) all CNAME of a A record?
Hello Matus UHLAR - fantomas, Am 2010-11-09 14:13:47, hacktest Du folgendes herunter: I am not sure whether dnswalk over whole internet can do that, but on your I will try it... server you can either run recursive grep over named data directory, or dump the named dsatabase and grep it... This is what I currently do... [ '/usr/sbin/get_hosts_in cname' ]-- #!/bin/sh QUERY=$1 for FILE in $(cd /etc/bind ls *.signed) do grep --regexp= IN CNAME .*${QUERY} /etc/bind/${FILE} 2/dev/null |cut -d ' ' -f1 |sed 's|.$||' done ...and it is to slow do to more then 80.000 Zones (they have to be greped all) number of VHosts. Oh, it is now time to use xargs, because I saw today, that I hit the limits for ls. :-D Following is working: cd /etc/bind ls but not: cd /etc/bind ls * or cd /etc/bind ls *.signed and the OSes are called Linux and BSD... WTF? It seems that a commandline can not have more then 31.000 characters. (no not options but total lenght) Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to get easily (from a script) all CNAME of a A record?
Hello Matus UHLAR - fantomas, Am 2010-11-09 14:13:47, hacktest Du folgendes herunter: I am not sure whether dnswalk over whole internet can do that, dnswalk is already starting wierd behaviour: [ command 'dnswalk vserver09.tamay-dogan.net.' ] Checking vserver09.tamay-dogan.net. BAD: SOA record not found for vserver09.tamay-dogan.net. BAD: vserver09.tamay-dogan.net. has NO authoritative nameservers! BAD: All zone transfer attempts of vserver09.tamay-dogan.net. failed! 0 failures, 0 warnings, 3 errors. [ command 'dig +multiline SOA vserver09.tamay-dogan.net' ]-- tamay-dogan.net.3600 IN SOA dns1.tamay-dogan.net. hostmaster.tamay-dogan.net. ( 1288527338 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) [ command 'dig vserver09.tamay-dogan.net' ]- vserver09.tamay-dogan.net. 3600 IN A 88.168.69.36 tamay-dogan.net.3600IN NS dns2.tamay-dogan.net. tamay-dogan.net.3600IN NS dns1.tamay-dogan.net. dns1.tamay-dogan.net. 3600IN A 88.168.69.36 dns2.tamay-dogan.net. 3600IN A 217.147.94.23 Is denswalk broken in Debian/Lenny? Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to get easily (from a script) all CNAME of a A record?
Hello Torsten, Am 2010-11-09 15:46:05, hacktest Du folgendes herunter: Maybe it's easier to get a dump with rndc dumpdb -zones and then run the grep on the dump file. Ehm, but AFAIK the dumpfiles are the same as the orginal zone files in /etc/bind or do I something missing? Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How does Yahoo/Google find unknown domains?
Hello Robert Spangler, Am 2010-11-09 10:34:52, hacktest Du folgendes herunter: If these domains are for internal use only, why did you list the DNS servers for them? You are aware that you can register a domain without listing a DNS Server? Because my own customers (exclusively) must access it. They are my VOIP and IPTV servers and there is no public HTTP content but I am bombed with PHP/CGI requests and I do not know, where Google and Co have gotten those links. Some of the searchbots are hiting my servers 3 times in series from three different IPs and in summary, I have more then 10.000 searchbot- entries per day in my Logs. My server always return an Error-Page from the VServer that there is no configured HTTP host on the machine but it is ignored. One VHost must be configured for the web administration and it is hit too and too much! Even my simple squirrelmal login page from webmail.tamay-dogan.net is spidered daily with more then 800 hits and I have already counted more then 80 different searchbots. How braindamaged are Searchbot-Programmers? All of my webservers together have arround 86 TByte of content including a VERY huge debian archive (all releases and versions from 0.96 to now) and my traffic per month is arround 27 TByte. The searchbots are creating 17,3 TByte traffic per month which my customers have to pay to! Maybe I call my lawer to write letters to the serachbot owners to stop spidering my 36 domains. Oh, at Level3 in Frankfurt I pay 12 Euro/Mbit traffic per month which mean 12 Euro per 320 GByte traffic. Not counting the price for the 700km FiberOptic line which is another provider (0,40 euro/m/year). I had a 1 GE line from Frankfurt but du to the excessiv serchbot traffic it broke several times per day. Now I have in total twelf 1GE (Level3, Verizon, DTag and Orange). Maximal I can have 64 x 10 GE with my Transmode TS System but then I can install my own BPOP. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to get easily (from a script) all CNAME of a A record?
Hello philippe.simo...@swisscom.com, Am 2010-11-09 22:16:08, hacktest Du folgendes herunter: For all CNAME records, make e.g. a TXT record with the reverse result : (TXT is maybe not the better record type...which ones (for specialists)) For each : a-name IN A 1.2.3.4 an-alias IN CNAME a-name Just add : a-name IN TXT an-alias and make more than one TXT records for each cname pointing to the same record ... a-name IN TXT another-alias I am currently testing this solution and it seems to work nicely and I can easyly integrate the generation of the TXT record in my PHP scripts. ...and this is very speedy! Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How does Yahoo/Google find unknown domains?
Hello Sten Carlsen, Am 2010-11-08 02:32:14, hacktest Du folgendes herunter: Did you consider robots.txt? Well behaved spiders should respect that, although it does not prevent anything. It is a VHost without own doc_root, which mean, a robots.txt would block anything on the Server I would expect google and yahoo to respect it, I have no clue about he.net. I know, but it is not possibel without instaliing a separated server. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How does Yahoo/Google find unknown domains?
Hello experts and *, I have (since several years) collected some domain names which do not exist (since years) and registered it in the last 4 month for the internal use of my Internet Service. Now I see Googlebot, Yahoo and he.net quering my DNS Servers for exactly those domains. If I read the conditions of Networksolutions and Co, spidering of WHOIS records is prohibited also the commercial use of the data. Does someone have an experience with his crap? Unfortunately I can not deny access to the 180 servers and Google, Yahoo and He is bombing my network with to much useless requests. I have written a mail to Google not to attack my network of VOIP and IPTV servers, but they continue... The webservers have only an SHTTP administrativ VHost, but not exp.com or www.exp.com but the webserver get any requests from *.exp.com because it is an administrative VServer and the error logfile is per day VERY long. An htaccess does not work, because I have more then 800 VHosts on each server. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: unexpected RCODE (REFUSED) resolving
Hello Mark Andrews, Am 2010-08-04 08:32:29, hacktest Du folgendes herunter: Basically you need to complain to the administators for xensource.com to get the delegation cleaned up or the server configured. OK... done! xensource.com is delegated to 68.156.138.136 but that server is refusing to answer queries for the xensource.com. Additionally according to ns1.xensource.com both ns0.xensource.com and ns2.xensource.com no longer exist. The administrators for xensource.com need to clean up the delegation by contacting their registrar and removing ns0.xensource.com from delegation. They also need to clean up the delegation for colo.xensource.com as that has ns0 and ns2 listed which don't exist. This is grmpf! It seems there are more then one Sys/Net-Admin which do no know its job! Currently the number of unknown name servers is increasing. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
unexpected RCODE (REFUSED) resolving
Hello, since today morning (~06:30 CEST) I get several 1.000 errors like: [ '/var/log/named.log' ] Aug 3 10:12:39 dns1 named[26425]: 03-Aug-2010 10:12:39.951 lame-servers: info: unexpected RCODE (REFUSED) resolving 'lists.colo.xensource.com/A/IN': 68.156.138.136#53 Aug 3 10:12:40 dns1 named[26425]: 03-Aug-2010 10:12:40.298 lame-servers: info: unexpected RCODE (REFUSED) resolving 'lists.colo.xensource.com//IN': 66.165.176.24#53 Aug 3 10:12:40 dns1 named[26425]: 03-Aug-2010 10:12:40.439 lame-servers: info: unexpected RCODE (REFUSED) resolving 'lists.colo.xensource.com//IN': 68.156.138.136#53 Aug 3 11:11:07 dns1 named[26425]: 03-Aug-2010 11:11:07.670 lame-servers: info: FORMERR resolving 'ns.xinnet.cn//IN': 61.155.152.86#53 Aug 3 11:12:07 dns1 named[26425]: 03-Aug-2010 11:12:07.259 lame-servers: info: unexpected RCODE (SERVFAIL) resolving 'kernelnewbies.org/NS/IN': 85.118.1.10#53 Aug 3 11:12:07 dns1 named[26425]: 03-Aug-2010 11:12:07.380 lame-servers: info: unexpected RCODE (SERVFAIL) resolving 'nl.linux.org/A/IN': 131.211.29.16#53 Aug 3 11:12:07 dns1 named[26425]: 03-Aug-2010 11:12:07.381 lame-servers: info: unexpected RCODE (SERVFAIL) resolving 'nl.linux.org/MX/IN': 131.211.29.16#53 Aug 3 11:39:22 dns1 named[26425]: 03-Aug-2010 11:39:22.848 lame-servers: info: FORMERR resolving 'tehrooz.com/NS/IN': 79.175.164.23#53 Aug 3 11:41:23 dns1 named[26425]: 03-Aug-2010 11:41:23.649 lame-servers: info: unexpected RCODE (REFUSED) resolving 'lists.colo.xensource.com/A/IN': 68.156.138.136#53 Aug 3 11:41:23 dns1 named[26425]: 03-Aug-2010 11:41:23.975 lame-servers: info: unexpected RCODE (REFUSED) resolving 'lists.colo.xensource.com//IN': 68.156.138.136#53 Aug 3 11:41:24 dns1 named[26425]: 03-Aug-2010 11:41:24.135 lame-servers: info: unexpected RCODE (REFUSED) resolving 'lists.colo.xensource.com//IN': 66.165.176.24#53 Aug 3 11:51:06 dns1 named[26425]: 03-Aug-2010 11:51:06.272 lame-servers: info: unexpected RCODE (REFUSED) resolving 'tallyho.bc.nu/A/IN': 209.132.176.100#53 Aug 3 12:12:30 dns1 named[26425]: 03-Aug-2010 12:12:30.505 lame-servers: info: unexpected RCODE (SERVFAIL) resolving 'ns2.telkom.co.za/A/IN': 196.7.142.133#53 Aug 3 12:12:30 dns1 named[26425]: 03-Aug-2010 12:12:30.513 lame-servers: info: unexpected RCODE (SERVFAIL) resolving 'ns3.telkom.co.za/A/IN': 196.7.142.133#53 Aug 3 12:12:30 dns1 named[26425]: 03-Aug-2010 12:12:30.515 lame-servers: info: unexpected RCODE (SERVFAIL) resolving 'ns2.telkom.co.za//IN': 196.7.142.133#53 Aug 3 12:12:30 dns1 named[26425]: 03-Aug-2010 12:12:30.522 lame-servers: info: unexpected RCODE (SERVFAIL) resolving 'ns3.telkom.co.za//IN': 196.7.142.133#53 Aug 3 12:41:42 dns1 named[26425]: 03-Aug-2010 12:41:42.753 lame-servers: info: unexpected RCODE (REFUSED) resolving 'lists.colo.xensource.com/A/IN': 68.156.138.136#53 Aug 3 12:41:43 dns1 named[26425]: 03-Aug-2010 12:41:43.101 lame-servers: info: unexpected RCODE (REFUSED) resolving 'lists.colo.xensource.com//IN': 66.165.176.24#53 Aug 3 12:41:43 dns1 named[26425]: 03-Aug-2010 12:41:43.240 lame-servers: info: unexpected RCODE (REFUSED) resolving 'lists.colo.xensource.com//IN': 68.156.138.136#53 Aug 3 13:11:24 dns1 named[26425]: 03-Aug-2010 13:11:24.187 lame-servers: info: unexpected RCODE (SERVFAIL) resolving '34.46.85.18.in-addr.arpa/PTR/IN': 18.85.2.171#53 Aug 3 13:16:17 dns1 named[26425]: 03-Aug-2010 13:16:17.355 lame-servers: info: unexpected RCODE (REFUSED) resolving '110.241.42.70.in-addr.arpa/PTR/IN': 68.156.138.136#53 The weird thing is, normaly I see between 40 and 100 per day, but today more then 7000. What can this be? Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Three NameServer DOSing my dns1
Hello Matus UHLAR - fantomas, Am 2010-07-29 14:12:54, hacktest Du folgendes herunter: On 28.07.10 23:24, Michelle Konzack wrote: But why do they query my server 3 times per second? deep parsing of e-mail headers by spam filtering software, I guess. Which is the last crap! Spamassassin does this too and I had to whitelist more then 2000 E-Mails do to the high amount of false-positives. Apparently because of your fake ssmtp header. Which fake ssmtp header? How do you thinkI can send mails? My workstation has ssmtp for securtity reason installed like all of my machines which do not receive any mails but have only to send out messages like logs or alarms... courier is my official Relay which is used by more then 8000 users. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Three NameServer DOSing my dns1
Hello Matus UHLAR - fantomas, Am 2010-07-29 19:37:50, hacktest Du folgendes herunter: apparently internal_networks set up incorrectly? No it is the problem if a customer connect trough a VPN to the Router of the employer/enterprise and send out messages using the the companys own mail relay and fro there it comes to me to the rest of the world Note: My customers are in my network through FTTH. I see the name michelle1.private.tamay-dogan.net in two headers: Received: from michelle1.private.tamay-dogan.net (router.private.tamay-dogan.net [:::192.168.0.65]) (AUTH: LOGIN michelle.konzack) by mail.tamay-dogan.net with esmtp; Thu, 29 Jul 2010 19:16:29 +0200 id 0002C6F8.4C51B76D.55D9 Received: by michelle1.private.tamay-dogan.net (sSMTP sendmail emulation); Thu, 29 Jul 2010 19:16:28 +0200 This is because 192.168.0.65 is the gateway of my private /26 network which is NATed and is conected directly on my router. Note that I'm just guessing and it's apparently not spamassassin. However there are many spam filters deeply parsing headers and some qute incorrectly. I think you are on spamassassin-users mailing list and you could remember that problems with deeply parsed headers on some mailservers are mentioned there quite often. I know the threads... header causes some filters try to resolve your hostname. You can try using msmtp or similar smtp client to see if it helps. Already tried. It is always the same and RFC conform. :-D I know because I've seen your posts on courier-users mailing list too. Actually I even know you are debian user, guess why :-) hehehe Your hostname is private and inaccessible from the outside. The requesters get SERVFAIL reply which apparently makes them retry. If you provided them any IP address (e.g. 127.0.0.1) they could be satisfied and stop trying (until the cached record expires). You can try this if it makes you angry. I have removed the REJECT and immediatly gotten over 7000 MAILER-DAEMON errors from arround the world and this idiots are attaching WHOLE messages including attackments to it. 99% are MAILER-DAEMON messages du to faked From: using linux4michelle. Also the tries from dtag.de, t-dialin.net and arcor-ip.de are mostly MAILERDAEMON spam. Tomorrow I will call the Deutsche Telecom directly in Ofenburg/Germany since I am angy and I like to bother them. They should be a little bit busy like me. :-D Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Three NameServer DOSing my dns1
Hello Experts, my primary NameServer dns1.tamay-dogan.net is hit by more then 600.000 requests per day coming mainly from three NameServers: [ '/var/log/named.log' ] Jul 28 11:18:17 samba3 named[26425]: 28-Jul-2010 11:18:17.318 security: info: client 194.25.2.173#34455: query 'michelle1.private.tamay-dogan.net/A/IN' denied Jul 28 11:18:17 samba3 named[26425]: 28-Jul-2010 11:18:17.568 security: info: client 145.253.2.7#39557: query 'michelle1.private.tamay-dogan.net/A/IN' denied Jul 28 11:18:17 samba3 named[26425]: 28-Jul-2010 11:18:17.747 security: info: client 79.242.61.74#59366: query 'michelle1.private.tamay-dogan.net/A/IN' denied Jul 28 11:18:18 samba3 named[26425]: 28-Jul-2010 11:18:18.033 security: info: client 145.253.2.7#42608: query 'michelle1.private.tamay-dogan.net/A/IN' denied Jul 28 11:18:18 samba3 named[26425]: 28-Jul-2010 11:18:18.229 security: info: client 79.242.61.74#59366: query 'michelle1.private.tamay-dogan.net/A/IN' denied Jul 28 11:18:18 samba3 named[26425]: 28-Jul-2010 11:18:18.341 security: info: client 194.25.2.173#51045: query 'michelle1.private.tamay-dogan.net/MX/IN' denied Jul 28 11:18:18 samba3 named[26425]: 28-Jul-2010 11:18:18.596 security: info: client 145.253.2.7#38208: query 'michelle1.private.tamay-dogan.net/MX/IN' denied Jul 28 11:18:18 samba3 named[26425]: 28-Jul-2010 11:18:18.792 security: info: client 79.242.61.74#59366: query 'michelle1.private.tamay-dogan.net/MX/IN' denied Jul 28 11:18:19 samba3 named[26425]: 28-Jul-2010 11:18:19.081 security: info: client 145.253.2.7#52958: query 'michelle1.private.tamay-dogan.net/MX/IN' denied Jul 28 11:18:19 samba3 named[26425]: 28-Jul-2010 11:18:19.284 security: info: client 79.242.61.74#59366: query 'michelle1.private.tamay-dogan.net/MX/IN' denied [ STDIN ]--- [michelle.konz...@michelle1:~] host 194.25.2.173 173.2.25.194.in-addr.arpa domain name pointer dns42.btx.dtag.de. [michelle.konz...@michelle1:~] host 145.253.2.7 Host 7.2.253.145.in-addr.arpa. not found: 3(NXDOMAIN) [michelle.konz...@michelle1:~] host 79.242.61.7 7.61.242.79.in-addr.arpa domain name pointer p4FF23D07.dip.t-dialin.net. [michelle.konz...@michelle1:~] dig -x 145.253.2.7 ; DiG 9.5.1-P3 -x 145.253.2.7 ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 36189 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;7.2.253.145.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 253.145.in-addr.arpa. 6161IN SOA ns1.arcor-ip.de. hostmaster.adm.arcor.net. 2010072800 28800 14400 1814400 7200 ;; Query time: 1 msec ;; SERVER: 192.168.0.74#53(192.168.0.74) ;; WHEN: Wed Jul 28 11:38:01 2010 ;; MSG SIZE rcvd: 117 the NX one is from Arcor. Since the Deutsche Telecom is NOT responsive to ANY of my requests and you can not even reach them by Telephone, I need to do something because this 32 MByte traffic per day is absolutely useless. Any suggestions? yandex.ru has respond for an half hour to my reqests after 3 weeks or such and told me they are querying my DNS because there is a link in my website... but I have found nothing. However, they want to connect to my ancien Laptop tp570 and my Work- station michelle1 from which I write this message... Both machines are in my Intranet and will never allow access from the world. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Three NameServer DOSing my dns1
Hello Dave Sparro, Am 2010-07-28 10:11:52, hacktest Du folgendes herunter: That host name does show up in your e-mail headers. That may be why there are some people curious about that host name. But why do they query my server 3 times per second? Currently I have more then 600.000 DNS requests per day... but only dtag.de, t-dialin.net and arcor-ip.net are querying my michelle1 excessiv. Other NS (arround 90) are less then 20%. The question is, why do they query an @home FQDN, if I have a public SMTP relay? For me it is an error in there configuration, because the MTA should only test the MTA, which connect to it and this is definitively mail.tamay-dogan.net. The other thig is that in the last 4-6 days I have not written very much E-Mail (maybe 50-70) which let mit puzzeling arround, WHY I am bombed with several million queries. Today I have send only 12 messages and I have attached the unified log from today for servers querying michelle1. While Google is has stoped querying my server endless, since today it is ns1.Level3.net. Do you not wonder? Also I have for some minutes encountered, that I had several 10.000 break-in attempts (apache, ssh and courier) from DOT CN today. I realy should nuke them. If the repeat traffic really bothers you, I'd bet that you could get them to go away by giving a better answer than REFUSED to their query. If you want to keep your private.tamay-dogan.net zone private, you could use views to keep the zone from existing for the Internet side of your connection. OK I have to read into views because I do ot know how this stuff works I'd even be tempted to ditch the allow-query ACL so that they could get the michelle1.private.tamay-dogan.net/A/IN == 192.168.0.65 answer (at least temporarily). I'd be even more tempted to ignore the noise in your log file. BIND is just letting you know it is doing exactly what you configured it to do. Hmmm, it is not realy funny to have per day a 100 MByte logfile. Thanks, Greetings and nice Day/Evening Michelle Konzack [ command 'tdnamed --get-ns' ]-- 119.147.9.49: dns.guangzhou.gd.cn 120.29.157.9: ns2.hyper.net.id 120.29.158.9: ns2.hyper.net.id 128.151.219.8 : galileo.cc.rochester.edu 128.151.224.6 : galileo.cc.rochester.edu 128.86.8.10 : ns0.ja.net 128.86.8.25 : ns0.ja.net 130.129.33.240 : ns1.meeting.ietf.org 145.253.2.7 : ns1.arcor-ip.de 192.221.166.105 : ns1.Level3.net 192.221.166.107 : ns1.Level3.net 192.221.166.113 : ns1.Level3.net 192.221.166.123 : ns1.Level3.net 192.221.166.124 : ns1.Level3.net 192.221.166.126 : ns1.Level3.net 192.221.166.137 : ns1.Level3.net 192.221.166.140 : ns1.Level3.net 192.221.166.148 : ns1.Level3.net 192.221.166.152 : ns1.Level3.net 192.221.166.156 : ns1.Level3.net 192.221.166.167 : ns1.Level3.net 192.221.166.168 : ns1.Level3.net 192.221.166.171 : ns1.Level3.net 192.221.166.177 : ns1.Level3.net 192.221.166.179 : ns1.Level3.net 192.221.166.184 : ns1.Level3.net 192.221.166.209 : ns1.Level3.net 192.221.166.222 : ns1.Level3.net 192.221.166.243 : ns1.Level3.net 192.221.166.3 : ns1.Level3.net 192.221.166.51 : ns1.Level3.net 192.221.166.53 : ns1.Level3.net 192.221.166.61 : ns1.Level3.net 192.221.166.80 : ns1.Level3.net 192.221.166.81 : ns1.Level3.net 192.221.166.94 : ns1.Level3.net 192.221.166.96 : ns1.Level3.net 192.221.167.103 : ns1.Level3.net 192.221.167.138 : ns1.Level3.net 192.221.167.144 : ns1.Level3.net 192.221.167.146 : ns1.Level3.net 192.221.167.147 : ns1.Level3.net 192.221.167.148 : ns1.Level3.net 192.221.167.152 : ns1.Level3.net 192.221.167.157 : ns1.Level3.net 192.221.167.164 : ns1.Level3.net 192.221.167.174 : ns1.Level3.net 192.221.167.180 : ns1.Level3.net 192.221.167.183 : ns1.Level3.net 192.221.167.189 : ns1.Level3.net 192.221.167.2 : ns1.Level3.net 192.221.167.20 : ns1.Level3.net 192.221.167.217 : ns1.Level3.net 192.221.167.219 : ns1.Level3.net 192.221.167.221 : ns1.Level3.net 192.221.167.241 : ns1.Level3.net 192.221.167.249 : ns1.Level3.net 192.221.167.33 : ns1.Level3.net 192.221.167.35 : ns1.Level3.net 192.221.167.38 : ns1.Level3.net 192.221.167.41 : ns1.Level3.net 192.221.167.47 : ns1.Level3.net 192.221.167.52 : ns1.Level3.net 192.221.167.68 : ns1.Level3.net 192.221.167.78 : ns1.Level3.net 192.221.167.85 : ns1.Level3.net 192.221.167.88 : ns1.Level3.net 192.221.190.103 : ns1.Level3.net 192.221.190.106 : ns1.Level3.net 192.221.190.109 : ns1.Level3.net 192.221.190.114 : ns1.Level3.net 192.221.190.127 : ns1.Level3.net 192.221.190.133 : ns1.Level3.net 192.221.190.139 : ns1.Level3.net 192.221.190.145 : ns1.Level3.net 192.221.190.147 : ns1.Level3.net 192.221.190.148 : ns1.Level3.net 192.221.190.161 : ns1.Level3.net 192.221.190.164 : ns1.Level3.net 192.221.190.166 : ns1.Level3.net 192.221.190.174 : ns1.Level3.net 192.221.190.178 : ns1.Level3.net 192.221.190.181 : ns1
Re: Need help about porting bind-9.7.0 to ARM board (5)
Hello LiGang, Am 2010-05-30 20:08:11, hacktest Du folgendes herunter: Hi all! With your help, I have successfully complied bind9 for ARM board. After “make install”,all the files i need to copy to my target are copied to a folder. But its size is 34.4MB, very big. Hmmm, realy weird, because EVEN unstriped binaries would not be bigger then 12 MByte. There must be some errors on your system... My question is if my purpose is just to implement a simple and basic DNS server, for example users input www.123.com in IE browser and then access to a webserver, what's the necessary files i need to copy to my target? Thanks!! I am running bind 9.7 on a Marvel MV78200 and the bind9 installation is less then 3 MByte in total. Note: I am using Debian GNU/Linux 5.0.4 Lenny with Vanilla-Kernel because the Debian one does not support the Marvel MV78200. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Weird problem with zone transfer...
Hello, since some days I have weird error messages in my [ '/var/log/namd.log' ]- snip May 28 08:31:53 vserver4 named[18289]: 28-May-2010 08:31:53.803 general: info: zone tamay-dogan.net/IN: Transfer started. May 28 08:31:53 vserver4 named[18289]: 28-May-2010 08:31:53.845 xfer-in: info: transfer of 'tamay-dogan.net/IN' from 88.168.69.36#53: connected using 217.147.94.23#35438 May 28 08:31:53 vserver4 named[18289]: 28-May-2010 08:31:53.940 general: error: dumping master file: /etc/bind/tmp-u1yHZe1oSu: open: permission denied May 28 08:31:53 vserver4 named[18289]: 28-May-2010 08:31:53.941 xfer-in: error: transfer of 'tamay-dogan.net/IN' from 88.168.69.36#53: failed while receiving responses: permission denied May 28 08:31:53 vserver4 named[18289]: 28-May-2010 08:31:53.941 xfer-in: info: transfer of 'tamay-dogan.net/IN' from 88.168.69.36#53: Transfer completed: 0 messages, 38 records, 0 bytes, 0.095 secs (0 bytes/sec) May 28 08:31:54 vserver4 named[18289]: 28-May-2010 08:31:54.286 general: info: zone itsystems.tamay-dogan.net/IN: Transfer started. May 28 08:31:54 vserver4 named[18289]: 28-May-2010 08:31:54.326 xfer-in: info: transfer of 'itsystems.tamay-dogan.net/IN' from 88.168.69.36#53: connected using 217.147.94.23#47256 May 28 08:31:54 vserver4 named[18289]: 28-May-2010 08:31:54.413 xfer-in: error: transfer of 'itsystems.tamay-dogan.net/IN' from 88.168.69.36#53: failed while receiving responses: permission denied May 28 08:31:54 vserver4 named[18289]: 28-May-2010 08:31:54.413 xfer-in: info: transfer of 'itsystems.tamay-dogan.net/IN' from 88.168.69.36#53: Transfer completed: 0 messages, 11 records, 0 bytes, 0.086 secs (0 bytes/sec) May 28 08:31:54 vserver4 named[18289]: 28-May-2010 08:31:54.420 general: error: dumping master file: /etc/bind/tmp-yCmtXsjs1h: open: permission denied snip I have no quota and permissions are right, so what can it be? Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Weird problem with zone transfer...
Hello Michelle Konzack, Am 2010-05-28 12:17:37, hacktest Du folgendes herunter: Hello, since some days I have weird error messages in my snip I have no quota and permissions are right, so what can it be? FSCK! -- Found the error... The replication of my pam-pgsql database was not successfull and when I installed bind9 on my dns2, pam-pgsql was not used but instead /etc/{passwd,groups} and goten another UID/GID which was confusig my admin scripts which do not run as root. However, how can I convince xfer no to change the files to the ownwer root:bind and permission 644? The files should be bind:adm and the permission 664 Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
dnssec-keygen is waiting endless...
Hello *; I am retrying to setup DNSSEC but I have a problem with: dnssec-keygen -a RSASHA1 b 1024 -n ZONE tamay-dogan.net because if I issue the command, it waits forever and nothing happen. What can this be? Operating System is Debian GNU/Linux 5.0 Lenny with bind9 in version 1:9.7.0.dfsg.P1-1~bpo50+1 Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dnssec-keygen is waiting endless...
Hello Paul, Am 2010-05-28 12:34:16, hacktest Du folgendes herunter: My bet is that this is a VM and you have no entropy. Either generate some entropy (eg run in paralel something like: find / -type f | xargs grep KSdgajkgdaksdga) or create the keys on real iron instead of a VM. No, this a real machine:AMD Sempron 2200+ (Socket A) with 3 GByte of memory and only standard Debian in stallation. The thing with the find does not work... Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dnssec-keygen is waiting endless...
Hi again, Am 2010-05-28 10:36:51, hacktest Du folgendes herunter: Or it is a chroot jail and it does not have a source of entropy AFAIK does a chroot give a fals impression bind could be more secure... Currently I need to secure my bind9 since I had a massive attack on my dns1 which is the master. Also I have had more then 30 million queries in less then one week and bind9 has eaten arround 2.4 GByte of memory... Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dnssec-keygen is waiting endless...
Hello Casey, Am 2010-05-28 11:15:30, hacktest Du folgendes herunter: Running 'cat /proc/sys/kernel/random/entropy_avail' should show you what your available entropy is during the keygen process. It show me a number between 0 and several 100 There are a variety of things you can do to increase the size of the entropy pool, but if you're willing to accept less entropy at this point to get things going, pass '-r /dev/urandom' to dnssec-keygen (see 'man urandom'). This is working for now... Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dnssec-keygen is waiting endless...
Hello Evan, Am 2010-05-28 18:33:14, hacktest Du folgendes herunter: Operating System is Debian GNU/Linux 5.0 Lenny with bind9 in version 1:9.7.0.dfsg.P1-1~bpo50+1 I get the same problem on Ubuntu, which is Debian-based. /dev/random runs out of entropy rapidly and takes a long time to recover. I have tries it on Debian Etch, Lenny and Sid with the same result... On all three machines I have touse -r /dev/urandom which is realy weird. Using dnssec-keygen -r /dev/urandom will make it finish much faster, but that uses a pseudo-random number generator instead of true randomness, so it's not the best choice from the paranoid crypto viewpoint. I often use it for test zones and such. If I needed a proper bulletproof key on an Ubuntu box, and I didn't want to wait a long time for it, I'd probably generate the key on some other system and copy it over. :-) I have 38.000 Zones and on my AMD Sempron 2200+ with 3 GByte of memory it take arround 40 Second to create ONE signed zone fro a script. This mean, if I want to sign 38.000 zones it will run 18 days... Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Automated DNSSEC (command line)
Hello Michael, Am 2010-05-28 14:40:30, hacktest Du folgendes herunter: Check out zkt (http://www.hznet.de/dns/zkt/). There are a few more involved tools out there, but zkt sounds like what you want. OK... Can an expert please check 'dig ANY tamay-dogan.net' whether this is right? Looks good to me. The sigs seem to be within their validity interval, but there doesn't appear a DLV record in dlv.isc.org, so I Right, it was setup for some hours in a experimet and is currently not setup with DLV. can't validate. (Actually, I *could* snarf the ksk from the ANY query and manually configure it as a trust anchor, but I am lazy. Moreover, that won't tell us if something goes wrong if/when you publish a trust-anchor DLV record or DS record, when NET becomes signed.) I have some problems with understanding DNSSEC in 6 Minutes from ISC. default in recent versions of BIND. You still need to configure a trust anchor (or anchors) if you want to do validation. This is what i have not understand currently... Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Automated DNSSEC (command line)
Hello Casey, Am 2010-05-28 14:43:54, hacktest Du folgendes herunter: Yes, and you really should use one. The two most important things with signed zones are that your signatures don't expire, and that the right DNSSEC RRs are included in the zone. So not only does it need to be resigned after changes (to include the proper DNSSEC RRs), but also periodically make sure signatures don't expire. Here are a few of the tools written for that purpose: http://dnssec-tools.org/ http://www.opendnssec.org/ http://www.hznet.de/dns/zkt/ http://zonetool.sourceforge.net/ Wow, I have to check the most suitabble for me Looks okay to me. Here's what your signed zone looks like visually: http://dnsviz.net/d/tamay-dogan.net/dnssec/ Cool tool... Although, it looks like you perhaps didn't increment the zone serial, as only one of your authoritative servers is running a signed version of the zone. Now I have a problem with it because HOW can I increase the serialnumber in this big file. In the old unsigned file I was working with a script, but now I know nothing anymore. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Automated DNSSEC (command line)
Hello again, Am 2010-05-28 14:43:54, hacktest Du folgendes herunter: Looks okay to me. Here's what your signed zone looks like visually: http://dnsviz.net/d/tamay-dogan.net/dnssec/ Although, it looks like you perhaps didn't increment the zone serial, as only one of your authoritative servers is running a signed version of the zone. I have updated the serialnumber manualy and it just updated dns2... OK, now I have tried the second Zone http://dnsviz.net/d/itsystems.tamay-dogan.net/dnssec/ but it tell me: RRSIG itsystems.tamay-dogan.net/SOA by 005+19470: Signature is bogus realy weird, because the Zone is like others. How can I check this? Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Automated DNSSEC (command line)
Hello Mark, Am 2010-05-29 09:06:40, hacktest Du folgendes herunter: You can just let named re-sign the zone for you. Treat the zones as dynamic and named from BIND 9.6 onwards will maintain the signatures for you. What do you mean with Treat the zones as dynamic? Is there a special option? Use nsupdate to change the contents of the zone. OK. I have to change my scripts to use nsupdate, but as I have understand it right, you can not add NEW hosts to a zone through nsupdate (has never worked) or has it changed now? Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
UAE punycode in zone
Hello *, Since some days there are Puny-Code Domains for arabic domains available and now I have gotten a request from a customer to setup one... =8O How must I do this? For example for the Domain تامايدوجان.سى tamay-dogan.sa Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France itsyst...@tdnet UG (haftungsbeschränkt) Gesch. Michelle Konzack Gesch. Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to make one ZONE (subdomain) non-public?
Hello Matus UHLAR - fantomas, Am 2010-04-12 09:52:03, hacktest Du folgendes herunter: allow-access in zone statement. Ehm... [ STDIN ]--- Apr 12 10:16:48 samba3 named[16931]: starting BIND 9.3.4-P1.2 -u bind Apr 12 10:16:48 samba3 named[16931]: found 4 CPUs, using 4 worker threads Apr 12 10:16:48 samba3 named[16931]: loading configuration from '/etc/bind/named.conf' Apr 12 10:16:48 samba3 named[16931]: /etc/bind/named.conf.local:63: unknown option 'allow-access' Apr 12 10:16:48 samba3 named[16931]: loading configuration: failure Apr 12 10:16:48 samba3 named[16931]: exiting (due to fatal error) Maybe allow-query? zone private.tamay-dogan.net { typemaster; file/etc/bind/net.tamay-dogan.private; allow-transfer { 192.168.0.194; 192.168.0.195; }; allow-update{ 192.168.0.91; 192.168.0.92; 192.168.0.93; 192.168.0.112; }; allow-query { 192.168.0.0/24; }; }; but now I can not more access bind9 from my workstation... Can you try to query dig michelle1.private.tamay-dogan.net @dns1.tamay-dogan.net please? Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France itsyst...@tdnet UG (haftungsbeschränkt) Gesch. Michelle Konzack Gesch. Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to make one ZONE (subdomain) non-public?
Hello Matus UHLAR - fantomas, Am 2010-04-12 11:21:07, hacktest Du folgendes herunter: On 12.04.10 10:24, Michelle Konzack wrote: Hello Matus UHLAR - fantomas, Am 2010-04-12 09:52:03, hacktest Du folgendes herunter: allow-access in zone statement. sorry, I've meant allow-query. :-D I have already seen in the logfiles, that several peoples had tried to access the DNS and it was denied... [ '/var/log/named.log' ] Apr 12 11:01:04 dns named[4501]: 12-Apr-2010 11:01:04.433 security: info: client 74.125.76.78#33964: query 'michelle1.private.tamay-dogan.net/A/IN' denied Apr 12 11:01:04 dns named[4501]: 12-Apr-2010 11:01:04.482 security: info: client 74.125.76.78#3: query 'michelle1.private.tamay-dogan.net/A/IN' denied Apr 12 11:48:51 dns named[4501]: 12-Apr-2010 11:48:51.055 security: info: client 77.88.42.250#5335: query 'samba3.private.tamay-dogan.net/A/IN' denied Apr 12 12:00:05 dns named[4501]: 12-Apr-2010 12:00:05.432 security: info: client 220.181.12.2#45710: query 'michelle1.private.tamay-dogan.net/A/IN' denied Apr 12 12:00:05 dns named[4501]: 12-Apr-2010 12:00:05.707 security: info: client 220.181.12.2#39523: query 'michelle1.private.tamay-dogan.net/A/IN' denied Apr 12 12:01:26 dns named[4501]: 12-Apr-2010 12:01:26.201 security: info: client 217.147.177.250#22248: query 'private.tamay-dogan.net/A/IN' denied Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France itsyst...@tdnet UG (haftungsbeschränkt) Gesch. Michelle Konzack Gesch. Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Poblem with ZONE (subdomain)
something accidently? Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ Michelle Konzack http://www.can4linux.org/ Apt. 917 http://www.flexray4linux.org/ 50, rue de Soultz Jabber linux4miche...@jabber.ccc.de 67100 Strabourg/France IRC#Debian (irc.icq.com) Tel. DE: +49 177 9351947 ICQ#328449886 Tel. FR: +33 6 61925193 signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Poblem with ZONE (subdomain)
-dogan.net. ( 1263739559 10800 3600 86400 604800 ) IN NS dns1.tamay-dogan.net. IN NS dns2.tamay-dogan.net. IN NS ns1.codefoundry.com. IN NS ns2.codefoundry.com. IN MX 30 mail.tamay-dogan.net. IN MX 40 webmail.codefoundry.com. bugsIN MX 10 mail.tamay-dogan.net. lists IN MX 10 mail.tamay-dogan.net. www IN CNAMEvserver3.tamay-dogan.net. consultants IN CNAMEvserver3.tamay-dogan.net. docsIN CNAMEvserver3.tamay-dogan.net. lists IN CNAMEvserver3.tamay-dogan.net. xmmsIN CNAMEvserver3.tamay-dogan.net. emdebianIN CNAMEvserver3.tamay-dogan.net. pootle IN CNAMEvserver3.tamay-dogan.net. archive IN CNAMEvserver3.tamay-dogan.net. releasesIN CNAMEvserver3.tamay-dogan.net. buzzIN CNAMEvserver3.tamay-dogan.net. rex IN CNAMEvserver3.tamay-dogan.net. bo IN CNAMEvserver3.tamay-dogan.net. hammIN CNAMEvserver3.tamay-dogan.net. smink IN CNAMEvserver3.tamay-dogan.net. potato IN CNAMEvserver3.tamay-dogan.net. woody IN CNAMEvserver3.tamay-dogan.net. sarge IN CNAMEvserver3.tamay-dogan.net. etchIN CNAMEvserver3.tamay-dogan.net. lenny IN CNAMEvserver3.tamay-dogan.net. sid IN CNAMEvserver3.tamay-dogan.net. devel IN CNAMEvserver3.tamay-dogan.net. bugsIN CNAMEvserver3.tamay-dogan.net. pbuilderIN CNAMEvserver3.tamay-dogan.net. The zone of tdwave.netis working: [ '/etc/bind/net.tdwave' ]-- @ 3600IN SOA dns1.tamay-dogan.net. hostmaster.tamay-dogan.net. ( 1263923027 10800 3600 604800 86400 ) IN NS dns1.tamay-dogan.net. IN NS dns2.tamay-dogan.net. IN NS ns1.codefoundry.com. IN NS ns2.codefoundry.com. IN MX 10 mail.tamay-dogan.net. IN MX 40 webmail.codefoundry.com. IN TXT v=spf1 a mx ~all www IN CNAMEvserver10.tamay-dogan.net. admin IN CNAMEvserver10.tamay-dogan.net. docsIN CNAMEvserver10.tamay-dogan.net. musica IN CNAMEvserver10.tamay-dogan.net. videos IN CNAMEvserver10.tamay-dogan.net. iptvIN CNAMEvserver10.tamay-dogan.net. voipIN CNAMEvserver10.tamay-dogan.net. webmail IN CNAMEvserver10.tamay-dogan.net. but not [ '/etc/bind/org.can4linux' ]--- @ 3600IN SOA dns1.tamay-dogan.net. hostmaster.tamay-dogan.net. ( 1263741789 10800 3600 604800 86400 ) IN NS dns1.tamay-dogan.net. IN NS dns2.tamay-dogan.net. IN NS ns1.codefoundry.com. IN NS ns2.codefoundry.com. IN MX 10 mail.tamay-dogan.net. IN MX 30 webmail.codefoundry.com. www IN CNAMEvserver9.tamay-dogan.net. Cansomeone tell me whats going on here? Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 25.9V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ Michelle Konzack http://www.can4linux.org/ Apt. 917 http://www.flexray4linux.org/ 50, rue de Soultz Jabber linux4miche...@jabber.ccc.de 67100 Strabourg/France IRC#Debian (irc.icq.com) Tel. DE: +49 177 9351947 ICQ#328449886 Tel. FR: +33 6 61925193 signature.pgp Description: Digital
Re: Poblem with ZONE (subdomain)
Helle Kevin, Am 2010-01-19 14:29:59, schrieb Kevin Darcy: Correct. You can't have lists be a CNAME and also have it own an MX record. The zone is invalid. OK You can probably just whack the CNAME for lists and add one for the target of the CNAME (vserver3.tamay-dogan.net), which will function the way you apparently intended. Be aware, however, that this will then be valid for all of the other CNAMEs pointing at that target, I do not understand this. Do you mean: lists IN MX 10mail.tamay-dogan.net. bugsIN MX 10mail.tamay-dogan.net. IN CNAMEvserver3.tamay-dogan.net. Thanks, Greetings and nice Day/Evening Michelle Konzack -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ Michelle Konzack http://www.can4linux.org/ Apt. 917 http://www.flexray4linux.org/ 50, rue de Soultz Jabber linux4miche...@jabber.ccc.de 67100 Strabourg/France IRC#Debian (irc.icq.com) Tel. DE: +49 177 9351947 ICQ#328449886 Tel. FR: +33 6 61925193 signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Mailing list addresses
Forgotten one thing: The X-BeenThere: and the List-*: where not present some years ago. They are present since thi list where moved to lists.isc.org and not before Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack c/o Shared Office KabelBW ICQ #328449886 +49/177/9351947Blumenstasse 2 MSN LinuxMichi +33/6/61925193 77694 Kehl/Germany IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: MX records for dynamic IP?
Sorry for the broken Thread, but my Registrar has not changed the Nameservers yet and I can not more get any messages... From: Barry Margolin on Thu Apr 16 23:00:13 UTC 2009: That problem exists even if you don't go through an alias, e.g. foo.com. IN MX 10 foo.dyndns.org. Did you notice that his dynamic A record has a 60-second TTL? Unless he gets lots of mail, I think a one-minute window of vulnerability is reasonably safe. If he has a cable modem service, they typically change IPs very rarely. And the customer who gets your old IP would have to be running a mail server, and configure it to accept mail for your address, for this to cause mis-delivery. Thisis why I have setup a TTL of 60 seconds. My IP changes all 24 hours. If you can run your web services and mail services on *static* IPs that would be preferred. Trying to run this kind of stuff on dynamic IPs is always going to be an uphill battle. Maybe you relish the challenge; most people just want their stuff to work. Static IPs are typically more expensive than dynamic ones, and that extra expense may not be justified for many people. Note: Because a techical problem (not on my side) I can not get currently I can not get my 100 MBit Backbone before 3 month and since I have bougth a new CISCO for 78000 Euro, a 100 MBit Ceragon wireless bridge for 13000 Euro, a Sun Enterprise T5240 for a realy nice price, I am now fsck'ed... Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ Michelle Konzack http://www.can4linux.org/ Apt. 917 http://www.flexray4linux.org/ 50, rue de Soultz Jabber linux4miche...@jabber.ccc.de 67100 Strasbourg/France IRC #Debian (irc.icq.com) Tel. DE: +49 177 9351947 ICQ #328449886Tel. FR: +33 6 61925193 signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
[OT] zonedit.com and changing DNS servers from current provider
Hello *, My hosting contract is running out on 2009-04-16 and now I like to use zonedit.com to host my zones. Unfortunately I have not found the answer to my qustion on there help page and they do not reply to my question per mail except an autoreply. So does someone know, if I setup Zonedit how to eliminate the ZONE at my current ISP and HOW to change the WHOIS record? Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ Michelle Konzack http://www.can4linux.org/ Apt. 917 http://www.flexray4linux.org/ 50, rue de Soultz Jabber linux4miche...@jabber.ccc.de 67100 Strasbourg/France IRC #Debian (irc.icq.com) Tel. DE: +49 177 9351947 ICQ #328449886Tel. FR: +33 6 61925193 signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
named-xfer?
Hello, I have to fetch some zones from http://www.zonedit.com/ but it seems, named-xfer does not more exist in bind9. How can I now manualy download a zone? Thanks, Greetings and nice Day/Evening Michelle Konzack -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ Michelle Konzack http://www.can4linux.org/ Apt. 917 http://www.flexray4linux.org/ 50, rue de Soultz Jabber linux4miche...@jabber.ccc.de 67100 Strasbourg/France IRC #Debian (irc.icq.com) Tel. DE: +49 177 9351947 ICQ #328449886Tel. FR: +33 6 61925193 signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
GeoIP like RBLDNS
Hello Bind9 Geeks/Nerds and whoever, I have the need for a GeoIP Database but the one from Maxmind peoduce a Disk-IO as the hell. Now my Idea is to use my bind9 to archive my goal. In general, I need ONLY the contry code for a given IP but I a not disinclined to put more infos in the database. [michelle.konz...@michelle1:~] host 188.66.4.62.geoip.tamay-dogan.net 188.66.4.62.geoip.tamay-dogan.net is an alias for de.geoip.tamay-dogan.net. de.geoip.tamay-dogan.net has address 127.0.0.49 OK, this is working, but loading a ZONE of several 100 MBytes (I am not even finished with the german part) hit the limits, even if my Server, a Quad-Xeon, has 16 GBytes of memory... Any ideas howt to do this better? Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ Michelle Konzack http://www.can4linux.org/ Apt. 917 http://www.flexray4linux.org/ 50, rue de Soultz Jabber linux4miche...@jabber.ccc.de 67100 Strasbourg/France IRC #Debian (irc.icq.com) Tel. DE: +49 177 9351947 ICQ #328449886Tel. FR: +33 6 61925193 signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How do i use å ä ö in domain names?
While we are at äöü there is a error in your mail: Vorstande: ^ The dots are missing Reinhold Schulte (Vorsitzender), Dr. Karl-Josef Bierth, Michael Johnigk, Ulrich Leitermann, Michael Petmecky, Dr. Klaus Sticker, Vorsitzender der Aufsichtsrate: Gunter Kutz ^ The dots are missing SIGNAL IDUNA Gruppe Hauptverwaltungen, Internet: www.signal-iduna.de, E-Mail: i...@signal-iduna.de 44121 Dortmund, Hausanschrift: Joseph-Scherer-Str. 3, 44139 Dortmund, Telefon: (02 31) 1 35-0, Telefax: (02 31) 1 35-46 38 20351 Hamburg, Hausanschrift: Neue Rabenstra?e 15-19, 20354 Hamburg, ^ This schould be sharp... Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ http://www.can4linux.org/ Michelle Konzack Apt. 917 ICQ #328449886 +49/177/935194750, rue de Soultz MSN LinuxMichi +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to create the TSIG?
1220552501) Feb 6 17:43:09 dns named[24170]: zone omega.tamay-dogan.net/IN: sending notifies (serial 1220552501) What I have doen wrong? Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ http://www.can4linux.org/ Michelle Konzack Apt. 917 ICQ #328449886 +49/177/935194750, rue de Soultz MSN LinuxMichi +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Dynamic update of TXT record?
Oops... By accident I have activated a script and... it works! Magic inside! However, I am on my OfficeStation and not my Laptop... Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant Am 2009-02-04 10:56:39, schrieb Michelle Konzack: [ '/etc/bind/named.conf.local' ] zone private.tamay-dogan.net { typemaster; file/etc/bind/net.tamay-dogan.private; allow-transfer { 192.168.0.194; }; allow-update{ 192.168.0.91; 192.168.0.92; 192.168.0.93; 192.168.0.112; }; }; -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ http://www.can4linux.org/ Michelle Konzack Apt. 917 ICQ #328449886 +49/177/935194750, rue de Soultz MSN LinuxMichi +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How to create the TSIG?
Hello, since the french authorities (current government has shutdown my network in paris) I am installing my system on some root servers at different ISPs all over the world... So while reding the bind9 manual, it is not clear for me, HOW to create the TSIG and use it, because I will instal on one of my root servers bind9 as master ant then let the 5 slaves up date from it. But I have the need for dynamicaly updation the zones. So, what must I do to use TSIG? (as from the manual, allow-update with IP addresses is suicide) Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ http://www.can4linux.org/ Michelle Konzack Apt. 917 ICQ #328449886 +49/177/935194750, rue de Soultz MSN LinuxMichi +33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users