From: "Blason R"
> OK - Got it so is there any settings available at master by which it
> will keep on probing slave and as soon it is contacted NOTIFY Message is
sent.
No. The slave will try every REFRESH interval to see if it can contact
the master.
Confidentiality Notice:
This electron
--
William Brown
Messaging Team
Technology Services, WNYRIC, Erie 1 BOCES
(716) 821-7285
"bind-users" wrote on 06/29/2018
12:53:07 PM:
> From: "Blason R"
> I have bind Master server with me and slave is at other remote
> location. My query is since I have opted for PUSH update from master
>
From: "/dev/rob0"
> Your OS denies named the permission to create the UDP socket on which
> to listen for queries.
>
> That means, of course, that you're not able to receive queries. It's
> Windows doing this, so you need Windows help. I'm unable to provide
> that. Good luck.
One thing th
From: "G.W. Haywood via bind-users"
> On Mon, 19 Mar 2018, King, Harold Clyde wrote:
>
> > I have DNS slaves for internal and external entities. I don't know
> > how to work the NS records so that outside users would only get the
> > external slave and internal would only get the internal slave.
From: "Reindl Harald"
> To: bind-users@lists.isc.org
> the ISP has no business to touch any package bewteen source and me
> because he can't know the implications - he even must not know about
> them because it#s not his business
And yet they do (Supercookies?), and sell that data to any and a
From: "Alan Clegg"
> Wait... who are you guys??!?
Alan, you're the only one I've actually met. Are the rest are all Russian
bots?
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual
Does the lone DNS server even respond on the local network? Do you see
DNS traffic flowing to that server?
Time for the divide and conquer method of troubleshooting to find where
the failure is occurring.
Good luck.
Confidentiality Notice:
This electronic message and any attachments may c
INA 142.54.186.2.
> *.X.TLD.IN CNAME X.TLD.
> X.TLD. INMX 10 142.54.186.2.
> X.TLD. INTXT "v=spf1 mx -all"
>
> Thanks.
>
> With warmest regards,
>
> -Tom
>
> Stream: WBROWN
> But you do know the approximate speed of light in a vacuum?
~3 x 10**8 m/s
More importantly, what is the speed of light in a fiberoptic connection?
Speed of electrons in copper wire?
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged
Can you post a copy of the zone file, changing any server names that
absolutely must be obscure?
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the
> Thanks for your answer. There are no other records with that name in the
> zone, and an ANY query comes back empty but still with status of
> NOERROR. Unfortunately, I can't provide the query and zone data, and I
> do understand that prevents you from helping.
Not even an SOA record?
Confiden
Mark Andrews wrote on 06/15/2017 12:02:37 AM:
> Other ISP's should try to match Google's level of IPv6 commitment.
I'll be they would if they had Google's level of cash flow.
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged informatio
From: Matthew Pounsett
> I fully support breaking resolution for such servers. I'd rather
> have a hard failure on my end that I can investigate, and work
> around if necessary, than have my server wasting cycles trying to
> guess what sort of broken state there is on the far end. It would
From: Tony Finch
> BIND will only send NOTIFY to a zone's advertised name servers -
"stealth
> slaves" like your consumers have to rely on the SOA refresh timer.
Why not use also-notify to specify client servers?
Confidentiality Notice:
This electronic message and any attachments may contain
From: Tony Finch
> > ;; ANSWER SECTION:
> > www.p3net.net. 0 IN A 199.101.28.20
>
> That IP address indicates that your ISP is lying to you. It belongs to
> Skye By Nominum which is a cloud DNS service. I guess this is Skye
Search
> since that sounds like a rent-seeking scheme based
From: Alan Clegg
> Yes, it seems that they have an A record for that label that
> provides the IP address 127.0.0.1.
>
> You probably want to ask the owner of the zone about this, as I?m
> not sure what the community can do about it.
They have an MX record, so perhaps the domain is only intend
From: Bob McDonald
> Of course, anycast would have solved this issue by allowing one to
> add/remove a server from a properly configured environment without
> affecting the clients...
Unless the goal is to move all DNS services off that subnet. Our network
staff would love to reclaim the /24
#x27;s not as much fun as sending them someplace they weren't
expecting...
wbrown@WBrown:~$ dig +short disney.com
199.181.132.249
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or en
From: "Barry S. Finkel"
> One caveat with using virtual servers. Make sure that the DNS server
> on which the host machine relies is NOT the DNS server that is
> virtualized on that host. The host machine needs to be up before
> the VMs residing on that host come up.
And you should never have
From: Mark Andrews
> After that specify a final date for them to fix their machines by
> after which you will send NXDOMAIN responses. Sometimes sending a
> poisoned reponse is the only way to get peoples attention.
>
> zone "." {
>type master;
>file "empty";
> };
>
> empty:
> @ 0 IN SO
> > Use views
>
> Views +1
When were views added to BIND? We started using using multiple servers in
BIND 4, and I don't recall views being available back then, but I didn't
configure the servers, just maintained the zones.
We're still using multiple servers for internal vs. external resolut
I wrote on 12/30/2013 11:17:58 AM:
>
> "BIND 9.9.4 provides support for Response Rate Limiting (RRL). However
it
> is not enabled by default when building BIND. The reason for this is
that
> BIND 9.9 is an Extended Support Version of BIND and per our policy on
> mangement of ESVs, we do no
From: Gaurav Kansal
> In bind 9.9.4, Reponse-Rate Limit doesn?t work until you configure bind
with
> ??enable-rrl? option.
>
> I was wondering why is it so ?
>
> Why not this feature is enabled by default in bind.
>
> I tried to find out the same in ARM but didn?t get any success.
"BIND 9.
From: "David C. Rankin"
> I have bind 9.9.1.P1-2 with dynamic updates from dhcp 4.2.3.2-2.
> It has worked
> great, but I've run into a problem with a dreaded kids-present that
> I suspect is
> due to the game console attempting to provide a hostname containing
> spaces -- of
> all things. (
> From: Alan Clegg
> Fix your windows clients.
You can't fix stupid.
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not
From: Odimegwu David
> Is it possible for one to configure BIND or any DNS implementation
> for the cloud?
> I was forced to search for this forum because the exigences of my
> situation necessitates a cloud. But yet, in a cloud:
> 1. I cannot be systems administrator, even if, I don't know yet,
From: Colin Harvey
> My environment is firewalled from the real world. For queries on
> zones to which I'm not master, I want to recurse to a corporate
> server. nslookup some.internal.hostname.com
> internal.corporate.server works fine. Setting "." to use this
> internal server in the root
> From: SH Development
> No, there is definitely something going on. I shut down our
> ns2.starionhost.net this morning for a while. Sure enough, emails
> started bouncing from customers even though our ns1.starionhost.net
> is up and on the faster machine.
What exactly do the delivery fail
> From: Chris Buxton
> In practice, though, your best bet is to find out why that small
> group of customers are having problems. Are they querying the
> servers directly?
Are they behind the routing problem and can get to the isolated name
server and not the other two servers?
Confidentia
> From: Jeremy P
> In my experience the students who "get it" and comprehend the
> concepts are able to heed the warnings of "in real life, we would do
> this a little different". The students who don't "get it" are gonna
> misconfigure regardless of what TLD I tell them to use in the lab.
>
I don't know how it's done, I'm not a networking guru, but here we have 2
upstream providers and somehow we route out through both, and both can
route in to our /16 network. No messing with DNS changes depending on
which ISP is having problems,
As Clarke's third law states, "Any sufficiently
> From: Steven Carr
> Any chance someone can correct the settings on this mailing list to
> reply to the list by default instead of the user posting the message?
Why, Are the settings wrong?
I have used and later run lists for years, and supported Listserv(tm)
servers for others for most of th
> From: b...@bitrate.net
> on a side note, i would strongly discourage you from using .local in
> dns. .local is a "pseudo" tld, reserved for use with mdns.
This just came up with a site I support. Thanks to this list and the
DNS-OARC list, I know better. Hopefully, I can redirect them to use
> From:
> Can anyone say why Bind course offering appears so expensive? Is
> something else included in the package that is not specified?
>
> 2-Day Introduction to DNS & BIND Training
> Price: $1,795.00
I took this class about 2 years ago. IIRC, the instructor wasn't just a
trainer, but a s
> From: Klaus Malorny
> can someone please briefly explain how to submit a bug report? I think I
have
> found a small bug causing a protocol error in Bind 9.7.7 (and obviously
still
> existent in 9.9.2) and would like the ISC people know about.
"Before submitting a bug report please ensure f
Dwayne Hottinger wrote on 04/10/2013
10:27:24 AM:
> Sorry, My spambox grabbed your earlier reply, my apologies.My
> clients are a mixed enviroment of macs,windows 7/xp, androids, etc.
> At any one time I'll have over 3000 devices connected to the
> network. I actually have one internal
> From: Dwayne Hottinger
> I keep seeing messages in my named.log file that say things
> like clients-per-query increased to 30, then later it says clients-
> per-query decreased to a lower number. When this happens, lookups
> seem to not be working.What is an acceptable value for a large
> From: "Arie L. Putra"
> Some of my server reported SERVFAIL,
>
> i try some reference on http://www.whatsmydns.net/ and some result
> fail indeed, but why some of my server still resolve ok?
> or my other server which resolve the domain actually "late" to see
> the invalid record?
In your f
Warren Kumari wrote on 04/05/2013 06:48:08 PM:
> > And then there's theses folks:
> >
> > http://no-www.org/
> >
>
> Oh wow!
>
> Gee, thanks for that?
And it's always fun when you tell someone to go to a URL that doesn't
include the W's and they want to type them in anyways, ie.
chat.exam
> >Incidentally, we have just been asked for an A record for cam.ac.uk to
> >duplicate www.cam.ac.uk because, and I quote, "all the publicity
material
> >sent out by the nominator [for an award for the web site] gave the URL
> >as http://cam.ac.uk/ and this has been retweeted around".
>
> Yes, sa
babu dheen wrote on 03/25/2013 12:21:30 PM:
> Still not convinced because if i need to allow >1024 port from our
> DNS server to external world(internet).. where is the security?
Total security requires total isolation. It is a matter of accepting some
risks to perform the needed task.
> I
Doug wrote on 02/28/2013 12:31:21 PM:
> You probably want to have some discussions with OS vendors that embed
> BIND to familiarize yourself with how many people are using ESV versions
> from that channel.
Or even older versions.
FWIW, Ubuntu 8.04LTS uses bind 9.4.2. They backport critical f
Shane Kerr wrote on 02/28/2013 05:37:26 AM:
> On Thursday, 2013-02-28 11:19:01 +1100,
> Mark Andrews wrote:
> >
>
> ISC has no specific plans to end BIND 9 development. As Mark correctly
> says:
Thanks for the clarification.
> > BIND 10 is still a way off being a replacement for BIND 9.
>
Congrats to ISC and everyone that has worked on BIND 10!
I am building new name servers and redesigning our infrastructure with an
eye towards streamlining, improving security and implementing DNSSEC. I
had been testing a few things with BIND 9.9.x. Now that BIND 10 is
released, I am wonderin
Robert wrote on 02/26/2013 02:23:44 PM:
> > There is a logging category for lame-servers. It's in the ARM.
>
> So far 2 reads and I am not getting out of it what to do for selective
> logging based on return codes. I am going to let it stay for now as I
> move on to other parts of this project
> From: Sowmya Manjanatha
> Well, I have a stub zone on Windows 2008 server set-up to use two
> different BIND server as its list of IPs to use as masters. In the
> DNS manager on Windows, you can always right click on the zone and
> select "Transfer zone from Master". With Wireshark on Wind
Jsilliman wrote on 02/20/2013 01:44:20 PM:
> No, I think it's only loaded once, but port 53 is listening on
Try "ps aux |grep named" to prove it.
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for t
Daniel wrote on 02/14/2013 02:52:55 PM:
> Just make the new server a slave of the old one, let it do zone
transfers of
> all of the old zones, then change the config on the new one from slave
to
> master.
I wonder if that wasn't done once before which is why the zone files don't
appear to be "
Nick wrote on 02/12/2013 10:00:27 PM:
> We have a pair of DNS servers running BIND behind a direct routing LVS
> director pair running keepalived. Let's call these two DNS servers A
> and B, and the VIP V.
Several years ago I was lucky enough to take the ISC class on bind. One of
my questions g
Alberto wrote on 01/17/2013 10:09:00 AM:
> - I want to define in my dns server a zone "external_partner.com",
> which is the domain of our partner who manages it with his dns
> public server "dns.external_partner.com".
> - I need to define into this zone a couple of servers
> ("vpn_host_1.extern
Timothe Litt wrote on 01/08/2013 08:19:56 AM:
> What I think would be more useful is if named actually reported the
> issues to where they'd do some good. Perhaps a DNS extension "I got an
> invalid message from you" - so it shows up in the log of the server (and
> administrator) with the pr
Mike wrote on 01/03/2013 02:45:29 PM:
> Thanks for sharing, first I'd heard of it...
I read about it on http://jpmens.net/
>
http://en.wikipedia.org/wiki/Comparison_of_open_source_configuration_manage
> ment_software
It's there today.
> I highly advise anyone new to configuraton management
How does Puppet compare to Ansible? http://ansible.cc/
--
William Brown
Core Hosted Application Technical Team and Messaging Team
Technology Services, WNYRIC, Erie 1 BOCES
(716) 821-7285
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privi
Manis Rane wrote on 12/14/2012 02:12:59 PM:
> That is true by default rrset-order is cyclic I believe. And even if
> it replies randomly I guess we will have to NAT the traffic on
> firewall for particular IPs
Your original post made me believe you are running Windows CAS servers.
Why not use
Romgo wrote on 12/10/2012 06:36:10 AM:
> I had 2 old zone with forwarders configured, the forwarders was down.
> One equipment was still using one of this zone, so bind wasn't able
> to contact the forwarders and fall back to root zone.
>
> I don't really why it try the root zone but since I de
Karl Auer wrote on 12/05/2012 06:44:01 PM:
> This may be a silly question, but are SPF records supposed to be
> supported in reverse zones? I'm thinking of a mail server that has no
> entry in the DNS.
THe SPF query is looking for the sender's domain, not the sender's server,
so the record woul
Dan Mahoney wrote on 12/05/2012 06:52:43 PM:
> I can't even imagine what spamfilters would think of such an address. :)
To quotes some annoying TV ads here in the US:
"REJECTED!"
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privile
I don't have any source of a a DNS exam, but since you seem to be
expecting a limited set of skills, how about a few questions of the sort
"What is an A record?"
"What is an MX record?"
"What does the SOA record contain"
"What does the serial number control"
Think about what they will be work
"Adamiec, Lawrence" wrote on 11/26/2012
01:12:48 PM:
> To the best of my knowledge, there are no problems with our DNS. We
> only host 25 domains.
>
> The report must also address these two specific questions:
>
> 1. Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.edu in
> any bro
Jan-Piet Mens wrote on 11/01/2012 07:09:14 AM:
> > YPYMAYTYP
>
> Zero results from my favorite search engine -- congratulations. ;-)
Yeah, and bing didn't find it either! :)
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged informat
Phil wrote on 10/31/2012 02:15:16 PM:
> You terminology is a bit confusing here. "subdomain" is imprecise.
Sorry, I meant it as a piece of the FQDN.
> Specify what *zones* you want, and where you want the delegations, and
> it should be easy to see what will work and not.
> Yes, if I've unde
I have a zone file for example.org that has entries for a subdomain
l2.example.org like this:
vpn.l2 IN A10.1.2.3
Now they want to add a subdomain below l2, ie. ad.l2.eboces.org with hosts
such as dc.ad.l2.eboces.org
In the zone file for example.org, I can add NS and glue recor
ponga2...@gmail.com wrote on 09/10/2012 03:11:30 PM:
>
> SOA points correctly to the DNS provider (zoneedit).. there is no
> mention of that 216 address anywhere in the registrar :(
Is the information below correct?
wbrown@wbrown-D630:~$ whois intaq.com
Whois Server Version 2.0
Dom
Russell Jones wrote on 08/30/2012 10:28:07 AM:
> Oh I know, I use spamhaus myself for spam filtering - catches a
> ridiculous amount of spam. It is my understanding though the OP wants to
> filter domains for NSFW web browsing, not spam - specifically gambling
> sites.
Spamhaus describes it
Russell Jones wrote on 08/30/2012 09:39:17 AM:
> Normal web filtering software that auto updates is a better
> approach. Using Bind with a manual list of domains to try to achieve
> this is like trying to kill an ant hill 1 ant at a time
There are several sources of RPZ data such as Spamhaus an
Russell Jones wrote on 08/27/2012 06:39:31 PM:
> Is there any documentation outlining what will actually occur, and
> when, with a slave server when it cannot contact a zone's master for
updates?
The authoritative documentation is the Bind Administrators Reference
Manual (ARM). Another excel
Elvind wrote on 08/23/2012 09:18:06 AM:
> Yeah, now I'm just wondering which OS / application / malware / whatever
> could be responsible for this :)
Someone trying to use ZeroCOnf: http://zeroconf.org I believe Macs come
configured to use it by default, Linux and Windows can be configured to
"Lightner, Jeff" wrote on 08/20/2012 08:56:56 AM:
> That is to say don't put the external servers in /etc/resolv.conf on
> your clients - only put the internal one there. (Or the Windows
> equivalent setup should only see your internal DNS server.)
Or push via DHCP as in this case.
> I would
Dwayne wrote on 08/19/2012 07:37:39 PM:
> My hosts get the ip's of all 3 dns
> servers when they recieve dhcp information.
I think this is the issue. The internal clients should only point to the
internal DNS server. They should never be querying the DNS that returns
the public IP addresses
e search domain
on my system (domain changed to example.org):
wbrown@wbrown-D630:~$ host -t srv _sip._tcp
_sip._tcp.example.org has SRV record 0 0 5060 tandberg-vcse.example.org.
wbrown@wbrown-D630:~$ host -t srv _sip._tcp.example.org
_sip._tcp.example.org has SRV record 0 0 5060 tandberg-vcse.ex
Stayvoid wrote on 07/30/2012 08:22:30 PM:
> I'm using Postfix.
> I can send / receive emails from / to localhost via telnet. [1]
> But I can't receive emails from another machine.
>
> I guess that there are three variants:
> 1. Postfix doesn't work properly;
> 2. Bind doesn't work properly;
> 3.
Chris Buxton wrote on 07/25/2012 12:07:22 PM:
> > It doesn't sync the files to make two equal copies. It applies all of
the
> > outstanding transactions in the journal file to the zone file and then
> > empties the journal.
>
> I don't believe that is entirely correct. The journal file needs
Chris wrote on 07/25/2012 09:04:49 AM:
> Is it possible to restore a zone file from its associated journal file?
No. The journal file only records updates to the zone. At best you would
only recover the changes since last commit to the zone file.
> The docs seem to indicate that a restart of
Gary wrote on 07/10/2012 11:27:24 AM:
> If I have domain-name-servers configured globally and a different
> set configured on a subnet DHCP pool, which takes precedence for the
> client? My understanding is the more specific, or the subnet DHCP
> pool, but could someone please confirm? Thanks
Jan-Piet wrote on 07/03/2012 10:41:20 AM:
> Building BIND is easy; turning it into an installable RPM not so.
> I highly recommend fpm [1] which makes building an RPM trivial. :)
Any advice or tricks for making a DEB for Ubuntu?
So far my plan was to copy the source directory to each server and
Oscar Ricardo Silva wrote on 07/02/2012 06:40:51 PM:
> The reason I'm running is that we're currently running the stock version
> of BIND available with RHEL6. It's their policy to backport patches and
> if there's a patch available then they may apply it faster rather than
> deploying a new
pa...@riseup.net wrote on 06/27/2012 05:20:32 AM:
> DNS is very easy to be attacked.
Yes it is
> My named service got 1G or more traffic of attack some time.
> How can we take some steps to prevent them?
http://www.google.com/search?q=prevent+DNS+atttack
Confidentiality Notice:
This electro
Did you update your whois information to point to the name servers at
NEWprovider.net?
After this change is made and any cached data expires, the world will
query them (NEWProvider), with the exception of anyone that uses name
servers at OLDprovider.net who still thinks they are authoritative f
bind-users-bounces+wbrown=e1b@lists.isc.org wrote on 06/15/2012
04:25:16 AM:
> We have a problem with one of our firewalls caused by DNS peaks.
> Once or twice a day a DNS burst (20K requests/15sec) kills all
> connections on the firewall.
> The firewall is due for replacemen
John wrote on 05/11/2012 11:05:58 AM:
> I found this article about setting up a secondary master.
> This may be useful as we are bringing up a disaster recovery site.
> The author explains that the zone type should be ?slave?? so it can
> receive db updates from the normal master.
> Seems like t
Jan-Piet wrote on 05/11/2012 02:17:53 AM:
> Indeed, which brings on the question why BIND (still) doesn't have the
> a "negative trust anchor" feature.
So how do we implement one? Create a separate caching server with DNSSEC
validation turned off and forward all queries for the broken domain to
Warren wrote on 05/10/2012 04:14:01 PM:
> Multiple options:
> 1: install haveged (http://www.irisa.fr/caps/projects/hipsor/) --
> this will provide you with much randomness [0].
> 2: buy a USB entropy widget (for example: http://www.entropykey.co.uk/)
> 3: See if there is a driver for your TPM --
Warren wrote on 05/10/2012 11:50:30 AM:
> Nope -- Comcast does a large amount of checking before turning off
> validation for a failing domain.
> This is (IMO) more secure than the alternative, which is to simply
> leave it failing, and have users move to a non-validatiing resolver
instead?
D
William Thierry wrote on 05/10/2012 08:02:57 AM:
> i'm trying to have a TTL of a zone just by typing a command, but i
> can't seen which command line i can used to have the solution.
>
> Can someone have an idea? is it possible to found that?
>
> PS: The zone file is not created by me. For exam
Jan-Piet wrote on 04/27/2012 10:22:39 AM:
> > When the shared KSK needed to be rolled over, you would have to
> > process DS records in the parents of your few dozen zones all at the
> > same time.
>
> *If* you want to roll the KSK, a.k.a. "when did you last roll your SSH
> keys?" :-)
Correct.
We are authoritative for a few dozen small zones. Is it possible to use
the same KSK for all of them? I can see where if it gets compromised we
would need to resign all zones using the KSK at once. How much effort
would I be saving sharing the KSK?
I'm sure there are plenty of other good rea
William wrote on 04/18/2012 05:45:21 AM:
> I'm faced with a big problem, How can i generate a log file for my test?
> it's a big problem for me, i'm working on Bind 9.8.1-P1
> and i'm using dnsperf to inject requests on my servers.
>
> Did you have an idea? thank you for your help.
What do you w
--
William Brown
Messaging and Core Hosted Application Technical Teams
Technology Services, WNYRIC, Erie 1 BOCES
(716) 821-7285
Chuck Swiger wrote on 03/26/2012 02:35:24 PM:
> Shut down the slave server(s).
> Use scp or rsync to copy over the zone file, one with a corrected serial
#.
> Restar
Put record.ourdomain.com as a CNAME in both your internal and external
views.
Internal user will query internal view and get CNAME record to
record.client.otherdomain.com. Your recursive name server will look up
record.client.otherdomain.com and get the CNAME record to
otherhost.otherdomain.c
Who will be using this in-house DNS server? Your local users? If yes,
then you will need to enable recursion so they can look up outside
resources (google.com, etc.)
If this server will strictly be an authoritative server for your domain,
then it won't need recursion but queries that return a
Alan wrote on 03/09/2012 02:38:25 PM:
> Don't base anything on RRset ordering.
>
> Be sure that the application is able to handle the "random" order -- you
> never know who owns the intermediate caching servers, so you will never
> know the order even if you "fix" it on the authoritative.
That p
sun-guru wrote on 03/09/2012 01:45:33 PM:
> Is this a BIND bug?
Check ARM for RRSet Ordering.
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the
Perhaps this article from the ISC knowledge base will help:
https://kb.isc.org/article/AA-00302/47/I-want-to-forward-all-DNS-queries-from-my-caching-nameserver-to-another-server-but-configure-exceptions-for-some-domains-how.html
Confidentiality Notice:
This electronic message and any attachme
Why not set up the zone with its own forward statement like this:
zone "subdomain.example.com" {
type forward;
forwarders { 10.172.2.50; 10.172.2.51; };
forward only;
};
--
bind-users-bounces+wbrown=e1b@lists.isc.org wrote on 02/28/2012
01:04:46 PM:
>
Bill Owens wrote on 02/24/2012 11:02:50 AM:
> I haven't heard of NS supporting DNSSEC, and there haven't been any
> good resources to find a registrar who *does*, but this popped up
recently:
>
> http://www.icann.org/en/topics/dnssec/deploy-en.htm
>
> . . . and NS isn't on that list. FWIW, Dy
Does anyone know how to register a DS record for domains registered
through Network Solutions? I submitted a query through their website and
got this response below. I find the copyright on the canned response an
amusing touch.
I called the number shown, and fought my way though a tangle of p
rob0 wrote on 01/19/2012 04:05:26 PM:
> ...
> server=127.0.0.1#1053
> # to use "nameserver 127.0.0.1" in resolv.conf(5)
> no-resolv
> ...
> listen-on port 1053 { 127.0.0.1; };
Are both of these listening on port 1053? That ain't gonna work. Put one
of them back on 53 or on some other
Josh wrote on 01/19/2012 02:06:05 PM:
> My resolvers seem to be having problems resolving ed.gov hosts. Others
> have reported similar problems, but I am having trouble figuring out
> where the problem lies. Some other resolvers seem to be resolving
> ed.gov correctly. I am able to query their
Tom Schmitt wrote on 01/16/2012 05:19:30 AM:
> I have a problem with the load on my Bind. Normally it's fine, but
> from time to time there are clients which causes through a
> misconfiguration or a failed local service (not intentionally) a
> very high amount of queries. After finding and info
erms of what is on them.
Perhaps other distros/flavors of *nix handle new versions differently.
bind-users-bounces+wbrown=e1b@lists.isc.org wrote on 01/11/2012
11:50:01 AM:
> Now if FreeBSD would just add 9.9 to the ports
> collection, it would save me from having to build it by hand..
1 - 100 of 115 matches
Mail list logo
