On 02.01.12 17:03, Barry Margolin wrote:
In that case, you probably shouldn't enable the option. I'm not even
suggesting that the option be on by default.
Actually, does libresolv really use those other facilities?
In article mailman.665.1325598835.68562.bind-us...@lists.isc.org,
Matus UHLAR
micho...@cisco.com wrote on 01/03/2012 04:54:51 PM:
Maybe it's because I started in networking... But TCP/IP (or IPv6 these
days) is quite the subsystem to avoid. Really, like it or not, you
are
actually responsible for understanding interactions with subsystems
your
managed system must
2012/1/2 Matus UHLAR - fantomas uh...@fantomas.sk:
On 21.12.11 19:21, Peter Andreev wrote:
I think that if server is authoritative - and - slave-only it should
use system resolver rather than querying by itself.
2012/1/2 Matus UHLAR - fantomas uh...@fantomas.sk:
BIND will not use system
On Jan 2, 2012, at 2:16 PM, Barry Margolin wrote:
If the system resolver is good enough for every other application
running on the system, it should be good enough for BIND.
Why not at least allow this as an option?
In article mailman.656.1325532888.68562.bind-us...@lists.isc.org,
Chuck
In article mailman.665.1325598835.68562.bind-us...@lists.isc.org,
Matus UHLAR - fantomas uh...@fantomas.sk wrote:
On Jan 2, 2012, at 2:16 PM, Barry Margolin wrote:
If the system resolver is good enough for every other application
running on the system, it should be good enough for BIND.
2012/1/2 Matus UHLAR - fantomas uh...@fantomas.sk:
I don't see your point now. I'm afraid that you will have to live with the
fact that you can not disable sending queries from BIND when it needs them,
you can only prevent it by configuring BIND (so it will not need them) or
firewall such
On 01/03/12 07:53, Peter Andreev wrote:
2012/1/2 Matus UHLAR - fantomasuh...@fantomas.sk:
On 21.12.11 19:21, Peter Andreev wrote:
I think that if server is authoritative - and - slave-only it should
use system resolver rather than querying by itself.
2012/1/2 Matus UHLAR -
2012/1/3 Matus UHLAR - fantomas uh...@fantomas.sk:
2012/1/2 Matus UHLAR - fantomas uh...@fantomas.sk:
I don't see your point now. I'm afraid that you will have to live with
the
fact that you can not disable sending queries from BIND when it needs
them,
you can only prevent it by
On Jan 3, 2012, at 11:13 AM, Peter Andreev wrote:
Unfortunately as I learning BIND more, I understand that it is not
very suitable for my requirements.
Which are? I've been trying to understand what the actual problem you are
trying to solve might be.
Regards,
--
-Chuck
In article mailman.668.1325603242.68562.bind-us...@lists.isc.org,
Lyle Giese l...@lcrcomputer.net wrote:
For instance, I want to attach to the server using VNC or SSH for
maintanence. By default, they want to do do a reverse lookup of your ip
address before allowing access. Now you wait
2012/1/3 Chuck Swiger cswi...@mac.com:
On Jan 3, 2012, at 11:13 AM, Peter Andreev wrote:
Unfortunately as I learning BIND more, I understand that it is not
very suitable for my requirements.
Which are? I've been trying to understand what the actual problem you are
trying to solve might be.
On 1/2/2012 2:16 PM, Barry Margolin wrote:
In articlemailman.654.1325531095.68562.bind-us...@lists.isc.org,
Kevin Darcyk...@chrysler.com wrote:
I agree with Matus. BIND should be as self-sufficient as possible, and
not make any assumptions about the capability of and/or the data it
expects
On 1/3/12 12:46 PM, Kevin Darcy k...@chrysler.com wrote:
Those server folks have strange ideas about name resolution. Strange
enough that sometimes I don't even understand what the hell they are
trying to accomplish.
In all fairness, lots of folks have strange ideas. We should start with
If you want named to be authoritative only set recursion no; or
allow-recursion { none; } or allow-query-cache { none; }; and
no data will be returned from the cache. allow-recursion and
allow-query-cache cross inherit from each other.
If you only want master zones to send notify messages then
2012/1/4 Mark Andrews ma...@isc.org:
If you want named to be authoritative only set recursion no; or
allow-recursion { none; } or allow-query-cache { none; }; and
no data will be returned from the cache. allow-recursion and
allow-query-cache cross inherit from each other.
If you only want
On 21.12.11 19:21, Peter Andreev wrote:
All these servers are slaves. They don't send notifies.
2011/12/21 Matus UHLAR - fantomas uh...@fantomas.sk:
they do, unless you have turned it off...
On 22.12.11 11:54, Peter Andreev wrote:
Of course I turned it off, it's normal practice for
2012/1/2 Matus UHLAR - fantomas uh...@fantomas.sk:
On 21.12.11 19:21, Peter Andreev wrote:
All these servers are slaves. They don't send notifies.
2011/12/21 Matus UHLAR - fantomas uh...@fantomas.sk:
they do, unless you have turned it off...
On 22.12.11 11:54, Peter Andreev wrote:
Of
On 21.12.11 19:21, Peter Andreev wrote:
I think that if server is authoritative - and - slave-only it should
use system resolver rather than querying by itself.
2012/1/2 Matus UHLAR - fantomas uh...@fantomas.sk:
BIND will not use system resolver. BIND is the resolver. Relying on other
On 1/2/2012 5:42 AM, Matus UHLAR - fantomas wrote:
On 21.12.11 19:21, Peter Andreev wrote:
All these servers are slaves. They don't send notifies.
2011/12/21 Matus UHLAR - fantomas uh...@fantomas.sk:
they do, unless you have turned it off...
On 22.12.11 11:54, Peter Andreev wrote:
Of
In article mailman.654.1325531095.68562.bind-us...@lists.isc.org,
Kevin Darcy k...@chrysler.com wrote:
I agree with Matus. BIND should be as self-sufficient as possible, and
not make any assumptions about the capability of and/or the data it
expects to get from the system resolver
If the
On Jan 2, 2012, at 2:16 PM, Barry Margolin wrote:
If the system resolver is good enough for every other application
running on the system, it should be good enough for BIND.
Why not at least allow this as an option?
The system resolver will happily provide answers based upon data from
On 01/02/2012 11:16, Barry Margolin wrote:
In article mailman.654.1325531095.68562.bind-us...@lists.isc.org,
Kevin Darcy k...@chrysler.com wrote:
I agree with Matus. BIND should be as self-sufficient as possible, and
not make any assumptions about the capability of and/or the data it
In article mailman.656.1325532888.68562.bind-us...@lists.isc.org,
Chuck Swiger cswi...@mac.com wrote:
On Jan 2, 2012, at 2:16 PM, Barry Margolin wrote:
If the system resolver is good enough for every other application
running on the system, it should be good enough for BIND.
Why not
2011/12/20 Matus UHLAR - fantomas uh...@fantomas.sk:
2011/12/20 Mark Andrews ma...@isc.org:
Named has a compiled in set of root hints. It is used if
a root zone is not defined in named.conf.
On 20.12.11 17:37, Peter Andreev wrote:
Whether it means that without hint zone
2011/12/20 Mark Andrews ma...@isc.org:
Named has a compiled in set of root hints. It is used if
a root zone is not defined in named.conf.
On 20.12.11 17:37, Peter Andreev wrote:
Whether it means that without hint zone named still can perform
iterative lookups for its internal
2011/12/21 Matus UHLAR - fantomas uh...@fantomas.sk:
2011/12/20 Mark Andrews ma...@isc.org:
Named has a compiled in set of root hints. It is used if
a root zone is not defined in named.conf.
On 20.12.11 17:37, Peter Andreev wrote:
Whether it means that without hint zone
=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of
Peter Andreev
Sent: Wednesday, December 21, 2011 4:05 AM
To: bind-users@lists.isc.org
Subject: Re: About root zones
2011/12/21 Matus UHLAR - fantomas uh...@fantomas.sk:
2011/12/20 Mark Andrews ma
On 20.12.11 17:37, Peter Andreev wrote:
Whether it means that without hint zone named still can perform
iterative lookups for its internal purposes?
On 21.12.11 13:05, Peter Andreev wrote:
Well, we run a bunch of authoritative-only slave servers and obviously
they don't have to perform any
2011/12/21 Matus UHLAR - fantomas uh...@fantomas.sk:
On 20.12.11 17:37, Peter Andreev wrote:
Whether it means that without hint zone named still can perform
iterative lookups for its internal purposes?
On 21.12.11 13:05, Peter Andreev wrote:
Well, we run a bunch of authoritative-only
2011/12/21 Matus UHLAR - fantomas uh...@fantomas.sk:
Disabling recursion should do the same afaik. However, disabling
additional-from-cache is OK and afaik disabled by default.
On 21.12.11 19:21, Peter Andreev wrote:
No, it is enabled by default.
server needs to resolve names if it's
On Wed, 21 Dec 2011, Peter Andreev wrote:
Ok, may be I'm a paranoid and worrying about trifles, but news about
compiled in hints astonished me.
The test shown here may calm you (if it shows refusal):
https://www.dns-oarc.net/oarc/articles/upward-referrals-considered-harmful
Dave
--
David
David, thank you, I checked and all seems good :).
2011/12/21 Matus UHLAR - fantomas uh...@fantomas.sk:
2011/12/21 Matus UHLAR - fantomas uh...@fantomas.sk:
Disabling recursion should do the same afaik. However, disabling
additional-from-cache is OK and afaik disabled by default.
On
Named has a compiled in set of root hints. It is used if
a root zone is not defined in named.conf.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
2011/12/20 Mark Andrews ma...@isc.org:
Named has a compiled in set of root hints. It is used if
a root zone is not defined in named.conf.
Mark
Whether it means that without hint zone named still can perform
iterative lookups for its internal purposes?
--
Mark
2011/12/20 Mark Andrews ma...@isc.org:
Named has a compiled in set of root hints. It is used if
a root zone is not defined in named.conf.
On 20.12.11 17:37, Peter Andreev wrote:
Whether it means that without hint zone named still can perform
iterative lookups for its internal
35 matches
Mail list logo
