Re: Selective forwarding from an internal only name server

2016-08-19 Thread S Carr
On 19 August 2016 at 09:02, anup albal wrote: > Below are the options on the external name server. That's not the full configs, and from both DNS servers. I get you don't want to expose some of the information but you're asking for help, we can't do that if you keep things back and obfuscate deta

Re: Selective forwarding from an internal only name server

2016-08-19 Thread anup albal
orking. There is a firewall between the internal and external name servers. Other than ensuring that port53 is open between the two name servers for TCP and UDP traffic, is there anything else i need to check? Thanks Anup ____ From: anup albal Sent: Friday, 19 August 2016

Re: Selective forwarding from an internal only name server

2016-08-19 Thread S Carr
On 19 August 2016 at 07:25, anup albal wrote: > After that I cannot run a "dig sharepoint.com" or "dig microsoft.com" from > dns1. However it can resolve it if i run a "dig +trace sharepoint.com" or > "dig +trace microsoft.com" Can you post your full configs and the full dig outputs? Don't use +t

Re: Selective forwarding from an internal only name server

2016-08-19 Thread anup albal
From: anup albal Sent: Thursday, 18 August 2016 9:47 AM To: Chris Buxton Cc: BIND Users Subject: Re: Selective forwarding from an internal only name server Hi Chris Below is without "+trace" option. Also there is a firewall between internal (dns1) and

RE: Selective forwarding from an internal only name server

2016-08-18 Thread Darcy Kevin (FCA)
boun...@lists.isc.org] On Behalf Of S Carr Sent: Thursday, August 18, 2016 4:31 AM To: BIND Users Subject: Re: Selective forwarding from an internal only name server On 18 August 2016 at 01:04, anup albal wrote: > Does that mean I setup another forwarding zone called microsoft.com or > s

RE: Selective forwarding from an internal only name server

2016-08-18 Thread Darcy Kevin (FCA)
compliance. - Kevin -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Barry Margolin Sent: Wednesday, August 17, 2016 9:08 PM To: comp-protocols-dns-b...@isc.org Subject: Re: Selective forwarding from an internal only name server In article

Re: Selective forwarding from an internal only name server

2016-08-18 Thread S Carr
On 18 August 2016 at 01:04, anup albal wrote: > Does that mean I setup another forwarding zone called microsoft.com or > sharepoint.microsoft.com or both? Ideally you should setup a completely separate caching/forwarding server and not be using the external DNS box (NS1) for this purpose. On the

Re: Selective forwarding from an internal only name server

2016-08-18 Thread S Carr
On 18 August 2016 at 02:07, Barry Margolin wrote: > That's why Cloudflare's method is "RFC-compliant", but what MS is doing > with sharepoint.com is not. Microsoft's DNS implementation allows CNAMEs at the zone apex, correct it's not RFC compliant, but this is Microsoft... ___

Re: Selective forwarding from an internal only name server

2016-08-17 Thread Barry Margolin
point.com is not. > > - Kevin > > -Original Message- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Barry > Margolin > Sent: Wednesday, August 17, 2016 4:34 PM &

Re: Selective forwarding from an internal only name server

2016-08-17 Thread anup albal
, 18 August 2016 9:47 AM To: Chris Buxton Cc: BIND Users Subject: Re: Selective forwarding from an internal only name server Hi Chris Below is without "+trace" option. Also there is a firewall between internal (dns1) and external (ns1) name servers and we have opened up TCP/UDP port 53

Re: Selective forwarding from an internal only name server

2016-08-17 Thread anup albal
ust 2016 2:26 AM To: anup albal Cc: BIND Users Subject: Re: Selective forwarding from an internal only name server Try it without "+trace". Regards, Chris On Aug 17, 2016, at 2:59 AM, anup albal mailto:anupal...@hotmail.com>> wrote: Hi First up apologies if this is not the

RE: Selective forwarding from an internal only name server

2016-08-17 Thread Darcy Kevin (FCA)
Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Barry Margolin Sent: Wednesday, August 17, 2016 4:34 PM To: comp-protocols-dns-b...@isc.org Subject: Re: Selective forwarding from an internal only name server In article , "Darcy Kevin (FCA)" wrot

Re: Selective forwarding from an internal only name server

2016-08-17 Thread Barry Margolin
In article , "Darcy Kevin (FCA)" wrote: > Well, sharepoint.com is a CNAME to sharepoint.microsoft.com, so you might > need to make arrangements for that to be resolvable as well. That doesn't seem valid to begin with. The .COM zone has delegation NS records for sharepoint.com. Having a CNAME

RE: Selective forwarding from an internal only name server

2016-08-17 Thread Darcy Kevin (FCA)
sts.isc.org] On Behalf Of anup albal Sent: Wednesday, August 17, 2016 6:00 AM To: bind-users@lists.isc.org Subject: Selective forwarding from an internal only name server Hi First up apologies if this is not the right list to email and for a long email. I am hoping you can give me a clue as to w

Re: Selective forwarding from an internal only name server

2016-08-17 Thread Chris Buxton
Try it without "+trace". Regards, Chris > On Aug 17, 2016, at 2:59 AM, anup albal wrote: > > Hi > > First up apologies if this is not the right list to email and for a long > email. I am hoping you can give me a clue as to what I am doing wrong here? > Or may be this is not supposed to work

Selective forwarding from an internal only name server

2016-08-17 Thread anup albal
Hi First up apologies if this is not the right list to email and for a long email. I am hoping you can give me a clue as to what I am doing wrong here? Or may be this is not supposed to work at all. We have an internal only DNS server (dns1) with fake root zone. i.e a fake file for the zone ".