I meant d.f.ip6.arpa rather than f.d.in-addr.arpa.
> On 24 Jul 2019, at 11:18 pm, Mark Andrews wrote:
>
> There is f.d.in-addr.arpa which is what this ticket is about and
> ipv4only.arpa which Stuart Cheshire is writing a update for and for which
> there is a seperate ticket. Both are DNSSEC
There is f.d.in-addr.arpa which is what this ticket is about and ipv4only.arpa
which Stuart Cheshire is writing a update for and for which there is a seperate
ticket. Both are DNSSEC related. Both cause operational problems. Both
involve having unsigned zones for the relevant names.
For
> On 14 Jul 2019, at 1:18 am, Jay Ford wrote:
>
> I'm still confused about why named looks further up the tree than
> c.0.d.7.5.7.c.2.a.9.d.f.ip6.arpa which it holds authoritatively via
> master/slave zone type. That seems like incorrect behavior.
The cache doesn’t know about zones. The
I'm still confused about why named looks further up the tree than
c.0.d.7.5.7.c.2.a.9.d.f.ip6.arpa which it holds authoritatively via
master/slave zone type. That seems like incorrect behavior.
Is this something I can fix or work around?
gt;> ;; AUTHORITY SECTION:
>>>> . 10796 IN SOA a.root-servers.net.
>>>> nstld.verisign-grs.com. 2019071101 1800 900 604800 86400
>>>>
>>>> ;; Query time: 0 msec
>>>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>>
I suspect this will be negative response synthesis. The cache has learnt that
d.f.ip6.arpa doesn’t exist in ip6.arpa and when the name in question is looked
up the covering NSEC is returned which covers all of ULA space.
If I’m right querying for DS d.f.ip6.arpa will load the cache
On Fri, 12 Jul 2019, Mark Andrews wrote:
On 12 Jul 2019, at 1:00 pm, Mark Andrews wrote:
On 12 Jul 2019, at 11:12 am, Jay Ford wrote:
I have a similar problem with zones for IPv6 ULA space. I'm running BIND
9.14.3. I had hoped that validate-except would do the trick, such as:
>>>> dig @192.168.220.20 foo.local ns +norec
>>>>
>>>> ; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> @192.168.220.20 foo.local ns +norec
>>>> ; (1 server found)
>>>> ;; global options: +cmd
>>>> ;; Go
Almost my point. It comes to my attention the hard way, that MDNS is
enabled by default or by accident in some Linux distros. Check
/etc/nsswitch.conf. Let us know what you find, and thanks a lot!
Longer answer: it depends on whether MDNS is in nsswitch, and what the
ordering is.
--
Fred
>>HEADER<<- opcode: QUERY, status: NOERROR, id: 23
>>> ;; flags: qr aa ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 5
>>>
>>> ;; OPT PSEUDOSECTION:
>>> ; EDNS: version: 0, flags:; udp: 4000
>>> ;; QUESTION SECTION:
>>> ;foo.loc
there is nat involved here, due to address space
collision, and while this obviously means the practical functionality of this
is questionable, i was expecting that with a static-stub zone, the query itself
would at least function.
i see these messages in the logs:
11-Jul-2019 16:08:51.406 la
A 192.168.0.20
> 02.foo.local. 3600IN A 192.168.0.21
> a2.foo.local. 3600IN A 10.201.11.8
> a1.foo.local. 1200IN A 10.201.10.119
>
> ;; Query time: 82 msec
> ;; SERVER: 192.168.220.20#53(192.168.220.20)
> ;; WHEN: Thu Jul 11 16:35
39 EDT 2019
;; MSG SIZE rcvd: 214
additionally unfortunate, there is nat involved here, due to address space
collision, and while this obviously means the practical functionality of this
is questionable, i was expecting that with a static-stub zone, the query itself
would at least
Echoing Chris Buxton - you may be better served by using static-stub
rather than stub. Explanation here:
https://bugs.isc.org/Ticket/Display.html?id=45734
Cathy
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
in a record in /etc/hosts.
Also the stub zone file updates correctly. I have tested static-stubs
and they work as expected but stubs don't when recursion is enabled on
the BIND server.
Ben
On 08/05/2019 17:02, Chris Buxton wrote:
Remembering that a stub zone is a cache hint, more information
Remembering that a stub zone is a cache hint, more information is needed.
o What do the two "master" DNS servers say when asked for the SOA record of
'benlavender.co.uk'?
o Are there A or records in the Additional section? If so, can the
indicated IP addresses be reache
Hi,
I've been trying to configure a stub zone using both BIND 9.8x and 9.9x
for some split-brain internal DNS.
The problem I have is that any client that requests the NS or SOA
records for this zone gets SERVFAIL. The BIND server populates the
/var/named/slaves/benlavender.co.uk.DB file
possible unforeseen
consequences) from iterative to recursive resolution.
http://jpmens.net/2011/01/25/binds-new-static-stub-zone-type/
https://lists.isc.org/pipermail/bind-users/2012-September/088719.html
If you only have a *few*, relatively-static set of unreachables, you might
consider lis
Have a resolver at a branch office with a view containing a stub zone
as follows:
zone "domain.com." IN {
type stub;
masters { 10.216.11.6; 10.58.4.1; 10.50.4.32; };
file "stub/domain.com";
forwarders {};
};
Other notes:
- "
Anne Bennett a...@encs.concordia.ca wrote:
It all looks just peachy, but when I issued:
dig @localhost -t ns concordia.ca.
it gave me a SERVFAIL. I couldn't find anything abnormal
in the syslogs. I can't for the life of my figure out why
it's unhappy. How can I debug this?
Try rndc
SERVFAIL]
Midnight insight: glue records??? The two listed NS are below the
zone cut. How can a stub zone work in those circumstances, if at all?
I think I'm onto something; with the above stub zone for
concordia.ca (which transfers information listing two NS
records as ns1.concordia.ca and ns2
Tony Finch d...@dotat.at enlightens me thus:
The difference between stub and static-stub is that stub works like the
root zone hints, i.e. the servers in the zone override the ones that you
configure for a stub zone, whereas the servers you configure for a
static-stub zone override
.
--
[but querying it for NS gives SERVFAIL]
Midnight insight: glue records??? The two listed NS are below the
zone cut. How can a stub zone work in those circumstances, if at all?
Anne.
--
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal
In article mailman.1698.1424913638.26362.bind-us...@lists.isc.org,
Hillary Nelson nelsonhilla...@gmail.com wrote:
I was asked to add some backup master IP addresses to a slave zone file for
some HCP system, but those IPs not active and can't do zone transfer until
system failover.
My
I was asked to add some backup master IP addresses to a slave zone file for
some HCP system, but those IPs not active and can't do zone transfer until
system failover.
My question is, does the order of the master ip list matters, so named
always tries
first ones until it fails tries next one? Or
Well, I have a stub zone on Windows 2008 server set-up to use two different
BIND server as its list of IPs to use as masters. In the DNS manager on
Windows, you can always right click on the zone and select Transfer zone
from Master. With Wireshark on Windows, I have found that this triggers
From: Sowmya Manjanatha sowmy...@gmail.com
Well, I have a stub zone on Windows 2008 server set-up to use two
different BIND server as its list of IPs to use as masters. In the
DNS manager on Windows, you can always right click on the zone and
select Transfer zone from Master
-Original Message-
From: Sowmya Manjanatha sowmy...@gmail.com
Date: Thursday, February 21, 2013 1:11 PM
To: bind-users@lists.isc.org bind-users@lists.isc.org
Subject: Re: BIND master , Windows 2008 stub zone not transferring
Well, I have a stub zone on Windows 2008 server set-up to use
I am having the same issue and saw a couple of questions but didn't see any
resolutions. Any one have any luck with this.
Thanks.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
Attempting to determine if a stub zone requires any kind of zone transfer.
Reading through online doc I find mixed opinions. Here's one:
…
Stub-Zones do receive their information by just querying DNS-Servers instead of
requesting a Zone-Transfer. You can even add Stub-Zones for Zones where
On Sep 20, 2012, at 4:39 AM, M. Meadows wrote:
Attempting to determine if a stub zone requires any kind of zone transfer.
Reading through online doc I find mixed opinions.
No zone transfer. Just an SOA query, an NS query, and (if necessary) A and
record queries for name server names
@lists.isc.org
[mailto:bind-users-bounces+listswill=gmail@lists.isc.org] On Behalf Of
Gregory Machin
Sent: Wednesday, October 19, 2011 11:48 PM
To: bind-us...@isc.org
Subject: BIND master , Windows 2008 stub zone not transferring
Hi
We have a Linux server running bind 9.2.4 and dhcpd in a ddns
none of the zones will transfer to the stub zones on the Windows
servers. From the windows servers I can use nslookup to do zone
transfers with out any issues. But in DNS mangers , on the stub zone ,
when I click one reload, or Transfer from Master, or Transfer new copy
from zone Master then result
On Jul 26, 2011, at 10:51 PM, Feng He wrote:
On Wed, Jul 27, 2011 at 8:51 AM, Chris Buxton chris.p.bux...@gmail.com
wrote:
On Jul 25, 2011, at 10:33 PM, Feng He wrote:
On Tue, Jul 26, 2011 at 3:55 AM, ju wusuo juwu...@yahoo.com wrote:
Would like to use the BIND stub zone function
In message 1311623708.59385.yahoomail...@web44803.mail.sp1.yahoo.com, ju
wusuo writes:
Would like to use the BIND stub zone function, however, heard that ISC cons=
iders stopping support to stub zone in the future, is that true?=A0
No. There are no plans to remove support for stub zones
On Tue, Jul 26, 2011 at 3:55 AM, ju wusuo juwu...@yahoo.com wrote:
Would like to use the BIND stub zone function, however, heard that ISC
considers stopping support to stub zone in the future, is that true?
___
Hi,
what's the use of stub zone? I
Thanks Mark .. I think that probably is the misunderstanding of the
delegation usage part.
From: Mark Andrews ma...@isc.org
To: ju wusuo juwu...@yahoo.com
Cc: bind-users@lists.isc.org bind-us...@isc.org
Sent: Monday, July 25, 2011 9:57 PM
Subject: Re: stub zone
On Jul 25, 2011, at 10:33 PM, Feng He wrote:
On Tue, Jul 26, 2011 at 3:55 AM, ju wusuo juwu...@yahoo.com wrote:
Would like to use the BIND stub zone function, however, heard that ISC
considers stopping support to stub zone in the future, is that true
26, 2011 1:33 AM
Subject: Re: stub zone
On Tue, Jul 26, 2011 at 3:55 AM, ju wusuo lt;juwu...@yahoo.comgt; wrote:
gt; Would like to use the BIND stub zone function, however, heard that ISC
gt; considers stopping support to stub zone in the future, is that true?
gt
On Jul 25, 2011, at 12:55 PM, ju wusuo wrote:
Would like to use the BIND stub zone function, however, heard that ISC
considers stopping support to stub zone in the future, is that true?
I've heard that rumor from my customers, too. But I haven't heard anything from
ISC about not supporting
On 25/07/11 20:55, ju wusuo wrote:
Would like to use the BIND stub zone function, however, heard that ISC
considers stopping support to stub zone in the future, is that true?
I think we may have confused some people in the past about support for
this because of what's written in the ARM about
On Wed, Jul 27, 2011 at 8:51 AM, Chris Buxton chris.p.bux...@gmail.com wrote:
On Jul 25, 2011, at 10:33 PM, Feng He wrote:
On Tue, Jul 26, 2011 at 3:55 AM, ju wusuo juwu...@yahoo.com wrote:
Would like to use the BIND stub zone function, however, heard that ISC
considers stopping support
Would like to use the BIND stub zone function, however, heard that ISC
considers stopping support to stub zone in the future, is that true? ___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
tunnel is built. Does a stub
zone use the same mechanism, or will it immediately query for the
stub's NS records when a query comes in and the NS records are no
longer cached?
To answer your specific question, the non-intuitive[1] forwarders { };
is needed to inhibit forwarding which has presumably
On Mon, Mar 14, 2011 at 01:36:10PM +0100, Jan-Piet Mens wrote:
A stub zone tells BIND to load SOA and NS records from its masters {}.
(forwarders {} is, I belive, both useless and incorrect here.) From that
point onwards, your BIND will use the data in the stub to recursively
find answers
On 18.03.2011 10:17, Marc Haber wrote:
Which it doesn't in the forward setup, it just immediately returns NXDOMAIN.
Do you include zones.rfc1918 in your configuration? What SOA RR does the
NXDOMAIN return?
| zone 0.10.in-addr.arpa {
| type forward;
| forwarders { 10.0.0.2; };
| };
|
|
On Mon, Mar 14, 2011 at 09:16:13PM -0400, Kevin Darcy wrote:
As a general rule, use type forward zones only if you have some
connectivity issue you need to work around, e.g. trying to resolve
Internet names from behind a restrictive firewall.
On 18.03.11 10:15, Marc Haber wrote:
So, a
{ };
};
zone 101.1.10.in-addr.arpa {
type forward;
forwarders { 10.1.101.6; };
forward only;
};
The stub zone works; the forward zone doesn't. When I ask my local
bind for 6.101.1.10.in-addr.arpa (PTR), I get an immediate NXDOMAIN
without bind even trying to talk
Marc,
A stub zone tells BIND to load SOA and NS records from its masters {}.
(forwarders {} is, I belive, both useless and incorrect here.) From that
point onwards, your BIND will use the data in the stub to recursively
find answers to queries for that zone.
The forwarder on the other hand
;
masters { 10.1.2.11; 10.1.2.45; };
file stub/2.1.10.in-addr.arpa;
forwarders { };
};
zone 101.1.10.in-addr.arpa {
type forward;
forwarders { 10.1.101.6; };
forward only;
};
The stub zone works; the forward zone doesn't. When I ask my local
bind
On Mon, 14 Mar 2011, Jan-Piet Mens wrote:
A stub zone tells BIND to load SOA and NS records from its masters {}.
(forwarders {} is, I belive, both useless and incorrect here.) From that
point onwards, your BIND will use the data in the stub to recursively
find answers to queries for that zone
Hi,
I've been trying to configure bind to use a stub zone, for which I
have keys configured. When I do this, I see a ServFail, with the
logs pointing to:
01-Oct-2009 11:00:03.053 lame-servers: info: not insecure resolving
'xelerance.ca/DNSKEY/IN': 193.110.157.135#53
When I disable
On Fri, 2 Oct 2009, Mark Andrews wrote:
zone ca. IN {
type stub;
masters { 192.228.22.190; 192.228.22.189; };
};
To make the test signed ca work you need to replace the NS RRet
with the names of the nameservers that serve the signed CA zone.
At the moment you end up with
On Thu, Mar 05, 2009 at 02:06:18PM +0100,
squid proxy squidcac...@gmail.com wrote
a message of 13 lines which said:
Howto create a stub zone instead of slave zone on BIND 9.3.4-P1.1?
Read the documentation ?
https://www.isc.org/software/bind/documentation/arm95
zone zone_name [class
hi
At the moment our internal DNS servers are authorative for the main
domain via slave zones, which will be generating unnecessary
replication traffic.
Howto create a stub zone instead of slave zone on BIND 9.3.4-P1.1?
What are differences between slave and stub zone?
Piotr
55 matches
Mail list logo
