Hello,
When I delegate a subdomain in a zone example.com, the config in
named.conf is like:
test.example.com. 3600 IN NS ns1.another.com.
test.example.com. 3600 IN NS ns2.another.com.
Then I dig to the auth-server of the example zone:
dig test.example.com ns @ns1.example.com
I found
In message AANLkTi=9B07Q=flysn6s-0scossneuxms0qgy9h+o...@mail.gmail.com, terr
y writes:
Hello,
When I delegate a subdomain in a zone example.com, the config in
named.conf is like:
test.example.com. 3600 IN NS ns1.another.com.
test.example.com. 3600 IN NS ns2.another.com.
Then I
2011/3/4 Mark Andrews ma...@isc.org:
In message AANLkTi=9B07Q=flysn6s-0scossneuxms0qgy9h+o...@mail.gmail.com,
terr
y writes:
Hello,
When I delegate a subdomain in a zone example.com, the config in
named.conf is like:
test.example.com. 3600 IN NS ns1.another.com.
test.example.com.
Then the load balancer should return default records or 0.0.0.0/:: to
indicate the name is good but doesn't currently have a address.
I like that solution, actually. Even if the client doesn't recognize
it
as a special address, hopefully if it tries to connect to it, the
packet won't make it
Dnia 2011-03-04 23:07 terry napisał(a):
Look at RA and RD. If the server recurses, you will get a answer.
If the server does not recurse, you will get a referral. Then there
are the really old broken servers which get this wrong.
Hi Mark,
Please see this for details:
$ dig nsbeta.info
Hi,
Can a zone file a slave in one view and the same zone file
be served by another view?
I'm going to split our authoritative servers into internal
and external views. My question concerns zones that we
secondary for other organizations, slaved to masters at
their sites.
I know I could
Haven't done it but don't see why not. Since every entry in named.conf
specifies the zone file you can definitely have multiple zones all
pointing to the same zone file. (We do that for many ancillary zones
that we want to point to our primary domain so have an aliases file that
uses the @
On 3/4/2011 11:46 AM, John Wobus wrote:
I'm going to split our authoritative servers into internal
and external views.
Is there anything I can do to try to talk you out of doing this?
AlanC
signature.asc
Description: OpenPGP digital signature
On Fri, 2011-03-04 at 11:46 -0500, John Wobus wrote:
Hi,
Can a zone file a slave in one view and the same zone file
be served by another view?
It is a bad idea, although I know (from experience) it will work for
static zones. One problem is you need to remember to reload the zone in
both
On Mar 4, 2011, at 8:46 AM, John Wobus wrote:
Hi,
Can a zone file a slave in one view and the same zone file
be served by another view?
You can do this for static master zones, but it's not a good idea for slaves.
Depending on the use case for your internal view, you may be able to solve
On 04.03.11 11:46, John Wobus wrote:
Can a zone file a slave in one view and the same zone file
be served by another view?
in fact, yes. but it apparently won't work as you'd expect.
I'm going to split our authoritative servers into internal
and external views. My question concerns zones
Thanks, I was able to setup a forward zone in the caching servers for
supernet.com and forward to the ns{2,3}.earthlink.net servers.
I will check periodically for their fixing of the zone and then remove
the forward zone in the caching servers.
Is there a simple tool to quickly identify this kind
In message 79391b3d-6106-420b-9056-717a5e5fa...@cornell.edu, John Wobus write
s:
Hi,
Can a zone file a slave in one view and the same zone file
be served by another view?
I'm going to split our authoritative servers into internal
and external views. My question concerns zones that we
On Fri, Mar 04, 2011 at 11:46:05AM -0500, John Wobus wrote:
...
Can a zone file a slave in one view and the same zone file
be served by another view?
...
I assume you mean something like this:
view here {
match-clients { here; };
zone example.us {
type slave;
On Sat, Mar 05, 2011 at 09:36:56AM +1100, Mark Andrews wrote:
...
masters { 127.0.0.1 key external.key; };
...
Hmmm! You can do that, can't you? I tend to try to keep one key to one
IP address in a view - people get confused even so.
As I said, this still does two zone
But in this case, you're asking the authotrative server. Authorative server
answers in answer section, as it knows the answer. Authorative section is
for 'I don't know, ask ...'
The rule above goes for servers which are not authorative for a given zone.
Torinthiel
2011/3/5 Chris Buxton chris.p.bux...@gmail.com:
On Mar 4, 2011, at 8:46 AM, John Wobus wrote:
Hi,
Can a zone file a slave in one view and the same zone file
be served by another view?
You can do this for static master zones, but it's not a good idea for slaves.
Depending on the use case
How sure are we that 9.7.3 fixes CVE-2011-0414?
Because we are seeing behaviour that looks like CVE-2011-0414
on our 9.7.3 server...
Thanks,
John
---
John Hascall, j...@iastate.edu
Team Lead, NIADS (Network
On Mar 4, 2011, at 5:42 PM, terry wrote:
2011/3/5 Chris Buxton chris.p.bux...@gmail.com:
On Mar 4, 2011, at 8:46 AM, John Wobus wrote:
Hi,
Can a zone file a slave in one view and the same zone file
be served by another view?
You can do this for static master zones, but it's not a
How sure are we that 9.7.3 fixes CVE-2011-0414?
Pretty darn sure.
Because we are seeing behaviour that looks like CVE-2011-0414
on our 9.7.3 server...
Please send details to bind9-b...@isc.org.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
2011/3/5 Mark Andrews ma...@isc.org:
So why does ns33.domaincontrol.com answer with ANSWER SECTION rather
than AUTHORITY SECTION?
If you ask with rd=0 (+norec), which is what nameservers do, you
get the referral. Presumably ns33.domaincontrol.com is running
BIND 8 which didn't fully comply
Tested bind 9.4, 9.6, 9.7 and 9.8, 9.8 is only version giving this problem.
The issue is when initiating a, bind only slave, to slave off of a,
dlz/mysql+bind master, debug logs show:
refresh: non-authoritative answer from master
I had set debugging on slave and master all night long on all
On Mar 4, 2011, at 11:34 PM, Joseph S D Yao wrote:
On Fri, Mar 04, 2011 at 06:55:07PM -0800, Chris Buxton wrote:
...
With a static-stub zone (new in BIND 9.8), your server would not prime its
cache with the bad NS rrset from the authoritative server. It would simply
start all query
23 matches
Mail list logo
