After a BIND server (BIND 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4) rebuild and a
thorough review of the ASA firewall configuration (to allow UDP 53 512), I
continue to get resolution errors and/or extreme resolution delays caused by an
unknown factor but as evidence by EDNS disabling for misc
Hello James,
James Tingler james.ting...@contr.netl.doe.gov writes:
E.g.
Sep 17 15:32:01 PROD55-DNS2 named[27503]: error (network unreachable)
resolving 'www.amazon.com/A/IN': 2610:a1:1017::1#53
Sep 17 15:32:08 PROD55-DNS2 named[27503]: error (network unreachable)
resolving
On 19/09/12 17:26, James Tingler wrote:
Thanks for the reply Carsten. This didn't make a difference but
potentially I'm using the parameter incorrectly (no errors though).
same problems..
Sep 19 15:25:22 PROD55-DNS2 named[3676]: success resolving 'cnn.com/A'
(in 'cnn.com'?) after disabling
Hello James,
James Tingler james.ting...@contr.netl.doe.gov writes:
Thanks for the reply Carsten. This didn't make a difference but
potentially I'm using the parameter incorrectly (no errors though).
/etc/rc.d/init.d/named start -4
no, it does not work that way.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/19/2012 11:26 AM, James Tingler wrote:
Thanks for the reply Carsten. This didn't make a difference but
potentially I'm using the parameter incorrectly (no errors
though).
/etc/rc.d/init.d/named start -4
tailing logs during service
On 9/18/12 6:02 PM, Mark Andrews wrote:
Name servers cannot be cnames. The DNS protocol cannot be made to
work reliably when they are CNAMEs without changing the definition
of glue and the additional section processing rules. CNAME records
are NOT added as glue, A and are added as glue.
On 9/18/12 6:02 PM, Mark Andrews wrote:
If you want the nameservers to be ns1.peak.org and ns2.peak.org
update the NS records and update the delegation.
PS: FWIW, I already have this in process...
smime.p7s
Description: S/MIME Cryptographic Signature
My guess is that MS DNS is failing to treat the authoritative CNAME result from
the www.careerone.com.au servers (which shouldn't even be authoritative) as
more trustworthy than the NS records it received in the referral from the
parent zone. This then causes that CNAME record to be rejected,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2012-09-19 at 11:26 -0400, James Tingler wrote:
/etc/rc.d/init.d/named start -4 tailing logs during service start:
Sep 19 15:22:13 PROD55-DNS2 named[3676]: using default UDP/IPv4 port
range: [1024, 65535]
Sep 19 15:22:13 PROD55-DNS2
9 matches
Mail list logo
