On Fri, 2008-11-14 at 17:35 -0800, Chris Buxton wrote:
Use a firewall (with deep packet inspection) to restrict by subnet.
Then use the TSIG key in the allow-update statement.
Unfortunately, to my knowledge, that's the only way to do this.
Wouldn't using a BIND view to restrict by
Chris Thompson schrieb:
On Nov 17 2008, Res wrote:
On Sun, 16 Nov 2008, Jeff Justice wrote:
Well, first part solved. I forgot to change the IP address of our
nameserver at the registrar. Secondary is still not updating though.
options { directory /opt/local/etc/named/;
listen-on
Ack! allow-transfer should never be any
What, never? Why not?
Security issue! You really want everyone to download your zone(s)?
That is a decision for each operator to make. The ability to
transfer a zone is not by itself a security issue.
I guess the question is, what information can
On 2008-11-17 14:25, Holger Honert wrote:
Chris Thompson schrieb:
On Nov 17 2008, Res wrote:
Ack! allow-transfer should never be any
What, never? Why not?
Security issue! You really want everyone to download your zone(s)?
I couldn't care less. If the security of my systems were the least
So it looks like my zone config file, not the actual zone, but the
config statement that is in conf was gone. I added it back in and all
is well now.
I have ran rndc reload so many times, I have no idea how it was
deleted, it is all in one file, not separate files, so it seems
unlikely
Actually, to take this a step further, is there any remote possibility to
combine this with update-policy as well?
I know both questions has been mentioned on the list before with varied
answers but I wanted to raise it again since this was finally figured out.
/Jonathan
On Mon, Nov 17, 2008 at
Yeah it would most likely be a feature request/change.
IIRC update-policy cannot be used in congestion with the allow-update
statement. Personally I prefer the usage of update-policy as I can assign
different business units within my organization to take responsibility for
certain records/record
IIRC update-policy cannot be used in congestion with the allow-update
statement.
My bad--you're right. There's code I'd never noticed before that says
allow-update will be ignored if update-policy is set. Whoops.
(Oddly, the check only applies when both of them are defined in the
zone
Guess I should start digging in the code then :)
On Mon, Nov 17, 2008 at 5:59 PM, Evan Hunt [EMAIL PROTECTED] wrote:
IIRC update-policy cannot be used in congestion with the allow-update
statement.
My bad--you're right. There's code I'd never noticed before that says
allow-update will be
Res wrote:
On Mon, 17 Nov 2008, Jefferson Ogata wrote:
On 2008-11-17 14:25, Holger Honert wrote:
Chris Thompson schrieb:
On Nov 17 2008, Res wrote:
Ack! allow-transfer should never be any
What, never? Why not?
Security issue! You really want everyone to download your zone(s)?
I
Hey, maybe it's time to agree to disagree on this one? If Bert and Ernie can
live together in roommate bliss, I'm sure we can all accept and appreciate
each others differences.
On Mon, Nov 17, 2008 at 7:47 PM, Kevin Darcy [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
Just because
The mailing list conversion requires a little explanation:
* The new one-stop page for all the lists under isc.org is
https://lists.isc.org/mailman/listinfo
Now, can it be configured to strip or reject html rubbish?
___
bind-users mailing
Chris,
Thanks that worked.
RootNet08
On Tue, Nov 18, 2008 at 12:46 AM, Chris Buxton [EMAIL PROTECTED]wrote:
Remove your subnet from the bogons ACL at the beginning.
acl bogons {
! 192.168.16.0/21;
0.0.0.0/8;
[...]
192.168.0.0/16;
[...]
};
Chris Buxton
Professional Services
Men
That reminds me of the debate over V chips/parental controls. People
that DON'T want something think it is the responsibility of others not
to send it to them rather than THEIR own responsibility to block it with
the tools they have.
If you don't want HTML just set up a rule in your mail client
Please disregard. This is working now. Was either an ASA firewall dns
filter which was stopped and restarted during testing or the setting of
both nameservers to run bind9.3.5-P2.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Davenport, Steve
M
On Tue, Nov 18, 2008 at 04:13:35PM +0100, Thomas Manson wrote:
Hi,
Hi,
I've my secondary DNS Server that run bind9 version 9.5.0-P2 (from ubuntu
8.10 server)
Before, I was using the version on ubuntu 8.04 and it was working
successfully with ipv6.
I think BIND from Ubuntu
It's resolving correctly from dnsstuff.com ...
Shawn Somers
Systems Administrator
Skynet BroadBand
(360)802-6657
Steve Koon wrote:
I have one of my zones that is not showing one of the A records when
using Dig anyone know why this is happening?
*emailclickA
Two things:
1. Does change 2469 - solaris: Work around Solaris's select() limitations.
[RT #18769] address the same problem as change 2406 in 9.3.5-P2 - Some
operating systems have FD_SETSIZE set to a low value by default...
[RT #18328]?
If not, what happened to RT #18328?
2. I'm assuming
In message [EMAIL PROTECTED], Scott Haneda write
s:
I have a good deal if lame server errors in my logs, which I am not
entirely understanding.
19-Nov-2008 15:36:34.657 lame-servers: info: lame server resolving
'170.73.234.209.in-addr.arpa' (in '73.234.209.in-addr.arpa'?):
On Wed, Nov 19, 2008 at 09:55:52PM +0100,
Adam Tkac [EMAIL PROTECTED] wrote
a message of 17 lines which said:
If I understand correctly what RFC 4034, section 2.1.1 says ... If
bit 7 has value 1, then the DNSKEY record holds a DNS zone key, and
the DNSKEY RR's owner name MUST be the name of
On Wed, 2008-11-19 at 21:55 +0100, Adam Tkac wrote:
does anyone know if is it possible to sign multiple domains with one
KSK?
Adam,
I suspect your question may need to be more specific.
Are you asking about the signing process itself, or rather
about how
Thomas Schulz wrote:
Change 2489 says to define ISC_SOCKET_USE_POLLWATCH to workaround a
Solaris kernel bug about /dev/poll. How do I know if I should define
this? Should I just assume that if I am running Sloaris 8 then I need
to define ISC_SOCKET_USE_POLLWATCH? Is there any down side to
I am getting on one of my slaves (69.25.129.117) yet on the other I get
the zone to come across from the master. Just a quirk here is that the
.117 slave has to be recycled before the zone comes across yet the .118
comes across when the master is recycle and a change has occurred in one
of the
On Thu, Nov 20, 2008 at 11:55:17AM +,
Chris Thompson [EMAIL PROTECTED] wrote
a message of 33 lines which said:
The text you quote is for DNS publication. But you typically do not
put KSK in the DNS, no?
Sure you do. How could a validator use it if you didn't?
Because it is published
Have you tried looking up the client IP from another line in the logs from the
same time?
-Original Message-
From: Scott Haneda [EMAIL PROTECTED]
Date: Thu, 20 Nov 2008 00:45:26
To: BIND Users Mailing Listbind-users@lists.isc.org
Subject: Re: Help understanding lame server error
On
At Thu, 20 Nov 2008 04:30:00 -0800 (PST),
pollex [EMAIL PROTECTED] wrote:
9.3.4-P1.1 still seems to be a Debian specific version, but if this
is featurewise equivalent to 9.3.5-P1, you should at least upgrade to
9.3.5-P2 (and build it with a large value of ISC_SOCKET_MAXSOCKETS).
In fact,
Once again, Henrik is the man:
http://www.nabble.com/CONNECT-errors-with-2.7.STABLE2-2-td18261153.html
What I'm looking for is a brief, technical explanation of why this
setting defaults to off rather than on. I didn't really get from that
thread why the defaults were the way they were,
On Tue, Nov 25, 2008 at 11:36:36AM +0100, Olivier JUDITH wrote:
Currently use bind 9.2.4.-30.el4 as primary server synchronized with NTP
by a GPS time sources.
recently, bind daemon crash with following error messages in
//var/named/log/general file.
Nov 12 09:41:15.417 general: info:
Problem: when querying asdf.ad.rice.edu, bind sends queries into my local
network (specifically to 10.129.92.100, which is not a ns) which I find
undesirable.
Is there any way to disable this behavior? Is it expected that bind queries
rfc1918 nameserver addresses from non-rfc1918 queries? I
On Nov 25, 2008, at 10:33 PM, Res wrote:
Aa an after-thought, check yor ACL's...normally, IIRC once you do an
rndc reload and changes are detected the master notifies the slaves
right away, I might be wrong but I'm sure it used to do that.
That is what I thought as well, either way, it
Based on your suggestions, I have made a template zone file to base
all new zones on, do you agree with this?
* When I need to change to a low TTL for migration needs, what would
be the approach to that with this template format?
$TTL 1D
@ IN SOA ns1.hostwizard.com.
I'm looking for a way to set a policy that named wont
query
rfc1918 nameserver addresses returned from a non-rfc1918 query.
Would this be
a bad policy?
You could use netmasks with your server statements, like this:
server 10.0.0.0/8 {
bogus yes;
};
server 172.16.0.0/12 {
On Nov 26, 2008, at 11:49 AM, David Sparks wrote:
However, if you're concerned, it's pretty easy to set up a more
secure
infrastructure. Put a resolver (resolving name server) at the edge of
your network (in a DMZ, presumably) that knows nothing of internal
domains (nor IP address space). It
A border router knows what is inside and outside your network, while
a DNS server does not. Important difference.
You're missing the point. This is not about inside and outside networks, it
is about rfc1918 responses from internet queries.
I'm afraid I have seen too many organizations
--- Davenport, Steve M [Mon, Dec 01, 2008 at 05:03:06PM -0500]: ---
I have a server running Solaris10 and bind9.3.6 compiled with gcc3.3.2. The
build was done with ./configure, make. The image size seems rather large at
10637668 bytes vs 4459328 bytes on a different Solaris10 system. Any
At Mon, 10 Nov 2008 09:54:19 -0800,
Chris Buxton [EMAIL PROTECTED] wrote:
A logging category that logged not just incoming queries, but also
outgoing queries, and also the responses sent/received to these
queries, would be really handy. It doesn't need to log the whole
packet (except at
At Fri, 21 Nov 2008 11:11:17 +0100,
Marco Michelino [EMAIL PROTECTED] wrote:
I have a recursive dns server that sometimes returns errors on queries
even if the requested domain exists:
# dig @myserver agriturismolacapraccia.it mx
[snip]
My log file shows no error... how can I debug the
how about llnwd.net
can you ping dns11.llnwd.net from that box?
I believe there's that routing issue, I've troubleshooted this kind of problem
in one ISP, my immediate resolution is to have a conditional forwarding for
that domain only to openDNS.
Thanks!
--- On Wed, 12/3/08, JINMEI Tatuya
ivan jr sy wrote:
hi all,
what about performance issues? if BIND considers additional logging and DNS
admins unwittingly turn ON logging of queries (just by issuing rndc querylog)
and other future logging categories, it somehow degrades the performance of
BIND.
as i've tested BIND 9.5.0-P2
Greetings:
SIP (NAPTR and ENUM) uses a DNS like structure. Does BIND support
these data types? Are there any references?
Regards,
Gregory Hicks
-
Gregory Hicks | Principal Systems Engineer
Hi dear
Pls help me for bind9
孙睿 / Rui Sun
-Original Message-
From: Sue Graves [mailto:[EMAIL PROTECTED]
Sent: Friday, November 21, 2008 12:48 AM
To: Sun, Rui (IT Operation Director)
Cc: [EMAIL PROTECTED]
Subject: Re: Pls help me for bind9
As BIND is Open Source
Scott Haneda [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Before I go out on a limb, I wanted to ask those who know more about
this than I do. I added a zone change to my primary server, in this
case, setting the TTL's pretty low, as things were going to move
around a bit in the
At Fri, 7 Nov 2008 07:18:27 -0800 (PST),
paulpsmith [EMAIL PROTECTED] wrote:
I'm fairly new to BIND, but have a pretty good understanding of DNS
and other protocols. I have been trying to make something work for
about a week now and can't figure it out. Is it possible to have a
cache only
Date: Wed, 26 Nov 2008 21:09:53 +0100 (CET)
To: [EMAIL PROTECTED]
Subject: Re: rfc1918 ns records coming from internet are queried?
From: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
A border router knows what is inside and outside your network, while
a DNS server does not. Important
Due to technical difficulties, a number of messages were being held in
the moderation queue. These postings have now been cleared out (some
may be duplicates, for which I apologize).
We are still working out a couple of minor kinks in the move to the new
mailing list system.
Thanks for your
In article [EMAIL PROTECTED],
Mark Andrews [EMAIL PROTECTED] wrote:
Disk i/o is just glacially slow when compared to network
i/o. To get disk logging up to network speeds you need to
throw away a lots of it.
Which suggests that having filtering built into the logging might
Hello,
Is there any way to make Bind check the server's availability before send back
responses to clients?
ie, given the domain name www.site.com was pointed to 1.1.1.1 and 2.2.2.2 in
Bind.
When a client query for www.site.com, Bind will check the health status for
these two servers. If one
On Wed, Dec 03, 2008 at 10:53:43PM +0800,
Ken DBA [EMAIL PROTECTED] wrote
a message of 21 lines which said:
ie, given the domain name www.site.com was pointed to 1.1.1.1 and
2.2.2.2 in Bind. When a client query for www.site.com, Bind will
check the health status for these two servers. If
Subject: FW: Pls help me for bind9
Date: Fri, 21 Nov 2008 10:25:49 +0800
From: Sun, Rui \(IT Operation Director\) [EMAIL PROTECTED]
To: bind-users@lists.isc.org
Hi dear
Pls help me for bind9
What problem are you having?
What does your named.conf look like? your zone files?
That ought to work, and work well.
This will not impact outside name servers that query your name server,
because they send iterative queries. If they're sending recursive
queries, they're abusing your server. I can't see any problems with this
approach.
If you have authoritative data in the
On Fri, 2008-11-21 at 21:10 -0800, [EMAIL PROTECTED] wrote:
Hello. I have two geographically different datacenters. Each
datacenter has two instances of BIND.
There is one master out of these four. The zones will have multiple
A records (pointing to the two datacenters to provide some
At Tue, 2 Dec 2008 05:17:17 -0800 (PST),
pollex [EMAIL PROTECTED] wrote:
Hi Jinmei I have followed your advice and I have installed and
compiled the Bind 9.3.6 with the following command:
STD_CDEFINES=-ISC_SOCKET_FDSETSIZE=4096 ./configure --prefix=/usr/
local/bind9.3.6 --enable-threads
But
Shouldn't the server statement in options/view do the trick?
/Jonathan
On Wed, Dec 3, 2008 at 12:04 PM, Todd Snyder [EMAIL PROTECTED] wrote:
Try the listen-on directive.
Read more here:
http://books.google.com.hk/books?id=zkZN52WhG8sCprintsec=frontcoverdq=
What we used to do is we had 2 masters. After an update was done on one of
them, we ran a perl script that would scp the db files to the other and then
send rndc reload to itself and the other master. That way both were always
up to date. It seems like if you had one master and one slave at each
In message [EMAIL PROTECTED]
t, Alberto Colosi/SI/RM/GSI/it writes:
why not? beter handled by isc and done in a clean way then 1.000.000 of
dirty ways as these ;)
Please go read RFC 5358. No where in there does it say to
drop responses. If we though that dropping queries was
better to use an ftps then an sftp.
use
vsftpd with SSL compile option
GNU lftp
lftp is really simple and can be configured to bypass RSA CA verify sso to
allow selfsigned and many other settings.
The difference is that if you lose RSA keys or in all cases, using the RSA
keys to allow SCP,
Not really. The server statement modifies how named talks to other
nameservers, it doesn't affect what addresses are listened on.
- Kevin
Jonathan Petersson wrote:
Shouldn't the server
Ken DBA wrote:
Hello,
Is there any way to make Bind check the server's availability before send back
responses to clients?
ie, given the domain name www.site.com was pointed to 1.1.1.1 and 2.2.2.2 in
Bind.
When a client query for www.site.com, Bind will check the health status for
these two
On Dec 3, 6:26 pm, Mark Andrews [EMAIL PROTECTED] wrote:
If it is a forged packet it should be dropped regardless of the setting
of RD.
True, however not something that's easily determined from a distance.
Ideally ingress filtering would render this a non-issue, however
there obviously holes
Dear Team
We need BIND 9.3.5-P2 version. But we are not getting the Download
link.Kindly provide me the link. so that we can download this version,.
Thanks regds
Abhilash
This e-mail and any files transmitted with it are for the sole use of the
intended recipient(s) and may contain
On 3 dic, 21:08, Mark Andrews [EMAIL PROTECTED] wrote:
In message [EMAIL PROTECTED],
pollex writes:
Hi Jinmei I have followed your advice and I have installed and
compiled the Bind 9.3.6 with the following command:
STD_CDEFINES=-ISC_SOCKET_FDSETSIZE=4096 ./configure --prefix=/usr/
Huh?
sftp uses secure transport as does scp and both use the same keys as
ssh. I can see no way in which ftps would be viewed as superior.
Exactly how are you losing RSA keys and if you do aren't you more
concerned that you can no longer ssh into the box?
BIND 9.5.1rc1 is now available.
BIND 9.5.1rc1 is a maintenance release candidate for BIND 9.5.
BIND 9.5.1rc1 can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.5.1rc1/bind-9.5.1rc1.tar.gz
The PGP signature of the distribution is at
Hello,
We are running a commercial site. We want bind to execute some additional
actions before the response, listed as below:
1) Client querys for www.site.com's ARR.
2) Bind gets client's IP, and calculate something based on this IP.
3) If IP matchs condition A, return the ARR of www.site.com
refer to 'split' DNS using views
here's something:
http://www.zytrax.com/books/dns/ch7/view.html
in a nutshell.. you have to
- have 2 views, same zone per view
- either have two different zone files... and maintain it separately. (or you
may have two zone files and segregate the differences,
Depending on the rules you intend to use, you may find that BIND simply
isn't suited to this purpose. You may need to write your own name server
implementation, using a set of F5 appliances, or something else.
If you do this, you are probably best off handling as much as you can
using BIND, and
--- On Fri, 12/5/08, Chris Buxton [EMAIL PROTECTED] wrote:
An example that you may find useful as a starting point is
lbnamed. It's
old and probably has some bugs in its protocol handling,
but it does
something along the lines that you're looking for.
Thanks for the info.
I have
--- On Fri, 12/5/08, ivan jr sy [EMAIL PROTECTED] wrote:
From: ivan jr sy [EMAIL PROTECTED]
Subject: Re: how to archieve this?
To: bind-users [EMAIL PROTECTED], [EMAIL PROTECTED]
Date: Friday, December 5, 2008, 12:05 PM
refer to 'split' DNS using views
here's something:
While I have no experience with the performance of lbnamed, I have heard
that the resolving name servers used by OpenDNS run a name server
program written in Perl. (I forget the name of the package.)
Performance is a problem that can be overcome with optimizations and by
throwing more hardware at
Or, does Bind developer group provide commercial development for this purpose?
We can pay for it.
--- On Fri, 12/5/08, Chris Buxton [EMAIL PROTECTED] wrote:
From: Chris Buxton [EMAIL PROTECTED]
Subject: Re: how to archieve this?
To: bind-users bind-users@lists.isc.org
Date: Friday,
If you have money to spend, just buy a commercial load-balancing solution.
- Kevin
Ken DBA wrote:
Or, does Bind developer group provide commercial development for this purpose?
We can pay for it.
--- On Fri, 12/5/08, Chris Buxton [EMAIL PROTECTED] wrote:
From: Chris Buxton [EMAIL
Hi,
I would like to enable view based for only few particular hosts.
Is there any to to match zone name i.e domain name (not match-destination
cause ip of webserver is same for all zone).
With Regards
Nabin Limbu
___
bind-users mailing list
At
https://www.isc.org/software/bind/documentation/arm95#view_statement_grammar
you can see that you can specify the clients that get a certain view
Hope this helps.
Regards,
Serge Fonville
On Fri, Dec 5, 2008 at 10:35 AM, Nabin Limbu [EMAIL PROTECTED] wrote:
Hi,
I would like to enable
Have you considered dynamically regenerating view definitions based on your
rules?
If the results of your rules are stable for minutes at a time, it may work.
Regards,
Chris.
2008/12/5 Ken DBA [EMAIL PROTECTED]
--- On Fri, 12/5/08, Kevin Darcy [EMAIL PROTECTED] wrote:
From: Kevin Darcy
There is a windows box configured to use your domain name
and it is trying to lookup/update the active directory
configuration.
Send a Cease and Desist letter stating that you are the
registered owner of the domain name in question and they
should
Michael Milligan wrote:
[Note: this is really off-topic for bind-users...]
How a Microsoft Active Directory controller works and what it does is
indeed off-topic in this news group. Your nudging is noted.
In my defense however, I could't have known this without the answer,
having only a
named-checkzone calls getaddrinfo() to lookup addresses of servers
which are not in the zone. That lookup has failed.
For a start I would fix this delegation error. The NS RRset on both
sides of the delegation should be the same.
capmark.com.172800 IN NS ns1.gmaccm.com.
On Dec 7 2008, Mark Andrews wrote:
named-checkzone calls getaddrinfo() to lookup addresses of servers
which are not in the zone. That lookup has failed.
For a start I would fix this delegation error. The NS RRset on both
sides of the delegation should be the same.
capmark.com.
Greetings all. Is it possible to set up BIND in such a way that if there are
multiple A-records for a specific host, instead of returning all of them in
response to a request and only changing the order with every second request,
the server only returns one A-record, and varies that A-record
In article [EMAIL PROTECTED],
Dustin Lovell [EMAIL PROTECTED] wrote:
Certain browsers hitting our web application don't like having two A-records
handed to them (I'm still in the process of figuring out why), and much
prefer the first example above.
Really? So these browsers can't access
Hello!
I test patch, add to bind95/Makefile
.if (${ARCH} == amd64)
ARCH= x86_64
.endif
work/bind-9.5.0-P2/config.log
uname -m = amd64
/usr/bin/uname -p = amd64
Target: amd64-undermydesk-freebsd
Configured with: FreeBSD/amd64 system compiler
ISC_ARCH_DIR='x86_32'
Hi
can you verify if you're using the newly installed named.
did you configure your options to replace the base?
can you give us:
ldd /usr/sbin/named
ldd /usr/local/sbin/named
to my understanding, there should be no memory leak issue at all if you disable
threads..
this post has always been
Hello,
I noticed that one of our nameservers is no longer responding with the
correct address externally. The server is ns-2.hosp.utmck.edu and is
listed as a server in the registration record for utmck.edu. The address
should be 165.6.6.27 but a dig/nslookup from an external site returns
-Original Message-
From: JINMEI Tatuya / 神明達哉 [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 09, 2008 3:38 PM
To: Vinny Abello
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: dnsperf and BIND memory consumption
At Tue, 9 Dec 2008 15:26:25 -0500,
Vinny
Dustin Lovell wrote:
Certain browsers hitting our web application don't like having two A-records handed to them (I'm still in the process of figuring out why),
Yeah, you really need to dig into that further, since we have *hundreds*
of multi-A-record names, and we've never run into any
Davenport, Steve M wrote:
Hello,
I noticed that one of our nameservers is no longer responding with the
correct address externally. The server is ns-2.hosp.utmck.edu and is
listed as a server in the registration record for utmck.edu. The address
should be 165.6.6.27 but a dig/nslookup from
Memory statistic
start - 570M
1 min - 913M
2 min - 958M
3 min - 1092M
4 min - 1074M
5 min - 1082M
10 min - 1217M
15 min - 1234M
60 min - 1513M
max-cache-size 800M;
Port installed only with Threads parameter, and patch in Makefile
.if (${ARCH} == amd64)
ARCH= x86_64
.endif
JINMEI Tatuya / 神明達哉 wrote:
At Tue, 09 Dec 2008 18:05:27 +0300,
Dmitry Rybin [EMAIL PROTECTED] wrote:
I test patch, add to bind95/Makefile
.if (${ARCH} == amd64)
ARCH= x86_64
.endif
Future versions of BIND9 will support amd64 in its configure script to
workaround the FreeBSD
Hi,
is it possible to see your named.conf
what is the methodology of the test? is it for authoritative queries?
recursive? or both? at the same time?
my patch for the port is the same as yours...
thanks!
===
.if ${ARCH} == amd64
ARCH=x86_64
.endif
--- On Thu, 12/11/08, Dmitry
On Oct 25 2008, Stephane Bortzmeyer wrote:
On Fri, Oct 24, 2008 at 08:14:42PM +1100,
Mark Andrews [EMAIL PROTECTED] wrote
a message of 38 lines which said:
Because the Atlas servers are based on old code and because
there are delegations that only work in COM and NET because
I frequently send short messages to some cellphone users on
tmomail.net. Several weeks ago I started noticing that bind is having
problems keeping records for tmomail once they get stale. Specifically
the MX record. If I restart bind, I can immediately get the MX record
again.
I'm running
In article [EMAIL PROTECTED],
David Ford [EMAIL PROTECTED] wrote:
I frequently send short messages to some cellphone users on
. Several weeks ago I started noticing that bind is having
problems keeping records for tmomail once they get stale. Specifically
the MX record. If I restart bind,
Sam Wilson wrote:
I hadn't noticed it but all the records in the response to a request for
the MX for tmomail.net have a TTL of 60 seconds, that's the MX record,
the NS authority record and the additional A record. The names in the
delegation NS records for for tmomail.net are different
I did some testing with this couple a months ago and it seams like AD is
following the NS directive in the SOA.
The design I used in my test-case was to put AD as an authoritative updater
of the specified zone on my master, once updated the BIND master was
responsible for updating the slaves.
Nicholas F Miller [EMAIL PROTECTED] wrote:
I have a couple of questions regarding how a Microsoft domain
controller updates a dynamic zone.
1 ) When a domain controller tries to update the zone does it try the
DNS servers it has listed in its network settings or does it follow
the SOA for
At Wed, 10 Dec 2008 15:50:22 +0300,
Dmitry Rybin [EMAIL PROTECTED] wrote:
JINMEI Tatuya / 神明達哉 wrote:
At Tue, 09 Dec 2008 18:05:27 +0300,
Dmitry Rybin [EMAIL PROTECTED] wrote:
I test patch, add to bind95/Makefile
.if (${ARCH} == amd64)
ARCH= x86_64
.endif
Future
Barry Jonathan,
Thanks for the quick replies. your responses go along with my findings
as well. I am trying to clean up some of our configs. The DDNS zones
just didn't look right to me and I wanted to confirm what I was
thinking.
Jonathan, I tested things on a test DC by pointing it at
On Wed, Dec 10, 2008 at 4:00 PM, Mark Andrews [EMAIL PROTECTED] wrote:
In message [EMAIL PROTECTED], Nicholas F
Mille
r writes:
I have a couple of questions regarding how a Microsoft domain
controller updates a dynamic zone.
1 ) When a domain controller tries to update the zone does
I'm migrating away from my 12 year old Solaris master DNS server to a
new Linux based master server. I'm looking for suggestions on how to
make the transition smooth without any downtime. The IP address of the
new server will be different and so will be the hostname that will
show up in the whois
Step 1: Set up the new master as a clone of the old master.
Step 2: Reconfigure/demote the old master to the status of slave. All
other slaves will continue to get updates from the old master/new
slave, and the magic of DNS notify will make replication from new
master to old master to
1 - 100 of 30373 matches
Mail list logo