Re: rfc1918 ns records coming from internet are queried?

2008-11-26 Thread Chris Buxton
to the server on the edge of your network. Have client machines send queries to the internal resolver, not to the edge resolver. This way, there is complete separation between inside and outside resolution. A referral from an outside domain with a glue record pointing inside is ignored. Chris

Re: rfc1918 ns records coming from internet are queried?

2008-11-26 Thread Chris Buxton
; }; server 192.168/16 { bogus yes; }; allow-query { 127.0.0.1; }; }; Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Dropping external recursive requests

2008-12-03 Thread Chris Buxton
in the third view, make sure that when the first view wants to look it up, its iterative query to the server machine itself is routed through to the third view (rather than being captured by the first view). Chris Buxton Men Mice On Tue, 2008-12-02 at 17:10 -0800, [EMAIL PROTECTED] wrote: Our DNS server

Re: How to modify A records on the slave when master is down?

2008-12-03 Thread Chris Buxton
, and simply switch over to it. Chris Buxton Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: how to archieve this?

2008-12-04 Thread Chris Buxton
and NS). (Not all special-purpose name servers correctly handle apex records, but that's a bad thing.) An example that you may find useful as a starting point is lbnamed. It's old and probably has some bugs in its protocol handling, but it does something along the lines that you're looking for. Chris

Re: how to archieve this?

2008-12-04 Thread Chris Buxton
at the problem. Chris Buxton Men Mice On Fri, 2008-12-05 at 13:54 +0800, Ken DBA wrote: --- On Fri, 12/5/08, Chris Buxton [EMAIL PROTECTED] wrote: An example that you may find useful as a starting point is lbnamed. It's old and probably has some bugs in its protocol handling

Re: DNS Master server migration.

2008-12-10 Thread Chris Buxton
and do so in all locations: registration records (delegation and glue records at parent zone(s)), zone NS records, possibly even the old master's A record. Wait a few days after doing this before... Step 6: Finally retire the old master. Chris Buxton Men Mice On Dec 10, 2008, at 10:00 PM

Re: DDNS on SOA

2008-12-11 Thread Chris Buxton
. Chris Buxton Men Mice On Dec 11, 2008, at 12:29 PM, Peter Kringle wrote: Is it possible to update the SOA record of a zone via ddns update? Or do I have to shut bind down complete to change the SOA. Specifically the refresh timer. Thanks -- Peter (K0VX) http://www.planetnet.org 2CFF D38A

Re: MIME garbage in comp.protocols.dns.bind

2008-12-12 Thread Chris Buxton
and attachments. This is no doubt the change that's causing this problem with usenet. Chris Buxton Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: logs

2008-12-23 Thread Chris Buxton
On Dec 20, 2008, at 11:59 PM, billious wrote: Chris Buxton says what?: /etc/default/sysklogd Would that not be: /etc/default/syslogd ? Sorry, you are correct. My mistake. Chris Buxton Professional Services Men Mice ___ bind-users mailing list

Re: problem with nsupdate

2009-01-08 Thread Chris Buxton
for most or all other categories, when those categories are not explicitly set. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: named configuration

2009-01-08 Thread Chris Buxton
/documentation/arm95#Bv9ARM.ch04 https://www.isc.org/software/bind/documentation/arm95#dynamic_update_security Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: named configuration

2009-01-08 Thread Chris Buxton
. They may have some other method to allow you to manage the DNS records for your server. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Named goes deaf

2009-01-09 Thread Chris Buxton
to be configured before starting named. We have seen named's TCP port go deaf over time on Mac OS X, without any reboot in between. We have not been able to find a reason, but it may be that if the port is inactive for a long period of time, something may close or block it. Chris Buxton Professional

Re: Named goes deaf

2009-01-09 Thread Chris Buxton
On Jan 9, 2009, at 12:03 PM, Scott Haneda wrote: On Jan 9, 2009, at 9:38 AM, Chris Buxton wrote: On Jan 9, 2009, at 3:14 AM, Scott Haneda wrote: It is getting important to know if you are on Mac OS X, if you are, this may have been solved, and somehow, I overlooked it. It appears launcd

Re: [openSuSE 11.1] the working directory is not writable

2009-01-12 Thread Chris Buxton
to /var/lib/named (the chroot dir root) itself. This way, you can disable the chroot jail and nothing breaks. (/etc/ named.conf is copied into the chroot environment every time you (re)start named with the init script.) Chris Buxton Professional Services Men Mice

Re: Multiple PTR records

2009-01-15 Thread Chris Buxton
need a PTR record. The main thing i don't want to break forward - reverse symmetry cause there are some sanity checks about this (like in spamfiltering). Right, your mail server ought to have a PTR record. Your web server, however, does not need it. Chris Buxton Professional Services Men Mice

Re: local zone forward

2009-01-20 Thread Chris Buxton
You can't. You can, however, create more specific zones (mail.zone.tld.) rather than the overlapping zone (zone.tld.). Chris Buxton Professional Services Men Mice On Jan 20, 2009, at 3:41 AM, Mikel Jimenez wrote: Hello I have a question relationated to forwarding. I have db.myzone.com

Re: forwarding but no recursion?

2009-01-20 Thread Chris Buxton
{ 192.5.5.241; 192.228.79.201; 192.33.4.12; }; file root.zone; allow-query { none; }; allow-transfer { none; }; }; zone example.fr { type forward; forwarders { ... }; forward only; }; __ Chris Buxton Professional

Re: How to create the TSIG?

2009-02-05 Thread Chris Buxton
signed updates, and since the slaves will forward signed updates unmodified (signatures intact), you do not need to secure this ACL. Chris Buxton Professional Services Men Mice On Feb 4, 2009, at 2:23 PM, Michelle Konzack wrote: Hello, since the french authorities (current government has

Re: How to create the TSIG?

2009-02-06 Thread Chris Buxton
over it, just to be sure. Chris Buxton Professional Services Men Mice On Feb 6, 2009, at 8:47 AM, Michelle Konzack wrote: Hello Chris, thank you for the HOWTO... now it is more clear. OK, there are some stange things happen to my master DNS @home. Since I it seems I had a nsupdate from my

Re: bind9-default.md5sum file

2009-02-09 Thread Chris Buxton
one or the other of these on which named was crashing frequently; just rebuilding from the stock source has fixed it every time. Chris Buxton Professional Services Men Mice On Feb 7, 2009, at 1:48 PM, Declan Mullen wrote: Hi I'm running bind on Debian Lenny. Does anyone know what the file

Re: rrset-order and resolvers

2009-02-11 Thread Chris Buxton
? This is normal behavior for a resolving name server. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: name server zone list

2009-04-03 Thread Chris Buxton
every zone being loaded on my server (including empty zones). I agree with Rick Dicaire that this should not be done as a zone at all. Instead, this should be implemented in rndc. I do agree with the premise that it would be nice to be able to have a list of all zones on the server. Chris

Re: name server zone list

2009-04-03 Thread Chris Buxton
the archives for Kevin Darcy's documentation of using PTR records for this purpose, because PTR records take advantage of domain name compression. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https

Re: C/C++ version Load balancer DNS

2009-04-03 Thread Chris Buxton
, if it were me, I would start my search at the F5 website. http://www.f5.com/solutions/availability/ Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: C/C++ version Load balancer DNS

2009-04-03 Thread Chris Buxton
On Apr 3, 2009, at 4:31 PM, MSP wrote: On Apr 3, 4:11 pm, Chris Buxton cbux...@menandmice.com wrote: Using DNS, I want to do load balancing of client requests among my available servers dynamically. In realtime requirements, any/many servers among the configured me be down or overloaded

Re: Trouble configuring forwarders for reverse zones.

2009-04-08 Thread Chris Buxton
artificial subzones elsewhere and can contain the CNAME or DNAME records needed to rename the PTR records into the subzone. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman

Re: IP redirection

2009-04-08 Thread Chris Buxton
at the HTTP level. With your example, DNS is not consulted by the browser at all. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Trouble configuring forwarders for reverse zones.

2009-04-08 Thread Chris Buxton
a $GENERATE statement: $GENERATE 1-14 1 CNAME 1.0/28 I have omitted the origin here for brevity. Chris Buxton Professional Services Men Mice On Apr 8, 2009, at 8:45 AM, M-lists wrote: Apologies, I meant 10.1.1.0/28 not /24. The addresses used are arbitrary, as I don't like detailing my network

Re: Regexp to match RR's

2009-04-08 Thread Chris Buxton
are anonymous - there's no audit trail. For compliance reasons, it's valuable to have such updates submitted through a tool that logs them (user, timestamp, actions, user comment), even if the tool then sends them on to the DNS server via dynamic updates. Chris Buxton Professional Services Men

Re: Regexp to match RR's

2009-04-08 Thread Chris Buxton
syntax, enforcing privileges, and logging all activity, it can be fine. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Trouble configuring forwarders for reverse zones.

2009-04-09 Thread Chris Buxton
. They don't have the subnet mask in them. Chris Buxton Professional Services Men Mice -Original Message- From: Chris Buxton [mailto:cbux...@menandmice.com] Sent: 08 April 2009 18:20 To: Callum Millard Cc: Bind Users Mailing List Subject: Re: Trouble configuring forwarders for reverse zones. You

Re: about ns record in child domain

2009-04-11 Thread Chris Buxton
.) You've confused NS records with A records. Create the NS record; omit the A record. cdn.example.com. IN NS otherdns.example.com. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org

Re: about ns record in child domain

2009-04-12 Thread Chris Buxton
On Apr 11, 2009, at 9:08 PM, Tech W. wrote: --- On Sun, 12/4/09, Chris Buxton cbux...@menandmice.com wrote: You've confused NS records with A records. Create the NS record; omit the A record. cdn.example.com. IN NS otherdns.example.com. Thanks Chris. Do you mean in a zone, we have a NS

Re: about resolving on a child zone

2009-04-13 Thread Chris Buxton
, not to example.com. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: about resolving on a child zone

2009-04-13 Thread Chris Buxton
On Apr 13, 2009, at 5:29 PM, Tech W. wrote: --- On Tue, 14/4/09, Chris Buxton cbux...@menandmice.com wrote: From: Chris Buxton cbux...@menandmice.com Subject: Re: about resolving on a child zone In this case, the answer is that your main zone (example.com) will have an error, because

Re: about resolving on a child zone

2009-04-14 Thread Chris Buxton
are address records that belong to the subzone but are present to support the delegation itself. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: bind9: unknown RR type, unknown class/type errors

2009-04-14 Thread Chris Buxton
. is being parsed as a record type. Check the file again and make sure you have a $ before ORIGIN. Or better yet, take out the $ORIGIN statement, as it's completely unnecessary. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind

Re: Zone updated in one view served from another view

2009-04-15 Thread Chris Buxton
, this is not a reason - you can just specify with the allow-update statement who is allowed to send it dynamic updates. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman

Re: can bind filter the result

2009-04-20 Thread Chris Buxton
. If you can't filter it by domain name, then DNS-based filtering is not the answer. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: DR bind

2009-04-22 Thread Chris Buxton
to replace the dead master. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: How to forward domain totally not using CNAME?

2009-04-28 Thread Chris Buxton
, only *.example.com (and forwards them to *.example2.com, not example2.com). Replicate the example2.com records (A record, MX record, whatever) for example.com. It's the only thing you can do. Chris Buxton Professional Services Men Mice ___ bind

Re: Mass update of TTL and serial

2009-05-02 Thread Chris Buxton
(or inline TTL, as Noel put it). Chris Buxton Professional Services Men Mice On May 2, 2009, at 5:12 PM, Scott Haneda wrote: On May 2, 2009, at 4:25 PM, Noel Butler wrote: On Sun, 2009-05-03 at 08:39, Scott Haneda wrote: I client of mine has thousands of DNS zones that will need a ttl chance

Re: Delegation not working

2009-05-07 Thread Chris Buxton
will recurse to the subzone rather than forwarding to the outside world. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Delegation not working

2009-05-07 Thread Chris Buxton
Your delegation $GENERATE'd records don't cover this query. You've delegated 0.10.10.in-addr.arpa, but not 2.0.10.in-addr.arpa. Chris Buxton Professional Services Men Mice On May 7, 2009, at 12:18 PM, Mike Bernhardt wrote: I had already tried that to no avail: dig @athena -x 10.0.2.252

Re: Delegation not working

2009-05-07 Thread Chris Buxton
is applied normally to the results of the $GENERATE, and so you get 0.10.10.in- addr.arpa, not 0.1010. The extra dot between the first and second 10's is implied as part of the application of the origin. Chris Buxton Professional Services Men Mice On May 7, 2009, at 12:42 PM, Ben Bridges wrote

Re: Delegation not working

2009-05-07 Thread Chris Buxton
athena have trouble querying those two servers? Try this from athena itself: dig +norec -x 10.0.2.252 @148.165.126.87 dig +norec -x 10.0.2.252 @10.2.242.222 Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users

Re: dig printout doesn't appear to match reality

2009-05-16 Thread Chris Buxton
-center.k12.ia.us ns +noall +answer ; (2 servers found) ;; global options: printcmd sioux-center.k12.ia.us. 83030 IN NS ns1.netins.net. sioux-center.k12.ia.us. 83030 IN NS ns2.mtcnet.net. sioux-center.k12.ia.us. 83030 IN NS ns1.mtcnet.net. Chris Buxton

Re: match-recursive-only vs configured zones

2009-05-19 Thread Chris Buxton
On May 19, 2009, at 10:50 AM, Matus UHLAR - fantomas wrote: On May 19, 2009, at 9:45 AM, Matus UHLAR - fantomas wrote: I'd like to know how does match-recurtsive-only view interact with configured zones. On 19.05.09 10:25, Chris Buxton wrote: The order of views matters. The first one matched

Re: bind 9.4.2 secondary refusing request

2009-05-19 Thread Chris Buxton
. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: dig return values

2009-05-22 Thread Chris Buxton
at the specified address. In the third example, the name given for the server to query is invalid. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: named querylog, cache hit

2009-05-24 Thread Chris Buxton
. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: do I have this wrong?

2009-05-30 Thread Chris Buxton
are (a) a rule about preferring authoritative data to cached data, and (b) two rules that form part of the basic credibility tests of a resolving name server. More complete and formal versions of the rules for these situations exist in the RFC's. Chris Buxton Professional Services Men Mice

Re: allow query or recursive?

2009-06-01 Thread Chris Buxton
{ localhost; localnets; }; allow-recursion { localhost; localnets; }; My guess is that the OP was being tripped up by the default for allow- recursion. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org

Re: Trying to understand DNSSEC and BIND versions better

2009-06-10 Thread Chris Buxton
On Jun 10, 2009, at 7:01 PM, Chris Adams wrote: Once upon a time, Chris Buxton cbux...@menandmice.com said: On the other hand, the builds from the Linux vendors have been less than perfectly stable at moderately high levels of traffic. Rebuilding from stock source code has always fixed

Re: Trying to understand DNSSEC and BIND versions better

2009-06-12 Thread Chris Buxton
On Jun 12, 2009, at 1:50 AM, Adam Tkac wrote: On Wed, Jun 10, 2009 at 08:37:52PM -0700, Chris Buxton wrote: A few of our customers, running servers that they describe as experiencing high traffic (by their own standards), have had to have us rebuild BIND from the stock source code for them

Re: Assistance with reverse lookup zone

2009-06-12 Thread Chris Buxton
.in-addr.arpa. 86400 IN NS ns1.blue-dot.ca. ;; Query time: 118 msec ;; SERVER: 64.187.3.170#53(64.187.3.170) ;; WHEN: Fri Jun 12 12:03:34 2009 ;; MSG SIZE rcvd: 161 Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users

Re: Questions about DNAME records

2009-06-15 Thread Chris Buxton
a CNAME chain (an alias of an alias of a third, referenced name), which then causes resolution to continue with the referenced name. (Is this what you meant by forwarding?) Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind

Re: Validating a DNSSEC installation

2009-06-17 Thread Chris Buxton
On Jun 16, 2009, at 4:08 AM, Chris Thompson wrote: On Jun 15 2009, Chris Buxton wrote: On Jun 13, 2009, at 4:59 AM, Erik Lotspeich wrote: Is it normal that a validating resolver can't validate a domain it is authoritative for? Absolutely. As Alan Clegg wrote not long ago on this list, You

Re: Questions about DNAME records

2009-06-18 Thread Chris Buxton
On Jun 18, 2009, at 9:08 AM, Joseph S D Yao wrote: On Thu, Jun 18, 2009 at 07:44:38AM -0700, Chris Buxton wrote: ... Setting aside the DNAME record, what you're trying to accomplish is something frequently requested - a private overlay on an otherwise public zone that doesn't obscure

Re: Dynamic DNS and Slave Servers

2009-06-18 Thread Chris Buxton
On Jun 18, 2009, at 9:10 AM, Joseph S D Yao wrote: On Thu, Jun 18, 2009 at 07:50:49AM -0700, Chris Buxton wrote: ... Yes. Once a zone is dynamic, you're no longer allowed to edit the zone file directly (unless you make it static again, for example by use of ... For which reason, of course

Re: Zone transfer failing

2009-06-24 Thread Chris Buxton
and prevent it from gong deaf. I could be wrong, but I seem to recall that we've seen this on other operating systems as well, although the lion's share of reports have been with Mac OS X. Chris Buxton Professional Services Men Mice ___ bind-users

Re: Zone transfer failing

2009-06-24 Thread Chris Buxton
On Jun 24, 2009, at 1:54 AM, Scott Haneda wrote: On Jun 23, 2009, at 11:57 PM, Chris Buxton wrote: On Jun 23, 2009, at 3:16 PM, Scott Haneda wrote: Good observation. This is a long standing issue that I assumed was solved. Named on OS X will go deaf on port 53 tcp for some reason. I just

Re: Zone transfer failing

2009-06-25 Thread Chris Buxton
On Jun 24, 2009, at 4:39 PM, Mark Andrews wrote: In message dc7c615c-b326-461a-9257-65cd3ba06...@menandmice.com, Chris Buxton writes: On Jun 24, 2009, at 1:54 AM, Scott Haneda wrote: On Jun 23, 2009, at 11:57 PM, Chris Buxton wrote: On Jun 23, 2009, at 3:16 PM, Scott Haneda wrote: Good

Re: Zone transfer failing

2009-06-25 Thread Chris Buxton
On Jun 25, 2009, at 11:05 AM, Scott Haneda wrote: On Jun 23, 2009, at 11:57 PM, Chris Buxton wrote: No, we have not. However, it appears to be related to the port being idle for some time. Servers that use their TCP port more frequently, usually due to having lots of zone updates that need

Re: Bind 9.6.1: skipping zone transfer, but why ?

2009-07-14 Thread Chris Buxton
, when the port is not used for a while, it looks like the OS shuts down the listener without telling the service. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo

Re: DNSSEC-deployment

2009-07-14 Thread Chris Buxton
by the experts on the above. Thanks in advance. That's bunk. Every domain should be working toward DNSSEC implementation, regardless of size. Read Alan Clegg's DNSSEC in 6 minutes paper. Chris Buxton Professional Services Men Mice ___ bind-users

Re: 9.6.1-P1 zone parser false errors

2009-10-30 Thread Chris Buxton
to being A records? Of course, the l.google.com zone is different depending on where you are in the world, so it's conceivable that these values are different where you are than where I am. Chris Buxton Professional Services Men Mice On Oct 30, 2009, at 8:15 AM, Len Conrad wrote: uname

Re: 9.6.1-P1 zone parser false errors

2009-10-30 Thread Chris Buxton
On Oct 30, 2009, at 2:53 PM, Len Conrad wrote: -- Original Message -- From: Chris Buxton cbux...@menandmice.com Date: Fri, 30 Oct 2009 14:13:31 -0700 I'm unable to reproduce this error. Could it be that, for a brief time, those names were CNAME'd

Re: confused wiht the full resolver and stub resolver

2009-11-16 Thread Chris Buxton
are quite possible, including removing the stub resolver entirely. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Match-Clients not working in DNS

2009-11-16 Thread Chris Buxton
resolve the dns queries. Can anyone please help me If you want detailed help, please post your named.conf, what you wanted to have happen, and what's happening instead. I don't see any mention of views in your request. Match-clients only makes sense inside a view statement. Chris Buxton

Re: confused wiht the full resolver and stub resolver

2009-11-17 Thread Chris Buxton
that wire format is the binary format used in the UDP packet. Struct format probably relates to the return value of the stub resolver library functions. Chris Buxton Professional Services Men Mice Best regards! 2009/11/17 Chris Buxton cbux...@menandmice.com On Nov 15, 2009, at 11:35 PM

Re: Split view logging?

2009-11-17 Thread Chris Buxton
. The logging statement, like the options statement, is a singleton statement type. You would have to stand up separate instances of named, with separate configs, to achieve your goal. Chris Buxton Professional Services Men Mice ___ bind-users

Re: BIND Secondaries of MS AD Integrated Zones

2009-11-17 Thread Chris Buxton
-listed master, it will request a full zone transfer rather than an IXFR. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND Secondaries of MS AD Integrated Zones

2009-11-17 Thread Chris Buxton
. I thought it was intended to permit a DR primary master, with radically different data, to take over in the event of a failure of the main primary master. My mistake, I guess. How would one handle switchover to a DR primary master? 'rndc retransfer' on all slaves? Chris Buxton Professional

Re: BIND does not listen at all when the interface is temporarily down (only with IPv6)

2009-11-18 Thread Chris Buxton
listen-on-v6 list, instead of specific interfaces, it will listen on the wildcard interface. This way, it will start listening right away when the interface comes up. This is different than for the IPv4 stack. Chris Buxton Professional Services Men Mice

Re: Forwarding updates between views

2009-11-22 Thread Chris Buxton
-forwarding { local-networks; }; }; Then in the external-in view, change allow-update to: allow-update { ::1; }; Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman

Re: Forwarding updates between views

2009-11-23 Thread Chris Buxton
On Nov 22, 2009, at 7:23 PM, Chris Hills wrote: On 22/11/09 21:01, Chris Buxton wrote: Change the zone from type forward to type slave, and add allow-update-forwarding. zone dyn.example.com. { type slave; masters { ::1; }; allow-update-forwarding { local-networks

Re: zone vs domain

2009-11-30 Thread Chris Buxton
by an administrative cut) from its parent, com., although it is still a member of the com. domain. Is it clear yet? Chris Buxton Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Using a different domain name as the DNS server for a domain

2009-12-01 Thread Chris Buxton
. IN NS ns0.c.is. As for reverse records, these are indexed by the IP address, not be the domain name on the right hand side. Your PTR records will go in the reverse zone you already have. Chris Buxton Professional Services Men Mice On Dec 1, 2009, at 9:11 AM, Kaya Saman wrote

Re: Using a different domain name as the DNS server for a domain

2009-12-01 Thread Chris Buxton
Yes, remove the A records for the name servers. They shouldn't be here - they belong in the zone named optiplex-networks.com. Also, the last line of your zone looks quite odd. You should never have an IP address on the left side of a DNS record. Chris Buxton Professional Services Men Mice

Re: Parent is a CNAME

2009-12-01 Thread Chris Buxton
, and then have the currently active router referenced as simply gw. The solution used involved an alias name that had three children. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org

Re: parent dns answers the ARR of child dns

2009-12-03 Thread Chris Buxton
: www.smartip.gduf.edu.cn. 30 IN A 121.8.235.88 ;; AUTHORITY SECTION: smartip.gduf.edu.cn.3600IN NS dtone1.gduf.edu.cn. ;; Query time: 396 msec ;; SERVER: 218.192.12.233#53(218.192.12.233) ;; WHEN: Thu Dec 3 08:44:17 2009 ;; MSG SIZE rcvd: 78 Chris Buxton Professional

Re: Disable Refused answer

2009-12-03 Thread Chris Buxton
is, if someone sends a recursive query for your authoritative zone data from an unauthorized IP, the query will be dropped. But this will probably only happen in testing with dig or nslookup, and it can be worked around (by the user) by turning off the RD flag in the request. Chris Buxton Professional

Re: Disable Refused answer

2009-12-03 Thread Chris Buxton
On Dec 3, 2009, at 10:16 AM, Kevin Darcy wrote: Chris Buxton wrote: On Dec 2, 2009, at 6:40 AM, Dmitry Rybin wrote: Hello! I can't find in docs how disable answer (Refused), if recursion for IP is not allowed? Something like this should work: _ view

Re: Punycode nslookup

2009-12-04 Thread Chris Buxton
it) to puny code and ask the default nameserver for the domainname in punycode The browser has to understand IDN. Most current browsers do, including (I believe) IE 7 and later, Firefox 2 and later, and Safari 3 and later. Chris Buxton Professional Services Men Mice

Re: Punycode nslookup

2009-12-06 Thread Chris Buxton
know of any other operating system stub resolver that does this. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Punycode nslookup

2009-12-06 Thread Chris Buxton
On Dec 5, 2009, at 6:34 AM, JFC Morfin wrote: Chris Buxton cbux...@menandmice.com 4 décembre 2009 20:29 The reason IDN support in the BIND query tools (dig, host, nslookup) is not the default is because it relies on a 3rd party library, which must be installed and configured by the package

Re: Bind slave to Windows 2008 AD/DNS

2009-12-08 Thread Chris Buxton
are not separated into their own individual zones. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Signing with the KSK and ZSK

2009-12-08 Thread Chris Buxton
the ZSK with KSK first,and then sign the zone files with zsk,so how can i do? Why do you want to sign with one key at a time? The default behavior is to sign just the dnskey RRSet with the KSK, and to sign the whole zone with the ZSK, all in one go. Chris Buxton Professional Services Men Mice

Re: managed-keys.bind's directory problem

2009-12-14 Thread Chris Buxton
anything that should not be writable in or under the working directory. Start using absolute paths instead of just filenames. The options { directory ; }; statement specifies named's working directory (its 'cwd'), not the location of the configuration directory. Chris Buxton Professional Services

Re: managed-keys.bind's directory problem

2009-12-14 Thread Chris Buxton
On Dec 14, 2009, at 6:28 PM, Doug Barton wrote: Chris Buxton wrote: The options { directory ; }; statement specifies named's working directory (its 'cwd'), not the location of the configuration directory. I continue to assert that both the code and long custom say that it specifies both

Re: Delegating in reverse lookup zones

2009-12-15 Thread Chris Buxton
On Dec 15, 2009, at 11:42 AM, Barry Margolin wrote: In article mailman.1304.1260905564.14796.bind-us...@lists.isc.org, Chris Buxton cbux...@menandmice.com wrote: It's not a valid delegation unless you control the parent zone. ARIN is delegating the /24 reverse zone to you. You therefore

Re: blockhole'd IP receiving referral?

2009-12-18 Thread Chris Buxton
to the receiving of queries. I believe you will need to settle for allow-query instead of blackhole. Something like this: options { allow-query { mynets; }; }; Again, I could be wrong, but I don't think allow-recursion is needed in this case. Chris Buxton Professional Services Men Mice

Re: Delegating

2009-12-23 Thread Chris Buxton
line and possibly change the filename and path. You probably don't want to change anything else in the example above. Think of a stub zone, used this way, as conceptually similar to a root hints zone, except for some domain other than the root. Chris Buxton Professional Services Men Mice

Re: Remove/add [A] records based upon server availability

2009-12-27 Thread Chris Buxton
to minimize the use. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Logging problems on Bind9

2010-01-11 Thread Chris Buxton
You're seeing a message from SELinux. Turn it off, or set it to permissive mode, to allow this to work. Or you can try to add the necessary permission to the profile for named; this is not something I've ever done, so I can't give guidance. Chris Buxton On Jan 11, 2010, at 3:24 AM, Autuori

Re: bindvrs Vulnerability

2010-01-12 Thread Chris Buxton
On Jan 11, 2010, at 11:26 PM, Balanagaraju Munukutla wrote: Hi How to Disable the BIND version query feature in BIND 9.2.1. This is a bindvrs Vulnerability. This is not a vulnerability, it's a feature. The vulnerability relates to running BIND 9.2.1 - there are several very serious

Re: search directive in resolv.conf - only 2 domains searched

2010-01-14 Thread Chris Buxton
of the behavior of the stub resolver. Can you demonstrate the problem with a method that actually sends a request to the stub resolver, such as 'ping server1'? Chris Buxton srs-e1-swartzb(~)-uname -a SunOS srs-e1 5.9 Generic_122300-39 sun4u sparc SUNW,Sun-Fire-480R srs-e1-swartzb(~)- more /etc

  1   2   3   4   >