Re: Secondary and TLD not updating

2008-11-17 Thread Kevin Darcy
Res wrote: On Mon, 17 Nov 2008, Jefferson Ogata wrote: On 2008-11-17 14:25, Holger Honert wrote: Chris Thompson schrieb: On Nov 17 2008, Res wrote: Ack! allow-transfer should never be any What, never? Why not? Security issue! You really want everyone to download your zone(s)? I

Re: logging query results

2008-12-02 Thread Kevin Darcy
on a totally separate box on the same segment/subnet/VLAN... - Kevin I hope it is also part of BIND's roadmap, querylog optimization. fyi on that.. --- On Wed, 12/3/08, Kevin Darcy [EMAIL PROTECTED

Re: Binding DNS server to a particular IP address

2008-12-03 Thread Kevin Darcy
Not really. The server statement modifies how named talks to other nameservers, it doesn't affect what addresses are listened on. - Kevin Jonathan Petersson wrote: Shouldn't the server

Re: check Availability before sending response

2008-12-03 Thread Kevin Darcy
Ken DBA wrote: Hello, Is there any way to make Bind check the server's availability before send back responses to clients? ie, given the domain name www.site.com was pointed to 1.1.1.1 and 2.2.2.2 in Bind. When a client query for www.site.com, Bind will check the health status for these two

Re: how to archieve this?

2008-12-04 Thread Kevin Darcy
If you have money to spend, just buy a commercial load-balancing solution. - Kevin Ken DBA wrote: Or, does Bind developer group provide commercial development for this purpose? We can pay for it. --- On Fri, 12/5/08, Chris Buxton [EMAIL PROTECTED] wrote: From: Chris Buxton [EMAIL

Re: Round robin DNS and only one record?

2008-12-09 Thread Kevin Darcy
Dustin Lovell wrote: Certain browsers hitting our web application don't like having two A-records handed to them (I'm still in the process of figuring out why), Yeah, you really need to dig into that further, since we have *hundreds* of multi-A-record names, and we've never run into any

Re: Is it possible to set a ddns hostname to access a name-based virtual host?

2009-02-20 Thread Kevin Darcy
Hongyi Zhao wrote: Hi all, Suppose a file named file.pdf stored in the following web location: http://some_domain/path/to/file.pdf Where, the *some_domain* is a name-based virtual host. In this case, is it possible to set a ddns hostname, say through http://www.changeip.net/, without

Re: Exiting due to early fatal error

2009-02-20 Thread Kevin Darcy
Lars Hecking wrote: BIND 9.4.3-P1, Solaris 8 I'm trying to get a chroot setup to work following the instructions here http://www.boran.com/security/sp/bind9_20010430.html # /usr/sbin/named -g -t /var/named/chroot 17-Feb-2009 12:05:56.789 starting BIND 9.4.3-P1 -g -t /var/named/chroot

Re: Hostname Naming Compliance

2009-02-26 Thread Kevin Darcy
Matus UHLAR - fantomas wrote: Mark Andrews wrote: When does it stop? What will be the next character you just have to have? At the moment you have 1 inter label seperator and 1 intra label seperator. That should be enough for anyone. On 25.02.09

Re: how to create a private test. zone?

2009-03-03 Thread Kevin Darcy
Rui Lopes wrote: Mark Andrews wrote: Mark Andrews writes: In message 49ac5d59.1010...@ruilopes.com, Rui Lopes writes: Hi, Ben Bridges wrote: [...] You could try creating example.test as a forward zone in named.conf on your sun server and specifying

Re: BIND 9 and BIND 8 issue

2009-03-03 Thread Kevin Darcy
hangan.org.tw is delegated to www.hangan.org.tw and mail.hangan.org.tw, the glue records that are provided resolve both of those names to the address 211.21.92.25. I believe BIND 8 considers a glue record to be good enough to serve as an answer, so it returns the glue record. BIND 9, however,

Re: $generate lhs problem. Manual needs to be updated.

2009-03-04 Thread Kevin Darcy
Jeremy, I don't think the definitions of rhs and lhs are at issue. What apparently led the original poster to the wrong solution initially was the verbiage in the manual stating Any single *$* symbols within the *lhs* side are replaced by the iterator value, which implies that $ replacement

Re: $generate lhs problem. Manual needs to be updated.

2009-03-04 Thread Kevin Darcy
Mark Andrews wrote: In message 49af42f8.9070...@chrysler.com, Kevin Darcy writes: Jeremy, I don't think the definitions of rhs and lhs are at issue. What apparently led the original poster to the wrong solution initially was the verbiage in the manual stating Any single *$* symbols within

Re: Hostname Naming Compliance

2009-03-06 Thread Kevin Darcy
Danny Mayer wrote: Kevin Darcy wrote: But, as far as I can tell, there's no *practical* reason to disallow underscores, other than the fact that it may trip the standards-checking code of some _other_ piece of software. So, piece of software A disallows underscores because it's worried

Re: BIND logging

2009-03-06 Thread Kevin Darcy
simian wrote: Morning, I'm busy learning a bit more about DNS/BIND, but I seem to have run into a problem. My server does not seem to propogate, so my questions are: Where does BIND log it's errors to? I see some named entries in my syslog, is it the only place it logs to? If so, can I

Re: Peaceful coexistence with Windows domain

2009-03-12 Thread Kevin Darcy
Peter Laws wrote: Our environment includes a couple of AD servers. They serve DNS to PCs using AD (but not all PCs). They allow DDNS for clients and slave the rest of our environment's zones. For some reason, they *forward* every other query to us, but never mind that. Look it up your own damn

Re: Complete OMAPI control

2009-03-13 Thread Kevin Darcy
Try a DHCP list perhaps? - Kevin Sam Hayes Merritt, III wrote: As I understand it, leases cannot currently be created or destroyed via OMAPI, nor can they be set to reserved. Is their a time line of when this may come available? The ability to control leases completely through Omapi

Re: local caching nameserver

2009-03-19 Thread Kevin Darcy
Hmmm... I don't understand. You say the box is not connected, yet you're running a reporting script that presumably is looking up Internet names/addresses and trying to resolve them (?). It needs access -- either directly or indirectly via forwarding -- to the Internet DNS in order to do that.

Re: local caching nameserver

2009-03-19 Thread Kevin Darcy
Chris wrote: On Thu, 2009-03-19 at 21:18 -0500, Kevin Darcy wrote: Hmmm... I don't understand. You say the box is not connected, yet you're running a reporting script that presumably is looking up Internet names/addresses and trying to resolve them (?). It needs access -- either directly

Re: Server names for query

2009-03-23 Thread Kevin Darcy
Casey Deccio wrote: RFC 1035 [1] (page 44) describes the use of a list of server names (SLIST) to query for a particular name. It is unclear to me from the RFC as to whether the server is selected by address or by name. In other words, all history (e.g., batting average and response time)

Re: Server names for query

2009-03-23 Thread Kevin Darcy
Casey Deccio wrote: On Mon, Mar 23, 2009 at 3:20 PM, Kevin Darcy k...@chrysler.com wrote: For the *initial* NS query, I believe BIND will resolve those names down to a flat set of addresses, all of which have equal chance of being tried, so, yes, if a given NS name resolves to more addresses

Re: using bind for blacklist of domains

2009-03-24 Thread Kevin Darcy
dhottin...@harrisonburg.k12.va.us wrote: Quoting Kevin Darcy k...@chrysler.com: dhottin...@harrisonburg.k12.va.us wrote: Quoting Doug McIntyre mer...@dork.geeks.org: In comp.protocols.dns.bind you write: Has anyone used their internal dns server for blacklisting? I would like

Re: multi-named instance exist?

2009-03-25 Thread Kevin Darcy
If named is invoked successfully on startup, then the contents of the PID file will be overwritten with the new PID value. If named *isn't* invoked successfully on startup, then that's a separate error condition that should be detected and dealt with, within the whole startup subsystem. The

Re: Max. Number of char in a TXT Record

2009-03-26 Thread Kevin Darcy
Darvin Denmian wrote: Hello, I have some questions: 1) Anybody know the maximum number of characters allowed in a TXT field? A simple question, but a complicated answer. You may have multiple strings in a single TXT record. Each string may be up to 255 characters in length, with a length

Re: config for views

2009-03-26 Thread Kevin Darcy
dev_n...@zoho.com wrote: Hello, I want to config a named for two networks, using the view. for example, neta is for internal users, netb is for any other users. I got the named.conf below, do you have any suggestion on it? thanks. options { directory /usr/local/bind; recursion no;

Re: update with no effect

2009-03-30 Thread Kevin Darcy
Lars Hecking wrote: I have started seeing these entries in named.log: 29-Mar-2009 05:02:35.467 general: warning: update with no effect 29-Mar-2009 05:02:35.468 general: warning: update with no effect 29-Mar-2009 05:02:35.469 general: warning: update with no effect 29-Mar-2009 05:02:35.470

Re: Minor query (cache) denied Logging Bug?

2009-04-01 Thread Kevin Darcy
bsfin...@anl.gov wrote: I have a name server that is authoritative for the zone tlh.fl.us. In that zone is a record freenet.tlh.fl.us. IN CNAME tfn.net. My server is not authoritative for tfn.net. Some external client sends a request: What is the MX for

Re: name server zone list

2009-04-03 Thread Kevin Darcy
I use PTR instead of TXT records for this, since PTRs can benefit from label compression. - Kevin John Wobus wrote: Besides all the methods discussed, you could invent your own zone that has this data in a format of your choosing., e.g. example.com.myzones.example.com TXT example.com

Re: C/C++ version Load balancer DNS

2009-04-03 Thread Kevin Darcy
MSP wrote: On Apr 3, 4:11 pm, Chris Buxton cbux...@menandmice.com wrote: Using DNS, I want to do load balancing of client requests among my available servers dynamically. In realtime requirements, any/many servers among the configured me be down or overloaded. I want to have control

Re: Regexp to match RR's

2009-04-08 Thread Kevin Darcy
Jonathan Petersson wrote: Hi all, I got some time over so I decide to hack a bit on a DNS management tool for my home-server. I'm curious as to wether someone knows of a list of regexps that can be used to match RR's. I'm not sure why a DNS management tool would be in the business of

Re: Regexp to match RR's

2009-04-08 Thread Kevin Darcy
Chris Buxton wrote: On Apr 8, 2009, at 3:09 PM, Kevin Darcy wrote: Jonathan Petersson wrote: Hi all, I got some time over so I decide to hack a bit on a DNS management tool for my home-server. I'm curious as to wether someone knows of a list of regexps that can be used to match RR's. I'm

Re: Necessity of DNSSEC Lookaside Validation(DLV)

2009-04-09 Thread Kevin Darcy
Chandan, Are you more interested in marking off bullet points on some security compliance checklist, or actual, practical, real-world security? Just wondering... - Kevin

Re: MX records for dynamic IP?

2009-04-16 Thread Kevin Darcy
Michelle Konzack wrote: Hello *, I have a ZONE like [ code 'dig @ns1.xxx.com www.tamay-dogan.net ALL' ] ; DiG 9.5.1-P1 @ns1.xxx.com www.tamay-dogan.net ALL ; (1 server found) ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR,

Re: Zone transfers with views

2009-04-30 Thread Kevin Darcy
Stephen Carville wrote: I am trying to create three DNS slave servers with views for internal an external IP's. Each has an address in the DMZ and the firewall (actually a CSS) routes requests from the external IP's to the internal addresses. The correspondence is one-to-one: external.1 --

Re: Windows multiple DNS entries

2009-05-01 Thread Kevin Darcy
Vineesh Viswanath Iyer wrote: Hi all I have got dhcp setup on a cisco switch . When a new machine is switched on , it get's a dhcp address and registers in the dns , this works fine , but when the lease expires , or if for some reason if the same machine get's a new ip address, the DNS is

Re: Lookup of delegation NS records

2009-05-01 Thread Kevin Darcy
Cherney John-CJC030 wrote: Is there a way to do this if delegating nameserver is the nameserver for both the parent and child domain? I have a master and a slave and both need to not only be nameservers for the parent and the child, but both should also be delegated nameservers from the parent

Re: Mass update of TTL and serial

2009-05-04 Thread Kevin Darcy
Next stage of evolution = Dynamic Update. Never have to futz with bumping serial numbers ever again. - Kevin Bradley Giesbrecht wrote: You may find named-compilezone useful to get your zone files in a consistent format before performing your mass update. //Brad On May 2, 2009, at 3:39 PM,

Re: looking for reference to correct behavior

2009-05-11 Thread Kevin Darcy
The resolver algorithm in RFC 1034, Section 5.3.3, states 1. See if the answer is in local information, and if so return it to the client. and is further detailed as Step 1 searches the cache for the desired data. If the data is in the cache, it is assumed to be good

Re: Regexp issue in NAPTR rewrite

2009-05-12 Thread Kevin Darcy
I don't claim to be competent with NAPTR records -- having never used them in production -- but from the RFC (2915), it appears you need to express those backslashes, in the wire format of the NAPTR record, as *double* backslashes in the zone file: For the case of the cid.urn.arpa record

Re: could not mark server as lame: out of memory Errors

2009-05-12 Thread Kevin Darcy
I would just treat this as a generic out of memory issue that just happens to be triggered by named's attempt to mark servers as lame. If you don't have any datasize specified in your options, check to see if the OS is limiting your datasize before named is even starting up (e.g. via a limit

Re: Cannot Delete Glue record

2009-05-13 Thread Kevin Darcy
Luke Hopkins wrote: I have a glue (nameserver host) record which hasn't been used in years and I want to delete it (and ultimately re-use the name). Attempting a delete through UKreg (Fasthosts) gives me this: Error: NameServerHosts Delete (Nameserver deletion failed at registry: 420 Object

Re: How to configure a webhop with BIND?

2009-06-01 Thread Kevin Darcy
Saša Stupar wrote: Hi! I use BIND as a local DNS server for 200 users. Now I am in situation that I need to use a webhop since I need to change listening port on apache to other than 80 ( I have another application which need to use only port 80). How do I configure webhop for my eg.

Re: How bind works

2009-06-02 Thread Kevin Darcy
Eduardo Júnior wrote: Hi, I read about Bind which it works as follow (in general words): query - named - named.conf - files zones Is it possible create many named.conf, one per thread with the objetive of to reduce queue's lenght of querys. For example: named.a-e.conf named.f-m.conf

Re: Problem with .org domain resolution

2009-06-03 Thread Kevin Darcy
Since .org was recently DNSSEC-signed (http://www.afilias.info/afilias+signs+org+zone), my guess would be that you have a firewall, an intrusion-prevention device, or somesuch, that is dropping the packets because it doesn't understand the DNSSEC records contained in them.

Re: Problem with .org domain resolution

2009-06-03 Thread Kevin Darcy
. - Kevin Kevin Darcy wrote: Since .org was recently DNSSEC-signed (http://www.afilias.info/afilias+signs+org+zone), my guess would be that you have a firewall, an intrusion-prevention device, or somesuch, that is dropping the packets

Re: Dynamic DNS and Slave Servers

2009-06-18 Thread Kevin Darcy
Joseph S D Yao wrote: On Thu, Jun 18, 2009 at 07:50:49AM -0700, Chris Buxton wrote: ... Yes. Once a zone is dynamic, you're no longer allowed to edit the zone file directly (unless you make it static again, for example by use of ... For which reason, of course, dynamic data should

Re: Dynamic DNS and Slave Servers

2009-06-18 Thread Kevin Darcy
All subzones are subdomains. But a subdomain isn't a subzone unless it's delegated from the parent zone. Also, subzones have zone definitions in named.conf. Undelegated subdomains do not. - Kevin Gregory Hicks wrote: Date: Thu, 18 Jun 2009 12:41:04 -0400 From: Kevin Darcy k...@chrysler.com

Re: Dynamic DNS and Slave Servers

2009-06-18 Thread Kevin Darcy
Kevin Darcy wrote: All subzones are subdomains. But a subdomain isn't a subzone unless it's delegated from the parent zone. Actually, it is possible to have an undelegated (sub)zone, but not considered a good practice, because then you have to explicitly define that zone on all nameservers

Re: Missing Reverse DNS Parent Zones

2009-06-25 Thread Kevin Darcy
Raymond Popowich wrote: Hello, One of the reverse DNS zones that I am responsible for is 95.69.in-addr.arpa. I have never created parent zones for any of them. I create individual zones for each /24 within them. For example, I don't have a 95.69.in-addr.arpa, but I do have

Re: Options for timeout in Bind/DNS

2009-07-01 Thread Kevin Darcy
TPZ wrote: Are there any options for Bind to configure timeout for DNS requests? Short answer: not as far as I know. Hopefully you understand that it's the DNS clients, and not BIND itself, that implement the main timeout/retry strategy for a DNS query transaction. Send a request, if it

Re: rDNS Round-Robin

2009-07-06 Thread Kevin Darcy
Bryan Irvine wrote: Other than to really annoy me; is there a valid reason for rr rDNS? Once upon a time, BIND specifically *disabled* round-robin behavior for non-address (A/) record types. PTR RRsets, among other types, were always given in a fixed order. But, I just tried a quick

Re: dns zone delegation

2009-07-06 Thread Kevin Darcy
Michael Milligan wrote: Mark Andrews wrote: In message 4a4dd8a6.70...@bluewin.ch, Martin.Wismer. writes: Hello Mark, Hello Jittinan, thank you for informing us/me, that bluewin.ch shod do some improovements in our dns-settings. Yes, the bluewin.ch is on 4 dns-bind-Server's, but

Re: Unable to perform zone transfers

2009-07-07 Thread Kevin Darcy
Elias wrote: Hi all, I'm having troubles getting a particular zone transferred over to our nameserver but can manually dig for it. After trying a couple of things out, I noticed that it didn't work because they had the parent iskl.edu.my and the subdmain lc.iskl.edu.my in the same zone. I

Re: Truncated, retrying in TCP on Reverse lookup

2009-07-09 Thread Kevin Darcy
The SERVFAIL/timeout is probably because the original poster's firewall is misconfigured and doesn't allow TCP DNS transactions. - Kevin

Re: A smarter stub resolver??

2009-07-20 Thread Kevin Darcy
Rather than applying lipstick to the pig, why not run a local caching-only resolver? Move up and out of the stub-ville slums. A local instance of named doesn't take up that much server resources (disk, memory, CPU), and pays you back by *not*, as a stub resolver does, using network resources,

Re: A simple question, please help

2009-07-20 Thread Kevin Darcy
Ken Lai wrote: Scott Haneda wrote: 99% of the time openDNS works by just pointing some agent to their ip space. That 1% of the time, openDNS tries to make DNS responses that are modified in a way to try to help you. Maybe this is your issue? Googl.com being common enough they elect to

Re: A smarter stub resolver??

2009-07-20 Thread Kevin Darcy
Todd Snyder wrote: The problem with this approach is when you are running a couple thousand servers - suddenly, you are running a couple thousand more instances of BIND that need monitoring/patching/care/feeding. A more clever resolver, or a simpler caching setup locally would be ideal.

Re: rDNS Round-Robin

2009-07-22 Thread Kevin Darcy
Matus UHLAR - fantomas wrote: On Wed, Jul 8, 2009 at 5:08 PM, Mark Andrewsma...@isc.org wrote: RRsets are unordered. Software and configurations should be prepared for this. Where ordering is required it is built into the RR type. Mark On 14.07.09

Re: mixing internal and internet dns namespace

2009-07-22 Thread Kevin Darcy
vincent.blon...@ing.be wrote: hello, little question .. maybe some of you already get this kind of set-up ? we get in our belgian division some dns resolvers configured to use our internal dns root servers. Most of the internal dns system but not all is under the tld intranet. and

Re: Creating a CNAME to another domain.

2009-07-28 Thread Kevin Darcy
Ezra Taylor wrote: Hello All: How can I create a CNAME that points to another domain. Example below. Is the below example possible? stars.mydomain.com http://stars.mydomain.com INCNAME stars.otherdomain.com http://stars.otherdomain.com. If stars.mydomain.com

Re: Moving an AD Zone from Windows to BIND

2009-07-28 Thread Kevin Darcy
Raul Lopez Nevot wrote: What I need is a procedure that I can use to move the base zone xxx.yyy.example.com http://xxx.yyy.example.com to BIND, while keeping the six AD zones on the Windows DNS Server. If I were to define the six AD zones on the Windows DNS Server, I

Re: Is my slave DNS working right?

2009-07-29 Thread Kevin Darcy
The +trace option *forces* dig to step through each level of the hierarchy. Therefore it's not a good way of testing any kind of override of the normal iterative-resolution process.

Re: Creating a CNAME to another domain.

2009-07-29 Thread Kevin Darcy
Danny Mayer wrote: Kevin Darcy wrote: Ezra Taylor wrote: Hello All: How can I create a CNAME that points to another domain. Example below. Is the below example possible? stars.mydomain.com http://stars.mydomain.com INCNAME stars.otherdomain.com http

Re: Questions: BIND Dynamic Update DoS

2009-08-04 Thread Kevin Darcy
If you're running BIND 8 you're probably rooted anyway, a DoS just puts the nameserver out of its misery. - Kevin MontyRee wrote: The dynamic update vulnerability affects all BIND 9 versions, but what about BIND 8? Is it not affected or not tested? As I know, there is no effect at

Re: Problem with caching domain

2009-08-06 Thread Kevin Darcy
Yes, ns1.geap.com.br and ns2.geap.com.br are both CNAMEs. Pointing NS records at CNAMEs is not only illegal, but causes real problems, as you can see. - Kevin Breno Silveira

Re: A very basic question...

2009-08-10 Thread Kevin Darcy
E Johnson wrote: From what I have read so far, I can see that this might be a very flame-worthy question, so please don't hurt me, I'm just a beginner... I have read every howto that I can find on setting up a DNS server for a very small, 12 seats, network. The DNS server just needs to be

Re: problems in forwarding

2009-08-11 Thread Kevin Darcy
That's not what SERVFAIL is for. You need a different architecture. If you want to resolve both internal and external names, then you need a version of the zone that has *both* sets of names in it. Your architecture should be built around that concept.

Re: Recursive Query.

2009-08-11 Thread Kevin Darcy
Regards Kalpesh On Tue, Aug 11, 2009 at 10:30 PM, Kevin Darcy k...@chrysler.com mailto:k...@chrysler.com wrote: #53 designates *port* 53. Nothing unusual about that. To me, this looks more like a kernel issue-- EDESTADDRREQ is what you get if you try to send data via

Re: Internal whois server

2009-08-12 Thread Kevin Darcy
Jonathan Petersson wrote: Hi all, This is probably somewhat of an un-legit way of using whois but I'm curious as to whether it would be possible to install an internal whois server that responds with the appropriate prefix-data upon request for internal ip-numbers/domains while forwarding

Re: PTR not working...

2009-08-13 Thread Kevin Darcy
. - Kevin -Message d'origine- De : bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] De la part de Kevin Darcy Envoyé : 6 août 2009 16:06 À : bind-users@lists.isc.org

Re: hardware requirements per hits

2009-08-17 Thread Kevin Darcy
And this is why we try to keep beancounters away from the technical folks... There are just so many variables here. Are all the clients looking up essentially the *same* names? Or are the new clients looking up *different* names than the old ones? This has an impact on cache hit ratio, which

Re: lookup cnames

2009-08-20 Thread Kevin Darcy
James M wrote: [r...@mandy4 ccadns]# rpm -qa|grep bind bind-utils-9.3.2-7.4.20060mlcs4 bind-9.3.2-7.4.20060mlcs4 I've tried but cannot find an option to return cname records for a given host. I did find dig and host command options that allows entering a cname with the result being the host

Re: Bind 9.6.1-P1 ignoring listen-on directive

2009-09-09 Thread Kevin Darcy
Syntax. The parser is matching on localhost before it sees the negated elements. - Kevin John Center wrote: Hi, I'm testing Bind 9.6.1-P1 on Solaris 10 SPARC (64bit/Sun Studio 12.1) I noticed this in the logs: Sep 9 13:15:31 ns3a/ns3a named[23042]: [ID 873579 daemon.info] listening on

Re: Modified a zone, so when it becomes available?

2009-09-15 Thread Kevin Darcy
Udo Zumdick wrote: One other way I know is to use Dynamic DNS, but it is more complicated and (in my opinion) also sort of unsecure. Isn't that kind of like saying modifying a file is sort of unsecure? You don't let random people modify your files without proper

Re: Need help on delegation to subdomain/external servers

2009-09-16 Thread Kevin Darcy
RUOFF LARS wrote: Hi, i'm using BIND9 on an Ubuntu-8.10-server. I'd like to configure the following: For a given name (eg. vega.lab.ts), I'd like to forward the request to two external DNS servers, *simultaneously*, and respond with the first response that i get. Is this possible? Short

Re: Need help on delegation to subdomain/external servers

2009-09-17 Thread Kevin Darcy
RUOFF LARS wrote: Hello, Thanks for your detailed answer. I think I don't have enough DNS knowledge to understand every bit of it, but I'll try to clarify. [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Kevin Darcy: RUOFF LARS wrote: Hi, i'm using BIND9 on an Ubuntu-8.10

Re: Need help on delegation to subdomain/external servers

2009-09-17 Thread Kevin Darcy
RUOFF LARS wrote: [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Kevin Darcy BTW, at the moment I am experimenting a solution usign a forward zone: zone dummy.ts IN { type forward; forward only; forwarders { 172.25.32.171; 192.168.2.3; }; }; It seems

Re: Need help on delegation to subdomain/external servers

2009-09-21 Thread Kevin Darcy
will get. -- -Ben Croswell On Thu, Sep 17, 2009 at 12:27 PM, Kevin Darcy k...@chrysler.com mailto:k...@chrysler.com wrote: RUOFF LARS wrote: [mailto:bind-users-boun...@lists.isc.org mailto:bind-users-boun...@lists.isc.org] On Behalf

Re: problem with bind book example

2009-09-24 Thread Kevin Darcy
Linda W wrote: I was trying to auto load the root hints file on a cron job. In the bind 4th ed. book, p 157, there's and example to use dig to create a a file it calls db.cache Specifically, the example is $ dig @a.root-servers.net . ns db.cache I wouldn't cron that _as_is_. You should

Re: SERVFAIL on Dig DKIM Record

2009-09-24 Thread Kevin Darcy
pdns1.ultradns.net is returning the SERVFAIL: $ dig bh._domainkey.edweek.org any @pdns1.ultradns.net ; DiG 9.3.0 bh._domainkey.edweek.org any @pdns1.ultradns.net ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 384 ;; flags: qr rd; QUERY: 1, ANSWER:

Re: SERVFAIL on Dig DKIM Record

2009-09-24 Thread Kevin Darcy
doing this and getting the SERVFAIL: dig @dns1.irides.com http://dns1.irides.com bh._domainkey.edweek.org http://domainkey.edweek.org NS On Thu, Sep 24, 2009 at 12:14 PM, Kevin Darcy k...@chrysler.com mailto:k...@chrysler.com wrote: pdns1.ultradns.net http://pdns1.ultradns.net

Re: DNSSEC

2009-09-29 Thread Kevin Darcy
Paul Wouters wrote: On Tue, 29 Sep 2009, Chris Thompson wrote: What I would like to see is for more reverse zones to go away, by use of the scheme I describe in http://people.pwf.cam.ac.uk/cet1/prune-reverse-zones I don't see how moving the reverse into a special forward zone decreases

Re: FW: Blocking top level domain

2009-09-30 Thread Kevin Darcy
Define block. Return query refused? Return name does not exist? Return a wildcard entry pointing to a helpful web page, explaining why you don't like Chinese domains? Whatever you're trying to do, it's probably better done in a proxy, than in DNS.

Re: DNS Server

2009-10-07 Thread Kevin Darcy
Agarwal Vivek-RNGB36 wrote: Hi All Im using a BIND 9.3. I have been asked to block the responses from some of the DNS Servers in the internet. Is there any way how can I do that It's not clear what you're trying to do. Block *responses*? So, you're going to send these nameservers queries,

Re: Nslookup not showng TTL

2009-10-15 Thread Kevin Darcy
John Horne wrote: On Thu, 2009-10-15 at 10:47 +0200, Adam Tkac wrote: On Thu, Oct 15, 2009 at 09:06:56AM +0100, John Horne wrote: How can I see the TTL value using nslookup? I'm not sure how force nslookup to show TTL but the `dig` utility is far more better tool for getting

Re: Strange Behavior

2009-10-26 Thread Kevin Darcy
Lawrence MacIntyre wrote: Hi: I have a name server running named on a closed network. The root servers name my node and another node (running DNS on a sidewinder firewall) as authoritative for our domain as well as several subdomains. Two of the subdomains have their own servers, and we

Re: Reasons for not resolving

2009-10-28 Thread Kevin Darcy
Alans, Why would you use Google to determine whether a web site is up or not? It's not even clear to me that you're having a DNS problem. It's rather bad practice to have lots of reverse-records in the DNS for a given address (e.g. 96.31.75.113), and can even cause problems with oversized

Re: Reverse DNS slave server

2009-10-28 Thread Kevin Darcy
アルベルト wrote: Just simple question. I'm setting up slave dns server, my question, is do I need to transfer Reverse zone too ? or just domain zone is enough? Sort of impossible to answer, without more information. Why did you set up a slave server in the first place? Redundancy?

Re: New BIND server

2009-10-28 Thread Kevin Darcy
Yeah, look it over, but take the zone-transfer restrictions and version-obfuscation stuff with a bit of a grain of salt. Those parts are a little too PHSCSE (Pointy-Haired So-Called Security Expert)-ish for my tastes, verging on Theater. At least they finally got rid of the bogon stuff.

Re: Reasons for not resolving

2009-10-29 Thread Kevin Darcy
Alans wrote: Kevin, Thanks for your explanation, yarnandwaste.com cannot be resolved, below is dig +trace result: [r...@ns2 ~]# dig yarnandwaste.com +trace ; DiG 9.4.2 yarnandwaste.com +trace ;; global options: printcmd . 437569 IN NS B.ROOT-SERVERS.NET. .

Re: Feature request - disable internal recursion cache

2009-10-30 Thread Kevin Darcy
Dmitry Rybin wrote: Niall O'Reilly wrote: I think, that be useful make this feature in bind: Add option to disable internal recursion cache, and forward all recursive queries to another daemon. Daemon as unbound, pdns-recursor - much faster in recursion queries, that bind. :( I don't see

Re: Feature request - disable internal recursion cache

2009-10-30 Thread Kevin Darcy
Dmitry Rybin wrote: Hello everybody! I think, that be useful make this feature in bind: Add option to disable internal recursion cache, and forward all recursive queries to another daemon. Daemon as unbound, pdns-recursor - much faster in recursion queries, that bind. :(

Re: Feature request - disable internal recursion cache

2009-10-30 Thread Kevin Darcy
nameserver on a different machine/IP address without getting, in my case, possibly hundreds of thousands of clients to change their DNS resolver IP address. In the surface, I too find this to be an interesting idea. -Michael Kevin Darcy wrote: Dmitry Rybin wrote: Niall O'Reilly wrote: I

Re: Forward zone files not working on Bind 9.3.6-P1 for Solaris and OpenSolaris??

2009-10-30 Thread Kevin Darcy
Kaya Saman wrote: Kevin Darcy wrote: If you're loading a zone as sgd.test, then an owner name of ns-m.test doesn't belong in it, and BIND is correct to reject it. Either change that name to something under sgd.test, or set up a separate zone for ns-m.test or anything above

Re: Feature request - disable internal recursion cache

2009-11-02 Thread Kevin Darcy
Dmitry Rybin wrote: Kevin Darcy wrote: Daemon as unbound, pdns-recursor - much faster in recursion queries, that bind. :( ___ So, you don't cache locally, you forward to another daemon that (in the best case) answers from *its* cache. How have you

Re: multiple internal views not working

2009-11-02 Thread Kevin Darcy
I you control all of the resolvers in this scenario, and the clients aren't doing their own caching-and-reordering-of-responses, you might consider using sortlists and round-robins instead of views. That would get you out of having to maintain the same zones in parallel. Note that if the

Re: multiple internal views not working (requested conf files and logs)

2009-11-02 Thread Kevin Darcy
Confused. Looks like the clients are matching the correct view, but fckd.net is not defined in either view, so what exactly was the point of having views? fckd.net names are going to get resolved the same regardless. - Kevin Paul Krash wrote: Jeremy C. Reed wrote: It may be useful for you

Re: Feature request - disable internal recursion cache

2009-11-02 Thread Kevin Darcy
Barry Margolin wrote: In article mailman.834.1256928257.14796.bind-us...@lists.isc.org, Kevin Darcy k...@chrysler.com wrote: Chris Thompson wrote: On Oct 30 2009, Michael Hare wrote: For those of us that are still running auth and recursive on the same IP, I believe

Re: multiple internal views not working (requested conf files

2009-11-02 Thread Kevin Darcy
Krash, Paul wrote: Kevin Darcy asked: Confused. Looks like the clients are matching the correct view, but fckd.net is not defined in either view, so what exactly was the point of having views? fckd.net names are going to get resolved the same regardless. I attempted to obfuscate our

Re: multiple internal views not working (requested conf files

2009-11-02 Thread Kevin Darcy
Alan Clegg wrote: Kevin Darcy wrote: Views are matched in order, so !10.x.5.0/24; is redundant -- anything in that range would have been matched by the previous view. But, but by explicitly putting it there, the ordering of the views is no-longer important. Better safe than sorry. If I

  1   2   3   4   5   6   >