Re: Forwarding zone, setup

Sending from the correct email alias this time! On Thu, 3 Mar 2022 at 09:53, Greg Choules wrote: > Hi Greg. > Basically, you can't forward out of authority. If server A is > authoritative for "example.com" it is authoritative for that and > everything below that, ad infinitum, unless you tell

Re: Forwarding zone, setup

>Are you loading the parent domain and trying to zone forward a child domain on >the same DNS server? I.e. loading somedomain.local and trying to forward >ab.somedomain.local   Yup, exactly.   That solution was suggested by Jeff Sumner yesterday, but it seemed a little nuts to me (BIND behaving

Re: Forwarding zone, setup

Are you loading the parent domain and trying to zone forward a child domain on the same DNS server? I.e. loading somedomain.local and trying to forward ab.somedomain.local If so an NS delegation is required in every instance I have done in my environment. The NS doesn't need to be "right" but it

Re: Forwarding zone, setup

Static-sub fixes the issue.   Any idea why static-sub works when forwarder doesn't?   (Again, the server is using recursion. Dig queries return the RA flag, so I know it's actually offering recursion in reality.)   I can live with static-sub just fine, since it works - but I'd really love to

Re: Forwarding zone, setup

This got held up in moderation. Let me repost it, from my regular mail client...     > You didn’t share much of your configuration except the one forwarded zone, > not a lot to go on.   Fair enough. (I guess I thought you could just infer all the needed information! Oops!) Let me try Ondrej's

Re: Forwarding zone, setup

Is static-stub something you are looking for? Reference documentation: https://bind9.readthedocs.io/en/v9_18_0/reference.html?highlight=static-stub#zone-types And in human terms: https://jpmens.net/2011/01/25/binds-new-static-stub-zone-type/ Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My

Re: Forwarding zone, setup

On 3/1/22 5:35 AM, Matus UHLAR - fantomas wrote: you are right, forwarding queries requires recursion. Thank you for the confirmation Matus. :-) -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature -- Visit https://lists.isc.org/mailman/listinfo/bind-users

Re: Forwarding zone, setup

On 2/28/22 1:47 PM, Gregory Sloop wrote: I figured before I beat my head against the wall for too long, I'd ask the real experts! :) On 28.02.22 22:27, Grant Taylor via bind-users wrote: I'm definitely not an expert. I don't even pretend to be one on T.V. But I do wonder what, if any, sort

Re: Forwarding zone, setup

On 2/28/22 1:47 PM, Gregory Sloop wrote: I figured before I beat my head against the wall for too long, I'd ask the real experts! :) I'm definitely not an expert. I don't even pretend to be one on T.V. But I do wonder what, if any, sort of restrictions you are placing on recursion on your

Re: Forwarding zone, setup

You didn’t share much of your configuration except the one forwarded zone, not a lot to go on. But one thing to check, you do have recursion enabled on the server? On Mon, Feb 28, 2022 at 6:34 PM Gregory Sloop wrote: > Wow. I hate to be the guy who looks the gift horse in the mouth - but that

Re: Forwarding zone, setup

Wow. I hate to be the guy who looks the gift horse in the mouth - but that just seems "wrong." :)  (Not the answer, but that that would be the way BIND wants it done.)   So, now I've got two sets of NS and glue records?  Please tell me that's not the way BIND insists you do this!   I guess I

Re: Forwarding zone, setup

Add Delegating NS records: ab.somedomain.local 3600 NS server1.ab.somedomain.local . . . And glue records server1.ab.somedomain.local 3600 A 10.0.0.1 . . And see if it works. It’s got something to do with the way the record is matched (or not) before the forward statement is hit. J > On

Re: forwarding zone setup from a BIND slave (without recursion?)

So why doesn’t it work to make your limited server authoritative for the root and only forward the zones you want? Anything that isn’t in a forwarded zone does not exist (except the root itself). On Sat, Apr 17, 2021 at 11:07 PM Marki wrote: > > On 4/14/2021 12:44 AM, Sebby, Brian A. via

Re: forwarding zone setup from a BIND slave (without recursion?)

On 4/14/2021 12:44 AM, Sebby, Brian A. via bind-users wrote: My situation is due to a security requirement.  We have DNS servers at our site running BIND that allow recursion, but I’ve been requested to set up some additional DNS servers for another project that is expected to **only**

Re: forwarding zone setup from a BIND slave (without recursion?)

rgonne National Laboratory From: bind-users on behalf of RK K Date: Wednesday, April 7, 2021 at 7:40 PM To: "bind-users@lists.isc.org" Subject: Re: forwarding zone setup from a BIND slave (without recursion?) Hello Marki, Matus, Thank you for the insights on this topic. Answering

Re: forwarding zone setup from a BIND slave (without recursion?)

Mark Andrews wrote: > > On 8 Apr 2021, at 00:37, Tony Finch wrote: > > > > Forward zones require the upstream server to be recursive too. > > More correctly, the upstream server has to serve the entire namespace being > forwarded if it does not off recursion to the client for forwarding to >

Re: forwarding zone setup from a BIND slave (without recursion?)

n replying, please edit your Subject line so it is more specific > than "Re: Contents of bind-users digest..." > > > Today's Topics: > >1. Re: forwarding zone setup from a BIND slave (without > recursion?) (Chuck Aurora) >2. Re: forwarding zone setup

Re: forwarding zone setup from a BIND slave (without recursion?)

Subject line so it is more specific > than "Re: Contents of bind-users digest..." > > > Today's Topics: > >1. forwarding zone setup from a BIND slave (without recursion?) > (RK K) >2. Re: forwarding zone setup from a BIND slave (without > re

Re: forwarding zone setup from a BIND slave (without recursion?)

> On 8 Apr 2021, at 00:37, Tony Finch wrote: > > Chuck Aurora wrote: >> >> A stub or static-stub zone would not require recursion. In that case >> named is asking for authoritative data from upstream. But type >> forward zones indeed cannot work if recursion is disabled. > > Be careful

Re: forwarding zone setup from a BIND slave (without recursion?)

Chuck Aurora wrote: > > A stub or static-stub zone would not require recursion. In that case > named is asking for authoritative data from upstream. But type > forward zones indeed cannot work if recursion is disabled. Be careful in this kind of situation to be very clear about which client or

Re: forwarding zone setup from a BIND slave (without recursion?)

On 2021-04-07 03:59, Marki wrote: To elaborate a little bit on that... Indeed that is how it works, unfortunately. When you start using forwarders or stubs, recursion needs to be enabled because you're no longer looking for your own authoritative data only. A stub or static-stub zone would not

Re: forwarding zone setup from a BIND slave (without recursion?)

Hello, On 4/7/2021 10:35 AM, Matus UHLAR - fantomas wrote: On 06.04.21 22:47, RK K wrote: In this scenario, in-order for the secondary server to forward the DNS query to an external DNS server, is it required to enable the recursion in the global options on the secondary servers? yes.

Re: forwarding zone setup from a BIND slave (without recursion?)

On 06.04.21 22:47, RK K wrote: We have a set of BIND primary servers (MASTERs) and a set of secondary servers (slaves to the MASTERs). The secondary BIND DNS servers disabled recursion ( with "*recursion no;" *) in the global options. All the applications/systems do use secondary DNS servers for

RE: Forwarding from delegated zone not working

- Kevin -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of seanliam73 Sent: Wednesday, October 11, 2017 3:45 AM To: bind-users@lists.isc.org Subject: RE: Forwarding from delegated zone not working Thanks Kevin That is what I suspecte

RE: Forwarding from delegated zone not working

Thanks Kevin That is what I suspected. If I make the delegated server the master/slave for the sub-domain that has been delegated, could I then set up forward zones for further sub-domains? i.e subdomain.example.com (delegated domain set as master zone) sub.subdomain.example.com (forward zone)

Re: Forwarding from delegated zone not working

Unfortunately we don't manage the AD server, that has been outsourced. The team that manage AD have delegated the subdomain to our bind 9 instance which in turn has a number of forwarding zones configured. This is to manage DNS over a number of cloud based environments. -- Sent from:

Re: Forwarding from delegated zone not working

On Tue, Oct 10, 2017 at 11:21 AM, seanliam73 wrote: > Hi > > I have a subdomain delegated from AD to a bind9 instance I have running > that > so that all requests for that subdomain are sent to the bind 9 instance. I > would then like to set up zone forwarding so that

RE: Forwarding from delegated zone not working

:bind-users-boun...@lists.isc.org] *On Behalf Of *Ben Croswell *Sent:* Tuesday, October 10, 2017 11:38 AM *To:* seanliam73 <sean.orei...@landg.com> *Cc:* bind-users@lists.isc.org *Subject:* Re: Forwarding from delegated zone not working If the AD environment loads company.com you need to make sure

Re: Forwarding from delegated zone not working

seanliam73 wrote: > > I know the forwarding is working because I can query the main bind9 > instance at receive the expected results. However if I query from the AD > server that is doing the delegation I get a SERVFAIL error. I guess one possible cause for this problem

RE: Forwarding from delegated zone not working

Sent: Tuesday, October 10, 2017 11:38 AM To: seanliam73 <sean.orei...@landg.com> Cc: bind-users@lists.isc.org Subject: Re: Forwarding from delegated zone not working If the AD environment loads company.com<http://company.com> you need to make sure it has NS delegations. The nameserver

RE: Forwarding from delegated zone not working

It doesn't work to delegate to a forwarder; you have to delegate to something that's authoritative for the zone (master or slave). Delegated nameservers are expected to have a full copy of the zone, either as the source (master) or through replication (slave). Now, if you have

Re: Forwarding from delegated zone not working

If the AD environment loads company.com you need to make sure it has NS delegations. The nameserver will ignore the zone forwarded if it knows the child doesn't exist. On Oct 10, 2017 11:22 AM, "seanliam73" wrote: > Hi > > I have a subdomain delegated from AD to a bind9

Re: Forwarding via different external networks

On Sun, Aug 28, 2016, at 19:22, Paul Kosinski wrote: > "... whatever else you use to failover from the primary to the > secondary would automatically ensure BIND resolves too." > > That's the root of the problem: there is no automatic failover, and > providing one is a lot of work. I was hoping

Re: Forwarding via different external networks

"... whatever else you use to failover from the primary to the secondary would automatically ensure BIND resolves too." That's the root of the problem: there is no automatic failover, and providing one is a lot of work. I was hoping there was a simple BIND config option so that BIND itself could

Re: Forwarding via different external networks

"Your better bet is surely to dump the forwarders and to do your own recursion." It doesn't solve the connectivity issue, but it sounds reasonable in it's own right: I'll have to try it. On Sat, 27 Aug 2016 14:32:09 -0500 /dev/rob0 wrote: > On Sat, Aug 27, 2016 at 02:32:42PM

Re: Forwarding via different external networks

On Sat, Aug 27, 2016, at 11:32, Paul Kosinski wrote: > So my question is, is it possible to configure my forwarding BIND to > have a primary and *secondary* path for sending out DNS queries? As far > as I can tell, the "query-source address" option in named.conf only > allows one outbound

Re: Forwarding via different external networks

On Sat, Aug 27, 2016 at 02:32:42PM -0400, Paul Kosinski wrote: > Currently, I forward all outbound DNS via the DSL to the ISP's > DNS servers. (I have more confidence in the DSL provider not > interfering with DNS than in Comcast.) FWIW, it has been many years since I have dealt with Comcast as

RE: forwarding zone to another DNS server problem

To: houguanghua Cc: bind-users@lists.isc.org Subject: RE: forwarding zone to another DNS server problem houguanghua houguang...@hotmail.com wrote: I 'm not familiar with'stub'. The description of 'stub' is hard to understand. Yes it's a bit weird. Think of it like the root hints but for other zones

Re: forwarding zone to another DNS server problem

Finch Sent: Tuesday, November 04, 2014 5:10 AM To: houguanghua Cc: bind-users@lists.isc.org Subject: RE: forwarding zone to another DNS server problem houguanghua houguang...@hotmail.com wrote: I 'm not familiar with'stub'. The description of 'stub' is hard to understand. Yes it's

RE: forwarding zone to another DNS server problem

, Guanghua Date: Sun, 2 Nov 2014 21:23:14 + From: d...@dotat.at To: houguang...@hotmail.com CC: bind-users@lists.isc.org Subject: Re: forwarding zone to another DNS server problem houguanghua houguang...@hotmail.com wrote: Can bind support forwarding zone to another DNS server? In my

RE: forwarding zone to another DNS server problem

houguanghua houguang...@hotmail.com wrote: I 'm not familiar with'stub'. The description of 'stub' is hard to understand. Yes it's a bit weird. Think of it like the root hints but for other zones: i.e. a hint zone configuration in a recursive server tells named that instead of using a

Re: forwarding zone to another DNS server problem

In article mailman.1168.1415095867.26362.bind-us...@lists.isc.org, Tony Finch d...@dotat.at wrote: houguanghua houguang...@hotmail.com wrote: I 'm not familiar with'stub'. The description of 'stub' is hard to understand. Yes it's a bit weird. Think of it like the root hints but for

Re: forwarding zone to another DNS server problem

houguanghua houguang...@hotmail.com wrote: Can bind support forwarding zone to another DNS server? In my testing, for loacl name servers, it can. But for authority name servers, it can't. forwarding requires recursion allowed for the zone. On 02.11.14 21:23, Tony Finch wrote: Use stub or

Re: forwarding zone to another DNS server problem

On 02.11.14 23:09, Frank Pikelner wrote: What is the advantage of using a stub or static-stub to using a slave? you should use them when it's not possible or viable to use slave, e.g. windows AD domain, RBL domain, domain that can't be transferred etc... -- Matus UHLAR - fantomas,

Re: forwarding zone to another DNS server problem

Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 02.11.14 23:09, Frank Pikelner wrote: What is the advantage of using a stub or static-stub to using a slave? you should use them when it's not possible or viable to use slave, e.g. windows AD domain, RBL domain, domain that can't be

Re: forwarding zone to another DNS server problem

In article mailman.1155.1414921350.26362.bind-us...@lists.isc.org, houguanghua houguang...@hotmail.com wrote: Dear all, Can bind support forwarding zone to another DNS server? In my testing, for loacl name servers, it can. But for authority name servers, it can't. I have a

Re: forwarding zone to another DNS server problem

houguanghua houguang...@hotmail.com wrote: Can bind support forwarding zone to another DNS server? In my testing, for loacl name servers, it can. But for authority name servers, it can't. Use stub or static-stub to forward to an authoritative server. Tony. -- f.anthony.n.finch

Re: forwarding zone to another DNS server problem

houguanghua houguang...@hotmail.com wrote: Can bind support forwarding zone to another DNS server? In my testing, for loacl name servers, it can. But for authority name servers, it can't. Use stub or static-stub to forward to an authoritative server. What is the advantage of using a stub or

Re: Forwarding request to another DNS server but the same domain

Hello, On 30.04.14 17:32, Jeronimo L. Cabral wrote: 1) Office 1: people work with some machines and fill up a local master zone company.com with records in DNS1 2) Office 2: people works with some others machines and fill up a local master zone company.com with another records in DNS2 So both

Re: Forwarding request to another DNS server but the same domain

Being authoritative means that you know everything about the zone. If you know everything about a zone, why ask anyone else? Split DNS does not follow the DNS paradigm, so there is no standard way to implement it, and despite many people asking over the years, there is no NXDOMAIN failover

Re: Forwarding request to another DNS server but the same domain

Hi Jeronimo, First of all, please just tell us the real domain. Yes, we could try and talk about a fictitious example.com or company.com, but having the real domain name lets us actually query your nameservers. Let me be sure I understand: you have two DNS servers. Each of them is

Re: Forwarding request to another DNS server but the same domain

Dear John, this is my scenario: 1) Office 1: people work with some machines and fill up a local master zone company.com with records in DNS1 2) Office 2: people works with some others machines and fill up a local master zone company.com with another records in DNS2 So both office have a

Re: Forwarding request to another DNS server but the same domain

Oh, I thought this was an external-versus-internal scenario. But, this is even easier. A) One of the nameservers (pick DNS1 or DNS2) becomes a slave (of the stealth variety, if you want) of the other B) People use nsupdate to maintain the zone For security, TSIG-sign the updates. For fast

Re: Forwarding request to another DNS server but the same domain

First of all, unless you need separate views for each office, don't go down that path. Why are you attempting this as opposed to standard master-slave replication? There's something else I'm not understanding here: why would recursive queries from one office go to the other office's nameservers?

Re: Forwarding request to another DNS server but the same domain

In office #1, the company.com master zone is updated automatically from some Windows machines inn DNS1 and in office #2 the same zone is updated manually in DNS2 by the administrator who shouldn't update (using freeze and unfreeze) the master zone from office #1. This is the scenario, and we need

Re: Forwarding request to another DNS server but the same domain

I'm still not understanding your constraints. If *all* updates come in through Dynamic Update, then you don't need freeze/unfreeze. - Kevin On 4/30/2014 6:47 PM, Jeronimo L. Cabral wrote: In office #1, the company.com http://company.com master zone is updated automatically from some

Re: Forwarding request to another DNS server but the same domain

DNS1 with dynamic update and DNS2 with manually update On Wed, Apr 30, 2014 at 8:11 PM, Kevin Darcy k...@chrysler.com wrote: I'm still not understanding your constraints. If *all* updates come in through Dynamic Update, then you don't need freeze/unfreeze.

Re: Forwarding request to another DNS server but the same domain

Either do as Kevin Darcy said or else use separate names: company.com office1.company.com office2.company.com The admin in office 2 updates the office2 zone. The dynamic updates in office 1 go to the office1 zone. The company.com zone delegates both. Everyone can find everything via that

Re: Forwarding requests when DNS name doesn't exist?

An unwise decision, from security point of view ! You are about to open the DNS channel - public DNS resolving available for internal clients. Consequently data leakage, file transfer in/out over DNS become possible ... As far as the question about internal fake zones is concerned : if the name

Re: forwarding query-source (was Re: name caching and forwarding)

On 04.03.13 17:35, Shawn Bakhtiar wrote: A better solution may be (if feasible) to register and get an internet AS number and enable BGP on both links. If one fails the upstream routers (even if from desperate providers) will detect a fail and re-rout via the active link. you don't need AS

RE: forwarding query-source (was Re: name caching and forwarding)

, but that's very hackish. Date: Sat, 2 Mar 2013 16:16:28 +0100 From: uh...@fantomas.sk To: bind-users@lists.isc.org Subject: Re: forwarding query-source (was Re: name caching and forwarding) On 01.03.13 17:23, Lawrence K. Chen, P.Eng. wrote: I thought I had read somewhere the query-source

Re: forwarding query-source (was Re: name caching and forwarding)

On 01.03.13 17:23, Lawrence K. Chen, P.Eng. wrote: I thought I had read somewhere the query-source default is to try making queries from all the IPs on my system. No, the default is to use special IP 0.0.0.0 that causes the system (not the BIND) to select source IP address. And, my DNS

Re: Forwarding based on Client IPs

In message CAKdykDsixDysXM1005+gwKuqsb81rYP8xNuJpUnZVP+b9-9=h...@mail.gmail.com , Siju George writes: Hi, Currently I am using Bind9 for DNS. I wish to do the following forward. 1. Forward to domain Name Servers based on client IPS. a. Forward one set of LAN users to OpenDNS DNS

Re: Forwarding based on Client IPs

On Wed, Apr 4, 2012 at 12:14 PM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 04.04.12 11:54, Siju George wrote: Currently I am using Bind9 for DNS. I wish to do the following forward. 1. Forward to domain Name Servers based on client IPS.   a. Forward one set of LAN users to OpenDNS

Re: Forwarding based on Client IPs

On 04.04.12 11:54, Siju George wrote: Currently I am using Bind9 for DNS. I wish to do the following forward. 1. Forward to domain Name Servers based on client IPS.   a. Forward one set of LAN users to OpenDNS DNS servers soo that I can restrict them   b. Forward a second set of LAN users to

RE: forwarding @ to a different domain?

[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of /dev/rob0 Sent: Sunday, January 08, 2012 6:33 PM To: bind-users@lists.isc.org Subject: Re: forwarding @ to a different domain? On Sunday 08 January 2012 09:48:42 enigmedia wrote: Hi All: I have a situation where I need

Re: forwarding @ to a different domain?

www in cname mydomain.myshopify.com. mydomain.com. in cname mydomain.myshopify.com. Is this what you are looking for? 8.1.2012 17:48, enigmedia kirjoitti: Hi All: I have a situation where I need to forward requests for mydomain.com and www.mydomain.com to a third party:

Re: forwarding @ to a different domain?

You can't cnane mydomain.com to anything because it has, at the minimum, ns and soa records. -Ben Croswell On Jan 8, 2012 1:11 PM, Jukka Pakkanen jukka.pakka...@qnet.fi wrote: www in cname mydomain.myshopify.com. mydomain.com. in cname mydomain.myshopify.com. Is this what you are looking

Re: forwarding @ to a different domain?

On Sun, 08 Jan 2012 20:00:07 +0200 Jukka Pakkanen jukka.pakka...@qnet.fi wrote www in cname mydomain.myshopify.com. mydomain.com. in cname mydomain.myshopify.com. Is this what you are looking for? Yes, but I thought you couldn't use a cname for the root record of the domain?

Re: forwarding @ to a different domain?

On Sun, 8 Jan 2012 13:20:56 -0500 Ben Croswell ben.crosw...@gmail.com wrote You can't cnane mydomain.com to anything because it has, at the minimum, ns and soa records. -Ben Croswell Thanks Ben...that's what I thought. So just to ask the question another way: How do I point requests

Re: forwarding @ to a different domain?

8.1.2012 19:02, enigmedia (onl) kirjoitti: On Sun, 08 Jan 2012 20:00:07 +0200 Jukka Pakkanen jukka.pakka...@qnet.fi wrote www in cname mydomain.myshopify.com. mydomain.com. in cname mydomain.myshopify.com. Is this what you are looking for? Yes, but I thought you couldn't use a cname

Re: forwarding @ to a different domain?

8.1.2012 20:46, Jukka Pakkanen kirjoitti: 8.1.2012 19:02, enigmedia (onl) kirjoitti: On Sun, 08 Jan 2012 20:00:07 +0200 Jukka Pakkanen jukka.pakka...@qnet.fi wrote www in cname mydomain.myshopify.com. mydomain.com. in cname mydomain.myshopify.com. Is this what you are looking for?

Re: forwarding @ to a different domain?

On 08/01/2012 17:09, enigmedia (onl) wrote: How do I point requests for http://mydomain.com; and http://www.mydomain.com; to http://mydomain.myshopify.com;? Look up an A record (or ) for mydomain.myshopify.com, then create a similar A (or ) record pointing to the same address in your

Re: forwarding @ to a different domain?

On Sunday 08 January 2012 09:48:42 enigmedia wrote: Hi All: I have a situation where I need to forward requests for mydomain.com and www.mydomain.com to a third party: mydomain.com is a real domain, and probably not yours. If for some reason you do not want to mention your real domain name,

Re: Forwarding a subzone of a master zone

On Tue, Apr 19, 2011 at 01:37:23AM -0700, chris.p.bux...@gmail.com wrote: You're getting a bit confused, because your configuration is complex. Some of your observations are in contradiction with your disabling of recursion, so I believe you are partially mistaken. - You're mixing

Re: Forwarding a subzone of a master zone

I'd like to reinforce what Chris said, and recommend the use of an internal root zone for networks/enterprises which have no public Internet connectivity, or whose connectivity to the Internet is exclusively through application-level proxies. Don't make Internet names resolvable on your

Re: Forwarding a subzone of a master zone

I'd like to reinforce what Chris said, and recommend the use of an internal root zone for networks/enterprises which have no public Internet connectivity +1 A lot of people seem to be scared by the prospect of setting up their own root zone. It really isn't difficult, and I discuss this

Re: Forwarding a subzone of a master zone

You're getting a bit confused, because your configuration is complex. Some of your observations are in contradiction with your disabling of recursion, so I believe you are partially mistaken. - You're mixing authoritative and recursive service in one config. This often leads to confusion. -

Re: forwarding

Date: Sun, 12 Dec 2010 22:15:41 -0800 (PST) From: Ed Arizona colinedwardhar...@yahoo.com Sender: bind-users-bounces+oberman=es@lists.isc.org We're seeing an issue with regarding to a bind9 server setup as a 'forward only' system.  The server is multihomed on five unique

Re: forwarding

Firstly please get a sane email client. Printed quotable is supposed to be readable by old mail clients. Your client is turning the line breaks you entered into =A0 rather than preserving. Secondly the default for allow-recursion is {localhost; localnets;}. The clients that you are having

Re: forwarding + validating name server : protocol error or simply unexplored fields ?

In message 006001cb7ffe$7a6f5b10$6f4e11...@eurid.eu, Marc Lampo writes: Hello, Much attention has been given to DNSSEC - how it brings security - the chain-of-trust - the root zone signed - activities of tld's to get signed - ... but we - I belong to an organisation in charge of a tld

Re: Forwarding to two servers

On 2010-08-10 02:39, CLOSE Dave (DAE) wrote: Based on suggestions here, I now have a named.conf file like this: options { ... }; logging { ... }; zone . IN { type forward; forwarders { PUB; }; forward only; }; zone HOST1 { type forward; forwarders { PRIV; }; }; zone HOST2 {

Re: Forwarding to two servers

On Mon, 9 Aug 2010, CLOSE Dave (DAE) wrote: Based on suggestions here, I now have a named.conf file like this: options { ... }; logging { ... }; zone . IN { type forward; forwarders { PUB; }; forward only; }; zone HOST1 { type forward; forwarders { PRIV; }; }; zone HOST2 {

Re: Forwarding to two servers

On 8/10/2010 9:16 AM, Tony Finch wrote: On Mon, 9 Aug 2010, CLOSE Dave (DAE) wrote: Based on suggestions here, I now have a named.conf file like this: options { ... }; logging { ... }; zone . IN { type forward; forwarders { PUB; }; forward only; }; zone HOST1 { type

Re: Forwarding to two servers

Sten Carlsen wrote: I believe you could use forwarding to the internal server for each individual name: zone HOST1 { type forward; forwarders{ private.domain.server.IP; }; } This should do the trick but not elegant, not easy. I would start hinting to management that changes

Re: Forwarding to two servers

On 8/6/2010 7:28 PM, CLOSE Dave (DAE) wrote: Sten Carlsen wrote: I believe you could use forwarding to the internal server for each individual name: zone HOST1 { type forward; forwarders{ private.domain.server.IP; }; } This should do the trick but not elegant, not easy. I would

Re: Forwarding to two servers

I asked: My company has two internal name servers accessible to me. One (PUB) is the usual Internet-facing server than can resolve most internal and all public names. The other (PRIV) is a special purpose server that only resolves names in a special private domain. If I list both servers in

Re: Forwarding to two servers

On Fri, Aug 06, 2010 at 10:05:01AM -0700, CLOSE Dave (DAE) wrote: Joseph S D Yao wrote: If you have two forwarders, as you listed, your server will try to forward first to one and then to the other. If it gets any answer at all from one - even an error answer - it will not try the other.

Re: Forwarding to two servers

On Fri, Aug 06, 2010 at 10:43:01PM +0100, Tony Finch wrote: ... As I understand it, BIND makes recursive queries to forwarding servers. If the target is authoritative, you configure the zone as a stub. This is not documented. I believe this is incorrect on both counts. In this form, BIND

Re: Forwarding to two servers

On Tue, Aug 10, 2010 at 02:37:54PM -0400, Joseph S D Yao wrote: ... Then either it's not serving DNS or you haven't found the right buttons. What is it? Can you explain a bit more? ... Sorry, in my hurry I didn't fast-forward through the thread. Glad that it's working for you now. --

Re: Forwarding to two servers

On Tue, 10 Aug 2010, Joseph S D Yao wrote: On Fri, Aug 06, 2010 at 10:43:01PM +0100, Tony Finch wrote: ... As I understand it, BIND makes recursive queries to forwarding servers. If the target is authoritative, you configure the zone as a stub. This is not documented. I believe this is

Re: Forwarding to two servers

Based on suggestions here, I now have a named.conf file like this: options { ... }; logging { ... }; zone . IN { type forward; forwarders { PUB; }; forward only; }; zone HOST1 { type forward; forwarders { PRIV; }; }; zone HOST2 { type forward; forwarders { PRIV; }; }; # PUB and

Re: Forwarding to two servers

Joseph S D Yao wrote: If you have two forwarders, as you listed, your server will try to forward first to one and then to the other. If it gets any answer at all from one - even an error answer - it will not try the other. So forwarding works exactly the same as listing both servers in

Re: Forwarding to two servers

On 8/6/2010 1:05 PM, CLOSE Dave (DAE) wrote: Joseph S D Yao wrote: If you have two forwarders, as you listed, your server will try to forward first to one and then to the other. If it gets any answer at all from one - even an error answer - it will not try the other. So forwarding

Re: Forwarding to two servers

On 06/08/10 19:59, Kevin Darcy wrote: On 8/6/2010 1:05 PM, CLOSE Dave (DAE) wrote: Joseph S D Yao wrote: If you have two forwarders, as you listed, your server will try to forward first to one and then to the other. If it gets any answer at all from one - even an error answer - it

Re: Forwarding to two servers

On Thu, 5 Aug 2010, Lyle Giese wrote: zone mydomain.com{ type forward; forward only; forwarders { ip address of priv server;}; }; The priv server needs to be authorative(and probably master) for mydomain.com. As I understand it, BIND makes recursive queries to forwarding servers. If the

Re: Forwarding to two servers

On Thu, Aug 05, 2010 at 06:03:34PM -0700, CLOSE Dave (DAE) wrote: My company has two internal name servers accessible to me. One (PUB) is the usual Internet-facing server than can resolve most internal and all public names. The other (PRIV) is a special purpose server that only resolves

Re: Forwarding DNS Server can not resolved alias records(CNAME)?

Note that the name 218.246.85.101 -- which is the target of the www.01cool.com alias -- does not exist in the Internet DNS. I don't what kind of DNS implementation/configuration is running on 211.99.204.77, but it seems to be returning SERVFAIL for *any* recursive query outside of its

Re: Forwarding updates between views

On Nov 22, 2009, at 7:23 PM, Chris Hills wrote: On 22/11/09 21:01, Chris Buxton wrote: Change the zone from type forward to type slave, and add allow-update-forwarding. zone dyn.example.com. { type slave; masters { ::1; }; allow-update-forwarding { local-networks; }; };

Re: Forwarding updates between views

On 23/11/09 18:05, Chris Buxton wrote: The internal-in view should have some log entry of the forwarded update. I'm not sure what category or severity level that would be, though. I could not find it in either the query log or the update log. Bug? Of course, if you were to start using signed

  1   2   >