to bind to:
/127.0.0.1:5001
Obviously you have error in your config, as you are not binding to
address, but on local socket at the root of the system. So my guess is you
must eighter change your software configuration or you should giva access
to root folder to the user running the application
server.
1. PS3 media server throws crazy errors like that it canncot bind - no
matter which IP I choose:
[main] INFO 2013-01-26 16:03:02.833 Loading configuration file:
Panasonic.conf
[main] DEBUG 2013-01-26 16:03:02.833 Base path set to
file:///etc/ps3mediaserver/renderers/Panasonic.conf
[main
are plexmedia server and psmedia server.
1. PS3 media server throws crazy errors like that it canncot bind - no
matter which IP I choose:
[main] INFO 2013-01-26 16:03:02.833 Loading configuration file:
Panasonic.conf
[main] DEBUG 2013-01-26 16:03:02.833 Base path set to
file:///etc/ps3mediaserver
Are you saying you installed the Debian 6.0 operating system
inside of a Freebsd jail and expect it to function?
on top of all works ;-) Look at mailing list archives earlier ...See
mails from me.
Peter
___
freebsd-questions@freebsd.org
Zyumbilev, Peter wrote:
Are you saying you installed the Debian 6.0 operating system
inside of a Freebsd jail and expect it to function?
on top of all works ;-) Look at mailing list archives earlier ...See
mails from me.
Peter
Ok I read the archive thread subject jails.
You read a
On 26/01/2013 23:06, Fbsd8 wrote:
Zyumbilev, Peter wrote:
Are you saying you installed the Debian 6.0 operating system
inside of a Freebsd jail and expect it to function?
on top of all works ;-) Look at mailing list archives earlier ...See
mails from me.
Peter
Ok I read the
is on that router. Some users get wrong IPs from that router.
Can I bind 192.168.1.1 address of router to server so restrict such
router to work normally?
Or s there any other method to prevent such ilegal DHCP servers on LAN?
--
Eugen mailto:kes-...@yandex.ru
Le Sun, 23 Dec 2012 14:17:47 +0200,
Eugen Konkov kes-...@yandex.ru a écrit :
Hello,
Or s there any other method to prevent such ilegal DHCP servers on
LAN?
At work we use dhcp_probe
http://www.net.princeton.edu/software/dhcp_probe/
It works quite fine, when someone plug a dhcp server it is
Здравствуйте, Patrick.
Вы писали 23 декабря 2012 г., 15:17:43:
PL Le Sun, 23 Dec 2012 14:17:47 +0200,
PL Eugen Konkov kes-...@yandex.ru a écrit :
PL Hello,
Or s there any other method to prevent such ilegal DHCP servers on
LAN?
PL At work we use dhcp_probe
PL
Eugen Konkov kes-kes at yandex.ru writes:
...
So in my vlan I have two DHCP servers. One is mine and
second is on that router. Some users get wrong IPs from that router.
...
Or s there any other method to prevent such ilegal DHCP servers on LAN?
[23251]: starting BIND 9.6.-ESV-R7
-t /var/named -u bind
messages.2:Oct 25 08:25:46 pf1 named[23251]: built with
'--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man'
'--enable-threads' '--enable-getifaddrs' '--disable-linux-caps'
'--with-openssl=/usr' '--with-randomdev=/dev/random
On Thu, 25 Oct 2012, Damien Fleuriot wrote:
Anyone else experienced this problem today ?
We slave the root zone and have received signature expired errors.
Found this:
https://lists.dns-oarc.net/pipermail/dns-operations/2011-March/007116.html
which leads to this:
On 25 October 2012 18:33, Warren Block wbl...@wonkity.com wrote:
On Thu, 25 Oct 2012, Damien Fleuriot wrote:
Anyone else experienced this problem today ?
We slave the root zone and have received signature expired errors.
Found this:
On 25 October 2012 18:55, Damien Fleuriot m...@my.gd wrote:
On 25 October 2012 18:33, Warren Block wbl...@wonkity.com wrote:
On Thu, 25 Oct 2012, Damien Fleuriot wrote:
Anyone else experienced this problem today ?
We slave the root zone and have received signature expired errors.
Found
On 27 August 2012 10:11, Damien Fleuriot m...@my.gd wrote:
Hello list,
We're currently running Nessus PCI DSS scans on our infrastructure to
eliminate known vulnerabilities and problems.
The scan reports that my version of BIND is vulnerable to exploits I
*know* it isn't.
The problem
I seem to have seen no replies.
Would anyone kindly confirm they've got the same problem so we can get
a PR filled ?
# named -V
BIND 9.6.-ESV-R5-P1 built with '--prefix=/usr'
'--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads'
'--enable-getifaddrs' '--disable-linux
Hello list,
We're currently running Nessus PCI DSS scans on our infrastructure to
eliminate known vulnerabilities and problems.
The scan reports that my version of BIND is vulnerable to exploits I
*know* it isn't.
The problem, to me, seems to be with the version number as reported by
named -V
decided to recompile bind in the latest version and I am running into a
problem which is caused by bind port not following the FreeBSD requisites and
trying to install things in /usr/include/isc
making all in /s/portbuild/usr/ports/dns/bind98/work/bind-9.8.2/lib/isc/x86_32
making all in
/s
On 05/04/2012 18:24, bsd wrote:
I have decided to recompile bind in the latest version and I am
running into a problem which is caused by bind port not following the
FreeBSD requisites and trying to install things in /usr/include/isc
What on earth gives you the idea that dns/bind98 doesn't
and It needs to be up to
date.
I have decided to recompile bind in the latest version and I am running into a
problem which is caused by bind port not following the FreeBSD requisites and
trying to install things in /usr/include/isc
making all in /s/portbuild/usr/ports/dns/bind98/work/bind-9.8.2/lib/isc
, I have a pretty nice Fvwm environment with
some nifty plotting. (Though I wonder, is it better to be forced to
visualize the underlying curve's of a system without looking. A
philosophical problem for another day...)
Second, I am getting: inetd[1081]: ssh/tcp: bind: address already in use
On Feb 8, 2012, at 11:39 AM, Henry Olyer wrote:
Second, I am getting: inetd[1081]: ssh/tcp: bind: address already in use.
What's the fix, please?
Don't try to run sshd via inetd when you're already starting it as a daemon.
Regards,
--
-Chuck
On 01/04/2012 11:10 AM, Dino Vliet wrote:
Hi all,
suddenly I'm facing this quest on freebsd 8. I need to bind my little webserver
running aolserver to port 80. In the past I was always using port 8080 and had
my router configured to forward requests on port 80 to the server on port 8080
2011/12/29 Victor Sudakov v...@mpeks.tomsk.su:
Peter Andreev wrote:
Victor, we researched this topic and learned that response time highly
depends on distance between user and resolver, while cache influence
on this value is lesser.
So I advice you to keep all as is.
Be it so.
Peter Andreev wrote:
Victor, we researched this topic and learned that response time highly
depends on distance between user and resolver, while cache influence
on this value is lesser.
So I advice you to keep all as is.
Be it so. Thank you.
And the reason for the whole
2011/12/29 Victor Sudakov v...@mpeks.tomsk.su:
Peter Andreev wrote:
Victor, we researched this topic and learned that response time
highly
depends on distance between user and resolver, while cache influence
on this value is lesser.
So I advice you to keep all as is.
Be
On 12/29/11 12:45, Kevin Wilcox wrote:
On Dec 28, 2011 9:26 PM, Victor Sudakovv...@mpeks.tomsk.su wrote:
And the reason for the whole thread. One of the customers told me that
8.8.8.8 is faster than our own DNS servers which are located on the
same 100 MBit/s LAN with them. I was shocked but
On 12/28/11 8:54 AM, Victor Sudakov wrote:
Colleagues,
This question is not directly related to FreeBSD, but perhaps some
network administrators reading this list know the answer.
Can I setup several ISC BIND servers to be each other's mutual forwarders?
Will it work or create
On 28/12/2011 07:54, Victor Sudakov wrote:
This question is not directly related to FreeBSD, but perhaps some
network administrators reading this list know the answer.
Can I setup several ISC BIND servers to be each other's mutual forwarders?
Will it work or create an endless loop of DNS
Damien Fleuriot wrote:
If you're trying to build up a cache to improve performance and response
time, here's your scenario:
DNS C, forward to DNS A,B for all queries
DNS D, forward to DNS B,A for all queries
Your cache will start building up and only responses that are not cached
will
On 12/28/11 2:07 PM, Victor Sudakov wrote:
Damien Fleuriot wrote:
If you're trying to build up a cache to improve performance and response
time, here's your scenario:
DNS C, forward to DNS A,B for all queries
DNS D, forward to DNS B,A for all queries
Your cache will start building up
to the goal of cache consolidation.
DNS A suffers an outage ; you're fucked, to put it bluntly.
BIND can be configured to deal with such troubles. But still Victor's
idea isn't very good. First of all because response time increasing in
case of using forwarders.
Victor, we researched this topic
a comparison of BIND and Unbound with great interest. Do
you perchance have a link?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
Peter Andreev wrote:
[dd]
Victor, we researched this topic and learned that response time highly
depends on distance between user and resolver, while cache influence
on this value is lesser.
So I advice you to keep all as is.
Be it so. Thank you.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
Victor Sudakov wrote:
Victor, we researched this topic and learned that response time highly
depends on distance between user and resolver, while cache influence
on this value is lesser.
So I advice you to keep all as is.
Be it so. Thank you.
And the reason for the whole thread. One
On Dec 28, 2011 9:26 PM, Victor Sudakov v...@mpeks.tomsk.su wrote:
And the reason for the whole thread. One of the customers told me that
8.8.8.8 is faster than our own DNS servers which are located on the
same 100 MBit/s LAN with them. I was shocked but it seems true, at
least for the
2011/12/29 Victor Sudakov v...@mpeks.tomsk.su:
Victor Sudakov wrote:
Victor, we researched this topic and learned that response time highly
depends on distance between user and resolver, while cache influence
on this value is lesser.
So I advice you to keep all as is.
Be it so. Thank
Peter Andreev wrote:
Victor, we researched this topic and learned that response time highly
depends on distance between user and resolver, while cache influence
on this value is lesser.
So I advice you to keep all as is.
Be it so. Thank you.
And the reason for the whole
Colleagues,
This question is not directly related to FreeBSD, but perhaps some
network administrators reading this list know the answer.
Can I setup several ISC BIND servers to be each other's mutual forwarders?
Will it work or create an endless loop of DNS queries?
I have customers using
Hi,
After installing FreeBSD 8.2, I noticed it's using BIND 9.6 but in ports
collection there is newer versions 9.7 and 9.8.
I'd like to know if there is any advantages in upgrading BIND to 9.8
instead of using the base install version.
I'd really appreciate if you can give me some hints
On 16/12/2011 10:04, Iqbal Aroussi wrote:
After installing FreeBSD 8.2, I noticed it's using BIND 9.6 but in ports
collection there is newer versions 9.7 and 9.8.
I'd like to know if there is any advantages in upgrading BIND to 9.8
instead of using the base install version.
I'd really
Hi Matthew,
thanks a lot for your detailed reply, as I will be using BIND for standard
task. regular SOA for domain names
no domain keys or DNSSEC. I think I'll stick with the version that comes
pre-installed.
Best Regards
*
--
*
*Iqbal Aroussi*
*+212 665 025 032*
*iq...@aroussi.name
Apologies if this is not the appropriate list but I can't seem to find
one pertaining to the installation and configuration of BIND. I posted
the following message on the FreeBSD forums a few weeks back but have
had no replies, so I thought I'd try here on the lists:
System: FreeBSD 8.2-RELEASE
On 12/7/11 8:15 PM, Kernel Panic wrote:
Apologies if this is not the appropriate list but I can't seem to find
one pertaining to the installation and configuration of BIND. I posted
the following message on the FreeBSD forums a few weeks back but have
had no replies, so I thought I'd try here
I just ran through on one of my older FreeBSD servers, and updated from
BIND 9.8.1 to 9.8.1-P1 to get the security patches for BIND online, and
after doing this bind crashes.
I am seeing:
Nov 23 06:35:19 named[24537]: starting BIND 9.8.1-P1 -u bind -t /var/named
-u bind
Nov 23 06:35:19 named
On 23/11/2011 12:53, Howard Leadmon wrote:
I just ran through on one of my older FreeBSD servers, and updated from
BIND 9.8.1 to 9.8.1-P1 to get the security patches for BIND online, and
after doing this bind crashes.
I am seeing:
Nov 23 06:35:19 named[24537]: starting BIND 9.8.1-P1
Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matt...@infracaninophile.co.uk Kent, CT11 9PW
You, sir, are correct about the chroot. Bind 9.8.1 and OpenSSL 1.0.0 don't
play nicely in a chroot
On Wed, 23 Nov 2011 13:18:45 +
Matthew Seaman articulated:
I've been using the attached patch with the dns/bind98 port and
openssl-1.0.x from ports for months. This disables using the GOST
cipher plugins -- which is no big deal as far as I'm concerned. GOST
ciphers are only supplied as
or upstream regarding this
phenomena?
I sent my patch to Doug Barton (bind maintainer in src/ports) but he
didn't accept it. Discussions I've seen around this are that the
OpenSSL guys say that it's not a bug from their side, and that bind is
doing it wrong. I believe the ISC guys are aware but I don't
freebsd-questions@freebsd.org
Cc: Jerry je...@seibercom.net
Sent: Friday, August 05, 2011 2:30 PM
Subject: Re: Help with Bind Weirdness Logging
On 8/5/2011 10:55 AM, Jerry wrote:
On Fri, 05 Aug 2011 10:25:13 -0700
Drew Tomlinson articulated:
On 8/5/2011 9:40 AM, Mark Felder wrote:
On Fri, 05 Aug
I'm running bind 9.3.5 and have been running some version of Bind for
years. The purpose of this server is to resolve for my home LAN and to
do regular queries for things outside my LAN.
Just recently, I noticed that my server can't resolve for some names.
The ones I've noticed
On Fri, 05 Aug 2011 11:15:21 -0500, Drew Tomlinson
d...@mykitchentable.net wrote:
Just recently, I noticed that my server can't resolve for some names.
The ones I've noticed are for Microsoft domains, specifically
go.microsoft.com and time.windows.com. For example:
What kind of
back in place and now my DNS
server is able to resolve. Thus the firewalling thing was likely the
problem.
Any ideas on how to get Bind logging going?
Cheers,
Drew
--
Like card tricks?
Visit The Alchemist's Warehouse to
learn card magic secrets for free!
http://alchemistswarehouse.com
.
Hopefully a new one will work right.
Anyway, put my previous router/firewall back in place and now my DNS
server is able to resolve. Thus the firewalling thing was likely the
problem.
Any ideas on how to get Bind logging going?
I have experience with both the E3200 and E4200 models
On Fri, 05 Aug 2011 12:25:13 -0500, Drew Tomlinson
d...@mykitchentable.net wrote:
Any ideas on how to get Bind logging going?
Here's how we do it.
named.conf:
logging {
channel my_syslog {
syslog daemon;
severity info;
//print-time
On Fri, 05 Aug 2011 11:30:39 -0700
Drew Tomlinson articulated:
Thank you Jerry. In my case, the FreeBSD boxes are hard wired so I
don't think this will be a problem. I use the wireless for two
Windows laptops, a Lexmark printer, and a Motorola Droid X.
My specific issues with the E3000
On 21.04.11 19:56, Ewald Jenisch wrote:
Hi,
I'm looking for graphical tools easing configuration of a bind
DNS-server. Ideally this tool should be capable of editing
IPv6-related records like too.
Is there anything available out there for FreeBSD (I already checked
the ports
Hi,
I'm looking for graphical tools easing configuration of a bind
DNS-server. Ideally this tool should be capable of editing
IPv6-related records like too.
Is there anything available out there for FreeBSD (I already checked
the ports collection, but couldn't find anything).
Thanks much
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/21/11 1:56 PM, Ewald Jenisch wrote:
Hi,
I'm looking for graphical tools easing configuration of a bind
DNS-server. Ideally this tool should be capable of editing
IPv6-related records like too.
Is there anything available out
: error trying to bind as user
uid=testuser,ou=users,dc=geoinf,dc=freyja,dc=com (Confidentiality required)
Confidentiality required means that the server is refusing to authenticate
over a non-encrypted connection. Try switching pam_ldap to ldaps (in your
pam ldap.conf, either change your uri
: error trying to bind as user
uid=testuser,ou=users,dc=geoinf,dc=freyja,dc=com (Confidentiality required)
Confidentiality required means that the server is refusing to authenticate
over a non-encrypted connection. Try switching pam_ldap to ldaps (in your
pam ldap.conf, either change your uri
sshd, login fails with this error
(loged on Linux Ubuntu in /var/log/auth.log):
Mar 18 12:01:00 freyja sshd[26824]: Failed password for testuser from
192.168.0.128 port 40734 ssh2
Mar 18 12:01:23 freyja sshd[26854]: pam_ldap: error trying to bind as
user uid=testuser,ou=users,dc=geoinf,dc
is successfully.
But when it comes to a login via sshd, login fails with this error
(loged on Linux Ubuntu in /var/log/auth.log):
Mar 18 12:01:00 freyja sshd[26824]: Failed password for testuser from
192.168.0.128 port 40734 ssh2
Mar 18 12:01:23 freyja sshd[26854]: pam_ldap: error trying to bind
: error trying to bind as user
uid=testuser,ou=users,dc=geoinf,dc=freyja,dc=com (Confidentiality required)
Confidentiality required means that the server is refusing to authenticate
over a non-encrypted connection. Try switching pam_ldap to ldaps (in your
pam ldap.conf, either change your uri
] REPLACE_BASEReplace base BIND with this version | |
[ ] LARGE_FILE 64-bit file support | |
[X] SIGCHASEdig/host/nslookup will do DNSSEC validation | |
[X] IPV6IPv6 Support (autodetected by default) | |
[X] THREADS Compile with thread
Out of the clear, I can no longer start named from /etc/rc.d/named
start. The only error message that I get is in log/messages
Mar 7 17:13:59 unixmania named[99841]: starting BIND 9.4.-ESV-R4 -u
bind -4 -t /var/named -u bind
Mar 7 17:14:00 unixmania named[99841]: could not configure root hints
On Mon, Mar 07, 2011 at 05:34:40PM -0600, Edwin L. Culp W. wrote:
Out of the clear, I can no longer start named from /etc/rc.d/named
start. The only error message that I get is in log/messages
Mar 7 17:13:59 unixmania named[99841]: starting BIND 9.4.-ESV-R4 -u
bind -4 -t /var/named -u bind
7.2-RELEASE-p1-jc2
trying to make in /usr/ports/dns/bind97
distinfo shows bind-9.7.3.tar.gz
make options:
SSL
IDN
replace_base
sigchase
ipv6
threads
links
xml
exiting the options, an immediate stop:
make: don't know how to make
/usr/ports/dns/bind97/work/.build_done.bind97._usr_local. Stop
release.
Reply-To:
X-Organization: Thought Unlimited. Public service Unix since 1986.
X-Of_Interest: With 24 years of service to the Unix community.
Guys,
I need some feedback from those DNS wizards onlist. The trouble
I've been having has to do with bind/named
with this bind stuff it occurs how significant an
achievement it is to have a
service that automagically maps quad/dotted-decimals to actual words.
Sorry if this sounds disjoint; it is past time for a lollipop and a blanket
and a *nap*
gary
--
Gary Kline kl...@thought.org http
?
Everything I get in trouble with this bind stuff it occurs how significant an
achievement it is to have a
service that automagically maps quad/dotted-decimals to actual words.
Sorry if this sounds disjoint; it is past time for a lollipop and a blanket
and a *nap*
gary
--
Gary Kline
into the
hub/switch as well. [i think; it is hard for me to get down
and crawl around under the desk.] The server has been running named
since April, '01. I read DNS AND BIND to get things going; then in
late '07 serious network troubles and help from someone
as well. [i think; it is hard for me to get down
and crawl around under the desk.] The server has been running named
since April, '01. I read DNS AND BIND to get things going; then in
late '07 serious network troubles and help from someone in the Dallas
Ft-Worth
to remove bind9 and install whatever its follow up would be.
Since then, my kill9named script[s] and my restartnamed script[s] have
failed.
Can anyone save me from hours of tracking down whatever I have to to put
things right?
Everything I get in trouble with this bind stuff
CyberLeo Kitsana,
Thank you so much for the history and evolution on Bind expected
directory structures. It enabled me to jump through that tough spot.
Thanks again,
Matthew
On 10/01/2010 12:52 PM, Matthew wrote:
I would be grateful for any pointers on how to resolve this. I suspect
not be exactly descriptive of whats happening.
Kinda.
Here's a few points to keep in mind when working with bind in FreeBSD:
* By default, named runs in a chroot jail rooted at /var/named/.
* For security reasons, named cannot write to anything in that tree,
except the dynamic, slave
in mind when working with bind in FreeBSD:
* By default, named runs in a chroot jail rooted at /var/named/.
* For security reasons, named cannot write to anything in that tree,
except the dynamic, slave, and working directories.
* named uses its current working directory to resolve relative
basement for nearly a decade,
and like some on this email list, I also ran into trouble when
rebuilding my bind environment in a new server environment. (Server ran
out of space and my root partition was too small, so I decided to
rebuild the box, only to be reminded BIND is tricky to configure
On 10/01/2010 12:52 PM, Matthew wrote:
I would be grateful for any pointers on how to resolve this. I suspect
the error message may not be exactly descriptive of whats happening.
Kinda.
Here's a few points to keep in mind when working with bind in FreeBSD:
* By default, named runs
Hi folks,
I have Apache installed in a qjail named webserver (I.P. address
192.168.225.130) using the pkg_add -r apache22 command, but how do
you get Apache (or Bind, etc.) to automatically start upon boot?
I got the jail to start by adding qjail_enable=YES to hosts'
/etc/rc.conf and I also added
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/22/10 6:20 PM, Ed Flecko wrote:
Hi folks,
I have Apache installed in a qjail named webserver (I.P. address
192.168.225.130) using the pkg_add -r apache22 command, but how do
you get Apache (or Bind, etc.) to automatically start upon boot
Thanks Glen.
:-)
I'm not clear how I get the 'make config' to show the configuration
screen or the 'make install' to compile and install???
That might allow me to install Apache (with a limited number of
modules) like I want, but I don't understand what you're suggesting.
Also, do you know
On 7/22/10 6:51 PM, Ed Flecko wrote:
Thanks Glen.
:-)
I'm not clear how I get the 'make config' to show the configuration
screen or the 'make install' to compile and install???
Depending on what you've previously done in the www/apache22 directory,
a configuration may already exist. 'make
On 7/22/10 7:07 PM, Glen Barber wrote:
Also, do you know for sure that compiling from source and specifying
the install target (i.e., ./configure --prefix=/PathToJail
--enable-ssl...etc., etc., etc???) won't work?
It will work, sure, but make(1) and the port Makefile does this for you.
To
Oh, O.K., so I CAN just download the tarball (from
http://httpd.apache.org/), unpack and install it (just like any other
source install) and specify the jail as the target or did I
misinterpret you?
Sorry if I've missed your point!
:-)
Ed
___
On 7/22/10 7:19 PM, Ed Flecko wrote:
Oh, O.K., so I CAN just download the tarball (from
http://httpd.apache.org/), unpack and install it (just like any other
source install) and specify the jail as the target or did I
misinterpret you?
Do it from _inside_ the jail, not from the host.
in the default behavior of BIND over the
years? Because I don't think my named.conf has been changed, and this
used to work for any hosts.
I gather you didn't have that acl limiting queries to our-net before ..
and yes bind is always on the move, keeping ahead of the moving badguys.
cheers
or address-and-mask in BIND ACLs. See:
http://www.isc.org/files/arm96.html#address_match_lists
and
http://www.isc.org/files/arm96.html#id2553419
So, for example, I use this in my own BIND configuration:
acl public-nets {
127.0.0.1;
::1;
81.187.76.160/29;
81.187.220.164
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/07/2010 20:28:27, Chris Maness wrote:
Including the line:
acl public-nets { 127.0.0.1; ::1; }
^
You need a semi-colon here __|
for testing resulted in a failure to launch with the following
at the security section from that link:
http://www.isc.org/files/arm96.html#Bv9ARM.ch07
Here is what I added to my named.conf. I guess over time they have
increased the default security of BIND so that old files don't allow
recursion from outside hosts by default.
// Set up an ACL called our-nets
traffic in the Internet.
/*
forwarders {
127.0.0.1;
};
*/
/*
Modern versions of BIND use a random UDP port for each outgoing
query by default in order to dramatically reduce the possibility
of cache poisoning. All users
Ahhh, I see I need to add:
allow-query { any; };
to my authoritative zones.
Thanks it all works now.
Chris Maness
p.s. So was this a change in the default behavior of BIND over the
years? Because I don't think my named.conf has been changed, and this
used to work for any hosts
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/07/2010 22:29:46, Chris Maness wrote:
Ahhh, I see I need to add:
allow-query { any; };
to my authoritative zones.
Thanks it all works now.
Great.
p.s. So was this a change in the default behavior of BIND over the
years? Because I
, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the
Internet.
/*
forwarders {
127.0.0.1;
};
*/
/*
Modern versions of BIND use a random UDP port for each
outgoing
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the
Internet.
/*
forwarders {
127.0.0.1;
};
*/
/*
Modern versions of BIND use a random UDP port for each
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/07/2010 15:05:37, Chris Maness wrote:
Can a sub block of IP address space be used, and if so, what is the
wild card?
Yes. You can use lists of IPs or address-and-mask in BIND ACLs. See:
http://www.isc.org/files/arm96.html
;
};
*/
/*
Modern versions of BIND use a random UDP port for each outgoing
query by default in order to dramatically reduce the possibility
of cache poisoning. All users are strongly encouraged to utilize
this feature, and to configure their firewalls to accommodate
.
/*
forwarders {
127.0.0.1;
};
*/
/*
Modern versions of BIND use a random UDP port for each outgoing
query by default in order to dramatically reduce the possibility
of cache poisoning. All users are strongly encouraged to
utilize
the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
/*
forwarders {
127.0.0.1;
};
*/
/*
Modern versions of BIND use a random UDP port for each outgoing
query by default in order
uhm here's my named.conf (it's a bit lightwight) but it works...
// $FreeBSD: src/etc/namedb/named.conf,v 1.26.2.2.4.1 2009/04/15 03:14:26
kensmith Exp $
options {
directory/etc/namedb/namedwritable; //made dir writable to bind
user
pid-file/var/run/named/pid;
dump-file
1 - 100 of 861 matches
Mail list logo
