William E. W. Russell wrote:
All,
Attached are our named.conf's and zone files for both our main domain and
subdomain machines.
Both main domain and subdomain nameserver are running BIND 9.2.
We followed the configuration specified in the following link:
http://www.zytrax.com/books/dns/ch9/sub
--- On Thu, 12/4/08, Kevin Darcy <[EMAIL PROTECTED]> wrote:
> From: Kevin Darcy <[EMAIL PROTECTED]>
> Subject: Re: check Availability before sending response
> To: [EMAIL PROTECTED]
> Date: Thursday, December 4, 2008, 9:36 AM
> Ken DBA wrote:
> > Hello,
> >
> > Is there any way to make Bind check
For bureaucratic reasons I can not multi-home the slave name server;
however, I can multi-home the master name server.
I understand from reading the 'DNS for Rocket Scientist' that when
using a 'view' statement to setup a split DNS to control visibility
that the slave servers for each zone will be
On Dec 3, 6:26 pm, Mark Andrews <[EMAIL PROTECTED]> wrote:
> If it is a forged packet it should be dropped regardless of the setting
> of RD.
True, however not something that's easily determined from a distance.
Ideally ingress filtering would render this a non-issue, however
there obviously hole
Ken DBA wrote:
Hello,
Is there any way to make Bind check the server's availability before send back
responses to clients?
ie, given the domain name www.site.com was pointed to 1.1.1.1 and 2.2.2.2 in
Bind.
When a client query for www.site.com, Bind will check the health status for
these two
Not really. The "server" statement modifies how named talks to other
nameservers, it doesn't affect what addresses are listened on.
- Kevin
Jonathan Petersson wrote:
Shouldn't the "server" st
Hello,
We leverage rsync: http://samba.anu.edu.au/rsync/ over scp (copy only
those files changed automagically over SSH), perl, and cron.
Basically, a config DNS server super-master where you do all your changes and
test them.
This super-master rsync's to several over DNS servers (say X servers
By popular demand, here is the perl script I used:
#!/usr/bin/perl
print "reloading BIND...\n";
system "rndc reload";
print "copying db files to ns2...\n";
$a = `/bin/ping -c 1 ns2`;
if ($a =~ /64 bytes/) {
system "sudo -u named scp -B /var/named/var/named/db.zone1
/var/named/var/
better to use an ftps then an sftp.
use
vsftpd with SSL compile option
GNU lftp
lftp is really simple and can be configured to bypass RSA CA verify sso to
allow selfsigned and many other settings.
The difference is that if you lose RSA keys or in all cases, using the RSA
keys to allow SCP, yo
In message <[EMAIL PROTECTED]>,
pollex writes:
> Hi Jinmei I have followed your advice and I have installed and
> compiled the Bind 9.3.6 with the following command:
> STD_CDEFINES="-ISC_SOCKET_FDSETSIZE=4096" ./configure --prefix=/usr/
> local/bind9.3.6 --enable-threads
> But now I have the foll
In message <[EMAIL PROTECTED]
t>, Alberto Colosi/SI/RM/GSI/it writes:
> why not? beter handled by isc and done in a clean way then 1.000.000 of
> dirty ways as these ;)
Please go read RFC 5358. No where in there does it say to
drop responses. If we though that dropping queries
why not? beter handled by isc and done in a clean way then 1.000.000 of
dirty ways as these ;)
---
Alberto Colosi
IBM Global Business Services
Sistemi Informativi S.P.A.
IT NetWork & Security Department
*-* *-* *-*
SECURITY IS EVERYONE'S BUSINESS
Member of
IBM Inform
One needs to be really, really careful here. There are lots of
unverifiable assumptions in the OP query. Also rd being set my
just be the result of someone testing with a tool which sets rd by
default.
Going silent on a query reponses protocol is not a good idea. There
are already too many fir
3DNSs sold because this is a messy function, that needs to know details
of whichever application protocol
your setup uses. I would think someone has developed an open-source
bind add-on to do it, but I don't
know any off-hand.
Given a specific simple situation and specific server failure modes
What we used to do is we had 2 masters. After an update was done on one of
them, we ran a perl script that would scp the db files to the other and then
send rndc reload to itself and the other master. That way both were always
up to date. It seems like if you had one master and one slave at each
da
Shouldn't the "server" statement in options/view do the trick?
/Jonathan
On Wed, Dec 3, 2008 at 12:04 PM, Todd Snyder <[EMAIL PROTECTED]> wrote:
> Try the "listen-on" directive.
>
> Read more here:
>
> http://books.google.com.hk/books?id=zkZN52WhG8sC&printsec=frontcover&dq=
> dns&ei=dA-3SJ7XEaWi
Try the "listen-on" directive.
Read more here:
http://books.google.com.hk/books?id=zkZN52WhG8sC&printsec=frontcover&dq=
dns&ei=dA-3SJ7XEaWijgG7v4Qw&hl=en&sig=ACfU3U3PDWVTG3zFFj5QkZbfz5ZSy7i84Q
#PPA270,M1
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of J
At Tue, 2 Dec 2008 05:17:17 -0800 (PST),
pollex <[EMAIL PROTECTED]> wrote:
> Hi Jinmei I have followed your advice and I have installed and
> compiled the Bind 9.3.6 with the following command:
> STD_CDEFINES="-ISC_SOCKET_FDSETSIZE=4096" ./configure --prefix=/usr/
> local/bind9.3.6 --enable-thread
In article <[EMAIL PROTECTED]>,
Stephane Bortzmeyer <[EMAIL PROTECTED]> wrote:
> On Wed, Dec 03, 2008 at 10:53:43PM +0800,
> Ken DBA <[EMAIL PROTECTED]> wrote
> a message of 21 lines which said:
>
> > ie, given the domain name www.site.com was pointed to 1.1.1.1 and
> > 2.2.2.2 in Bind. When
I have two different IP addresses coming into my server. I need to
guarantee that ISC BIND only monitors and replies to requests coming
from one of the two IP addresses. I can't seem to find a configuration
parameter that tells the server which IP address to listen on. How do I
configure that
Hi
I don't think there's a clean way to modify the zone of a slave. The only way
to do this is stopping the service (or freezing the zone, if possible), modify
the zonefile by hand (since it's a flat file) and start the service up again.
Since all the slaves replicate only from the master, you'
On Fri, 2008-11-21 at 21:10 -0800, [EMAIL PROTECTED] wrote:
> Hello. I have two geographically different datacenters. Each
> datacenter has two instances of BIND.
>
> There is one master out of these four. The zones will have multiple
> "A" records (pointing to the two datacenters to provide so
That ought to work, and work well.
This will not impact outside name servers that query your name server,
because they send iterative queries. If they're sending recursive
queries, they're abusing your server. I can't see any problems with this
approach.
If you have authoritative data in the thir
It appears the data has been changed since you posted this.
www.baihui.com. 600 IN CNAME baihui.com.
baihui.com. 600 IN A 123.125.18.36
The problem you were having might have been caused by caching. I don't
offhand see any other explanation.
Chris Bu
> Subject: FW: Pls help me for bind9
> Date: Fri, 21 Nov 2008 10:25:49 +0800
> From: "Sun, Rui \(IT Operation Director\)" <[EMAIL PROTECTED]>
> To:
>
> Hi dear
>
> Pls help me for bind9
What problem are you having?
What does your named.conf look like? your zone files?
(Please include
On Wed, Dec 03, 2008 at 10:53:43PM +0800,
Ken DBA <[EMAIL PROTECTED]> wrote
a message of 21 lines which said:
> ie, given the domain name www.site.com was pointed to 1.1.1.1 and
> 2.2.2.2 in Bind. When a client query for www.site.com, Bind will
> check the health status for these two servers.
Hello,
Is there any way to make Bind check the server's availability before send back
responses to clients?
ie, given the domain name www.site.com was pointed to 1.1.1.1 and 2.2.2.2 in
Bind.
When a client query for www.site.com, Bind will check the health status for
these two servers. If one i
In article <[EMAIL PROTECTED]>,
Mark Andrews <[EMAIL PROTECTED]> wrote:
> Disk i/o is just glacially slow when compared to network
> i/o. To get disk logging up to network speeds you need to
> throw away a lots of it.
Which suggests that having filtering built into the logging
Due to "technical difficulties", a number of messages were being held in
the moderation queue. These postings have now been cleared out (some
may be duplicates, for which I apologize).
We are still working out a couple of minor kinks in the move to the new
mailing list system.
Thanks for your un
On 20 nov, 17:09, JINMEI Tatuya / 神明達哉 <[EMAIL PROTECTED]> wrote:
> At Thu, 20 Nov 2008 04:30:00 -0800 (PST),
>
> pollex <[EMAIL PROTECTED]> wrote:
> > > "9.3.4-P1.1" still seems to be a Debian specific version, but if this
> > > is featurewise equivalent to 9.3.5-P1, you should at least upgrade to
> Date: Wed, 26 Nov 2008 21:09:53 +0100 (CET)
> To: [EMAIL PROTECTED]
> Subject: Re: rfc1918 ns records coming from internet are queried?
> From: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
>
> > > A border router knows what is "inside" and "outside" your network, while
> > > a DNS server does not.
Hi, we have installed BIND 9.3.6 and we can't start it with this
feature...
In the other version (bind 9.3.5) we had to add this lines:
/etc/default/bind9
OPTIONS="-u bind -n 8 -t /var/lib/named -c /etc/bind/named.conf"
/etc/init.d/bind9
mount --bind /proc/ /var/lib/named/proc/ -o ro
But now sinc
In article <[EMAIL PROTECTED]>,
David Sparks <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> >>> A border router knows what is "inside" and "outside" your network, while
> >>> a DNS server does not. Important difference.
> >> You're missing the point. This is not about inside and outside
Greetings:
SIP (NAPTR and ENUM) uses a DNS like structure. Does BIND support
these data types? Are there any references?
Regards,
Gregory Hicks
-
Gregory Hicks | Principal Systems Engineer
At Fri, 7 Nov 2008 07:18:27 -0800 (PST),
paulpsmith <[EMAIL PROTECTED]> wrote:
> I'm fairly new to BIND, but have a pretty good understanding of DNS
> and other protocols. I have been trying to make something work for
> about a week now and can't figure it out. Is it possible to have a
> cache onl
Hello. I have two geographically different datacenters. Each
datacenter has two instances of BIND.
There is one master out of these four. The zones will have multiple
"A" records (pointing to the two datacenters to provide some minimal
amount of redundancy and load balancing)
What I want to do
Our DNS server occasionally get requests for recursion with forged src
addresses.
Currently our server returns "Standard query response, Refused" since
our named.conf
only allows recursion for our internal machines. This, of course,
results in the poor
machine whose address was forged receiving sp
"Scott Haneda" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Before I go out on a limb, I wanted to ask those who know more about
> this than I do. I added a zone change to my primary server, in this
> case, setting the TTL's pretty low, as things were going to move
> around a bit
On 20 nov, 17:09, JINMEI Tatuya / 神明達哉 <[EMAIL PROTECTED]> wrote:
> At Thu, 20 Nov 2008 04:30:00 -0800 (PST),
>
> pollex <[EMAIL PROTECTED]> wrote:
> > > "9.3.4-P1.1" still seems to be a Debian specific version, but if this
> > > is featurewise equivalent to 9.3.5-P1, you should at least upgrade to
Hi dear
Pls help me for bind9
孙睿 / Rui Sun
-Original Message-
From: Sue Graves [mailto:[EMAIL PROTECTED]
Sent: Friday, November 21, 2008 12:48 AM
To: Sun, Rui (IT Operation Director)
Cc: [EMAIL PROTECTED]
Subject: Re: Pls help me for bind9
As BIND is Open Source softwa
At Mon, 24 Nov 2008 11:31:05 +0200,
Daniel Dawalibi <[EMAIL PROTECTED]> wrote:
> We are using Solaris SunOS 5.9 with BIND 9.3.2-P2 that is running properly.
> When we tried to install the other versions of BIND such BIND 9.5.0-P2 and
> BIND 9.4.2-P1, we faced a lot of resolving problems with "Ser
In article <[EMAIL PROTECTED]>, Pavel Urban <[EMAIL PROTECTED]>
wrote:
> Hello,
>
> I have two local domains on our 9.3.4 BIND. One domain has CNAME record
> pointing to the record in the second one. The server has recursion disabled.
>
> What is an expected behavior? I can see this:
>
> www.
Using the same .xls page to format as I did with 9.5.1b1, some of the
sections don't have data. Something was altered between these two
versions, but the release notes say NOTHING about any change to the
statistics web server feature.
I found these affected statistics:
- server/nsstats/*- ren
All,
Attached are our named.conf's and zone files for both our main domain and
subdomain machines.
Both main domain and subdomain nameserver are running BIND 9.2.
We followed the configuration specified in the following link:
http://www.zytrax.com/books/dns/ch9/subdomain.html
We are able to res
Hi
We are using Solaris SunOS 5.9 with BIND 9.3.2-P2 that is running properly.
When we tried to install the other versions of BIND such BIND 9.5.0-P2 and BIND
9.4.2-P1, we faced a lot of resolving problems with "Server Failed" message.
Regards,
Daniel
-Original Message-
From: JINMEI T
Serge Fonville wrote:
> Hi,
>
> I am running Windows Vista x64 and would like to set up an x64 build of BIND
> Perhaps partly misplaced, but I seem to have a hard time collecting all
> the required tools to build the x64 build,
> Perhaps the open source community isn't there yet to build x64 Wind
On Tue, 2008-12-02 at 23:32 -0800, Gregory Hicks wrote:
> SIP (NAPTR and ENUM) uses a DNS like structure.
You put that so compactly that people may be confused.
SIP uses URLs, sometimes truncate to "SIP addresses".
ENUM is a system for advertisement and discovery of the
47 matches
Mail list logo
