about allow-transfer

hello, I have two bind-9.6 (one master one slave) for product application. how to set allow-transfer in master's named.conf? shall it be: allow-transfer { none; }; or: allow-transfer { all; }; thanks. Regards. ___ bind-users mailing list bind-users

Re: Regexp to match RR's

On Apr 8, 2009, at 5:59 PM, Jonathan Petersson wrote: On Apr 8, 2009, at 3:21 PM, Kevin Darcy wrote: I'm not a big fan of allowing users to enter Resource Records verbatim. Most users aren't that sophisticated, or, if they are, they can do their nsupdates directly, if they have been given acc

RE: IP redirection

> Original Message > Subject: IP redirection > From: "Mohammed Ejaz" > Date: Wed, April 08, 2009 7:03 am > To: > > > Dear all, > > > > It can be done through the bind, Let say if any one trying to browse a > website by the IP address then DNS redirect him to the domain

Re: Regexp to match RR's

Chris Buxton wrote: On Apr 8, 2009, at 3:09 PM, Kevin Darcy wrote: Jonathan Petersson wrote: Hi all, I got some time over so I decide to hack a bit on a DNS management tool for my home-server. I'm curious as to wether someone knows of a list of regexps that can be used to match RR's. I'm not

Re: Regexp to match RR's

> On Apr 8, 2009, at 3:21 PM, Kevin Darcy wrote: >> >> I'm not a big fan of allowing users to enter Resource Records verbatim. >> Most users aren't that sophisticated, or, if they are, they can do their >> nsupdates directly, if they have been given access to the relevant TSIG key >> (how's that fo

Re: Regexp to match RR's

On Apr 8, 2009, at 3:09 PM, Kevin Darcy wrote: Jonathan Petersson wrote: Hi all, I got some time over so I decide to hack a bit on a DNS management tool for my home-server. I'm curious as to wether someone knows of a list of regexps that can be used to match RR's. I'm not sure why a DNS manag

Windows servers triying to update my zone

Thanks for your responses, I just want to fix the problem betwen the Windows DNS servers and my Bind on FreeBSD, and delete the messages but whitout permit updates my DNS zone. Thanks for your time & best regards, joans4nz. ___ bind-users mailing list

Re: Regexp to match RR's

True, input validation should be done as early as possible, in fact, I'd say it's best to validate the data before it's even assembled into a form that I would even call a "Resource Record". The Resource Records should probably be an (sanity-checked and validated) extract of some other sort of

Re: Regexp to match RR's

I think you've valid points in this, the stuff I'm coding on is using dynamic updates, right now I'm mainly looking at the regexp stuff to validate user input via a web-ui. Surely when using dynamic updates you will have an error thrown at you if you give incorrect input but I believe it would be a

Re: Regexp to match RR's

Jonathan Petersson wrote: Hi all, I got some time over so I decide to hack a bit on a DNS management tool for my home-server. I'm curious as to wether someone knows of a list of regexps that can be used to match RR's. I'm not sure why a DNS management tool would be in the business of "match

Re: Strange DNS Resolution Issues

In article , Revital Gorsht wrote: > I'm not sure how to check this. Some other ones that were failing: > cisco.com, hotmail.com. dig www.cisco.com ;; ANSWER SECTION: www.cisco.com.1377 IN CNAME www.cisco.com.akadns.net. www.cisco.com.akadns.net. 32 IN CNAME origin-www.cisco.com. orig

Re: Strange DNS Resolution Issues

I'm not sure how to check this. Some other ones that were failing: cisco.com, hotmail.com. But, if the problem was external, all of our servers (and others around the world) would've been unable to resolve these sites, no? As I mentioned, only two were failing while the rest were resolving p

Re: Strange DNS Resolution Issues

In article , Revital Gorsht wrote: > A few weeks ago, two of several internal DNS servers were suddenly unable > to resolve some external sites (eg microsoft.com, yahoo.com), while all > internal and other external sites (eg google.com) were resolving fine. > Since we couldn't pinpoint the ca

Re: Using TCP for checking

In article , Ben Croswell wrote: > My one caution on this would be you may run into false negatives with TCP if > people have misconfigured firewalls. > It's surprising the number of people out there that believe TCP is only for > xfers. You'll also run into it for any domains hosted by Akamai.

Re: Trouble configuring forwarders for reverse zones.

You would create a /16 or /24 parent zone. For example, you could use a zone named 1.1.10.in-addr.arpa. From that zone, you would delegate the /28 reverse zone using a syntax along these lines: 0/28.1.1.10.in-addr.arpa. NS 1.other.name.server. 0/28.1.1.10.in-addr.arpa. NS

Re: IP redirection

On Apr 8, 2009, at 7:03 AM, Mohammed Ejaz wrote: Dear all, It can be done through the bind, Let say if any one trying to browse a website by the IP address then DNS redirect him to the domain Eg: http:///1.2.3.4 it should be redirected to http://abc.com No, this has to be done at the HTT

Re: Trouble configuring forwarders for reverse zones.

On Apr 8, 2009, at 3:00 AM, M-lists wrote: One further thing, I'll be moving things around on our network soon, and this means we'll have a classless subnet soon. So if we moved one of our Windows subnets to 10.1.1.0/24, how would I forward reverse queries for this subnet to say 10.1.1.1?

IP redirection

Dear all, It can be done through the bind, Let say if any one trying to browse a website by the IP address then DNS redirect him to the domain Eg: http:///1.2.3.4 it should be redirected to http://abc.com Regards Ejaz _

Re: ADDITIONAL Section Contains Wrong Data

In message <3d0aa5df-c7ce-4f43-ab30-bbf97f220...@roadrunner.com>, Merton Campbell Crockett writes: > Under what conditions would a response to a DNS query return a correct > answer but have the AUTHORITY and ADDITIONAL sections the names and > addresses of the gTLD root servers? If t

Re: Bind for Windows - supports IPv6 or not?

In message <1239192081.6817.16.ca...@karl>, Karl Auer writes: > Hi there. > > I want to work around the "XP won't use IPv6 as a DNS transport" issue. > So I downloaded the latest precompiled BIND (9.6.0-P1) for Windows from > the ISC site, and read the following in the "readme first" file: > > "

Re: Bind for Windows - supports IPv6 or not?

Karl Auer wrote: > Hi there. > > I want to work around the "XP won't use IPv6 as a DNS transport" issue. > So I downloaded the latest precompiled BIND (9.6.0-P1) for Windows from > the ISC site, and read the following in the "readme first" file: > > "This is a release of BIND 9.5 for Window 2000/

ADDITIONAL Section Contains Wrong Data

Under what conditions would a response to a DNS query return a correct answer but have the AUTHORITY and ADDITIONAL sections the names and addresses of the gTLD root servers? I would have expected to see the domain names and addresses of the UltraDNS name servers as they are the Registrar f

Bind for Windows - supports IPv6 or not?

Hi there. I want to work around the "XP won't use IPv6 as a DNS transport" issue. So I downloaded the latest precompiled BIND (9.6.0-P1) for Windows from the ISC site, and read the following in the "readme first" file: "This is a release of BIND 9.5 for Window 2000/XP/2003. Only IPv4 stacks are s

Re: 53/TCP port unresponsive

In message <7caf9cc3b3625c46adb0a816877f5916f89...@a1dal1swpes16mb.ams.acs-inc.net>, "Deslatte, Curtis" writes: > This problem is very very similar to the one I posted a couple of months > ago on the list. > > Since then I have found that the couple of servers where this was > frequently occurr

RE: Trouble configuring forwarders for reverse zones.

Thanks Chris. I had actually tried that, but it turned out Windows wasn't answering reverse queries properly so I didn't notice when I had got it right. Once your post pointed out that was the way to go, I got Wireshark on it and quickly noticed Windows was also at fault. One further thing, I'll

RE: 53/TCP port unresponsive

This problem is very very similar to the one I posted a couple of months ago on the list. Since then I have found that the couple of servers where this was frequently occurring, were misconfigured. (I admit it, NOT proudly though; I'm only "proud" anymore on Saturday afternoons, once I've caught