2012/3/1 Beavis
> Just want to piggy back on this topic is there any documentation
> available online that shows a deployment guideline for Anycast?
>
> -beavis
>
What about RFC 4786?
> On Wed, Feb 29, 2012 at 10:31 AM, Warren Kumari wrote:
> >
> > On Feb 29, 2012, at 11:00 AM, Todd Snyder wr
In message <1330508848.24108.140661042811...@webmail.messagingengine.com>, nudge
writes:
> A thought regarding the pros and cons of DNSSEC that I don't recall
> being mentioned.
There are a whole set of things you can do once you have secure
DNS. You just have to use your imagination. This one
> Just for clarification, do I understand correctly that if none of the
> empty zones described in RFC 6303 are set up explicitly in the bind 9.9.0
> configuration file, then bind 9.9.0 will process them as such anyway
> using built-in generic zone processing rules?
Yes. To expand a bit on Mark's
Just want to piggy back on this topic is there any documentation
available online that shows a deployment guideline for Anycast?
-beavis
On Wed, Feb 29, 2012 at 10:31 AM, Warren Kumari wrote:
>
> On Feb 29, 2012, at 11:00 AM, Todd Snyder wrote:
>
>> The reason I’ve heard a few times is that user
Mark Andrews writes:
>
> In message <7610864823c0d04d89342623a3adc9de2e339...@hopple.countryday.net>,
> "S
> pain, Dr. Jeffry A." writes:
> > >> Changing the second line ('@ 10800 IN NS @') to '@ 10800 IN NS localhost
> =
> > .' eliminates the errors.
> > > The built in empty zone processing is
In message <7610864823c0d04d89342623a3adc9de2e339...@hopple.countryday.net>, "S
pain, Dr. Jeffry A." writes:
> >> Changing the second line ('@ 10800 IN NS @') to '@ 10800 IN NS localhost=
> .' eliminates the errors.
> > The built in empty zone processing is aware of the special case of NS rec=
> o
In article ,
Darvin Denmian wrote:
> Hi,
>
> below the information you requested:
>
> ; <<>> DiG 9.7.3-P3 <<>> @ns1.domain.com.br spf_16416.domain.com.br +tcp TXT
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59810
NXDO
>> Changing the second line ('@ 10800 IN NS @') to '@ 10800 IN NS localhost.'
>> eliminates the errors.
> The built in empty zone processing is aware of the special case of NS records
> without address records. The generic zone processing rules treat this as a
> error condition.
Just for clari
In message <7610864823c0d04d89342623a3adc9de2e339...@hopple.countryday.net>, "Sp
ain, Dr. Jeffry A." writes:
> I reviewed RFC 6303, which recommends configuring a number of zones using a=
> n empty zone file as follows:
>
> @ 10800 IN SOA @ nobody.invalid. 1 3600 1200 604800 10800
> @ 10800 IN NS
I reviewed RFC 6303, which recommends configuring a number of zones using an
empty zone file as follows:
@ 10800 IN SOA @ nobody.invalid. 1 3600 1200 604800 10800
@ 10800 IN NS @
In bind 9.9.0 this results in errors for each zone referring to the empty zone
file as follows:
Feb 29 19:24:30 ns0s
Hi,
below the information you requested:
; <<>> DiG 9.7.3-P3 <<>> @ns1.domain.com.br spf_16416.domain.com.br +tcp TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59810
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDI
Actually, no, there isn't enough information in your reply to help you debug.
Please issue, from a machine not your DNS server:
$ dig @your-server-address +tcp domain.name TXT
A TXT record has a maximum length of around 64k per TXT record, and each part
of the text record can be 255 bytes, if m
Hi,
Graff, thanks for you reply...
As you can see below my server is accepting DNS connections:
ACCEPT udp -- anywhere anywhereudp dpt:domain
ACCEPT tcp -- anywhere anywheretcp dpt:domain
and the service is up and running:
# netstat -
In article ,
Darvin Denmian wrote:
> I'm asking this because one of the domains configured in my Bind
> server have more than 4k TXT entries and its zone file have more than
> 400KB.
Do you mean 4K TXT entries for a single name, or across all names in the
zone?
--
Barry Margolin
Arlington,
more than 4k will exceed the default settings for EDNS0 UDP responses.
If you dig @ your server, with +tcp, do you get a reply? If not, perhaps you
are not allowing TCP connections to port 53?
What error you are getting may be of help.
--Michael
On Feb 29, 2012, at 1:20 PM, Darvin Denmian wro
Hi
I would like to know if there is some limitation in Bind regard:
- Max number of TXT entries for a specific domain
or
- Max size of a zone file
I'm asking this because one of the domains configured in my Bind
server have more than 4k TXT entries and its zone file have more than
400K
Introduction
BIND 9.9.0 is the first production release of BIND 9.9.
This document summarizes changes from BIND 9.8 to BIND 9.9.
Please see the CHANGES file in the source code release for a
complete list of all changes.
Download
The latest versions of BIND 9 software can always b
Assuming this global configuration:
options {
directory "/var/named";
allow-recursion { any; };
allow-query { any; };
allow-query-cache { any; };
forwarders { 148.165.3.10; }; (our registered DNS in our DMZ)
forward only;
recursive-clients 2000;
zone-statistics yes;
};
Then when doing this:
zone "
On Feb 29, 2012, at 11:00 AM, Todd Snyder wrote:
> The reason I’ve heard a few times is that users are uncomfortable using only
> 1 address. In the past I’ve done 2 or 3 addresses just so that we can give
> out 3 addresses that all point to the same pool of servers.
>
> Silly, I know, but so
The reason I've heard a few times is that users are uncomfortable using only 1
address. In the past I've done 2 or 3 addresses just so that we can give out 3
addresses that all point to the same pool of servers.
Silly, I know, but sometimes it's easier to placate than to change
someone/groups
In article ,
Oliver Garraux wrote:
> On Wed, Feb 29, 2012 at 8:33 AM, takizo wrote:
> > Ju,
> >
> > What do you mean on more than one address?
> >
> > --
> > Paul Ooi
> >
> >
> >
> > On Feb 29, 2012, at 11:55 AM, ju wusuo wrote:
> >
> > Have seen some anycast DNS implementations using more than
On Wed, Feb 29, 2012 at 8:33 AM, takizo wrote:
> Ju,
>
> What do you mean on more than one address?
>
> --
> Paul Ooi
>
>
>
> On Feb 29, 2012, at 11:55 AM, ju wusuo wrote:
>
> Have seen some anycast DNS implementations using more than one address, some
> times even on the same subnet, any consider
Ju,
What do you mean on more than one address?
--
Paul Ooi
On Feb 29, 2012, at 11:55 AM, ju wusuo wrote:
> Have seen some anycast DNS implementations using more than one address, some
> times even on the same subnet, any considerations or reasons for doing that?
>
>
>
> _
A thought regarding the pros and cons of DNSSEC that I don't recall
being mentioned.
Was reverse-dns verification introduced in response to a lack of
confidence in forward-dns ? This can cause much frustration, especially
in smaller environments. If the implementation of DNSSEC allowed us to
avoid
24 matches
Mail list logo
