In message <519b9008.7040...@chrysler.com>, Kevin Darcy writes:
>
> Ugh, I'm trying _really_ hard not to be an annoying nitpicker (yeah, I
> know, try harder :-), but...
>
> The relevant verbiage of RFC 6762 is:
>
> Caching DNS servers SHOULD recognize these names as special and
> SHOU
The rule of thumb is: BIND instances need access to a root zone. Either
a) you forward for it, or
b) you are authoritative (master or slave) for it, or
c) you're set up as a "stub" for it,
d) you prime it via the contents of an explicitly-configured "hints"
zone, or
e) you use the compiled-in In
Ugh, I'm trying _really_ hard not to be an annoying nitpicker (yeah, I
know, try harder :-), but...
The relevant verbiage of RFC 6762 is:
Caching DNS servers SHOULD recognize these names as special and
SHOULD NOT attempt to look up NS records for them, or otherwise
query authoritative
In message <20130521140821.gb11...@h.detebe.org>, "Elmar K. Bins" writes:
> Re Mark,
>
> > > Oh, I forgot to mention that all master zones have "notify explicit;" set.
> > > (Is there a global setting for that?)
> >
> > What about the slave zones? They also send notify messages.
>
> Which slav
Re Mark,
> > Oh, I forgot to mention that all master zones have "notify explicit;" set.
> > (Is there a global setting for that?)
>
> What about the slave zones? They also send notify messages.
Which slave zones? This server is auth-only, master-only. That's it.
No slaves, no recursion, no look
In message <20130521134214.ga11...@h.detebe.org>, "Elmar K. Bins" writes:
> Re Mark,
>
> thanks for your answer (and good morning!),
>
> ma...@isc.org (Mark Andrews) wrote:
>
>
> > > Recursion is off, and the root hints file has been removed from the local
> > > zone config. No effect.
> >
>
Re Mark,
thanks for your answer (and good morning!),
ma...@isc.org (Mark Andrews) wrote:
> > Recursion is off, and the root hints file has been removed from the local
> > zone config. No effect.
>
> Authoritative nameservers still need to lookup address of nameservers
> to send NOTIFY messages
In message <20130521085732.gh23...@h.detebe.org>, "Elmar K. Bins" writes:
> ... these annoying root lookups:
> error (host unreachable) resolving './DNSKEY/IN': 192.112.36.4#53
> error (host unreachable) resolving './NS/IN': 192.36.148.17#53
> ...
>
>
> Hi guys,
>
> I guess a few of you have se
In message <2013052109.ga18...@fantomas.sk>, Matus UHLAR - fantomas writes:
> >> On 21.05.13 11:03, Mark Andrews wrote:
> >> > The simplest solution is to slave the root zone and
> >> > turn off notify to so you don't spam the official
> >> > root servers. 192.5.5.241 is f.root-servers.net
Re Bryan,
bryanlhar...@me.com (Bryan Harris) wrote:
>> Recursion is off, and the root hints file has been removed from the local
>> zone config. No effect.
>
> Do you have a line like this? Hope it helps.
> allow-recursion { none; };
Would that help more than options { recursion no; } ?
Any
On May 21, 2013, at 03:57 AM, "Elmar K. Bins" wrote: Recursion is off, and the root hints file has been removed from the local zone config. No effect. Do you have a line like this? Hope it helps.allow-recursion { none; };Bryan
___
Please visit https:/
On 2013-05-21 04:57, Elmar K. Bins wrote:
... these annoying root lookups:
error (host unreachable) resolving './DNSKEY/IN': 192.112.36.4#53
error (host unreachable) resolving './NS/IN': 192.36.148.17#53
...
Hi guys,
I guess a few of you have seen and mitigated this before. We're
running
a fe
On 21.05.13 11:03, Mark Andrews wrote:
>The simplest solution is to slave the root zone and
>turn off notify to so you don't spam the official
>root servers. 192.5.5.241 is f.root-servers.net.
In message <20130521072352.ga17...@fantomas.sk>, Matus UHLAR - fantomas writes:
I though
... these annoying root lookups:
error (host unreachable) resolving './DNSKEY/IN': 192.112.36.4#53
error (host unreachable) resolving './NS/IN': 192.36.148.17#53
...
Hi guys,
I guess a few of you have seen and mitigated this before. We're running
a few BIND server strictly internally - for maste
On 05/21/2013 09:28 AM, Doug Barton wrote:
...which IIRC some configs for root-slaving (FreeBSD?) use by default.
It's not used by default, but it is in the config, commented out.
Ah, faulty RAM on my part ;o)
___
Please visit https://lists.isc.org
On 05/21/2013 12:39 AM, Phil Mayers wrote:
On 05/21/2013 08:23 AM, Matus UHLAR - fantomas wrote:
On 21.05.13 11:03, Mark Andrews wrote:
The simplest solution is to slave the root zone and
turn off notify to so you don't spam the official
root servers. 192.5.5.241 is f.root-servers.
In message <20130521072352.ga17...@fantomas.sk>, Matus UHLAR - fantomas writes:
> On 21.05.13 11:03, Mark Andrews wrote:
> > The simplest solution is to slave the root zone and
> > turn off notify to so you don't spam the official
> > root servers. 192.5.5.241 is f.root-servers.net.
>
On 05/21/2013 08:39 AM, Phil Mayers wrote:
ICANN run a specifc AXFR service for various infrastructure zones:
http://dns.icann.org/services/axfr/
...which IIRC some configs for root-slaving (FreeBSD?) use by default.
I should probably add that, AFAICT, opinion about the value of slaving
".
On 05/21/2013 08:23 AM, Matus UHLAR - fantomas wrote:
On 21.05.13 11:03, Mark Andrews wrote:
The simplest solution is to slave the root zone and
turn off notify to so you don't spam the official
root servers. 192.5.5.241 is f.root-servers.net.
zone "." IN {
type slave;
On 21.05.13 11:03, Mark Andrews wrote:
The simplest solution is to slave the root zone and
turn off notify to so you don't spam the official
root servers. 192.5.5.241 is f.root-servers.net.
zone "." IN {
type slave;
file "slave/root";
masters { 192.5
20 matches
Mail list logo
