Dear All,
I have email,web and FTP server hosting on our in house with public ip on
Centos 6 on our own server. But email,web,ftp dns hosting with other third
party service provider. I have enough public ip to host dns server for our
own. So what are the requirements to host dns server and how to
Is there any reverse proxy software for dns , which can do load balance、cache
for dns service, just like squid for http service?___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bi
In message , Brad
Bendily writes:
> Doesn't succed all the way. so I assume somewhere up the chain, firewalls a=
> re either blocking=20
> EDNS, or fragmenting the packets?
> Any way for me to pinpoint the specific firewall?
> We are an agency, behind another agency.=20
> So I don't think it's ou
zone "rbl." {
allow-qery { };
};
In message
, Michael Grant writes:
>
> Thanks Mark and Tony. I like it.
>
> This works, but what if someone turned around and queried my dns server to
> use this rbl?
>
> One simple fix for this would be to use a bogus domain like .l
Thanks Mark and Tony. I like it.
This works, but what if someone turned around and queried my dns server to
use this rbl?
One simple fix for this would be to use a bogus domain like .local. or
maybe part of .localhost.
rbl.local. DNAME 1234-1234-1234.some-rbl.com.
Michael Grant
On Thu, Jan
Doesn't succed all the way. so I assume somewhere up the chain, firewalls are
either blocking
EDNS, or fragmenting the packets?
Any way for me to pinpoint the specific firewall?
We are an agency, behind another agency.
So I don't think it's our immediate hop, but was hoping I could point directl
Ensure your firewall passes fragmented UDP packets.
dig +trace +all +dnssec www.nhc.noaa.gov
should succeed. You will notice that the responses are large.
Mark
; <<>> DiG 9.11.0pre-alpha <<>> +trace +all +dnssec www.nhc.noaa.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- o
In message , "Cuttler, Brian (HEALTH)" writes:
> Good question. Yes, as far as I can determine.
>
> # ps -ef | grep named
> Named 295341 0 10:27 ?00:00:00 /usr/sbin/named -u named
>
> Do I need to set some startup script action as well as the current config and
> directory pr
Firstly allow-query on a static stub does nothing. The parser
allows it because it has to allow every possible combination and
we missed blocking this at the post parse stage. The cache only
has one acl.
You should be a master for 31-24.2.1.10.in-addr.arpa and a slave
for 2.1.10.in-addr.arpa.
So, for a while we have had issues with resolving www.nhc.noaa.gov.
In the past, a full restart of named fixed it for some amount of time.
Last week I updated our named to 9.9.6-P1, so I assumed whatever the problem
was would be resolved by this update. Apparently not.
As you can see from the d
Good question. Yes, as far as I can determine.
# ps -ef | grep named
Named 295341 0 10:27 ?00:00:00 /usr/sbin/named -u named
Do I need to set some startup script action as well as the current config and
directory protections?
-Original Message-
From: Tony Finch [mail
Jeff Sadowski wrote:
> Is there a way to setup bind to use an external filtering script to
> filter out requests?
Have you read the ARM's section on dynamic update policies? The built-in
facilities are quite flexible, and there is also an "external" policy
which you can implement yourself.
http
Cuttler, Brian (HEALTH) wrote:
> Error: db.dynamic.jnl: create: permission denied
Is named actually running as user/group named?
Tony.
--
f.anthony.n.finchhttp://dotat.at/
East Dogger, Fisher, German Bight: Westerly or southwesterly 5 to 7,
occasionally gale 8 at first except in Fish
Is there a way to setup bind to use an external filtering script to
filter out requests?
example1: Say I have a cisco dhcp server and some windows clients and
some other clients.
Further lets say I have two domains on my dhcp scope.
WinCli1 is on ad.abc.org
WinCli2 is on ad.xyz.org
Printer1 gets
Matus UHLAR - fantomas writes:
>>I am trying to setup a nameserver which:
>>
>>a) allows recursive queries from certain clients only, but
>>
>>b) provides responses for a static-stub zone (which is used to return
>> PTR records for an RFC2317 setup)
>>
>>Although I have set 'allow-query { any;
Alan, Tony, Rod,
I know I tested the daemon allowing it to create the jnl file, but I have
removed it and much to my surprise the zone loaded.
I removed the trailing dot, syntax now matches my other zones, though the
example I'd followed had stated it was necessary (I had not understood why) I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Other people have taken on the question in the Subject: line, so I'll
go off on a different tact and request that you remove the line:
> query-source address * port 53;
from your configuration, and if it part of a distribution's
named.conf, conside
Your zone statement should be
zone "dynamic.wadsworth.org" in {
without the trailing dot (you had "dynamic.wadsworth.org." as the zone).
--
Rod Eldridge
Network Infrastructure, Authentication, & Directory Services Team
Mac OS X Development Team
IT Services, Iowa State University of Science and
Cuttler, Brian (HEALTH) wrote:
>
> I simply do not see where the error is.
You have an empty journal file and named-checkzone is complaining about
not being able to process it. Try removing the journal and see if it
works. The journal should be created as necessary.
Tony.
--
f.anthony.n.finch
On 28.01.15 18:39, Enrico Scholz wrote:
I am trying to setup a nameserver which:
a) allows recursive queries from certain clients only, but
b) provides responses for a static-stub zone (which is used to return
PTR records for an RFC2317 setup)
Although I have set 'allow-query { any; };' in t
Bind users list,
I am having problems with dynamic DNS config. It 'looks' simple enough
but I'm unable to load the dynamic zone.
I have stripped down my config, checked the protections on the data
directory and on the data files.
I simply do not see where the error is.
I have included info on
The other thing is, you mention having tried and failed (agreed that isn't a
bad thing, we've all failed countless times and it's how we learn)...how have
you failed?
What I think you'll find is you have a list (many lists and other resources
really) of mentors. BIND much like many other Inter
First of all, why you want to run a full featured DNS server such as BIND9 at
your home?
Do you want to make some special things? Do you want to publish a zone on the
Internet? Do you have a DNS name acquired from your country registration
authority?
Cheers,
Sent from my iPhone
On Jan 29, 20
Hi,
I am trying to setup a nameserver which:
a) allows recursive queries from certain clients only, but
b) provides responses for a static-stub zone (which is used to return
PTR records for an RFC2317 setup)
Although I have set 'allow-query { any; };' in the static-stub zone, I
get a REFUSE
On Thu, Jan 29, 2015 at 8:51 AM, STEPHEN EYRE wrote:
>
> Dear All
>
> For the past 3 or 4 years on and off I have been trying to set up a name
> server on an old machine at home. Each time I have failed which isnt a bad
> thing as I have used each failure to do more research and gain more knowle
Dear All
For the past 3 or 4 years on and off I have been trying to set up a name server
on an old machine at home. Each time I have failed which isnt a bad thing as I
have used each failure to do more research and gain more knowledge.
I think the time is nigh to see if there is someone out the
26 matches
Mail list logo
