How is DNS organized for the national VPN? Is someone running root nameservers?
A "private" version of the .cu namespace, that the rest of us can't see,
perhaps?
If you're trying to build this from scratch, then you can start by setting up
your own root zone. But I suspect there's something alr
I do not have access to Internet in my case, only have access to a national VPN,
As I can disable the zone "."
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
As I can avoid that the DNS try to get connect
The warning is issued either way (with or without recursion specified). But
I see the logic in not needing it if recursion is set to no.
Thanks again,
Bob
On Wed, Aug 26, 2015 at 5:45 AM, Tony Finch wrote:
> Bob McDonald wrote:
> >
> > I'd still include the hint zone (as I'm partial to not ha
Bob McDonald wrote:
>
> I'd still include the hint zone (as I'm partial to not having unnecessary
> warnings on startup).
The "recursion no" directive means you shouldn't have a hint zone in that
view. (I don't know if it will complain about the inconsistency.)
> Also a lot of folks use localhos
one problem is that you need to change your whole configuration if you
don't need views because dedicated servers for external and internal DNS
allow-chaos {localhost; localnets;} defaulting to 127.0.0.1 as global
option would be helpful
BTW: what i don't understand is why "status: NOERROR" i
That's brilliant! Thanks.
I'd still include the hint zone (as I'm partial to not having unnecessary
warnings on startup).
Also a lot of folks use localhost and/or localnets in DNS configuration.
Just from a security standpoint, I prefer to be more specific. localhost
and/or localnets can be much
Hi, Robert.
As I understand, something is calling rndc on your localhost. So you may
try (untested by me):
Find rndc binary,
mv rndc rndc.ORIG
Replace rndc with script which will execute something like
ps fax >> /tmp/rndc.log
then exec rndc.ORIG with the same arguments.
Then you will see who i
Bob McDonald wrote:
> To further lock this information down I would suggest adding the
> following view statements to any internet facing DNS device configuration:
>
> view "outsiders" chaos {
> match-clients { !127.0.0.1; !your-inside--nets; any; };
> allow-query { none; };
> # w
Bind 9 provides configurable hosts within the chaos class which can be
queried to provide troubleshooting infornation. They are:
version.bind
hostname.bind
These are all configurable within the options block of the DNS
configuration file. In the past, the suggestion was to specify something
other
9 matches
Mail list logo
