On Wed, Aug 29, 2018 at 10:59 AM, Grant Taylor via bind-users
wrote:
> On 08/29/2018 04:05 AM, John Miller wrote:
>>
>> Does anyone know of a good intro-level book that explains how DNS works
>> and gives an current overview of the different DNS servers out there?
>
>
&
ver
alternatives to BIND, like PowerDNS, NSD, MS DNS, etc. Jan-Piet Mens'
book did this, but again, it's pretty dated at this point.
Does anyone know of a good intro-level book that explains how DNS
works and gives an current overview of the different DNS servers out
there?
John
-
On Wed, Aug 8, 2018 at 9:10 AM, Bob Harold wrote:
>
> On Tue, Aug 7, 2018 at 5:01 PM John Miller wrote:
>>
>> Hal, we've done this before - it's not particularly hard, just takes a
>> bit for everyone to pick up the new set of NS records. You just make
>>
Hal, we've done this before - it's not particularly hard, just takes a
bit for everyone to pick up the new set of NS records. You just make
the change upstream and also remove the NS records that reference the
system. It's kind of weird: during the interim, you'll have a running
nameserver that d
Hi Alex,
What does your query volume look like on this server? Depending on
volume, the BIND defaults for:
- clients-per-query
- max-clients-per-query
- recursive-clients
- tcp-clients
and others may not be set high enough. Check pp. 106-108 in the
latest 9.11 manual for more details on each o
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
John Miller
Senior Systems Engineer
Brandeis University ITS
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
.mil. 2022IN NS ns03.army.mil.
>>>> aro.army.mil. 2022IN NS ns02.army.mil.
>>>> aro.army.mil. 2022IN NS ns01.army.mil.
>>>>
>>>> ;; Query time: 163 msec
>>>> ;; SERVER:
Hello,
On bind recursive server I am seeing lots of queries for "." with type ANY.
Is there any use case which requires devices to send queries for "." with
type ANY ?
Appreciate your support.
Thanks
John
___
Please visit https://lists.isc.org/mailman/
Hello there,
We are setting up a secondary server and seeing something that may be
normal, but I wanted to check. The time stamp on each zone file on the
secondary is changing with each refresh cycle, even if there are no changes
to the file.
Is this normal or am I missing something.
Th
Hi Anvar,
I see you have your named.conf file listed here; can you please paste
your named.rpz file as well?
John
On Wed, Jan 24, 2018 at 4:19 PM, Anvar Kuchkartaev via bind-users
wrote:
> Hello,
>
> I am trying to update RPZ zone records dynamically using nsupdate. But
> unfortunately I am fac
ll. The emails keep
> getting deferred. Obviously not an issue for anyone on this list. Just
> providing info.
>
> Thanks
> James
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> b
UUOtQnMJgAZQAPS0J259CtXri0WyuDnJsdA5Glqt7FUAnvOFXNCEO8K6
> 0Kpyp/JHSM6hfeWKoAW3P0IaEeY+nYm91jdZ1Z214sWpiGmjvtE46KV4
> oVwvwnhyMjqI6gIZ9tTmm67iKz5E4UF524d/liZL9RMqSoy5uL94VUSm tSs=
> ;; Received 483 bytes from 69.36.157.30#53(a.gov-servers.net) in 49 ms
>
> ;; connection timed out;
Hi Ricky,
Try running a "dig +trace www.nhc.noaa.gov," then query each record in
the chain and see which one's slow to respond. I don't see anything
crazy in your named.conf. Something you didn't mention: does clearing
cache make a difference?
John
--
John Miller
Hi Tom,
You'll want to change your MX records to point to the name, rather
than the IP, of your mail server. Note that your MX target does _not_
have to be in the same domain as the one it's serving mail for. For
example:
X.TLD IN MX 10 mail.example.com.
is perfectly valid, and quite com
Tom
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-
Hi Elias,
Perhaps you could post your BIND configs for the existing server and
for the new Samba4 server? Forwarders may not be exactly what you
want here - they're generally meant for recursive, rather than
authoritative traffic.
IP addresses would be helpful as well: it's always annoying when
On Thu, Feb 23, 2017 at 2:52 PM, Eldridge, Rod A [ITNET]
wrote:
>
> Iowa State University is replacing 7 ISC NAMED/BIND servers and 4 ISC DHCP
> servers with Infoblox servers on March 14th. We want to keep the domain names
> of our external servers the same (with one exception), but we will be
On Thu, Jan 5, 2017 at 6:11 AM, Tony Finch wrote:
> Debarghya Mandal wrote:
>>
> do, you'll have to write a custom back-end, or use some other more
> scriptable DNS software such as PowerDNS.
>
Thanks, Tony - I didn't quite have the guts to recommend PowerDNS on
th
On Fri, Sep 30, 2016 at 1:15 PM, Tim Daneliuk wrote:
> On 09/30/2016 11:17 AM, Hrant Dadivanyan wrote:
>> Won't port redirection work better then ?
> get sudo for even limited access to things on their sandboxes. So, we're
> trying to figure out a way to work around the corporate slowness while
d-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubsc
Hi Sandeep,
The redirect part isn't a DNS issue: I telnetted to port 80 on the IP
address and got:
john@millspad:~$ telnet 146.142.7.113 80
Trying 146.142.7.113...
Connected to 146.142.7.113.
Escape character is '^]'.
GET / HTTP/1.1
Host: 146.142.7.113
HTTP/1.1 302 Found
Date: Sat, 17 Sep 2016 1
h how named handle the NS of this
> domain, or there is other parameter to tell named to try to loop through
> other nameservers if one fails.
>
>
>
> On Fri, Sep 9, 2016 at 7:20 PM, John Miller wrote:
>>
>> Hi Hillary,
>>
>> By default, BIND will return SER
Hi Hillary,
By default, BIND will return SERVFAIL to the client if it can't
complete the full iteration process within 10 seconds. This is
controllable by the "resolver-query-timeout" parameter. As for why
your recursive server doesn't just try elsewhere, it _will_, but it
assumes that it's quer
On Mon, Aug 15, 2016 at 11:23 PM, blrmaani wrote:
> From tcpdump, it appears that customers are receiving delayed response and
> are too sensitive for timeouts.
>
> The queries they are sending are authoritative i.e the zone is on our
> nameserver.
>
> How do I trouble-shoot this issue? This is
t;
> Thanks
> Blr
> _______
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
Ok--I see what's up now! This has been one of the stranger DNS setups
I've ever seen: different NS records pointing to overlapping sets of
IP addresses, EDNS disabled, really short TTLs on both NS and A
records. Even though you're not querying at the name listed in the NS
records, it's usually th
On Wed, May 4, 2016 at 3:57 PM, John Miller wrote:
> On Wed, May 4, 2016 at 3:23 PM, Rob Heilman wrote:
>> Could it be that the “adberr:2” logs entries are indicating that it
>> periodically can’t find the name servers?
>>
>> -Rob Heilman
>>
>>
>>
&g
On Wed, May 4, 2016 at 3:23 PM, Rob Heilman wrote:
> Could it be that the “adberr:2” logs entries are indicating that it
> periodically can’t find the name servers?
>
> -Rob Heilman
>
>
>
> # dig zulily-com.mail.protection.outlook.com.
> @ns1-prodeodns.glbdns.o365filtering.com.
>
> dig: couldn't
>
> dig mail.protection.outlook.com. ns
> @ns1-proddns.glbdns.o365filtering.com. +noedns
> ;; ANSWER SECTION:
> mail.protection.outlook.com. 10 IN NS
> ns1-proddns.glbdns.o365filtering.com.
> mail.protection.outlook.com. 10 IN NS
> ns2-proddns.glbdns.o365filtering.com.
>
>
>
> Note the short TTL
> But this is getting way off topic for BIND-users, and should probably be
> moved to dns-operati...@dns-oarc.net if we want to continue.
Much obliged!
John
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this lis
If your domain is ourweddingaccount.com, and you're looking to have
the apex record
ourweddingaccount.com.CNAME some.other.domain.
but still host other records in the ourweddingaccount.com zone, you
can't. That's not how CNAME records work. A CNAME record is an alias
for a particular _l
On Thu, Apr 7, 2016 at 3:42 PM, Ben Wilson wrote:
> Hi,
>
> I'm not sure what is different on a new server I'm setting up, but when
> querying the port configured for statistics-channels, no rdtype records are
> included.
>
> resstat, socket, task, etc are all there, but not the number of queries.
On Thu, Mar 31, 2016 at 2:00 PM, Michael Brunnbauer wrote:
>
> hi all,
>
> On Thu, Mar 31, 2016 at 07:32:21PM +0200, Michael Brunnbauer wrote:
>> Is is possible that is this connected to rndc stats? I will stop doing
>> rndc stats for a while to test (it currently runs every minute).
>
> Not doing
g
> https://lists.isc.org/mailman/listinfo/bind-users
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
On Fri, Feb 19, 2016 at 9:26 PM, Barry Margolin wrote:
> In article ,
> John Miller wrote:
>
>> And if you actually want people to use your zone or you want NOTIFY
>> working, two NS records (and possibly glue) are really a must.
>
> He mentioned that these are intern
0.4.1/24;
>127.0.0.1;
> };
>
> };
>
> For VM2 named.conf
>
> options {
>
> directory "/var/named";
> allow-query {
>10.4.3/24;
>127.0.0.1;
> };
>
> };
>
> On Fri, Feb 19, 2016 at 12:33 PM, John Mil
Hi David,
Something I'm not seeing in your config is an options {} block that
lays out your defaults for allow-transfer, allow-notify, also-notify,
etc. Those are important things to know when it comes to
troubleshooting zone transfer issues. Unless you've got a specific
reason for not doing so,
On Fri, Feb 19, 2016 at 11:45 AM, David Li wrote:
> This is my first time to try master slave configuration. Here is a
> brief description:
>
> I have two Centos 7.1 VMs - each is configured for a zone. VM1 is the
> master for zone1 and slave for zone2. VM2 is master for zone2 and
>
>> I was going to respond with the same advice --
>> slave your internal zones -- but then I somehow convinced myself that "recurs
>> ive-clients" was merely the quota of concurrent RD=1 queries that named would
>> handle, thus slaving wouldn't help in a network-outage situation, since name
>> d w
On Thu, Feb 18, 2016 at 5:06 PM, Mark Andrews wrote:
> For some reason people are afraid to slave internal zones. Back
> when I was working for CSIRO I used to slave all the internal zones
> for all of the sites the division had. Each site administered its
> own zones but all sites slaved all of
Thanks for the reply, Tony. With the recent glibc bug, I figured most
folks would be off putting out those fires!
On Thu, Feb 18, 2016 at 3:04 PM, Tony Finch wrote:
> John Miller wrote:
>
>> A couple of weeks ago, we experienced an outage on our external
>> Internet lin
A couple of weeks ago, we experienced an outage on our external
Internet links. Ideally, this shouldn't affect queries for internal
resources - we expect those queries to continue to be answered.
That being said, we saw a bunch of messages in our logs such as:
client 192.168.1.2#56075: no more r
On Thu, Jan 14, 2016 at 4:01 PM, Reindl Harald wrote:
>
>
> Am 14.01.2016 um 21:48 schrieb John Miller:
>>
>> Thanks for the advice, Mike. We chrooted our install because it was
>> "best practice" security-wise, but from an administration standpoint,
>>
Thanks for the advice, Mike. We chrooted our install because it was
"best practice" security-wise, but from an administration standpoint,
it's been a bit of a headache: for example, you have to keep straight
what goes in /etc and /var/named/chroot/etc, you end up setting a
$BIND_CHROOT environment
On Wed, Jan 13, 2016 at 8:35 AM, Tomas Hozza wrote:
> On 12.01.2016 18:16, Tony Finch wrote:
>> Tomas Hozza wrote:
>>>
>>> Recently I was trying to find a mechanism in BIND that could prevent the
>>> server from processing a recursive query for non-existing domains.
>>
>> Have a look at https://w
google.com.
>
> You'll see additional queries like this if you look up servers hosted by
> the Akamai CDN, because the CNAME points from the original domain to one
> of Akamai's domains.
Hi Barry,
I just did a double-check (stock RHEL 6 BIND, 9.8.2), and BIND indeed
does do the
oad-balanced sites which don't
> have fixed IP address.
>
> Any hint's what I am doing wrong?
>
> Many thanks,
> Wolfgang
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe
ing the cache
> or restarting BIND, won't BIND find an old cache of "ftp.example.com" in the
> ".com" top level DNS server ?
>
> Regards,
> Danny
>
> On Fri, Sep 18, 2015 at 2:51 PM, John Miller wrote:
>>
>> On Fri, Sep 18, 2015 at 2:35
On Fri, Sep 18, 2015 at 2:35 PM, Danny Sinang wrote:
> Hi,
>
> Our vendor is changing their FTP server's IP address tomorrow.
>
> 1. How can I tell how long their DNS change will propagate to us ?
Whatever TTL you have cached when the vendor makes the switch is how
long it'll take for your cachin
On Fri, Sep 4, 2015 at 3:29 PM, wrote:
>> One Firewall should be enough.
>> So, what you consider this firewall should do ?
>> In my opinion:
>> Block requests coming from a blacklist (Who will generate this list ?)
>> Block denial of service requests. It needs to measure the requests rate
>> to
On Tue, Sep 1, 2015 at 9:31 AM, Robert Moskowitz wrote:
>
>
> On 09/01/2015 09:20 AM, John Miller wrote:
>>
>> If you check pcap, logs, etc., is the server's following delegation
>> for 0.centos.pool.ntp.org? Where do outbound packets stop?
>
>
> I d
If you check pcap, logs, etc., is the server's following delegation
for 0.centos.pool.ntp.org? Where do outbound packets stop?
John
On Tue, Sep 1, 2015 at 9:09 AM, Robert Moskowitz wrote:
> I have one nameserver running bind 9.8.2 and a new one running 9.9.4.
>
> Both can resolve www.ietf.org
>
interesting we did is that our recursive servers don't
depend exclusively on our local authoritative servers. In a pinch
(last master in the stub zone), they'll go out to our cloud DNS
servers and pull/follow delegation from there. So the dependence of
recursive on authoritative, due
On Fri, Jul 24, 2015 at 11:52 AM, Mark Elkins wrote:
> On Fri, 2015-07-24 at 15:44 +, Managed Pvt nets wrote:
> >
> >
> > On 24/07/2015 5:05:24 PM, "Alan Clegg" wrote:
> >
> > > Possible problems:
> > >Mismatched keys.
> > >Mismatched key names.
> > >Mismatched clocks.
> >
> > Mo
ake sure your master doesn't require
it and that your slave doesn't try to use it for its AXFRs.
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
___
Please visit https://lists.isc.org/mailman/listinfo/bind-use
On Thu, Jul 23, 2015 at 2:22 PM, lists - euca wrote:
> Here is the file that smbind created (note that I have been making some
> changes):
> $TTL 21600
> @ IN SOA ns10.euca.us. hostmaster.euca.us. (
> 2015072342 ; Serial
> 108
Hi Donovan,
Your zone file(s) as well as your named.conf config would be best here. We
really need more information from you than a single fqdn.
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
On Thu, Jul 23, 2015 at 12:40 PM, lists - euca wrote:
> He
On Mon, Jul 13, 2015 at 2:15 PM, Lucio Crusca wrote:
>
> You have been persuasive enough, I'm definitely going to raise the expire
> value, but now the question is: are the SERVFAIL replies a consequence of
> the low expire value?
>
It doesn't help your cause _at_all_. There could be a few reas
ge between the two nameservers within an hour, the second
will stop working.
This is just a guess, but network communication/failed zone transfer seems
the most likely culprit for something like this (entire zone returns
SERVFAIL).
John
--
John Miller
Systems Engineer
Brandeis University
johnm..
Even after flushing Google's cache (
>> https://developers.google.com/speed/public-dns/cache), I still get the
>> same response. Does anyone have insight on +showsearch, other than the
>> following ;-)
>>
>> ...
>
> "showsearch" has nothing to do with iteration or recursion. "showsearch"
> is rel
>
> It's by tracing the queries down from the root zone several
> times with "dig +trace" that it finally hit me what was going
> on, and in retrospect it's obvious. At first I had been looking
> for some kind of race condition with delegation data from the
> grandparent zone getting cached, and t
For my part, I'd be curious to know what sort of problem you're trying to
solve with dig. We might be able to shed a little more light on what the
best command would be for you.
The +recurse gets overridden when you use +trace:
+[no]recurse
... Recursion is automatically disabled when
Semicolons! You need one for the second ip range in your list, and you
need one after the zone file for your localhost zone. The error message
really does tell you what you need in this case ;-) The config you pasted
only has nine lines, so I'm assuming that the last error really is on line
8/9
n to DNS in general as well as BIND configuration. Start
there, experiment around a bit with some sandbox vms, then come back
here when you've got some more specific questions.
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
On Thu, Apr 2, 2015 at 9:25 AM, Heamna
uarantine zones? Presumably you're using some sort of DDNS
publishing that gets triggered when a client does something
suspicious.
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
On Tue, Jan 6, 2015 at 5:52 PM, Anne Bennett wrote:
> I'm playing wi
dentical) would also be helpful, as would copies of your named.conf
>> files if you're worried about your configuration at all.
>>
>> The main principle here is that you shouldn't take down the 9.3.2
>> server until you're _sure_ the 9.8.1 server is fully read
r named.conf
files if you're worried about your configuration at all.
The main principle here is that you shouldn't take down the 9.3.2
server until you're _sure_ the 9.8.1 server is fully ready to roll.
Ideally you should be able to do this with zero downtime, but much
depends o
ntly will not be liable should its content be
> altered.
> **
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
>
de
> buffering. DiG (or even host) are much better than nslookup
> for diagnostic purposes.
>
> hth
>
>
> On Thursday, July 24, 2014 8:00 AM, John Miller
> wrote:
>
>
> To check your cache, just run rndc dump. It'll write a dump of the BIND
> cache to your
i then check if
> 101.250.168.192.in-addr.arpa PTR is cached?
>
>
> On 24-07-2014 15:35, John Miller wrote:
>
> On NS #2, if you run rndc freeze/rndc thaw, what does the actual zone
> file look like? Also, what does your cache look like? Is
> 101.250.168.192.in-addr.arpa
490 general: debug 1: dump_done: zone
> 250.168.192.in-addr.arpa/IN/vi_local_resolver: enter
> 24-Jul-2014 14:48:42.490 general: debug 3: zone
> 250.168.192.in-addr.arpa/IN/vi_local_resolver: dns_journal_compact: not
> found
>
> ---
e authoritative NS for that zone? unless your
> changing the records
> which is all bad
>
>
>
>
> On Monday, June 2, 2014 2:18 PM, John Miller
> wrote:
>
>
>
> Not quite, Bill. You point the zone at a different name server, but
> _your_own_nameserver_ still does the
:)
its almost the same, as creating a local zone for something your not
authoritative for and then having to maintain those records. but, i
guess their may be cases where it may be useful i guess
On Monday, June 2, 2014 1:33 PM, John Miller wrote:
Evil? Seems a bit strong. Unusual
It's surprising that more organizations don't fix this--it can be a
serious DoS vulnerability if the record is important enough. Anyone
know of tools that, given a zone or a set of labels, will test for this
behavior?
John
On 05/30/2014 11:42 AM, David A. Evans wrote:
To my questio
I'm curious as to
> why BIND would respond with different codes. Thanks for any insights.
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/
gt; https://lists.isc.org/mailman/listinfo/bind-users
> _______
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/ma
Thanks to both Mark and Nicholas for the help. Unfortunately, still not
able to get this working (BIND 9.8.2 (RHEL 6) & AD 2008R2). It's a case
of AD negotiating a TKEY (successfully), then reverting back to unsigned
updates. If an update's not signed, doesn't matter what your
update-policy
.edu'
A
named[12766]: client 129.64.8.232#49802: send
named[12766]: client 129.64.8.232#49802: sendto
named[12766]: client 129.64.8.232#49802: senddone
named[12766]: client 129.64.8.232#49802: next
Even though it sends valid TKEY credentials, why doesn't Windows actually
sign its upda
he same company, so I need that any client PC can
> resolve a hostname from "company.com" domain, independently if this
> record is in DNS1 or DNS2.
>
> Thanks again, regards.
>
> JeLo
>
>
>
> On Wed, Apr 30, 2014 at 5:21 PM, John Miller wrote:
>
>> Hi Jeronimo,
s://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
hanks a lot !!!
>
> JeLo
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-u
and is for the sole use of the intended
> recipient(s). If you are not the intended recipient, any disclosure,
> copying, distribution, or use of the contents of this information is
> prohibited and may be unlawful. If you have received this electronic
> transmission in error, please reply
o modify the cache.
>
> Who can tell me how to do?Thanks.
> Guanghua
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://list
rom derived A or records.
>
>
> Vernon Schryverv...@rhyolite.com
>
Indeed, the intent of my words was that SPF only makes sense if it's
public--presumably you set up trust between your internal mail servers in
other ways. It's not required for SMTP to work--plen
On Fri, Jan 31, 2014 at 11:10 AM, Steve Presser wrote:
> Hey all,
> Please forgive me if any of my terminology is off - I have not spent as
> much time in the documentation as I'd like.
> I have an odd situation that I would like to know if it is possible and
> would much appreciate a pointer to
On 12/11/2013 08:42 PM, Mark Andrews wrote:
In message <52a8e44a.1070...@brandeis.edu>, John Miller writes:
Hello folks,
I'm getting ready to revamp our dynamic DNS setup here on campus, and am
curious: what is everyone doing for update forwarding? Have you seen
certain clients tha
Hello folks,
I'm getting ready to revamp our dynamic DNS setup here on campus, and am
curious: what is everyone doing for update forwarding? Have you seen
certain clients that will send updates based on NS records rather than
the SOA record?
Perhaps a better question is: has anyone been bit
__
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
John Miller
Systems Engineer
Brandeis University
johnm...
Hi Manish,
You can always grab a pre-canned ISO from turnkeylinux.org. You could
also use Puppet or Chef recipes to get BIND up and running. I'm sure
someone also has a Vagrant box available -- try vagrantbox.es.
Generally speaking, though, if you're using an appliance in production,
you n
On 07/18/2013 06:07 PM, Barry Margolin wrote:
In article ,
John Miller wrote:
I think what I was getting at was whether appending $ORIGIN to an
unqualified target--only talking target, not label--was _required_ by the
RFCs, and if so, the RFC/section. I'll read through 'em; was j
Ryan wrote:
Are you asking if the target of a CNAME need be an FQDN if $ORIGIN is
defined? If so, no, I use short names (no trailing dot) all the time.
*From*: John Miller [mailto:johnm...@brandeis.edu]
*Sent*: Thursday, July 18, 2013 05:49 PM
*To*: Bind Users Mailing List
*Subject*: Re: RFC requir
On 07/18/2013 06:07 PM, Barry Margolin wrote:
In article ,
John Miller wrote:
I think what I was getting at was whether appending $ORIGIN to an
unqualified target--only talking target, not label--was _required_ by the
RFCs, and if so, the RFC/section. I'll read through 'em; was j
On Thu, Jul 18, 2013 at 4:29 PM, Charles Swiger wrote:
> On Jul 18, 2013, at 1:18 PM, John Miller wrote:
> > I know that for the following record in example.com's zone file:
> >
> > host.example.com. IN CNAME otherhost
> >
> > BIND will retur
CNAME otherhost.
be equally valid from an RFC perspective? Obviously this would also
pertain to NS, MX, SRV, PTR, etc. records.
John
On Thu, Jul 18, 2013 at 4:12 PM, John Miller wrote:
> Hey there folks,
>
> I know that for the following record in a zone file:
>
> host.exampl
Hey there folks,
I know that for the following record in a zone file:
host.example.com.
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
_
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
John Miller
Systems En
.isc.org/mailman/**listinfo/bind-users<https://lists.isc.org/mailman/listinfo/bind-users>to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/**listinfo/bind-users<https://lists.isc.org/mailman/listinfo/
Hi Mike,
To keep my answer simple, if BIND is set up to allow recursion, and gets
a recursive query for a zone it's not authoritative for, it'll:
1) Answer from cache
2) pass the query off to the configured forwarders
3) If the forwarders are unavailable, follow delegation itself to answer
th
> Probably should've wrote that is the first case it was:
>
> $ORIGIN foo.example.com.
> ...
> ads NS ads.foo.example.com.
> ...
> ads A a.b.c.d
> dc2 A a.b.c.e
> dc3 A a.b.c.f
>
> And, the modified case was:
>
> $ORIGIN foo.example.com
> ...
> ads NS dc2.foo.example.com.
> NS dc
Hi Lawrence,
I'm going to answer your questions a bit out of order, but hopefully
things'll still be clear.
> How do you have an AD domain where your AD servers aren't authoritative
> for itself?
>
>
This is how our AD domain is set up -- the root of the AD domain is
brandeis.edu, but the domain
1 - 100 of 125 matches
Mail list logo
