RE: Regarding compiling BIND 9.10.3-p4 on a SystemD Distro

The RedHat/CentOS version starts with an upstream version from ISC. At the time they first get it they optimize to fit within the other packages they’ve setup on the specific major release (e.g. RHEL5 had BIND 9.3.6, RHEL7 has BIND 9.9.4). After that they put their own extended versioning o

RE: Regarding compiling BIND 9.10.3-p4 on a SystemD Distro

s here. -Original Message- From: Tony Finch [mailto:fa...@hermes.cam.ac.uk] On Behalf Of Tony Finch Sent: Wednesday, March 23, 2016 9:52 AM To: Lightner, Jeff Cc: bind-users@lists.isc.org Subject: RE: Regarding compiling BIND 9.10.3-p4 on a SystemD Distro Lightner, Jeff wrote: > > Wit

RE: Regarding compiling BIND 9.10.3-p4 on a SystemD Distro

Since there are BIND packages (9.9.4) for RHEL7/CentOS7 available from default repositories you could download those packages and extract the systemd files from them and examine what they've done. With systemd the methodology isn't that BIND notifies other things that it is up. It is that othe

RE: about NS server authorize

As others said this isn't really a BIND issue. EPP key is what some Registrars call the authorization code for domain registration transfers. Did you recently attempt to transfer this zone from one Registrar to another? Did you get confirmation that the transfer (not just the request for t

RE: PCS, Corosync, Pacemaker, and Bind

You might want to try "ip a" vs ifconfig. RHEL7 uses Network Manager and in the past I've found some things don't show up in ifconfig output when doing alias/virtual interfaces. Usually even when other products (e.g. Oracle RAC/GRID) create virtual interfaces they still show up as valid int

RE: Bind9 on VMWare

We chose to do BIND on physical for our externally authoritative servers. We use Windows DNS for internal. One thing you should do if you're doing virtual is be sure you don't have your guests running on the same node of a cluster. If that node fails your DNS is going down. Ideally if

RE: Cloud DNS providers for secondary DNS

The OP mentioned notifying Registrars. He'll also need to notify whoever his ISP is if he has arpa zones for reverse lookups and they are delegating to his name servers. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of J

RE: Why two lookups for a CNAME?

Because the purpose of DNS primarily is to equate a name with an IP as applications talk to IPs not to names. When you have a CNAME you’re equating one name with another name. That other name then has to be looked up so the application knows what IP access. This saves time if you have multi

RE: init script

Which Linux or UNIX distribution and version are you using? As Omer suggests most of them include a bind package with prebuilt init scripts - you can download the BIND package then extract the init scripts from it. (deb is for Debian derived Linux distros, rpm for Redhat derived distros - mig

RE: Multiple A and PTR and the "main" ones?

Actually some mail servers DO check not only that a PTR exists but also that it is not "generic". Every once in a while we get someone complaining because one of the big sites (Ebay?) refuses to accept their email due the "generic" (as defined by that site's policies) nature of our PTR. We

RE: DNS format error

http://www.vip.icann.org/DS? The http:// and /DS wouldn't be part of DNS name itself so you can't dig for that. You'd have to point a browser (or command line tool like wget or curl) to get that web page. The vip IS part of the DNS name. Did you try "dig www.vip.icann.org"? It works for m

RE: How to properly update chroot-bind

Since the OP says he's not in Production yet I'd strongly advise moving on to CentOS 7 for multiple reasons. I has a new base version of BIND and also has a 3.x kernel. However, there is a learning curve because it also uses systemd rather than Sys V init. The way bind-chroot runs is signifi

RE: stumped on sub domain addition

Services of America, Inc. 2300 Windy Ridge Pkwy Suite 600 N Atlanta, GA  30339-8461   P: 678-486-3516 C: 678-772-0018 F: 678-460-3603 E: jlight...@dsservices.com -Original Message- From: lists - euca [mailto:li...@euca.us] Sent: Thursday, July 23, 2015 2:23 PM To: Lightner, Jeff Cc: Bin

RE: stumped on sub domain addition

Did you change the sequence/serial in the SOA and reload the zone? Doing dig tests for euca.us I get it’s “A” record and for www.euca.us I get is CNAME. That suggests you didn’t setup onqsolutions record properly. Looking at your www CNAME in your zone file might let you k

RE: com.google how did they do that

Not all the new TLDs are company specific. Some are more generic but useful to certain industries. There are 2 or 3 TLDs that I assume will appear sooner or later and I really wish I had the capital to make them as I know as soon as they are available many companies will use them so they'd be

Recall: subdomain with domain

Lightner, Jeff would like to recall the message, "subdomain with domain". CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distri

RE: subdomain with domain

You can do subdomains with the one zone file rather than having separate zones you just have to put a new ORIGIN for the subdomain. In the domain file for after the SOA and existing records (NS, A, CNAME etc...) add a line: $ORIGIN _msdcs..; New subdomain Then add the records (A, CNAM

RE: Single slave zone definition for two view (cache file name problem)

It isn't really that hard to maintain two separate zone files for each domain. We've been doing it for years. It isn't really clear why you're using views if all your zone files are the same as you seem to imply. Here we do views specifically because for some domains the zone files DO need

RE: Single slave zone definition for two view (cache file name problem)

4.x would be quite ancient. Where are you getting those version numbers? You should be using 9.x these days so I suspect the BIND version isn't what you think it is.Is it possible the version you're reporting is you OS rather than your BIND? What is reported when you run "named -v"? An

RE: Config large tuning and out of memory

CentOS 5.x does have a 64 bit version. 5.2 is quite old - they're up to 5.10 or 5.11 these days. I don't think you can just change from 32 bit to 64 bit - I think it requires a reinstall from the 64 bit installation media. If you have do a reinstall you're better off going to at least Cen

RE: Request to provide procedure for bind upgrade

Good point. Fedora isn't really a good choice for Production systems - it is bleeding edge with short life cycle (usually new version is out 6 months later and they only support the most recent 2.) Fedora is used as a test bed for what ends up in RHEL later. RHEL has much longer life cycle b

RE: Request to provide procedure for bind upgrade

The package is “bind” not “named”. The daemon is called “named”. You can type “rpm –qf $(which named)” to determine which package installed that daemon. (Likely it was bind.) Also if you’re running the chroot’ed version you’d want the package “bind-chroot”. I’d suggest you run “rpm –qa |

RE: Getting Error || unable to convert errno to isc_result

a. s. Křižíkova 36a/237 186 00 Praha 3, Česká Republika Tel.:+420.226204627 daniel.rysl...@dialtelecom.cz --- www.dialtelecom.cz Dial Telecom, a.s. Jednoduše se připojte ------- On 02/11/2015 10:32 PM, Lightner, Jef

RE: Getting Error || unable to convert errno to isc_result

On RHEL the kernel doesn't change within the main release (RHEL6) in this case will always be 2.6.32-xx and RHEL does the support including back porting bug and security fixes into their extended release (which isn't the same as the base kernel). They do the same thing for the BIND release

RE: SRV records etc

SRV definitely still required for some applications. Some cloud based application providers have you add them to verify you own the domain to which they're tying their services so you don't use them to hijack other people's domains. -Original Message- From: bind-users-boun...@lists.is

RE: Change in behaviour regarding ndots and searchlist

hlist * Barry Margolin [2014-09-15 15:18]: > In article , > Steven Carr wrote: > > > On 15 September 2014 13:29, Lightner, Jeff wrote: > > > I've begun seeing this recently in nslookup on Windows workstations as > > > well.It appears it is appending sea

RE: Change in behaviour regarding ndots and searchlist

I've begun seeing this recently in nslookup on Windows workstations as well. It appears it is appending search domains even when I've specified an FQDN. That is I have two search domains such as ex1.com and ex2.net and I typed short name "ralph" for nslookup or host it would give me "ralph.

RE: Value of memory

Also remember that "used" reported by "free" in Linux on the first line includes memory pre-allocated to cache and buffers that is readily usable on demand so isn't really allocated to specific processes like you'd see in a similarly configured UNIX system. Be sure when trying to determine "us

RE: Does bind read /etc/hosts?

The confusion can come in because some UNIX variants (notably HP-UX) nslookup was modified to honor /etc/nsswitch.conf so it DOES check /etc/hosts if "files" precedes "dns". However, in most things (e.g. Linux, Solaris) nslookup (and the newer host command) do not look at /etc/hosts regardless

RE: whois expiration limit?

, February 19, 2014 4:17 PM To: bind-users@lists.isc.org Subject: Re: whois expiration limit? On 2014-02-19 20:44, Lightner, Jeff wrote: Hi, I know this is the BIND list but I’m thinking folks who deal with DNS probably may be able to answer this question about whois. We recently transferred and

whois expiration limit?

Hi, I know this is the BIND list but I’m thinking folks who deal with DNS probably may be able to answer this question about whois. We recently transferred and renewed a domain by 2 years which pushed its expiration to 01/25/2025. The order confirmation shows that expiration and looking at t

RE: Same internal and external zone

There is nothing that precludes you from having the same zone on different DNS servers. You make each "authoritative" so that any look up that hits that DNS server gets that server's records. You can then have separate entries for some items and the same for others. We do that here with at

RE: Adding DS records

FYI: web.com recently bought NetSol and at least one other Registrar that escapes me at the moment. It might be worthwhile to see if any of their companies do this as you might have an easier time transferring and avoid some of the common games Registrars play to prevent it. I heartily recom

RE: Performance Tuning RHEL 5 and Bind

Any reason you're using RHEL5 as opposed to RHEL6 if you're building new servers? RHEL5 is very long in the tooth and will go EOL sooner than RHEL6. Since you're using a BIND package not shipped with RHEL5 there's no reason on that account not to move up to RHEL6. -Original Message-

RE: Install DNS Server

Any reason why you’re using CentOS 5.7 given that 6.4 (and maybe later) is available? if this is a new system you really ought to think about use the 6.x stuff. 5.x is long in the tooth even though still supported it has many older upstream packages of things including BIND. CentOS does put

RE: SOA issue

Also make sure you’ve incremented the serial number in the zone file by at least 1. From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Chris Buxton Sent: Wednesday, February 13, 2013 12:58 PM To: Paul A Cc: b

RE: chroot/etc/named/ directory?

Haven't done it on RHEL/CentOS 6.x yet but in RHEL5 with the bind-chroot installed I've always had: /var/named/chroot as the jail for BIND. /var/named/chroot/etc = Location of global config files such as named.conf /var/named/chroot/var/named = Location of the zone files. I don't see a /var/named

RE: How can I migrate my Domain from ISP hosted to my own BIND server?

To expand on that. The steps Manish wrote are what you do internally. What Sten is writing is external – your domains are “registered” somewhere and the “Registrar” points to the appropriate DNS servers – you’ll need to insure that it is pointing to your internal DNS servers. You can find out

RE: restart named; missing TCP socket

Why use rndc to stop then the init script to start? Is there no /etc/rc.d/rc.named restart? On RHEL5 the init script has a restart option so it will stop then start. If a socket is open then it could take a finite amount of time for it to close making it unavailable on the restart if you ha

RE: Performance tuning

For question 1: “Loading” is a function of the web site not DNS. Your first question could have to do what the default site is in your web configuration and what kind of rewrite rules are getting you to the other. If it were me I’d probably do some timed “host” or “dig” commands for the two re

RE: issues with BIND since a change of server

Have you checked the host level firewall (e.g. iptables)? -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of John Miller Sent: Thursday, October 04, 2012 12:01 PM To: bind-users@list

RE: Moving BIND from Solaris to Linux

sc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Barry S. Finkel Sent: Tuesday, October 02, 2012 10:47 PM To: bind-users@lists.isc.org Subject: RE: Moving BIND from Solaris to Linux On 10/2/2012 4:26 AM, "Lightner, Jeff" wrote: > The reason I did the f

RE: Moving BIND from Solaris to Linux

The reason I did the full discussion is that many shops are moving from proprietary UNIX (Solaris, AIX, HP-UX) or Windows to Linux solutions.If they are moving much infrastructure but just starting with BIND then he needs to consider what I wrote. Also I don't really agree that Ubuntu is th

RE: Moving BIND from Solaris to Linux

We use RHEL mainly because that's our distro of choice for most of our applications. It is the most popular "commercial" distro is the one most 3rd party commercial applications (e.g. Oracle) support. (Of course SLES has a lot of support as well but not quite a much - others will tell you Ubu

Dig from workstation to answer?

I know that dig +trace can be used to see the path of name resolution starting from root server down to final answer. What I’m wondering is if there is some set of options that would go from workstation to final answer? That is to say only go to the root server if that is where the DNS topolo

RE: Zone Transfer issue on BIND9

You're putting the allow transfer on each zone? I don't think that's your issue but it seems odd to me. Here we do it at the view level. Also it appears you're using the same IP for at least two of your views - for view transfers to work properly here we setup virtual IPs on the DNS servers

RE: What can cause excessive amount of _dns-sd queries?

Maybe blocking access by that IP will force the customer's tech folks to contact you? -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of wbr...@e1b.org Sent: Thursday, August 23, 20

RE: 2 dns records for same server

That is to say don't put the external servers in /etc/resolv.conf on your clients - only put the internal one there. (Or the Windows equivalent setup should only see your internal DNS server.) I would correct the prior post not to say "EVER" but rather "not directly". Often in an internal/ex

RE: Can't receive emails from another machine

To check whether BIND is your problem simply run "dig -t MX " on the host that is trying to send the email to your mail host. If it returns the right IP address for your mail host then BIND isn't the problem. For iptables/postfix this isn't really the right forum. You might want to try posti

RE: disabling "Any" requests

Your answer was clearly meant to be tongue in cheek but I'm not sure you understood. The OP wasn't asking how to stop all (any) lookups - it was how to stop "dig -t any" which isn't the same thing at all. Presumably they still want to allow dig -t mx, dig www... etc... Personally I don't know

RE: Loaded zone files query

That assumes its Linux and is being logged to local /var/log/messages. For other *nix the log location and name is apt to be different. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Be

RE: bind dies with assertion failure

I disagree about this being off topic. It IS in fact a BIND question but like many BIND implementations is specific to the user's setup. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Be

RE: bind dies with assertion failure

As mentioned more than once on this list. Redhat starts with an upstream version of a given package (say BIND 9.7) then backports security and bug fixes from later upstream versions into theirs and add extended versioning (say 9.7-2.3.1). One would have to check Redhat's version to see what fi

RE: Compiling and testing on Fedora

Turning off SELinux also requires a reboot after changing mode. From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Shawn Bakhtiar Sent: Thursday, June 21, 2012 1:19 AM To: bind-us...@isc.org Subject: RE: Compi

RE: Moving DNS out of non-cooperative provider

Just to verify - when you say "old provider" you're just talking about somewhere you had pointed your DNS records to and NOT the actual Registrar for the domain? If it is the Registrar you have to make changes at the Registrar's site to change which DNS servers to use. If they're not being coo

RE: multiple ints: views or separate records?

As far as influence it seems you could restrict the connections on virtual IPs to specific subnets so that they don’t have a choice. This can be done via ACLs in the views and/or via firewall rules (e.g. in iptables if this were a Linux host). From: bind-users-bounces+jlightner=water@lists

RE: Split DNS and zone transfers

You can also do it by IP in views but need separate IPs for each view. You can do that with virtual IPs on the same NICs as the primary IPs. Such virtual IPs of course have to be in the same subnet as the primary and also you’d need to insure firewall (including host level if any) is opened

RE: Restricting access & keeping identical data across views

Is signing not done at zone file level? For our views even when the zones are identical I keep separate copies for the internal and external views so I would have thought this wouldn't be an issue. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto

RE: Name Resolution issue with one domain

I don’t think the target is blocking as I get the following: dig www.dubaiairport.com ; <<>> DiG 9.8.1 <<>> www.dubaiairport.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36668 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;

RE: Multiple BIND instances

Virtualization doesn't reduce use of resources but DOES separate into what are perceived to be multiple "servers" so I'm not sure what you mean by "you still have one server". -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jl

RE: forwarding "@" to a different domain?

Just as a follow on to that prior thread. I was able to setup the CNAME for www and * at the Registrar without A records as indicated. Unfortunately the * at registrar equated to "*." Meaning for example ftp.mydomain.com would work with that CNAME but the domain itself, mydomain.com, would not

RE: About root zones

"if a root zone is not defined in named.conf" I wonder if you really do NOT want to ever hit root zones you could make your own entry in named.conf that points to localhost for root zone and thereby avoid hitting any real root? -Original Message- From: bind-users-bounces+jlightner=w

RE: .TLD minimum number of nameservers rule

Or you could simply put a virtual IP address on the same name server (and any NATting required) and put it in as your second at the registrar. That is to say the Registrar would see the same name server with two different names and IPs so wouldn't know it was the same name server. -Orig

RE: CNAME only zone?

-users-bounces+jlightner=water@lists.isc.org] On Behalf Of /dev/rob0 Sent: Friday, December 09, 2011 12:41 PM To: bind-users@lists.isc.org Subject: Re: CNAME only zone? On Friday 09 December 2011 10:25:36 Lightner, Jeff wrote: > Is it possible to create a zone file that only contains a CNAME?

RE: CNAME only zone?

ists.isc.org Subject: Re: CNAME only zone? On 09/12/11 16:25, Lightner, Jeff wrote: > Is it possible to create a zone file that only contains a CNAME? This comes up a lot, it seems. No. CNAME conflicts with any other record - including the SOA and NS records required at the apex. You will hav

CNAME only zone?

Is it possible to create a zone file that only contains a CNAME? The request I got is to create a CNAME to point shop4water.com to shop4water.hostedbywebtstore.com. We own shop4water.com – hostedbywebstore.com is something external that we don’t own. I’ve reviewed past posts and searched the i

RE: bind 9.2.1 assertion failure

ISC who makes bind doesn't support it any longer. Mark is with ISC. What do you have this installed on? It may be something distro specific and if so you may need to get you question answered by whoever provided it to you. For example RedHat Enterprise Linux distributes a modified version of B

RE: Bind 9.9.0b2 inline signing...

You can install Cygwin under Windoze and then get most Linux packages under that. Alternatively you can just install the Windows zip file for BIND and use the dig.exe it provides. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounc

RE: Question About max-clients-per-query

Not an answer to your basic question but I did want to mention that on most UNIX/Linux terminal sessions you can hit "Ctrl-s" to stop scrolling and "Ctrl-q" to resume it. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightn

RE: bind-9.8.1: INSIST(! dns_rdataset _isassociated(sigrdataset)) failed

By "init script" do you mean a script running from inittab doing a respawn? When I see "init script" I think of scripts run at shutdown and boot in /etc/init.d (or more accurately in /etc/rc?.d run level directories linked to the scripts in init.d). -Original Message- From: bind-us

RE: DNS Sinkhole in BIND

to get it. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Michelle Konzack Sent: Wednesday, October 26, 2011 9:01 PM To: bind-users@lists.isc.org Subject: Re: DNS Sinkhole in BIND Hello Ligh

RE: DNS Sinkhole in BIND

I’m confused – does the OP want to block or does he want to redirect. “block/redirect” are two different things. What I wrote will block. If he wants to redirect that’s fine but I don’t think he’d want to redirect to his real webserver – why send bogus traffic there and also take the risk t

RE: DNS Sinkhole in BIND

For some reason those rules wrapped to one line on the bounce back - each rule starts with the -A and ends with the DROP. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Lightner

RE: Single machine VPS

Create an entry for just the domain and be sure to add a dot to the end so it doesn't append the domain name: nicaragon.com. IN A 46.105.24.194 www IN A 46.105.24.194 Without the dot the domain is appended so that nicargon.com without a dot would actually be seen as nicaragon.com.nicaragon

RE: DNS Sinkhole in BIND

While setting up blackholes in BIND works fine when I did this on Linux I found that setting up iptables to do drops for known bad IPs/ranges was slightly better as the traffic never gets to BIND in the first place as it is stopped at kernel level. It simply DROPs the packet without telling the

RE: host versus nslookup

Even more fun on HP-UX is that in addition to the hosts line in nsswitch.conf they allow for a separate line called ipnodes used by IPv6 routines whereas hosts is only used by the older routines (gethostbyname etc...). It bit me when using NetBackup 7 because Symantec started using the IPv6 ro

RE: host versus nslookup

So hitting yourself in the head with a shovel is better? :p -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of David Miller Sent: Wednesday, October 12, 2011 4:08 PM To: bind-users@

RE: host versus nslookup

One thing that is different about nslookup on HP-UX (which doesn't have host) is that it actually respects nsswitch.conf so will give you results from /etc/hosts OR from name services whereas most implementations only do it from name services. Nslookup is "deprecated" meaning you should use hos

RE: Master and slave on same host

What do you mean you can’t have additional IPs? Even if you don’t have other network connections you can use virtual IPs on a single NIC. I have one server (not DNS) that has 30 virtual IPs on a single NIC. From: bind-users-bounces+jlightner=water@li

RE: resolv record without domain

Right - the issue here is the lookup not the DNS record itself. On UNIX/Linux hosts the file is /etc/resolv.conf. However, I do see a DNS configuration issue here as well. There should NOT be a dot after "name" in the A record - that tells it NOT to append the domain name. -Original

RE: CNAME or A record?

e should have two records and that my preference was A records. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of wbr...@e1b.org Sent: Wednesday, September 28, 2011 7:17 PM To: L

RE: CNAME or A record?

11 10:48 AM To: feralert Cc: bind-us...@isc.org; bind-users@lists.isc.org; Lightner, Jeff Subject: Re: CNAME or A record? Either is fine. Using the cname would require a single update if your ip changes, but prevents other records at the same level. So you couldn't attach mx for

RE: CNAME or A record?

+1 All of our redirects are either done by rewrite rules in Apache or Jboss or on our load balancer. We don’t do any in DNS. From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf

RE: CNAME or A record?

If you set your SOA properly to use "@" (which means "this zone") your A records should be: domain.com. A 1.1.1.1 www A 1.1.1.1 The SOA should append the "domain.com" to every record not terminated by a dot so that "www" is read as "www.domain.com".

RE: One IP in multiple zones

One thing we do is create a single "alias" zone with generic information in it to have multiple zones all go to the same IP. Typically the main zone we'll put in its own zone file and have named.conf associate that zone with that zone file. For other zones we tell named.conf to point to the ali

RE: Delegation check failed

I was the one asking about water.com. I'd started a separate thread hoping not to tromp on the OP of the earlier thread but apparently didn't succeed. I know the reason for the SOA/MX report so never asked about that. I did ask about the delegation messages but at this point as noted earlier I'

RE: Delegation check failed

I think it is safe to say the issue is the iis.se site is broken so far as delegation test goes. Another user reported to me that he had several domains return the same thing at this site. Thanks everyone for the replies. -Original Message- From: bind-users-bounces+jlightner=water

RE: Delegation check failed

ied as to what the delegation message is trying to tell me. -Original Message- From: Matthew Seaman [mailto:m.sea...@infracaninophile.co.uk] Sent: Tuesday, September 20, 2011 11:52 AM To: Lightner, Jeff Cc: bind-users@lists.isc.org Subject: Re: Delegation check failed On 20/09/2011 14:

Delegation check failed

Can someone give me a better explanation of why this is saying my delegation failed than the FAQ does? In a separate thread I saw this recommendation to another user: I think the checking tool at http://dnscheck.iis.se/?test=undelegated may be what you need. You may find it us

RE: syntax error in $GENERATE crashed all nameservers

hould be considered valid input for this command? Please don't respond that negative numbers are integers and therefore valid - that would be pure sophistry.) -Original Message- From: Warren Kumari [mailto:war...@kumari.net] Sent: Thursday, August 18, 2011 1:26 PM To: Lightner, Jef

RE: syntax error in $GENERATE crashed all nameservers

It was certainly a typo and a user error in that regard. However, he was suggesting it was bug because it should have rejected input of negative numbers and I'll have to say I agree with that viewpoint. If I typed "las" instead of "ls" on a command line and found out that "las" meant "lose al

RE: no servers could be reached

Using /var/named/chroot/... means you should have bind-chroot package installed. Also you need to be sure all references within named.conf are relative to the chroot directory rather than absolute real paths and be sure the files are in those relative paths. That is to say it is proper to refe

RE: no servers could be reached

Also has a wrong name: Should be resolv.conf NOT resolve.conf. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Michael McNally Sent: Thursday, July 28, 2011 3:47 PM To: bind-user

RE: about the dig

Or as previously pointed out it WILL work if you specify a name server at invocation. That is to say you MUST either do "dig @..." OR have a resolve.conf that specifies servers to attempt if not specified at invocation. (And before anyone else says it - You can of course still specify a serve

RE: RFC 6303 and automatic empty zones

Expecting the future - Planning your life around it is something sales folks like to do and most of the rest of us call vaporware - it's always "going to be available the 2nd quarter of next year". -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto

RE: better performance with 32 bit ! why?

I'm not sure I agree with that - multiple single threaded processes can be distributed across cores/CPUs. That is to say ONE single thread process doesn't gain from multiple cores but more than one can because they don't have to compete against each other on the same core. -Original Message-

RE: bind restart needed to reflect changes to dynamic zone in multipleviews

I wonder if pointing to different file "names" with one being a symbolic link to the other would work? That way you'd only have to create and update the one file but the transfer would transfer two separate files. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.or

RE: second nameserver with two IPs

You can have a thousand IPs and it won't matter so long as you configure your named.conf to use a specific IP in notify-source and transfer-source. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org]

RE: Getting different name resolution for news.google.com frommaster and slave BIND

4 PM To: bind-users@lists.isc.org Subject: Re: Getting different name resolution for news.google.com frommaster and slave BIND On Tue, May 24, 2011 at 02:28:42PM -0400, Lightner, Jeff wrote: > Is anyone else seeing odd results with news.google.com? My BIND > 9 master and slave are getting di

RE: Getting different name resolution for news.google.com from master and slave BIND

NS servers rather than our own. -Original Message- From: Warren Kumari [mailto:war...@kumari.net] Sent: Tuesday, May 24, 2011 6:12 PM To: Lightner, Jeff Cc: bind-users@lists.isc.org Subject: Re: Getting different name resolution for news.google.com from master and slave BIND And are those defi

  1   2   >