ailto:ma...@isc.org]
Sent: Tuesday, March 29, 2016 5:19 PM
To: Mike Bernhardt
Cc: bind-us...@isc.org
Subject: Re: BIND started replying to queries for .com with .COM
Your monitoring probe is broken.
STD 13 says that that the DNS is case preserving. The problem is that lots
of servers aren't ca
I rebooted one of our BIND VMs this morning. It's running BIND 9.10.3-P3. We
noticed that queries for domains with domain.com were answered with
domain.COM with the .COM in capital letters. Other high-levels like .org
were not changed. It caused a monitoring probe to complain because it wasn't
gett
there also to see if it's possible
to build a virtual interface for the IP, but I doubt it.
-Original Message-
From: Tony Finch [mailto:d...@dotat.at]
Sent: Tuesday, March 15, 2016 5:40 PM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject: Re: PCS, Corosync, Pacemaker, and Bi
My apologies, never mind :-{
I don't know what the problem was, BIND seems to load up just fine today,
even when the option addresses don't match the virtual address. I must have
screwed up something else.
___
Please visit https://lists.isc.org/mailman
.@dotat.at]
Sent: Tuesday, March 15, 2016 5:40 PM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject: Re: PCS, Corosync, Pacemaker, and Bind
Mike Bernhardt wrote:
>
> I'm setting up a new CentOS 7 DNS server cluster to replace our very
> old CentOS 4 cluster. The old one us
an IP address that is not on an
interface, or
2) There is a way to tell corosync (hopefully using pcsd) to create a
virtual interface, not just a virtual address, so BIND can find it.
Mike Bernhardt
___
Please visit https://lists.isc.org/mailman/listi
Anyone have some input on this? No one has commented so far.
-Original Message-
From: Mike Bernhardt [mailto:bernha...@bart.gov]
Sent: Tuesday, October 14, 2014 11:59 AM
To: bind-users@lists.isc.org
Subject: BIND resource requirements
We are currently using 9.8. We have had it on the
We are currently using 9.8. We have had it on the radar to move to 9.9 but
it's been low priority since 9.8 is still supported for now. But in reading
about all of the alleged issues with 9.10.x as well as possible increased
resource use starting with 9.9.5, I would like to ask a question: We have
: Upgrading from 9.8.3 to 9.9.4
On 01/16/14 16:39, Mike Hoskins (michoski) wrote:
> -Original Message-
> From: Mike Bernhardt
> Date: Thursday, January 16, 2014 4:09 PM
> To: "bind-users@lists.isc.org"
> Subject: RE: Upgrading from 9.8.3 to 9.9.4
>
>>
cing
server which of course has no RFC1918, I would leave it to the default
setting?
-Original Message-
From: Mike Bernhardt [mailto:bernha...@bart.gov]
Sent: Thursday, January 16, 2014 1:03 PM
To: 'bind-users@lists.isc.org'
Subject: RE: Upgrading from 9.8.3 to 9.9.4
Am I correct in
ny defined or not.
On 01/14/14 12:16, Mike Bernhardt wrote:
> Is there anything I need to know regarding changes in default
> operation when upgrading from 9.8.3 to 9.9.4? I'm specifically looking
> for changes that must be addressed in named.conf options in order to
> keep a
Is there anything I need to know regarding changes in default operation when
upgrading from 9.8.3 to 9.9.4? I'm specifically looking for changes that
must be addressed in named.conf options in order to keep an upgrade as
transparent as possible.
Thanks,
Mike
_
I don't think the child domain is on BIND so that may or may not be an
option. But, good idea. Thanks for your help!
_
From: Ben Croswell [mailto:ben.crosw...@gmail.com]
Sent: Tuesday, May 08, 2012 1:16 PM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject: RE: How does a
...@gmail.com]
Sent: Tuesday, May 08, 2012 12:21 PM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject: Re: How does a child find its parent?
The child doesn't know it's parent and goes up to the root like any other
server would.
-Ben Croswell
On May 8, 2012 2:13 PM, "
Reading the section on delegation in the O'Reilly book, I'm confused about
something: The parent is configured to delegate the subdomain to the child
with glue records, etc. But how does the child know who to ask if a host in
the subdomain requests a record in the parent zone? They don't show any
c
In order to save me poring through lots of archives and posts for the answer
to a simple question: Are there any differences between 9.7x and 9.8x that
require a change in named.conf configuration? The bottom line is that if I
want to upgrade from 9.7 to 9.8, are there any "Gotchas" that I need to
-Original Message-
From: Mark Andrews [mailto:ma...@isc.org]
Sent: Tuesday, February 28, 2012 4:36 PM
To: Mike Bernhardt
Cc: 'Chris Buxton'; bind-us...@isc.org
Subject: Re: Configuring a domain slave to look up subdomain hosts
Stub zones record the NS list and associated addre
So, it seems that the stub zone only works as I expected if I disable ALL
forwarding- not just in the parent zone but also in global options. Is that
the expected behavior for a stub zone? It's not consistent with what you
said below.
_
From: Mike Bernhardt [mailto:bernha...@bar
sn't it working when forwarding is disabled in the parent zone?
_
From: Chris Buxton [mailto:chris.p.bux...@gmail.com]
Sent: Tuesday, February 28, 2012 10:34 AM
To: Mike Bernhardt
Cc: 'Nex6'; bind-users@lists.isc.org; 'Mark Andrews'
Subject: Re: Configuring a domai
the stub zone in my configuration, what is the
value of a stub zone?
_
From: Nex6 [mailto:b...@borg1911.com]
Sent: Tuesday, February 28, 2012 9:32 AM
To: Mike Bernhardt; bind-users@lists.isc.org; 'Mark Andrews'
Subject: RE: Configuring a domain slave to look up subdomain hosts
Nex6 [mailto:b...@borg1911.com]
Sent: Monday, February 27, 2012 4:59 PM
To: Mike Bernhardt; bind-users@lists.isc.org
Subject: RE: Configuring a domain slave to look up subdomain hosts
Original Message
Subject: Configuring a domain slave to look up subdomain hosts
From:
I have a domain and a subdomain which is delegated by the
I am trying to figure out the correct way to have the slave of a parent
domain look up hosts in a subdomain managed by others. I'm running BIND
9.8.1-P1. The current working configuration for the subdomain is this:
options {
direct
> A few options:
>1: once the LB knows that all back-ends are down, it can continue to answer
>with the correct A, but drop the TTL to be much shorter -- this allows
>things to recover faster.
This would work well because the actually web site wasn't down, at least not
yesterday. If I substituted
What's really strange is that when we attempt a query, be it DIG or an
attempt to browse tools.cisco.com, they send some sort of query back to us
from/to UDP 53. We drop it at the firewall due to some sort of "sanity
check" so I can't see the contents. This is in addition to the SERVFAIL
message.
I should add that tools.cisco.com was resolvable at one time, so either
Cisco's behavior has changed, or our firewall's behavior has changed. We
obviously haven't upgraded our BIND version in a while (9.4.3P3), so I don't
think the problem is BIND.
-Original Message-
For some reason, we can no longer resolve tools.cisco.com. there are several
clues to the problem but I can't put them together. Here is some dig output.
I know that the time stamps don't all match up below, but the results are
typical:
[root@ns1 ~]# dig +trace -b 148.165.3.10 tools.cisco.com
; <
I'd like to suggest an alternative reason for the presence of those records:
The Perl script H2N will install them by default for every single host in
the zone file, unless you use the -M option to suppress their creation.
Obviously this has nothing to do with the value, or lack thereof, of those
Dumb question perhaps, but does this patch serve any purpose if one is not
using DNSSEC?
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
So is the general recommendation in this group to NOT implement an empty
SPF2.0 record (i.e., "spf2.0/pra") just in case, as recommended in the
5-year-old openspf document referenced below?
-Original Message-
From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk]
Sent: Friday, June 19, 2
To: Mike Bernhardt
Cc: 'Chris Buxton'; bind-users@lists.isc.org
Subject: Re: Delegation not working
In message , "Mike
Bernhardt" writes:
> I found the problem. After the various delegation config issues were
cleared
> and it still didn't work, I started doing some traces.
all of his patience. I learned a few things along the way.
Mike
-Original Message-
From: Chris Buxton [mailto:cbux...@menandmice.com]
Sent: Thursday, May 07, 2009 1:19 PM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject: Re: Delegation not working
Mike,
That was two separate commands.
't working. I'll get back when I have a
better idea what's going on but it apparently isn't my configuration at this
point.
-Original Message-
From: Chris Buxton [mailto:cbux...@menandmice.com]
Sent: Thursday, May 07, 2009 1:19 PM
To: Mike Bernhardt
Cc: bind-u
10.0.2.252 @10.2.242.222
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
-Original Message-
From: Chris Buxton [mailto:cbux...@menandmice.com]
Sent: Thursday, May 07, 2009 12:50 PM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject:
.165.30.30#53(148.165.30.30)
;; WHEN: Thu May 7 12:38:05 2009
;; MSG SIZE rcvd: 129
Without +norec, it times out.
-Original Message-
From: Chris Buxton [mailto:cbux...@menandmice.com]
Sent: Thursday, May 07, 2009 12:29 PM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject: Re: Del
s could be reached
Since this server can't reach the root servers, this makes sense. But
apparently it isn't following delegation.
-Original Message-
From: Chris Buxton [mailto:cbux...@menandmice.com]
Sent: Thursday, May 07, 2009 12:19 PM
To: Mike Bernhardt
Cc: bind-users@lists.i
48.165.30.30)
;; WHEN: Thu May 7 12:21:13 2009
;; MSG SIZE rcvd: 102
-Original Message-
From: Chris Buxton [mailto:cbux...@menandmice.com]
Sent: Thursday, May 07, 2009 12:19 PM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject: Re: Delegation not working
On May 7, 2009, at 12:0
In order to test without killing important things, I have delegated a
reverse zone only. I made the suggesed change but still have the same issue.
Clearly the server is not following the delegation. Config files follow. Any
ideas?
dig -x +trace @athena 10.0.2.252
;; Got answer:
;; ->>HEADER<<- opc
]
Sent: Thursday, May 07, 2009 10:17 AM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject: Re: Delegation not working
On May 7, 2009, at 9:31 AM, Mike Bernhardt wrote:
> I attempted to delegate a subdomain last night, but it didn't work.
> When I
> slave that subdomain it works f
I attempted to delegate a subdomain last night, but it didn't work. When I
slave that subdomain it works fine, so I know that connectivity is not the
problem. The server is running BIND 9.3.4. Here is the dig response:
; <<>> DiG 9.3.4 <<>> +norec @athena adm.bart.gov NS
; (1 server found)
;; glob
would appreciate any comments about whether I'm
missing something, etc.
-Original Message-
From: Mike Bernhardt [mailto:bernha...@bart.gov]
Sent: Wednesday, April 29, 2009 12:09 PM
To: 'bind-users@lists.isc.org'
Subject: How to use h2n for my subdomain delegation
We current
We currently use h2n in a simple configuration. There are redundant DNS
servers that I have not shown here:
-M -y -I ignore -q
-d bart.gov spcl=spcl.bart mode=D
-n 148.165/16 -n
-h Athena
-T RR="IN A 98.129.93.250"
-T RR="
We use h2n to generate our db files, but NOT to generate named.conf. We
recently add the network 10.160.0.0:255.240.0.0 to h2n, which then generated
db.10.160, db.10.161, etc.
All of these 16-bit networks will reside in the same zone. Is there a way to
either get h2n to generate one db for the ent
indeed the reference document to work from. Mighty
confusing!
Mike
-Original Message-
From: Matthew Pounsett [mailto:m...@conundrum.com]
Sent: Wednesday, February 25, 2009 2:34 PM
To: Evan Hunt
Cc: Mike Bernhardt; bind-users@lists.isc.org
Subject: Re: single-character host names
>The
Ha ha, I forgot about the root servers. Thanks to a couple of you for the
clarification.
-Original Message-
From: Evan Hunt [mailto:evan_h...@isc.org]
Sent: Wednesday, February 25, 2009 2:15 PM
To: Mike Bernhardt
Cc: bind-users@lists.isc.org
Subject: Re: single-character host names
I've been looking into the RFCs regarding whether or not single-character
(alpha) host names are allowed or not. RFC 952 says no, but 2181 says that
host names must between 1 and 63 octets in length, which would appear to say
"yes."
Certainly, several large organizations (Google, Yahoo and CNN, to
What youre seeing is ports your server has opened for queries. Then it
holds the port open while waiting for a reply and for some time after that.
For example, FROM ls1.tel.net.ba:29825 TO 203.64.139.9:domain. By design, if
someone does a lot of queries to crackerjack.net, your server is going to
By popular demand, here is the perl script I used:
#!/usr/bin/perl
print "reloading BIND...\n";
system "rndc reload";
print "copying db files to ns2...\n";
$a = `/bin/ping -c 1 ns2`;
if ($a =~ /64 bytes/) {
system "sudo -u named scp -B /var/named/var/named/db.zone1
/var/named/var/
What we used to do is we had 2 masters. After an update was done on one of
them, we ran a perl script that would scp the db files to the other and then
send rndc reload to itself and the other master. That way both were always
up to date. It seems like if you had one master and one slave at each
da
48 matches
Mail list logo
