On 9 Jul 2025, at 14:02, Niall O'Reilly wrote:
> I'm baffled by something strange I came across yesterday, and would
> appreciate an injection of clue.
This seems to have been a case of PEBKAB.
Apologies for the noise.
Niall
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscr
/bind/dynamic/*
were relocated to */var/lib/bind/dynamic/* while **named** was stopped.
Corresponding changes were made to the configuration.
On restarting **named**, log messages seemed to indicate success, but
information displayed in response to `rndc zonestatus` referred to
files in */etc/b
uan Duan via bind-users
> wrote:
>
> Hey Guys,
>
> I am using bind version 9.11.0.
>
> There are many views and zones running inside.
>
> bind can run normally and resolve domain names normally.
>
> But when I execute rndc reload, I I received an
Hey Guys,
I am using bind version 9.11.0.
There are many views and zones running inside.
bind can run normally and resolve domain names normally.
But when I execute rndc reload, I I received an error message.
./server.c:3799: unexpected error:
unable to obtain neither an IPv4
Hello!
Sometimes (serial quirks) it is necessary to force an AXFR. The "rndc retrieve"
only queues the request, so I have to "tail -f" the log file to see if the AXFR
was performed, which requires manual inspection.
I would like to have a possibility, to trigger the AXFR
ed configuration,
>> following any include files. There *must* be a "controls" section in there
>> or rndc could not work, since, from the ARM:
>>
>
> A "controls" section is *not* required in named.conf. If there isn't one,
> BIND uses some defaul
On Tue, 26 Nov 2024 at 09:40, Greg Choules via bind-users <
bind-users@lists.isc.org> wrote:
Hi Greg,
Running "named-checkconf -p" will print your entire named configuration,
> following any include files. There *must* be a "controls" section in there
> or rndc
Hi Luis.
Running "named-checkconf -p" will print your entire named configuration,
following any include files. There *must* be a "controls" section in there
or rndc could not work, since, from the ARM:
> all communication with the server is authenticated with digital
signat
Thanks Greg!
I can confirm that running “rndc-confgen -a” replaced the previously created
"/etc/bind/rndc.key" file with a new one. There are no other files named
“rndc.key” on the box in question.
None of my conf files have a “controls” block in them. Is this bad? FWIW
>From the ARM, when "rndc-confgen -a" is run::
> This option sets automatic rndc configuration, which creates a file
rndc.key in /etc (or a different sysconfdir specified when BIND was built)
that is read by both rndc and named on startup. The rndc.key file defines a
default com
Thanks for the quick response!
I ran “sudo rndc status” on the box in question and on a test VM that’s
configured almost identically to the box in question.
Both had very similar output. Here’s the output from the box in question:
version: BIND 9.18.28-0ubuntu0.22.04.1-Ubuntu
Trying using rndc to see if it's broke.
rndc status
You may need to add a path to the rndc binary if it's not in your $PATH env
vars. Or maybe -c to the location of your rndc config.
In your named.conf you should have a rndc statement with the key name and value.
You can recreate
I've been running BIND on Ubuntu 22.04 for over a year and it has been
running perfectly as my primary DNS server. I'm currently using BIND
9.18.28.
I'm currently setting up BIND on another box (as a secondary DNS server) and
accidentally just ran "sudo rndc-confgen
e but I'd rather not have fire drills (and it's not just
> me it's people / projects downstream of me).
>
> FTR, I've always used an IP address with RNDC.
>
> On Tue, 12 Sep 2023, Ondřej Surý wrote:
>>
>> [...] The support for Unix
>> Doma
TR, I've always used an IP address with RNDC.
On Tue, 12 Sep 2023, Ondřej Surý wrote:
[...] The support for Unix
Domain Sockets is already non-operational since BIND 9.18.0 and it is a fatal
error in named. This is properly documented in BIND 9.18.0 release notes and
known issues.
We are n
Hello,
in line with out deprecation policy, I am notifying the mailing list about
deprecation
of the 'unix' clause in the controls {} configuration block. The support for
Unix
Domain Sockets is already non-operational since BIND 9.18.0 and it is a fatal
error in named. This is properly document
On 24-10-2022 15:14, PGNet Dev wrote:
The good news it is not stuck.
What indicator flags that it IS 'stuck'? Is it explicitly logged?
Because the keymgr logs says it is just waiting time?
2022-10-21T16:55:22.690622-04:00 ns named[36683]: 21-Oct-2022
16:55:22.689 dnssec: debug 1: keymgr:
The good news it is not stuck.
What indicator flags that it IS 'stuck'? Is it explicitly logged?
BIND is waiting to make sure the new DS is also known to the validators. The
time being evaluated here is the DS TTL, plus parent-propagation-delay, plus
retire-safety. All these three values ar
Hi,
On 21-10-2022 23:05, PGNet Dev wrote:
I exec
rndc dnssec -checkds -key 63917 published example.com IN external
with dnssec loglevel -> debug, on exec, in logs
2022-10-21T16:55:22.690603-04:00 ns named[36683]: 21-Oct-2022
16:55:22.689 dnssec: debug 1: keymgr: examine
I exec
rndc dnssec -checkds -key 63917 published example.com IN external
with dnssec loglevel -> debug, on exec, in logs
2022-10-21T16:55:22.690603-04:00 ns named[36683]: 21-Oct-2022 16:55:22.689
dnssec: debug 1: keymgr: examine KSK example.com/ECDSAP256SHA256/63917 type DS
in st
with bind 9.18, config'd for dnssec-policy automated signing, I've a dnssec
signed zone,
rndc dnssec -status example.com IN external
dnssec-policy: test
current time: Fri Oct 21 16:14:06 2022
key: 47219 (ECDSAP256SH
Klaus Darilion via bind-users wrote:
> I checked all options of rndc to get the list of zones configured/served by
> bind - but I can't find any.
> Is it really not possible to get this list from a running Bind process?
The statistics channel is your friend when rndc lets you
I checked all options of rndc to get the list of zones configured/served by
bind - but I can't find any.
Is it really not possible to get this list from a running Bind process?
Thanks
Klaus
--
Klaus Darilion, Head of Operations
nic.at GmbH, Jakob-Haringer-Straße 8/V
5020 Salzburg, Au
It’s already been addressed
--
Mark Andrews
> On 4 May 2022, at 06:16, Larry Rosenman wrote:
>
> I did find a manpage bug for the rndc man page for 9.18.2:
> dnssec (-status | -rollover -key id [-alg algorithm] [-when time] |
> -checkds [-key id [-alg algorithm]] [-when
I did find a manpage bug for the rndc man page for 9.18.2:
dnssec (-status | -rollover -key id [-alg algorithm] [-when time] |
-checkds [-key id [-alg algorithm]] [-when time] published |
withdraw))
zone [class [view]]
s/withdraw/withdrawn/
withdraw garners a syntax error
; Hans
>>
>>
>>
>>> On 21.03.2022, at 15:26, Borja Marcos wrote:
>>>
>>>
>>>
>>>> On 21 Mar 2022, at 14:51, MAYER Hans wrote:
>>>>
>>>>
>>>> Looking at the log I see:
>>>> netwo
> port 853 ?
>
> Kind regards
> Hans
>
>
>
>> On 21.03.2022, at 15:26, Borja Marcos wrote:
>>
>>
>>
>>> On 21 Mar 2022, at 14:51, MAYER Hans wrote:
>>>
>>>
>>> Looking at the log I see:
>>> netwo
rja Marcos
mailto:bor...@sarenet.es>> wrote:
On 21 Mar 2022, at 14:51, MAYER Hans
mailto:hans.ma...@iiasa.ac.at>> wrote:
Looking at the log I see:
network: error: creating TLS socket: permission denied
Why doesn’t named have the permissions after a „rndc reload“ but it has the
permissio
> now BIND 9.18 is supporting DoT directly I tried to go away from a solution
> with stunnel4 and therefore I compiled 9.18.1 and modified named.conf
> So far everything is working fine. All the tests with dig , openssl and lsof
> is showing it’s working.
> The problem: whe
> On 21 Mar 2022, at 14:51, MAYER Hans wrote:
>
>
> Looking at the log I see:
> network: error: creating TLS socket: permission denied
>
> Why doesn’t named have the permissions after a „rndc reload“ but it has the
> permissions after a start ? And why on one s
Dear All,
now BIND 9.18 is supporting DoT directly I tried to go away from a solution
with stunnel4 and therefore I compiled 9.18.1 and modified named.conf
So far everything is working fine. All the tests with dig , openssl and lsof is
showing it’s working.
The problem: when I run a „rndc
> allow-transfer { secondaries; };
>
> and of course... an acl later in the named.conf
>
> acl secondaries { x.x.x.x; };
>
> I watch the logs on the secondary... and make a change to a zone on the
> primary... update the serial... run an rndc reload...
>
&
of course... an acl later in the named.conf
acl secondaries { x.x.x.x; };
I watch the logs on the secondary... and make a change to a zone on the
primary... update the serial... run an rndc reload...
Yet... I see nothing on the secondary.
Anyone have any clues or hints?
-
Hi Greg,
Read the "ddns-confgen" man page. And then read all the material here:
https://bind9.readthedocs.io/en/v9_16_13/advanced.html
Regards,
Anand
On 27/04/2021 11:27, Greg Donohoe wrote:
> Thank you for the excellent advise, it is a lot clearer to me now.
> I am checking the nsupdate & TSI
Thank you for the excellent advise, it is a lot clearer to me now.
I am checking the nsupdate & TSIG man pages for additional knowledge.
Outside of these man pages , are there any other references
(tutorials/videos) that you would recommend?
Particularly around the area of TSIG key generation & man
Anand Buddhdev wrote:
>
Anand's advice is good, as usual :-)
But a small pedantic point:
> The DNS protocol itself has recently been updated to allow for
> encryption, using DTLS (DNS-over-TLS).
DTLS usually means "datagram TLS", i.e. TLS-over-UDP (RFC 6347). There's a
spec for DNS-over-DTLS (
Hi Greg,
a TSIG key is *never* transmitted. A sender uses a TSIG key to generate
a secure hash over the DNS content being sent, and sends the hash along
with the DNS content. A receiver configured with the same key can then
verify that hash. If it can, then it can apply the DNS content.
If someon
Thanks Anand.
When using this TSIG solution is the key visible (clear) within the DNS
packet being sent to the remote server or is it encrypted?
Is this communication secure? eg if someone is sitting on the wire sniffing
the packets, would they be able to extract the key ?
Or is the security of the
Paul Kosinski via bind-users wrote:
> A couple of years ago, I tried using nsupdate to modify a dynamic (DHCP)
> IP address for my very simple domain. It worked, except that it totally
> messed up the organization of the zone file. Since the file only has 44
> active lines (which are organized lo
appear to be confused about what the various tools do, so here's a
> summary:
>
> 1. ssh is used to log into a remote server, get a shell, and run
> operating system commands.
>
> 2. rndc is for controlling a running BIND server. It can be used to
> check the status of
On 23/04/2021 14:24, Greg Donohoe wrote:
Hi Greg,
> In regards to the nsupdate, what is the best way to secure the connection,
> so to ensure that only my local server can make the amendments to the
> remote server named & zone files?
> I dont want anyone/anything else other than my local machine
; The "nsupdate" tool can send the dynamic DNS updates directly to your
> remote server over the DNS protocol.
>
> You appear to be confused about what the various tools do, so here's a
> summary:
>
> 1. ssh is used to log into a remote server, get a shell, a
s used to log into a remote server, get a shell, and run
operating system commands.
2. rndc is for controlling a running BIND server. It can be used to
check the status of BIND, reload it, etc.
3. nsupdate is for modifying a zone directly (whether on the local
machine, or some remote machine) u
secure connection.
I was thinking that it may be possible to use RNDC or some other tool to
update the remote BIND server zone files (either by modifying the zone file
that is already there or replacing the zone file with the new one I created
locally).
RNDC looks like it is a non starter for what I want
TSIG authentication key and add the key to the
allow-update ACL on the remote server.
(You can also add your own TSIG keys to allow remote control with `rndc
-s`, but it sounds to me like rndc is a red herring.)
There's also my `nsdiff` program https://dotat.at/prog/nsdiff/
which can make
eline runner to my remote BIND staging server and update
> the zone files on there with my newly updated zone file.
> I initially thought about using ssh from the runner to the remote BIND
> server but this may not be the most secure way of connecting.
> So my question is: Is it possib
with my
newly updated zone file.
I initially thought about using ssh from the runner to the remote BIND
server but this may not be the most secure way of connecting.
So my question is: Is it possible to use RNDC to manage my connection from
host to remote server and if so, how can I ensure complete
;>> };
>> And I normally can see the named process is listening on tcp:953 on both
>> 127.0.0.1 and 10.2.0.1. But sometimes later, I find it listening only on
>> 127.0.0.1. If I do an 'rndc reconfig', it starts listening again on both
>> addresses. Normal DNS s
quot;mykey"; };
inet 10.2.0.1 port 953
allow { 10.2.3.3; 10.2.4.3; }
keys { "threekey"; "fourkey"; };
};
And I normally can see the named process is listening on tcp:953 on both
127.0.0.1 and 10.2.0.1. But sometimes later, I find it listening only
on 127.0.0.1. If
y can see the named process is listening on tcp:953 on both
127.0.0.1 and 10.2.0.1. But sometimes later, I find it listening only
on 127.0.0.1. If I do an 'rndc reconfig', it starts listening again on
both addresses. Normal DNS service has continued uninterrupted.
I can't find fo
Hello there!
I have been reading the ARM and some of the KB, but I'm still a bit
confused on what this "TCP high-water" status exactly represent
I assume it means the amount of active TCP connections that happened at the
same time.
Does it mean connections active? or that were not closed at some
an MD5?
MD5 is broken (as is SHA1). In this specific context, a forged rndc message
is probably impracticable on any reasonable time scale, and I wouldn't fear
for security if I were using them. *But*, they're broken, and crypto
people don't like keeping broken things around, so I wo
So, I've spent some time looking at the man pages and googling without any
definitive answer.
I'm generating some new rndc keys for my bind9 config. (9.11.3 in this
particular case, if it matters.)
rndc-confgen has quite a number of options for the key-type - but I'm not sure
Thanks for your help!
On 21.06.20 22:30, Tony Finch wrote:
> Jakob Dhondt wrote:
>> I am generating dnstap files using bind and regularly roll them using
>> 'rndc dnstap -roll [number]'. The way I understand the documentation is
>> that there should be max
Jakob Dhondt wrote:
>
> I am generating dnstap files using bind and regularly roll them using
> 'rndc dnstap -roll [number]'. The way I understand the documentation is
> that there should be max [number] old dnstap files after executing this
> command but what actually
Hi everyone,
I am generating dnstap files using bind and regularly roll them using
'rndc dnstap -roll [number]'. The way I understand the documentation is
that there should be max [number] old dnstap files after executing this
command but what actually happens is that all files are bei
Hi,
Keen to know if rndc addzone functionality can be used to add zones in bind
serving response-policy? If so then what would be my view? Do I need to
define my view to make it work?
I tried this and its failing hence wondering if rndc can be used to add
zone or delete zone on the fly?
Here is
tion:
sync [-clean] [zone [class [view]]]
Sync changes in the journal file for a dynamic zone to the master
file. If the "-clean" option is specified, the journal file is also
removed. If no zone is specified, then all zones are synced.
"rndc r
On 7/14/19 8:00 PM, John W. Blue wrote:
> Please elaborate on the technical reason why instead of being terse.
I'll give a short version:
"rndc reload" existed from the early days of BIND with the first notice
in CHANGES being [bug] 287 in 9.1.0b1.
"rndc sync" ca
Please elaborate on the technical reason why instead of being terse.
Thanks!
John
Sent from Nine<http://www.9folders.com/>
From: Anand Buddhdev
Sent: Saturday, July 13, 2019 4:48 PM
To: John Thurston; bind-users@lists.isc.org
Subject: Re: rndc - sync
On 10/07/2019 20:08, John Thurston wrote:
Hi John,
> On a server with both static and dynamic zones, is there any reason to
> perform an:
> rndc sync
> prior to issuing an:
> rndc reload
No, there is no need for a sync before reload.
from Nine<http://www.9folders.com/>
From: John Thurston
Sent: Wednesday, July 10, 2019 1:09 PM
To: bind-users@lists.isc.org
Subject: rndc - sync before reload?
On a server with both static and dynamic zones, is there any reason to
perform an:
rndc sync
prior
On a server with both static and dynamic zones, is there any reason to
perform an:
rndc sync
prior to issuing an:
rndc reload
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On Wed, 12 Jun 2019, Micha? K?pie? wrote:
Hi Andi,
Is there something different about 9.14 defaults that I now need to include
in my config to get past this ?
I am unable to reproduce this, things seem to work fine, at least on a
fresh amd64 NetBSD 7.2 VM:
# bin/rndc/rndc status
Hi Andi,
> Is there something different about 9.14 defaults that I now need to include
> in my config to get past this ?
I am unable to reproduce this, things seem to work fine, at least on a
fresh amd64 NetBSD 7.2 VM:
# bin/rndc/rndc status
version: BIND 9.14.2 (Stable R
sn't respond to rndc commands.
Running rndc -V status shows rndc stopping after 'send message'.
I see nothing in the logs that would explain this. In particular, my rndc
key setup is working fine.
I also tried increasing log levels and never got anything added to the logs
that wa
On 03/14/2019 04:40 AM, Niall O'Reilly wrote:
> On 14 Mar 2019, at 5:17, Marc Chamberlin via bind-users wrote:
>
>> On 03/13/2019 08:33 PM, John W. Blue wrote:
>>> As an option, instead of including /etc/rndc.key nothing prevents you
>>> from including rndc.conf. That way you are consistent with y
On 03/14/2019 12:02 AM, Mark Andrews wrote:
> "rndc showzone" only works if you also have "allow-new-zones yes;” set.
Really??? Wow! Thanks Mark! I would never have guessed that, but yes it
does make rndc much happier!
>
> The last time there was a complaint about U
On 14 Mar 2019, at 5:17, Marc Chamberlin via bind-users wrote:
> On 03/13/2019 08:33 PM, John W. Blue wrote:
>>
>> As an option, instead of including /etc/rndc.key nothing prevents you
>> from including rndc.conf. That way you are consistent with your useage.
Another option is to include rndc.ke
"rndc showzone" only works if you also have "allow-new-zones yes;” set.
The last time there was a complaint about UPDATE’s not sticking the
startup procedure was wiping out the changes.
Mark
> On 14 Mar 2019, at 10:01 am, Marc Chamberlin via bind-users
> wrote:
>
&g
Hi John, thanks for replying and your thoughts! I will intersperse my
feedback within your comments -
On 03/13/2019 08:33 PM, John W. Blue wrote:
>
> Marc,
>
>
>
> Regarding your rndc problem, I think you might be confusing rndc.
>
>
>
> If rndc is invoked wi
Marc,
Regarding your rndc problem, I think you might be confusing rndc.
If rndc is invoked with no options, specifically “k”, then rndc assumes the key
it needs is in the rndc.conf file. If rndc.conf is not present, rndc will use
the default rndc.key file. That said, since rndc knows there
Hello Bind Users,
I have been working on upgrading my Bind 9.11.2 server (running on a
Linux system, OpenSuSE Leap 15) so that I can accept DNS
challenges/verification from/for LetsEncrypt certificates, and I am
running into a wall trying to get nsupdate (and rndc which I wanted to
use to test
N. Max Pierson wrote:
>
> Under Incoming Requests it has QUERY's among some other stats. Is this
> the total queries across all zones? If it is, it doesn't seem to add up
> to what the total of each zone added together in the per zone stats.
Hmm, good question. I suspected it might be something t
Hi List,
I am trying to pull some metrics from our bind servers and I don't quite
understand what some for the stats in the file really mean. What I am
looking for is total queries and then a breakdown of total queries for each
zone. Under Incoming Requests it has QUERY's among some other stats. I
Leonardo Oliveira Ortiz wrote:
>
> Im configuring DNSSec with nsec3, when i run the first rndc signing
> -list I can check the keys, but when I restart named service this
> command shows nothing... This is a problem?
No, it's benign.
When `named` is signing a zone it puts
Hello.
I have a setup with bind 9.9 in chroot, dnssec and inline-sign now.
Im configuring DNSSec with nsec3, when i run the first rndc signing -list I can
check the keys, but when I restart named service this command shows nothing...
This is a problem? Tried load the keys again with rndc
> I've checked the serve-stale status, which is currently off.
> # rndc serve-stale status
> _default: off (stale-answer-ttl=1 max-stale-ttl=604800)
> _bind: off (stale-answer-ttl=1 max-stale-ttl=604800)
>
> Is this a normal behavior, that in the "rndc dumpdb" n
Hi Michal
Thank you for this feedback.
I've checked the serve-stale status, which is currently off.
# rndc serve-stale status
_default: off (stale-answer-ttl=1 max-stale-ttl=604800)
_bind: off (stale-answer-ttl=1 max-stale-ttl=604800)
Is this a normal behavior, that in the "r
> After querying my resolver for "testbla11.example.com", I receive a NXDOMAIN
> response with a minimum-ttl (in the soa) of 3600.
> When I afterwards dump the cache of my resolver (9.12.2-P1) with "rndc
> dumpdb" and look for the negative ttl, then a value much big
Hi
After querying my resolver for "testbla11.example.com", I receive a
NXDOMAIN response with a minimum-ttl (in the soa) of 3600.
When I afterwards dump the cache of my resolver (9.12.2-P1) with "rndc
dumpdb" and look for the negative ttl, then a value much bigger than
3
Hi, all.
Have a question for "rndc reconfig".
I tried to rndc reconfig option on 9.9.9-P5 and 9.11.4-P1 by source
installed binaries.
Behavior on 9.9.9-P5 was add new named.conf option and only add new
zone was loaded.
But, behavior on 9.11.4-P1 was add new named.conf option, add ne
quot;named" process which had
not been performed any request from clients for 5 secs during "rndc
reconfig"
even if it is used to be finished in 700ms
24-Aug-2018 17:36:39.073 general: info: received control channel command
'reconfig'
…..
24-Aug-2018 17:36:44.100
Check named.conf with named-checkconf.
> On 29 Aug 2018, at 4:34 am, J David wrote:
>
> After recently improving the tracking of errors coming from commands
> running from scripts, we found that a large number of “rndc reconfig”
> requests (about 15-20% of all requests) erro
After recently improving the tracking of errors coming from commands
running from scripts, we found that a large number of “rndc reconfig”
requests (about 15-20% of all requests) error out with exit status 1
and the message:
rndc: ‘reconfig' failed: unexpected end of input
The “unexpected e
For those of you that like Javascript, and like it server side, there's
now an implementation of the RNDC protocol available for NodeJS:
<https://www.npmjs.com/package/bind9-rndc>
We hope people may find this useful.
Please note that this is not officially supported ISC software.
works on
the text of the configuration file. (I can't remember whether it includes
zones added by `rndc addzone` - I guess not.)
Tony.
--
f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode
Viking, North Utsire, South Utsire, Forties: Southerly or southwesterly,
veering northwesterly
Hi!
I would like to use this feature to check the status of my slave zones.
# rndc zonestatus nic.at
name: nic.at
type: slave
files: /etc/bind/zones/nic.at
serial: 2017121119
nodes: 77
next refresh: Tue, 19 Dec 2017 08:34:53 GMT
expires: Tue, 02 Jan 2018 07:50:08 GMT
secure: yes
inline signing
We recently received a bug report that newly-added zones (via rndc
addzone) were not inheriting the global allow-transfer directive
and could be transferred using AXFR by anyone able to access the
server to which they had just been added.
Further investigation revealed that the circumstances when
> Unfortunately that's not currently possible. The configuration syntax is
> misleading here. You configure forwarding in a view by putting a "zone"
> statement in named.conf, but it doesn't actually build a zone *object*,
> the way type "master" or "slave" does; it tells the server to set up a
> d
> I'm trying to add zone of type "forward" with rndc addzone, but it fails with:
Unfortunately that's not currently possible. The configuration syntax is
misleading here. You configure forwarding in a view by putting a "zone"
statement in named.conf, but it does
t it's empty
> and the next run of rndc addzone fails with "already exists".
Is the zone present in memory but not on disk, perhaps? Try something like:
$ curl -Ssf http://server:8053/json/v1/zones | grep name
Tony.
--
f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punyco
Original Message
Subject: Re: rndc addzone type forward
Local Time: November 16, 2016 5:50 PM
UTC Time: November 16, 2016 3:50 PM
From: e...@foowatch.com
To: bind-users@lists.isc.org
Original Message
Subject: Re: rndc addzone type forward
Local Time
Original Message
Subject: Re: rndc addzone type forward
Local Time: November 16, 2016 5:12 PM
UTC Time: November 16, 2016 3:12 PM
From: d...@dotat.at
To: Emil Natan
bind-users@lists.isc.org
Emil Natan wrote:
>
> I'm trying to add zone of type "forward" w
Emil Natan wrote:
>
> I'm trying to add zone of type "forward" with rndc addzone, but it fails with:
>
> rndc addzone zone.org '{type forward; forward only; forwarders {
> 192.168.20.115; }; };'
> rndc: 'addzone' failed: not found
I thin
Hello,
I'm trying to add zone of type "forward" with rndc addzone, but it fails with:
rndc addzone zone.org '{type forward; forward only; forwarders {
192.168.20.115; }; };'
rndc: 'addzone' failed: not found
I have allow-new-zones set to yes in named.conf.
On Tuesday, August 30, 2016, Woodworth, John R <
john.woodwo...@centurylink.com> wrote:
>
> I have a slightly unorthodox view on this which may even offer a bit more
>
> security. The answers are listed below inline.
>
> ...
Thanks, John.
Best regards,
-Tom
On Tuesday, August 30, 2016, Cathy Almond wrote:
> On 28/08/2016 02:48, Lyle wrote:
> > Use any in the allow stanza.
>
> You'll be using a shared key for this to work anyway, but I'd suggest
> being slightly more paranoid than 'any' in the allow stanza - perhaps
> the address range in which your
> My plan is to have two remote, authoritative name servers
> (master and slave) for my owned domains. I would like to use rndc
> to control them from my local host.
>
> A couple of questions:
Tom,
I have a slightly unorthodox view on this which may even offer a bit more
securit
On 28/08/2016 02:48, Lyle wrote:
> Use any in the allow stanza.
You'll be using a shared key for this to work anyway, but I'd suggest
being slightly more paranoid than 'any' in the allow stanza - perhaps
the address range in which your local machine is to be allocated its
address?
___
1 - 100 of 465 matches
Mail list logo
