On 3/9/2012 5:42 PM, Mark Andrews wrote:
In message, "M. Meadows" writes:
We've noticed that the following command gets a variable result:
dig -t txt exacttarget.com @ns2.exacttarget.com +short
We get 2 results from this. Seems to be somewhat random. They are:
"v=3Dspf1 a mx ip4:207.250.79.10
On 3/20/2012 5:19 AM, Matus UHLAR - fantomas wrote:
On 20.03.12 14:41, trm asn wrote:
Is there any mechanism to load balance Caching-DNS server. For example..
Cache-DNS1 : 192.168.1.98
Cache-DNS2: 192.168.1.99
Client : 192.168.1.199
When 192.168.1.199 send 10 request to query cache-dns then
On 3/29/2012 11:45 AM, Anand Buddhdev wrote:
On 29/03/2012 17:35, Paul A wrote:
Hi Paul,
However when I query kingstonmass.org I don't see any returned answer and it
eventually times out.
11:03:34.310559 2002:c690:8cc6:c:206:5bff:fe8e:334d.54795>
b2.org.afilias-nst.org.domain: 54297 NS? king
On 4/20/2012 10:55 AM, John Wingenbach wrote:
I've noticed the support in ARM for specifying both the "forward" and
"forwarders" configuration in a zone stanza for "slave" zones. What
is the purpose and value of specifying such? It seems contradictory
and confusing.
Yes, it is confusing IMO
On 5/8/2012 1:56 PM, Mike Bernhardt wrote:
Reading the section on delegation in the O'Reilly book, I'm confused about
something: The parent is configured to delegate the subdomain to the child
with glue records, etc. But how does the child know who to ask if a host in
the subdomain requests a rec
Selective forwarding and stub zones are available in Microsoft DNS, or
so I'm told...
(Although I feel obligated to point out that this is a BIND-oriented
list, so you may not get a lot of configuration advice for Microsoft
products).
On 5/20/2012 10:07 AM, Saif Ahmed wrote:
Hi,
I have configured authuritive only DNS,
It's respond well internally
But not answer the public quires,
options {
directory "/etc/named";
// version statement - inhibited for security
// (avoids hacking any known weaknesses)
version "not cu
**Configure sortlists to push those bad A records to the end of the
response. This may on the surface seem like a kludge, but remember, the
whole point of sortlists is to give preference to certain addresses over
others, and IMO, a working/reachable address is "preferred" over one
that isn't wo
On 6/11/2012 5:29 PM, Andris Kalnozols wrote:
On 6/11/2012 1:23 PM, Kevin Darcy wrote:
**Configure sortlists to push those bad A records to the end of the
response. This may on the surface seem like a kludge, but remember, the
whole point of sortlists is to give preference to certain addresses
out all IP applications). This is relatively easy for TCP.
https://www.isc.org/community/blog/201101/how-to-connect-to-a-multi-homed-server-over-tcp
Mark
In message<4fd66331.1050...@hpl.hp.com>, Andris Kalnozols writes:
On 6/11/2012 1:23 PM, Kevin Darcy wrote:
**Configure sortlists to
On 6/28/2012 4:27 PM, Martin McCormick wrote:
Is it possible to log the actual IP address of A records
being added or deleted? The kind of log entry I refer to is as
follows:
client 192.168.103.93#26446: updating zone 'osu/IN': adding an RR at
'lse213_sharpmx5111n.cas.osu' A
Is
On 7/1/2012 2:42 PM, J P wrote:
Hello all!
I understand RFC compliant DNS servers use AXFR and IXFR for synching
bewteen masters and slaves... and that this is the general scenario
for that purpose.
However, I need somebody to technically explain to me why cant I use a
DNS resolver daemon s
We've been running with 127.0.0.1 in /etc/resolv.conf for years, on a
wide variety of platforms (including Berkeley-derived ones), and never
run into this bug.
127.0.0.1 in /etc/resolv.conf is good from a configuration-consistency
standpoint: it helps prevent the fairly-common accident where
On 7/22/2012 7:27 PM, Andris Kalnozols wrote:
On 7/22/2012 10:19 AM, Paul Wouters wrote:
(I don't think this made it to the list before, mixup of email
addresses)
Please consider including this patch,
Paul
-- Forwarded message --
Date: Mon, 2 Jul 2012 17:45:08
From: Paul Wo
On 7/23/2012 6:23 PM, Kevin Darcy wrote:
On 7/22/2012 7:27 PM, Andris Kalnozols wrote:
On 7/22/2012 10:19 AM, Paul Wouters wrote:
(I don't think this made it to the list before, mixup of email
addresses)
Please consider including this patch,
Paul
-- Forwarded me
I'm assuming this "greatunwashed" view has recursion turned off, right?
If so, then the following approaches come to mind:
a) create a master zone for 5.37.58.216.in-addr.arpa in the
non-recursive view, putting the PTR record at the apex
b) become a "stealth" (unpublished) slave for 5.37.58.216.
There's no point in answering a "domain-less" SRV-record query, since
the whole point of the SRV record type is to allow clients to find
resources associated with a particular domain (and protocol/transport).
You need to set the proper domain on the client doing the lookup.
- Kevin
sue as I would expect the P-CSCF to
get that NXDOMAIN and be able to handle it, likely an openims bug.
thanks for all your replies!!!1
On Wed, Aug 15, 2012 at 10:57 AM, Kevin Darcy <mailto:k...@chrysler.com>> wrote:
There's no point in answering a "domain-less" SRV-record
BIND does not control what DNS queries clients send to it. That's a
client configuration issue. My preference is to not have any domain
suffixing at all (the practice leads to waste and inefficiency on the
infrastructure side, and potential security issues), but obviously not
everyone shares th
On 8/23/2012 6:09 PM, Kevin Oberman wrote:
On Thu, Aug 23, 2012 at 8:52 AM, Nikolay Shaplov wrote:
Hi!
I am trying to write a validator for name field of SRV record, and I met
several issues I can not understand. May be you can help me with that.
0. Bind does not really validate name of SRV r
On 8/23/2012 6:46 PM, Kevin Darcy wrote:
On 8/23/2012 6:09 PM, Kevin Oberman wrote:
On Thu, Aug 23, 2012 at 8:52 AM, Nikolay Shaplov wrote:
Hi!
I am trying to write a validator for name field of SRV record, and I
met
several issues I can not understand. May be you can help me with that.
0
Fine, the validator would confirm that the SRV's owner name is compliant
with RFC 6335, no more, no less.
- Kevin
On 8/23/2012 7:01 PM, Doug Barton wrote:
On 8/23/2012 3:49 PM, Kevin Darcy wrote:
Sorry, I meant to say that it's pretty clear that it *restricts* what
I wouldn't assume that BIND would _unconditionally_ reject
non-RFC-6335-compliant names. check-names can be set to warn, fail or
ignore.
- Kevin
On 8/25/2012 2:31 AM, Kevin Oberman wrote:
On Fri, Aug 24, 2012 at 8:38 PM, Kevin Darcy wrote:
On 8/30/2012 10:33 AM, Rick Coloccia wrote:
add this line to /etc/named.conf
include "locallyblockeddomains.zones";
contents of locallyblockeddomains.zones:
// This bind zone is intended to be included in a running dns server
for a local net
//
// It will return a 127.0.0.1 for the domains
On 8/31/2012 2:50 AM, sth...@nethelp.no wrote:
Again, it's not about how effective the block is or can be. Unless Italy
becomes like China or even worse (but the US had the chance end up
almost in the same situation very recently, so this is NOT an
Italian-only problem), there is no way to inhibi
On 8/31/2012 10:42 AM, Oscar Ricardo Silva wrote:
On 08/31/2012 08:22 AM, Kevin Darcy wrote:
On 8/31/2012 2:50 AM, sth...@nethelp.no wrote:
Again, it's not about how effective the block is or can be. Unless
Italy
becomes like China or even worse (but the US had the chance end up
almost i
On 9/5/2012 10:19 AM, Mark Andrews wrote:
In message <7e1c5160a2aa122a39e879c8343bf459.squir...@webmail.aminor.no>, "Eivi
nd Olsen" writes:
Mark Andrews wrote:
SunOS 5.8 is ancient (12+ year old)and no longer supported by Oracle.
I can't remember which version of BIND 8, SunOS 5.8 shipped with
On 9/14/2012 10:48 AM, Martin McCormick wrote:
I needed to delete the CNAME record of
physicscourses.okstate.edu. After the deletion, the host command
would silently exit successfully as if this alias was still
there. I have seen this behavior a few times before but am not
sure what triggers it a
On 9/14/2012 2:05 PM, Martin McCormick wrote:
Kevin Darcy writes:
I don't use "host" very much, but I would assume it returns a "successful"
exit code as long as the RCODE of the response is NOERROR. This would
explain the behavior you are seeing,
On 9/18/2012 9:45 AM, M. Meadows wrote:
dig www.careerone.com.au +short @8.8.8.8
www.careerone.com.au.edgesuite.net.
a903.g.akamai.net.
208.44.23.99
208.44.23.121
Why does the above dig work when
dig careerone.com.au +nssearch @8.8.8.8
SOA dns0.news.com.au. hostmaster.news.com.au. 2012082200 3
On 9/18/2012 12:59 PM, M. Meadows wrote:
Thanks Kevin. I understand how the chained alias works. Sorry, I
didn't explain my question very well.
I can see that the 8.8.8.8 google public dns server gets an answer.
I know that this domain has a cname coexisting with an SOA record and
NS record
On 10/12/2012 12:28 PM, James Tingler wrote:
Hello,
I'm getting what appears to be a common "error (unexpected RCODE
REFUSED) resolving" error. My research has lead me to disable IPv6
when starting the named service with "named -4" as it could be related
to IPv6 broken connectivity (of which
360 IN 2001:dc3::35
;; Query time: 147 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Mon Feb 18 13:29:18 2008
;; MSG SIZE rcvd: 615
"named.ca" 52L, 1892C
>>> "Kevin Darcy" 10/12/2012 1:20 PM >>>
On 10/12/2012 12:28 PM, James Tingle
You should think of DNS hosting, DNS resolution and DHCP, as separate
services that can either be put together on a single platform, or run on
separate platforms in various combinations, interoperating with each
other. Another important factor is whether your AD domain is colocated
with a bunch
On 10/24/2012 9:50 AM, Nicholas F Miller wrote:
On Oct 24, 2012, at 7:12 AM, Matus UHLAR - fantomas wrote:
We use Bind for all DNS including DDNS for our AD. We use GSS-TSIG to
control what record types and machines can make dynamic updates to our AD
zone. We use ISC's DHCP but don't allow it
On 10/24/2012 6:02 PM, Phil Mayers wrote:
Hell, if you've got WINS running and broadcast netbios, I think it's
still possible to log in with *no* working DNS at all.
At the risk of getting *totally* off-topic, no-one who cares about
security or about broadcast traffic on their LANs would ev
On 10/31/2012 5:15 PM, Phil Mayers wrote:
On 10/31/2012 06:51 PM, Doug Barton wrote:
It may or may not be strictly necessary to do this depending on
everything else you have in the zone, but it's safer in the long term to
do it this way.
Are you suggesting it's best of the OP creates "l2.exam
On 11/10/2012 1:39 PM, Ed LaFrance wrote:
Hello all -
First post to this list, hope I'm on the right place.
Running BIND 9.3.6-P1-RedHat-9.3.6-16.P1.el5 on a quadcore xeon server
(3Ghz) with 2GB RAM. Named is being used only for rDNS queries against
our address space.
The issue is that name
The .local TLD is "reserved" for link-local names, in the context of
multicast DNS ("mDNS"), however, I don't think mDNS has progressed
beyond the Internet Draft stage of the IETF Standards Track process. See
http://www.multicastdns.org for latest updates.
It would be imprudent to use .local f
On 11/14/2012 10:08 AM, Tony Finch wrote:
King, Harold Clyde (Hal) wrote:
I'm a bit confused by a user request. I think he is trying to keep some
hosts on the private side of DNS, but he wants to use a DNS name like
host.sub.local. I do not know of the use of the .local TLD except in
bonjure.
On 12/17/2012 11:04 AM, Ray Van Dolson wrote:
I'm not sure quite how to properly describe this, and as a result my
searches aren't turning up much
To support a legacy app, I need to have a domain defined called
"selfservice" so I can support resolution of "www.selfservice". Yes,
no trailing
On 1/8/2013 9:35 AM, Daniele wrote:
If I use BIND9 forwarding all the queries not belonging to my local
zones, it works.
But if I don't forward those queries, `dig` sometimes (and this is
weird) fails (with "connection timed out; no servers could be
reached") and the logs are full of "lame s
On 1/9/2013 10:57 AM, Carl Byington wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2013-01-09 at 14:37 +0200, Jan Gutter wrote:
So, here's my question: is there a way to share zones between views to
conserve memory?
One way is to put the master copy of those large zones in one vi
What do you have against Internet clients querying the storage device?
It's obvious that the storage device wants to serve that part of the DNS
namespace. If you don't want the clients to query the device "directly"
you could do it through a NAT, or proxy, or whatever. Anything other
than "dire
On 2/7/2013 1:42 PM, Matt wrote:
I am using Bind for caching only. Currently my VM only has IPv4
access. Is there a way to selectively forward any requests that only
have IPv6 nameservers to another DNS server that is dual stacked?
Hmmm... Is anyone actually publishing IPv6-accessible nameserve
On 2/8/2013 10:44 AM, Matt wrote:
Also, is there a way to specify a backup parent NS
and ONLY use it if primary fails?
Do you mean "NS" here? Or "forwarder"? I know of no way to manually
"preference" the forwarders in a list, although you might find that the
forwarder that responds fastest -- an
On 2/26/2013 11:39 AM, Robert Moskowitz wrote:
On 02/26/2013 11:14 AM, Phil Mayers wrote:
On 26/02/13 16:07, Robert Moskowitz wrote:
And I am having challenges with the forward option. It reads that
'forward only' will always ask the forwarder about the query and seems
to defeat caching? An
This is a combination of
a) your client appending a search suffix *before* looking up the
fully-qualified domain name _as_is_, and
b) your local nameserver, or something in your forwarding path (if you
have one), having a local definition of localdomain.com with a wildcard
entry in it
You cou
On 3/4/2013 3:26 PM, Verne Britton wrote:
On 3/4/2013 2:45 PM, Barry Margolin wrote:
In article ,
Verne Britton wrote:
I have been testing and testing and either just don't see what I'm doing
wrong, or have a learning block :-)
current thinking is that a open recursion DNS server is bad
On 3/14/2013 6:29 AM, Tony Finch wrote:
King, Harold Clyde (Hal) wrote:
Is there an option for bind like the allow-recursion { }
For blocking out going records of 10.0.0.0/8 and 192.168.0.0/16 so I could do a
view like:
I'm not sure what you mean by "blocking out going records" but there ar
I'm not sure what you're asking, exactly. Are you surprised that named
would respond on an IPv6 link-local address if configured with
"listen-on-v6 { any; };"?
- Kevin
On 3/22/2013 5:35 AM, Alok Raj wrote:
Hi,
How dig-command is able to resolve an ip using link-local address,
/etc/r
Works fine for me on RedHat 5.7 without a scope-identifier in
/etc/resolv.conf. I notice, however, that the stock dig
(9.3.6-P1-RedHat-9.3.6-16.P1.el5, yeah, I know I should upgrade) shows
the scope identifier in its output:
;; SERVER: fe80::250:56bf:fe8d:47b%2#53(fe80::250:56bf:fe8d:47b)
so
On 3/28/2013 3:28 PM, Ben-Eliezer, Tal (ITS) wrote:
Hello,
My organization is evaluating the use of split-view DNS in our
environment.
One of the challenges I've yet to overcome in my trials, is the
ability to minimize the administrative overhead of maintaining two
copies of the zone.
Up
On 3/29/2013 6:12 PM, Lawrence K. Chen, P.Eng. wrote:
- Original Message -
On Mar 28, 2013, at 12:28 PM, Ben-Eliezer, Tal (ITS) wrote:
I’ve spent hours researching a way to accomplish this without any
luck. Is there any way to accomplish what I’m trying to do?
No, not unless you want
On 3/19/2013 8:30 PM, Gerry Reno wrote:
On 03/19/2013 08:10 PM, b...@bitrate.net wrote:
On Mar 18, 2013, at 23.04, Gerry Reno wrote:
On 03/18/2013 10:25 PM, b...@bitrate.net wrote:
On Mar 18, 2013, at 20.27, Gerry Reno wrote:
Using BIND 9.8.2
When you setup Samba 4 AD DC using BIND9_DLZ
On 3/29/2013 12:09 AM, Doug Barton wrote:
On 03/28/2013 12:28 PM, Ben-Eliezer, Tal (ITS) wrote:
My organization is evaluating the use of split-view DNS in our
environment.
Simple ... don't do it. It's almost never the right answer, and as
you're learning carries with it more administrative ov
On 4/2/2013 2:00 AM, Doug Barton wrote:
On 04/01/2013 11:46 AM, Kevin Darcy wrote:
On 3/29/2013 12:09 AM, Doug Barton wrote:
On 03/28/2013 12:28 PM, Ben-Eliezer, Tal (ITS) wrote:
My organization is evaluating the use of split-view DNS in our
environment.
Simple ... don't do it. It
You can point PTR records anywhere you want. In fact, there's nothing
that even says that PTR records are limited to representing reverse
mappings, or that they can only appear in the in-addr.arpa hierarchy.
Strictly speaking, they're just name-to-name mappings, _sans_ the
special "aliasing" fu
Of course it's readable; your packet decoder isn't particularly smart,
however. You might want to consider saving off the capture and viewing
it in something like Wireshark.
In any case, you're returning 4 RRSIG records (that's what type 46 is),
all 13 root NSes in the Authority Section, and a
The last (and presumably final) point release (6.5) of NetWare was in
2003, only 4 years after RFC 2671. Just saying...
- Kevin
On 4/30/2013 7:08 PM, Pascal wrote:
Thank you. That does appear to be the problem.
-Pascal
On 4/30/2013 5:
On 5/20/2013 11:36 AM, Chris Buxton wrote:
On May 20, 2013, at 12:51 AM, Narcis Garcia wrote:
- Yes, I thought about not using DNS from the same internet provider,
but wanted to know if there is a way to patch only the .local response.
- This is the configuration I use in one of the LANs:
vi
Ugh, I'm trying _really_ hard not to be an annoying nitpicker (yeah, I
know, try harder :-), but...
The relevant verbiage of RFC 6762 is:
Caching DNS servers SHOULD recognize these names as special and
SHOULD NOT attempt to look up NS records for them, or otherwise
query authoritative
The rule of thumb is: BIND instances need access to a root zone. Either
a) you forward for it, or
b) you are authoritative (master or slave) for it, or
c) you're set up as a "stub" for it,
d) you prime it via the contents of an explicitly-configured "hints"
zone, or
e) you use the compiled-in In
On 5/26/2013 2:36 PM, Andreas Meile wrote:
Hello BIND users
The following post discusses some complexer questions in context with
enabling dual-stack in corporate networks. It's very TCP/IP generic
but has also a lot to do with DNS (and of course BIND which I use to
implement it => all example
Why would you use forwarding over links that are "neither fat nor
reliable"? Are you a masochist? Replication of the data is much
recommended over such links...
As for your "pecking order", what distinction are you drawing between
forwarding and recursion? Forwarding is recursive. The high-lev
The point of being authoritative is to have a full copy of the zone, so
that one is basically autonomous, not dependent on anyone else to
resolve names in the zone. In BIND terms, that means "type master" or
"type slave". That's why authoritative zones "override" forwarding,
since forwarding is
in response to a question from the field. I was certainly not
recommending a configuration. Not everyone has to deal with these
issues in a clinical environment. I do.
Alan
*From:*bind-users-bounces+ashackel=jhmi@lists.isc.org
[mailto:bind-users-bounces+ashackel=jhmi....@lists.isc.org]
I'm not sure I understand your concern. nsupdate will only update the
records you tell it to update. So, if you have a "static" record, then
don't target it with nsupdate and you should be fine.
When you dial a telephone number, do you worry that your dialing may
have "consequences" against te
On 7/24/2013 5:50 AM, Stephane Bortzmeyer wrote:
On Tue, Jul 23, 2013 at 02:30:49PM -0400,
Kevin Darcy wrote
a message of 565 lines which said:
When you dial a telephone number, do you worry that your dialing may
have "consequences" against telephone numbers that you *didn'
Since such behavior would flagrantly violate RFC 2181, Section 5, look
for a version prior to the publication date of that RFC (July 1997).
- Kevin
On 8/20/2013 3:14 PM, Nidal Shater wrote:
we know that BIND eleminate duplicate records, which version of BIND
that doesn't do
On 8/22/2013 12:55 PM, jo...@primebuchholz.com wrote:
Greetings All,
First of all, I apologize if this is out of place - I'm having a very
strange issue that is either a problem with bind itself, or at least,
affecting it. Summary:
For only ONE address, whenever I attempt to access it through
On 8/27/2013 1:07 PM, Colin Harvey wrote:
My environment is firewalled from the real world. For queries on
zones to which I'm not master, I want to recurse to a corporate
server. nslookup some.internal.hostname.com
internal.corporate.server works fine.
nslookup is a terrible DNS troubleshooti
On 8/28/2013 5:25 AM, Cathy Almond wrote:
On 27/08/13 21:28, Kevin Darcy wrote:
On 8/27/2013 1:07 PM, Colin Harvey wrote:
My environment is firewalled from the real world. For queries on
zones to which I'm not master, I want to recurse to a corporate
server. nsl
When RFC 1035 was written, the strict rules between SHOULD/MUST didn't
yet exist.
That "should" is to be considered a MUST from the standpoint of modern RFCs.
- Kevin
On 8/29/2013 2:31 PM, Steven Carr wrote:
On 29 August 2013 19:22, Stephane Bortzmeyer wrote:
I'm not sur
On 9/3/2013 5:24 PM, Mike Hoskins (michoski) wrote:
-Original Message-
From: /dev/rob0
Organization: RTFM
Reply-To: "bind-users@lists.isc.org"
Date: Tuesday, September 3, 2013 5:17 PM
To: "bind-users@lists.isc.org"
Subject: Re: detect if zone/s is frozen
On Tue, Sep 03, 2013 at 12:3
"host" performs A, and MX queries, by default. If you want to limit
it to a specific query type, use the "-t" option.
Having said that, I didn't get an NXDOMAIN for any of the query types,
from any of the delegated nameservers, when using dig, but I'm getting
SERVFAILs when using host, *a
On 9/28/2013 12:31 PM, sar...@slashroot.in wrote:
Hi Team,
I have an architecture where i have one bind server that is
forward-only and is authoritative for a domain ab.dc.example.com. It
should forward all requests other than it is authoritative for
(ab.dc.example.com) to a set of servers.
As others have pointed out, "allow-update-forwarding" only works for slaves.
Yet another reason to go with a large-authoritative-core approach,
instead of stringing stuff together with recursive arrangements. Would
you rather build an enterprise-strength DNS infrastructure from fragile
filamen
There's no way within the DNS protocol itself to reach out and tell a
nameserver to purge an entry in its cache that hasn't expired yet.
There are "out of band" ways: e.g. restart, recycle, rndc commands, etc.
All of those require admin access to the nameserver instances in
question. But nothi
Are these queries mostly for names in an Active Directory domain? The
default for Active Directory is for *every* Domain Controller to
register NS records at the apex of the AD domain. Pretty soon, for any
reasonably-sized AD infrastructure, all of those NSes cause *all*
queries for *any* name
Although you lump them together, forwarding and delegation are very
different things.
Forwarding is a way to bypass the normal resolution mechanism, forcing
your resolver to essentially "daisy-chain" recursion on behalf of a
requesting recursive client. Another way to put it, is that you're
d
There's no requirement that the contents of SOA.MNAME have a matching A
record in the zone. Even if such a formal requirement existed, you might
be able to satisfy it by putting an A record of 0.0.0.0 in the zone.
That doesn't expose much :-)
If you're paranoid about zone expiration, tune the
Views are like any advanced technology or technique in IT: if understood
and used properly, they can be a big benefit; poorly understood and/or
implemented, they can create a huge, unsupportable mess.
I try to keep the number of views to a minimum, but given the complexity
I have to deal with,
On 1/2/2014 5:47 PM, Johan Ihrén wrote:
On 02 Jan 2014, at 16:37 , Alan Clegg wrote:
On Jan 2, 2014, at 9:19 AM, wbr...@e1b.org wrote:
Use views
Views +1
When were views added to BIND? We started using using multiple servers in
BIND 4, and I don't recall views being available back then, b
nment is to have no views at all (or,
technically, only the "default" view), but I won't hesitate to implement
views where they make sense as temporary "bridge" measures and/or for
legitimate business reasons.
- Kevin
On 1/3/2014 6:20 PM, Johan Ihrén wrote:
Hi,
On
If the domain owner *really* feels that they have to publish *some*
address record for a particular name, but there is no available service
at that name, then the null or "unspecified" address (IPv4 = 0.0.0.0,
IPv6 = ::0) is the appropriate value to put there.
Loopback is anti-social; an appar
If the names of the referred nameservers are in the domain of the
referral (e.g. *.example.com nameservers referred for the example.com
delegation), then it is *mandatory* to fill in the Additional Section
with the relevant A/ address records, since there is no other way
for the referral to
Ugh, that mixes apples (recursive resolution) and oranges (iterative
resolution).
Use a "stub" zone if you want to "override" published NSes _without_
crossing the very-important boundary between iterative and recursive
resolution.
- Kevin
On 2/17/2014 4:09 AM, Steven Carr wrote:
O
...
- Kevin
On 2/17/2014 5:44 PM, Doug Barton wrote:
On 02/17/2014 11:37 AM, Kevin Darcy wrote:
Ugh, that mixes apples (recursive resolution) and oranges (iterative
resolution).
Out of curiosity, what bad thing do you think will happen if you mix
these two
ive to forwarding, than
to complain about "mixing".
- Kevin
On 2/17/2014 5:56 PM, Kevin Darcy wrote:
Bad performance, bad reliability, clandestine IP-over-DNS tunnels
between networks that are supposed to be isolated...
Is that enough?
Understanding the pros and cons of iterative versus rec
Indeed. Regular "stub" only overrides the parent's delegation NS
records; "static-stub" overrides the apex NS records of the zone as
well. My uses of the words "stub" (which I intended to cover both forms
of "stub"bing) and "published" (which I intended to cover both the
delegating and apex rec
Not a good solution. Even under "normal" circumstances, there will be
temporary bottlenecks, dropped packets, etc.. that will trigger failover
and users will get different answers at different times. Not good for
support, maintainability, user experience/satisfaction, etc.
If all you want is r
uired by local DNS
server only when all name servers in the NS records are out of service
( maybe in case of ddos attack).
Guanghua
--
On 2/19/2014 11:54 AM, Kevin wrote:
Date: Wed, 19 Feb 2014 11:54:44 -0500
From: Kevin Darcy
To: bind-users@lists.isc.org
Subject
records.
Also-notify directive. Either in an options stanza or a zone stanza.
>
> thanks,
> Guanghua
--
Daniel J McDonald, CISSP # 78281
> Date: Thu, 20 Feb 2014 10:48:36 -0500
> From: Kevin Darcy
> To: bind-users@lists.isc.org
> Subject: Re: how to hidden the salve
>
ic NSs are out of service.
Thanks!
Guanghua
> Date: Mon, 24 Feb 2014 13:41:03 -0500
> From: Kevin Darcy
> To: bind-users@lists.isc.org
> Subject: Re: how to hidden the salve
> Message-ID: <530b923f.8070...@chrysler.com>
> Content-Type: text/plain; charset="iso-8859-
Options:
1) Change nameservice-switch order (e.g. /etc/nsswitch.conf) on your
hosts to prefer another source of name resolution (e.g. /etc/hosts)
which can resolve the shortname. Thus DNS is never used for these lookups
2) Simply :-) change your DNS architecture fundamentally, from one which
f
On 3/10/2014 6:05 PM, Andreas Ntaflos wrote:
On 2014-03-10 22:23, Kevin Darcy wrote:
Options:
First, thanks a lot for the reply! So it seems what I described is
indeed the expected behaviour for the type of DNS we operate?
1) Change nameservice-switch order (e.g. /etc/nsswitch.conf) on
First of all, don't use .loc as an internal TLD. There are *many*
proposals in process with ICANN for establishing new TLDs, and for all
you know, .loc might be one of them. If .loc gets established on the
Internet, and you're using it internally, that presents abundant
opportunities for confus
t.
. 3600 NS another.example.net.
server.example.net. 3600 A 1.2.3.4
another.example.net. 3600 A 1.2.3.5
It's for a school project.
Regards, Peter
On 12/03/14 19:56, Kevin Darcy wrote:
First of all, don't use .loc as an internal TLD. There are *many*
proposals in process with ICANN f
On 3/14/2014 8:28 AM, Maren S. Leizaola wrote:
Hello,
What do you guys recommend to audit every resource
record in a zone file against all the records in all the DNS servers
that host the zone file.
I want something that I feed the master zone file and then goes to each
NS serv
1 - 100 of 597 matches
Mail list logo