Slave zero-TTL on CNAMES

Hi how is that below possible? * ns2.thelounge.net = Master * ns1.thelounge.net = Slave * both are using the same packages (VMwware clones) * i removed the zone file on the slave and restarted named * the zone was transferred for sure again with that new "binary format" * that affactes *any* zone

Re: Slave zero-TTL on CNAMES

uhm - look at the bottom - *they have* a zero TTL after named-compilezone Am 05.06.2014 16:48, schrieb Reindl Harald: > Hi > > how is that below possible? > > * ns2.thelounge.net = Master > * ns1.thelounge.net = Slave > * both are using the same packages (VMwware clones) &

Re: Slave zero-TTL on CNAMES

ORIGIN rhsoft.net. $TTL 0 ; 0 seconds autoconfig CNAME autoconfig.thelounge.net. autodiscoverCNAME autodiscover-non-tls.thelounge.net. Am 05.06.2014 17:02, schrieb Reindl Harald: > uhm - look at the bottom - *they have* a zero TTL after named-compilezone > > Am

Re: Slave zero-TTL on CNAMES

Am 05.06.2014 17:58, schrieb /dev/rob0: > On Thu, Jun 05, 2014 at 05:21:47PM +0200, Reindl Harald wrote: >> what the hell invents "$TTL 0 ; 0 seconds" lines before >> each CNAME block while on the master there is exactly >> one TTL line with 86400 on top of the fi

Re: Slave zero-TTL on CNAMES -> no ip nat service alg udp dns

CNAME proxy.thelounge.net. proxy.thelounge.net.86400 IN A 91.118.73.4 ;; Query time: 14 msec ;; SERVER: 91.118.73.16#53(91.118.73.16) ;; WHEN: Do Jun 05 20:15:17 CEST 2014 ;; MSG SIZE rcvd: 89 > On Jun 5, 2014 12:43 PM, "Reindl Harald" <mailto:h.rei...@thelounge.net&

slave: WARNING: recursion requested but not available

Hi another thing i noticed while debug the cisco zone-transfer troubles: "ns1.thelounge.net" and "ns2.thelounge.net" are authoritative for both domains: * thelounge.net * rhsoft.net MASTER: ns2.thelounge.net SLAVE: ns1.thelounge.net why does in case of asking the slave always come a "WARNING:

Re: slave: WARNING: recursion requested but not available

Am 06.06.2014 13:28, schrieb Matus UHLAR - fantomas: > On 06.06.14 13:13, Reindl Harald wrote: >> why does in case of asking the slave always come a >> "WARNING: recursion requested but not available" >> even if you dig a A-record he is authoritative? > >

Re: slave: WARNING: recursion requested but not available

Am 06.06.2014 13:40, schrieb Phil Mayers: > On 06/06/14 12:35, Reindl Harald wrote: >> >> Am 06.06.2014 13:28, schrieb Matus UHLAR - fantomas: >>> On 06.06.14 13:13, Reindl Harald wrote: >>>> why does in case of asking the slave always come a >>>>

Re: slave: WARNING: recursion requested but not available

Am 06.06.2014 20:20, schrieb Kevin Darcy: > On 6/6/2014 7:35 AM, Reindl Harald wrote: >> Am 06.06.2014 13:28, schrieb Matus UHLAR - fantomas: >>> On 06.06.14 13:13, Reindl Harald wrote: >>>> why does in case of asking the slave always come a >>>> "

Re: dont understand dns tree with fishing email url , dns-friewall

Am 08.06.2014 23:16, schrieb Hans-Cees Speel: > I got a fishing email and for my dns-firewall I want to find the dns server > that serves the domain. > > Somehow it doesn't work, so they probably use a trick. > > They want you to click this link: > > https://bit.ly/1lfxB4n > > parsing it with

Re: Private IP address in A record

Am 27.06.2014 06:11, schrieb Teerapatr Kittiratanachai: > I know that this kind of implementation isn't be recommended, but I > don't understand that why some DNS servers can answer the record as > normally while another can't. if there is a cisco-router with NAT between anything can happen of i

Re: Using a DynDNS hostname in master-statement for a bind slave?

Am 27.06.2014 17:27, schrieb Johannes Kastl: > sorry if this is a stupid question, I would love to get a RTFM > pointing me to the right documentation (I found none...). > > My setup is like this (at least that is my plan): > > In my home network I have: > Host A with bind as master for my zone

rate-limit and Facebook IP's

am i the only one facing all day long serveral facebook networks hit RRL on both nameservers? for me there are only two options to explain that: * facebook is too dumb to cache responses (TTL a day) * that's part of a well distributed amplification trying not make much noise on the single involv

Re: rate-limit and Facebook IP's

242 LEN=74 TOS=0x00 PREC=0x00 TTL=80 ID=50078 PROTO=UDP SPT=47769 DPT=53 LEN=54 Am 30.06.2014 14:22, schrieb Reindl Harald: > am i the only one facing all day long serveral facebook > networks hit RRL on both nameservers? for me there are > only two options to explain that: > >

Re: daemon warning

deamons binding privileged ports should be started as root because they have some tasks to do before drop privileges Am 01.07.2014 16:55, schrieb Stewart, Larry C Sr CTR DISA JITC (US): > So I logged in as the user that I normally start named with and I get the > following error: > > Named: chro

Re: rate-limit and Facebook IP's

Am 01.07.2014 17:27, schrieb Carl Byington: > On Tue, 2014-07-01 at 16:45 +0200, Reindl Harald wrote: >> 30-Jun-2014 13:24:31.717 rate-limit: limit NODATA responses to >> 69.171.248.0/24 for ns1.thelounge.net IN (1abd134b) > > I also see the rate limiting kicking in f

Re: daemon warning

Am 01.07.2014 17:46, schrieb Matus UHLAR - fantomas: >> You need to start named as root for it to be able to chroot. (Unless >> Solaris has some cunning fine-grained privilege feature I don't know >> about.) > > On 01.07.14 15:18, Stewart, Larry C Sr CTR DISA JITC (US) wrote: >> Ok so that was no

Re: problem with NS record resolution

Am 02.07.2014 14:00, schrieb Manuel Ramirez Montero: > scgal1 NS sipgal1 > scmol1 NS sipmol1 > sipgal1 A 10.1.32.224 > sipmol1 A 10.1.32.222 why don't you just use FQDN instead "sipgal1" and "sipmol1"? that b

Re: Cannot get "allow-query-on" to work

Am 02.07.2014 17:08, schrieb Bob Harold: > I am using Ubuntu 12.04.4, BIND 9.8.1-P1, and just added: > > allow-query-on { 127.0.0.1; }; > > To the default /etc/bind/named.conf.options file. > That should make it only answer queries sent to 127.0.0.1, and not > answer queries sent to the server'

Re: Cannot get "allow-query-on" to work

; (Actually, both data center and users have two anycast resolver IP's each, so > double the above sets of servers.) > The authoritative servers are a separate set of servers, not using anycast, > not involved in this. > > On Wed, Jul 2, 2014 at 11:12 AM, Reindl Harald <ma

Re: test bind before moving to production

Am 04.07.2014 04:29, schrieb brian: > I can't get this to work. I'm trying to use the test url . > When I open it in my browser, I get a server not found error. > > In /etc/resolv.conf I changed nameserver 127.0.0.1 > > I created the file /var/named/tst.com.zone and added: > @ IN N

Re: test bind before moving to production

tc/resolv.conf I changed nameserver 127.0.0.1 >>> >>> I created the file /var/named/tst.com.zone and added: >>> @ IN NS ns.example.com. >>> ns IN A 127.0.0.1 > > On 04.07.14 11:36, Reindl Harald wrote: >> there is no &qu

Re: Two hidden masters - sending notifications to public slaves.

Am 07.07.2014 13:22, schrieb Maren S. Leizaola: > We are setting up to do zone generations of two separate hidden masters which > will take turns on the zone generation. > > Public/visible DNS servers "should" get notifies from both servers and select > the one with the with the highest > seri

Re: Checking proper SPF record

> IN TXT "v=spf1 mx a ip4:192.168.1.11/32 ip4:192.168.2.11/32 > a:smtp.example.com a:smtp1.example.com -all" go away with anonymized data if you want help espcially in case of data which will made public anyways signature.asc Description: OpenPGP digital signature

Re: slave zone files unreadable

Am 09.07.2014 10:29, schrieb Manuel Ramirez Montero: > since i have upgraded to 9.9.5-P1 is not possible to read slave zone files. > I have read an article about this : > > https://kb.isc.org/article/AA-00608/0/Converting-Zone-Files-Between-Text-and-Raw-Formats.html > > convert raw zone file "ex

Re: slave zone files unreadable

Am 09.07.2014 14:07, schrieb Anand Buddhdev: > On 09/07/2014 13:21, Reindl Harald wrote: > >> dunno, but i perfer text-format anyways >> >> * masterfile-format text; * delete the zone file on the slave * >> restart the slave > > Plain text zone files ar

Re: slave zone files unreadable

Am 09.07.2014 14:13, schrieb Reindl Harald: > Am 09.07.2014 14:07, schrieb Anand Buddhdev: >> On 09/07/2014 13:21, Reindl Harald wrote: >> >>> dunno, but i perfer text-format anyways >>> >>> * masterfile-format text; * delete the zone file on the slav

Re: slave zone files unreadable

Am 12.07.2014 03:08, schrieb Mark Andrews: > If we could get people away from wanting to use a editor on master > files directly we would. The practice is highly error prone even > for experts. uhm people wrote interfaces to generate them :-) i am one of that people because no other software is

Re: slave zone files unreadable

Am 12.07.2014 04:48, schrieb Alan Clegg: > On 7/11/14, 9:41 PM, Reindl Harald wrote: > >> i am one of that people because no other software >> is flexible enough or comes with dependency hell > > nsupdate > > If BIND is installed, no dependencies and about as f

Re: Public facing authoritative NS all masters

Am 12.07.2014 16:11, schrieb Gary Wallis: > DNS experts, > > What are the drawbacks, if any, of running only master name servers for the > set of authoritative NSs? > > For example given: > > [root@rc37 unxsVZ]# dig latimes.com NS +short > dns1.tribune.com. > dns2.tribune.com. > dns4.tribune.

Re: Public facing authoritative NS all masters

Public facing authoritative NS all masters Datum: Sat, 12 Jul 2014 16:23:15 +0200 Von: Reindl Harald An: bind-users@lists.isc.org Am 12.07.2014 16:11, schrieb Gary Wallis: > DNS experts, > > What are the drawbacks, if any, of running only master name servers for the > set of authorita

Re: Does bind read /etc/hosts?

Am 16.07.2014 03:27, schrieb houguanghua: > Sorry for what I said isn't very clear you wheer clear > I did know when the /etc/hosts is accessed in the OS agreed > What I want to know is whether the named access the hosts file > The /etc/hosts file isn't in the client's system, for bind applie

Re: Does bind read /etc/hosts?

Am 16.07.2014 04:55, schrieb Mark Andrews: > In message <53c5e714.5080...@thelounge.net>, Reindl Harald writes: >>> Can the LDNS return 10.10.10.1 defined in the /etc/hosts to the >>> client? >>> maybe some special configuration in named can support this feat

Re: Why the heck my NS are not working

Am 20.07.2014 09:21, schrieb Blason R: > Though it may not relevant with BIND but I need help with NS servers which > are now hosted inside. I have a domain > hosted with godaddy and godaddy were the DNS as well as registrars. Now I > have setup my own DNS server inside my > network and pointed

Re: Reload BIND to listen on additional interface?

Am 31.07.2014 um 13:24 schrieb Johannes Kastl: > in the quest to use a master behind a Router with changing IPs, I set > up a VPN and told bind on both sides to listen on the additional VPN-IPs. > > But, sometimes they are not available at bind startup or the VPN loses > connection. So, when the

Re: rndc

Am 31.07.2014 um 17:41 schrieb /dev/rob0: > On Thu, Jul 31, 2014 at 01:32:03PM +0200, Reindl Harald wrote: >> i am doing reloads of named with "killall -HUP named" just because >> i disabled rndc completly for security reasons and configurations >> are generat

Re: rndc

Am 31.07.2014 um 20:51 schrieb /dev/rob0: > On Thu, Jul 31, 2014 at 12:11:40PM -0400, Kevin Darcy wrote: >> kill -HUP is way more disruptive than necessary for a mere >> interface scan. It's overkill. > > Furthermore, on a server with lots of zones, it could cause a DoS > while zones are reload

Re: rndc (and now nsupdate too)

Am 31.07.2014 um 21:08 schrieb /dev/rob0: > On Thu, Jul 31, 2014 at 05:56:08PM +0200, Reindl Harald wrote: >> don't get me wrong but if someone creates *any* bind >> configuration and zone-files with self developed software > > ... that someone is almost surely do

Re: OT: Authoritative Server returning RR's with decrementing TTL's?

Am 31.07.2014 um 21:56 schrieb Ray Van Dolson: Not BIND-related specifically... (though the server below could be running BIND I suppose). This seems weird. Why is this authoritative server returning *some* answers with decrementing TTL's? zone delegation as example in that case it may be a

Re: Logs problem with Bind 9.9.4

Am 01.08.2014 um 11:56 schrieb ahmed salim: > we recently installed Bind 9.9.4 on CentOS 7, and it's working properly. > the only problem that we have is the (logging), we can't stop logging. > First thing I tried is to disable IPv6 logs, by editing > "/etc/sysconfig/named" and make (OPTIONS="-4

Re: rndc (and now nsupdate too)

Am 01.08.2014 um 15:14 schrieb Mike Hoskins (michoski): > From: Tony Finch > Date: Friday, August 1, 2014 at 5:31 AM > To: Reindl Harald > Cc: "bind-users@lists.isc.org" > Subject: Re: rndc (and now nsupdate too) > >> Reindl Harald wrote: >>&g

Re: rndc (and now nsupdate too)

; refer to that below! Weitergeleitete Nachricht Betreff: Re: rndc (and now nsupdate too) Datum: Thu, 31 Jul 2014 14:08:48 -0500 Von: /dev/rob0 Antwort an: bind-users@lists.isc.org Organisation: RTFM An: bind-users@lists.isc.org On Thu, Jul 31, 2014 at 05:56:08PM +0200, Reindl

BIND and listening on interfaces

the thread yesterday reminded me on my Fedora bugrpeort https://bugzilla.redhat.com/show_bug.cgi?id=1073038#c3 https://bugzilla.redhat.com/show_bug.cgi?id=1073038#c8 i don't buy "Note that destination IP address must be known and set correctly in reply, otherwise clients will be confused" because

Re: BIND and listening on interfaces

Am 01.08.2014 um 17:16 schrieb Barry Margolin: > In article , > Reindl Harald wrote: > >> the thread yesterday reminded me on my Fedora bugrpeort >> https://bugzilla.redhat.com/show_bug.cgi?id=1073038#c3 >> https://bugzilla.redhat.com/show_bug.cgi?id=1073038#c8 &

Re: BIND and listening on interfaces

Am 01.08.2014 um 18:06 schrieb Phil Mayers: > Binding separate sockets per IP is IMO just as reliable, and is well tested. > If you > weren't so opposed to "rndc", you could just call "rndc reconfig" in whatever > network system/dispatch tool you have after IPs - or wait for bind 9.10. it's not

php-library added -> Re: rndc (and now nsupdate too)

> This recent thread, in which people are describing their scripts and > GUI provisioning systems makes me think we should recruit a few of > you who think you have a sweet provisioning system at least i add the library i developed to maintain zone-files which needs translation of the comments, to

Re: Logs problem with Bind 9.9.4

;) > but I still getting them in my logs > > thank you for your help > > On Fri, Aug 1, 2014 at 1:01 PM, Reindl Harald <mailto:h.rei...@thelounge.net>> wrote: > > Am 01.08.2014 um 11:56 schrieb ahmed salim: > > we recently installed Bind 9.9.4 on CentO

Re: Logs problem with Bind 9.9.4

jesus christ learn to use mailing-lists, stop to reply in private and strip your qutes Am 02.08.2014 um 10:29 schrieb ahmed salim: > On Sat, Aug 2, 2014 at 10:24 AM, Reindl Harald <mailto:h.rei...@thelounge.net>> wrote: > > why do you reply off-list, in HTML and top-po

Re: ISP caching server setup

interesting, that is indeed wrong configured http://www.intodns.com/losscontrol360.com on the other hand all my recursive bind 9.9.4 nameservers resolve it as well my homeserver which is using the caching named on the office as forwarder also the unbound instance running as caching server on our

Re: ISP caching server setup

Am 07.08.2014 um 00:33 schrieb Noel Butler: > Apart from stupid SOA values, losscontrol360.com seems OK OK? the failing NS query is caused by the errors below this domain only works by luck from time to time [harry@srv-rhsoft:~]$ dig NS losscontrol360.com ; <<>> DiG 9.9.4-P2-RedHat-9.9.4-15.P2.

Re: bind-users Digest, Vol 1909, Issue 1

Am 07.08.2014 um 12:09 schrieb Abdul Khader: To: Xuan Hung , bind-users@lists.isc.org, bind-users-boun...@lists.isc.org, jared.emp...@zitomedia.com, dave.berna...@zitomedia.com, ma...@isc.org, h.rei...@thelounge.net PLEASE don't do that * just respond to the list * quote what yo

Re: Logs problem with Bind 9.9.4

ou are wrong so if you have nothing to say go back from where you came Am 08.08.2014 um 12:11 schrieb Nick Edwards: > bugger off with your dictatorship > do not bring it here like you take it every list you go to, well, > those that you have not been kicked off of that is > > On 8/2/

Re: Logs problem with Bind 9.9.4

ick Edwards not me the two lines from two posts he quoted days later where only *one lien* of a reply and if someone quotes selective days later like Nick to personally attack me i have the right to defend taht - PERIOD > On Fri, Aug 8, 2014 at 6:33 AM, Reindl Harald wrote: >> who do yo

Re: unable-resolving (Mohammed Ejaz)

Am 09.03.2015 um 14:08 schrieb Mohammed Ejaz: We don't allow others to get query from our dns server, it allows only permited IP we have ACL enabled to our sunbnet only. but than it is pretty clear that your customers can't resolve www.twitter.com using your DNS server because you are hardly

Re: Single slave zone definition for two view (cache file name problem)

Am 18.03.2015 um 16:31 schrieb Konstantin Stefanov: I wrote earlier and may repeat again. The feature for me is not using the same file, the feature is having a clear and maitainable config. In this case it means to have only one description for a zone. did you ever consider provisioning your

Re: Weird ping/traceroute proxying effect

Am 18.03.2015 um 17:37 schrieb The Doctor: In article , Jukka Pakkanen wrote: Are you using IP addresses or domain names when testing? If it works with = IP address, but not with names, the sec. DNS server is lacking proper DNS s= ervices itself. Both name and IP Adresses resolve. That is

Re: BIND not loading into memory on first transfer

Am 26.03.2015 um 19:34 schrieb Frank Even: Zone files were in place for the necessary domains, but were outdated (assuming one of our updates broke something somewhere, they were all on average 3 months old) I guess the question really is, is this expected behavior or a bug? after 3 months th

Re: com.google how did they do that

Am 01.04.2015 um 20:42 schrieb Thomas Schulz: As of the time I am sending this, you can point your browser to http://com.google and get a web page. How did they get com.google to resolve? .google is just another new TLD signature.asc Description: OpenPGP digital signature ___

Re: bind-users Digest, Vol 2083, Issue 1

Am 05.04.2015 um 17:52 schrieb STEPHEN EYRE: The aim is to make it authoritive as well as hosting my web sites but a authoritive nameserver don't need nor should it do recursion for foreign zones, it only should respond for the zones he is authoritative for and so the behavior is correctly,

Re: bind-users Digest, Vol 2084, Issue 1

Am 06.04.2015 um 17:37 schrieb STEPHEN EYRE: My named.conf.options is as follows Options { directory "/var/cache/bind"; recursion no; allow transfer { none; }; dnssec-validation auto; auth-nxdomain no; listen-on { any; };

Re: bind-users Digest, Vol 2085, Issue 1

Am 07.04.2015 um 09:15 schrieb G.W. Haywood: Hi there, On Tue, 7 Apr 2015, bind-users-requ...@lists.isc.org wrote: Please guys, trim your posts. Some of us are on the digest list nobody forced you to chose that and so don't demand others to minimize their posts because of your personal set

Re: Getting an error on a very simple DNS configuration

Am 08.04.2015 um 23:52 schrieb Samad Agha: Ok, I corrected that and was able to restart named w/o any errors: [root@new-dns1 etc]# service named restart Stopping named:[ OK ] Starting named:[ OK ] [root@

Re: Suppress log entry...

Am 13.04.2015 um 08:08 schrieb SH Development: Is there a way to suppress the build information in the log every time BIND restarts/reloads? I’m getting: to filter that out is the job of the syslog daemon rsyslog.conf: :msg, contains, "host=x86_64-redhat-linux-gnu" stop built with '--bui

Re: Suppress log entry...

Am 13.04.2015 um 19:14 schrieb SH Development: For me, it’s in the interest of keeping clean easy to read log files. Seems like this info should be available to turn on and off when needed for debugging, not every time the config is changed. this line appears only when named is started in

Re: Future of BIND's built-in empty zone list

Am 14.05.2015 um 18:29 schrieb Chris Thompson: Now that RFCs 7434 & 7435 have been published, how do ISC see the future of the seemingly ever-expanding built-in empty zone list in BIND? One possibility that seems plausible to me is to add EMPTY.AS112.ARPA to the list now, and remove existing en

Re: shutting up logs

Am 15.05.2015 um 02:01 schrieb Nick Edwards: skipping nameserver 'ns5.concord.org' because it is a CNAME, while resolving '210.128-25.119.138.63.in-addr.arpa/PTR' I have logs grow by about 30 megs a day with pretty much only this in it (of course not always same remote server), how do I shut

Re: shutting up logs

Am 15.05.2015 um 08:56 schrieb G.W. Haywood: Hi there, On Fri, 15 May 2015, Reindl Harald wrote: Am 15.05.2015 um 02:01 schrieb Nick Edwards: > skipping nameserver 'ns5.concord.org' because it is a CNAME, while > resolving '210.128-25.119.138.63.in-addr.arpa/PTR

Re: bind9 Numerous recent - error (FORMERR) resolving 'dns3.registrar-servers.com/AAAA/IN'

Am 28.05.2015 um 06:26 schrieb David C. Rankin: On 05/26/2015 05:31 PM, Mark Andrews wrote: Well 208.67.220.220 returns the wrong SOA record which is why you are getting the message. For that matter why are you talking to 208.67.220.220 in the first place? It is not normally involved in resol

Re: file descriptor exceeds limit

Am 19.06.2015 um 18:44 schrieb Mike Hoskins (michoski): I suppose the only way to avoid any "intermediate" firewalls would be to place everything you run on a LAN segment hanging directly off your router/Internet drop with host based firewalls well, if the router is from Cisco and has NAt ena

Re: bind-web-based control panel

Am 07.07.2015 um 11:26 schrieb Ejaz: Dees bind support for web-based control panel? I need one that can automatically push updates to both the master and slave servers, as well as having logins for customers to modify their zone information. bind itself - no - there are for sure webuis, we h

Re: servfail only for a zone

Am 13.07.2015 um 19:19 schrieb Lucio Crusca: I have two nameservers, the master and its slave, and they work ok for several zones. However for one of the zones (aquilacorde.com), the slave replies with SERVFAIL, and I don't understand why check if the zone failed to update from the master and

Re: servfail only for a zone

Am 13.07.2015 um 20:15 schrieb Lucio Crusca: Il 13/07/2015 19:51, Darcy Kevin (FCA) ha scritto: Half an hour is ridiculous, to be honest. Unless you have 24x7x365 eyes-on-glass looking for zone transfer failures *constantly* and ready and able to *instantly* pounce on any such problems and fix

Re: Zone refresh error: refresh: retry limit for master a.b.c.d#53 exceeded

Am 13.07.2015 um 21:46 schrieb Anand Buddhdev: On 13/07/15 21:31, Anand Buddhdev wrote: So what could cause these SOA lookup failures in BIND on one server, but not another? Could the developers tell me how BIND does SOA queries over UDP, and is there any way to mimic this with dig? Oops. I

Re: Need for Additional Records in a

Am 22.07.2015 um 08:21 schrieb Harshith Mulky: When we are getting Additional Section for a DNS Response like this, What is the need for this ADDITIONAL SECTION? Why is this *ADDITIONAL SECTION *returned? to save the client a query for that record Is there a way to turn off these *ADDITIONAL

Re: How to properly update chroot-bind

Am 28.07.2015 um 09:10 schrieb Matus UHLAR - fantomas: On 27.07.15 18:28, Leandro Roggerone wrote: Hello , guys, I would like to know how to properly update my chroot bind version. I still can not get some nice doc / info about it. Im using: [root@centos-dns1 ~]# named -v BIND 9.8.2rc1-RedHat-

Re: How to properly update chroot-bind

Am 28.07.2015 um 10:56 schrieb Matus UHLAR - fantomas: but you *never ever* should only update specific packages on a RHEL/CentOS system because that is *not supported and tested* at all No? What are dependencies for, then? Or don't yum/RPM support them in the way debian does? (that is why it'

Re: Order and Preference Priority in DNS Responses

Am 03.08.2015 um 13:38 schrieb Harshith Mulky: I wanted to understand how Order and Preference Values have an impact on the answers Received from the DNS Server I am asking because, I have 4 records for NAPTR Query, as below carrier1.com 86400 IN NAPTR 50 50“s” “SIPS+D2T” ““ “_si

Re: ERROR : - writeable file 'data/udalgurijudiciarygov.hosts': already in use: /etc/nicnet2007.govdomain:15424 - loading configuration: failure

Am 03.08.2015 um 16:50 schrieb Heiko Richter: Am 03.08.2015 um 08:08 schrieb Mukund Sivaraman: Hi Prakash On Mon, Aug 03, 2015 at 10:14:50AM +0530, prakash wrote: Aug 3 09:59:34 govindnsvm named[7436]: /etc/nicnet2007.govdomain:15424: writeable file 'data/udalgurijudiciarygov.hosts': alrea

Re: ERROR : - writeable file 'data/udalgurijudiciarygov.hosts': already in use: /etc/nicnet2007.govdomain:15424 - loading configuration: failure

Am 03.08.2015 um 16:59 schrieb Anand Buddhdev: On 03/08/15 16:50, Heiko Richter wrote: Hi Heiko, Why use the "file" option at all on a slave? If you don't use the "file" option on a slave, then BIND does not write the zone to disk. This is okay for a small number of small zones. But if you

Re: configuration error in lists.isc.org

Am 07.08.2015 um 01:25 schrieb Heiko Richter: Whenever I post something to the list (I'm not using SMTP, I'm using a usenet server to post to comp.protocols.dns.bind), my postmaster address receives DMARC notifications from list members that have employed this wonderful protocol on their servers

Re: [OT] Re: configuration error in lists.isc.org

Am 07.08.2015 um 17:23 schrieb Heiko Richter: Am 07.08.2015 um 08:29 schrieb Matus UHLAR - fantomas: On Aug 6, 2015, at 4:25 PM, Heiko Richter mailto:em...@heikorichter.name>> wrote: Whenever I post something to the list (I'm not using SMTP, I'm using a usenet server to post to comp.protocols.

Re: configuration error in lists.isc.org

Am 08.08.2015 um 05:13 schrieb Lawrence K. Chen, P.Eng.: So, when we were with this provider, our SPF had exclusive pool as good, but included the other pool prefixed with '~' can we stop that foolish discussion on the named list? that above is pure nonsense - your DOMAIN has either a strict

Re: configuration error in lists.isc.org

truncated the long, hard to understand and unrelated stuff Am 10.08.2015 um 23:49 schrieb Lawrence K. Chen, P.Eng.: that above is pure nonsense - your DOMAIN has either a strict SPF policy - or a testing policy ~ and no mix of both ~ means "testing, please don't reject if it don't pass" and

Re: configuration error in lists.isc.org

in 'ip4:'. Am 11.08.2015 um 00:12 schrieb Reindl Harald: truncated the long, hard to understand and unrelated stuff Am 10.08.2015 um 23:49 schrieb Lawrence K. Chen, P.Eng.: that above is pure nonsense - your DOMAIN has either a strict SPF policy - or a testing policy ~ and no m

Re: configuration error in lists.isc.org

Am 13.08.2015 um 23:15 schrieb Lawrence K. Chen, P.Eng.: On 2015-08-10 17:12, Reindl Harald wrote: well, when you can't say from where you send mail you should refrain from setup SPF at all Except there are external forces that demand an SPF, and that it contain specific strings a

Re: Can I run two name servers on one host with two IP addresses?

Am 20.08.2015 um 00:53 schrieb Tom Browder: I have a single server with access to several IP addresses from my dedicated host provider. They do not provide DNS service so I currently use my domain registrar. I would like to run my own DNS server but I only have the one server (with 5 IP addre

Re: what's DNSaaS standard?

Am 24.08.2015 um 12:29 schrieb Ken Peng: I know it's DNS as a service. But what's the standard? how to implement it? it's just a buzzword for DNS hosting signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/m

Re: BIND9 Feature Request: 'fowarders' priority & round-robin pools

Am 24.08.2015 um 20:19 schrieb n...@eml.cc: On Mon, Aug 24, 2015, at 11:10 AM, Darcy Kevin (FCA) wrote: Forwarders are selected based on an RTT(round-trip-time)-based algorithm There's an invalid presumption there -- that 'fastest' == 'most desired / highest priority'. Regardless of a

Re: BIND9 Feature Request: 'fowarders' priority & round-robin pools

Am 24.08.2015 um 21:09 schrieb n...@eml.cc: On Mon, Aug 24, 2015, at 11:56 AM, Darcy Kevin (FCA) wrote: So, if your link is saturated to the point that you can't hold up a VPN connection reliably, you fall back to an less-secure method of resolution? No. YES but you maybe don't realize

Re: Version Number

Am 24.08.2015 um 21:41 schrieb HARRIS, RAYMOND D: When I query the server for version I get back “version: 9.9.7S5” The ics.org website lists the most current version as “9.9.7-P2” How do I interpret these numbers to ensure I have implemented the most current version? besides that a securel

Re: DNS Negative Caching

Am 25.08.2015 um 12:46 schrieb Harshith Mulky: I have a confusion on how the clients respond to and cache when particularly we receive negative replies from a DNS Server, particularly NXDOMAIN or SERVFAIL responses on the DNS Zone file we have these records $ORIGIN e164.arpa. @ IN SOA p

Re: Troubleshooting Information

one problem is that you need to change your whole configuration if you don't need views because dedicated servers for external and internal DNS allow-chaos {localhost; localnets;} defaulting to 127.0.0.1 as global option would be helpful BTW: what i don't understand is why "status: NOERROR" i

Re: DNS Negative Caching

Am 27.08.2015 um 16:08 schrieb Alan Clegg: on the DNS Zone file we have these records $ORIGIN e164.arpa. @ IN SOA picardvm2.e164.arpa. e164-contacts.e164.arpa. ( 2002022404 ; serial

Re: A tale of two nameservers - resolution problems

Am 01.09.2015 um 15:31 schrieb Robert Moskowitz: On 09/01/2015 09:20 AM, John Miller wrote: If you check pcap, logs, etc., is the server's following delegation for 0.centos.pool.ntp.org? Where do outbound packets stop? I don't believe this and I have some serious problems. Part of my challe

Re: A tale of two nameservers - resolution problems

Am 01.09.2015 um 16:28 schrieb John Miller: On Tue, Sep 1, 2015 at 9:31 AM, Robert Moskowitz wrote: On 09/01/2015 09:20 AM, John Miller wrote: If you check pcap, logs, etc., is the server's following delegation for 0.centos.pool.ntp.org? Where do outbound packets stop? I don't believe th

Re: Installing bind is not very clear for me

Am 03.09.2015 um 19:45 schrieb Leandro: Dear All: While installing bind still have not clear some issues: Im using Centos 6.6 since Im not very comfortable with Centos7 yet. My final goal is to get an updated and stable version and also use json format for the statistics channel. 1) Some bind

Re: Installing bind is not very clear for me

Am 03.09.2015 um 22:59 schrieb Robert Moskowitz: On 09/03/2015 04:35 PM, Leandro wrote: Ok ... I got BIND 9.10.2-P3 working. I compiled with ./configure --with-openssl --enable-threads --with-libxml2 --with-libjson make make install Json statistics channel is working and chroot is not longe

Re: Installing bind is not very clear for me

Am 03.09.2015 um 23:16 schrieb Robert Moskowitz: On 09/03/2015 05:02 PM, Reindl Harald wrote: Am 03.09.2015 um 22:59 schrieb Robert Moskowitz: On 09/03/2015 04:35 PM, Leandro wrote: Ok ... I got BIND 9.10.2-P3 working. I compiled with ./configure --with-openssl --enable-threads --with

Re: Installing bind is not very clear for me

lindly with all sorts of expolits in the hope one hits well, and that attackers are shooting directly to your firewalls too On 04/09/15 14:27, Mike Hoskins (michoski) wrote: On 9/4/15, 1:12 PM, "bind-users-boun...@lists.isc.org on behalf of /dev/rob0" wrote: On Thu, Sep 03,

Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

Am 07.09.2015 um 11:24 schrieb stavrostseriotis: I have a RedHat 5.11 machine and currently I am facing the issue with BIND vulnerability CVE-2015-5477. I cannot update my BIND using yum because I didn’t install BIND from RedHat at the first place so I need to do it manually. I downloaded the

  1   2   3   4   5   >