People, I have a Master / Slave BIND9 system.
When I add a new zone to the Master and set it up in named.conf.local
file as follow:
zone "company.com" {
type master;
file "/etc/bind/zones/company.com.db";
allow-transfer { key "company"; };
};
Can Master write these options to Slave's
ly be easy enough to script using
> an sftp and sed on UNIX/Linux.
>
>
>
>
>
>
>
> -Original Message-
> From: bind-users-bounces+jlightner=water@lists.isc.org
> [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of
> Roberto Carn
Dear, I have a local Bind which resolves local hostnames from my
company. It doesn't connect to any DNS from Internet at all.
Is it useful to set up DNSSC validation in order to avoid possible
attacks (like cache poisoning or man in the middle) from my LAN ???
Because I've read about this techniqu
Dear, what are the dig syntaxis in order to get a reverse zone
transfer from a DNS server ???
is this correct:
dig @ 1.168.192.in-addr.arpa axfr
Thanks a lot !!!
JeLo
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs
Dear, I have this scenario:
1) Windows DNS with dynamic update zone (Windows clients)
2) BIND with manually update zone (Linux and Cisco clients)
Is there any way to transfer all BIND zone records to the Windows DNS
in order to have just one and complete zone in the Windows DNS server
???
Thank
Dear, I have a BIND private DNS server which has two forwarders for
public resolution.
I need to create a private zone "google.com" with just one A record as follow:
www.google.com IN A 192.168.0.100
All the local clients will resolve www.google.com to a private address
from our company.
And fo
in the google.com
private zone, you have to forward the query to another server (public
forwarder) in order to be publicly resolved" ???
Thanks a lot again.
El mié, 31 mar 2021 a las 12:56, Matus UHLAR - fantomas
() escribió:
>
> On 31.03.21 12:49, Roberto Carna wrote:
> >Dear,
El mié, 31 mar 2021 a las 13:48, Matus UHLAR - fantomas
() escribió:
>
> On 31.03.21 13:07, Roberto Carna wrote:
> >Dear Matus, maybe I have not understood very well...
> >
> >I can setup a master zone as you said:
> >
> >zone "www.google.com" {
>
Dear all, I know DDNS works with a DHCP server and dynamic IP's. When
IP changes, the hostname in DNS is updated.
But I have this scenario:
I have several hosts with static IP's / hostnames and I want to
register them to our private BIND DNS, and they should be updated if
the IP or hostname chang
le if you'd like to see it.
>
> Brian
>
>
> -----Original Message-
> From: bind-users On Behalf Of Roberto Carna
> Sent: Thursday, August 5, 2021 12:19 PM
> To: ML BIND Users
> Subject: Add DNS records automatically for static IP's
>
> ATTENTION: This email
Thank you so much !
El lun, 9 ago 2021 a las 13:40, tale () escribió:
>
> On Mon, Aug 9, 2021 at 8:46 AM Roberto Carna wrote:
> > Thanks to all of you, is it possible to use nslookup in order to
> > update DNS records from Linux hosts to a Windows DNS server (not BIND)
>
Dear all, I have BIND 9 and Webmin. One master and one slave using zne
ransfer with TSIG
Everything was Ok till today.
When I add or modify a record for zone1.com in the master, the record
in the slave is up to date.
But when I add or modify a record for zone2.com in the master, the
record is no
Dear all, I have one BIND9 server as master and 3 as slaves.
The master and one slave are in a given site #1, and the other two
slaves are in a geographical different site #2.
In case site #1 goes offline, I need to edit records in both slaves
from site #2, in order to point some services to othe
Warren, thanks a lotwith the masterfile-format clause it works OK.
Greetings!!!
El jue, 16 dic 2021 a las 15:43, Warren Kumari () escribió:
>
>
>
> On Thu, Dec 16, 2021 at 10:37 AM Roberto Carna
> wrote:
>>
>> Dear all, I have one BIND9 server as master and 3
Dear, from my webmin interface for BIND9, I try to add an additional
allowed sender host to our SPF record, but I get the following error:
Failed to save record : 'relay.company.com' is not a valid host to
allow sending from
What does this mean? Do I have to consider some important thing I'm forg
, 8 jul 2022 a las 12:55, Richard T.A. Neal
() escribió:
>
> Hi Roberto,
>
>
>
> You need to prefix it with “a:” to indicate that this is an A-record, i.e.:
>
>
>
> a:relay.company.com
>
>
>
> Best,
>
>
>
> Richard.
>
>
>
> From: bind
a TXT record. It
> doesn’t know or care about SPF syntax within it.
>
> It sounds like you’re having webmin problems, not BIND.
>
> On Fri, Jul 8, 2022 at 9:08 AM Ondřej Surý wrote:
>>
>>
>> > On 8. 7. 2022, at 18:05, Roberto Carna wrote:
>> >
>> > usin
but it will check whether
> a TXT record also exists that contains the same string and will generate a
> log message telling you if it doesn't find one.
>
> From a quick glance at the webmin manual it *should* allow you to put
> anything you like in a TXT record.
> @Rober
Dear, I have impelmented a BIND9 server. It works OK, but some days
ago an application failed because it needed to resolve the reverse of
some IP addresses from range 10.x.x.x, and they waited for a long time
and failed, because they need a NXDOMAIN fast response.
I don't want to make a local zone
d out; no servers could be reached
I don't know why the DNS Blackholes don't respond always.I
continue quering the DNS Blackholes and they can't be reached
anymorewhy ?
Thanks a lot again.
2018-04-18 11:44 GMT-03:00 Roberto Carna :
> Dear, I have impelmented a BIND9 server
get a responde from them.
Regards!!!
2018-04-18 11:53 GMT-03:00 /dev/rob0 :
> On Wed, Apr 18, 2018 at 11:44:27AM -0300, Roberto Carna wrote:
>> Dear, I have impelmented a BIND9 server. It works OK, but some days
>> ago an application failed because it needed to resolve the r
packets or the
> responses (RFC 6305 focuses on that particular scenario, although its main
> recommendation for mitigation is to not send the queries to the AS112 servers
> in the first place).
>
> - Kevin
>
>
>
> -
Hi people, I've implemented two BIND9 servers for my company, one as
primary public DNS server and the other as secondary public DNS
server.
I always believed that all the client queries coming from Internet go
to the DNS primary server, and if it is down, just in this case go to
the DNS secondary
Dear Nico, my BIND servers are authoritativethey have delegated
several zones.
2018-05-17 11:12 GMT-03:00 Nico CARTRON :
> Hi Roberto,
>
> On 17 May 2018, at 16:06, Roberto Carna wrote:
>
> Hi people, I've implemented two BIND9 servers for my company, one as
> primar
MT-03:00 Tony Finch :
> Roberto Carna wrote:
>>
>> I always believed that all the client queries coming from Internet go
>> to the DNS primary server, and if it is down, just in this case go to
>> the DNS secondary server.
>
> It can't happen that way be
OK, now I understandthank you very much !!!
Regards.
2018-05-17 11:25 GMT-03:00 Roberto Carna :
> Dear Tony, so you say that it's impossible what I want...
>
> In this scenario that my two DNS servers respond queries at the same
> time, suppose the primary server goes down.
Dear, our company has an internal Windows DNS with the "company.com"
authoritative domain. Suppose within it we have the following records:
a.company.com
b.company.com
c.company.com
Now we need to have several records maintained by other IT area
exclusively, in the same autoritative domain "compa
Dear people, I have DNSSEC implemented in my authoritative domain in BIND
9.10. I've created the KSK and ZSK too.
Let's say my domain is "robert.com.uk".
How do I have to give the KSK (key signing key) to my parent zones, let's
say COM and UK ???
And what if COM or UK don't use DNSSEC at all ???
our parent zone uses CDS or CDNSKEY then publish those records at the
> zone apex.
>
> If your parent zone is not signed then start complaining.
>
> --
> Mark Andrews
>
> On 4 Oct 2018, at 05:24, Roberto Carna wrote:
>
> Dear people, I have DNSSEC implemented in my auth
Thanks a lot Mark, regards !!!
El jue., 4 oct. 2018 a las 16:18, Mark Elkins () escribió:
>
>
> On 10/04/2018 05:03 PM, Roberto Carna wrote:
>
> Hello, thanks to both of you for your help. Now I understand I have to
> contact my registrar in order to give it the DS of the KSK.
t; On Oct 4 2018, Mark Elkins wrote:
>
> >On 10/04/2018 05:03 PM, Roberto Carna wrote:
> [...]
> >> I have two DNS servers running BIND 9.10, they have delegated my own
> >> domain, let's say "robert.com.uk <http://robert.com.uk>" and some
Hi people, I've implemented a BIND9 service wit two views, and only one key
for TSIG.
The primary and secondary server start OK, but the transfer doesn't work
because in the bind.log from secondary server I can see "TSIG error".
Do I have to use one Key for the first view and a different Key for
Dear, I've just worked around on my public BIND DNS's in order to solve the
problem of DNS Flag Day.
But I have a pair of private DNS (BIND and Windows) that respond to
internal queries and also forward non authoritative queries to my public
DNS'smay my private DNS's become unstables after DNS
Thanks a lot!
El jue., 24 ene. 2019 a las 16:24, Evan Hunt () escribió:
> On Thu, Jan 24, 2019 at 10:53:49AM -0300, Roberto Carna wrote:
> > Dear, I've just worked around on my public BIND DNS's in order to solve
> the
> > problem of DNS Flag Day.
> >
> >
Dear, I have a BIND 9.10 public server and I have delegated some public
domains.
When I test these domains with the EDNS tool offered in the DNS Flag Day
webpage, the test was wrong wit just UDP/53 port opened to Internet.
After that, when I opened also TCP/53 port, the test was succesful.
Pleas
akenly believed that TCP is only for zone transfers but that
> is not the case.
>
> On Mon, Feb 4, 2019, 8:46 AM Roberto Carna wrote:
>
>> Dear, I have a BIND 9.10 public server and I have delegated some public
>> domains.
>>
>> When I test these domains with
Dear, I have Bind 9.10.3 as our private DNS service with two views, one of
them let some clients to query linux.org domain from Internet forwarding
the query to our Bind resolvers, but the query is refused by our private
Bind.
The private Bind has these main parameters in named.conf.options:
opti
option for "linux.org" ???
Thanks a lot again!!!
El jue., 7 feb. 2019 a las 11:05, Tony Finch () escribió:
> Roberto Carna wrote:
>
> > Dear, I have Bind 9.10.3 as our private DNS service with two views, one
> of
> > them let some clients to query linux.org domain
I restart bind9 service, it fails:
unknown option 'recursion'
So how can I define "recursion yes" just for the zone "linux.org" ???
Sorry for my newquestion, I'd appreciate your help.
Regards!!!
El jue., 7 feb. 2019 a las 11:26, Tony Finch () escribió:
>
172.18.1.1;
172.18.1.2;
};
and "recursion no;" is defined in named.conf.options.
How can enable the recursion for linux.org queries in order to forward them
to my resolvers???
Thanks a lot
El jue., 7 feb. 2019 a las 11:40, Roberto Carna ()
escribió:
> Tony, as you said
or my new message, special thanks Tony !!!
El jue., 7 feb. 2019 a las 13:41, Tony Finch () escribió:
> Roberto Carna wrote:
> >
> > So how can I define "recursion yes" just for the zone "linux.org" ???
>
> You can turn recursion on and off for the entire server, or
prevent))
So can you help me please???
Regards.
El jue., 7 feb. 2019 a las 15:40, Matus UHLAR - fantomas ()
escribió:
> On 07.02.19 14:58, Roberto Carna wrote:
> >In our company we have several desktops from two different cities
> accessing
> >only to internal domains dist
my question is how to forward a public domain to a DNS resolver
like 8.8.8.8 ???
Thanks again.
El sáb., 9 feb. 2019 a las 12:28, Matus UHLAR - fantomas ()
escribió:
> On 07.02.19 16:30, Roberto Carna wrote:
> >Desktops I mentioned can only access to web apps from internal domains,
>
resolve just teamviewer.com ??? I confirm that my BIND is an
authorittaive name server for internal domains.
Thanks a lot again.
El lun., 11 feb. 2019 a las 10:49, Matus UHLAR - fantomas (<
uh...@fantomas.sk>) escribió:
> On 11.02.19 10:38, Roberto Carna wrote:
> >Dear Mathus, tha
Dear I've implemented two views, one for local resolution and the other for
forward a public zone to our resolver.
But now I have a problem:
If I define the same clients for the local zone view and forward view,
depending on the order of the views the client can resolve or not the
query. In this
or cannot access.
> While I agree with that, my position is that there's nothing wrong with
> controlling DNS resolution, in addition to other controls.
>
> - Kevin
>
> On Mon, Feb 18, 2019 at 10:44 AM Roberto Carna
> wrote:
>
Dear, I have to balance two DNS servers for a special reason.
I need your comments please:
1) If I use HAProxy for DNS load balancing, this software only works with
TCP protocol (not UDP). The DNS clients are a mix of Windows, Cisco and
Linux machines, so I think they ask for a FQDN using UDP and
define "recursion yes" in named.conf.default-zones.
Thanks again, regards !!!
El mar., 19 feb. 2019 a las 15:13, Matus UHLAR - fantomas via bind-users (<
bind-users@lists.isc.org>) escribió:
> On 19.02.19 09:45, Roberto Carna wrote:
> >Dear Kevin, I am sorry but I didn'
se is
truncated.
Can you confirm thgis is true in 100% of clients???
Thanks again, regards !!
El mar., 19 feb. 2019 a las 13:24, Tony Finch () escribió:
> Roberto Carna wrote:
>
> > Dear, I have to balance two DNS servers for a special reason.
>
> https://www.powerdns.com/dnsdist
ed something like,
>
> zone "." {
> type master;
> file "empty.db";
> };
>
>
> On Tue, Feb 19, 2019 at 10:29 AM Roberto Carna
> wrote:
> >
> > Dear Matus and Kevin, please tell me if it's OK if I do thsi:
> >
Thanks a lot.
Greetings !!!
El mié., 20 feb. 2019 a las 16:55, Matus UHLAR - fantomas (<
uh...@fantomas.sk>) escribió:
> On 20.02.19 10:48, Roberto Carna wrote:
> >You tell me to do this:
> >
> >zone "." {
> >type master;
> >file "
Dear people, I have two sites:
- Main site with an Internet link and two BIND services (DNS1 y DNS2) and a
/28 block, and web and mail services supported
- Backup site with a second Internet link and a BIND service (DNS3) and
another /28 block
When the Internet link from main site is DOWN, the we
Hi people, I have a master/slave Bind 9.10.3 servers configured with views
and TSIG keys on a Debian 9 host. But the transfer from master to slave is
refused in the slave side, there is no a descriptive error.
In both Views I have delegated the same two zones: black.com and white.com,
with differe
Dear, thanks for your help.
As I have shown above, I use two views with a TSIG key for each view, but
the zone transfer doesn't work.
Please can you send me your Bind views configuration if you can, on master
and slave sides?
Thanks a lot again.
Regards!!!
El mié., 3 jul. 2019 a las 17:27, Ste
Dear people, finalla I could put to work my zone transfers.
I have review my config one more time and I am using one TSIG key for each
view.
Thanks a lot, regards!!!
El jue., 4 jul. 2019 a las 9:38, Tony Finch () escribió:
> Roberto Carna wrote:
> >
> > As I have shown above,
Dear, I have a BIND 9 working with two views.
One view forwards two public domains to our resolver.
And I want the second view to forward any public domain to our resolver in
order to let navigate withouth restrictions.
I need something like this:
zone "ANY" {
type forward;
forw
Thanks a lot !!!
El jue., 15 ago. 2019 a las 13:09, Matus UHLAR - fantomas (<
uh...@fantomas.sk>) escribió:
> On 15.08.19 12:18, Roberto Carna wrote:
> >Dear, I have a BIND 9 working with two views.
> >
> >One view forwards two public domains to our resolver.
> >
Hi people, is it possible to setup BIND in order to implement GSLB (Global
Service Load Balancing) between two sites ?
I need a near Active-Active scenario between two datacenters in
different locations, and I want to do this with an open source solution.
Thanks a lot !
Roberto
_
k Architect | Bell
> Canada*
>
>
>
>
>
> *From:* bind-users [mailto:bind-users-boun...@lists.isc.org] *On Behalf
> Of *Blason R
> *Sent:* September-12-19 10:22 PM
> *To:* Roberto Carna
> *Cc:* bind-users
> *Subject:* [EXT]Re: BIND setup for GSLB (Global Service Loa
Hi people,
I have a primary and a secondary BIND9 DNS servers, working as master /
slave with zone transfers between them.
I have several Linux machines (desktops and servers) with Debian and Mint.
I've realized, using TCPDUMP at DNS1 and DNS2, that all DNS queries from
Linux machines go to both
I add something interesting:
If I execute the same query with dig:
$ dig
The query traffic goes only tu DNS1 and not to DNS2.
Maybe a host command problem ???
Thanks again !!!
El lun., 16 dic. 2019 a las 16:13, Roberto Carna ()
escribió:
> Hi people,
>
> I have a primary and a
OK, thanks a lot for your comments.
I'll investigate this topic.
Greetings !!!
El mar., 17 dic. 2019 a las 14:42, Chuck Aurora () escribió:
> On 2019-12-16 13:13, Roberto Carna wrote:
> > I have a primary and a secondary BIND9 DNS servers, working as master
> > / slave
62 matches
Mail list logo
