Hi Tony the master res a your Zone and de reverse generate the consult for ip.
2016-10-24 9:00 GMT-03:00 <bind-users-requ...@lists.isc.org>: > Send bind-users mailing list submissions to > bind-users@lists.isc.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.isc.org/mailman/listinfo/bind-users > or, via email, send a message with subject or body 'help' to > bind-users-requ...@lists.isc.org > > You can reach the person managing the list at > bind-users-ow...@lists.isc.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of bind-users digest..." > > > Today's Topics: > > 1. merging reverse zone data obtained from two different masters > (blrmaani) > 2. Re: merging reverse zone data obtained from two different > masters (blrmaani) > 3. Running current version of bind in a jail? (Tom) > 4. Re: Running current version of bind in a jail? (Reindl Harald) > 5. Re: Running current version of bind in a jail? (Tony Finch) > 6. Re: merging reverse zone data obtained from two different > masters (Tony Finch) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 23 Oct 2016 14:56:26 -0700 (PDT) > From: blrmaani <blrma...@gmail.com> > To: comp-protocols-dns-b...@isc.org > Subject: merging reverse zone data obtained from two different masters > Message-ID: <c0284b9c-83e3-40ee-b677-2cc636748...@googlegroups.com> > Content-Type: text/plain; charset=UTF-8 > > We have hosts in two different zones but use same subnet. Zone1 is generated > by Master1 and Zone2 is generated by Master2. > > Slave1 runs BIND and would like to merge the reverses generated on Master1 > and Master2. How do I do this? > > thanks > Blr > > > ------------------------------ > > Message: 2 > Date: Sun, 23 Oct 2016 15:39:45 -0700 (PDT) > From: blrmaani <blrma...@gmail.com> > To: comp-protocols-dns-b...@isc.org > Subject: Re: merging reverse zone data obtained from two different > masters > Message-ID: <0866d16a-d52e-4097-a968-87daf3a2f...@googlegroups.com> > Content-Type: text/plain; charset=UTF-8 > > On Sunday, October 23, 2016 at 2:56:37 PM UTC-7, blrmaani wrote: >> We have hosts in two different zones but use same subnet. Zone1 is generated >> by Master1 and Zone2 is generated by Master2. >> >> Slave1 runs BIND and would like to merge the reverses generated on Master1 >> and Master2. How do I do this? >> >> thanks >> Blr > > I know couple of hacky way to achieve this. Just curious if anyone tried it ? > > > ------------------------------ > > Message: 3 > Date: Mon, 24 Oct 2016 07:27:54 +0200 > From: Tom <tomtux...@gmail.com> > To: "bind-users@lists.isc.org" <bind-users@lists.isc.org> > Subject: Running current version of bind in a jail? > Message-ID: <7bd34414-4737-c7cb-d640-d26f15ea3...@gmail.com> > Content-Type: text/plain; charset=utf-8; format=flowed > > Hi list > > From > https://kb.isc.org/article/AA-00768/0/Getting-started-with-BIND-how-to-build-and-run-named-with-a-basic-recursive-configuration.html: > > "Running named in a chroot jail (many still do, but this shouldn't be > necessary with modern versions of BIND)".....: > > What's the reason, that it isn't necessary to run modern version of bind > in a jail? > > Kind regards, > Tom > > > ------------------------------ > > Message: 4 > Date: Mon, 24 Oct 2016 08:59:23 +0200 > From: Reindl Harald <h.rei...@thelounge.net> > To: bind-users@lists.isc.org > Subject: Re: Running current version of bind in a jail? > Message-ID: <14080881-a967-4e2d-ed11-00f1104b8...@thelounge.net> > Content-Type: text/plain; charset=windows-1252; format=flowed > > > > Am 24.10.2016 um 07:27 schrieb Tom: >> From >> https://kb.isc.org/article/AA-00768/0/Getting-started-with-BIND-how-to-build-and-run-named-with-a-basic-recursive-configuration.html: >> >> >> "Running named in a chroot jail (many still do, but this shouldn't be >> necessary with modern versions of BIND)".....: >> >> What's the reason, that it isn't necessary to run modern version of bind >> in a jail? > > that named got a complete rewrite and don't share any code with the > times where the quality was so bad that it was highly recommended to > chroot it? > > > ------------------------------ > > Message: 5 > Date: Mon, 24 Oct 2016 11:04:43 +0100 > From: Tony Finch <d...@dotat.at> > To: Tom <tomtux...@gmail.com> > Cc: "bind-users@lists.isc.org" <bind-users@lists.isc.org> > Subject: Re: Running current version of bind in a jail? > Message-ID: <alpine.deb.2.11.1610241048260.6...@grey.csi.cam.ac.uk> > Content-Type: TEXT/PLAIN; charset=US-ASCII > > Tom <tomtux...@gmail.com> wrote: >> >> What's the reason, that it isn't necessary to run modern version of bind in a >> jail? > > chroot is a defence against privilege escalation following a remote code > execution vulnerability. It isn't a very solid defence. And BIND 9 tends > to die of a self-check failure before remote code execution occurs, > judging by the last few years of vulnerability notices. > > Also, on Linux, named drops most capabilities. > > Stricter partitions (VMs or containers) which you can easily nuke and > rebuild from scratch mean there's much less need for chroot. > > I still chroot my servers :-) > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode > Sole, Lundy, Fastnet: Easterly or northeasterly 5 to 7, becoming variable 3 or > 4 later. Rough or very rough, becoming slight or moderate later. Rain or > showers. Moderate or good, occasionally poor. > > > ------------------------------ > > Message: 6 > Date: Mon, 24 Oct 2016 11:11:15 +0100 > From: Tony Finch <d...@dotat.at> > To: blrmaani <blrma...@gmail.com> > Cc: comp-protocols-dns-b...@isc.org > Subject: Re: merging reverse zone data obtained from two different > masters > Message-ID: <alpine.deb.2.11.1610241104550.6...@grey.csi.cam.ac.uk> > Content-Type: TEXT/PLAIN; charset=US-ASCII > > blrmaani <blrma...@gmail.com> wrote: >> On Sunday, October 23, 2016 at 2:56:37 PM UTC-7, blrmaani wrote: >> > >> > We have hosts in two different zones but use same subnet. Zone1 is >> > generated by Master1 and Zone2 is generated by Master2. >> > >> > Slave1 runs BIND and would like to merge the reverses generated on >> > Master1 and Master2. How do I do this? >> >> I know couple of hacky way to achieve this. Just curious if anyone tried >> it ? > > Probably the best way is to use RFC 2317 classless delegation. It requires > that zone1 and zone2 have different names from the normal reverse DNS > zone. > > https://tools.ietf.org/html/rfc2317 > https://tools.ietf.org/html/draft-fanf-dnsop-rfc2317bis > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode > North Fitzroy: Northeasterly 5 to 7 in far northwest, otherwise variable 3 > or 4. Rough or very rough. Showers. Good, occasionally moderate. > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > ------------------------------ > > End of bind-users Digest, Vol 2527, Issue 1 > ******************************************* _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
