Re: How do i use å ä ö in domain names?
Sorry about that, but our Mail-Server adds this (german) dislaimer automatically. Regards Holger Michelle Konzack schrieb: While we are at äöü there is a error in your mail: Vorstande: ^ The dots are missing Reinhold Schulte (Vorsitzender), Dr. Karl-Josef Bierth, Michael Johnigk, Ulrich Leitermann, Michael Petmecky, Dr. Klaus Sticker, Vorsitzender der Aufsichtsrate: Gunter Kutz ^ The dots are missing SIGNAL IDUNA Gruppe Hauptverwaltungen, Internet: www.signal-iduna.de, E-Mail: i...@signal-iduna.de 44121 Dortmund, Hausanschrift: Joseph-Scherer-Str. 3, 44139 Dortmund, Telefon: (02 31) 1 35-0, Telefax: (02 31) 1 35-46 38 20351 Hamburg, Hausanschrift: Neue Rabenstra?e 15-19, 20354 Hamburg, ^ This schould be sharp... Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant SIGNAL Krankenversicherung a. G. Sitz: Dortmund, HR B 2405 AG Dortmund, Ust-IdNr. DE 124906350 IDUNA Vereinigte Lebensversicherung aG fur Handwerk, Handel und Gewerbe Sitz: Hamburg, HR B 2740 AG Hamburg, Ust-IdNr. DE 118617622 SIGNAL Unfallversicherung a. G. Sitz: Dortmund, HR B 2220, AG Dortmund, Ust-IdNr. DE 124906341 SIGNAL IDUNA Allgemeine Versicherung AG Sitz: Dortmund, HR B 19108, AG Dortmund, Ust-IdNr. DE 118617622 Vorstande: Reinhold Schulte (Vorsitzender), Dr. Karl-Josef Bierth, Michael Johnigk, Ulrich Leitermann, Michael Petmecky, Dr. Klaus Sticker, Vorsitzender der Aufsichtsrate: Gunter Kutz SIGNAL IDUNA Gruppe Hauptverwaltungen, Internet: www.signal-iduna.de, E-Mail: i...@signal-iduna.de 44121 Dortmund, Hausanschrift: Joseph-Scherer-Str. 3, 44139 Dortmund, Telefon: (02 31) 1 35-0, Telefax: (02 31) 1 35-46 38 20351 Hamburg, Hausanschrift: Neue Rabenstra?e 15-19, 20354 Hamburg, Telefon: (0 40) 41 24-0, Telefax: (0 40) 41 24-29 58 begin:vcard fn:Holger Honert n:Honert;Holger org:SIGNAL IDUNA Gruppe;koms-97850 adr;dom:;;Joseph-Scherer-Str. 3;Dortmund;NRW;44139 email;internet:holger.hon...@signal-iduna.org title:Dipl.-Ing. (FH) tel;work:0231/135-4043 tel;fax:0231/135-2959 x-mozilla-html:FALSE url:http://signal-iduna.de version:2.1 end:vcard ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Adding records to a domain I don't control for anyone who uses my nameserver
In article , Barry Margolin wrote: > In article , > Brandon Dimcheff wrote: > > > Hello, > > > > I'm trying to configure BIND to add some records to a domain that I > > don't control, so that anybody who uses my nameserver will have the > > additional records. Specifically, I'm trying to add xmpp SRV records > > so our jabber infrastructure that uses our nameserver can contact a > > handful of domains properly. All other records for the domain should > > work as defined by their authoritative server. > > > > Example: > > > > dig @127.0.0.1 SRV _xmpp_client._tcp.example.com. should return my SRV > > record hosted by my server > > dig @127.0.0.1 A example.com should return example.com's A record by > > recursive lookup > > > > Does anybody have any suggestions? I've tried a few different things, > > but none of them seem to have worked. > > I don't think you can do this with BIND. Its database is organized by > names, not types. If a server is authoritative for a name, it will > never recurse for that name. He could create a local zone for the domain _xmpp_client._tcp.example.com containing only the SRV record (plus the necessary SOA and NS records). That way any lookups for *.example.com and *._tcp.example.com would get directed to the real example.com servers. It's a horrible thing to do, though, to claim authority for someone else's address space. What happens when example.com sets up its own _xmpp_client._tcp.example.com with different data in it? Who debugs that? Sam ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Adding records to a domain I don't control for anyone who uses my nameserver
Unfortunately this is common in the financial services realm. Compliance requires us to archive all IM messages from google, aol, msn, and yahoo. Blocking it with acls doesn't work since the IM clients will resort to http and are pretty clever about hiding it. Blocking IP addresses doesn't work since they change frequently. Spoofing the dns zones are the only solution. The IM archive server companies usually provide email updates when some of the zones changes. Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Sam Wilson Sent: Monday, March 02, 2009 12:56 PM To: comp-protocols-dns-b...@isc.org Subject: Re: Adding records to a domain I don't control for anyone who uses my nameserver In article , Barry Margolin wrote: > In article , > Brandon Dimcheff wrote: > > > Hello, > > > > I'm trying to configure BIND to add some records to a domain that I > > don't control, so that anybody who uses my nameserver will have the > > additional records. Specifically, I'm trying to add xmpp SRV records > > so our jabber infrastructure that uses our nameserver can contact a > > handful of domains properly. All other records for the domain should > > work as defined by their authoritative server. > > > > Example: > > > > dig @127.0.0.1 SRV _xmpp_client._tcp.example.com. should return my SRV > > record hosted by my server > > dig @127.0.0.1 A example.com should return example.com's A record by > > recursive lookup > > > > Does anybody have any suggestions? I've tried a few different things, > > but none of them seem to have worked. > > I don't think you can do this with BIND. Its database is organized by > names, not types. If a server is authoritative for a name, it will > never recurse for that name. He could create a local zone for the domain _xmpp_client._tcp.example.com containing only the SRV record (plus the necessary SOA and NS records). That way any lookups for *.example.com and *._tcp.example.com would get directed to the real example.com servers. It's a horrible thing to do, though, to claim authority for someone else's address space. What happens when example.com sets up its own _xmpp_client._tcp.example.com with different data in it? Who debugs that? Sam ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how to create a private "test." zone?
Hi,
Ben Bridges wrote:
> > sun
> >NB: it also forwards to "isp" dns server.
> If your sun server is configured to use your isp dns server as a
> forwarder, then I think it will forward requests for example.test
> to the isp server even though it delegated example.test to plesk.
> That would seem to be supported by the fact that your sun server knows
> it is not authoritative for example.test (no AA flag in response to
> the query for example.test) and that you see it sending requests
> to the isp server (although you don't specify that it is sending
> requests to it for example.test).
Ah sorry, its indeed sending requests to it for the example.test domain.
> You could try creating example.test as a forward zone in named.conf on
> your sun server and specifying plesk as the forwarder for that zone.
Indeed, adding a forward zone like bellow works! but why does it work?
or why is it needed?
zone "example.test" {
type forward;
// forward only;
// forwarders { 192.168.2.10; };
};
Note that I only needed to include the "type forward" line, the other
lines do not seem to be needed. I'm I missing something? they aren't
really needed? By reading the bind manual it seems we have to include them.
BTW, if I try to query without recurse (and without addind the forward
zone as above):
dig example.test +norecurse
; <<>> DiG 9.4.2-P2 <<>> example.test +norecurse
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62293
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;example.test.INA
;; AUTHORITY SECTION:
example.test.600INNSplesk.test.
;; ADDITIONAL SECTION:
plesk.test.600INA192.168.2.10
;; Query time: 1 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Mon Mar 2 22:22:40 2009
;; MSG SIZE rcvd: 66
it seems to work (that is, it returns the NS and A record for the NS)...
only when quering with recurse it fails, any ideia why?
Thanks!
Best regards,
Rui Lopes
>
>
>
> *From:* bind-users-boun...@lists.isc.org on behalf of Rui Lopes
> *Sent:* Sun 3/1/2009 2:46 PM
> *To:* bind-users@lists.isc.org
> *Subject:* how to create a private "test." zone?
>
> Hello,
>
> I'm trying to create a private "test." zone for use in my local
> "testing lab".
>
> I've setup an recursive DNS server that will serve the "test." zone
> (in Sun host; see the network diagram bellow).
>
> The resolution of a domain in the "test" zone works as expected, eg:
>
> dig sun.test
> ; <<>> DiG 9.4.2-P2 <<>> sun.test
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65413
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
> 0
>
> ;; QUESTION SECTION:
> ;sun.test. IN A
>
> ;; ANSWER SECTION:
> sun.test. 600 IN A 192.168.2.1
>
> ;; AUTHORITY SECTION:
> test. 600 IN NS sun.test.
>
> ;; Query time: 2 msec
> ;; SERVER: 192.168.2.1#53(192.168.2.1)
> ;; WHEN: Sun Mar 1 10:39:28 2009
> ;; MSG SIZE rcvd: 56
>
>
> After this, I wanted to delegate the "example.test." zone to another
> local DNS server of mine (the Plesk host). I did the delegation by
> adding the following RR in the "test." zone (in the Sun host):
>
> example IN NS plesk
>
>
> I tried to resolve the "example.test" domain with:
>
> dig example.test
> ; <<>> DiG 9.4.2-P2 <<>> example.test
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20407
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;example.test. IN A
>
> ;; Query time: 31 msec
> ;; SERVER: 192.168.2.1#53(192.168.2.1)
> ;; WHEN: Sun Mar 1 10:40:39 2009
> ;; MSG SIZE rcvd: 30
>
>
> Which failed...
>
> NB: I can see my local dns server sending queries to my isp dns
> server. But why?
>
> NB: Asking the same question directly at the Plesk DNS server works:
>
> dig example.test @plesk.test
> ; <<>> DiG 9.4.2-P2 <<>> example.test @plesk.test
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2358
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
> 0
>
> ;; QUESTION SECTION:
> ;example.test. IN A
>
> ;; ANSWER SECTION:
> example.test. 86400 IN A 192.168.2.10
>
> ;; AUTHORITY SECTION:
> example.test. 86400 IN NS plesk.test.
>
> ;; Query time: 2 msec
> ;; SERVER: 192.168.2.10#53(192.168.2.10)
> ;; WHEN: Sun Mar 1 10:41:43 2009
> ;; MSG SIZE rcvd: 66
>
>
> What I'm doing wrong in the delegation, and how can I fix it?
>
>
> My network diagram is:
>
> +-+
> | isp |
> +-+ 10.0.2.3 (DNS)
>|
Re: how to create a private "test." zone?
In message <49ac5d59.1010...@ruilopes.com>, Rui Lopes writes:
> Hi,
>
> Ben Bridges wrote:
> > > sun
> > >NB: it also forwards to "isp" dns server.
> > If your sun server is configured to use your isp dns server as a
> > forwarder, then I think it will forward requests for example.test
> > to the isp server even though it delegated example.test to plesk.
> > That would seem to be supported by the fact that your sun server knows
> > it is not authoritative for example.test (no AA flag in response to
> > the query for example.test) and that you see it sending requests
> > to the isp server (although you don't specify that it is sending
> > requests to it for example.test).
> Ah sorry, its indeed sending requests to it for the example.test domain.
>
> > You could try creating example.test as a forward zone in named.conf on
> > your sun server and specifying plesk as the forwarder for that zone.
> Indeed, adding a forward zone like bellow works! but why does it work?
> or why is it needed?
>
> zone "example.test" {
> type forward;
> // forward only;
> // forwarders { 192.168.2.10; };
> };
>
> Note that I only needed to include the "type forward" line, the other
> lines do not seem to be needed. I'm I missing something? they aren't
> really needed? By reading the bind manual it seems we have to include them.
>
You turned off forwarding for that namespace.
It's the equivalent of:
zone "example.test" {
type forward;
forwarders { /* empty */ };
};
You could have also added it to the test zones config.
zone "test" {
type master; // or slave
...
forwarders { /* empty */ };
};
Mark
> BTW, if I try to query without recurse (and without addind the forward
> zone as above):
>
> dig example.test +norecurse
> ; <<>> DiG 9.4.2-P2 <<>> example.test +norecurse
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62293
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;example.test.INA
>
> ;; AUTHORITY SECTION:
> example.test.600INNSplesk.test.
>
> ;; ADDITIONAL SECTION:
> plesk.test.600INA192.168.2.10
>
> ;; Query time: 1 msec
> ;; SERVER: 192.168.2.1#53(192.168.2.1)
> ;; WHEN: Mon Mar 2 22:22:40 2009
> ;; MSG SIZE rcvd: 66
>
> it seems to work (that is, it returns the NS and A record for the NS)...
> only when quering with recurse it fails, any ideia why?
>
> Thanks!
>
> Best regards,
> Rui Lopes
>
> >
> >
> >
> > *From:* bind-users-boun...@lists.isc.org on behalf of Rui Lopes
> > *Sent:* Sun 3/1/2009 2:46 PM
> > *To:* bind-users@lists.isc.org
> > *Subject:* how to create a private "test." zone?
> >
> > Hello,
> >
> > I'm trying to create a private "test." zone for use in my local
> > "testing lab".
> >
> > I've setup an recursive DNS server that will serve the "test." zone
> > (in Sun host; see the network diagram bellow).
> >
> > The resolution of a domain in the "test" zone works as expected, eg:
> >
> > dig sun.test
> > ; <<>> DiG 9.4.2-P2 <<>> sun.test
> > ;; global options: printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65413
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
> > 0
> >
> > ;; QUESTION SECTION:
> > ;sun.test. IN A
> >
> > ;; ANSWER SECTION:
> > sun.test. 600 IN A 192.168.2.1
> >
> > ;; AUTHORITY SECTION:
> > test. 600 IN NS sun.test.
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 192.168.2.1#53(192.168.2.1)
> > ;; WHEN: Sun Mar 1 10:39:28 2009
> > ;; MSG SIZE rcvd: 56
> >
> >
> > After this, I wanted to delegate the "example.test." zone to another
> > local DNS server of mine (the Plesk host). I did the delegation by
> > adding the following RR in the "test." zone (in the Sun host):
> >
> > example IN NS plesk
> >
> >
> > I tried to resolve the "example.test" domain with:
> >
> > dig example.test
> > ; <<>> DiG 9.4.2-P2 <<>> example.test
> > ;; global options: printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20407
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;example.test. IN A
> >
> > ;; Query time: 31 msec
> > ;; SERVER: 192.168.2.1#53(192.168.2.1)
> > ;; WHEN: Sun Mar 1 10:40:39 2009
> > ;; MSG SIZE rcvd: 30
> >
> >
> > Which failed...
> >
> > NB: I can see my local dns server sending queries to my isp dns
> > server. But why?
> >
> > NB: Asking the same question directly at the Plesk DNS server works:
> >
> > d
Re: how to create a private "test." zone?
Mark Andrews writes:
>
> In message <49ac5d59.1010...@ruilopes.com>, Rui Lopes writes:
> > Hi,
> >
> > Ben Bridges wrote:
> > > > sun
> > > >NB: it also forwards to "isp" dns server.
> > > If your sun server is configured to use your isp dns server as a
> > > forwarder, then I think it will forward requests for example.test
> > > to the isp server even though it delegated example.test to plesk.
> > > That would seem to be supported by the fact that your sun server knows
> > > it is not authoritative for example.test (no AA flag in response to
> > > the query for example.test) and that you see it sending requests
> > > to the isp server (although you don't specify that it is sending
> > > requests to it for example.test).
> > Ah sorry, its indeed sending requests to it for the example.test domain.
> >
> > > You could try creating example.test as a forward zone in named.conf on
> > > your sun server and specifying plesk as the forwarder for that zone.
> > Indeed, adding a forward zone like bellow works! but why does it work?
> > or why is it needed?
> >
> > zone "example.test" {
> > type forward;
> > // forward only;
> > // forwarders { 192.168.2.10; };
> > };
> >
> > Note that I only needed to include the "type forward" line, the other
> > lines do not seem to be needed. I'm I missing something? they aren't
> > really needed? By reading the bind manual it seems we have to include them
> .
> >
>
> You turned off forwarding for that namespace.
> It's the equivalent of:
>
> zone "example.test" {
> type forward;
> forwarders { /* empty */ };
> };
>
>
> You could have also added it to the test zones config.
>
> zone "test" {
> type master; // or slave
// or stub
> ...
> forwarders { /* empty */ };
> };
>
> Mark
>
> > BTW, if I try to query without recurse (and without addind the forward
> > zone as above):
> >
> > dig example.test +norecurse
> > ; <<>> DiG 9.4.2-P2 <<>> example.test +norecurse
> > ;; global options: printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62293
> > ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> >
> > ;; QUESTION SECTION:
> > ;example.test.INA
> >
> > ;; AUTHORITY SECTION:
> > example.test.600INNSplesk.test.
> >
> > ;; ADDITIONAL SECTION:
> > plesk.test.600INA192.168.2.10
> >
> > ;; Query time: 1 msec
> > ;; SERVER: 192.168.2.1#53(192.168.2.1)
> > ;; WHEN: Mon Mar 2 22:22:40 2009
> > ;; MSG SIZE rcvd: 66
> >
> > it seems to work (that is, it returns the NS and A record for the NS)...
> > only when quering with recurse it fails, any ideia why?
> >
> > Thanks!
> >
> > Best regards,
> > Rui Lopes
> >
> > >
> > >
> > >
> > > *From:* bind-users-boun...@lists.isc.org on behalf of Rui Lopes
> > > *Sent:* Sun 3/1/2009 2:46 PM
> > > *To:* bind-users@lists.isc.org
> > > *Subject:* how to create a private "test." zone?
> > >
> > > Hello,
> > >
> > > I'm trying to create a private "test." zone for use in my local
> > > "testing lab".
> > >
> > > I've setup an recursive DNS server that will serve the "test." zone
> > > (in Sun host; see the network diagram bellow).
> > >
> > The resolution of a domain in the "test" zone works as expected, eg:
> > >
> > > dig sun.test
> > > ; <<>> DiG 9.4.2-P2 <<>> sun.test
> > > ;; global options: printcmd
> > > ;; Got answer:
> > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65413
> > > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
> > > 0
> > >
> > > ;; QUESTION SECTION:
> > > ;sun.test. IN A
> > >
> > > ;; ANSWER SECTION:
> > > sun.test. 600 IN A 192.168.2.1
> > >
> > > ;; AUTHORITY SECTION:
> > > test. 600 IN NS sun.test.
> > >
> > > ;; Query time: 2 msec
> > > ;; SERVER: 192.168.2.1#53(192.168.2.1)
> > > ;; WHEN: Sun Mar 1 10:39:28 2009
> > > ;; MSG SIZE rcvd: 56
> > >
> > >
> > > After this, I wanted to delegate the "example.test." zone to another
> > > local DNS server of mine (the Plesk host). I did the delegation by
> > > adding the following RR in the "test." zone (in the Sun host):
> > >
> > > example IN NS plesk
> > >
> > >
> > > I tried to resolve the "example.test" domain with:
> > >
> > > dig example.test
> > > ; <<>> DiG 9.4.2-P2 <<>> example.test
> > > ;; global options: printcmd
> > > ;; Got answer:
> > > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20407
> > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> > >
> > > ;; QUESTION SECTION:
> > > ;example.test. IN A
> > >
> > > ;; Que
