Re: Reverse Records on a leash?
On 09.08.13 17:44, Eduardo Bonsi wrote: I would like to know why we are treat like a dog on a leash when the question is to reverse our DNS ip address to a FQDN of our choices since our account is already assigned to us by our ISP? i don't understand your question. 000.000.000.000.in-addr.arpa. 7200 IN PTR yourdomain.com. yourdomain.com.IN A 000.000.000.000 however, reverse DNS records must not be zero-filled (those won't be taken into account) Is there a way to get around that without have to ask our ISP to reverse it? Can we use CNAMES for that? I'm afraid but it's your ISP who must set up reverse records or delegate them to you. Unless you have IP range allocated from regional internet registry. One of the major problem here is that ISPs are not happy to make all that money in their subscribers, they also want to exploit that part and charge you for it. ... and please, do not tell me that is to keep the spammers out because that so far has not proven to be true. The bad guys have an unlimited number of domains to do their dirt work everyday. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Silvester Stallone: Father of the RISC concept. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Records on a leash?
On 10 August 2013 01:44, Eduardo Bonsi wrote: > I would like to know why we are treat like a dog on a leash when the > question is to reverse our DNS ip address to a FQDN of our choices since our > account is already assigned to us by our ISP? I would guess that for the most part ISPs provide a pool of addresses to their subscribers and your connection will obtain a new IP dynamically when it connects. If you have a static IP assigned to your connection (you are usually charged extra for this, at least in the UK you are) then the ISP may allow you to change the rDNS for that IP address as it is "owned" by you (but they might also charge you an admin fee for changing this). Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Records on a leash?
On 8/10/13 3:37 AM, Matus UHLAR - fantomas wrote: On 09.08.13 17:44, Eduardo Bonsi wrote: I would like to know why we are treat like a dog on a leash when the question is to reverse our DNS ip address to a FQDN of our choices since our account is already assigned to us by our ISP? i don't understand your question. Sorry Matus, I thought it was clear! 000.000.000.000.in-addr.arpa. 7200 IN PTR yourdomain.com. yourdomain.com.IN A 000.000.000.000 however, reverse DNS records must not be zero-filled (those won't be taken into account) I put zeros just as an example. it can be 111.111.111.111 where 1= (any ipv4 number) or 000.000.000.000. where 0 is (any ipv4 number). Is there a way to get around that without have to ask our ISP to reverse it? Can we use CNAMES for that? I'm afraid but it's your ISP who must set up reverse records or delegate them to you. Unless you have IP range allocated from regional internet registry. Yes, I know that and this is my problem! Why should we be subjected to the ISP for reverse when we already have a static ip and are paying for the internet account, that by the way it is not cheap or catered to small business? Can we just CNAME whatever reverse they have there like; 000.000.000.000.someISP.net. IN CNAME mydomain.com. Is that cause a technical issue according to BIND? I thought I read somewhere you cannot CNAME under certain rules. Is this one of them? One of the major problem here is that ISPs are not happy to make all that money in their subscribers, they also want to exploit that part and charge you for it. ... and please, do not tell me that is to keep the spammers out because that so far has not proven to be true. The bad guys have an unlimited number of domains to do their dirt work everyday. -- Eduardo Bonsi System - Network Admin beart...@pacbell.net ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Records on a leash?
On 10 August 2013 18:26, Eduardo Bonsi wrote: > Why should we be subjected to the ISP for reverse when we already have a > static ip and are paying for the internet account, that by the way it is not > cheap or catered to small business? Simple answer... the ISP is the owner of the IP address space, not you. You pay for a service which provides you with a static IP, but it isn't your IP address as far as the registries are concerned. Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Records on a leash?
On Sat, Aug 10, 2013 at 10:34 AM, Steven Carr wrote: > On 10 August 2013 18:26, Eduardo Bonsi wrote: > > Why should we be subjected to the ISP for reverse when we already have a > > static ip and are paying for the internet account, that by the way it is > not > > cheap or catered to small business? > > Simple answer... the ISP is the owner of the IP address space, not > you. You pay for a service which provides you with a static IP, but it > isn't your IP address as far as the registries are concerned. > > Steve > "Ownership" of the address space is only maginally tied to DNS delegation. Just becuase the space is delegated to you does not mean you own it. That said, a CNAME will work internally, but not externally as the delegation chain will pass through your ISP and they will return an authoritative response with whatever data they have unless that data is delegated to your server. -- R. Kevin Oberman, Network Engineer E-mail: rkober...@gmail.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Records on a leash?
No -- and it's not BIND, it's the DNS spec. Reverse entries are in the .in-addr.arpa domian, not your domain name. - Original Message - From: Eduardo Bonsi [mailto:beart...@pacbell.net] Sent: Saturday, August 10, 2013 01:26 PM To: bind-users@lists.isc.org Subject: Re: Reverse Records on a leash? On 8/10/13 3:37 AM, Matus UHLAR - fantomas wrote: > On 09.08.13 17:44, Eduardo Bonsi wrote: >> I would like to know why we are treat like a dog on a leash when the >> question is to reverse our DNS ip address to a FQDN of our choices >> since our account is already assigned to us by our ISP? > > i don't understand your question. Sorry Matus, I thought it was clear! > >> 000.000.000.000.in-addr.arpa. 7200 IN PTR yourdomain.com. >> >> yourdomain.com.IN A 000.000.000.000 > > however, reverse DNS records must not be zero-filled (those won't be taken > into account) I put zeros just as an example. it can be 111.111.111.111 where 1= (any ipv4 number) or 000.000.000.000. where 0 is (any ipv4 number). > >> Is there a way to get around that without have to ask our ISP to >> reverse it? Can we use CNAMES for that? > > I'm afraid but it's your ISP who must set up reverse records or delegate > them to you. Unless you have IP range allocated from regional internet > registry. Yes, I know that and this is my problem! Why should we be subjected to the ISP for reverse when we already have a static ip and are paying for the internet account, that by the way it is not cheap or catered to small business? Can we just CNAME whatever reverse they have there like; 000.000.000.000.someISP.net. IN CNAME mydomain.com. Is that cause a technical issue according to BIND? I thought I read somewhere you cannot CNAME under certain rules. Is this one of them? > >> One of the major problem here is that ISPs are not happy to make all >> that money in their subscribers, they also want to exploit that part >> and charge you for it. >> >> ... and please, do not tell me that is to keep the spammers out >> because that so far has not proven to be true. The bad guys have an >> unlimited number of domains to do their dirt work everyday. > -- Eduardo Bonsi System - Network Admin beart...@pacbell.net ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How does it work, if I don't give the named.ca information for cache only dns server
Hi All,
I have installed bind-9.8.2-0.17.rc1.el6_4.5.x86_64 on CentOS 6.3, and the
bind-chroot package is not installed.
Here is my /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
#zone "." IN {
# type hint;
# file "named.ca";
#};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
---
As you see, I have commented out the parameter about named.ca and I also mv
the /var/named/named.ca to /var/named/named.ca.original
And start the /etc/init.d/named, after I issue #host lists.isc.org
I can still get the IP address for lists.isc.org:
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
lists.isc.org has address 149.20.64.75
lists.isc.org has IPv6 address 2001:4f8:0:2::23
lists.isc.org mail is handled by 10 mx.ams1.isc.org.
lists.isc.org mail is handled by 10 mx.pao1.isc.org.
---
and in the /var/log/messages, I can find these:
g 10 16:04:08 ch2-lab1 named[1924]: error (network unreachable) resolving '
isc.org/DS/IN': 2001:500:b::1#53
Aug 10 16:04:08 ch2-lab1 named[1924]: error (network unreachable) resolving
'isc.org/DS/IN': 2001:500:e::1#53
Aug 10 16:04:08 ch2-lab1 named[1924]: error (network unreachable) resolving
'isc.org/DS/IN': 2001:500:f::1#53
Aug 10 16:04:08 ch2-lab1 named[1924]: error (network unreachable) resolving
'org/DNSKEY/IN': 2001:500:40::1#53
Aug 10 16:04:08 ch2-lab1 named[1924]: error (network unreachable) resolving
'org/DNSKEY/IN': 2001:500:c::1#53
Aug 10 16:04:08 ch2-lab1 named[1924]: error (network unreachable) resolving
'org/DNSKEY/IN': 2001:500:48::1#53
Aug 10 16:04:09 ch2-lab1 named[1924]: error (network unreachable) resolving
'lists.isc.org//IN': 2001:500:71::30#53
Aug 10 16:04:09 ch2-lab1 named[1924]: error (network unreachable) resolving
'lists.isc.org//IN': 2001:4f8:0:2::19#53
Aug 10 16:04:09 ch2-lab1 named[1924]: error (network unreachable) resolving
'lists.isc.org//IN': 2001:500:60::30#53
Can anyone who can tell me How the cache server can query without given
named.ca?
Thanks,
Bu Xiaobing
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: How does it work, if I don't give the named.ca information for cache only dns server
In article , Sury Bu wrote: > Can anyone who can tell me How the cache server can query without given > named.ca? BIND has a default list of root servers built into the code. These are used if no "type hint" zone is in the named.conf. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
