date:20150821

Help DNS

2015-08-21 Thread Int

Giving problem the DNS's resolution of names
When I sell off a nslookup from localhost:127.0.0.1 in the servers DNS Bind9

 Here what the DNS's log generates goes: For the following consultation to the 
DNS

 # nslookup ctc.cu

Server:  127.0.0.1
Address: 127.0.0.1 #53

** server can't find ctc.cu: NXDOMAIN
-
tail -1000 /var/log/syslog |grep namedd
Respond

 Aug 21 01:19:08 ns2 named[4481]: client 127.0.0.1#58899: view local: query 
(cache) 'ctc.cu/A/IN' denied
-
In another one views the IP for ctc.cu makes up its mind correctly

Somebody knows like solving it (Aug 21 01:19:08 ns2 named[4481]: client 
127.0.0.1#58899: view local: query (cache) 'ctc.cu/A/IN' denied)


My configuration's attached file of the servers sent them BIND 9,
please check my views's configuration and zones, 
tell me if you have any recommendation to configure views's and the DNS's zones 
or they can send me some example of configuration for a servers DNS with 3 
Interfaces of net


Please tell me as I can configure the inverse, 
general- form zones that they can recommend me to configure the servers DNS 
Bind 
with the bigger possible security

Greetings
  William

bind.rar
Description: application/rar
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Help DNS

2015-08-21 Thread Abdul Khader


Is 127.0.0.1 allowed to query in your named.conf ?


On 8/21/2015 8:22 PM, Int wrote:

Giving problem the DNS's resolution of names
When I sell off a nslookup from localhost:127.0.0.1 in the servers DNS Bind9

  Here what the DNS's log generates goes: For the following consultation to the 
DNS

  # nslookup ctc.cu

Server:  127.0.0.1
Address: 127.0.0.1 #53

** server can't find ctc.cu: NXDOMAIN
-
tail -1000 /var/log/syslog |grep namedd
Respond

  Aug 21 01:19:08 ns2 named[4481]: client 127.0.0.1#58899: view local: query 
(cache) 'ctc.cu/A/IN' denied
-
In another one views the IP for ctc.cu makes up its mind correctly

Somebody knows like solving it (Aug 21 01:19:08 ns2 named[4481]: client 
127.0.0.1#58899: view local: query (cache) 'ctc.cu/A/IN' denied)


My configuration's attached file of the servers sent them BIND 9,
please check my views's configuration and zones,
tell me if you have any recommendation to configure views's and the DNS's zones
or they can send me some example of configuration for a servers DNS with 3 
Interfaces of net


Please tell me as I can configure the inverse,
general- form zones that they can recommend me to configure the servers DNS Bind
with the bigger possible security

Greetings
   William


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Help DNS

2015-08-21 Thread Darcy Kevin (FCA)

nslookup is horrible. I'm assuming that the base query (ctc.cu) is getting 
REFUSED (probably due to lack of loopback in the allow-query-cache clause), 
then nslookup is stepping through the searchlist, getting one or more 
NXDOMAINs, and misreporting the overall failure as NXDOMAIN.

If nslookup *must* be used (try dig instead), at least turn on debug so you can 
see what it's doing behind the scenes.


- Kevin

From: bind-users-boun...@lists.isc.org 
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Abdul Khader
Sent: Friday, August 21, 2015 11:36 AM
To: bind-users@lists.isc.org
Subject: Re: Help DNS

Is 127.0.0.1 allowed to query in your named.conf ?

On 8/21/2015 8:22 PM, Int wrote:

Giving problem the DNS's resolution of names

When I sell off a nslookup from localhost:127.0.0.1 in the servers DNS Bind9



 Here what the DNS's log generates goes: For the following consultation to the 
DNS



 # nslookup ctc.cu



Server:  127.0.0.1

Address: 127.0.0.1 #53



** server can't find ctc.cu: NXDOMAIN

-

tail -1000 /var/log/syslog |grep namedd

Respond



 Aug 21 01:19:08 ns2 named[4481]: client 127.0.0.1#58899: view local: query 
(cache) 'ctc.cu/A/IN' denied

-

In another one views the IP for ctc.cu makes up its mind correctly



Somebody knows like solving it (Aug 21 01:19:08 ns2 named[4481]: client 
127.0.0.1#58899: view local: query (cache) 'ctc.cu/A/IN' denied)





My configuration's attached file of the servers sent them BIND 9,

please check my views's configuration and zones,

tell me if you have any recommendation to configure views's and the DNS's zones

or they can send me some example of configuration for a servers DNS with 3 
Interfaces of net





Please tell me as I can configure the inverse,

general- form zones that they can recommend me to configure the servers DNS Bind

with the bigger possible security



Greetings

  William



___

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list



bind-users mailing list

bind-users@lists.isc.org

https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNSSEC secondary (free)

2015-08-21 Thread Mathew Ian Eis


I gathered what little I know from here: 
https://forums.he.net/index.php?topic=1006.0 where one of their admins says 
"DNSSEC records can be stored and served, but no additional processing is 
performed.” 

If you’re loading through zone transfers, this should be enough for secondary 
service - and the admin suggests as much on the same thread. (but again, no 
personal experience yet)

Mathew Eis
Northern Arizona University
Information Technology Services
mathew@nau.edu
(928) 523-2960








-Original Message-
From:  on behalf of /dev/rob0
Organization: RTFM
Reply-To: "bind-users@lists.isc.org"
Date: Thursday, August 20, 2015 at 4:59 PM
To: "bind-users@lists.isc.org"
Subject: Re: DNSSEC secondary (free)

>On Thu, Aug 20, 2015 at 06:29:57PM +, Mathew Ian Eis wrote:
>> I believe Hurricane Electric’s free DNS https://dns.he.net/ 
>> supports DNSSEC if you do zone transfers to them. (No personal 
>
>Their web site does not say so:
>
> * DNSSEC - We are exploring this now
>
>It has said this for about 3.1 forevers.  Does anyone know if 
>exploration was successful?
>
>> experience, but we’ve been considering using them for the same 
>> purpose, and they seem to have a good community reputation).
>
>-- 
>  http://rob0.nodns4.us/
>  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
>___
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
>from this list
>
>bind-users mailing list
>bind-users@lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Best Practices: Slaves And Split Horizon Masters

2015-08-21 Thread Tim Daneliuk

I have a bind9 split horizon master with two views: internal and external.

However, if attempt to populate a slave from it, the internal view leaks out
and is visible to the world.

Is there some best practice for running slaves from split horizon masters
that I should be studying?

Thanks,
-- 

Tim Daneliuk tun...@tundraware.com
PGP Key: http://www.tundraware.com/PGP/

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Best Practices: Slaves And Split Horizon Masters

2015-08-21 Thread Bob Harold

https://kb.isc.org/article/AA-00296/0/My-slave-server-for-both-an-internal-and-an-external-view-has-both-views-transferred-from-the-same-master-view-how-to-resolve-.html



-- 
Bob Harold
hostmaster, UMnet, ITcom
Information and Technology Services (ITS)
rharo...@umich.edu
734-647-6524 desk

On Fri, Aug 21, 2015 at 12:39 PM, Tim Daneliuk 
wrote:

> I have a bind9 split horizon master with two views: internal and external.
>
> However, if attempt to populate a slave from it, the internal view leaks
> out
> and is visible to the world.
>
> Is there some best practice for running slaves from split horizon masters
> that I should be studying?
>
> Thanks,
> --
>
> 
> Tim Daneliuk tun...@tundraware.com
> PGP Key: http://www.tundraware.com/PGP/
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Best Practices: Slaves And Split Horizon Masters

2015-08-21 Thread Tim Daneliuk

On 08/21/2015 11:57 AM, Bob Harold wrote:
> https://kb.isc.org/article/AA-00296/0/My-slave-server-for-both-an-internal-and-an-external-view-has-both-views-transferred-from-the-same-master-view-how-to-resolve-.html
> 
> 
> 
> -- 
> Bob Harold
> hostmaster, UMnet, ITcom
> Information and Technology Services (ITS)
> rharo...@umich.edu 
> 734-647-6524 desk
> 
>


Exactly what I needed, thanks!


-- 

Tim Daneliuk tun...@tundraware.com
PGP Key: http://www.tundraware.com/PGP/

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Help DNS

Re: Help DNS

RE: Help DNS

Re: DNSSEC secondary (free)

Best Practices: Slaves And Split Horizon Masters

Re: Best Practices: Slaves And Split Horizon Masters

Re: Best Practices: Slaves And Split Horizon Masters

7 matches

Site Navigation

Mail list logo

Footer information