Re: How can I launch a private Internet DNS server?
On Thu 15/Oct/2020 20:59:32 +0200 Stephane Bortzmeyer wrote: On Thu, Oct 15, 2020 at 11:16:05AM -0700, Fred Morris wrote a message of 50 lines which said: 2) If you want to run your own DNS nameservers, you will need to buy a book, read the (BIND) Administrator's Reference Manual, and/or some RFCs Very bad advice. RFCs are not for the faint of heart and the RFC on DNS (RFC 1034 and 1035) are among the most difficult. And they were never kept up-to-date so there are a lot of obsolete things in it. Yet, some RFCs seem to make for a good introductory course. For example: https://tools.ietf.org/html/rfc8499 Best Ale -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can I launch a private Internet DNS server?
On Thu 15/Oct/2020 18:57:16 +0200 Jason Long via bind-users wrote: Excuse me, I just have one server for DNS and that tutorial is about secondary DNS server too. Just skip the chapter about the secondary. You're better off buying secondary DNS services externally. A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. Best Ale On Thu, Oct 15, 2020 at 8:15 PM, Michael De Roover wrote: There are various tutorials online for making authoritative DNS servers, such as this one: https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-an-authoritative-only-dns-server-on-ubuntu-14-04 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can I launch a private Internet DNS server?
On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: > A good secondary offloads your server > noticeably, and > keeps the domain alive in case of temporary failures. AFAIK, authoritative slave servers are only used when the master is confirmed to be down. Lookups take significantly longer in such cases since for every request, the master will be asked first. This can take between 2-4s. There are no performance benefits to running multiple name servers as master-slave, though it's fairly easy and offers good redundancy (a slow lookup is still better than no lookup). A commercial service will have to support zone transfer from your master, and said master has to have that commercial service authorized to pull your zone(s). I haven't personally heard of such services, and would probably just run another BIND box somewhere else (different hosting provider or something like that). -- Michael De Roover ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can I launch a private Internet DNS server?
On Thu 05/Nov/2020 12:59:37 +0100 Michael De Roover wrote: On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. AFAIK, authoritative slave servers are only used when the master is confirmed to be down. Lookups take significantly longer in such cases since for every request, the master will be asked first. This can take between 2-4s. There are no performance benefits to running multiple name servers as master-slave, though it's fairly easy and offers good redundancy (a slow lookup is still better than no lookup). IME, slave servers[*] are queried all the time, and since they have a better connection than I do, they reply faster. A commercial service will have to support zone transfer from your master, and said master has to have that commercial service authorized to pull your zone(s). Yes I haven't personally heard of such services, and would probably just run another BIND box somewhere else (different hosting provider or something like that). It costs much more. Best Ale -- [*] Oops, *secondary* servers --they said not to use /slave/ since gone with the wind was censored, lest the DNS gets censored as well... Oh gosh! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Latest bind for centos7
Hi, What is the latest bind version for Centos 7? Where we can download it? Regards, Ramesh ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can I launch a private Internet DNS server?
On Thu, Nov 5, 2020 at 7:00 AM Michael De Roover wrote: > On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: > > A good secondary offloads your server > > noticeably, and > > keeps the domain alive in case of temporary failures. > > AFAIK, authoritative slave servers are only used when the master is > confirmed to be down. Lookups take significantly longer in such cases > since for every request, the master will be asked first. This can take > between 2-4s. There are no performance benefits to running multiple > name servers as master-slave, though it's fairly easy and offers good > redundancy (a slow lookup is still better than no lookup). A commercial > service will have to support zone transfer from your master, and said > master has to have that commercial service authorized to pull your > zone(s). I haven't personally heard of such services, and would > probably just run another BIND box somewhere else (different hosting > provider or something like that). > -- > Michael De Roover > You appear to have confused 'secondary' authoritative servers with a second 'resolver'. Authoritative servers - listed in the NS records - are used by other DNS servers, not by end users, and they will get used equally with the slaves, if your parent zone has the right NS records also. Those are good to outsource the secondaries. But a second resolver - the addresses listed in /etc/resolv.conf or the "DNS servers" seen in windows client settings, will only be used by the client if the first server does not respond. For that, you can use a public resolver like Google 8.8.8.8 as the second choice for your users. -- Bob Harold ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Latest bind for centos7
On 05/11/2020 14:02, rams wrote: Hi Ramesh, > What is the latest bind version for Centos 7? > Where we can download it? "yum info bind" will give you all the information you need. Regards, Anand Buddhdev ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can I launch a private Internet DNS server?
Am 05.11.20 um 12:59 schrieb Michael De Roover: On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. AFAIK, authoritative slave servers are only used when the master is confirmed to be down impossible because nobody can know from the outside which is slave and which is master in doubt none of the public reachable is master at all, both slaves and pull from a internal master not public reachable ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can I launch a private Internet DNS server?
On 2020-11-05 07:36, Bob Harold wrote: On Thu, Nov 5, 2020 at 7:00 AM Michael De Roover wrote: On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. AFAIK, authoritative slave servers are only used when the master is confirmed to be down. Lookups take significantly longer in such cases since for every request, the master will be asked first. This is not true, as Bob points out, and as I add to below. You appear to have confused 'secondary' authoritative servers with a second 'resolver'. Authoritative servers - listed in the NS records - are used by other DNS servers, not by end users, and they will get used equally with the slaves, if your parent zone has the right NS records also. Those are good to outsource the secondaries. It should perhaps be pointed out here that the DNS protocol has no means to distinguish among different types of NS host. (Yes, there is the SOA MNAME, but that is not used by resolvers.) One NS is as good as any other NS. For that matter, there is no requirement that any zone should have different kinds of NS hosts. Some might still be using out-of-band means to distribute zone files among multiple master/primary servers. Others might have all NS as secondary/slave servers, which get their notifies and transfer the zone from an unlisted (not listed among the zone's NS records) primary server. BIND named as resolver is going to try all NS and stick with whichever gives the fastest responses. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How can I launch a private Internet DNS server?
On Thu, 2020-11-05 at 11:27 -0600, Chuck Aurora wrote: > On 2020-11-05 07:36, Bob Harold wrote: > > You appear to have confused 'secondary' authoritative servers with > > a > > second 'resolver'. > > Authoritative servers - listed in the NS records - are used by > > other > > DNS servers, not by end users, and they will get used equally with > > the > > slaves, if your parent zone has the right NS records also. Those > > are > > good to outsource the secondaries. > > It should perhaps be pointed out here that the DNS protocol has no > means to distinguish among different types of NS host. (Yes, there > is > the SOA MNAME, but that is not used by resolvers.) One NS is as good > as any other NS. These (SOA and behavior for resolvers) probably describe where I got confused, thanks for the explanations! -- Michael De Roover ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
