Re: Permission issue ¿?
Just changed the dirt, sorry for the noise El 22 de junio de 2023 1:25:57 p. m. GMT-03:00, "Ondřej Surý" escribió: >Which would not be a problem. But we can’t help the OP without the config >(named-checkconf -px) > >-- >Ondřej Surý — ISC (He/Him) > >My working hours and your working hours may be different. Please do not feel >obligated to reply outside your normal working hours. > >> On 22. 6. 2023, at 17:53, Marco wrote: >> >> Am 22.06.2023 um 11:47:50 Uhr schrieb Daniel Armando Rodriguez via >> bind-users: >> >>> drwxr-sr-x 4 root bind 4,0K jun 22 11:17 . >> >> That means that the group bind is not allowed to write into that >> directory. >> -- >> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from >> this list >> >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ for more information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >-- >Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from >this list > >ISC funds the development of this software with paid support subscriptions. >Contact us at https://www.isc.org/contact/ for more information. > > >bind-users mailing list >bind-users@lists.isc.org >https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
DNSSEC doubt
I wonder if it's mandatory make a manual deployment prior to an automated setup.-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNSSEC doubt
Thanks, I was reading but wasn't able to decode that. Best regards El 22 de junio de 2023 4:27:21 p. m. GMT-03:00, "Ondřej Surý" escribió: >It’s not. TL;DR use dnssec-policy. > >The more elaborate version of the TL;DR can be found in the DNSSEC Guide here: >https://bind9.readthedocs.io/en/v9.18.16/dnssec-guide.html > >-- >Ondřej Surý — ISC (He/Him) > >My working hours and your working hours may be different. Please do not feel >obligated to reply outside your normal working hours. > >> On 22. 6. 2023, at 20:43, Daniel A. Rodriguez via bind-users >> wrote: >> >> >> I wonder if it's mandatory make a manual deployment prior to an automated >> setup. >> -- >> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from >> this list >> >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ for more information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Master file permission denied
Exactly the same El 28 de junio de 2023 6:50:26 p. m. GMT-03:00, Mark Andrews escribió: >The *exact* same error, word for word, or a different permission denied? > >> On 29 Jun 2023, at 06:35, Daniel Armando Rodriguez via bind-users >> wrote: >> >> However, as soon as I added this >> >> dnssec-policy "default"; >> inline-signing yes; >> >> Error came up again :-( >> -- >> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from >> this list >> >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ for more information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > >-- >Mark Andrews, ISC >1 Seymour St., Dundas Valley, NSW 2117, Australia >PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Re: Multisite deployment issue
Finally could make it work using RPZ, just in case some would be interested. Mon Aug 02 18:25:12 GMT-03:00 2021 Nuno Simoes : Hi, Yes, so long as you are authoritative for the zone you can forward subdomains of that zone to any other DNS server you want. On Mon, Aug 2, 2021, 3:07 PM Daniel Armando Rodriguez via bind-users < bind-users@lists.isc.org> wrote: Was wondering If would be possible to setup a forwarding scheme just for some subdomains, I emphasize the fact that master is publicly accesible and current need is to locally resolv a bunch of subdomains of the same zone. I think image attached in previuos message is pretty explanatory, but currently my setup doen not work as (I) expected. > I attach a picture to best describe where I'm standed at. > > https://i.postimg.cc/x8PKnz53/ejemplo-com.png > > Currently disabled the SH setup to let just an authoritative DNS for > local resolution. Following the example, any request made from PC1 to > sys4/sys5/sys6 have no issues. However, if such host makes a request > to sys1/sys2/sys2 just get a time out response. > Any other query to outside, let's say google.com or whatever, works > just fine. El lun, 26 jul 2021 a las 13:29, Sten Carlsen ( s-carlsen.dk>>) escribió: >> >> Hi >> >> I am running just that setup. >> >> This may not scale well enough for your needs. >> >> I have one server with two views, one internal and one external. >> >> The external view is the hidden master for a number of public servers. >> All going through the relevant delegations. This is only >> authoritative. >> >> The internal view is selected by the client address and master files >> for the same domain but with my internal addresses. This is recursing >> and will answer from the master files for those domains and will >> recurse for any other query. >> >> This has served me well and e.g. I get the internal address for the >> mail server if I query from an internal address and I get the public >> address if I query from an external address. >> >> This setup means that mail clients will make a lookup of the same name >> always and if at home get the internal address and if outside get the >> public address. >> >> There is often a recommendation to use different domains, e.g. >> xxx.example.com for public addresses and xxx.internal.example.com for >> the same servers internal addresses. This is not very useful since >> e.g. a mail client would have to know about two different server names >> - with split horizon I can use the same name always. >> >> -- >> Best regards >> Sten Carlsen >> >> A pessimist is a person that can find a problem for every solution. >> >> >> On 26 Jul 2021, at 15.55, Daniel A. Rodriguez >> gmail.com>> wrote: >> >> Hi there, >> >> Currently have a public DNS up & runnin' but, due to brand new >> location, there's a need to add local resolution. >> >> With that in mind, first idea was to deploy a split horizon setup. >> Sadly just local resolution works so far. Double check config but >> currently I'm stuck with this situation. >> >> Was wondering if having the same zone both public and private, but >> with different records, could be an issue. Master for the zone is >> public, of course, and the private one -as mentioned- has a different >> set of records just for lan hosts. Idea was to go out just when a >> query for a public subdomain is requested, but that desn't seem to >> work. >> >> Both forwarders option and recursion are enabled. >> >> Any hint will be much appreciated. ___ Daniel A. Rodriguez Informática, Conectividad y Sistemas Universidad Nacional del Alto Uruguay San Vicente - Misiones - Argentina www.unau.edu.ar ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
