Hi Alan,
Thanks for the help.
Regards,
Rock
From: Alan Clegg
To: bind-users@lists.isc.org
Sent: Fri, July 23, 2010 11:45:08 AM
Subject: Re: reject or drop queries
On 7/22/2010 8:42 PM, Rock July wrote:
> This is my current setup right now and the reason
On 7/22/2010 8:42 PM, Rock July wrote:
> This is my current setup right now and the reason why I want to reject
> or drop the queries;
>
> PC Clients: XP, Vista and 7 (Vista and 7 clients are sending both A and
> queries) send queries to DNS A.
> DNS A: will just forward the query to My
This is my current setup right now and the reason why I want to reject or drop
the queries;
PC Clients: XP, Vista and 7 (Vista and 7 clients are sending both A and
queries) send queries to DNS A.
DNS A: will just forward the query to My DNS
MyDNS: will query to DNS B in behalf of DNS A
Thanks for the confirmation that the problem was related to DNSSEC.
I didn't see your message until I got home from work; however, I did find the
root of the problem late this afternoon. At each of our Internet egress and
ingress points, we have Cisco ASA devices sitting in front of a pair of
In article ,
Peter Laws wrote:
> I have multiple interfaces on my master and multiple interfaces on most of
> my slaves.
>
> I've got one of the slaves set up so that its masters {}; statement has two
> of the master's interfaces in it. The preferred is first, with the
> non-preferred secon
BIND 9.7.2b1 is now available.
BIND 9.7.2b1 is a beta version of the maintenance release for
BIND 9.7.
BIND 9.7.2b1 can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.tar.gz
http://ftp.isc.org/isc/bind9/9.7.2b1/bind-9.7.2b1.ta
On 07/22/2010 10:59 PM, Peter Laws wrote:
I have multiple interfaces on my master and multiple interfaces on most of
my slaves.
I've got one of the slaves set up so that its masters {}; statement has two
of the master's interfaces in it. The preferred is first, with the
non-preferred second. I
In message <210229.86286...@web120110.mail.ne1.yahoo.com>, Rock July writes:
>
> Hi All,
>
> I just want to know if I put listen--on-v4 {yes;}; on opetions of
> named.conf, will my DNS drop or reject all queries by IPv4 clients?
The option is filter--on-v4. Additionally filter-aa
I have multiple interfaces on my master and multiple interfaces on most of
my slaves.
I've got one of the slaves set up so that its masters {}; statement has two
of the master's interfaces in it. The preferred is first, with the
non-preferred second. I was contemplating using this on all sla
On 22/07/10 16:45, Alan Clegg wrote:
On 7/22/2010 8:33 AM, Phil Mayers wrote:
only IPv4 interface is enabled. If I put the option "filter--on-v4
{yes;};", will my DNS reject the queries?
This option breaks DNSSEC.
Actually, it doesn't. If the DO bit is set in the query, the defaul
On Thu, Jul 22, 2010 at 10:01 AM, Atkins, Brian (GD/VA-NSOC)
wrote:
>
> Several people suggested looking at named-checkzone, but my goal is to
> compare an edited version of the zone file against the active zone file.
>
If you're just looking at changes, try something like:
named-checkzone -D -
Hi Brian,
Why don't you load the zonefile you changed into a test dns server and
then compare the queries against prod and your test system? Might be
easier than parsing the file in my opinion.
Regards,
Adrian
-Original Message-
From: bind-users-bounces+urs-t.bolliger=ubs@lists.isc.
Thanks, Bill. That's more what I'm looking for.
Several people suggested looking at named-checkzone, but my goal is to compare
an edited version of the zone file against the active zone file. The
named-checkzone program, to my understanding, merely checks for syntax and
doesn't do anything with
On Thu, 22 Jul 2010 11:44:55 -0400, "Atkins, Brian (GD/VA-NSOC)"
wrote:
> Does anyone know of an existing script or program that can parse a zone
> file and verify records against an active server?
>
Oh, a challenge. Thanks
> I'm attempting to clean up some large zone files and want to ensure
On Thu, 22 Jul 2010, Atkins, Brian (GD/VA-NSOC) wrote:
Does anyone know of an existing script or program that can parse a zone
file and verify records against an active server?
named-checkzone these days does some checks unless specified not to do so.
(note to self: dont do that on a 2.5M reco
On Thu, 22 Jul 2010, Atkins, Brian (GD/VA-NSOC) wrote:
> Does anyone know of an existing script or program that can parse a zone
> file and verify records against an active server?
Have you looked at named-checkzone?
Tony.
--
f.anthony.n.finchhttp://dotat.at/
FORTIES: NORTH 5 OR 6, DECREASI
On 7/22/2010 8:33 AM, Phil Mayers wrote:
>> only IPv4 interface is enabled. If I put the option "filter--on-v4
>> {yes;};", will my DNS reject the queries?
>
> This option breaks DNSSEC.
Actually, it doesn't. If the DO bit is set in the query, the default
behavior (I'll let you dig to
Does anyone know of an existing script or program that can parse a zone
file and verify records against an active server?
I'm attempting to clean up some large zone files and want to ensure that
none of the changes will break DNS when I implement it. Later, I'd like
to use it to verify that the re
On Thu, Jul 22, 2010 at 9:24 AM, Rock July wrote:
> I just want to know if I put listen--on-v4 {yes;}; on opetions of
> named.conf, will my DNS drop or reject all queries by IPv4 clients?
Why do you think you want to know this? It was recommended in another
listmail on this list that you
On 22/07/10 12:19, Rock July wrote:
Windows Vista and 7 clients will query both type A and query even
The OS might make the query, but the application will (should) be using
getaddrinfo, and this will return the IPv4 addresses first, so it
doesn't matter.
only IPv4 interface is enable
Mark,
> Named has to deal with multually incompatible senarios. DNSSEC
> which requires EDNS and nameservers and firewalls which drop EDNS
> requests so named has to turn off EDNS to get answers back.
> Occasionally a set of answers will take too long to get back to
> named or are lost due to net
Hi All,
I just want to know if I put listen--on-v4 {yes;}; on opetions of
named.conf, will my DNS drop or reject all queries by IPv4 clients?
Thanks,
Rock July
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/
Phil Mayers writes:
> If IPv6 is turned off, the windows machines should not be registering IPv6
> addresses. Maybe IPv6 was turned on in the past, and they haven't been
> garbage-collected for some reason? (Windows DNS records which were
> inserted
> by dynamic update are supposed to be garbage c
Windows Vista and 7 clients will query both type A and query even only
IPv4
interface is enabled. If I put the option "filter--on-v4 {yes;};", will my
DNS reject the queries?
Thanks
Rock
From: Phil Mayers
To: bind-users@lists.isc.org
Sent: Thu
> Well i wonder this is the right place. What server characteristics you
> recomend me as minimum for a bind that will get about
> 1 req/sec
Insufficient information. What kind of queries should the server
handle? There's a big difference between an authoritative only server
and a recursive
On Thu, 22 Jul 2010 07:15:25 +1000, Mark Andrews said:
> In message <19526.43429.234698.104...@hadron.switch.ch>, Alexander Gall
> writes:
>> On Wed, 21 Jul 2010 09:20:21 +0200, Gilles Massen
>> said:
>>
>> > Hello,
>> > Since enabling the root TA in my resolver, I keep seeing from time to ti
On 07/22/2010 07:52 AM, R Juneja wrote:
Hi,
I am new to socket programming. Please help me with a situation.
This is the wrong place to ask. This mailing list is for discussing the
Bind DNS server, not socket programming.
The function call connect (non -blocking) is failing with setting
On 07/21/2010 10:10 PM, Martin McCormick wrote:
This is admittedly not a bind question, but it has
become a major nag factor and I am not sure what to recommend.
We delegate our Microsoft Active Directory zone to
Microsoft domain controllers and they have stuffed their zone
with
28 matches
Mail list logo
