On Feb 4, 2011, at 1:11 PM, Chris Buxton wrote:
> +trace does not do what you think it does. It does not query the target name
> server for each successive query. Rather, it causes the 'dig' command to
> perform recursion on its own, only using the indicated server (@server) to
> seed its root
In article ,
Jean-Yves Avenard wrote:
> Actually I just found what caused it not to work ; I have forwarders
> set ; If I comment-out the forwarders line ; then everything work as
> it should
>
> Can't delegation works if forwarders are enabled ?
No. When you have forwarders configured, it me
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 02/04/2011 16:09, Evan Hunt wrote:
| * A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
| allows for a TCP DoS attack. Until there is a kernel fix, ISC is
| disabling SO_ACCEPTFILTER support in BIND. [RT #225
RFC 2181, section 9, indicates that name servers should not set
the TC bit gratuitously; as long as the answer section is complete,
TC should not be set just because the authority and/or additional
sections won't also fit in the UDP packet.
Using BIND (9.4.3-P3 and 9.7.2-P3) as a resolver doesn't
__
Introduction
BIND 9.6.3 is the current release of BIND 9.6.
This document summarizes changes from BIND 9.6.2-P2 to BIND 9.6.3.
Please see the CHANGES file in the source code release for a complete
list of all cha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Colleagues,
ISC has issued a public advisory regarding the DNSSEC issue raised on
this list earlier this week. All operators who use or plan to use DNSSEC
should take careful note, prior to the addition of .com to the signed
root at the end of March.
In message , Tory
M Blue writes:
> > So that was the trace between the client and the nameserver. =A0What
> > about the trace between the nameserver and the rest of the world?
> >
> > The log message is trigger by multiple queries from your nameserver
> > not being answered and named falling back
> So that was the trace between the client and the nameserver. What
> about the trace between the nameserver and the rest of the world?
>
> The log message is trigger by multiple queries from your nameserver
> not being answered and named falling back simpler queries in a
> attempt to get them ans
In message , Tory
M Blue writes:
> On Fri, Feb 4, 2011 at 5:37 AM, Florian Weimer wrote:
> > * Tory M. Blue:
> >
> >> [tblue@mx3 ~]$ dig @problemserver.net =A0www.yahoo.com =A0+trace
> >
> > Please use "dig @problemserver.net www.yahoo.com +trace +norecurse
> > +dnssec", to match more closely th
On Fri, Feb 04, 2011 at 09:55:07PM +1100, Jean-Yves Avenard wrote:
> Hi there..
>
> I'm trying to create a delegation to a sub-domain ; for some reasons
> I'm getting no-where
>
> I have a domain.com zone ; I'd like to delegate mel.domain.com to
> another dns server (windows server DNS fwiw)
> He
On Fri, Feb 04, 2011 at 11:26:08AM -0500, John Wobus wrote:
> So 10.14.22.11 is a legal hostname, right?
>
> We had a recent experience where our DNS administration
> system allowed someone to insert in a CNAME record that
> resembled this:
>
> www.example.com. CNAME 10.14.22.11.
>
> A fascinati
On Fri, Feb 4, 2011 at 5:37 AM, Florian Weimer wrote:
> * Tory M. Blue:
>
>> [tblue@mx3 ~]$ dig @problemserver.net www.yahoo.com +trace
>
> Please use "dig @problemserver.net www.yahoo.com +trace +norecurse
> +dnssec", to match more closely the queires that BIND would send.
Okay thanks, done th
+trace does not do what you think it does. It does not query the target name
server for each successive query. Rather, it causes the 'dig' command to
perform recursion on its own, only using the indicated server (@server) to seed
its root server list. +trace also stops at the CNAME, and does not
On Feb 4, 2011, at 3:25 AM, Jean-Yves Avenard wrote:
> Actually I just found what caused it not to work ; I have forwarders
> set ; If I comment-out the forwarders line ; then everything work as
> it should
>
> Can't delegation works if forwarders are enabled ?
Only if either (a) the forwarders
So 10.14.22.11 is a legal hostname, right?
We had a recent experience where our DNS administration
system allowed someone to insert in a CNAME record that
resembled this:
www.example.com. CNAME 10.14.22.11.
A fascinating thing about this is that my computer/browser could
take me to www.example.
To add to the story, I added a rule to our DNS administration
system that we'll only allow hostnames that include
at least one alphabetic.
John
On Feb 4, 2011, at 11:26 AM, John Wobus wrote:
So 10.14.22.11 is a legal hostname, right?
We had a recent experience where our DNS administration
sys
* Tory M. Blue:
> [tblue@mx3 ~]$ dig @problemserver.net www.yahoo.com +trace
Please use "dig @problemserver.net www.yahoo.com +trace +norecurse
+dnssec", to match more closely the queires that BIND would send.
--
Florian Weimer
BFK edv-consulting GmbH http://www.bfk.de/
Dnia 2011-02-04 23:16 Jean-Yves Avenard napisał(a):
>Hi
>
>On 4 February 2011 22:54, Eivind Olsen wrote:
>
>> Unless I'm misunderstanding something, it should work. Here's an extract
>> from the BIND 9.7 ARM, section 6.2.16.2:
>>
>> "Forwarding occurs only on those queries for which the server i
On 4 February 2011 12:28, Jean-Yves Avenard wrote:
> I changed:
not sure how forwarders fixed this but looking at your zone it is
because you have reset your ORIGIN and not put a fuul stop at the end
of the ad record
domain.com. IN SOA m.domain.com. domainmaster.domain.com. (
Hi
On 4 February 2011 22:54, Eivind Olsen wrote:
> Unless I'm misunderstanding something, it should work. Here's an extract
> from the BIND 9.7 ARM, section 6.2.16.2:
>
> "Forwarding occurs only on those queries for which the server is not
> authoritative and does not have the answer in its cach
> mel A 192.168.0.3
> ; NS ad.domain.com
You are already defining an A record for "mel". I'd try commenting that
one out when you put the NS line back in (and make sure to give that NS
line a name of its own then, since it can then no longer piggyback
On 4 February 2011 22:51, Balder wrote:
> not sure how forwarders fixed this but looking at your zone it is
> because you have reset your ORIGIN and not put a fuul stop at the end
> of the ad record
> ;=as there is no dit at the end of ad.domain.com this will
> become. put a full stop at
> Actually I just found what caused it not to work ; I have forwarders
> set ; If I comment-out the forwarders line ; then everything work as
> it should
> Can't delegation works if forwarders are enabled ?
Unless I'm misunderstanding something, it should work. Here's an extract
from the BIND 9.7
Just re read that message and it didn't make too much sense so will try again
as there is no full stop at the end of the following line
; NS ad.domain.com
it would end up looking like this
;domain.com NS ad.domain.com.domain.com
if you put a full stop at the end of th
On 4/02/11 3:07 AM, "Tory M Blue" wrote:
> On Thu, Feb 3, 2011 at 5:23 PM, Barry Margolin wrote:
>> In article > SNIPPED<
>> www.yahoo.com. 300 IN CNAME fp.wg1.b.yahoo.com.
>>
>> And even when they did, it didn't get involved until you followed the
>> CNAME returned for www.yahoo.com.
I changed:
zone "domain.com" {
type master;
file "internal/db.domain.com";
check-names ignore;
notify TRUE;
allow-update { key "rndc-key"; };
};
to:
zone "domain.com" {
type master;
file "internal/db.domain.com";
check-names ignore;
Hi
On 4 February 2011 22:15, Stephane Bortzmeyer wrote:
> General rule with Unix daemons: always read the log. You'll find the
> error message.
>
> BIND-specific rule: test your zone with named-checkzone.
no errors of any kind are reported, in the log nor by named-checkzone
>
> Here, I suggest
On Fri, Feb 04, 2011 at 09:55:07PM +1100,
Jean-Yves Avenard wrote
a message of 112 lines which said:
> Now if I uncomment the NS ad.domain.com. mel.domain.com will not
> resolve anymore:
General rule with Unix daemons: always read the log. You'll find the
error message.
BIND-specific rule: t
Hi there..
I'm trying to create a delegation to a sub-domain ; for some reasons
I'm getting no-where
I have a domain.com zone ; I'd like to delegate mel.domain.com to
another dns server (windows server DNS fwiw)
Here is my zone file:
$ORIGIN .
$TTL 7200 ; 2 hours
domain.com. IN
29 matches
Mail list logo
