Re: servfail when refresh aws.amazon.com

2011-06-22 Thread Eric Yiu
Hi, I tried to go debug level 2 on query-errors and have the result: 23-Jun-2011 09:57:39.182 query-errors: debug 1: client 202.14.67.27#55079: query failed (SERVFAIL) for aws.amazon.com/IN/A at query.c:4651 23-Jun-2011 09:57:39.182 query-errors: debug 2: fetch completed at resolver.c:3103 for a

Re: CVS 2011-1910

2011-06-22 Thread Mark Andrews
In message <6134bb3286a31d4db61e57114e8ba7c0607e4...@seaembx01.olympus.f5net.co m>, Jack Tavares writes: > I would like a clarification of something about this vulnerability. > > If my named config has "recursion no", it is vulnerable to this ? > > Thanks Potentially. Authoritative servers mak

CVS 2011-1910

2011-06-22 Thread Jack Tavares
I would like a clarification of something about this vulnerability. If my named config has "recursion no", it is vulnerable to this ? Thanks -- Jack Tavares "How many more can we sell with this button?" ___ Please visit https://lists.isc.org/mailman/li

Re: bind9 enum hack

2011-06-22 Thread Stefan Certic
On Wednesday, June 22, 2011 10:38:31 pm Ben Croswell wrote: > Is the child domain you want to forward delegated in the parent you load? > If it isn't the forward will be ignored. > > -Ben Croswell > > On Jun 22, 2011 4:35 PM, "Stefan Certic" wrote: > > Hi, > > > > I am facing the following puzz

Re: servfail when refresh aws.amazon.com

2011-06-22 Thread Kevin Darcy
On 6/22/2011 7:26 AM, Eric Yiu wrote: Hi, I am using bind9.7.3-P1 with solaris10x86. I notice that sometimes our bind server will reply servfail when querying a zone aws.amazon.com which is expiring, while this aws.amazon.com only 60sec cache li

bind9 enum hack

2011-06-22 Thread Stefan Certic
Hi, I am facing the following puzzle: zone "4.6.1.8.3.e164enum" { type forward; forwarders {127.0.0.1 port 5200;}; }; zone "e164enum" { type master; file "/etc/bind/enum.conf"; }; while enum.conf has something like: *.4.6.1.8.3.e164enum. NAPTR 10 100 "u" "E2U+pstn:tel" "!^(.*)$!tel: \\1\;spn=2

Re: Slaves do not more update

2011-06-22 Thread Jim Glassford
Hi, May have already been covered by another but just to verify, "beating a dead horse" Do you update the serial number before you sign the zone? If automated at all with scripts, make sure you update the SOA serial number then sign. jim On 6/22/2011 1:42 PM, Michelle Konzack wrote: Hello

Re: Slaves do not more update

2011-06-22 Thread Michelle Konzack
Hello Matus UHLAR - fantomas, Am 2011-06-22 14:10:24, hacktest Du folgendes herunter: > After changing the file on master, increasing the SOA and reloading > the zone, did you check the SOA version on master? Did the master > reload new zone? What do logs say? I can use "nsupdate" on my MASTER

Re: Slaves do not more update

2011-06-22 Thread Michelle Konzack
Hello Chris Buxton, Am 2011-06-22 06:26:47, hacktest Du folgendes herunter: > If the mtime of the slave's file changes, then there's something else > wrong. It's refreshing, and resetting the refresh timer, but it's not > seeing an update. Right and I do not find the error... If I clear the cach

Re: Slaves do not more update

2011-06-22 Thread Chris Buxton
If the mtime of the slave's file changes, then there's something else wrong. It's refreshing, and resetting the refresh timer, but it's not seeing an update. Regards, Chris Buxton BlueCat Networks On Jun 22, 2011, at 3:57 AM, Michelle Konzack wrote: > Hello Chris Buxton, > > Am 2011-06-21 19:0

Re: Slaves do not more update

2011-06-22 Thread Matus UHLAR - fantomas
Am 2011-06-21 19:01:57, hacktest Du folgendes herunter: This sounds like a failure of the DNS Notify system. Have you checked the logs? If nothing interesting is logged, have you checked the logging statement? On 22.06.11 12:57, Michelle Konzack wrote: I have nothing found relevant. I will del

Re: How to Setup a Name Servers visible on Internet?

2011-06-22 Thread Matus UHLAR - fantomas
On 21.06.11 12:26, Metropolitan College wrote: I'm sorry, I forgot that a terminal mail clients don't support HTMl, They do. However HTML mail is hard to read and even harder to reply. That's why I didn't read most of your former mails... This below is my zone file metropolitanbuntu.co.za.ex

servfail when refresh aws.amazon.com

2011-06-22 Thread Eric Yiu
Hi, I am using bind9.7.3-P1 with solaris10x86. I notice that sometimes our bind server will reply servfail when querying a zone aws.amazon.com which is expiring, while this aws.amazon.com only 60sec cache lifetime, eg. > /usr/local/bin/dig a aws.amazon.com ; <<>> DiG 9.7.3-P1 <<>> a aws.amazon.

Re: Slaves do not more update

2011-06-22 Thread Michelle Konzack
Hello Chris Buxton, Am 2011-06-21 19:01:57, hacktest Du folgendes herunter: > This sounds like a failure of the DNS Notify system. Have you checked > the logs? If nothing interesting is logged, have you checked the > logging statement? I have nothing found relevant. I will delay the next changeme

Re: How to Setup a Name Servers visible on Internet?

2011-06-22 Thread Stephane Bortzmeyer
On Tue, Jun 21, 2011 at 05:43:55PM +0200, Metropolitan College wrote a message of 38 lines which said: > clients are going to solve also the internal request in the case if > my internet connection I down? The question is not clear for me. You need: * an authoritative DNS service for the wh