2012/1/4 Mark Andrews :
>
> If you want named to be authoritative only set "recursion no;" or
> "allow-recursion { none; }" or "allow-query-cache { none; };" and
> no data will be returned from the cache. allow-recursion and
> allow-query-cache cross inherit from each other.
>
> If you only want m
Hello,
I learn network administration and like to configure my network to do:
workstation -> ns.intra.mydomain.com -> ns.mydomain.com
currently I have followin configs:
workstation:
--( /etc/resolv.conf )--
search intra.mydomain.com
nameserver
In message <4f03dddf.6070...@metropolitanstaff.co.za>, Eric Kom writes:
> Good morning all,
>
> its many days now that I observed the warning view message during the
> rndc reload process:
>
> Jan 4 07:01:09 ns1 named[920]: received control channel command 'reload'
> Jan 4 07:01:09 ns1 named[9
Good morning all,
its many days now that I observed the warning view message during the
rndc reload process:
Jan 4 07:01:09 ns1 named[920]: received control channel command 'reload'
Jan 4 07:01:09 ns1 named[920]: loading configuration from
'/etc/bind/named.conf'
Jan 4 07:01:09 ns1 named[920]:
If you want named to be authoritative only set "recursion no;" or
"allow-recursion { none; }" or "allow-query-cache { none; };" and
no data will be returned from the cache. allow-recursion and
allow-query-cache cross inherit from each other.
If you only want master zones to send notify messages
On 1/3/12 12:46 PM, "Kevin Darcy" wrote:
> Those server folks have strange ideas about name resolution. Strange
> enough that sometimes I don't even understand what the hell they are
> trying to accomplish.
In all fairness, lots of folks have strange ideas. We should start with
standards -- soft
On 1/2/2012 2:16 PM, Barry Margolin wrote:
In article,
Kevin Darcy wrote:
I agree with Matus. BIND should be as self-sufficient as possible, and
not make any assumptions about the capability of and/or the data it
expects to get from the system resolver
If the system resolver is good enough
There is a bug in Windows 2008 R2 which prevents correct registration to
BIND dns servers. See http://support.microsoft.com/kb/2002490 for the
hotfix to apply. Unfortunately, this hotfox still does not correct the
behavior. Windows 2008 R2 registers the record first. This record
is registe
2012/1/3 Chuck Swiger :
> On Jan 3, 2012, at 11:13 AM, Peter Andreev wrote:
>> Unfortunately as I learning BIND more, I understand that it is not
>> very suitable for my requirements.
>
> Which are? I've been trying to understand what the actual problem you are
> trying to solve might be.
I'm no
In article ,
Lyle Giese wrote:
> For instance, I want to attach to the server using VNC or SSH for
> maintanence. By default, they want to do do a reverse lookup of your ip
> address before allowing access. Now you wait for that query to time out
> before you can do your work. That's just
On Jan 3, 2012, at 11:13 AM, Peter Andreev wrote:
> Unfortunately as I learning BIND more, I understand that it is not
> very suitable for my requirements.
Which are? I've been trying to understand what the actual problem you are
trying to solve might be.
Regards,
--
-Chuck
__
2012/1/3 Lyle Giese :
> On 01/03/12 07:53, Peter Andreev wrote:
>>
>> 2012/1/2 Matus UHLAR - fantomas:
>>>
>>> On 21.12.11 19:21, Peter Andreev wrote:
>>
>>
>> I think that if server is authoritative - and - slave-only it should
>> use system resolver rather than querying by
2012/1/3 Matus UHLAR - fantomas :
>> 2012/1/2 Matus UHLAR - fantomas :
>>>
>>> I don't see your point now. I'm afraid that you will have to live with
>>> the
>>>
>>> fact that you can not disable sending queries from BIND when it needs
>>> them,
>>> you can only prevent it by configuring BIND (so i
According to syslog the DCs do update tons of records all the time... A, PTR,
SRV.
I didn't regulate them. Their IPs are allowed to do any updates.
---
Ing. Christian Melbinger
Netzwerk & Security
WienIT EDV Dienstleistungsgesellschaft mbH & Co KG
A-1030 Wien, Thomas-Klestil-Platz 6
tel: +43 (1)
>What A records map to those IP addresses listed (10.1.1.1, 10.2.2.2)?
only their own name, nothing more
>Are there any "same as zone" records that point to your DC IPs? (this is
>common if DNS is AD integrated)
yes
internal.wienit.at is a round robbin to all DC IPs
gc._msdcs.internal.wienit.at
On 01/03/12 07:53, Peter Andreev wrote:
2012/1/2 Matus UHLAR - fantomas:
On 21.12.11 19:21, Peter Andreev wrote:
I think that if server is authoritative - and - slave-only it should
use system resolver rather than querying by itself.
2012/1/2 Matus UHLAR - fantomas:
BIND will not use sys
2012/1/2 Matus UHLAR - fantomas :
I don't see your point now. I'm afraid that you will have to live with the
fact that you can not disable sending queries from BIND when it needs them,
you can only prevent it by configuring BIND (so it will not need them) or
firewall such packets so they will not
In article ,
Matus UHLAR - fantomas wrote:
> >> On Jan 2, 2012, at 2:16 PM, Barry Margolin wrote:
> >> > If the system resolver is good enough for every other application
> >> > running on the system, it should be good enough for BIND.
> >> >
> >> > Why not at least allow this as an option?
>
>
On Jan 2, 2012, at 2:16 PM, Barry Margolin wrote:
> If the system resolver is good enough for every other application
> running on the system, it should be good enough for BIND.
>
> Why not at least allow this as an option?
In article ,
Chuck Swiger wrote:
The system resolver will happily pro
2012/1/2 Matus UHLAR - fantomas :
> On 21.12.11 19:21, Peter Andreev wrote:
I think that if server is authoritative - and - slave-only it should
use system resolver rather than querying by itself.
>
>
>> 2012/1/2 Matus UHLAR - fantomas :
>>>
>>> BIND will not use system resolver.
The DC must not only be allow to update his A, (if applicable) and PTR
records, he must also be able to update his SRV and TXT records. Please add the
DC to the ACL for allow-updates on the zone that corresponds to the AD
Domain/Kerberos zone, and then confirm that it is working by restart
On Tue, Jan 3, 2012 at 4:00 AM, Melbinger Christian <
christian.melbin...@wienit.at> wrote:
> Hi
>
> ** **
>
> My company moved to a 2008R2 Domain Controller environment. Now I see the
> following message in the windows log:
>
> ** **
>
> *Title*: This domain controller must register its c
Hello
Thanks for your answer, but unfortunately that's not the case.
When I do a nslookup like "nslookup internal.wienit.at", I get back the IPs of
the DCs, speaking
Addresses: 10.4.4.4, 10.5.5.5
The error message
>The invalid IP addresses are 10.1.1.1; 10.2.2.2.
is pointing towards the dns-ser
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Christian,
On 1/3/12 11:00 AM, Melbinger Christian wrote:
>
> So this is presumably not a problem of the bind servers themselves,
> but still, does anyone have an idea how to get rid of the error
> messages?
>
> Anyone know the checkbox to uns
Hi
My company moved to a 2008R2 Domain Controller environment. Now I see the
following message in the windows log:
Title: This domain controller must register its correct IP addresses with the
DNS server
Severity: Error
Category: Configuration
Issue: The Domain Name System (DNS) host resource r
25 matches
Mail list logo
