Hi All
I am running a bind 9.9.4-50 resolver on CentOS 7 (kernel
3.10.0-514.26.2.el7.x86_64). I have enabled dnssec and made it into a
validating resolver but I am facing issues with some sites that use CNAME and
getting SERVFAIL. Configs are pretty simple as given below:
**configs
options {
On 08/23/2017 08:26 PM, John Levine wrote:
> Only if you want your mail to mysteriously disappear. There are a lot
> of perfectly legitimate ways to send and route mail that SPF cannot
> describe. Unless your name is Paypal or you are otherwise a giant
> phish target, -all is not want you want.
On 08/23/2017 07:50 PM, Reindl Harald wrote:
> which means again: additional dns lookups while ip-adresses and ranges
> are done with a single lookup
Yes, it does mean additional lookups, which there are a finite number of.
> besides it's not true because SPF has nothing to do with PTR and they
>
This has nothing to do with BIND, but anyway.
In article you write:
>I would personally try to use -all for new domains from the word go.
Only if you want your mail to mysteriously disappear. There are a lot
of perfectly legitimate ways to send and route mail that SPF cannot
describe. Unless y
Am 24.08.2017 um 03:31 schrieb bind-us...@gtaylor.tnetconsulting.net:
On 08/23/2017 05:47 PM, Reindl Harald wrote:
arrakis.thelounge.net. 86399 IN SPF "v=spf1 a
ip4:91.118.73.0/24 ip4:95.129.202.170 -all"
prometheus.thelounge.net. 86399 IN SPF "v=spf1 a
ip4:91.118.73.0/
On 08/23/2017 07:31 PM, bind-us...@gtaylor.tnetconsulting.net wrote:
I think that it may be possible for someone to publish a PTR record in
their IP space that reverse resolves to a name of one of your MX
servers. There by allowing their bogus server to send email as you.
It is conceptually p
On 08/23/2017 05:47 PM, Reindl Harald wrote:
arrakis.thelounge.net. 86399 IN SPF "v=spf1 a
ip4:91.118.73.0/24 ip4:95.129.202.170 -all"
prometheus.thelounge.net. 86399 IN SPF "v=spf1 a
ip4:91.118.73.0/24 ip4:95.129.202.170 -all"
otherwise only @example.com *itself* is pro
Am 23.08.2017 um 22:59 schrieb Tom Browder:
On Wed, Aug 23, 2017 at 2:28 PM, Tom Browder wrote:
...
I have a single remote server with one IP address (142.54.186.2) I am using
it to host multiple, independent domains. I am working on configuring a
single postfix instance to serve mail for al
Am 23.08.2017 um 21:58 schrieb John Miller:
Finally, be _very_ careful about using the SPF qualifier "-all" to
start out with. What you're saying there is that the only server
authorized to _send_ mail for X.TLD is the one listed in the MX.
Unless people are always logging directly into the mai
On Wed, Aug 23, 2017 at 17:32 Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:
...
> I would encourage you to contemplate adding DNSSEC support. DNSSEC will
> enable multiple other options down the road.
I plan to do all that, including running my own nameservers with bind. But
th
On Wed, Aug 23, 2017 at 17:25 Alan Clegg wrote:
> Now you broke the A record. Get rid of the trailing dot.
>
Done.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@li
On 08/23/2017 01:28 PM, Tom Browder wrote:
Given such a configuration described in the first paragraph, does the
following set of DNS records for a domain look look appropriate:
# For each domain X.TLD:
X.TLD. INA 142.54.186.2.
*.X.TLD.IN CNAME X.TLD.
X.TLD.
On 08/23/2017 02:59 PM, Tom Browder wrote:
Based on all the comments, I've modified the OP list to this:
# For each domain X.TLD:
X.TLD. IN A 142.54.186.2.
*.X.TLD.IN CNAME X.TLD.
X.TLD. IN MX10 X.TLD.
X.TLD. IN TXT "v=spf1 mx ?a
On 08/23/2017 01:58 PM, John Miller wrote:
Finally, be _very_ careful about using the SPF qualifier "-all" to
start out with. What you're saying there is that the only server
authorized to _send_ mail for X.TLD is the one listed in the MX.
Unless people are always logging directly into the mail
In article you write:
>> X.TLD IN MX 10 mail.example.com.
>>
>> is perfectly valid, and quite common for people who don't host their own
>> e-mail.
>
>Okay, but for now each domain will have its one mail server.
If you have one host with one IP, I hope you have one mail server
since only o
On Wed, Aug 23, 2017 at 2:28 PM, Tom Browder wrote:
...
> I have a single remote server with one IP address (142.54.186.2) I am using
> it to host multiple, independent domains. I am working on configuring a
> single postfix instance to serve mail for all domains (assuming I can
> successfully re
On Wed, Aug 23, 2017 at 2:58 PM, John Miller wrote:
> Hi Tom,
>
> You'll want to change your MX records to point to the name, rather
> than the IP, of your mail server. Note that your MX target does _not_
> have to be in the same domain as the one it's serving mail for. For
> example:
>
> X.TLD
On Wed, Aug 23, 2017 at 2:54 PM, Alan Clegg wrote:
> MX record needs a name and not an IP address. Beyond that, seems fine.
Thanks, Alan.
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-user
On Wed, Aug 23, 2017 at 3:01 PM, wrote:
> MX records cannot point to an IP address. try this:
>
> x.tld MX 10 x.tld.
Thanks, William!
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
On Wed, Aug 23, 2017 at 14:54 McDonald, Daniel (Dan)
wrote:
>
> I don’t believe you can use an IP address in an MX record. You should use
> X.TLD instead, or more likely whatever the main address of the server is
> (whatever the reverse address resolves to)'
...
> You don’t have an SOA record,
MX records cannot point to an IP address. try this:
x.tld MX 10 x.tld.
--
William Brown
Messaging Team
Technology Services, WNYRIC, Erie 1 BOCES
(716) 821-7285
"bind-users" wrote on 08/23/2017
03:28:12 PM:
> From: Tom Browder
> To: bind-users@lists.isc.org
> Date: 08/23/2017 03:
Hi Tom,
You'll want to change your MX records to point to the name, rather
than the IP, of your mail server. Note that your MX target does _not_
have to be in the same domain as the one it's serving mail for. For
example:
X.TLD IN MX 10 mail.example.com.
is perfectly valid, and quite com
I have a single remote server with one IP address (142.54.186.2) I am using
it to host multiple, independent domains. I am working on configuring a
single postfix instance to serve mail for all domains (assuming I can
successfully rewrite appropriate parts of mail in and out).
>From referring to
23 matches
Mail list logo
