Re: Problem resolving domain

gure something? I thought both nameservers should be questioned > and the first working result be used, or not? Not quite. It performs failover if the first nameserver doesn't respond. But if it gets a response, it uses the response, even if it reports an er

Re: Using different OS for Master and Slaves

ch could be solved with mixing: I suspect the pain he was referring to is not really DNS-specific, but just due to having to manage servers with different operating systems. This means using a more diverse set of management tools, different configuration syntax, etc. -- Barry Margolin Arlington, MA _

Re: CNAME as an alias to a TXT record

er. CNAME isn't type-specific. It simply makes one name an alias for another name. If the target name has a TXT record, then you'll get that when you look up TXT for the CNAME. -- Barry Margolin Arlington, MA ___ Please visit https://list

Re: Proper Way to Configure a Domain which never sends emails

;s a common assumption that mail is sent from a domain that can receive mail. Even email that says "Don't reply to this" usually comes from an account at a domain that can receive mail; they just ignore that mailbox. > > > > A common practice is to point the MX record t

Re: Proper Way to Configure a Domain which never sends emails

omain. Could anybody > help me with this? A common practice is to point the MX record to ".". -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing lis

Re: A policy for removing named.conf options.

27;m not sure how effective this will be. I suspect most people don't check the logs routinely, only when something goes wrong. Is it really much of a hassle to leave the obsolete options in the parser, but just ignore them? -- Barry Margolin Arlington, MA _

Re: BIND ignores queries from specific privileged source ports

se the well known source port of protocols that are > abuse prone: Why would the original source port be close to any of these low port numbers? Source ports should normally be ephemeral ports. -- Barry Margolin Arlington, MA ___ Please visit h

Re: Question about Delegation/forwarder

y question is, While I have the delegation is in place (even though it is > useless), is there a way to override Delegation (and possibly replace with > forwarders) ? Forwarders are only used when recursing. If recursion is disabled, forwarders are useless.

Re: Help: BIND _ Recursive query

in the case of "forward only", but what happens if > there are forwarders defined and both "recursion yes" (default) and > "forward first" (default) are specified? It's set for any type of forwarding, it doesn't matter whether it's "only

Re: Help: BIND _ Recursive query

ursive query. This is the normal way that host resolver libraries work, and it's what BIND does when you configure "forwarders". -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscr

Re: repeated 16 hour interval spike in authoritative PTR lookups

hings), then when you bumped it back up they all timed out the old records at about the same time, and ever since they've been refreshing at the same times. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/

Re: Reverse lookup for classless networks

he name. There's no way for it to know automatically that different "w" values are delegated to different servers. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from thi

Re: dig @ipv6-address

tried to "dig @" my domain, which failed as > I wrote. > > Why there were different IPs in the command and the output of my > first example .. I have no idea. I somehow mixed up my notices. > > Sorry again. The last : in the

Re: forwarder selection logic by bind9

antomas.sk/ > >> Warning: I wish NOT to receive e-mail advertising to this address. > >> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > >> They that can give up essential liberty to obtain a little temporary > >> safety deserve neither liberty n

Re: conflicting subdomain delegation

e test was done on a centos7). > > > > dig +trace follows the returned delegations. > > > > > Any ideas? > > > Thanks! > > > ___ > > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to >

Re: Rewrite/Override QTYPE with RPZ

In article , Tom wrote: > Hi all > Is there a way to override/rewrite QTYPE (ex. MX) with RPZ? If no, is > this planned in future releases of BIND? What would be the point? If a query is for MX, and you return A instead, the client won't be able to do anything with it. --

Re: Modifying data files while named is reloading

27;re moving within the same filesystem, this is an atomic rename operation. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.is

Re: Question about visibility

In article , Dennis Clarke wrote: > On 10/11/2018 03:21 PM, Leonardo Rodrigues wrote: > > Em 11/10/18 16:13, Barry Margolin escreveu: > >> > >> If you accidentally, or someone else intentionally, create a link to the > >> site that uses the IP and put it

Re: Question about visibility

If you accidentally, or someone else intentionally, create a link to the site that uses the IP and put it on a web page that Google can get to, it will probably find the page. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailma

Re: Issues configuring delegated subdomain zone

dominio.principal.hosting.com. > sb1 IN A xxx.xxx.xxx.52 > sb2 IN A xxx.xxx.xxx.53 > www IN A xxx.xxx.xxx.53 > mail IN A xxx.xxx.xxx.53 > webmail IN CNAME mail > * IN A xxx.xxx.xxx.53 Not related to the problem, but the comments at the top don't accurately describe this f

Re: SRV record not working

and unambiguous as dig's. When it reports errors, it can be difficult to tell specifically what the actual error was. One example I can think of is that for some reason it expects the nameserver to be able to reverse-resolve its own IP. If it can't, it reports this as an error, and y

Re: Queries regarding forwarders

.gtld-servers.net > IPv6 address = 2001:501:b1f9::30 > ttl = 163960 (1 day 21 hours 32 mins 40 secs) > -> d.gtld-servers.net > internet address = 192.31.80.30 > ttl = 77579 (21 hours 32 mins 59 secs) > > > Non-authoritative answer: > Name

Re: Stopping name server abuse

ters to block it. The domain registrar is the place to go, I expect most of them have standard procedures for exactly this problem. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe fr

Re: Stopping name server abuse

e load on multiple servers. NXDOMAIN responses are cached, it's one hit and then nothing for a while. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list b

Re: Stopping name server abuse

> different device. An upstream firewall might already be parsing it, so telling it not to pass some of them through could be relatively cheap. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users

Re: Stopping name server abuse

In article , jo...@hasig.de wrote: > hi, > why dont you just delete the zones? That won't stop the queries from coming to the server. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to

Re: Timeout and SERVFAIL

In article , Matus UHLAR - fantomas wrote: > Use longer expire times if you expect to experience this kind of problems > more often. Who EXPECTS to be down longer than a week? :) -- Barry Margolin Arlington, MA ___ Please visit

Re: Odd behavior on a secondary server

refreshes a zone, it updates the file's modification time. This is how it implements the expiration time, by comparing the current time with the file timestamp. It could keep the refresh time in memory, but that would be lost whenever named restarts. -- Barry Margolin Arlington, MA ___

Re: questions on allow-query

ue to get the obsolete version of this customer's domains. When I worked at an ISP a couple of decades ago, I wrote a script that periodically checked the delegations of all the domains we hosted, to make sure they still pointed to us. -- Barry Margolin Arlington, MA __

Re: Minimum TTL?

In article , Grant Taylor wrote: > On 02/09/2018 09:37 AM, Barry Margolin wrote: > > As long as you understand the implications of what you're doing? > > I don't think my level of understanding has any impact of my ability to > override what the zone publisher

Re: Minimum TTL?

"that's my problem, not yours", but we wouldn't consider that to be a reasonable way to run a network. IMHO you should at least be transparent about it, so your users know what they're in for. -- Barry Margolin Arlington, MA ___

Re: Minimum TTL?

Ls to implement load balancing and/or quick failover. If you extend the TTLs, your users may experience poor performance when they try to go to these sites using out-of-date cache entries. -- Barry Margolin Arlington, MA ___ Please visit https://lists.

Re: Minimum TTL?

ng when to try to refresh the cache, but will continue returning whatever they've cached if necessary. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing l

Re: Max slaves limit?

nt servers. FYI the root zone has 13 NS records. The NS records themselves fit, but not all the associated A and records that go into the Additional section. And if you're using DNSSEC, most responses don't fit in the traditional 500 byte UDP packet, an

Re: Max slaves limit?

void all slaves hammering the master at the same time, NOTIFY messages are staggered after a change is loaded. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users

Re: DNSSEC validation without current time

In article , "G.W. Haywood" wrote: > Hi there, > > On Fri, 15 Dec 2017, Petr Men??k wrote: > > > ... current time is not available or can be inaccurate. > > ntpdate? I think the issue is that he needs to resolve the hostname of the NTP server.

Re: Email & PTR Issues

#x27;d estimate the chances of either to be 0%. This kind of thing is generally only provided to business accounts. What's strange, though, is that they don't have some kind of generic reverse DNS for the address. Like my Comcast IP has reverse DNS that resolves to c-71-192-114-133.hs

Re: Differences Between Recursion Desired and Recursion Available

er? Cache is meant for performance improvement, but it shouldn't affect the semantics. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-u

Re: Differences Between Recursion Desired and Recursion Available

ta. If it has the answer, it sends that; otherwise, if it has referral data, it sends that. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind

Re: edns responses not sent by DNS Server

n is that there's no way for the client to know if the omitted answers are important. So it has to retry anyway. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users

Re: DNS forwarding

r example, google.com, I can access. > > I'm not finding the problem. Any idea? Is this server configured to be authoriative for your domain? Does it have delegation records for the subdomains? It won't follow forwarders if the query is in a zone it's configured to be authorit

Re: Difference between delegation and forward zone

tive for them, despite having forwarders configured. Forwarding is generally only useful on resolvers, not authoritative servers. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: Bind master keeps saying it is not authoritative

.orion.education.gouv.fr.db"; > > masters {172.29.16.135; }; > > }; > > zone "." IN { > > type hint; > > file "named.ca"; > > }; > > > > include "/etc/named.rfc1912.zones"; > > include &quo

Re: Redirect only second and third level domains

at doesn't have a delegation. So even if you could somehow limit the number of levels it processes, it still wouldn't do what you want. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to

Re: bind 9 goes rogue and revert zone information

al of 3017020401 (yes, I typo the 3 somewhere in the > past). > When it reverts its zone information, it goes back to 3016060101. It sounds to me like there's a cron job restoring the zone from a backup. -- Barry Margolin Arlington, MA __

Re: The DDOS attack on DYN & RRL ?

e on your own infrastructure. Another thing that makes it hard for many companies to diversify their DNS providers is that they make use of DNS-based load balancing and failure (e.g. Amazon's Route 54, Akamai's Global Traffic Management). These services can't easily update each ot

Re: The DDOS attack on DYN & RRL ?

sters, which would mean we'd have to update them independently (or write our own scripts that make use of each service's API). The customers of Dyn are in the same situation. Maybe last week's incident will prompt enough big customers to demand this that they'll change t

Re: The DDOS attack on DYN & RRL ?

a European server. While 4.2.2.1 and 8.8.8.8 are caching DNS, the same can be done with authoritative DNS, and that's what was attacked in the Dyn case (I'm not even sure if Dyn offers caching DNS). I heard that the impact of the attack was even narrower than just the US, it was

Re: view problem

exception vpn (but can use FQDN) > > any idea? If there are zones that both sets of clients should see, you have to duplicate them in both views. Overlapping views don't do this automatically. -- Barry Margolin Arlington, MA ___ Please v

Re: How to request ixfr updates against public ip directly instead of unicast ip in bind

n't get it. What do you mean by "unicast" and "public" IP? My guess was that he's doing Anycast DNS for his public IP, and the unicast address is the real address that the router forwards to. Or he's just confused

Re: How to request ixfr updates against public ip directly instead of unicast ip in bind

ve port opened slave to master with unicast ip and > we have port opened slave to master with public ip. > > Do we have any option checking for SOA value directly with public ip of > master instead of unicast ip. It uses whatever address is in the "master" statement in

Re: R: Minimal responses and speeding up queries

nt doesn't already have those records cached, it will need to make an additional query to get them. So instead of one query that returns everything the client needs, it needs to make two queries. -- Barry Margolin Arlington, MA ___ Pl

Re: adding second zone

LAN2 - 192.168.10.0/24 <---> DHCP only > LAN3 [...] > LAN4 [...] > > routing and NAT works between LAN1 and LAN2 > > so, firewall will assign dhcp lease inside LAN2 with BIND on LAN1 None of this has anything to do with BI

Re: adding zone forwards without restart

n a forwarding zone that's modified. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Need of caching on bind server

> [P.S: I was trying a web link yesterday, and i got into this issue, but I was > still able to open the cached web page link 2 days ago] Caching web pages has nothing to do with DNS caching. -- Barry Margolin Arlington, MA ___ Please vis

Re: Need of caching on bind server

der all the thousands of lookups for things like google.com, twitter.com, etc. that an ISP receives every second. If they didn't cache these responses, DNS traffic might rival YouTube (OK, that's an exaggeration). -- Barry Margolin Arlington, MA _

Re: Query on Bind Operations

an be used. The authoritative server doesn't have the records in cache, it's loaded permanently. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mail

Re: Selective forwarding from an internal only name server

point.com is not. > > - Kevin > > -Original Message- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Barry > Margolin > Sent: Wednesday, August 17, 2016 4:34 PM &

Re: Selective forwarding from an internal only name server

t.com. Having a CNAME record for the same name is wrong. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://

Re: weird transfer-source problems with one DNS node

In article , Ian Veach wrote: > So unless I'm crazy (possible, regardless)... named is reporting using 230, > but OS is showing 240 (and remote host logs confirm 240)!? Could something in iptables be transforming it at a lower level? -- Barry Margolin Ar

Re: Sending extra info in bind dns query packet

eads about sending additional information in the reply. This is about sending additional information in the request. I think the only acceptable way to do this would be via the EDNS0 extension mechanism. -- Barry Margolin Arlington, MA ___ Please visit

Re: Resolving issue on specific domain

ed to your server. If you don't use @localhost, the query goes to your normal resolver, which follows the delegations from the root, and they don't lead to your server. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/m

Re: Additional Section - TXT Format?

quest them separately. DNS is supposed to be a lightweight protocol, so it's inappropriate to return more data than is really needed. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: UDP Packet Hack

but I do not know how to configure the server. The default configuration of a DNS server should work for this. You only need to add extra configuration if your server will be authoritative for some domains, but your server just recurses (and adds extra data to the response). -- Barry Margol

Re: Forward record for WWW

or click on links from unknown senders or unexpected emails. > > > > > > On Thu, May 05, 2016 at 04:06:06PM +, Cuttler, Brian R. (HEALTH) > > wrote a message of 34 lines which said: > > > > > I configured the change for my external test server

Re: Multiple SERVFAIL/REFUSED unexpected RCODE

; broken delegations involved. > > REFUSED usually means that the server is not configured for the > zone. > > SERVFAIL usually means that the server is configured for the zone > but doesn't have a current copy. > > You could use whois to try to contact the administrators

Re: also-notify and nsupdate doesnt work

allow-notify"... The use case for also-notify is when you have slave servers that aren't in the NS records of the zone. Otherwise, those slaves won't update until the Refresh timer goes off. -- Barry Margolin Arlington, MA ___ Please visi

Re: Adding CNAME for the root domain issue

ted using "IP" as short for "IP address", or using "class A, B, C" to refer to /8, /6, and /24 prefixes, rather than the original address ranges. The context always makes it clear when root == apex. -- Barry Margolin Arlington, MA _

Re: Adding CNAME for the root domain issue

o point to a server that immediately sent an HTTP redirect to the subdomain, which could then be managed using the normal load balancing algorithms. That was 5 years ago, they may have since integrated the two services, so that when resolving the CNAME it hooks into the

Re: Adding CNAME for the root domain issue

ain.com to your own server. But do any domain registrars support that option? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.o

Re: bind service was down

In article , 鈴木健史‐大興 wrote: > Dear > > Thank you for Vin団ius Ferr黍's answer. > > I would like to know why it crashed. > > Would anyone tell me why it crashed Because it has a bug. -- Barry Margolin Arlington, MA

Re: Bind response to query's very small edns udp payload size

TC bit should not be set merely because some extra information could have been included, but there was insufficient room." https://tools.ietf.org/html/rfc2181#section-9 So if there are optional records that could be included in the Authority section, but they aren

Re: when i check resolver.log just now , i found some error info about AAAA ( ipv6)

any type other than the specific type they're programmed to balance. There's never been an excuse for it in the first place (how hard would it have been for them to return NOERROR?), so there's no reason to expect them to treat any differently from other types that they don't k

Re: Bind response to query's very small edns udp payload size

ion-6.2.3 So I expect BIND obeys this. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/list

Re: Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive

In article , Ron wrote: > Barry, > > On Sat, Mar 26, 2016 at 3:13 AM, Barry Margolin wrote: > > In article , > > John Wobus wrote: > > > >> On Mar 18, 2016, at 6:28 AM, Barry Margolin wrote: > >> > In article , > >> > Mark Andre

Re: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

In article , Dave Warren wrote: > On 2016-03-25 07:21, Barry Margolin wrote: > > In article , > > Dave Warren wrote: > > > >> I'm more interested in the impact from the perspective of an > >> authoritative server operator and in some respects site

Re: Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive

In article , John Wobus wrote: > On Mar 18, 2016, at 6:28 AM, Barry Margolin wrote: > > In article , > > Mark Andrews wrote: > > > >> How do you actually expect this to ever work in real life? > > > > I'm pretty sure Google DNS does this. Oth

Re: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

ts hit by a cache-size limit, but none of my > zones are really large enough to do A/B testing. IMHO, memory is so cheap these days that any server that has to eject cache entries because of memory limits means the server operator isn't really trying to do their job well. --

Re: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

study performed more recently. > > The internet was a very different place 15 years ago, in particular, > this was before every Windows client machine had it's own DNS cache > service and largely before today's connected mobile devices were a thing. But it was also befor

Re: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

o a query. It won't go back to the authoritative server until ALL the TXT records expire. During the period between the short TTL and the longest TTL, it will be as if the short-TTL records don't exist at all. -- Barry Margolin Arlington, MA _

Re: Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive

an unreasonable approach to fault tolerance. It would be reasonable to have a configured maximum lifetime for these expired records, so that caches wouldn't fill up with lots of detritus from abandoned domains. A day seems like long enough for the authoritative server oper

Re: Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive

d you'd like to have your central resolver take care of all the caching. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org

Re: Multiple A records and reverse DNS

I have two A records for our mail server and the reverse record matches > one of them, will that be good enough. Or will the fact that the other A > record does not match cause trouble. It should be OK. This is a fairly common situation for redundancy. -- Barry Marg

Re: A Zone Transfer Question

re probably irrelevant to how they're used by clients. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists

Re: A Zone Transfer Question

4.3.101 isn't in 10.4.1/24. The slave has to be allowed to query the master. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: A Zone Transfer Question

in an also-notify block. > > > > The 15-minute wait also sounds strange: NOTIFY happens as soon as the > > serial number of the master zone is incremented and the zone is > > reloaded. Also, a slave NS will automatically check its master for > > updates after the refresh interval (1st number after the serial) > > specified in the SOA record. If you have that set to 15 minutes (900 > > seconds), then yes--the slave would check its master for updates, but > > it's the _slave_ reaching out to the _master_ in that case. Likewise, > > slaves will reach out to their master NS when their zones are > > reloaded. > > > > I'm not going to worry about the DHCP dynamic updates piece yet - make > > sure your master and slave are set up properly before introducing > > dynamic updates to the mix. > > > > John -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: How to check slave zone freshness

you how long it has been since it last refreshed. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Resolver optimization of auth selection - Truth or Myth?

high latency, it will lose preference again, and it will go back to the low-latency servers. But if it has gotten better, it will continue to be used. Network distance is not the only reason for high latency, sometimes it can be because of heavy load on the server, or a congested network link, or

Re: Writeable file already in use

at if the physical device was stolen, > all of their zone data didn't follow it out the door. The in-memory copy is likely to end up in the swap partition. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman

Re: Query on ignoring additional section returned in replies

In article , Reindl Harald wrote: > Am 18.11.2015 um 16:47 schrieb Barry Margolin: > > In article , > > Reindl Harald wrote: > > > >> when a result looks like below it needs to be fixed and "Are there any > >> BIND specific workarounds?" is th

Re: Query on ignoring additional section returned in replies

lots of broken DNS configurations out there, but their users don't want to hear that it's someone else's fault. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from t

Re: root hints operation

hat suggests that you understood that the built-in list is used in place of the file if no file is provided. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bi

Re: Why two lookups for a CNAME?

es like this if you look up servers hosted by the Akamai CDN, because the CNAME points from the original domain to one of Akamai's domains. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsu

Re: SRV Request to DNS

e to put :port# in URLs if the domain uses an alternate port. It would make things easier when you have servers for multiple domains behind a NAT router with a single public address. But AFAIK there's been no movement to require browsers to use SRV for this. -- Barry Margolin Arlington, MA ___

Re: Multiple queries for same host

"0.0.127.in-addr.arpa" { > type master; > file "masters/db.127.0.0"; > allow-update { none; }; > allow-transfer { any; }; > }; > > zone "0/27.1.168.192.in-addr.arpa" { > type master; > file "masters/db.1.168.192"; > allow-query { any; }; > allow-transfer { trusted; }; > }; > > zone "mydomain.com" { > type master; > file "masters/db.mydomain.com"; > allow-query { any; }; > allow-transfer { trusted; }; > }; -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND and RFC4074

GELOG and to Google it, > but without any luck. I'm pretty sure BIND has *always* worked correctly in this regard. The failures have generally come from standalone devices with minimal DNS implementations, often DNS-based load balancers. -- Barry Margolin Arlington, MA ___

Re: DNS Negative Caching

says that $TTL is required. I don't even see a SHOULD, let alone a MUST. Is there a later RFC that adds this requirement? If not, then a zone file without $TTL is legal. And for backward compatibility, it should continue to use the SOA Minimum field as the defa

Re: DNS Negative Caching

fy some other default TTL if there's no $TTL directive? If not, the software needs to do something, and using the old method for compatibility is as good anything else (on the assumption that anyone who didn't put $TTL in the file was depending on this use of the SOA record).

Re: DNS Negative Caching

hat use of the Minimum field went away when it was changed to be the negative cache TTL. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: response case in-sensitivity?

mix of case, and check that the response matches, to protect against spoofed responses. https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs

  1   2   3   4   5   6   >