bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Bill Christensen
http://SustainableSources.com
http://LinkedIn.com/in/billc108
___
Please visit https://lists.isc.org/mailman/listinfo/bind-us
Thanks for the suggestion. My intention for now is to trial on a laptop as
that give me the maximum flexibility for testing.
/bill
On Thursday 05 November 2015 17:44, Mark Andrews wrote:
> In message <201511051124.03206.boobe...@rogers.com>, Bill writes:
> > Yes, to do a full
Yes, to do a full implementation usable in an enterprise you are correct, but
what I am looking for is a small demo with only 10 machines or so. I believe
your comment about IPv5 is correct too, but I am limited for this trial.
/bill
On Wednesday 04 November 2015 15:30, Mark Andrews wrote
named device had initiated the connection from inside that NAT. My
last post explains the use case a bit better, I hope.
/bill
On Monday 02 November 2015 21:48, Dave Warren wrote:
> On 2015-11-02 15:03, Carl Byington wrote:
> And? NAT != firewall. Your firewall would still need to be configu
, but that is my idea. I
appreciate the comments I am receiving here, thanks.
/bill
On Monday 02 November 2015 18:03, Carl Byington wrote:
> On Fri, 2015-10-30 at 12:38 -0400, Bill wrote:
> > What I would like to do to have the ability to query a DNS server
> > located behind a NAT, and
, so I might be dreaming.
/bill
On Sunday 01 November 2015 07:13, Reindl Harald wrote:
> the DNS-ALG can't be handeled on the nameserver itself, it does not know
> anything about the NAT, the device doing the NAT knows
>
> hence the implementation is typically on the edge router
>
&g
Yes, I am also looking a tools to update DNS when IP address changes.
/bill
On Saturday 24 October 2015 17:35, Mark Andrews wrote:
> Get yourself IPv6 and forget about the NAT. Complain to your ISP
> if they don't supply IPv6. They should be able to as they have had
> two deca
n't anything to
help, then I will have to look into implementing my own reversible NAT, using
IPtables, NAT, connection tracking and whatever else I find useful.
/bill
On Saturday 24 October 2015 17:06, Reindl Harald wrote:
> you *really* do not want that
>
> have been punishe
on (source, protocol, etc).
I'd like to know of anyone has looked at this, is implementing it, or knows of
any implementations. I have looked into it but have only seen enterprise
implementations (Cisco & Juniper), but nothing open-source.
/bill
_
5 sec TTL, with a lot of load balancer based rules. on a lot of servers…..
On Nov 7, 2014, at 1:31 PM, Chris Buxton wrote:
> On Nov 7, 2014, at 1:29 PM, Nex6|Bill wrote:
>>
>> our parent org, owns the parent zone, and this zone is delegated from there
>> to a load b
> - Kevin
>
> -Original Message-
> From: bind-users-boun...@lists.isc.org
> [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Nex6|Bill
> Sent: Friday, November 07, 2014 3:05 PM
> To: Barry Margolin
> Cc: comp-protoc
ex6|Bill wrote:
>>
>> I am going to be adding a type forward zone for an important zone. how can
>> i test that the forward is working correctly? if i do a dig against the NS
>> the record will return no matter if its auth or fwd zone.
>
> Will your server be
My name server is not authoritative for it. but i want to verify once the
forward is in place the query is following the
forward and not the authoritative path.
On Nov 7, 2014, at 11:46 AM, Barry Margolin wrote:
> In article ,
> Nex6|Bill wrote:
>
>> I am going to be adding
I am going to be adding a type forward zone for an important zone. how can i
test that the forward is working correctly? if i do a dig against the NS the
record will return no matter if its auth or fwd zone.
-Nex6
signature.asc
Description: Message signed with OpenPGP using GPGMail
_
ers, I'd
>appreciate it.
Bill,
It looks good now.
Starting Nmap 5.51 ( http://nmap.org ) at 2014-10-01 12:47 MST
Nmap scan report for www3.greenbuilder.com (205.238.182.102)
Host is up (0.087s latency).
PORT STATE SERVICE
53/tcp open domain
53/
ries. Do you see the queries
come in to the box, either via packet dump or query logs?
-Rich
On Sep 30, 2014, at 5:30 PM, Bill Christensen
mailto:billc_li...@greenbuilder.com>>
wrote:
On 9/30/14, 4:15 PM, Charles Swiger wrote:
Hi--
On Sep 30, 2014, at 1:59 PM, Bill Christensen
ma
On 9/30/14, 4:15 PM, Charles Swiger wrote:
Hi--
On Sep 30, 2014, at 1:59 PM, Bill Christensen
mailto:billc_li...@greenbuilder.com>>
wrote:
Fair enough.
<http://localhost:10800/bind8/edit_master.cgi?zone=Africabound.org>Africabound.org
<http://Africabound.org>
Sustainab
not under my control, and I'm moving clients off it.)
Thanks.
On 9/30/14, 2:40 PM, Doug Barton wrote:
On 9/30/14 12:18 PM, Bill Christensen wrote:
Ok, since I theoretically have the allow-query correct I need to move on
to what else may be wrong.
When I test with http://www.intodns.com/
lf and directly connected networks
no, that is the default for allow_recursion (and allow_query_cache).
the default for allow_query is all.
On Sep 29, 2014 8:03 PM, "Bill Christensen"
wrote:
Allow-query is commented out, which I assume will allow anyone to query
this server for the
fraff to a minimum?
Thanks.
On 9/29/14, 7:58 PM, Ben Croswell wrote:
The default for allow query is local host local nets. Basically the
server itself and directly connected networks
On Sep 29, 2014 8:03 PM, "Bill Christensen"
mailto:billc_li...@greenbuilder.com>>
Hi folks,
Something got sideways on one of my DNS servers, and I would appreciate
some help in figuring out what's going on.
I'm running BIND 9.10.1. This server is authoritative master for a
number of domains.
First off, I may have the allow-query set incorrectly. Currently I have:
acl
On 8/15/14 9:42 AM, /dev/rob0 wrote:
On Fri, Aug 15, 2014 at 10:14:09AM -0400, Thomas Schulz wrote:
I wrote:
On Thu, Aug 14, 2014 at 02:26:54PM -0500, Bill Christensen wrote:
It looks like my root pointers are horribly out of date. Seems
to me this is something which should automatically
Hi all,
I'm seeing some root server errors on startup:
14-Aug-2014 13:14:08.142 info: host unreachable resolving
'd.gtld-servers.net//IN': 2001:503:ba3e::2:30#53
14-Aug-2014 13:14:08.215 info: host unreachable resolving
'b.gtld-servers.net/A/IN': 2001:503:231d::2:30#53
14-Aug-2014 13:14:08
, I am still not sure of the point of a stub zone, where you point to a
different NS? than the authoritative NS for that zone? unless your changing the
records
which is all bad
On Monday, June 2, 2014 2:18 PM, John Miller wrote:
>
>
>Not quite, Bill. You point the
recently, a question came up about "stub" zones came up and what they are and
are they part of the DNS standards or are they a good idea. i said, they are
evil and should not be used if you can avoid it. they way I understand them is
the are when you create local zones for zones you are NOT aut
MX records for decades-old dead hostnames
pointing to loopback, because the only queries for those names are from
spammers and I'd very much like them to waste their time. But that's about the
only reason I can think of to use it. . .
Bill.
__
On Tue, Jan 07, 2014 at 04:34:27PM +, Eric Davis wrote:
> Duh...silly mistake...I did a DIG on the NS record..Once the DS record is
> removed DNS queries should work fine right? Thanks Bill.
Once the DS record is removed from the .edu zone, queriers won't expect your
zone to be
eller.edu.86400 IN RRSIG DS 8 2 86400 20140113054536
20140106043536 20750 edu.
0XmRgd7FPG56t7etP2dK0W9gvVVm5oJlaCXufHlWnLsPWwNcAGIEQBCp
RxBicOFdPgmxvm1VV+IXq7W2qEKiFOchCgfqm9ugqQ7/DOR0DJW1edgI
ZqUVLfMgp/VT1+6EXU+wGiR7D2rZs1xvyu82cMQCkBseiKVAJv2F35LK M
or ic.fbi.gov with
checking disabled but also request DNSSEC records, you'll get it. If you ask
with checking enabled, you won't, because it can't be validated. This seems to
be true for the whole fbi.gov zone, at least the records I checked. So any
query to fbi.gov that retu
> would I be saving sharing the KSK?
>
> I'm sure there are plenty of other good reasons not to do this...
> Enlighten me!
Don't know about reasons for or against, but Binero AB, a big provider in
Sweden, signs thousands of their customers' zo
have any ideas what resource is
>temporarily unavailable.
/dev/random - VMs, with no keyboard or mouse, don't accumulate enough entropy
to keep /dev/random full. Installing haveged would probably help; or consider
generating keys on a machine with a decent amount of entropy
s the content of the zone checked before checking the subzone?
I'm not sure what you mean by 'checked'; it isn't verified in any way, but in
the normal progression there would be a query for 'titi.toto.be' at the
authoritative server for 'toto.
ain of trust
from the parent to the child. Assuming that you'll someday want to sign
toto.be, you should put the parent NS records in place now.
Bill.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
WACS09_Erra-Grenier_How-to-compute-RSA-keys.pdf
However, I don't understand the math, so I can't say whether any of the advice
is reasonable :(
Bill.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this lis
.edu was what led me
to look at the zkt tool, which hardcodes the -e flag.
As Miek discovered, the hard way, .us also uses 2^32+1; my list didn't include
TLDs so there may be others. I'll do another run over lunch today. . .
Bill.
___
Please
10 .@
This certainly looks (to my inexpert eyes) like an explicit choice on the part
of the BIND authors.
Bill.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-us
}
Note - I have no opinion on whether this is good, bad, or merely ugly since I
don't write crypto code and don't understand enough about RSA to be able to
form an opinion. But that's what BIND does, as of the current version.
Bill.
___
rewriting
and RPZ, as of 9.9.0 (the RPZ behavior changed during the 9.9.0 development
process).
Bill.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
sh the given name from the server's cache(s)
flushtree name [view]
Flush all names under the given name from the server's cache(s)
Bill.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
b
e many other reasons to
avoid using them) and I've heard good things about GKG.
Bill.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
s.org. 86400 IN A75.119.216.33
;; Query time: 154 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Feb 12 19:23:11 2012
;; MSG SIZE rcvd: 77
Still, I think it's a good sign. . .
Bill.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
hould be especially important for them to have the USPTO be able to reach
their website, email, etc. so I'd think they would want to follow up on this
quite vigorously. . .
Incidentally their phone numbers are 970-468-8600 and 303-252-8800, since yo
On Fri, Feb 03, 2012 at 02:12:43PM +, Florian Weimer wrote:
> * Bill Owens:
>
> > On Fri, Feb 03, 2012 at 01:55:12PM +, Florian Weimer wrote:
> >> These nameservers:
> >>
> >> dns2.oppedahl.com. 172800 IN A 208.109.255.50
> &g
eyqSnfby76c5fHjH3THH56wF6vhEETl0bTsgr
+5LKogEGMzHbD2oWyrxe/eJH2lthp5FDCoh9z8rDXqdbjxOvsdp7qRSF
WTHy/CVTX1OtuAKhu8qEDooD6jjEOqv16eKNNAD02cwUNjKb7a07kaPj
jcBqPrUaPeKI/0NBuW/XuEWKalvX3p+OmUhzFEQDm6WT7RHUF1OqX9jI CtDzZw==
;; Query time: 100 msec
;; SERVER: 216.69.185.50#53(216.69.185.50)
;; WHEN: Fri Feb 3 09:06
x27;t changed since last November. I wouldn't think that BIND 9.7.4 would
>have any issues with that. It might be worth looking at your logs, assuming
>you log DNSSEC errors (and if you don't, it's a good idea to start ;)
Bill.
___
d
suggest is looking to make sure you don't have a tunnel interface for 6to4; I
don't think that would be enabled by default, though.
Bill.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
come with a
packet capture program either. . .
Bill.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ervers on one PC (PowerMac G4 400 Mhz :) ), without virtual machines.
So would I, but the only way I know of to do this is through some form of VM.
I've seen a very nice setup using KVM and that's what I'm playing with so far,
though it's a spare time effort a
On Wed, Nov 16, 2011 at 07:59:10AM -0600, b...@namor.ca wrote:
> On Wed, 16 Nov 2011, Bill Owens wrote:
> >This behavior makes me bet that the trigger is a name in an incoming
> >email message, being resolved by an anti-spam filter.
>
> We had the same thing ha
an email
message would be A Bad Thing, even if one is emailing it to ISC as they've
suggested. Perhaps *especially* in that case, unless they've taken care to have
one production recursor running Unbound ;)
Bill (who is downloading Unbound right now)
___
in multiple languages. The remainder of the
strings are reserved only in the form included above.
I suppose any of those could be used. I like .invalid, personally ;)
Bill.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri
and names within
this domain are meaningful only on the link where they originate.
At the same time it also specifies that .local can only be used with mDNS, so
it isn't really suitable for this use. . .
Bill.
___
Please visit https://list
nd some
pain; IPv6 more of both and for less obvious return (though it truly does have
some significant advantages). DNSSEC - once it is sufficiently deployed - will
make some very cool things possible, well beyond the basic, but very important
addition of end-to-end DNS integrity. Have a
swered until the zone is created and configured in named.conf, though I
suppose that creating the zone first is slightly more correct.
Bill.
(* note that I didn't say if you install DNSSEC, since I believe it will be
inevitable ;)
___
Please vis
K that's always been the case; RFC1034 references it:
"As the last installation step, the delegation NS RRs and glue RRs necessary to
make the delegation effective should be added to the parent zone."
Bill.
___
Please visit https://lists
out DNSSEC until we can get a resolution of the issue.
Incidentally, you haven't - you're still serving a signed zone for nau.edu and
extended.nau.edu, which causes the problems noted in the other responses to
your original note. I think you could fix it very quickly though, by adding the
ing with +cd gives NXDOMAIN. Do you have validation
enabled as well?
Bill.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mail
TXT
RRSIG NSEC DNSKEY TYPE65534
No records, so no delegation, so nowhere to go to get the A record (which is
actually configured).
As for BIND automatically populating DS records, I don't even know whether
that's a feature. Is it in the docs? I don't remember seeing it, but it's a
r is doing likewise.
That means I can opt out of NXDOMAIN substitution either by running a local
client (forwarder, stub or application) that sets DO=1, and on the other side
can opt out by signing my zone. We hope that someday everyone will do
't need to enable it,
and DNSSEC provides an effective defense against those who would enable it* but
it still leaves me curious.
*except that perhaps those who enable this feature will use it as an excuse to
avoid enabling validation, which would be a
is running on port 53. If there are any
results, the second column is the process number, and you can do "ps wwx
" to see what it is.
Bill.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-us
On Mon, Jul 11, 2011 at 04:06:42PM -0400, Bill Owens wrote:
> On Mon, Jul 11, 2011 at 02:11:57PM -0400, Jonathan Kamens wrote:
> > The number of DNS queries required for each address lookup requested by
> > a client has gone up considerably because of IPV6. The problem is being
l error in name resolution.
fpdns says that Dell's servers are BIND, wonder if that's accurate, and if so,
how ancient a release, to have this bug?
Bill.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
f
On Mon, Jul 11, 2011 at 04:25:59PM -0400, Jonathan Kamens wrote:
> On 7/11/2011 4:06 PM, Bill Owens wrote:
> >https://lists.isc.org/pipermail/bind-users/2011-March/083109.html
> > in which the first sentence says it all: "The nameservers for
> > wikipedia.org ar
tps://lists.isc.org/pipermail/bind-users/2011-March/083113.html
"It's PowerDNS 2.9.22 that is breaking this, and it will be fixed by
PowerDNS 3.0 once that's released, and we get around to deploying it."
Looks like PowerDNS was in RC2 as of April 19, not released yet. . .
exit 1
;;
esac
exit 0
Wow, this does a lot of stuff, everything but putting out the cat at
night! So much that it makes me a little leery of it. I like to know
exactly what is occurring when running something, but this is a
difference in administration styles.
This is the Debian su
gning MX records be the "correct" result also? There are too many
possibilities to allow solving everyone's needs. This is something
that needs to be done by the DNS administrator who understands the
needs of the zone. (At least in my very humble opinion).
Bill Larson
__
"proof of
concept" but it does not make sense for any production system.
Bill Larson___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
bout it.
If you do implement your MySQL solution, please, please, please, keep
us informed about how it works for you. We would like to know more
and are always willing to look at new technologies but aren't too
accepting of hand waving.
Bill Larson
Riccardo
On 2/12/11 11:33 PM,
ilding BIND was "./configure --
with-openssl=/usr/local/ssl". Note that I explicitly specified the
path for OpenSSL to avoid using the Apple supplied version of OpenSSL.
Bill Larson
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ne else?
Questions 2 and 4 are simply reiterations of questions that others have
already posed to you. The others are mine.
We would like to help and your assistance is critical.
Bill Larson
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
\
On Thu, Nov 25, 2010 at 2:50 AM, Matus UHLAR - fantomas
wrote:
> On 25.11.10 10:10, Tech W. wrote:
> > We have a zone in Bind, for example, abc.com
> > We designate a subzone of it to another dns server, for eaxmple, F5's
> 3DNS.
> >
> > The corresponding RR in Bind is:
> >
> > games.abc.com. I
I host a re-direct for the local soccer organization
The "real" owner (non-technical) let the domain lapse, and I recommended
the registrar I use (that automatically provides secondary DNS services) -
but they didn't use them.
Now they can NOT get to the site - am I configured wrong? -- or --
Hi,
I am just now playing with IPv6 and wondering about how to make an IPv6
record resolve to the same website as the IPv4 A record. Probably a simple
thing but how?
Thanks,
Bill
___
bind-users mailing list
bind-users@lists.isc.org
https
another example:
dig +short rs.dns-oarc.net txt
rst.x3827.rs.dns-oarc.net.
rst.x3837.x3827.rs.dns-oarc.net.
rst.x3843.x3837.x3827.rs.dns-oarc.net.
"Tested at 2010-06-22 17:11:44 UTC"
"169.199.1.1 sent EDNS buffer size 4096"
"169.199.1.1 DNS reply size limit is at least 3843"
--- On Tue, 6/22/10,
ic based upon the source IP address at your router rather than
trying to control this at the application level. But, if you don't have the
ability to do this at the router, then as a simple option it can be done at
the application level.
Bill Larson
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
. For a good example of this (and many
other things), see the Secure BIND Template at http://www.cymru.com/Documents/secure-bind-template.html
.
Bill Larson
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo
't get there from here".
Then again, I've never been sure what the original requester was asking
for. If he didn't want to give an answer out to someone on a particular
network, then the "blackhole" option would seem to be a perfect solution in
the first place.
Thanks for your help on this list,
Bill Larson
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
rmation in a
format that would appear to be legitimate. Why "trust" these version.bind
queries in the first place? Use the simple solution of asking the
administrators. A simple question deserves a simple solution.
Bill Larson
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
;impossible" and can be eliminated. This leaves the other two
possibilities, no matter how improbable. This does NOT make both, or
either, of these possibilities "the truth".
> On Mon, Nov 2, 2009 at 10:33 AM, Bill Larson wrote:
>
> > Josh Luthman said:
> >
>
hat would help.
Well, when you are querying this "firstserver" (whatever that is - giving us
a fully qualified domain name would be helpful), it times out. The DNS
server on this "firstserver" isn't answering the query.
"Not sure what else I can provide that would
e 192.168.2.0
network still wouldn't be able to update because they did not get their
address from the DHCP server on the 192.168.1.0 network.
Bill Larson
Nicholas F Miller said:
> I take it this is not possible using update-policy?
> _
/usr/lib.
Or, start named with the "-t" option and specify the path to your chroot
environment and you won't have this problem either. "named" can create
it's own chroot environment without you having to build it yourself.
Bill Larson
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
other root servers. Anyone know if there are other stats
> available?
This information is nice but not critical to the operation of a DNS server.
There are also papers available discussing improperly configured DNS servers
and improper DNS queries and their impact on the root servers. A
ings are bad?" (I suspect that this cam from "System
Performance Tuning" by Mike Loukides, O'Reilly & Assc. My copy is quite old
but still useful.) Know how your system is performing BEFORE there is a
problem.
Bill Larson
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Aug 10, 2009, at 10:06 PM, Nelson Serafica wrote:
Thanks Mark! it works. I change my query source to one of the entry
below and it works.
Maybe a strange question. Why did you have a query source statement
in your configuration in the first place?
Bill Larson
Mark Andrews wrote
and managing a
firewall. This firewall router will simply not forward any traffic to
the hosts that you have "blacklisted". A much simpler solution to
manage. There are many pre-packaged systems that provide this type of
capability.
Bill Larson
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Apr 7, 2009, at 9:43 AM, Chandan Laskar wrote:
Hi,
We have deployed DNS on RHEL 5 Update 1. Below are feature of our
DNS.
1. Implemented OS Security Best Practice ( e.g. Enable MD5 and
shadow passwords, Root Login Console Restricted, Configure SSH as an
alternative of Telnet e.t.c.).
Stephen Ward wrote:
> On Sun, 08 Mar 2009 21:28:55 -0500, Frank Bulk wrote:
>
>> There are other DNS servers that do a better job for RBLs.
>>
>> Frank
>
> I'm listening.
Take a look at rbldnsd:
http://w
run SpamAssassin, rsync, http, ftp, smtp,
imap on this server as well, and this is the only hostname I have found
that I cannot resolve myself.
Why can my ISP, Comcast, resolve the host name but I can't? Any
explanation would be greatly appreciated, and any suggestion on how to
resolve this without using forwarders would be nice too.
Thanks!
Bill
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Exactly what operating system are you running under?
I have seen these types of problems with MacOS X and have described on
the BIND-USERS list as to how to get around this issue. If you are
running MacOS X, then I have an answer, but without knowing what you
are running ...
Bill Larson
ve, what I am questioning is having 50 million DNS resource
records on any DNS system. Is DNS an appropriate "database" for
storing 50 million records?
Bill Larson
-david
Andrew Ferk wrote:
What are the backend database options available? Is bind-sdb active
developed and is it pr
tion of the basic system,
simply increase complexity with the inherent decrease in security that makes
this type of addition a drawback.
Please, keep BIND as simple as possible (but not simpler). Leave additional
capabilities to separate tools such as "dnscap".
My two cents,
, so it appears that the question is what is happening on
your secondary.
Bill Larson
On Nov 16, 2008, at 2:44 PM, Jeff Justice wrote:
Well, first part solved. I forgot to change the IP address of our
nameserver at the registrar. Secondary is still not updating though.
Jeff J.
On Nov 16
94 matches
Mail list logo
