.
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https
Its glb in the name.
On further inspection this is DNS that's on the frontend of Azure.
(probably Microsoft based.)
Good luck!
On Wed, Apr 16, 2025 at 10:05 AM Bob McDonald wrote:
> FORMER doesn't mean the environment being queried is necessarily broken.
> Queries sent to t
ement on their end that will resolve the issue. They might even reveal
their architecture and software vendor/version.
HTH,
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscrip
Maybe I'm not understanding all the nuances of the stated goal but doesn't
RPZ handle this?
Bob
Sent from my Google Pixel 8a phone.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with pa
;
> > On 5 Jan 2025, at 07:21, f...@www.zefox.net wrote:
> >
> > I'm setting up a new, non-recursive, authoritative secondary
> > nameserver using FreeBSD 12.2 and bind9.18.32. It works to the
typo
14.2
Ap
#x27;s 14.2
Apologies for the noise!
bob prohasaka
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-use
Yes, RPZ looks up first, and only replaces it if the lookup returns a
value. There is an option to skip that, but then an attacker can more
easily detect that you are using RPZ to block them.
Search for descriptions online.
--
Bob Harold
DNS and DHCP Hostmaster - UMNet
Information and
I don't think it is your problem. gandi.net is having trouble.
https://dnsviz.net/d/mail.gandi.net/dnssec/
--
Bob Harold
On Fri, Dec 13, 2024 at 7:24 AM Barry Scott wrote:
> I have been using named-chroot on Fedora 40 for a long time without issue
> on version bind-9.18.28-2.
to use beside dig et al.?
>
>
I typically use something like:
dig +noall +ans -x 192.0.2.1 | awk '$4 == "PTR" {print $5;exit}'
That returns only the first PTR record if there are more than one.
--
Bob Harold
> --
> Grant. . . .
> unix || die
> --
>
-
he TTL's
everywhere during the transition, but not everyone honors that - one of the
public DNS providers limits TTLs to something like the 30 second to 8 hour
range, if I remember correctly.
--
Bob Harold
On Tue, Dec 10, 2024 at 1:48 AM Ondřej Surý wrote:
> Chris, that depends whether
Thanks guys!
As usual, you've taught me an invaluable lesson.
Regards,
Bob
On Fri, Nov 1, 2024 at 11:42 AM Evan McKinney wrote:
> Even with a CNAME record, the delv command will validate each step of the
> resolution. You can use the +vtrace option to see each validation and
>
Sorry, I get the DO and AD flags confused. I see now that DIG is telling me
that somewhere in the chain there is an entry that is not validated. I was
doing everything manually. And yes, I saw that DELV runs the chain.
Thanks again,
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind
rs.gov.edgekey.net. 75 IN CNAME e127382.dscna.akamaiedge.net
.
e127382.dscna.akamaiedge.net. 20 IN A 23.208.28.6
e127382.dscna.akamaiedge.net. 20 IN A 23.208.28.30
Regards,
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds
as it's a US gov host.
Please advise.
Regards,
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bin
do
> this?
>
I am using "in-view" so I only have one copy of the zone in memory and on
disk.
In the 'oncampus' view:
zone "umich.edu" {
type slave;
file "oncampus/edu.umich";
masters {
"DNS123";
};
};
And in the other view:
that works
also)
If you need my named.conf, just ask. Sometimes it helps to compare notes.
Are you running on a router or some other device?
Are you running RPZ?
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software
.telekom.net.
telekom.de. 3600 IN NS dns1.telekom.de.
telekom.de. 3600 IN NS dns2.telekom.de.
telekom.de. 3600 IN NS pns.dtag.de.
This is the type of NS record 'tree' that I also had, that caused me
problems.
--
Bob Harold
On Fri, Sep 6, 2024 at 3:27 PM Ondřej Surý wrote:
> Ok, so
ertificate, LetEncrypt using Unbound was verifying every NS record and
sometimes gave up, with an error message "exceeded the maximum nameserver
nxdomains" even though there were no 'nxdomains' in the log. I simplified
my NS records and the problem went away.
--
Bob Harold
O
Its libxml2 and libxml2-devel
Please refer to the following for information.
https://kb.isc.org/docs/aa-00769
Regards,
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions
Thanks Mark. It's right there in the log.
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-
Would this be true for FreeBSD as well? I also have a bind 9.18.24
instance running on freeBSD
and it seems to be ok.
Bob
> The crypto policy stuff ultimately creates and maintains files in
/etc/crypto-policy/backends, which has a list of acceptable or
not-acceptable crypto settings.
>
works but it's REALLY slow.
Dig shows both the address of the server providing the answer and the
amount of time it took for the resolution. That MAY provide some clues as
to what's going on.
I suspect this is an issue with bind 9.18.24. I can't say for sure.
HTH,
Bob
Sent from m
nk that dig should be adjusted to suppress cryptographic
> material from other records such as TLSA, SSHFP, CDNSKEY, CDS, etc, and
> the man page updated to reflect this?
>
> Regards,
> Anand Buddhdev
> --
>
> Just my opinion, but I would like it to apply to all crypto
e or more forwarders, and they are queried in turn until the list is
exhausted
or an answer is found." So the first one will get all the traffic, the
second is just a backup to be used if the first fails.
If you expect that to do load balancing, it will not. Try a real load
balancer, or &
This is why I try to read this list every day...
Thanks Mark.
I need to go back to RTFM (or read the man page)
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at htt
the associated DNSSEC records
(if they exist). It doesn't affect validation. You must make the options
change indicated by Greg Choules in his previous post to disable DNSSEC
validation for a specific domain.
Sorry if this is redundant or very rudimentary.
Bob
--
Visit https://lists.is
DNS Authoritative servers?
(Granted, the actual answer size to the client could be large enough to
cause fall-back to TCP, but that is not because of DNSSEC.)
--
Bob Harold
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this
tware versions. e.g. FreeBSD offers 9.16, 9.18, and
9.19. They are also a little quicker to offer packages for new releases.
YMMV,
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Co
Before answering this question, can you tell me the proper place where I
should be asking this question?
"We are researching DDoS protection, including DNS. What companies or
products or methods should I be looking at?"
--
Bob Harold
--
Visit https://lists.isc.org/mailman/listinfo/
at will go away
eventually. Any comments are welcome.
Thanks,
Bob
named.conf:
acl rfc1918-nets {
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
};
include "/usr/local/etc/namedb/rndc.key";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-
Mea Culpa. Apparently RPZ IS the issue here.
I learn something new every time I read this list.
My apologies for the waste of bandwidth.
Bob
On Mon, Jan 16, 2023 at 9:02 AM Bob McDonald wrote:
> This is just conjecture but I'll take a stab at this problem.
>
> First, the fact
hought and testing. The
ultimate value depends on the volume of updates being generated.
Hope that helps,
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact u
Thanks Evan and Ondrej. I'll let the folks at FreeBSD know also. Their
bind packages still include that file.
Bob
On Wed, Jan 4, 2023, 14:59 Evan Hunt wrote:
> On Mon, Jan 02, 2023 at 07:33:46AM -0500, Bob McDonald wrote:
> > I've upgraded to bind 9.16.36.
> >
>
tion needs to be a bit
more clear on this. Would it be helpful to have a version of the bind.keys
file for bind 9.16 and above?
Regards,
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support sub
also look at
minimal-responses.
Look at the structure of your DNS environment.
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for
Are the zones cern.ch and spectrum-lb.cern.ch on the same authoritative
sDNS server?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ fo
For both versions of bind, please submit the actual dig command and the
complete results received. That will make diagnosing this issue MUCH easier.
Regards,
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software
nd further,
the classification of unknown gets automatically assigned to those clients
combining in through GUEST WiFi (e.g. cell phones, ipads, etc.). Most
organizations with a NAC layer in place have procedures to allow unknown
clients temporary access at some level (e.g. vendors, etc.).
HTH,
Bob
;t get hung
up on it.
Thank you all for the information. You've provided answers to my
questions and have renewed my faith in geekdom.
If anyone is still confused, I'd be glad to discuss this offline until
we have a final solution. Then we can publish if necessary.
Bob
--
Visit
o seek the wisdom of those on the list that have more
experience or different experience than myself. Hopefully, I can gain
from that wisdom and we can provide a kind environment where those
less educated feel mentored.
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
tures such as RPZ, etc.
Regards,
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
RPZ should be able to do that. Read up on RPZ in the BIND manual, and
search online for more info.
--
Bob Harold
On Fri, Aug 19, 2022 at 2:56 AM Matthias Fechner wrote:
> Dear all,
>
> I'm not sure if bind can do this, but let me explain what I would like
> to do.
>
>
will cause an increase in DNS traffic, and I don't know how much of an
increase, but the 24-48 hour TTL of the DS record is the real down-side of
DNSSEC, and why it is taking me so long to try to develop a bullet-proof
process before signing my zones.
--
Bob Harold
University of Michigan
O
e meantime,
>> considering the recent
>> surge of cyber attacks since the recent war started, and our country
>> voted support for the
>> defending party.
>>
>> Frankly, I am not in deep with Microsoft DNS, and I guess there can be
>> some tweaking with
&
glance at the zone with dig, it looks as though the
domain wasn't reloaded.
Also, it looks like NS2 doesn't responf.
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Con
in an internal
environment. Again, my personal opinion is that it needlessly complicates
the architecture of the environment and adds unnecessary cost. However, my
experience with internal environments is with DDI appliances and they would
offer any necessary backup requirements for a DNS zone. YMMV
On Wed, May 11, 2022 at 4:34 PM Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:
> On 5/11/22 2:19 PM, Bob Harold wrote:
> > Not sure who set it up, but my DHCP servers have for some zones:
> >
> > zone x.y.z.in-addr.arpa
> > {
> > primar
On Wed, May 11, 2022 at 1:50 PM Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:
> On 5/11/22 11:24 AM, Bob McDonald wrote:
> > It would seem that using an anycast cloud name (An anycast cloud
> > of the NS device IPs) for the MNAME might provide the same leve
g signed updates. Anyway, I've
been looking at this for the last decade. I'm sure I'll discover more along
the way.
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscri
ents in Asia being sent to
authoritative only servers in South Amer.
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more info
only zones are defined on the caching servers via
stub zones.
My question is this; how do the recursive servers determine from
the information in the stub zone which name server to query? And, is that
the closest (network wise)? Do I need to put anycast into the mix?
TTFN,
Bob
--
Visit https
On Wed, Apr 13, 2022 at 9:39 AM Bjørn Mork wrote:
> Timothe Litt writes:
>
> > Anyhow, it's not clear exactly what problem you're asking LOC (or
> > anything) to solve.
>
> Which problems do LOC solve?
>
> I remember adding LOC records for fun?() in the previous millennium when
> RFC 1876 was fr
ed to
copy the journal files. If there are any other secondary servers (and you
almost always want more than just the master), then change those to pull
from the new server, and make sure that is working, before starting the
steps you listed.
--
Bob Harold
--
Visit https://lists.isc.org/ma
I'm guessing that the zone files hosted on the new DNS servers still
contain NS records pointing to the old DNS servers.
Based on your post, that's my guess.
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of thi
On Thu, Apr 15, 2021 at 12:44 PM Tony Finch wrote:
> Matthijs Mekking wrote:
> > On 15-04-2021 16:35, Bob Harold wrote:
> > >
> > > If BIND holds both the child and parent zone, will it add the DS record
> > > at the correct time? Or do I still need to
On Thu, Apr 15, 2021 at 8:50 AM Bob Harold wrote:
>
> On Thu, Apr 15, 2021 at 2:57 AM Matthijs Mekking wrote:
>
>>
>>
>> On 14-04-2021 22:30, Greg Rivers via bind-users wrote:
>> > On Wednesday, 14 April 2021 15:00:38 CDT Bob Harold wrote:
>> >>
On Thu, Apr 15, 2021 at 2:57 AM Matthijs Mekking wrote:
>
>
> On 14-04-2021 22:30, Greg Rivers via bind-users wrote:
> > On Wednesday, 14 April 2021 15:00:38 CDT Bob Harold wrote:
> >> Does anyone have an automated KSK roll process, that checks for the DS
> >> re
EC if some other process does not update the DS
record at the right time. That's too big a risk for me, the process needs
to check the DS record before completing the KSK roll. Surely someone has
done this. I would rather not reinvent the wheel. But I have searched and
not found anything yet.
Is there an entry in your server options similar to this?
notify-delay nn;
Regards,
Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support
You could use RPZ for the entry "www.google.com" and then the rest of the
domain would resolve from the internet.
Regards,
Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the d
Pv4 only"
Perhaps you want "-6" to use IPv6 only ?
--
Bob Harold
>
> Normally you can do this via the file /etc/default/named (In the options
> variable). Unfortunately, this file is ignored. I also tried it with the
> "Environment" parameter in docker-comp
/etc/resolv.conf or the
"DNS servers" seen in windows client settings, will only be used by the
client if the first server does not respond. For that, you can use a
public resolver like Google 8.8.8.8 as the second choice for your users.
--
Bob Harold
When you talk about "putting the .jnl file aside" what are you doing?
Stopping named THEN deleting the .jnl file? Using rndc sync -clean ? In the case of the rndc command, you don't need to cycle named.
What user is named running as? Are the directory permissions for the
directory housing the .jn
That is certainly not obvious. How do I request improving the manual?
"in turn" would seem to imply "in order", and the order would logically be
the order I listed them.
--
Bob Harold
DNS and DHCP Hostmaster - UMNet
Information and Technology Services (ITS)
rharo...@umic
based algorithm"
So which is correct?
And did it change at some point?
--
Bob Harold
DNS and DHCP Hostmaster - UMNet
Information and Technology Services (ITS)
rharo...@umich.edu 734-512-7038
___
Please visit https://lists.isc.org/mailman/li
My config took the following combination before it would work:
max-recursion-depth 20;
max-recursion-queries 275;
I'm running both IPv4 and IPv6.
Regards,
Bob
On Thu, Oct 1, 2020 at 2:37 AM Borja Marcos wrote:
>
>
> > On 30 Sep 2020, at 22:34, Mark Andrews
second time, it resolves.
Almost looks like some sort of priming issue.
YMMV,
Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscripti
Without seeing your configuration, I can only suggest trying the
minimal-responses option.
Regards,
Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with
.com.
remtest IN CNAME temp001.example.com.
Both examples are not allowed under the RFCs.
Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subsc
I am told from my Splunk experts that the vendor supplied Splunk app for
isc-bind matches the BIND 9.8 version used in RHEL6, but not the BIND 9.11
version using in RHEL7. I have a mix now. Does anyone have a REGEX for
9.11, or better yet, a regex that matches both formats?
--
Bob Harold
Would adding the following to the zone config work?
forwarders {};
Regards,
Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support
ype static-stub;
> server-names {
>"10.n.n.n";
>"10.n.n.m";
> };
>};
> };
>
> This ALWAYS gives a SERVFAIL though regardless of whether the 10.n.n.n
> addresses are reachable or not...
>
"server-names" must
On Wed, May 13, 2020 at 3:49 PM Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:
> On 5/13/20 6:29 AM, Bob Harold wrote:
> > Your ACL looks right. I think Ben has the key - Windows uses GSS-TSIG,
> > not regular TSIG. Not sure how or if that can be solved.
&g
On Wed, May 13, 2020 at 3:20 AM Pete Fry wrote:
> Bob
> thanks for the reply and the correction ( the acl dones't have a ! it was
> a cut and paste error when i was trying to remove some information.
>
> the TSIG works when from other linux machine via nsupdate etc, how
and the other
> anycast instance being internal private accessible.
>
> I don't see another way to delegate the same zone to different (sets of)
> name servers without using anycast. Hence my email to the list asking
> if anyone had any suggestions.
>
>
>
> --
On Fri, Apr 17, 2020 at 12:45 PM Tim Daneliuk wrote:
> On 4/17/20 10:17 AM, julien soula wrote:
> > On Fri, Apr 17, 2020 at 09:56:21AM -0500, Tim Daneliuk wrote:
> >> On 4/17/20 9:50 AM, Bob Harold wrote:
> >>>
> >>> Agree, that's odd, and not what
On Fri, Apr 17, 2020 at 11:03 AM Konstantin Stefanov
wrote:
> On 17.04.2020 17:56, Tim Daneliuk wrote:
> > On 4/17/20 9:50 AM, Bob Harold wrote:
> >>
> >> Agree, that's odd, and not what the man page says. Any chance that
> there is some other DNS helper ru
On Fri, Apr 17, 2020 at 10:34 AM Tim Daneliuk wrote:
> On 4/17/20 7:26 AM, Bob Harold wrote:
> >
> > On Thu, Apr 16, 2020 at 7:17 PM Tim Daneliuk <mailto:tun...@tundraware.com>> wrote:
> >
> > We have split horizon setup and enable our internal and t
http://www.tundraware.com/PGP/
Is 127.0.0.1 in the 'trustedhosts' list?
Are you telling 'dig' what server to use - dig @127.0.0.1
What servers are listed in /etc/resolv.conf? Do they resolve the reverse
zones?
Are local queries hitting the right 'view'
I would suggest:
tsig-keygen your-key-name
It does not need any options, the defaults are fine.
--
Bob Harold
On Fri, Apr 10, 2020 at 7:52 PM moo can via bind-users <
bind-users@lists.isc.org> wrote:
> Hello,
>
> For educational purpose I need to setup an DDNS be
don't see where that
handles updates.
--
Bob Harold
On Wed, Apr 1, 2020 at 9:39 AM Ondřej Surý wrote:
> I would recommend dnspython as a start. The API is very non-Python,
> but once you get hang of it, it’s not that bad.
>
> Ondrej
> --
> Ondřej Surý
> ond...@is
ique names just to be sure which queries you
are looking at.
That's the best that I can suggest.
--
Bob Harold
On Mon, Mar 30, 2020 at 1:07 PM Marc Chamberlin via bind-users <
bind-users@lists.isc.org> wrote:
> Hello - I am running the Bind server
>
> > named -v
> BIND
nfo/bind-users
>
>
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen thos
ary.
--
Bob Harold
On Thu, Feb 27, 2020 at 3:23 PM Alistair Bayley <
alistair.bay...@kordia.co.nz> wrote:
> Hello,
>
> I didn't get any response to this. Is there some documentation that I
> haven't yet found that explains what these measurements mean? Has anyone
>
t;
>
Scott,
To directly give an opinion on your last question - client applications
can often be slow to recover from failed connections, so updating the A
records in the zone is a good idea - best to use nsupdate, do not edit zone
file and reload. DNS Recursive resolvers should failover in secon
.A 141.211.7.25
itd.umich.edu. A 141.211.7.25
*.itd.umich.edu.A 141.211.7.25
dns1.itd.umich.edu. A 192.12.80.214
--
Bob Harold
On Tue, Feb 11, 2020 at 11:16 AM Petr Bena wrote:
> Oh, that explains it, I did
s different in each view:
This zone is same in all views:
zone example.com
host1.example.com IN A 10.0.0.4
host2.example.com IN A 10.1.1.7
router.example.com CNAME router.splitview.example.com
Then in one view:
zone splitview.example.com
router.splitview.example.com IN A 10.0.0.1
And the other view:
zone splitvie
gt;
> > Looks like the file lan.master.nixcraft.com has no data.
> >
> >>
> >> Dec 05 17:51:54 sataradnsVM1 named[4038]: zone
> >> internal.nixcraft.com\032/IN/internal:
> has 0 SOA records
> >> Dec 05 17:51:54 sataradnsVM1 named[4038]: zone
> >&
On Thu, Oct 24, 2019 at 9:20 AM Andrey Geyn wrote:
> Hi, Bob, thank you for response!
>
> What if I want to make following configuration (as an example):
>
> domain.comA10.10.10.10
> *.domain.com CNAMEdomain.com
>
> I don't want to write 10.10.10.10
arate.
Do you want cname.domain.com to point to 10.10.10.10? Then use an A record
to 10.10.10.10.
Do you want cname.domain.com to point to some real domain name (probably a
name you control, like a walled garden, or error page)? Then CNAME to that
real name.
--
Bob Harold
>
> In this
e for
sub.example.com. on the main DNS server?) And does the zone file on the
main have a glue record for dynsub.example.org.?
Regards,
Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
What does your request show when you include a +nodnssec switch on the dig?
-Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
The most obvious thing is to look at the zone and see if that key is
included in an allow-update statement for the zone.
Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind
418174157
> 20190411143657 26550 comcast.net.
> YegwZlzjBoJ+b9nWTHwRZQbce619UcOVdo6FUPG056Sod4MEchv/GCHu
> 7BpREAUm0CBoE4qbipTiS47wIk7QJYzz10B78wRgMGNwMTUXQ571YRyq
> P0I3I0Dzag28j607walJOZms3lAXDzSnyvv9wocaH2MJ7Z3j68Qf5pKh YpM=
> > ;; Received 227 bytes from 69.252.250.103#53(dns101.comc
y to everything included in that
scope, unless overridden."
Why have exceptions to this? This seems like expected behavior, and will
allow for simpler configurations in some cases.
No one is forced to use this, it is optional, but often convenient.
--
Bob Harold
_
-
> Grant. . . .
> unix || die
>
I use:
named-checkconf -p > named.conf.out
which I think is close enough, except for the comments.
You just need to know that view-level settings are at the end of the view,
not where you might expect.
It makes for a very lot of text to read through, but
on
as simple as possible. And it should be possible to override any setting
at a lower level, for the exceptions. It would be even better if I could
'group' zones and set configurations on the group. Repeating the same
configuration thousands of times seems like a waste. I
of records can be split off into its own
2.10.in-addr.arpa.
An if a /24 gets really busy, you can split it out 5.1.10.in-addr.arpa
There is no need to create all 256 /16's or all the /24's, just create them
as needed.
If having different sizes is too confusing, I suggest all /16'
+ 2~3 days depending on the situation.
>
> A "week" is a minimum of 10 days, because 5 works days plus two weekends
> in 9 days.
>
I also assume that either the Friday before their vacation week, or the
Monday after, might be a holiday, so I use 11 days. :)
--
Bob
on
> these forward only servers ?
>
> Any thoughts on this ?
>
> Thank you
>
The RPZ function only runs on the Recursive DNS servers.
The RPZ zone could be mastered on an Authoritative server, but it should
not be visible to the publ
1 - 100 of 238 matches
Mail list logo
