ers@lists.isc.org<mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group
Institutions do not have opinions, merely customs
--
Visit https://lists.isc.org/mailman/listinfo/bind-users
the main campus tenant cannot start accepting
email for our domain until we’ve transferred the email domain between tenants,
so we cannot just change the MX record in our DNS server to the University’s (a
Cisco Ironport setup)
--
Bruce Johnson
University of Arizona
College of Pharmacy
ists.isc.org/mailman/listinfo/bind-users
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group
Institutions do not have opinions, merely customs
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the develo
netassoc.net<http://netaccoc.net> as the domain the dmarc record is for. At
least I do not have that CNAME set for my domain and DMARC passes all the tests.
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group
Institutions do not have opinions, merely cu
Thanks!
On Jun 1, 2022, at 1:48 PM, Sandro
mailto:li...@penguinpee.nl>> wrote:
On 01-06-2022 20:07, Bruce Johnson via bind-users wrote:
I am migrating our BIND system to a new server/BIND version, and have
a question about dynamically updated zone files (we have one dynamic
zone). I a
will just
stopping the bind service properly deal with updating the zone file? Also do I
need to copy over the .jnl file when I do this or will a new one get generated
as needed?
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group
Institutions do not have
kind I’m thinking that there's no real avenue for malware to get on this system
(beyond some sort of 0-day in the software that is running…) so it’s probably
not necessary; but if we get told we have to, does anyone foresee any issues
with it interfering with DNS?
--
Bruce Johnson
Unive
0
l.gtld-servers.net. 53266 IN 2001:500:d937::30
;; Query time: 15 msec
;; SERVER: 128.196.116.5#53(128.196.116.5)
;; WHEN: Thu Feb 03 10:26:49 MST 2022
;; MSG SIZE rcvd: 907
And I don’t see anything in the logs about this.
--
Bruce Johnson
University of Arizona
College of P
Ugh, forgot about that…that was it.
Thanks!
On Dec 9, 2021, at 3:48 PM, Mark Andrews mailto:ma...@isc.org>>
wrote:
Almost certainly SELinux or AppArmor on the new platform getting in the way.
On 10 Dec 2021, at 06:08, Bruce Johnson via bind-users
mailto:bind-users@lists.isc.org&g
it’s entered the same way
in named.conf, but that’s running and ancient version BIND
9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
(and why I’m building a new one!)
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group
Inst
ne files is disabled"; fi (code=exi
this nonsense of bash in systemd units typically comes from distributions and
so you should at least name which one you are using
In this case it is CentOS8.
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group
Ins
On Nov 4, 2021, at 12:01 PM, Bruce Johnson
mailto:john...@pharmacy.arizona.edu>> wrote:
This morning our server started failing to reload or start.
checking the status reveals not a lot of info:
systemctl status named-chroot
● named-chroot.service - Berkeley Internet Name Domain (DNS)
we
have a LOT of zone files; is there a particular order in which they’re loaded
at startup? I’ve made no changed to named.conf or anything else on this server.
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group
Institutions do not have opinions, merely custo
-00725 )
alice._domainkey.itverx.com.ve.86400 IN TXT “v=…ZZZ”
Is alice, in this case, the server with the MTA and private keys and itverx.com
the base domain of the zone? IE alice.itverx.com is the server that is signing
the emails?
what is the .ve. part?
--
Bruce Johnson
University of
mail.{your-fqdn} is only valid for 60 seconds. As you say, a cheap load
balancing attempt!
Best,
Richard.
-Original Message-
From: bind-users On Behalf Of Bruce Johnson
Sent: 25 June 2021 6:56 pm
To: bind-users@lists.isc.org
Subject: Odd A record in our hosts zone file
I ran across th
’ notation? I haven’t been able to find that in my searching of
the manual.
(We’re adding new servers and I need to make sure our DNS is properly set for
them.)
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group
Institutions do not have opinions, merely
f named. (probably /usr/local/opt/bind/sbin judging from the screen shot)
If the previous version was installed as part of Mac OS Server, or MacPorts,
for example that binary will live somewhere other than /usr/local.
--
Bruce Johnson
University of Arizona
College of Pharmacy
Informatio
Turne out to be a dumdum mistake on my part. SELinux was set to enforce…set it
to permissive and voila! the .jnl file was created.
I coulda sworn I’d fixed that before...
> On Mar 5, 2021, at 12:39 PM, Grant Taylor via bind-users
> wrote:
>
> On 3/5/21 12:07 PM, Bruce J
:39 PM, Grant Taylor via bind-users
mailto:bind-users@lists.isc.org>> wrote:
On 3/5/21 12:07 PM, Bruce Johnson wrote:
Fixing the permissions and restarting named got dynamic updating working again,
but new systems (ie names that are NOT already in the Zone file ) are throwing
errors abo
5 11:45:27 mydns named[45631]: client @0x7fa31f3f7c20
BJ> 128.196.45.228#49190: updating zone
'DYN.Zone.COM/IN':<http://DYN.Zone.COM/IN':> error:
BJ> journal open failed: unexpected error
BJ> Is there a specific command to create the .jnl file? I thought
BJ> n
;: error: journal open
failed: unexpected error
Is there a specific command to create the .jnl file? I thought named created it
automatically as needed. (at least the named-journalprint man page indicates
this…)
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Techno
te and move them into place once they are
complete.
If you are running Linux also se SELinux settings as they add additional
constraints. Additionally if you are running as root named does not have
permission to override file permissions root normally has.
--
Bruce Johnson
University of A
of our (name) vlans, but checking the config syntax
with named-checonf -z shows all are properly loading, and the zone transfers
after the manual update did work.
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group
Institutions do not have opin
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
in named-chroot do these go to the actual system /var/named/log or does the
named-chroot process put them in /var/named/chroot/var directory?
--
Bruce Johnson
University of Arizona
ists.isc.org/mailman/listinfo/bind-users
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group
Institutions do not have opinions, merely customs
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscrib
Thanks, that worked perfectly!
> On Dec 17, 2020, at 12:02 PM, Reindl Harald wrote:
>
>
>
> Am 17.12.20 um 19:56 schrieb Bruce Johnson:
>> Someone updated out name server and messed up the serial number on the
>> primary; as a result our secondaries are not up
1209600 86400
Is the fix here just setting the serial number on the primary to 1762233708 ?
The various things online I’ve found are all based on “you accidentally set the
primary more than 2^32 ahead” so you have to do a bunch of modulo arithmetic...
--
Bruce Johnson
University of Arizona
College
s for these tips, this makes me feel a lot more confident that I'm on the
right track.
Regardless, I do hope your migration goes smooth!
John
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Bruce
Johnson
Sent: Wednesday, November 18, 2020 1
one, as the only clients that would actually talk to it would be ones that
specify that IP address for resolution.
Am I missing something or overcomplicating things?
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group
Institutions do not have
29 matches
Mail list logo
