Re: Supporting LOC RR's

On 2022-05-02 18:01, Timothe Litt wrote: Still, overall DNS seems to generate more problems than fun, so if LOC provides amusement, it's a good thing. I know one of my users found them quite amusing. I can't recall what location they picked or why, but it had some sort of personal significanc

Re: getting answers from DNS queries

On 2022-05-03 06:31, Gaurav Kansal wrote: Yup. But if the DNS infra is under my control, then definitely the keys (which i have used for encryption) will also be with me. Am i missing something here ? 🧐 I'll see your privacy keys and raise you Perfect Forward Secrecy. Although I'm not really

Re: srv lookup in record

On 2020-08-21 16:26, Marc Roos wrote: Is it possible to use srv lookups, like eg cname. I do not want to create SRV record, I just want to 'get' the ip addresses, that I would get vai srv lookup. I don't think so, nor does it seem to make sense to me that you would want such a thing (in the ge

Re: max file size or line count for BIND zone file

On 2019-04-25 17:57, @lbutlr wrote: On 25 Apr 2019, at 06:10, Martin Meadows via bind-users wrote: Wondering if anyone is aware of a max file size or max nu= mber of lines that a given BIND zone file can contain?=C2=A0Thanks,Marty-- Martin MeadowsMTA and= DNS Administrator | Salesforce<= /d

Re: Is it possible to use nsupdate with EDNS0?

On 2019-01-17 08:03, Fumiya Obatake wrote: Thank you for your reply. Since it seems very difficult to realize, I will consider other solutions. The obvious solution would be to use TCP. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-user

Re: BIND DNS Enable audit logs - Authoritative

On 2019-01-11 11:55, Kevin Darcy wrote: I don't believe there is any logging category for this, even when zones are enabled for Dynamic Update, in which case the versioning is done automatically. There used to be a "journalprint" utility that one could run against the .jnl files to show the upd

Re: Question about visibility

On 2018-10-24 07:24, Timothy Metzinger wrote: There's no security in obscurity.  Automated port scanners will sweep your system in a couple of seconds. There is *limited* security in obscurity but it's a valid layer. Obviously insufficient as an only layer... As a trivial example, I get orde

Re: NTP through DNS?

On Sun, Sep 23, 2018, at 03:24, Ray Bellis wrote: > On 22/09/2018 02:39, Danny Mayer wrote: > > > No, that's not true. Consider what you are doing. You are substituting > > SRV records for CNAME records. There is nothing magical here. NTP can > > use the CNAME records. Either way the records have

Re: ISC Bind stops answering queries

On Mon, Sep 17, 2018, at 06:07, Ian Collins wrote: > I have been runnig various versions of ISC Bind for a number of years > without any issues.> > My current server is a Windows 2012 R2 running 9.3.0 > <...> Does anyone have any idea what could be causing the server to > stop answering querie

Re: how two dns bind master sync?

On 2018-08-23 14:15, Grant Taylor via bind-users wrote: On 08/23/2018 01:20 PM, Barry S. Finkel wrote: Somehow, under the covers, AD synchronizes the zones so that they have the same content. It's my understanding that MS-DNS servers hosting AD Integrated zones are actually functioning as app

Re: Stopping name server abuse

On Tue, Jun 26, 2018, at 11:54, Reindl Harald wrote: > > > Am 26.06.2018 um 20:50 schrieb Dave Warren: > > On Tue, Jun 26, 2018, at 11:47, Reindl Harald wrote: > >> > >> Am 26.06.2018 um 20:36 schrieb Dave Warren: > >>> On Tue, Jun 26, 2018, at 11:27,

Re: Stopping name server abuse

On Tue, Jun 26, 2018, at 11:47, Reindl Harald wrote: > > Am 26.06.2018 um 20:36 schrieb Dave Warren: > > On Tue, Jun 26, 2018, at 11:27, Reindl Harald wrote: > >> > >> > >> Am 26.06.2018 um 20:18 schrieb Dave Warren: > >>> At the end of the

Re: Stopping name server abuse

On Tue, Jun 26, 2018, at 11:27, Reindl Harald wrote: > > > Am 26.06.2018 um 20:18 schrieb Dave Warren: > > At the end of the day, I doubt there is much you can do legally, the only > > real solutions are technical by returning answers that will discourage > &g

Re: Stopping name server abuse

On Tue, Jun 26, 2018, at 01:28, Matus UHLAR - fantomas wrote: > On 25.06.18 09:06, Dave Warren wrote: > >Absent a situation where the customer has agreed to purchase this service, > > the only result sending an invoice would have is that you have increased > > your loss

Re: Stopping name server abuse

On Sun, Jun 24, 2018, at 15:48, Mukund Sivaraman wrote: > On Sun, Jun 24, 2018 at 04:30:08PM -0400, Alex wrote: > > Hi, > > We had a former customer who parked about 300 domains with his > > registry on our server but is no longer a customer and hasn't moved > > his domains. There aren't any hosts

Re: Odd behavior on a secondary server

On Thu, Mar 22, 2018, at 11:01, @lbutlr wrote: > On 2018-03-22 (08:13 MDT), John Miller wrote: > > > > Is this normal or am I missing something. > > It is normal. It is confusing, but it is normal. Think of it as a "freshness" date rather than a "modified" date and it becomes intuitive. _

Re: "Hiding" version.bind in /etc/bind/named.conf.options doesn't work

On 2018-02-28 10:57, G.W. Haywood via bind-users wrote: Hi there, On Wed, 28 Feb 2018, (Ing. Pedro Pablo Delgado Martell) wrote: Good morning, I'm trying to make it more difficult for an attacker to get my DNS server version. Waste of time.  The attacks are automated, and will be mounted any

Re: SOA settings

On Fri, Feb 2, 2018, at 11:57, Warren Kumari wrote: > Hopefully Lewis knows / understand that we are just squabbling amongst > ourselves because we've know each other for a long time and this is in > good humor. Yes indeed :) > The actual values used are open to tuning, but in the original > post

Re: SOA settings

On 2018-02-01 17:21, Lyle wrote: Bind does default to seconds. However this is not the SOA record. Who said it was a SOA record? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing l

Re: DNSSEC validation without current time

On 2017-12-18 06:44, Timothe Litt wrote: On 18-Dec-17 01:07, Dave Warren wrote: On 2017-12-15 06:23, Petr Menšík wrote: Dne 15.12.2017 v 13:06 G.W. Haywood via bind-users napsal(a): Hi there, On Fri, 15 Dec 2017, Petr Men??k wrote: ... current time is not available or can be inaccurate

Re: DNSSEC validation without current time

On 2017-12-15 06:23, Petr Menšík wrote: Dne 15.12.2017 v 13:06 G.W. Haywood via bind-users napsal(a): Hi there, On Fri, 15 Dec 2017, Petr Men??k wrote: ... current time is not available or can be inaccurate. ntpdate? Sure, of course. What would be default host after installation, that ca

Re: Email & PTR Issues [Solved]

On 2017-11-07 13:09, John Levine wrote: In article you write: I have issues emailing to certain domains. I use my own mail server to deliver mail. It is currently not sending through SMTP Relay. The failure says that I have a missing PTR record. For example: I'm amazed that it w

Re: Unable to slave root zones

On Fri, Apr 7, 2017, at 08:22, Thomas Leuxner wrote: > * Mark Knight 2017.04.07 16:36: > > > masters { > > 192.5.5.241;// F.ROOT-SERVERS.NET. > > }; > > Hi Mark, > > I had the same issue basically. Tracing the zone transfers with dig it > turned out they work

Re: The DDOS attack on DYN & RRL ?

On Tue, Nov 1, 2016, at 07:45, Ben Croswell wrote: > The other option being having a master owned by your company and then > setting both external providers to secondary from your master. You to > maintain control over data and hqve diversity. I use this approach here, it's proven to be very rob

Re: Request reverse dns mapping advice

On 2016-09-06 08:01, Bob Harold wrote: I agree with one PTR per IP. But since you have 5 IP's, you can have one PTR record on each, just be sure there is a matching forward "A" record. Your list of 5 names looks good, but only if each service uses the corresponding IP for its outgoing connectio

Re: Request reverse dns mapping advice

On Mon, Sep 5, 2016, at 09:46, John Levine wrote: > >1. pick a primary domain from the list of virtual hosts (example2.com) > >2. use the "real" host name of the server (juvat.example1.com) > >3. the mail server name (mail.example1.com) > >4. the dns server name (ns2.example1.com) > >5. anothe

Re: SPF and domain keys

The easiest answer is: Whatever you want. Strictly speaking, alphazulu.com can send mail on behalf of foxtrot.com using a alphazulu.com DKIM selector, and that's perfectly valid under DKIM. However, it won't have DMARC alignment, which is becoming more and more important, so if alignment is relevan

Re: Forwarding via different external networks

On Sun, Aug 28, 2016, at 19:22, Paul Kosinski wrote: > "... whatever else you use to failover from the primary to the > secondary would automatically ensure BIND resolves too." > > That's the root of the problem: there is no automatic failover, and > providing one is a lot of work. I was hoping th

Re: Forwarding via different external networks

On Sat, Aug 27, 2016, at 11:32, Paul Kosinski wrote: > So my question is, is it possible to configure my forwarding BIND to > have a primary and *secondary* path for sending out DNS queries? As far > as I can tell, the "query-source address" option in named.conf only > allows one outbound interface

Re: Need of caching on bind server

> I am trying to understand why caching is required on the bind server, > when the client receiving the responses would be caching based on TTL > values. > > So, > Is caching required on the server, if the client is not able to > cache such responses? Isn't it a overhead on both the client and se

Re: getting not authoritative with some notifies - Solved

zones soon after they move, whether they notify you or not. Or, separate your resolver and authoritative roles, in which case this won't be an issue. One should still monitor for zones for customers who have departed, obviously, but it's not likely to cause any operational issues.

Re: getting not authoritative with some notifies - Solved

the zone eventually expires? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users

Re: Additional Section - TXT Format?

wer, should not be cached in such a way that they would ever be returned as answers to a received query. It'll also, irrespective of caching, break DNSSEC. Whatever you're trying to do, this is not the right way to do it; you cannot arbitrarily add data to zones that are not under

Re: Guidelines for role separations forwarding vs authoritative

ively simple, other than the master, but renumbering the master without any other changes is also moderately trivial as updating the slaves can (and is) scripted. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visi

Re: g.root-servers.net not reachable anymore

ot servers. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lis

Re: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

On 2016-03-25 07:21, Barry Margolin wrote: In article , Dave Warren wrote: I'm more interested in the impact from the perspective of an authoritative server operator and in some respects sites that use short TTLs will increase the odds of my longer-TTL's records staying in the ca

Re: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

On 2016-03-24 18:28, Barry Margolin wrote: In article , Dave Warren wrote: On 2016-03-24 15:20, Tony Finch wrote: Dave Warren wrote: On 2016-03-24 09:46, Ray Bellis wrote: On 24/03/2016 16:41, Tony Finch wrote: When I changed our TTLs from 24h to 1h last year, it didn't have a vi

Re: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

On 2016-03-24 15:20, Tony Finch wrote: Dave Warren wrote: On 2016-03-24 09:46, Ray Bellis wrote: On 24/03/2016 16:41, Tony Finch wrote: When I changed our TTLs from 24h to 1h last year, it didn't have a visible effect on authoritative server query load, much to my surprise. I'

Re: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

elf" that there are missing records that need to be replaced, what would be the point of keeping any records with a longer TTL? A resolver would still be sending the same queries to refresh the entry with the shortest TTL anyway, so it wouldn't reduce the query volume. -- Dave Warre

Re: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

his? For average resolvers, what is the longest TTL that has any utility? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this lis

Re: Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive

On 2016-03-19 19:03, Barry Margolin wrote: In article , Dave Warren wrote: My current logic is that I do a SOA query and check the serial number, if it has changed, I query every needed hostname into a temp file, and if every single query was successful, check the SOA again, and if it still

Re: Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive

Y, or a way to keep that list up to date. It was just faster to code up a sloppy /etc/hosts script to update a handful of critical records. Lame reasons, but it works well enough and hasn't blown up in my face yet. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwa

Re: Tuning for lots of SERVFAIL responses

fresh value took care of it. It's not perfect, it could be better, but it worked with a minimum of hassle. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bin

Re: Tuning for lots of SERVFAIL responses

in having your resolvers be as ignorant about internal infrastructure as possible. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this l

Re: frequent queries to root servers

NAME chain only violates a "should", and later in that RFC it says that software "should not" fail to handle chains, so even if you take a "should" as gospel, the "should not" should be equally gospel, making CNAME chains supported (although not advise

Re: Overriding a single record with dynamic-dns

.myzone.com. in a separate zone entirely, allowing you to use views for that that one zone? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: root hints operation

On 2015-11-17 14:13, Mark Andrews wrote: In message <564ba3e3.9060...@hireahit.com>, Dave Warren writes: On 2015-11-16 18:09, Grant Taylor wrote: It's my understanding that ALL of the root servers would have to change all of their addresses at the same time for DNS to be impacted.

Re: root hints operation

would only impact resolvers that had outdated root hints, and also happened to try that particular IP first, but it's at least a theoretical risk. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please v

Re: Adding DNS ALG support to Bind?

esired, one would probably not enable this functionality. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailin

Re: How are DNS Records added dynamically in DNS Servers?

re at least three different serial numbers being returned by those various servers, with different TTLs on the NS records depending on which server you query. I wonder if they're in the process of updating and the records only partially updated? Odd that it was served at all though. -- D

Re: DNS Negative Caching

nd so falling back on the SOA's "minimum" field would seem to be a more sane choice than making one up or refusing the zone, if only as a nod to the legacy use of this field. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren __

Re: Help DNS

using, but that's good enough for our typical customer, and we can offer dynamic zones to customers that need it. I don't think we have any of those left anymore. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren __

Re: Version Number

riation on "4.9.4-P1", with a possible reference to Win98SE for some roles (depending on which system manages their configuration), just in case anyone looks. Nobody seems to care. -- Dave Warren http://www.hireahit.com/ http://ca.linkedi

Re: do not stupidly delete ZSK files

ASHA256 in any reasonable level of time, it would be equally feasible to invest in 2x-8x the hardware and start breaking roots in under 3 months. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please v

Re: DMARC Record issue

ot;v=DMARC1\; p=reject\; rua=root@dns-test-1.\; aspf=s\; rf=afrf\; sp=reject" http://www.dmarc.org/faq.html#s_12 has some information on what is happening here. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren __

Re: Point domain name of my zone to name in somebody else's zone?

ase your three wishes to an evil genie. "CNAME the apex? As you wish, master... mwahahaha!" -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to un

Re: Multi-master (HA)

mes, etc. >> (especially since I'm using unix timestamp for zone serialavoids >> issues of multiple admins incrementing serial without >> noticing others and/or collisions with DNSSEC's >> incrementing of serials.) Dave Warren replied: I wouldn't expect any

Re: Point domain name of my zone to name in somebody else's zone?

On 2014-05-08 15:09, Mark Andrews wrote: In message <536bcced.8060...@hireahit.com>, Dave Warren writes: On 2014-05-08 07:45, Barry Margolin wrote: In article , Tony Finch wrote: Dave Warren wrote: DNSMadeEasy calls this an "ANAME" record, internally they just lookup t

Re: Point domain name of my zone to name in somebody else's zone?

On 2014-05-08 07:45, Barry Margolin wrote: In article , Tony Finch wrote: Dave Warren wrote: DNSMadeEasy calls this an "ANAME" record, internally they just lookup the destination's IP and cache it, updating it as needed. It works, but it would be nice if this could be don

Re: Multi-master (HA)

ion, I wouldn't expect zones drifting out of sync or having minor differences to be a big factor since it happens in the wild already. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.

Re: Point domain name of my zone to name in somebody else's zone?

l accounts to the CNAME site as you can't have a CNAME and SOA/NS records at the same level. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubsc

Re: How to setup a backup NameServer?

of different methods. Anycasting within your network might be a good choice in a large environment. If your connectivity is so badly interrupted that you can't pull off DNS queries against authoritative servers, there's little value to keeping DNS up since everything else is b

Re: How to setup a backup NameServer?

u host, or things like Google? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc

Re: Bind 9.9.1 forward zone "local"

ation that wouldn't work with this configuration. Switching BIND to use hints instead of acting as a root seems to work around this (broken) local configuration. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___

Re: Internal clients' queries for "myhostname." get sent to forwarders. Why?

me, just leave the forwarders list blank and Microsoft DNS does full recursion. The old DNS setup wizards encouraged forwarders since they made a lot more sense in the high-latency, well maintained DNS server worlds of yester-year, but today, you'll probably do a better job of doing your own r

Re: whois expiration limit?

cts are based on one party or the other doing something and the other promising to do something later. Luckily registrars don't have much of an incentive to jerk people around, saving themselves $9 isn't worth the lawsuit and potential loss of accreditation. -- Dave Warren

Re: whois expiration limit?

term shall not exceed ten years." In reality, they'll probably issue the renewal automagically once you're under the 9-year mark and the domain is renewal-eligible. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren __

Re: Monitoring Zonefiletransfer

re in those recently added/modified records, so if you just plan for 15 minute update times for non-MS secondaries to sync up and ignore the periodic "serial is lower than expected" warnings, multi-mastering works fine in practice. -- Dave Warren http://www.hireahit.com/ http://ca.

Re: Variable SOAs in negative responses

On 2014-01-28 14:20, Mark Andrews wrote: In message <52e8258e.3060...@hireahit.com>, Dave Warren writes: On 2014-01-28 11:28, Matus UHLAR - fantomas wrote: On 27.01.14 18:23, John Levine wrote: A friend (really) asks this question: they have some DNSBLs, which get a lot of queries. Som

Re: Variable SOAs in negative responses

NSBL operator knows that certain IPs are not candidates for listing (or at least not candidates for automated listing), why not let DNS caches keep that information for as long as possible? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren Usenet is like a herd of perf

Re: "Recursive no;" implications?

closer anycast farms/points, it can potentially assume that that query is part of an attack and rate limit much more drastically than is normally done. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren The cigarette does the smoking, you

Re: Sites that points their A Record to localhost

's an imperfect world. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc

Re: Sites that points their A Record to localhost

-routable IP addresses outside of expected/predictable locations. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users

Re: Query regardign CNAME

. But this doesn't helps. I want to ask is it possible to have a CNAME configuration by which I can divert all queries for my xyz.gov.in domain to xyz.in domain. That sounds roughly like a possible use for a DNAME record, I believe. -- Dave Warren http://www.hireahit.com/

Re: Forward zone giving SERVFAIL

so my memory recalls, there were so many minor disasters during testing on that roll-out that I might have some details off in my brain, but if this doesn't help, I'll ask around and see. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com

Re: Is SpamHaus Feed for RPZ is free or subscription based?

On 2013-11-06 06:08, Steven Carr wrote: On 6 November 2013 11:19, Dave Warren wrote: Perhaps you can point out where on that page RPZ is mentioned? The Spamhaus news article announcing the "beta" RPZ service (http://www.spamhaus.org/news/article/669/) indicates that the Spamhaus DB

Re: Is SpamHaus Feed for RPZ is free or subscription based?

On 2013-11-06 01:04, Steven Carr wrote: This is all explained clearly on their website... http://www.spamhaus.org/organization/dnsblusage/ Perhaps you can point out where on that page RPZ is mentioned? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren

Re: Refreshing cache in other DNS Servers

On 2013-10-16 09:47, Manson, John wrote: I would add that Windows PC OSs by default have the dns client cache set to 'enable'. Yes. And like Windows Server's DNS cache, these honour TTLs too, so as long as TTLs are set properly, it's not an issue. -- Dave Warren htt

Re: Bind99 and a slave named server

On 2013-08-18 16:36, LuKreme wrote: On 18 Aug 2013, at 14:06 , Dave Warren wrote: Change the zones from master to slave in your named.conf? There really isn't much more to it than that, assuming you have a new authoritative master is already configured and serving the zones. Oh, ther

Re: Bind99 and a slave named server

ttle difference. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https:

RRL and avoiding contributing to DDoS (Was: How to suppress ADDITIONAL SECTION per zone)

pike unless it's disruptive to performance) -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing

Re: any requests

t shared caches on powerful, well connected boxes. Either way, when you're playing with a single test domain, experimentally, they'll absolutely expire just the way anybody else does. -- Dave Warren http://www.hireahit.com/ http://ca

Re: does zone trump forward?

e office where the pipe is neither fat nor reliable. See #1 and #2 above. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

Re: does zone trump forward?

ot; includes things like routing and DNS. You're not taking over their territory just yet, just adding yours to theirs. Politics aside, it solves the technical issues without butchering DNS or adding excessive unreliability. But then I just hate forwards. Burned 1000x times, lesson l

Re: architecture question

On 2013-05-10 16:39, b...@bitrate.net wrote: On May 10, 2013, at 01.18, Dave Warren wrote: On 2013-05-08 11:13, btb wrote: it's also mildly humorous that they used to quite religiously endorse .local, in some documents even categorizing use of the same domain name on an interna

Re: architecture question

using a real domain. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://l

Re: architecture question

On 2013-05-09 11:27, Jeremy P wrote: I certainly didn't intend to spark off such a firestorm with my original question. I have learned a lot from the debate though. On the question of what to use with students, it is a fine thing to say "we should only do things the way they are done in real

Re: architecture question

, at least until they run into enough problems to frustrate them into something more compatible with current practice. I made the same mistake many moons ago and I'm still stuck with it. I wish I'd known better. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/d

Re: architecture question

ell, but it would just as well with NS delegations. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list

Re: NS geo-distribution

to evaluate the results. I realize I've probably spent more time thinking about it than I'll possibly save anyone else anyway, so perhaps that's my answer. I appreciate all the input. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___

Re: NS geo-distribution

On 2013-04-29 21:35, Gary L. Burnore wrote: I would contend that fast inititial page load times is achieved through blazing web servers and a wide data path. It sure doesn't hurt, but introducing ~200ms of DNS lookups sure won't make things any faster. -- Dave Warren http://www.hi

NS geo-distribution

is tend to return slower results on average since a potential user would have a 1/3 chance of hitting a NS with a higher latency? I realize that the difference isn't very significant in the grand scheme of things, but it's always nice to shave a few ms off of initial page load times.

Re: Simple question about zone and CNAME

) and we can just lie to the AD servers and use them as the bare domain name. It's just just the servers though, it's any client that needs to access Active Directory resources that might potentially hit the web server when it's looking for your AD environment. -- D

Re: Simple question about zone and CNAME

n a split DNS environment this is less of a factor. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list

Re: Multiple masters for slave zone

On 2013-03-18 23:12, Steven Carr wrote: On 18 March 2013 23:08, Dave Warren wrote: Does it actually check each master for a serial number, or does it stop at the first one queried if it has a higher-than-current serial number? It would have to otherwise how would it know who has the highest

Re: Multiple masters for slave zone

? I've been meaning to test this in the real world, but if anyone can tell me, it would save a bit of time :) -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-

Re: spf ent txt records.

venting another standard for the majority to ignore would help at this point. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: How to minimize the downtime in my case

work" throughout the transition? Sure, depending on TTLs involved, some clients might hit the old NS and some would hit the new NS until the records aged out of caches, but as long as the other records are identical, users will hit the same web servers, the same MX, etc. -- D

Re: spf ent txt records.

On 3/13/2013 17:11, Noel Butler wrote: On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote: I almost wouldn't bother with SPF records these days though, except that the code was already written. # grep SPF maillog |grep -c '\-all' 2438 # grep SPF maillog |grep -c '\

Re: spf ent txt records.

I updated my management interface to encourage "SPF" records, and to automatically create matching TXT records, but only because it's easier to sanity check when I know the intent is SPF. I almost wouldn't bother with SPF records these days though, except that the code

  1   2   >