I faced a similar situation when setting up my servers. The way I handled
it (correctly or not) was to built the zones in the internal view as
master, and then the external view slaved to the internal master. That way
you can simply update your internals, and the external side automatically
popul
On Tue, Apr 8, 2014 at 6:15 AM, Joseph S D Yao wrote:
>
> The MSW workstations and servers do only look up from the MSW AD servers,
> for some MSW reason that nobody can explain except "MS says they have to".
> The MSW AD servers forward all DNS queries that they cannot resolve to the
> Linux/BI
I have ours setup with AD as a stub, and then point all our clients to our
bind servers as resolvers. Works well.
On Tue, Apr 8, 2014 at 5:08 AM, Bryan Harris wrote:
> Hello all,
>
> We have a sort of private DNS such that servers can lookup zones that
> don't actually exist in the real, publi
On Thu, Mar 27, 2014 at 5:26 PM, Mark Andrews wrote:
>
> In message <53349e66.8050...@ksu.edu>, "Lawrence K. Chen, P.Eng." writes:
> >
> >
> > On 03/26/14 04:02, Sam Wilson wrote:
> > > In article ,
> > > Jason Brandt wrote:
> >
Thanks guys. I appreciate the input. I don't want to derail the list much
though, as this is supposed to be more BIND than Cisco :)
At this point my BIND installation seems to be stable, so we'll call it
case closed. We do plan on replacing our firewalls in the near future, so
hopefully we won'
matters discussed.
>
>
> On 26-Mar-14 05:02, Sam Wilson wrote:
>
>> In article ,
>> Jason Brandt wrote:
>>
>> For now, I've disabled DNS inspection on our firewall, as it is an
>>> ancient
>>> Cisco firewall services module, and that seems
rg [mailto:
> bind-users-bounces+paul.thom=dfo-mpo.gc...@lists.isc.org] *On Behalf Of *Jason
> Brandt
> *Sent:* March-26-14 9:09 AM
> *To:* Sam Wilson
> *Cc:* comp-protocols-dns-b...@isc.org
> *Subject:* Re: High recursive client counts
>
>
>
> The code on our FWSMs isn't
nately our MRTG
isn't setup to track firewall CPU, so I can't say for sure.
Thanks,
Jason
On Wed, Mar 26, 2014 at 4:02 AM, Sam Wilson wrote:
> In article ,
> Jason Brandt wrote:
>
> > For now, I've disabled DNS inspection on our firewall, as it is an
> ancient
&g
Mark,
That's a very good question, and something we had thought of as a
possibility as well. I hadn't seen any good information in relation to
entropy, so I'll check into your link. We had noticed that on other things
as well, due to the virtual environment, but nothing that caused
performance
Cathy,
Thank you for your comments. I will continue to investigate, it helps to
have avenues to look down though.
As far as build version, we are aware that we aren't at current stable
release. However we've tried to stick to the distro release as much as
possible, to help streamline patching.
> manually from various locations, and try to find a common theme. If there
> is no common theme to the query destinations, then look even closer at
> your network. :-)
>
> hth
>
> -Original Message-
> From: Jason Brandt
> Date: Tuesday, March 25, 2014 at 10:
We recently migrated to BIND for our internal resolvers, and since the
migration, we are experiencing periods of high recursive client counts,
which will at times cause the BIND server to quit responding. As a
workaround, I've been able to point the BIND server to a forwarder,
bypassing the root h
12 matches
Mail list logo
