In article you write:
>> [@temp3]$ dig +short srv _http-apps._server.test._tcp.marathon.mesos
>> 0 1 31024 server.test-usbzr-s3.marathon.mesos.
>> 0 1 31852 server.test-z9x84-s3.marathon.mesos.
>> 0 1 31790 server.test-k7g8r-s4.marathon.mesos.
These SRV records say that the service is on ports 31
In article you write:
>On 2020-08-21 16:26, Marc Roos wrote:
>> Is it possible to use srv lookups, like eg cname. I do not want to
>> create SRV record, I just want to 'get' the ip addresses, that I would
>> get vai srv lookup.
>
>SRV records are more than just pointers to a specific server, there
In article you write:
>Hi all,
>
>Looking for a temporary work around, while an issue gets resolved. I have a
>DNS query coming in with an invalid class requested (65 or 0x41).
The only classes ever assigned were 1, 2, 3, 4, and pseudo-classes 254 and 255.
What is class 65 supposed to be? Why w
In article you write:
>What's the best way to force an A query via UDP to return a TC=1 result:
>a really long CNAME chain?
I'd suggest lots of records. You could do it with A records but you'd
need four times as many
$ dig wordy.examp1e.com
;; Truncated, retrying in TCP mode.
; <<>>
In article you write:
>-=-=-=-=-=-
>
>
>On 5/6/20 4:12 PM, John Levine wrote:
>> Since they can't access the root servers, how do you expect them to
>> do DNS lookups at all?
>There is a copy of the root zone in the environment.
>
>There is also enough net z
In article you write:
>-=-=-=-=-=-
>
>On 5/6/20 3:40 PM, John Levine wrote:
>> Can clients on the internal network contact hosts in the outside
>> world, or is it really disconnected?
>It depends on which particular lab is being used and what is being tested.
>
>I
In article you write:
>-=-=-=-=-=-
>
>On 5/6/20 2:29 PM, Grant Taylor wrote:
>> That's one of the hard requirements of what I'm doing. Not doing that
>> is not an option.
>
>To elaborate, the internal clients are in a sequestered network which
>will never have outside access to it. As such, th
s facing different networks could work, although you're asking
for trouble with route leaks anytime someone adjusts a router anywhere
near one or the other. Remember that with normal anycast all of the
mirrors send identical or at least equivalent answers so the routes
are not a security issue.
external.
>
>I don't see any options that avoid anycast.
This really seems like ordinary split horizon DNS.
--
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. htt
In article you write:
>On Sat, 2 May 2020, Michael De Roover wrote:
>
>> Even if your ISP allows it, chances are that other mail servers will
>> reject it ...
>My residential-class static IP mail server has never had problems
>delivering mail. I've checked it many times over the years on many
In article you write:
>I suspect the pain he was referring to is not really DNS-specific, but
>just due to having to manage servers with different operating systems.
>This means using a more diverse set of management tools, different
>configuration syntax, etc.
I have masters running NSD on Fr
In article you write:
>El 20/08/2019 a las 9:28, Marco Davids via bind-users escribió:
>> A TXT _dmarc.domain.tld "v=DMARC1; p=reject" might also be useful.
>Wouldn't that imply having DKIM set up for the domain?
No, of course not.
It says that if mail isn't authenticated, reject it. An excell
In article you write:
>A *bank* not using DNSSEC?? Glad I don't have any money there.
Sure they do.
>> They have some history of ignoring messages:
>>
>> $ whois barclays.com | grep DNSSEC
>> DNSSEC: unsigned
That domain is so 20th century.
They have their own vanity domain which is quit
In article you write:
>-=-=-=-=-=-
>
>On 1/27/19 8:57 AM, John Levine wrote:
>> No. If that's what you want to do, I'd suggest looking at PowerDNS.
>
>John, why would you recommend PowerDNS over BIND's DLZ options?
PowerDNS was designed to serve the data out
In article you write:
>-=-=-=-=-=-
>
>Greetings!!
>Does Bind has a database option to read zones [if zones are in database]
>instead of zone files? if yes , how to setup? can someone help me.
No. If that's what you want to do, I'd suggest looking at PowerDNS.
In article you write:
>-=-=-=-=-=-
>
>On 12/27/18 11:24 AM, John Levine wrote:
>> Well, there's those pesky old DNS standards, but we're used to software
>> working around screwed up zones.
>
>Agreed. Which standard(s) does this run afoul of?
>
>
From: John Levine
To: bind-users@lists.isc.org
Subject: Re: Reverse lookup for classless networks
In-Reply-To:
Organization: Taughannock Networks
Cc: gtay...@tnetconsulting.net
Bcc: johnl-sent
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding
In article you write:
>We have a couple of small domains whose DNS is served by BIND on our dedicated
>machines. Almost 3 years ago we had set up DMARC records,
>and were getting reports from various MXs every day until a couple of days ago
>(Aug 13). Then they suddenly stopped!
>
>Nothing in th
In article you write:
>The target, instead of very quickly rejecting the spam because of the =
>lack of a domain or the lack of DNS, instead has to deal with thousands =
>of different IPs.
That's not how spam filters work. They do filtering based on the IP
address sending the spam and maybe the
In article you write:
>For the record, the issue is not RBLs or legitimate domains, it is =
>spammer scum that set super-low DNS because they are shotgunning spam =
>from a a vast botnet and they want to have maximal impact, so you get a =
>different IP for every spam they send. It is a way of try
In article you write:
>As long as you understand the implications of what you're doing?
>
>The zone owner may be using short TTLs to implement load balancing
>and/or quick failover. If you extend the TTLs, your users may experience
>poor performance when they try to go to these sites using out-o
In article you write:
>you miss the topic
>
>many DNSBL's have a very short TTL and at the same time a limit of
>queries froma single IP until you need to pay for the service
This doesn't sound like a technical problem.
Is there some reason you shouldn't pay for the service you're using?
___
In article you write:
>-=-=-=-=-=-
>
>I am Munkhbaatar, a master course student studying on mechanism and algorithm
>of DNS.I want to search algorithm in DNS, but
>i have not found the documents clearly explaining this on the web.I guess it's
>just a "list search", but I am not
>sure.Please tell
In article you write:
>> I have issues emailing to certain domains. I use my own mail
>> server to deliver mail. It is currently not sending through SMTP
>> Relay. The failure says that I have a missing PTR record. For example:
I'm amazed that it works at all. Like most ISPs, AT&T us
This has nothing to do with BIND, but anyway.
In article you write:
>I would personally try to use -all for new domains from the word go.
Only if you want your mail to mysteriously disappear. There are a lot
of perfectly legitimate ways to send and route mail that SPF cannot
describe. Unless y
In article you write:
>> X.TLD IN MX 10 mail.example.com.
>>
>> is perfectly valid, and quite common for people who don't host their own
>> e-mail.
>
>Okay, but for now each domain will have its one mail server.
If you have one host with one IP, I hope you have one mail server
since only o
In article you write:
>>* IP with *one* PTR
>>* the A-Record for the PTR matches
>>* smtp_helo_name of your MTA matches the same name
>
>Even this is not required. In fact, requiring this breaks SMTP RFC.
>The only requirement on helo name is that host must exist and be canonical,
>which means it
>Problem is procmail + postfix with rbl's (zen.spamhaus.org and others).
>
>Really big problem are spam botnet's and some day we can get over 5-6
>million messages per day or even more.
>
>Procmail/postfix is doing every check per msg at localdns (localdns =>
>rbl's) server and average check time i
>1. pick a primary domain from the list of virtual hosts (example2.com)
>2. use the "real" host name of the server (juvat.example1.com)
>3. the mail server name (mail.example1.com)
>4. the dns server name (ns2.example1.com)
>5. another domain from the virtual hosts list (example 3.com)
Publis
In article you write:
>Awesome, Actually one more question. If we allow folks from another domain
>to send as us is there a chance anywhere in any of the email "from" headers
>it would reveal the "true" domian?
The names of their servers will show up in Received headers. It is a
poor idea to ass
>It is true at first glance the regex-esque syntax in our I-D may seem a
>bit complex but I don't believe anywhere near the complexity of NAPTR
None of the complexity of NAPTR is in the DNS or the DNS servers; it's
all in the applications that use NAPTR. For DNS servers, NAPTR is
just a record it
PS:
>I understand rwhois exists but it is much more complicated to manage
>than DNS and for the most part is only used at the RIR level for
>reverse IP namespace.
This would probably be a good time to read up on RDAP.
R's,
John
___
Please visit https:/
>beginning of DNS. It allows address space to be "tagged" and
>organized in a manner that just makes sense.
We'll have to agree to violently disagree at this point.
R's,
John
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubsc
>Though, if you want to participate in the cargo cult of generic PTRs,
>you don't need the complexity of draft-woodworth-bulk-rr's regex-driven
>templates in your nameserver. Knot DNS's "minimal viable product"
>implementation is ~300 SLOC and uses a hardcoded template.
Having looked at the draft,
>A very popular option is to only create or delegate IPv6 PTR entries for
>hosts with static address assignments, and to return NXDOMAIN for
>address space used for dynamic address assignments.
I talk to a lot of large providers at M3AAWG and that's the consensus
about what to do. If it doesn't h
>> You would only be able to do this if you could put the CNAME record
>> in the parent domain, instead of delegating domain.com to your own
>> server. But do any domain registrars support that option?
>
>And would the registry (here, Verisign) accept it? As far as I know,
>no.
This smells a lot
Assuming you mean this (notice the dots):
Domain.com. CNAME x.y.com.
www CNAME x.y.com.
it should work. Some people believe that you can't have other records
at names below a name with a CNAME, but they are mistaken.
On the other hand, this will not work.
domain.com. CNAME x.y.com.
>If chained CNAMEs work for you, more power to you. But don't be
>surprised if they fail unexpectedly at some point.
If they don't, you'll have a lot of unhappy users since there's a
whole lot of the Internet they won't be able to see.
Try www.apple.com and www.microsoft.com, both of which ha
>My more specific question is this: If I'm a site on the internet looking for a
>server in my domain for the first time, I query the TLD
>servers for a list of name servers for my domain and pick one to query.
>Suppose I pick one that has the correct zone information and can
>answer the query, bu
>Am 30.12.2015 um 03:12 schrieb Luis Daniel Lucio Quiroz:
>> You could use dyndns for that, but it is not free.
>
>do the provide anycast?
Yes, of course. Dyn is one of the largest DNS providers in the world.
Their basic secondary service is $40/yr.
R's,
John
___
>IN NS ns1.mydomain.com.
>IN NS ns2.mydomain.com.
>IN NS ns1.d-zone.ca <== Addition
>IN NS ns2.d-zone.ca <== Addition
These questions would, as always, be easier to answer if you gave us
the a
>> I have just tried it again and I don't get the answers I expect? I see
>> the DNAME but the system does not seem to be following it.
DNAMEs provide aliases for names below the one at the DNAME, but not
for the name itself. That is, if you do this:
bar.example DNAME foo.example
you wi
In article you write:
>Are SPF RR types finally dead or not? I�ve read through rfc7208 it appears
>that they are:
They're dead as in nobody looks at them other than legacy software
that hasn't been updated. The SPF record was a screwup from beginning
to end. By the time 4408 came out, there wa
>DNSMadeEasy calls this an "ANAME" record, internally they just lookup
>the destination's IP and cache it, updating it as needed.
>
>It works, but it would be nice if this could be done in DNS. Sadly, it
>can't, and probably won't in our lifetimes.
I do a similar thing in my DNS crudware, a pseu
>>For addresses that aren't listed, some of the NXDOMAINs are a lot less
>>likely to change than others, e.g, the address of an outbound mail
>>server at a large mail provider is unlikely ever to be listed, but a
>>random host at a hosting provider in India, who knows. So he'd like
>>to have the T
A friend (really) asks this question: they have some DNSBLs, which get
a lot of queries. Sometimes the answer has A or TXT records, meaning
the corresponding address is listed in the DNSBL, sometimes it's
NXDOMAIN which means the address isn't.
For addresses that aren't listed, some of the NXDOMA
>I mean I have example.com hosted with Go Daddy while I need sub-domain
>ftp.example.com to be delegated to my internal BIND server.
>
>Does any one know how do I do it in Go Daddy?
The easiest approach in the long run is to move the DNS for the whole
domain to your own DNS servers. Large cheap h
>>>xyz.gov.in. DNAME xyz.in.
>On 01.01.14 18:16, John Levine wrote:
>>Except that DNAME only applies to names under xyz.gov.in, not to
>>xyz.gov.in itself.
>
>Usually because xyz.gov.in must already have SOA and NS records and
>therefore it's not possib
>the DNAME already recommended by Dave Warren is what you want:
>
>xyz.gov.in.DNAME xyz.in.
Except that DNAME only applies to names under xyz.gov.in, not to
xyz.gov.in itself. There are a variety of ways to deal with this
but in practice:
>another possibility is to include the same file to
>Please forgive my ignorance, and sorry about all the details. I have
>not been able to find a detailed specification.
TXT records haven't changed since RFC 1034 and 1035.
You can have multiple strings per record, and multiple records per
name. At the application level, some applications glom mu
>How, precisely, is the second (or third) string added?
plugh.example TXT "foo" "bar"
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.o
>I think what I was getting at was whether appending $ORIGIN to an
>unqualified target--only talking target, not label--was _required_ by the
>RFCs, and if so, the RFC/section. I'll read through 'em; was just hoping
>someone knew the answer off the top of their head.
RFC 1034, page 34.
R's,
John
>OK. I just want to be clear here, and make sure that I have properly
>understood what you have said. Would it be correct, then, to say that
>at the present moment you are not actually able to produce, cite, or
>describe, with any particularity or specificity, even one individual
>specific incide
>So, may I infer that rather than being put off until the end of the
>century, which seemed to be the previous implementation timeline,
>pervasive implementation of BCP 38 may now be expected at around the
>time that 32-bit UNIX clocks are anticipated to wrap-around to negative?
Perhaps, but I thi
>>The real solution is BCP 38...
>
>I agree completely John. I cannot do otherwise. But I have to ask the
>obvious elephant-in-the-room question... How is that comming along so far?
Based on discussions I've had with people who work at large networks
and in policy positions in various government
>The entire problem is fundamentally a result of the introduction of EDNS0.
>Wwouldn't you agree?
No, that just makes it a little easier. You pound the patoot out of
someone with 512 byte packets just as much as you can with 4K packets,
just by making your attacking botnet bigger.
The real solut
>> Any chance someone can correct the settings on this mailing list to
>> reply to the list by default instead of the user posting the message?
This is a religious argument. Please, leave it alone.
>And, If I might add, adding a tag to the subject like [bind-users] would
>be extremely nice.
It'
>It is or would have been, very little cost to publish SPF records.
Not until we fix the provisioning problem. (News flash: in 99.9% of
the Internet, people do not edit master files with vi.)
In the early days of SPF, it was remarkably hard to get TXT records
provisioned, even though TXT records
>I've not been keeping up with the IETF; is there a document that
>describes what looks like a de facto standard of using _pname labels
>with TXT RRs that is being followed by at least DMARC and DANE in
>*._tcp.example.com, *._smimecert.example.com, and _dmarc.example.com
No, but Dave Crocker is w
59 matches
Mail list logo
