We're running it on a few different Debian servers with a mix of BIND as
well as Apache and nginx (among others). Aside from this following
problem and solution, we've had no issues:
https://support.sophos.com/support/s/article/KB-34610?language=en_US
-Jon
On 2022-02-18 3:32 p
ing scenario for
more than just this DNS, you're bridging 2 networks with multiple
multi-homed machines. This is not recommended from a security perspective
and should use a gateway/FW to perform this work, routing between the
networks.
All the best.
Jon
On Thu, 30 May 2019, 02:14 Carl Byingt
N A 10.1.2.3
*IN CNAME .
end
Is this right? I guess the trick I'm trying to sort out is how to tell the
zone file to "recurse, if not explicitly 'something.xyz.com'." What else
am I leaving out?
- Jon
On 5/8/14, 10:05 PM, "Rich Goodson" wrote:
Œsomething.xyz.com¹.² What else
am I leaving out?
- Jon
On 5/8/14, 10:05 PM, "Rich Goodson" wrote:
>On your resolver, create a zone called
>something.xyz.com
>and only have one entry, an A record for the zone itself. something like
>this:---begin something.xyz.com zonefile---
>
I also use loopback regularly if running a localhost resolver; in fact I
use a script that goes as far as changing resolv.conf if it detects an
interface address instead of loopback. [Our rules require listening on
loopback minimally here]
If you do use it, I recommend you make sure you don't hav
Just spent a bit of time on missing a subtle rndc issue with Bind 9.9.1's
control block -- either I'm missing a better way to do this, or perhaps
bind should more appropriately issue a warning or fail to load instead of
silently accepted my bad control block.
I did RTFM, and until I'd spent a bunc
You may want to check your configuration on ns2 (ns4 looks to be
answering authoritatively). That ns2 server is listed as authoritative
but it doesn't look that way to me. The TTL keeps counting down so
your server is answering from cached data, not from a zone file. Make
sure ns2 knows it's author
;; ANSWER SECTION:
dns.epza.gov.tw.3600IN CNAME ns.epza.gov.tw.
ns.epza.gov.tw. 3600IN A 163.29.43.1
There's the problem. CNAME and NS records don't mix. Returns a
SERVFAIL. Configuration error on their side.
On Mon, Aug 8, 2011 at 3:15 PM, Mark K. Petti
Those aren't glue records for a .com zone. Those glue records are for
mydots.net, the NS' just so happen to be residing in the .com zone. The name
servers don't have to be in the same zones as the actual domain name. On a
side note, the gtld's cover .com as well.
On Fri, Jul 1, 2011 at 2:31 PM, PA
Ah. Good point. My bad.
On Thu, Jun 30, 2011 at 8:42 PM, Mark Andrews wrote:
>
> In message , "Jon F."
> write
> s:
> > You know I was thinking and I guess the original poster could actually do
> > the zone mimicking by just adding the .us zone statement to na
any
domain pointing to that file. I haven't tried that but it should work in
theory I suppose. Certainly easier than playing with DNAME's. I haven't
heard of a BNAME though, news to me.
On Thu, Jun 30, 2011 at 7:58 PM, Mark Andrews wrote:
>
> In message , "Jon F.&
Sounds great. I keep checking every now and then. It'll be nice to finally
get a cert recognizing competency in BIND (or really DNS in general). I'm
sure there will be notice through the mailing list once it's available.
Thanks.
On Thu, Jun 30, 2011 at 4:45 PM, Sue Graves wrote:
I have a similar set up to that and it works. Have you checked the logs to
make sure the zone properly loaded? I'm assuming the zone data you posted
below is from the example.us zone but your first question makes it sound
like you put it in a seperate zone. That would explain the SERVFAIL if the
zo
So anyone know if a certification is still in the works to be released this
summer? And if it will be BIND, DHCP, AFTR, all of them...? I'd love to see
a BIND cert specifically.
http://www.isc.org/services/certification
--
Jon F.
___
Please
14 matches
Mail list logo
