.2 key external; };
also-notify { 10.0.0.2 key internal; };
allow-transfer { key external; };
allow-transfer { key internal; };
Mark
On 24 May 2023, at 08:13, Kaya Saman wrote:
Not sure if I did something wrong? Unfortunately the same thing has happened,
the internal zone file got transferred
keys; …};
The !all-keys is to prevent matching by IP for the listed keys.
Do similar for all views.
Then add keys to primary definitions and server clauses with keys at
the view level for notify.
I’m pretty sure there is a knowledge base article with full details.
--
Mark Andrews
On 24 May 202
On 5/23/23 20:18, Sten Carlsen wrote:
On 23 May 2023, at 19.46, Kaya Saman wrote:
On 5/23/23 18:07, Sten Carlsen wrote:
On 23 May 2023, at 19.00, Kaya Saman wrote:
On 5/23/23 12:47, Matus UHLAR - fantomas wrote:
On 23.05.23 12:22, Kaya Saman wrote:
I've got a very strange pr
On 5/23/23 18:07, Sten Carlsen wrote:
On 23 May 2023, at 19.00, Kaya Saman wrote:
On 5/23/23 12:47, Matus UHLAR - fantomas wrote:
On 23.05.23 12:22, Kaya Saman wrote:
I've got a very strange problem that has emerged somehow after migrating my isp.
My setup previously used 2x se
On 5/23/23 12:47, Matus UHLAR - fantomas wrote:
On 23.05.23 12:22, Kaya Saman wrote:
I've got a very strange problem that has emerged somehow after
migrating my isp.
My setup previously used 2x servers in master/slave configuration for
my public "view" and then had 3x
On 5/23/23 12:47, Matus UHLAR - fantomas wrote:
On 23.05.23 12:22, Kaya Saman wrote:
I've got a very strange problem that has emerged somehow after
migrating my isp.
My setup previously used 2x servers in master/slave configuration for
my public "view" and then had 3x
Hi,
I've got a very strange problem that has emerged somehow after migrating
my isp.
My setup previously used 2x servers in master/slave configuration for my
public "view" and then had 3x servers for the "internal" view. This was
working fine for years and I have been regularly testing usi
[...]
Erm, are you *sure* that you want to do this?
Really really sure?
It's probably a bad idea, but
Step 1: Make yourself authoritative for www2, www3 -- in named.conf:
zone "www2.example.com" {
type master;
file "/etc/namedb/www2.example.com";
};
zone "www3.example.com" {
Jason Fesler wrote:
On Jan 14, 2010, at 3:00 AM, Kaya Saman wrote:
Thanks Jason! Will this work as Bind will examine the packet and will
have a different IP in the sendto: part
If your firewall/NAT is forwarding a public address to your private internal
address, it will rewrite
Jason Fesler wrote:
On Jan 11, 2010, at 9:39 AM, Kaya Saman wrote:
Hi, since I got no responses for this question could I rephrase it to
asking if Bind will do a zone transfer over public internet if the
servers have private IP addresses and are behind NAT with static port
definitions
Kaya Saman wrote:
Hi all,
this is the first time I'm going to be playing around with a setup
like this so I'd like to get some advice:
I would like to run a master/slave configuration of Bind servers but
am confused about how to implement such a setup and the underlying
netw
Sorry, just to mention in addition that I currently run a master/slave
configuration for internal DNS queries within the NAT! Since the current
location of servers has only one static IP available I have only exposed
one of the servers to the web but in the new location I plan to get as
many IP
Hi all,
this is the first time I'm going to be playing around with a setup like
this so I'd like to get some advice:
I would like to run a master/slave configuration of Bind servers but am
confused about how to implement such a setup and the underlying network
fabric involved!!
First up, c
Ok I think I've figured this out as I did a little test to change the IP
within the remote authoritative DNS server to 172.16.1.100.
of course there is no machine at that IP address within my networks but
there was some address confusion as the DNS server had the same IP
address as the rad
Ok I will try to explain with a diagram as I'm pretty certain that still
no one gets what I'm on about:
+-+
+-
Hi Kevin,
first up thanks for the response!
Secondly the non-recursive query you asked for shows this:
% dig +norec rd1.optiplex-networks.com
; <<>> DiG 9.5.1-P2.1 <<>> +norec rd1.optiplex-networks.com
;; global options: printcmd
;; connection timed out; no servers could be reached
Sorry
Hi guys,
I hope this is possible to do and someone can help me doing it!
Basically I have an authoritative DNS server located at IP 81.178.2.118
running on Solaris 9 with 3 views; one for internal clients, one for my
current location (which has a static IP address as I'm running an
internet t
Major thanks Joseph
Added below:
// logging clause - who, what, where, why, when, how, how long?
logging {
channel querylog {
file "/var/log/named/query.log" versions 15 size 25m;
// severity debug;
severity info;
print-time yes;
print-category y
Joseph S D Yao wrote:
On Thu, Dec 03, 2009 at 12:59:51AM +0200, Kaya Saman wrote:
...
I just hope this doesn't take up many CPU cycles and memory as the debug
commands do in Cisco devices rendering them almost unusable in a fully
setup network environment.
...
I'
it should be attempting a transfer.
Frank Pikelner
On 2009-12-01, at 6:21 PM, "Kaya Saman" wrote:
Unfortunately the only place I can find anything to do with Bind
log-wise is in /var/adm/messages there is no specific /var/log/bind
or named log like in Linux with my system o
Many thanks for all the help first up :-) I really do appreciate it!
Am just wondering, I'm running BIND 9.6.0-P1 on Solaris 9 to achieve
this, so could this be a bug or something else yet not implemented into
Bind or perhaps somehow the way it was compiled as I'm using the
Blastwave version..
Acl's are "first match".
What you had devolves to
match-clients { any; };
Try.
match-clients { !192.168.0.0/22; !127.0.0.1; any; };
Adjust all the other acls
Ok so these are similar to Cisco IOS Acl's now I get it :-)
Unfortunately the reverse zone is still not transferr
David M. Dowdle wrote:
I suspect your secondary has the IP address of 192.168.1.101 ? your
match statement blocks it, as the FIRST match stops procssing, and the
first match is the !192.168.0.0/22, prohibiting queries. Move the
permit before the deny in this case. (the general case is put more
Hi,
now that I have my zones and reverse files sorted out I have managed to
come across a problem which seems I had before even beginning any of this!
Basically for some reason my reverse zone for the external view isn't
transferring to my slave server this is quite strange as all the
ot
birimgrup.com. IN A
192.168.1.170 www.birimgrup.com. IN A
192.168.1.170
___
ok this is really weird!
In the actual zone file they are stacked on top of each other
ional Services
Men & Mice
On Dec 1, 2009, at 9:35 AM, Kaya Saman wrote:
Chris if you're referring to this:
birimgrup.com. IN A 192.168.1.170
www.birimgrup.com. IN A 192.168.1.170
It didn't come out
name on the right hand side. Your PTR records will go in the reverse zone you
already have.
Chris Buxton
Professional Services
Men & Mice
On Dec 1, 2009, at 9:11 AM, Kaya Saman wrote:
___
bind-users mailing list
bind-users@lists.isc.org
h
Ok I think I have got somewhere but still a bit unsure of what's going on!!
dig birimgrup.com
; <<>> DiG 9.6.0-P1 <<>> birimgrup.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 567
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONA
Hi,
I'm wondering if it's possible in Bind like my domain providers DNS
servers to use a different domain as the name server ns record for
another domain??
Excuse the horrific explanation I will try to describe what I mean:
I am about to start hosting a domain called birimgrup.com in my netw
gmspro wrote:
I want to set-up dns server ,where to start from?
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Google is first place!!
http://www.google.com/search?hl=en&source=hp&q
Thanks Luc,
I think I understand now! The TLD for my domain has become .test
therefor the secondary level domain becomes sgd so inevitably the ns
must be ns-m.sgd.test then.
and zone should be called sgd then??
___
bind-users mailing list
bin
Luc I. Suryo wrote:
you have to become auth for the .test and then in that zone define the
subdomain's NS
make sense?
nb: old company we had .prv for internal use :)
-ls
Thanks Luc,
I think I understand now! The TLD for my domain has become .test
therefor the secondary level domain bec
Am I right in assuming this??
Otherwise, with my setup taking an example of google.com - I was trying
to use the .com with the .test where I actually wanted to use the .test
as the secondary level domain of google but not append a TLD to it.
I think this is against all DNS rules no??
No, that won't work. The names in the zone file are all under
"domain.com", but you're trying to load the zone as simply "domain",
which is not in the same naming hierarchy; in fact it's a completely
different TLD (top-level domain).
As well as setting the default $ORIGIN, the name of a zone
Kevin Darcy wrote:
If you're loading a zone as "sgd.test", then an owner name of
ns-m.test doesn't belong in it, and BIND is correct to reject it.
Either change that name to something under sgd.test, or set up a
separate zone for ns-m.test or anything above that in the hierarchy
(i.e. "test"
Hi,
I'm not sure if there is a syntax error or if I've missed to include
something but for some reason my forward zone files don't seem to be
working :-(
I pulled the skeleton of the files straight off my working Solaris 9
boxes which use Bind 9 from Blastwave! I checked and double checked t
Other means:
The BIND manual tells how to turn on bind's query log, which is
normally turned off for performance/resource reasons.
On a very lightly loaded DNS server, it can be left on, and on a
medium-loaded server, it may be practical to
turn it on for a short while to collect some usag
Kaya Saman wrote:
Frank Bulk wrote:
Perhaps the inverse would be more interesting: what's the lowest-spec
hardware that could host an OS that would run the latest version of
BIND. =)
Frank
Silly guess, but a cell phone running linux?? (with static IP could be
a mobile domain s
Frank Bulk wrote:
Perhaps the inverse would be more interesting: what's the lowest-spec
hardware that could host an OS that would run the latest version of BIND. =)
Frank
Silly guess, but a cell phone running linux?? (with static IP could be a
mobile domain server)
As stated previously I
Pedro Alvarez Espinoza wrote:
You need to consider three components for memory: OS + other services;
the zone files you load + cache you want.
Many thanks Pedro :-)
I think since I plan to run with Linux at first say 2-3GB memory should
be fine as I will use Zimbra and Apache with it too o
James Pratt wrote:
You should really improve your google skills. If you can't even figure
out where I'm *at* well you probably really should not be in the DNS
business at all.. :)
-Original Message-----
From: Kaya Saman [mailto:samank...@netscape.net]
Sent: Friday, Se
In private email, he told me he has 59 forward and reverse records in
the internal view, and 22 of each in the external view.
This is nothing. A 10-year-old Pentium should be able to handle this
without breaking a sweat.
Thanks Barry, as I did mention in the beginning it is a home lab
Since you haven't mentioned how many zones and records you're hosting,
how do you expect anyone to guess how much hardware you need?
Yes thank you for pointing that out! I do apologize as I mentioned I've
just finished my studies and am as of yet quite in-experienced yet with
certain th
Hi,
currently I have 2 Solaris 9 boxes in my home based data center running
as primary and secondary dns servers; they are Sun Netra T105's with
440MHz SPARC prcossors and 320MB of RAM.
http://www.optiplex-networks.com/lab/lab.html
Basically as I am going to be moving abroad since I have fin
[...]
Then. maybe you want to exchange Fedora with Red Hat's paid and
supported offering (RHEL ?). If that Server is mission critical
for you, the few bucks of yearly support contract shouldn't be
that much of a problem.
[...]
I have had many problems with Fedora 11 on a PPC as I run it for w
45 matches
Mail list logo
