On Apr 20, 2020, at 18:11, Mark Andrews wrote:
>
> Really all machines should be updating their own address records in the
> DNS. Have each machine create a KEY record with its name. Install the
> KEY record in the DNS. Use SIG(0) signed UPDATE requests to update the
> address records.
This w
On Apr 2, 2019, at 03:03, Anand Buddhdev wrote:
> 1. The simple one is to configure BIND with the "--disable-linux-caps"
> option. The notes say that this comes at the cost of some security, but
> it's not clear what the risks are.
I think it is just the cost of the added security caps provides.
On Sep 26, 2018, at 07:52, Jukka Pakkanen wrote:
> Still Symantec "enterprise support technician" claims the problem is on our
> DNS servers, and as a "proof" send the chapter 4.1.1 of the RFC1035, where it
> is stated that "code 2 = server failure", and this should prove that our
> servers are
On Sep 8, 2018, at 10:21, Mark Elkins wrote:
> Have you DNSSEC Signed your Domain - that is "covisp.net" because I
> don't see any DS records for it in the "net" zone.
I think I have everything set now and am hopping the two errors I have about
validation are a matter of waiting for hover to pro
I have a domain that I host for a friend that he is not able to access
suddenly. We thought it was SSL related, but after gettting more information
his work computers are not getting an IP address (he can access it from home).
I checked quadnines, openDNS, and google dns. The first two responde
Is it possible to tell bind to ignore very short TTLs and enforce a...say... 5
second minimum TTL?
--
This is my signature. There are many like it, but this one is mine.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
On Feb 2, 2015, at 4:02 AM, Tony Finch wrote:
> wu shuangrong wrote:
>>
>> I'd like to configure BIND in such way that when it failed to get result for
>> the first time, it'll query for the second time.
>
> Try adjusting resolver-query-timeout.
That will not help if the FIRST connection is hi
I know FreeBSD requires you to install bind if you need it as of version 10,
but what i can’t find is if the packages bind910 and bind-tools overlap
completely or not. That is, do I install bind-tools if bind is installed?
Also, just quickly, is there a consensus on running 9.10 over 9.9?
--
L
> On 21 Oct 2014, at 22:46 , Jim Young wrote:
>
> On 10/22/14 12:08 AM, "LuKreme" wrote:
>
>>> On 21 Oct 2014, at 19:20 , Dave Knight wrote:
>>>
>>> $ dig +noall +answer dave.knig.ht in a | egrep 'IN\tA\t' | cut -f6
>>> 21
> On 21 Oct 2014, at 19:20 , Dave Knight wrote:
>
> $ dig +noall +answer dave.knig.ht in a | egrep 'IN\tA\t' | cut -f6
> 216.235.14.46
Interesting. This works for me:
dig +noall +answer home.kreme.com in a | egrep '\tA' | cut -f5
but on your example, it requires -f6
And yet, the outputs appe
On 28 Sep 2014, at 08:37 , LuKreme wrote:
> This is all very interesting. To be honest, I first figured out how to
> generate named.con and the domain failed
Sigh.
named.conf and the domain files. I swear, my typos and OS X autocorrect do
*not* get along.
--
K is for KATE who was str
> On 27 Sep 2014, at 15:46 , Doug Barton wrote:
>
> On 9/25/14 4:49 PM, LuKreme wrote:
>
>> Wait a second, so the zone name comes from the named.conf?
>
> Not quite. When named loads the zone file it does it in the context of
> the zone stanza from named.conf. If
On 10 Sep 2014, at 04:55 , /dev/rob0 wrote:
> "@" refers to the current $ORIGIN. When a zone file is initially
> loaded, $ORIGIN is implicitly set to the name of the zone. But you
> changed that, it's now the root! So "@" here means ".", and no, a
> zone file with "@" is not the same as a zo
On 09 Sep 2014, at 19:42 , LuKreme wrote:
> # named-checkconf -z | grep -v loaded
Never mind. I recreated the files from scratch and the errors went away.
--
I DID NOT SEE ELVIS Bart chalkboard Ep. 7G07
___
Please visit https://lists.isc.
# named-checkconf -z | grep -v loaded
master/bt.tld:3: ignoring out-of-zone data (bt.tld)
master/bt.tld:15: ignoring out-of-zone data (webdav.bt.tld)
_default/dw.tld/IN: bad zone
master/bt.tld:16: ignoring out-of-zone data (www.bt.tld)
zone dw.tld/IN: has 0 SOA records
zone dw.tld/IN: has no NS rec
On 08 Mar 2014, at 12:52 , Kostas Zorbadelos wrote:
> One mitigation approach is to blackhole the domains using local zones.
That’s not much of a mitigation. Not having open resolvers would be mitigation.
--
Eyes the shady night has shut/Cannot see the record cut And silence
sounds no worse t
On 22 Jan 2014, at 01:43 , Steven Carr wrote:
> A better option (and better overall design) would be
> to split your DNS servers, leave the current DNS servers as
> authoritative only and install a second set of DNS servers as a
> caching layer allowing recursion and do not have any direct inbou
On 22 Jan 2014, at 05:37 , Larry Stone wrote:
>
> On Jan 21, 2014, at 11:38 PM, LuKreme wrote:
>
>>
>> On 18 Jan 2014, at 06:52 , Larry Stone wrote:
>>
>>> That is not the problem.
>>
>> In the launchd plist do you have something like
On 18 Jan 2014, at 06:52 , Larry Stone wrote:
> That is not the problem.
In the launchd plist do you have something like
NetworkState
or maybe
inetdCompatibility
Wait
to tell the system not to start bind until after the network is up?
--
IT IS NOT YET MIDNIGHT? 'I shouldn'
On 21 Jan 2014, at 02:12 , Mark Andrews wrote:
>> If you have master/slave servers you should specify allow-recursion for your
>> subnet instead, right? I'd you do this, you don't need to set forwarders,
>> yes?
>
> Allow-recursion has no impact on master / slave zones.
OK, so in order to lo
If you set recursion no; in named.conf, you need to set the forwarders as well.
Is there anything else that must be done so that DNS queries still work?
If you have master/slave servers you should specify allow-recursion for your
subnet instead, right? I'd you do this, you don't need to set forw
On 14 Jan 2014, at 09:02 , David Forrest wrote:
> On Tue, 14 Jan 2014, LuKreme wrote:
>
>>
>> On 13 Jan 2014, at 20:36 , Mark Andrews wrote:
>>
>>>
>>> In message <8919443e-8f62-48cd-8da4-9c9632fc5...@kreme.com>, LuKreme writes:
>>&g
On 13 Jan 2014, at 20:36 , Mark Andrews wrote:
>
> In message <8919443e-8f62-48cd-8da4-9c9632fc5...@kreme.com>, LuKreme writes:
>> OK, I am getting this error "dumping master file: tmp-xxx: open:
>> permission denied", occasionally, on both my slave DNS ser
OK, I am getting this error "dumping master file: tmp-xxx: open: permission
denied", occasionally, on both my slave DNS servers and I can't seem to fix it.
The dns slave files are being written into /var/named/etc/namedb/slave which is
owned by bind
8 drwxr-xr-x 2 bind wheel 1024 Jan 13 19:4
On 03 Sep 2013, at 08:17 , Mark Andrews wrote:
> named-checkconf -z
Nifty. I was alerted to a couple of SPF issues.
--
You could save people. You could get there in the nick of time. And
something could snap its fingers and say, no , it has to be that way.
Let me tell you how it has to be. Th
On 20 Aug 2013, at 14:38 , Alan Clegg wrote:
> To convert master to slave:
[snip]
> Bazinga!
OK. Not Bazinga.
$ grep covisp named.conf
zone "covisp.net" { type slave; file "slave/covisp.net"; masters {
75.148.117.92; }; };
$ rndc status
version: 9.9.3-P2
CPUs found: 2
worker threads: 2
UDP li
On 18 Aug 2013, at 19:20 , Noel Butler wrote:
> As has been said already, there is really very little to it, and unless you
> sent it to Alan off-list, you still have _NOT_ provided the error logs
> after being asked by more than one person.
Thanks, I thought I was clear.
I am *not* gettin
On 18 Aug 2013, at 14:06 , Dave Warren wrote:
> Change the zones from master to slave in your named.conf? There really isn't
> much more to it than that, assuming you have a new authoritative master is
> already configured and serving the zones.
Oh, there's a bit more to it than that. There's
On 17 Aug 2013, at 09:02 , Alan Clegg wrote:
> On Aug 17, 2013, at 5:12 AM, LuKreme wrote:
>> On Aug 16, 2013, at 23:28, Noel Butler wrote:
>>> I'm still trying to work out what the hell bind99 is
>> <:).png>
>> Sorry, that is how ports refers to bind
On 18 Aug 2013, at 08:59 , Matus UHLAR - fantomas wrote:
> no answers come from your namesevrers, 75.148.117.92 nor 75.148.117.93.
>
> no servers can resolve yopur domain if your nameservers do not respond.
>
> they do not seem to be reachable from internet. Are they behind firewall
> that block
If I try to check my dns from inside my LAN (on either ns1 or ns2), everything
seems fine:
# dig webmail.covisp.net | grep -A1 ";; ANSWER" | tail -1
webmail.covisp.net. 86400 IN CNAME www.covisp.net.
# dig www.covisp.net | grep -A1 ";; ANSWER" | tail -1
www.covisp.net. 86400
On Aug 16, 2013, at 23:28, Noel Butler wrote:
> I'm still trying to work out what the hell bind99 is <>
Sorry, that is how ports refers to bind 9.9
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-
I've been running bind 9 on my FreeBSD servers for awhile. After putting a new
machine in place I installed bind99 via ports on the new machine (the master)
and updated bind to bind99 on the secondary DNS (the slave).
However, I could not get the slave to do anything other than post errors and
33 matches
Mail list logo
