>From a networking perspective though (in a multi-homed environment)... this
>really should be handled by using IGRP and AS numbers. In a situation where
>the link is bouncing, there may be sporadic packets getting though the link.
>IE the DNS gets back 1.1.1.1 but on the next packet its down ag
changing over and that's the issue?
Thanks,
> Date: Mon, 28 Oct 2013 21:47:42 +0100
> From: uh...@fantomas.sk
> To: bind-users@lists.isc.org
> Subject: Re: Reverse look-up returns root servers?
>
> On 28.10.13 16:07, Shawn Bakhtiar wrote:
> >When I look-up t
background:
last month we enabled the feature on sendmail to do a reverse look-up of the
name and verify the IP address before accepting an email for delivery
FEATURE(`require_rdns')dnl. I know this breaks the RFC but given all the spam
this actually helps weed out a few.
Received a call from p
Never the less, it seems dangerous to have allow-recusion {any; }; Why not at
least have a proper ACL that is limited to the internal IP segments? Surly you
know the internal IP ranges used? No?
But more to the original post. If your using a windows machine have you made
sure to clear your cach
Do you run your name servers from behind a firewall, or is your firewall
(iptables) turned on?
We run our name servers from behind a firewall, my network computers give the
same problem when I run dig +trace www.fransiplus.com
The only place I can run the dig +trace www.fransiplus.com without
hhhmmm
I have not run multiple binds on the same box, but according to the man pages
for named.conf (assuming you have a different configuration file for each
instance) setup each to report to a different logging facility ie:
in named.conf:
logging {
channel default_syslog {
sys
Seriously!
I would love to go, but I can't afford that, plain and simple. The DNSSEC stuff
is 2K +
> Date: Fri, 26 Apr 2013 14:57:40 -0300
> From: carlosm3...@gmail.com
> To: rohan.he...@cwjamaica.com
> Subject: Re: ISC Courses
> CC: bind-users@lists.isc.org
>
> That's stiff...
>
> On 4/26/
Given the that you will eventually stop using ns1 and ns2 You should probably
set up mynewns1 as the master with mynewns2 as a slave of mynewns1.
Date: Fri, 15 Mar 2013 01:05:50 +0530
Subject: Re: How to minimize the downtime in my case
From: manish...@gmail.com
To: lath...@gmail.com
CC: bind-u
A better solution may be (if feasible) to register and get an internet AS
number and enable BGP on both links. If one fails the upstream routers (even if
from desperate providers) will detect a fail and re-rout via the active link.
http://en.wikipedia.org/wiki/Border_Gateway_Protocol
This is
I missed what distro your using...
Here is a possible answer as to why if your running fedora core
http://lists.fedoraproject.org/pipermail/users/2006-February/274721.html
>From the man pages:
http://man7.org/linux/man-pages/man5/nsswitch.conf.5.html
NOTES Within each process that uses
ject: Re: Registrar that supports self-run domains and provides DNSSEC
> support
> Date: Fri, 22 Feb 2013 15:51:49 +
>
> -----Original Message-
>
> From: Shawn Bakhtiar
> Date: Friday, February 22, 2013 12:06 AM
> To: "bind-users@lists.isc.org"
&
1) The issues with GoDaddy are FAR more then a few disgruntled customers...
2) We don't buy or maintain street addresses from a for profit company, why
should domain name be any different? Domain name registration should be a free
government/ ma'bell function.
> Date: Tue, 19 Feb 2013 19:02
Running bind rooted on FC 16 using the standard package.
The ca file is located in /var/named/chroot/var/named/named.ca
The hints are not built in.
[shawn@www ~]$ strings /usr/sbin/named | grep A.ROOT-SERVERS.NET
returns nothing.
Centos is RedHat EL (free version) which is a stable version of
I did not know about RPZ Here is a good configuration example:
http://jpmens.net/2011/04/26/how-to-configure-your-bind-resolvers-to-lie-using-response-policy-zones-rpz/
IMHO (and I am really nobody) THIS IS WRONG! BAD BAD BAD! Your giving companies
the ability to selective lie about DNS without
I just did it using iChat with my gmail account and connected to room
bin...@conference.jabber.isc.org
Very cool :)
> Date: Mon, 21 Jan 2013 16:17:40 +0100
> From: bortzme...@nic.fr
> To: georg.kah...@internet.ee
> Subject: Re: jabber.isc.org
> CC: bind-users@lists.isc.org
>
> On Mon, Jan 2
Did you turn OFF SELinux?
prompt>setenforce 0
Then run the test,
> From: dan.lut...@level3.com
> To: bind-us...@isc.org
> Subject: Compiling and testing on Fedora
> Date: Wed, 20 Jun 2012 23:33:08 +
>
> Hi all,
>
> I've had a major problem with using Fedora Core (10 through 15), whe
"We came to the conclusion that no matter how much we wanted it to not be true,
people find a way to do NXDOMAIN if they want to. The issue is not ours to
push, it's between the ISP and the customer ultimately, and people will do it
-- and more intrusively -- than BIND 9.9 will."
That is just
t ... query (cache) './NS/IN' denied:
> From: short...@gmail.com
> To: shashan...@hotmail.com
> CC: bind-users@lists.isc.org
>
> On Fri, Aug 19, 2011 at 3:24 AM, Shawn Bakhtiar
> wrote:
> >
> > Hi all,
> >
> > For the first time my primary name
Hi all,
For the first time my primary name server is not reporting any more
client XXX.XXX.XXX.XXX query (cache) './NS/IN' denied: 1 Time(s)
I use authfail on it to insert any IP attempting to ssh in, and failing more
than three times.
I checked the current blocked IP address from the NS1
HHmmm
Maybe I'm not understanding this, we have two domains. inksystems.com and
inksystemsinc.com They both point to the same IP address using A records, and
point to the same MX records as well.
The web server, does not, but can destingwish based on the domain name
(Apache), and for em
Downloaded and complied Bind 9.8.x on an FC8 box. copied it over to the web
server and ran install. I did have to copy the named* executable from
/user/local/sbin to /user/sbin for the init script in FC8 to use the correct
one.
However, when I run the init script I get the following error:
Hi all.. Help! :S
Both of my external DNS servers which are authoritative for inksystemsinc.com &
inksystems.com, are also the same one I use for VPN users when they are logged
in. Recursion requests are only allowed from a specific IP ranges, which
include the internals and some private
22 matches
Mail list logo
