On Sat, 10 Nov 2018 at 15:00, József Lázár wrote:
> I'm wondering what the selection logic in bind for forwarders. I tried to
> look for this information in the official documentation but couldn't find it.
> Could you please describe it for me briefly?
SRTT (smoothed round trip time), same mech
On 28 May 2018 at 19:32, André Rodier via bind-users
wrote:
> But if I search for A or CNAME records, I have nothing, excepted "main"
> and "backup" A records:
>
>> root@homebox ~# dig homebox.space @127.0.0.1 any +multi +cmd
You haven't queried for any of the other records... the 'any' dig
reque
On 20 April 2018 at 08:57, Blason R wrote:
> Now instead putting IP address in front of every domain can we have variable
> or any other method to be used? like
>
> abc.test.com. A 192.168.1.10
> malicious.com CNAME abc.test.com.
> bad.com CNAME abc.test.com.
> malware.co.in abc.test.com
Ye
On 14 July 2017 at 01:52, sami's strat wrote:
> However, the zone is missing the DS record, completely. That being said,
> what is the offset, or result? I don't see an AD flag when querying the
> zone. Other then that, are there any other ramifications?
Without the DS record in the parent the
On 9 July 2017 at 06:14, MAYER Hans wrote:
> Many thanks for your answer.
> Isn’t there a flag or option to say handle all sub-zones like normal A or
> CNAME records too ?
Not that I'm aware of. You might want to look at DNS Views to present
different responses instead of overriding with a subzo
On 6 July 2017 at 12:29, MAYER Hans wrote:
> For me this looks like a bug. Why is the answer for a normal query different
> than the answer from a zone transfer ?
> Or do I miss a special flag for this setup ?
> I am using BIND 9.11.1 but I had the same issue with older
> versions too.
A zone
On 26 April 2017 at 08:23, Nico CARTRON wrote:
> BIND logs refers to the IP address 172.16.10.16, can you tell us what is this
> IP?
> It appears that this is this IP address which is trying to transfer the zone,
> and as you are restricting zone transfers to the slave IP address
> (172.16.11.35),
On 26 April 2017 at 06:53, Dr. Lars Hanke wrote:
> allow-transfer { 172.16.11.35; };
This IP ^^^
> transfer of '178.168.192.in-addr.arpa/IN' from 172.16.10.16#53: failed while
> receiving responses: REFUSED
Is not the same as the IP the AXFR request is coming from? ^^^
_
On 25 January 2017 at 10:59, Tony Finch wrote:
> It's the address in memory of the data structure representing the client.
> It is mentioned in the CHANGES file (#4471) and in the release notes - see
> https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=c4b7db49326be650fa95a7ede6e
On 20 October 2015 at 10:41, Phil Mayers wrote:
> On 20/10/15 07:26, Harshith Mulky wrote:
>>
>> Hi All,
>>
>> How can a Client verify if the DNS Server is Running(named service is
>> Running) or Down?
>
>
> By the presence or absence of a reply to a query.
That doesn't always verify if the serve
On 14 August 2015 at 03:14, Mark Andrews wrote:
> You just use multiple fields if there isn't space. The field are
> concatenated together with no space to produce the full SPF entry.
>
> e.g. "ab" "cd" -> "abcd"
How does BIND know which order to send the TXT records in so that they
can
On 8 April 2015 at 22:56, Reindl Harald wrote:
> looks like you did not open port 53 on the servers firewall
You're missing a whole swaythe of required declarations for BIND to be
able to handle recursion.
There are numerous examples via google, first one that is returned
is...
https://www.digi
> [root@new-dns1 etc]# cat named.conf
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "db.127.0.0";
> };
You're missing the "directory" directive, BIND doesn't know where your
files are.
Above the zone statement add:
directory "/var/named";
__
On 5 April 2015 at 09:32, Stephen Eyre wrote:
> My server is called server1.sportshost.co.uk and its ip address is
> 84.92.56.54.
>
> Going on to whatsmydns.net I find that sportshost.co.uk returns suitable
> entries under the NS and SOA section. There are nothing but red crosses
> under A records
On 1 April 2015 at 20:53, Barry S. Finkel wrote:
> It would be a good idea to also have the other Active Directory
> "underscore" zones:
>
> __sites.
> _tcp.
> _udp.
>
> on your slave server.
>From what I've seen in the field, in most AD installations those
aren't actual subdomains
On 18 March 2015 at 13:30, Konstantin Stefanov wrote:
> It isn't. But maintaining one file is easier. And having to maintain two
> after five years everything worked fine with one is annoying.
This highlights the need for a test environment, don't apply untested
updates to production systems, it'
On 18 March 2015 at 07:23, Heamnath J wrote:
> Hi their i need an new ideas for securing the bind dns server for centos 6.6
Securing which part? the CentOS system or the BIND DNS name server
software/configuration?
Have you read... Secure Domain Name System (DNS) Deployment Guide from
NIST? http
On 9 March 2015 at 06:25, Dowon Kim wrote:
> Hello,
>
> In BIND8, I can find statistics every hour in the log file (see here below)
> It was the default for BIND8
> But in BIND9 I do not find same statistics in the log file.
> I know statistics-channels usage in named.conf or rndc stats with dump
On 8 March 2015 at 13:50, Barry S. Finkel wrote:
> Using "+trace" with "@8.8.8.8" ignores the "@8.8.8.8", as
> that server is never queried when the query starts at the root
> and moves down the DNS tree to authorized servers.
Incorrect, specifying @8.8.8.8 means that dig +trace will use 8.8.8.8
On 6 March 2015 at 21:43, Arthur Ramsey wrote:
> I can't figure out why these two hosts resolve great.truchart.com
> differently when querying the authoritative server.
DNS views have been implmented on your DNS server.
> [root@dc01 ~]# dig +trace great.truchart.com @74.113.249.135
> great.truc
On 25 December 2014 at 14:50, Mohammed Ejaz wrote:
> I wanted tell you one more thing when I reassign my old
> IP which is 212.119.64.12 then everything works fine (I mean interal
> autherative domain and external yahoo etc )without any problem
Check your firewall? is the new IP allowed to ta
On 25 December 2014 at 08:05, Mohammed Ejaz wrote:
> logging {
>
> channel querylog{
>
> file "/var/log/querylog";
> severity debug 10;
> print-category yes;
> print-time yes;
> print-severi
Ah so this is to do with recursion.
Check the settings on the 212.119.64.228 server to ensure that
recursion is turned on and allowed for the clients that need to be
able to resolve domains that the server is not authoritative for.
You'll also have to make sure that 212.119.64.228 has unrestricted
On 24 December 2014 at 13:42, Mohammed Ejaz wrote:
> Any clue would be highly appreciated. thanks in advance.
What's the name of the zone so we can test from here?
Did you update the parent zone to tell it the nameserver IP for your
zone has changed?
If you explicitely try to query to the new
DIG is used to test/troubleshoot DNS queries. BIND logging is used to
troubleshoot the BIND server itself. Which are you trying to debug?
Also be mindful that BIND will cache any DNS entries it retrieves for
the defined TTLs, so if you dig a second time chances are it's not
going to go to the Inte
On 30 November 2014 at 11:04, Kaouthar Chetioui
wrote:
> I want to know the exact path that follows bind to resolve a DNS query
Please reply to the list not direct.
The option you are looking for is +trace and needs to be invoked on
the server/system that will be resolving the query for the clie
On 30 November 2014 at 01:22, Kaouthar Chetioui
wrote:
> I want to do full debug for BIND
>
> I use this command: dig www.example.ma -d
What's the problem you are having?
What are you expecting to see when you perform a debug?
What is the real name you are trying to diagnose?
Steve
___
On 15 September 2014 13:29, Lightner, Jeff wrote:
> I've begun seeing this recently in nslookup on Windows workstations as well.
> It appears it is appending search domains even when I've specified an FQDN.
> That is I have two search domains such as ex1.com and ex2.net and I typed
> short
On 15 September 2014 02:56, Pieter De Wit wrote:
> Is there any way we can reduce the memory footprint/optimize this any more ?
> Look ups are really fast and not a problem, just reload time and memory
> used.
Look into using an RPZ instead of individual zone blacklists. Single
zone file will loa
On 8 June 2014 22:16, Hans-Cees Speel wrote:
> Somehow it doesn't work, so they probably use a trick.
> But I can't find the dns servers. Any help is apreciated.
No trick, query for the SOA, then query for the NS of the domain
returned in the SOA...
sjcarr@elmo:~ $ dig www.ing-beveiligingsoftwa
On 8 May 2014 08:43, Mohammed Ejaz wrote:
> Thank you so much for your immediate answer, I wanted know how did you check
> as 212.93.192.4 configured only on UDP?
The server isn't responding to TCP...
sjcarr@elmo:~ $ dig @212.93.192.4 www.apple.com
; <<>> DiG 9.10.0 <<>> @212.93.192.4 www.apple
On 4 May 2014 02:15, houguanghua wrote:
> These zones are not owned by ISP, such as: yahoo.com, facebook.com...
> If such backup dns server is ready, ISP will talk to these WEB sites to keep
> synchronization with their authority NSs.
> It's maybe a huge project.
It's an impossible project. Exact
On 29 April 2014 07:06, houguanghua wrote:
> hi kevin,
>
> Stealth slaves can't be used as backup NS server. This backup server can't
> be accessed by all internet users.
> It can only be accessed by users from one ISP. It's used when all authority
> NSs are down, especially in case of DDoS atta
On 14 April 2014 18:53, Felix Rubio Dalmau wrote:
> it is not actually a pure caching server (at least I didn't wanted it
> to be :S). I have server at home, and the DNS is properly configured at the
> internet. The problem is that my router is not capable to redirect my
> requests to m
On 14 April 2014 17:02, Felix Rubio Dalmau wrote:
> Maybe this is my problem: I have not created any zone file :s. The only files
> I've created/modified are:
> I thought that when requesting fields that are not available in the local dns
> server, such requests would be forwarded to the forward
On 14 April 2014 15:59, Felix Rubio Dalmau wrote:
> What files, exactly? Named.conf.local and named.conf.options is enough?
Yep, and the zone files that you have created that contain the TXT
records you want to query for.
Steve
___
Please visit https:/
On 14 April 2014 14:21, Felix Rubio Dalmau wrote:
> yes, it is the server I've set up in my local LAN. How can I set it
> to have these TXT records?
Post your current config and zone files (use pastebin if they are
larger than a few lines).
Then copy/paste the full host command and it's
On 9 April 2014 13:09, Mike Meredith wrote:
> What I did in testing (and not very much at that) was to define the
> zones twice with different file names. Seemed to work fine ... at least
> the zone files and the journal files were created for both file names.
BIND will allow you to configure it
On 9 April 2014 10:05, Sotiris Tsimbonis wrote:
> But when the zone is dynamic, this file "sharing" cannot be done between
> views.
>
> Updates only match one zone, and are kept in memory (or .jnl).
> So how would we make this work in dynamic zones?
> Maybe we should have one view axfr from the ot
On 9 April 2014 08:37, Mike Meredith wrote:
> Am I missing something obvious? Such as it should work, but I've
> somehow messed up? Or perhaps there's some option I've missed? Or am I
> out of luck?
That's not how views work. When you match a view then that's it, you
don't continue to check other
On 27 March 2014 12:31, BONNET, Frank wrote:
> Since I upgraded to 9.8.7 on my two DNS the automated zones transfert from
> master to slave
> does not occurs automatically , I haven't change configuration files,
> serials are well incremented
> by a script that works for years
>
> BIND is install
On 19 February 2014 09:51, houguanghua wrote:
> But if the specified name server is enabled only when normal dns query
> process is down. How to configure the local DNS server? The detailed
> scenario is descibed in below figure:
I'm not sure if that is possible, you either forward or you allow
On 17 February 2014 01:17, houguanghua wrote:
> I want to override the IP address of NS, for I want to use other authority
> DNS which isn't registered.
For that you use forwarding. Create a zone statement for the zone in
question and forward the queries to a different name server. You don't
need
On 14 February 2014 13:52, houguanghua wrote:
> Who can tell me how to do?Thanks.
You can't and shouldn't need to edit the cache. All you can do is clear it.
If you want to change the response back to the client then look into
RPZ, however by doing so you may break DNSSEC validation and end up
n
On 10 February 2014 11:20, Lucio Crusca wrote:
> Ok, so what should I do now? I want the NS records to point to
> ns0|1.virtual-bit.com. Should I change anything in my zone file or should I
> open a new ticket at my domain provider?
Contact the domain provider and ask them to either update the re
On 10 February 2014 11:10, Lucio Crusca wrote:
> How did you find that NS servers are ns1.customer.seflow.it and
> ns2.customer.seflow.it? They should be ns0.virtual-bit.com and
> ns1.virtual-bit.com (see zone file) and here dig says exactly that:
Trace it from the root, your glue records aren't
On 10 February 2014 09:01, Lucio Crusca wrote:
> Sorry, I thought I might be making some obvious mistake so that you wouldn't
> need the actual zone to spot it.
>
> ;
> ; BIND data file for softwareliberopinerolo.org
> ;
That zone file must be out of date. The record being returned now is
an A re
On 22 January 2014 05:29, LuKreme wrote:
> OK, so in order to lock down your server agains DDOS DNS attacks you need to
> restrict the access to the recursive lookup, yes? But if you set 'recursion
> no;' then your own servers will not lookup IP addresses for, for example, you
> mail server to
On 21 January 2014 13:41, Ayca Taskin (Garanti Teknoloji) <
ayc...@garanti.com.tr> wrote:
> We’re using Bind DNS server with version BIND 9.9.2 as a secondary
> (slave) dns server. We saw there is a lot of files starting with “db-“
> under /var/named directory and updating continuously. does an
On 21 January 2014 09:03, LuKreme wrote:
> If you set recursion no; in named.conf, you need to set the forwarders as
> well. Is there anything else that must be done so that DNS queries still work?
Forwarding will not work if you don't have recursion enabled. With
recursion disabled you are a pu
On 4 January 2014 15:13, babu dheen wrote:
> Since i am not well familiar with BIND, i am expecting help
> from BIND forum.
First of all please do not expect help, this mailing list is a
community, not guaranteed support, we will help if we can. If you need
dedicated help then ISC (and any number
On 2 January 2014 10:47, babu dheen wrote:
> Kindly help me on my requirement.
What exactly are you wanting to do? There is lots of information on
the Internet already about implementing RPZ (Google is your friend)
and configuration examples in the BIND9.9 ARM (chapter 6.2.16.20).
If you can sh
On 20 December 2013 18:37, David Forrest wrote:
> gandi.net +1
>
> I transferred from NS to Gandhi in December 1998. I don't know about their
> hosting of primary DNS but they do host a secondary of mine and it seems to
> resolve there with an aa flag:
Yep, secondary works, but they can't be a DN
On 20 December 2013 18:10, pgndev wrote:
> Gandi.net
> Great support, including DNSSEC:
Gandi only support DNSSEC if you host the DNS elsewhere, their DNS
servers do not support DNSSEC.
Steve
___
Please visit https://lists.isc.org/mailman/listinfo/bind
On 20 December 2013 14:18, houguanghua wrote:
> This topic was disscused in 2009. But I don't know the final decision.
> Please refer following site:
> http://t4605.network-dns-bind9-dlz.dnstalk.us/missing-additional-section-t4605.html
Looks like it is potentially a "bug" if you want to call it t
On 19 December 2013 00:48, houguanghua wrote:
> If DLG isn't enabled (bind9+view + zone file , no DB is used), the
> additional section is right. Maybe it's a bug of Bind DLG.
What is DLG?
> What I wanted is as follows :
> $ dig @10.3.103.177 www.ctyun.cn
> ; <<>> DiG 9.6-ESV-R10-P1 <<>> @10.3.
On 18 December 2013 15:19, houguanghua wrote:
>
> When I do a DIG, ‘additional section’ isn’t in the response. My bind
> environment is: bind 9.8.6P1 + mysql (OS: Centos).
>
> Is there any way to enable the Additional Section? Thanks.
>
What are you expecting to see in the additional section?
Yo
On 29 November 2013 10:27, rams wrote:
> Hi I have configured my bind as forwader but when I query it is not
> forwarding and looking into local only.
What are you trying to achieve, what are you forwarding? why are you forwarding?
>recursion yes;
> zone "com." {
> type forward;
On 21 November 2013 02:55, Davis, Donald W wrote:
> A correction. There is only a single IP address for this server.
You can either put an A record in each zone pointing to the IP address
of the server "red" or you can put an A record in the primary zone
which the server is a member of and a CNAM
On 6 November 2013 11:19, Dave Warren wrote:
> Perhaps you can point out where on that page RPZ is mentioned?
The Spamhaus news article announcing the "beta" RPZ service
(http://www.spamhaus.org/news/article/669/) indicates that the
Spamhaus DBL is being repurposed as an RPZ data feed. There is n
Start with chapter 11.4 "The DNS Security Extensions" in DNS & BIND
http://www.amazon.com/DNS-BIND-5th-Edition-Cricket/dp/0596100574
Steve
On 6 November 2013 08:54, babu dheen wrote:
> Dear All,
>
> I would like to understand DNSSEC on BIND Recusive DNS server running in
> RHEL 5.0. Can you ple
This is all explained clearly on their website...
http://www.spamhaus.org/organization/dnsblusage/
On 6 November 2013 08:52, babu dheen wrote:
> Dear All,
>
> I would like to integrate BIND DNS with Spamhaus Malware DB feed. But i
> need clarity whether Spamhaus offers this feed for free or
>
You're seriously over-complicating the admin for yourselves by
creating dummy zones. Look at RPZ as this will achieve what you want
in a much simpler and easier to manage way.
Steve
On 28 October 2013 13:10, wrote:
> Hi all ,
>
> I installed a new bind caching server called nameserver.hiddendo
On 20 October 2013 02:34, brett smith wrote:
> When all the Windows PC's are switched to our resolver, bind stops responding.
> rndc querylog shows queries coming thru, I changed tcp-clients from
> 1000 to 1 but DNS seems lagging, so we switched back to the
> original Windows Domain resolver.
On 15 October 2013 15:53, babu dheen wrote:
> If I change the TTL value on the particular zone after modifying a record
> in Redhat Linux BIND Caching DNS server, My Redhat bind Caching DNS server
> cache would be refreshed after 300 seconds but what if my backend windows
> DNS server is still r
Can you be more specific as to what exactly you want to know? What
specific dig commands are you using? Do you actually know how DNSSEC
works? Have you read chapter 11.4 in "DNS and BIND" (ISBN:0596100574)?
A quick Google query brought back quite a few resources on using dig
with DNSSEC https://www
On 8 October 2013 23:27, Alan Clegg wrote:
> Except for using your servers to find the root servers to begin with.
I stand corrected, I thought it might have done something clever for
the first hop and had the root hints compiled in.
Steve
___
Please v
+trace ALWAYS goes to the root servers. It will bypass your DNS server
completely.
Steve
On 8 October 2013 22:37, Con Wieland wrote:
>
> On Oct 8, 2013, at 2:13 PM, Mark Andrews wrote:
>
>>
>> In message <93fdc4db-8835-482d-8b7d-7b58d09d5...@uci.edu>, Con Wieland
>> writes:
>>> I am still tryi
So a "dig 10.IN-ADDR-ARPA" hasn't queried the root at all, if it had
you would have a response with an SOA of prisoner.iana.org and you
wouldn't have got an NXDOMAIN.
sjcarr@elmo:~ $ dig 10.in-addr.arpa
; <<>> DiG 9.8.5-P1 <<>> 10.in-addr.arpa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<
f.default-zones
> // prime the server with knowledge of the root servers
> zone "." {
> type hint;
> file "/etc/bind/db.root";
> };
>
> // be authoritative for the localhost forward and reverse zones, and for
> // broadcast zones as per RFC 1
Please post your full named.conf config file (you can obfuscate any
sensitive information).
Steve
On 3 October 2013 18:53, Paweł Ch. wrote:
> Hi list
>
> I have problem with views in bind9 on debian 6. I configured server like
> here https://wiki.debian.org/Bind9 and it works. When i add entry:
As others have already commented, it could mean either, there isn't enough
information provided to try to identify where the fault lies.
Are these systems accessible from the Internet? if so then please provide
the correct names so we can also run tests from our locations to see if we
get the same
On 17 September 2013 02:54, Dan McDaniel wrote:
> My question is shouldn't our nameservers try another fedora NS in order
> to resolve the name? If not what good is it for fedora to have multiple
> nameservers? Or am I misunderstanding how this should work?
So this would really depend on the resp
On 10 September 2013 16:58, Nicholas F Miller
wrote:
> The only thing between us and the world are Junos FWs. The behavior happens
> if you dig a hosted zone on the master DNS server as well.
Is there any configuration on the DNS server which is reducing the TTL
unnecessarily? (e.g. max-cache-tt
On 8 September 2013 12:06, Carol Overes wrote:
> Apologies if my approach was not clear, after Steve's mail. But I tested
> by using dig without the +trace option. I have tested the following from
> an IP, which is accepted via the trusted ACL:
>
> dig @10.10.10.1 www.domain2.com A
> dig @10.10.10
Using +trace will give you the exact response you are seeing. +trace
uses the values returned by the parent for the next part of the query
(it will bypass your internal DNS server and go straight to the
Internet root and work down the hierarchy, so any forwarding rules in
BIND are ignored).
You wi
On 5 September 2013 07:50, Bal Krishna Adhikari
wrote:
> As BIND server periodically query root servers to check it's availability to
> Internet.
> When Internet is down, I can't fetch the domains of my local exchange too.
> We got one of the root servers in local exchange but I don't know if it's
On 29 August 2013 19:22, Stephane Bortzmeyer wrote:
> I'm not sure of what the RFC say about that...
While RFC 1035 doesn't seem to explicitely say that multiple are
forbidden, or how to handle the case of multiple records, it does
state under section 5.2. (Use of master files to define zones):
I think the short answer is don't use the host command, always use dig.
Not sure how to find the version of host (none of the usual -V -v -h flags
seem to work with it) but on my system (OS X 10.8) host returns refused for
the same query...
sjcarr@elmo:~ $ host www.undernet.org. ns1.ausics.net
Us
The only public developer list that I'm aware of is for the upcoming
rewrite of BIND, BIND 10...
https://lists.isc.org/mailman/listinfo/bind10-dev
Steve
On 28 August 2013 19:07, Nidal Shater wrote:
>
>
>
> From: ngiw2...@hotmail.com
> To: bind-users@lists.isc.or
This was answered in the other thread, you need to create your own
config file when installing from source.
Steve
On 27 August 2013 17:02, Nidal Shater wrote:
> hi
> when I install BIND,,,BIND won't install the /etc/named.conf file why ??? I
> think bind has problems with centos6.3
>
> could an
On 22 August 2013 05:39, Manish Rane wrote:
> So, DNS will monitor the host on port 80 and as soon as it detects that
> either of the host/link is down it would remove the associated entry and
> re-populate the entries
>
> Is any one aware of such solution readily available? I believe I already
>
On 13 August 2013 08:20, Sury Bu wrote:
> When I use host -a support.ourfirst.org 192.168.122.92, the result contains
> following:
>
> ;; AUTHORITY SECTION:
> support.ourfirst.org.86400INNSns.ourfirst.org.
>
> ;; ADDITIONAL SECTION:
> ns.ourfirst.org.86400INA192.168
On 10 August 2013 18:26, Eduardo Bonsi wrote:
> Why should we be subjected to the ISP for reverse when we already have a
> static ip and are paying for the internet account, that by the way it is not
> cheap or catered to small business?
Simple answer... the ISP is the owner of the IP address spa
On 10 August 2013 01:44, Eduardo Bonsi wrote:
> I would like to know why we are treat like a dog on a leash when the
> question is to reverse our DNS ip address to a FQDN of our choices since our
> account is already assigned to us by our ISP?
I would guess that for the most part ISPs provide a p
On 1 August 2013 18:58, Lawrence K. Chen, P.Eng. wrote:
> Did I miss something... what does ICMP ping have anything to do with bind?
Yes, you missed the actual question. The use of the word 'ping' is a
misnomer, what he really meant to say that from a host on the internet
he is receiving an inter
On 1 August 2013 00:59, IT Support wrote:
> Thanks in advance.
Where is your view/zone configuration? (possibly in one of the
included files) you will need to post that configuration as well.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-
On 30 July 2013 23:19, Brandon Whaley wrote:
> That's certainly disconcerting (and diverges from the behavior we continue
> to see with BIND 9.3). Is there any reason these updates would work
> without issue immediately after a restart but stop working at some point
> later? As you can see in t
On 30 July 2013 22:52, Brandon Whaley wrote:
> Once every few minutes the reload occurs on the master, which sends the
> notify to our slave servers, who should check serials on all the masters
> and transfer from the latest.
>
I think this is your problem. From what I understand BIND does not d
On 30 July 2013 21:38, Brandon Whaley wrote:
> zone "example.com" {
> type slave;
> file "/var/named/slaves/example.com.db";
> masters { 10.0.1.1; 10.0.2.1; 10.0.3.1; 10.0.4.1; 10.0.5.1; };
> };
>
So given what I mentioned before I would envisage BIND contacting 10.0.1.1
On 30 July 2013 20:31, Brandon Whaley wrote:
> Sorry for the bump here, but through extensive troubleshooting I've
> identified a trend in this. It appears that zones hosted on the
> lower-numbered masters are still updating without issue. This leads me to
> believe that something is causing BI
On 30 July 2013 00:08, Christoph Anton Mitterer wrote:
> > You can also configure logrotate to work with the inactive log files
> > created by BIND's own logging facility. That is, let BIND write and
> > rotate log files, but then process them with logrotate afterward.
> Yeah... I thought about th
It looks like those clients are trying to query your DNS server for
www.minghui.org.s210.ip4.verteiltesysteme.net and are being denied.
Steve
On 22 July 2013 13:21, Grace Ingabire wrote:
> Dear Team,
>
> ** **
>
> Does anyone know what is going on here? As I can’t understand why we do
> re
On 21 July 2013 14:24, Teerapatr Kittiratanachai wrote:
> As I had resolve the IP address, the "212.71.32.19" which has configured
> is point to "ns1.nesma.net.sa".
> That seem that the DNS Server will listen only on itself, i think that the
> configuration file also came from the `ns1` too. I'm n
On 21 July 2013 13:42, Teerapatr Kittiratanachai wrote:
> In my opinion your 'listen-on' options should be changed from
> "212.71.32.19" to "any".
>
Actually I would disagree with that. There may be a very good reason that
BIND is configured to listen on a specific IP address, the server may be
m
So the logs would seem to indicate that the server responded to your PC, the
only way you can see exactly what happened with that response is with traffic
captures on the name server and your PC.
Steve
On 21 Jul 2013, at 12:52, "Ejaz" wrote:
I can resolve yahoo and here the snippet of lo
172800 IN NS ns2.alfransi.com.sa.
>
> ;; Received 87 bytes from 192.5.6.30#53(192.5.6.30) in 202 ms
>
>
>
> ** **
>
> *From My pc. Where I can’t resolve.*
>
> ** **
>
> > fransiplus.com.sa
>
> Server: ns1.nesm
oops, typo...
dig www.fransiplus.com
dig +trace www.fransiplus.com
On 21 July 2013 11:09, Steven Carr wrote:
> Can you post full output of the following dig commands ran on one of your
> nameservers:
>
> dig www.franisplus.com
> dig +trace www.franisplus.com
>
> Steve
&g
Can you post full output of the following dig commands ran on one of your
nameservers:
dig www.franisplus.com
dig +trace www.franisplus.com
Steve
On 21 July 2013 10:55, Ejaz wrote:
> ** ** **
>
> Hello, All,
>
> ** **
>
> This lately we have been receiving complain from our customer th
On 12 July 2013 18:44, Jiann-Ming Su wrote:
> How does the named process determine when to use one forwarder or both
> forwarders? I'm sniffing the traffic and on some queries, it goes for the
> first one. On other queries, it goes for both. Thanks for any
> clarification.
>
BIND will query b
1 - 100 of 133 matches
Mail list logo
