Re: I need to find statistics on a running server.

I’ve turned on query logging, then grepped for the count of lines logged in a particular second. Worked well enough for the job at the time. J De: bind-users em nome de "King, Harold Clyde (Hal) via bind-users" Responder A: "King, Harold Clyde (Hal)" Data: quinta-feira, 12 de jane

Re: How can I tell if a quiry is answered or denied

*** You can turn on answer logging: rndc answerlog Apologies- I believe the above is likely specific to EIP DNS builds. J -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid s

Re: How can I tell if a quiry is answered or denied

From: bind-users on behalf of King, Harold Clyde (Hal) via bind-users Date: Wednesday, April 20, 2022 at 3:29 PM To: bind-users Subject: How can I tell if a quiry is answered or denied I'm trying to find bad actors stretching out my load on my main DNS server I can't tell from the query log if

Re: Forwarding zone, setup

Add Delegating NS records: ab.somedomain.local 3600 NS server1.ab.somedomain.local . . . And glue records server1.ab.somedomain.local 3600 A 10.0.0.1 . . And see if it works. It’s got something to do with the way the record is matched (or not) before the forward statement is hit. J > On Fe

Re: Problem building BIND 9.11.23 on SPARC Solaris 10 w/ isc_atomic_xadd

That works -- Thanks! -- Jeff Wieland, UNIX Systems Administrator Purdue University IT Infrastructure Services UNIX Platforms Mark Andrews wrote: Download the commit at https://gitlab.isc.org/isc-projects/bind9/-/commit/90185b225f4c7acde2fbb04697d857fe496725a2 and apply it. On 17 Sep 2020

Problem building BIND 9.11.23 on SPARC Solaris 10 w/ isc_atomic_xadd

this same problem with BIND 9.11.14, which was fixed with a patch. -- Jeff Wieland, UNIX Systems Administrator Purdue University IT Infrastructure Services UNIX Platforms ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from t

Re: 9.16 on older platforms

r packages. I haven't had the time to get it all working yet. -- Jeff Wieland, UNIX/Network Systems Administrator Purdue University IT Infrastructure Services UNIX Platforms ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to un

Re: Patches to fix isc_atomic_xadd problem (Solaris, HP-UX and other rare CPU architectures)

mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Thanks! The 1864.patch seems to work fine with Solaris 10 and Solaris Studio 12.2. It doesn't appear to need 1826.patch. -- Jeff Wieland, UNIX/Network Systems Administrator Purdue University IT Infrastru

Re: BIND 9.11.6-P1 build fails on Solaris

-- Jeff Wieland, UNIX/Network Systems Administrator Purdue University IT Infrastructure Services UNIX Platforms Jaco Lesch via bind-users wrote: On 4/26/19 18:13, Wieland, Jeffrey J. wrote: Jaco Lesch via bind-users wrote: Both BIND 9.11.5-P4 and 9.11.6 build fine with the following

Re: BIND 9.11.6 and 9.11.6-P1 build fails on Solaris

/isc/.libs/libisc.so: attempted multiple inclusion of file Undefined   first referenced  symbol in file isc_atomic_xadd .libs/client.o ld: fatal: symbol referencing errors. No output written to .libs/named -- Jeff Wieland, UNIX

BIND 9.11.6 and 9.11.6-P1 build fails on Solaris

tiple inclusion of file Undefined   first referenced  symbol in file isc_atomic_xadd .libs/client.o ld: fatal: symbol referencing errors. No output written to .libs/named -- Jeff Wieland, UNIX/Network Systems Administrator P

Re: Re: DNAME usage?

;re into > using curl/wget to forms to their web gui. And tracking their > "improvements". > > Grief like that is why I ended up running my own DNS master server...and > getting static IP addresses for my central site. > > I guess I should point out that the

Re: DNAME usage?

perform a second dynamic update on a the different name. >> >> -- >> Mark Andrews >> >>> On 18 Nov 2017, at 04:19, Jeff Sadowski wrote: >>> >>> I am a bit confused by DNAME's >>> I had used them before but I may have used them wrong. >>

DNAME usage?

I am a bit confused by DNAME's I had used them before but I may have used them wrong. On windows 2008r2 I have some zone's where I create a DNAME for the root and point it to an A record. IE: zone bla.bla SOA NS DNAME www.bla.com where www.bla.com is an A record. the reason I was doing this

Re: Multiple AD domains

> of apex NS records to the zone). Beyond a certain threshold, you’d want to > set up a multi-level slaving/NOTIFY hierarchy on the BIND side… > > > > > - Kevin > > > > > > > > > > *-

Re: Multiple AD domains

68.2.1 and 192.168.3.1 in options notify yes; also-notify { 192.168.1.1; }; allow-transfer { 192.168.1.1; }; On Wed, Jul 27, 2016 at 1:20 PM, Jeff Sadowski wrote: > I'm going to try slaves like so > > If I setup slave zones like so on 192.168.1.1 > > zone "domainA"

Re: Multiple AD domains

68.2.1 and 192.168.3.1 in options notify yes; also-notify { 192.168.1.252; }; allow-transfer { 192.168.1.252; }; On Wed, Jul 27, 2016 at 1:11 PM, wrote: > > From: Jeff Sadowski > > > On the samba mailing list they described setting up the DC as the NS > > and forward

Re: Multiple AD domains

should I setup 192.168.1.1 as slaves to these two domains would that fix it? On Wed, Jul 27, 2016 at 12:56 PM, Jeff Sadowski wrote: > On the samba mailing list they described setting up the DC as the NS and > forward to another machine for more rules. > This will work fine for one do

Multiple AD domains

On the samba mailing list they described setting up the DC as the NS and forward to another machine for more rules. This will work fine for one domain. Now lets say I have 2 domains. If I setup forwarders like so on 192.168.1.1 zone "domainA" IN { type forward; forward only; forwarders { 192.168.

RE: Regarding compiling BIND 9.10.3-p4 on a SystemD Distro

The RedHat/CentOS version starts with an upstream version from ISC. At the time they first get it they optimize to fit within the other packages they’ve setup on the specific major release (e.g. RHEL5 had BIND 9.3.6, RHEL7 has BIND 9.9.4). After that they put their own extended versioning o

RE: Regarding compiling BIND 9.10.3-p4 on a SystemD Distro

s here. -Original Message- From: Tony Finch [mailto:fa...@hermes.cam.ac.uk] On Behalf Of Tony Finch Sent: Wednesday, March 23, 2016 9:52 AM To: Lightner, Jeff Cc: bind-users@lists.isc.org Subject: RE: Regarding compiling BIND 9.10.3-p4 on a SystemD Distro Lightner, Jeff wrote: > > Wit

RE: Regarding compiling BIND 9.10.3-p4 on a SystemD Distro

Since there are BIND packages (9.9.4) for RHEL7/CentOS7 available from default repositories you could download those packages and extract the systemd files from them and examine what they've done. With systemd the methodology isn't that BIND notifies other things that it is up. It is that othe

RE: about NS server authorize

As others said this isn't really a BIND issue. EPP key is what some Registrars call the authorization code for domain registration transfers. Did you recently attempt to transfer this zone from one Registrar to another? Did you get confirmation that the transfer (not just the request for t

RE: PCS, Corosync, Pacemaker, and Bind

You might want to try "ip a" vs ifconfig. RHEL7 uses Network Manager and in the past I've found some things don't show up in ifconfig output when doing alias/virtual interfaces. Usually even when other products (e.g. Oracle RAC/GRID) create virtual interfaces they still show up as valid int

RE: Bind9 on VMWare

We chose to do BIND on physical for our externally authoritative servers. We use Windows DNS for internal. One thing you should do if you're doing virtual is be sure you don't have your guests running on the same node of a cluster. If that node fails your DNS is going down. Ideally if

RE: Cloud DNS providers for secondary DNS

The OP mentioned notifying Registrars. He'll also need to notify whoever his ISP is if he has arpa zones for reverse lookups and they are delegating to his name servers. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of J

RE: Why two lookups for a CNAME?

Because the purpose of DNS primarily is to equate a name with an IP as applications talk to IPs not to names. When you have a CNAME you’re equating one name with another name. That other name then has to be looked up so the application knows what IP access. This saves time if you have multi

RE: init script

Which Linux or UNIX distribution and version are you using? As Omer suggests most of them include a bind package with prebuilt init scripts - you can download the BIND package then extract the init scripts from it. (deb is for Debian derived Linux distros, rpm for Redhat derived distros - mig

RE: Multiple A and PTR and the "main" ones?

Actually some mail servers DO check not only that a PTR exists but also that it is not "generic". Every once in a while we get someone complaining because one of the big sites (Ebay?) refuses to accept their email due the "generic" (as defined by that site's policies) nature of our PTR. We

RE: DNS format error

http://www.vip.icann.org/DS? The http:// and /DS wouldn't be part of DNS name itself so you can't dig for that. You'd have to point a browser (or command line tool like wget or curl) to get that web page. The vip IS part of the DNS name. Did you try "dig www.vip.icann.org"? It works for m

RE: How to properly update chroot-bind

Since the OP says he's not in Production yet I'd strongly advise moving on to CentOS 7 for multiple reasons. I has a new base version of BIND and also has a 3.x kernel. However, there is a learning curve because it also uses systemd rather than Sys V init. The way bind-chroot runs is signifi

RE: stumped on sub domain addition

Services of America, Inc. 2300 Windy Ridge Pkwy Suite 600 N Atlanta, GA  30339-8461   P: 678-486-3516 C: 678-772-0018 F: 678-460-3603 E: jlight...@dsservices.com -Original Message- From: lists - euca [mailto:li...@euca.us] Sent: Thursday, July 23, 2015 2:23 PM To: Lightner, Jeff Cc: Bin

RE: stumped on sub domain addition

Did you change the sequence/serial in the SOA and reload the zone? Doing dig tests for euca.us I get it’s “A” record and for www.euca.us I get is CNAME. That suggests you didn’t setup onqsolutions record properly. Looking at your www CNAME in your zone file might let you k

Re: Variable in name of file for named.conf

On Thu, Apr 2, 2015 at 11:09 AM, Jeff Sadowski wrote: > On Wed, Apr 1, 2015 at 8:09 PM, Barry Margolin wrote: >> In article , >> Jeff Sadowski wrote: >> >>> I have a number of slave domains that I would like a naming scheme and >>> not have to go to each

Re: Variable in name of file for named.conf

On Wed, Apr 1, 2015 at 8:09 PM, Barry Margolin wrote: > In article , > Jeff Sadowski wrote: > >> I have a number of slave domains that I would like a naming scheme and >> not have to go to each and change the filename. >> >> I have the following zones &

RE: com.google how did they do that

Not all the new TLDs are company specific. Some are more generic but useful to certain industries. There are 2 or 3 TLDs that I assume will appear sooner or later and I really wish I had the capital to make them as I know as soon as they are available many companies will use them so they'd be

Variable in name of file for named.conf

I have a number of slave domains that I would like a naming scheme and not have to go to each and change the filename. I have the following zones zone "1.168.192.in-addr.arpa" { include "named.slave"; }; zone "2.168.192.in-addr.arpa" { include "named.slave"; }; zone "3.168.192.in-

Recall: subdomain with domain

Lightner, Jeff would like to recall the message, "subdomain with domain". CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distri

RE: subdomain with domain

C: 678-772-0018 F: 678-460-3603 E: jlight...@dsservices.com -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Graham Clinch Sent: Wednesday, April 01, 2015 11:56 AM To: Jeff Sadowski; bind-users@lists.isc.org Subject: Re: subd

subdomain with domain

The other day I found that my secondary name servers running bind where not dishing out _msdcs. SRV records This was causing join issues. It turned out that the Domain controller had 2 different scopes one for _msdcs. and one for so I shared the second _msdcs. scope with all my bind secondary

RE: Single slave zone definition for two view (cache file name problem)

It isn't really that hard to maintain two separate zone files for each domain. We've been doing it for years. It isn't really clear why you're using views if all your zone files are the same as you seem to imply. Here we do views specifically because for some domains the zone files DO need

RE: Single slave zone definition for two view (cache file name problem)

4.x would be quite ancient. Where are you getting those version numbers? You should be using 9.x these days so I suspect the BIND version isn't what you think it is.Is it possible the version you're reporting is you OS rather than your BIND? What is reported when you run "named -v"? An

Fwd: Different answer when querying @server from different clients

P.S. I think that is an outdated method. It should break DNSSEC. Views from bind would probably be a better way. On Fri, Mar 6, 2015 at 3:52 PM, Arthur Ramsey wrote: > I had to disable DNS ALG on Juniper SRX series firewall. > > Thanks for the help, > Arthur > > > On 03/0

RE: Config large tuning and out of memory

CentOS 5.x does have a 64 bit version. 5.2 is quite old - they're up to 5.10 or 5.11 these days. I don't think you can just change from 32 bit to 64 bit - I think it requires a reinstall from the 64 bit installation media. If you have do a reinstall you're better off going to at least Cen

RE: Request to provide procedure for bind upgrade

Good point. Fedora isn't really a good choice for Production systems - it is bleeding edge with short life cycle (usually new version is out 6 months later and they only support the most recent 2.) Fedora is used as a test bed for what ends up in RHEL later. RHEL has much longer life cycle b

RE: Request to provide procedure for bind upgrade

The package is “bind” not “named”. The daemon is called “named”. You can type “rpm –qf $(which named)” to determine which package installed that daemon. (Likely it was bind.) Also if you’re running the chroot’ed version you’d want the package “bind-chroot”. I’d suggest you run “rpm –qa |

RE: Getting Error || unable to convert errno to isc_result

a. s. Křižíkova 36a/237 186 00 Praha 3, Česká Republika Tel.:+420.226204627 daniel.rysl...@dialtelecom.cz --- www.dialtelecom.cz Dial Telecom, a.s. Jednoduše se připojte --- On 02/11/2015 10:32 PM, Lightner, Jef

RE: Getting Error || unable to convert errno to isc_result

On RHEL the kernel doesn't change within the main release (RHEL6) in this case will always be 2.6.32-xx and RHEL does the support including back porting bug and security fixes into their extended release (which isn't the same as the base kernel). They do the same thing for the BIND release

RE: SRV records etc

SRV definitely still required for some applications. Some cloud based application providers have you add them to verify you own the domain to which they're tying their services so you don't use them to hijack other people's domains. -Original Message- From: bind-users-boun...@lists.is

Re: Filter dns update requests?

On Thu, Jan 29, 2015 at 10:02 AM, Tony Finch wrote: > Jeff Sadowski wrote: > >> Is there a way to setup bind to use an external filtering script to >> filter out requests? > > Have you read the ARM's section on dynamic update policies? The built-in > facilities

Filter dns update requests?

Is there a way to setup bind to use an external filtering script to filter out requests? example1: Say I have a cisco dhcp server and some windows clients and some other clients. Further lets say I have two domains on my dhcp scope. WinCli1 is on ad.abc.org WinCli2 is on ad.xyz.org Printer1 gets

RE: Change in behaviour regarding ndots and searchlist

hlist * Barry Margolin [2014-09-15 15:18]: > In article , > Steven Carr wrote: > > > On 15 September 2014 13:29, Lightner, Jeff wrote: > > > I've begun seeing this recently in nslookup on Windows workstations as > > > well.It appears it is appending sea

RE: Change in behaviour regarding ndots and searchlist

I've begun seeing this recently in nslookup on Windows workstations as well. It appears it is appending search domains even when I've specified an FQDN. That is I have two search domains such as ex1.com and ex2.net and I typed short name "ralph" for nslookup or host it would give me "ralph.

RE: Value of memory

Also remember that "used" reported by "free" in Linux on the first line includes memory pre-allocated to cache and buffers that is readily usable on demand so isn't really allocated to specific processes like you'd see in a similarly configured UNIX system. Be sure when trying to determine "us

RE: Does bind read /etc/hosts?

The confusion can come in because some UNIX variants (notably HP-UX) nslookup was modified to honor /etc/nsswitch.conf so it DOES check /etc/hosts if "files" precedes "dns". However, in most things (e.g. Linux, Solaris) nslookup (and the newer host command) do not look at /etc/hosts regardless

RE: whois expiration limit?

, February 19, 2014 4:17 PM To: bind-users@lists.isc.org Subject: Re: whois expiration limit? On 2014-02-19 20:44, Lightner, Jeff wrote: Hi, I know this is the BIND list but I’m thinking folks who deal with DNS probably may be able to answer this question about whois. We recently transferred and

whois expiration limit?

Hi, I know this is the BIND list but I’m thinking folks who deal with DNS probably may be able to answer this question about whois. We recently transferred and renewed a domain by 2 years which pushed its expiration to 01/25/2025. The order confirmation shows that expiration and looking at t

RE: Same internal and external zone

There is nothing that precludes you from having the same zone on different DNS servers. You make each "authoritative" so that any look up that hits that DNS server gets that server's records. You can then have separate entries for some items and the same for others. We do that here with at

RE: Adding DS records

FYI: web.com recently bought NetSol and at least one other Registrar that escapes me at the moment. It might be worthwhile to see if any of their companies do this as you might have an easier time transferring and avoid some of the common games Registrars play to prevent it. I heartily recom

dns not resolving

A192.168.1.50 server2INA192.168.1.51 wwwINA192.168.1.51 This seems simple enough. I'm running dig from the primary DNS server itself and I'm thinking I should be able to get an answer for jeffdiss.org. Can someone point me in the right direction? Jeff ___

RE: Performance Tuning RHEL 5 and Bind

Any reason you're using RHEL5 as opposed to RHEL6 if you're building new servers? RHEL5 is very long in the tooth and will go EOL sooner than RHEL6. Since you're using a BIND package not shipped with RHEL5 there's no reason on that account not to move up to RHEL6. -Original Message-

RE: Install DNS Server

Any reason why you’re using CentOS 5.7 given that 6.4 (and maybe later) is available? if this is a new system you really ought to think about use the 6.x stuff. 5.x is long in the tooth even though still supported it has many older upstream packages of things including BIND. CentOS does put

Re: Looking for info about BIND support for International Domain Names

You'll need libidn and libiconv. IDN code is in the bind-9.x tarball in contrib/idn/idnkit-1.0-src You need to include the --with-idn=yes and --with-iconv=yes options. I recall having had to configure and build idn first, and then build bind including the options in each. Jeff R. On Tue,

Re: ISC Security Advisory: CVE-2013-2266 (Adam Tkac)

Dear Adam, In order to minimize exploitation, we are trying to not spell out the specific nature of the flaw publicly. I will respond to you directly with a more detailed explanation. Regards, Jeff Wright ___ Please visit https://lists.isc.org/mailman

RE: SOA issue

Also make sure you’ve incremented the serial number in the zone file by at least 1. From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Chris Buxton Sent: Wednesday, February 13, 2013 12:58 PM To: Paul A Cc: b

RE: chroot/etc/named/ directory?

Haven't done it on RHEL/CentOS 6.x yet but in RHEL5 with the bind-chroot installed I've always had: /var/named/chroot as the jail for BIND. /var/named/chroot/etc = Location of global config files such as named.conf /var/named/chroot/var/named = Location of the zone files. I don't see a /var/named

Re: injecting a temp entry into dns cache

Interesting. Intentionally "poison" your own cache so your users aren't inconvenienced by anothers misconfiguration. Not sure how you go about doing that on box. Perhaps bigger brains on this list can say. I have had occasion to forge answers locally as an immediate fix for name resolution issues

Re: open-source tool for filter out stats from dns logs

tions/183977/what-commercial-and-open-source-competitors-are-there-to-splunk. Regards, Jeff ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.is

RE: How can I migrate my Domain from ISP hosted to my own BIND server?

To expand on that. The steps Manish wrote are what you do internally. What Sten is writing is external – your domains are “registered” somewhere and the “Registrar” points to the appropriate DNS servers – you’ll need to insure that it is pointing to your internal DNS servers. You can find out

RE: restart named; missing TCP socket

Why use rndc to stop then the init script to start? Is there no /etc/rc.d/rc.named restart? On RHEL5 the init script has a restart option so it will stop then start. If a socket is open then it could take a finite amount of time for it to close making it unavailable on the restart if you ha

Re: Linux issue with make test failures, 9.9.2-P1

o the parallel compile (-j2), the tests worked. But I did not see any failures from a parallel compile either. Weird. Jeff Earickson Colby College On Thu, Dec 6, 2012 at 10:40 AM, Evan Hunt wrote: > Jeff Earickson wrote: >> The "make test" stuff is failing miserably for me on L

Linux issue with make test failures, 9.9.2-P1

6 PASS I: 3 SKIPPED The same "make test" worked perfectly on Solaris SPARC. I ran bin/tests/systems/ifconfig.sh up as root, then ran "make test" (tried both as me and as root) -- failure. This happened on both a vmware virtual server and a physical server. Any

RE: Performance tuning

For question 1: “Loading” is a function of the web site not DNS. Your first question could have to do what the default site is in your web configuration and what kind of rewrite rules are getting you to the other. If it were me I’d probably do some timed “host” or “dig” commands for the two re

RE: issues with BIND since a change of server

Have you checked the host level firewall (e.g. iptables)? -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of John Miller Sent: Thursday, October 04, 2012 12:01 PM To: bind-users@list

RE: Moving BIND from Solaris to Linux

sc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Barry S. Finkel Sent: Tuesday, October 02, 2012 10:47 PM To: bind-users@lists.isc.org Subject: RE: Moving BIND from Solaris to Linux On 10/2/2012 4:26 AM, "Lightner, Jeff" wrote: > The reason I did the f

RE: Moving BIND from Solaris to Linux

The reason I did the full discussion is that many shops are moving from proprietary UNIX (Solaris, AIX, HP-UX) or Windows to Linux solutions.If they are moving much infrastructure but just starting with BIND then he needs to consider what I wrote. Also I don't really agree that Ubuntu is th

RE: Moving BIND from Solaris to Linux

We use RHEL mainly because that's our distro of choice for most of our applications. It is the most popular "commercial" distro is the one most 3rd party commercial applications (e.g. Oracle) support. (Of course SLES has a lot of support as well but not quite a much - others will tell you Ubu

Re: openldap, dlz and dynamic dns updates from isc-dhcpd

dity of DNS updates coming from the DHCP server. Am I on the right track? When I wrote 'encryption' this is what I was referring to. Thanks, Jeff ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

openldap, dlz and dynamic dns updates from isc-dhcpd

ncryption be used to dynamically update BIND's DLZs, just as it can if zone files are used? Thanks, Jeff ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org http

Dig from workstation to answer?

I know that dig +trace can be used to see the path of name resolution starting from root server down to final answer. What I’m wondering is if there is some set of options that would go from workstation to final answer? That is to say only go to the root server if that is where the DNS topolo

RE: Zone Transfer issue on BIND9

You're putting the allow transfer on each zone? I don't think that's your issue but it seems odd to me. Here we do it at the view level. Also it appears you're using the same IP for at least two of your views - for view transfers to work properly here we setup virtual IPs on the DNS servers

RE: What can cause excessive amount of _dns-sd queries?

Maybe blocking access by that IP will force the customer's tech folks to contact you? -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of wbr...@e1b.org Sent: Thursday, August 23, 20

RE: 2 dns records for same server

That is to say don't put the external servers in /etc/resolv.conf on your clients - only put the internal one there. (Or the Windows equivalent setup should only see your internal DNS server.) I would correct the prior post not to say "EVER" but rather "not directly". Often in an internal/ex

Re: Version statement...

rsion statement only affects specific outputs. So it depends on how it's queried. That doesn't seem clear in the documentation unless I missed it...thus my confusion. Jeff On Aug 18, 2012, at 6:10 PM, Jeremy C. Reed wrote: > How are you testing it? W

Re: Mangled secondary records...

Nevermind. I get it now. Thanks for pointing me in the right direction. Jeff On Aug 18, 2012, at 3:21 AM, Jeff Justice wrote: > Hmmmokay. It makes me wonder why my primary isn't doing this as well > though. They have been running the same version. > > Jeff >

Re: Mangled secondary records...

Hmmmokay. It makes me wonder why my primary isn't doing this as well though. They have been running the same version. Jeff On Aug 18, 2012, at 2:53 AM, Michael Hoskins (michoski) wrote: > -Original Message- > > From: Jeff Justice > Date: Saturday, August

Mangled secondary records...

the same BIND version on both primary and secondary. Help! Secondary is effectively down as a result... Jeff ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users

Re: Version statement...

Okay, I have confirmed the correct named.conf file by simply removing it then restarting bind. It throws an error until replaced. So any other ideas why the version directive won't work? Can anyone confirm with 9.9.1-P2? Jeff On Aug 17, 2012, at 9:02 PM, Michael Hoskins (michoski)

Re: Version statement...

Okay, here's what I know: named-checkconf says there are no errors. There is only one named process running. When I apply my edited named.conf, the log shows named stopping and restarting with no errors. How can I check to see the path where my named process thinks named.conf is located?

Re: Version statement...

Doesn't seem to work with or without the brackets. Does it matter what order it appears in the options list? Or a limit on number of characters? Jeff On Aug 17, 2012, at 12:34 AM, David Miller wrote: > > On 8/17/2012 1:13 AM, Jeff Justice wrote: >> I am trying to mas

Version statement...

.e. BIND 9.9.1-P2, both from the command line and from an outside query tool. What am I missing? Jeff ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@list

RE: Can't receive emails from another machine

To check whether BIND is your problem simply run "dig -t MX " on the host that is trying to send the email to your mail host. If it returns the right IP address for your mail host then BIND isn't the problem. For iptables/postfix this isn't really the right forum. You might want to try posti

RE: disabling "Any" requests

Your answer was clearly meant to be tongue in cheek but I'm not sure you understood. The OP wasn't asking how to stop all (any) lookups - it was how to stop "dig -t any" which isn't the same thing at all. Presumably they still want to allow dig -t mx, dig www... etc... Personally I don't know

RE: Loaded zone files query

That assumes its Linux and is being logged to local /var/log/messages. For other *nix the log location and name is apt to be different. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Be

RE: bind dies with assertion failure

I disagree about this being off topic. It IS in fact a BIND question but like many BIND implementations is specific to the user's setup. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Be

RE: bind dies with assertion failure

As mentioned more than once on this list. Redhat starts with an upstream version of a given package (say BIND 9.7) then backports security and bug fixes from later upstream versions into theirs and add extended versioning (say 9.7-2.3.1). One would have to check Redhat's version to see what fi

RE: Compiling and testing on Fedora

Turning off SELinux also requires a reboot after changing mode. From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Shawn Bakhtiar Sent: Thursday, June 21, 2012 1:19 AM To: bind-us...@isc.org Subject: RE: Compi

RE: Moving DNS out of non-cooperative provider

Just to verify - when you say "old provider" you're just talking about somewhere you had pointed your DNS records to and NOT the actual Registrar for the domain? If it is the Registrar you have to make changes at the Registrar's site to change which DNS servers to use. If they're not being coo

RE: multiple ints: views or separate records?

As far as influence it seems you could restrict the connections on virtual IPs to specific subnets so that they don’t have a choice. This can be done via ACLs in the views and/or via firewall rules (e.g. in iptables if this were a Linux host). From: bind-users-bounces+jlightner=water@lists

RE: Split DNS and zone transfers

You can also do it by IP in views but need separate IPs for each view. You can do that with virtual IPs on the same NICs as the primary IPs. Such virtual IPs of course have to be in the same subnet as the primary and also you’d need to insure firewall (including host level if any) is opened

  1   2   3   4   >