x27;t going to like
customers who act like that. Those are paid to help you and to be nice to you,
yes, but don't be surprised if it diminishes the quality of the help you are
to receive.
Do consider it, in any case.
N.B.: A trademark office allowed you to get a trademark o
Same here, A returns 147.75.40.150 while returns nothing. MX has records
to Microsoft, as
addressed by Sten.
My chain is recursive to Cloudflare from vantage points at Hetzner, and from
there follows the
usual public chain.
*v...@ideapad.lan* [*~*]
$ dig vodafone.com
; <<>> DiG 9
xmagic.com (fallback)
168.119.103.78 (/32)
AS24940 (Hetzner)
Falkenstein, Germany
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org--- Begin Message ---
This is the mail system at host nixmagic.com.
I'm sorry to have to inform you that your messa
Hi Peter, I really appreciate this discourse too. With what's happening in the
world now
and with this particular executive order affecting even something as niche as
DNS, I like
how it offers a vessel to have this public discussion.
On Tuesday, April 8, 2025 7:40:44 PM CEST Peter 'PMc' Much w
somewhat inaccurate in retrospect, but.. oh well.
Benefit of hindsight I guess. It worked at the time, so back then it should've
been good enough. Either way, I'm glad that such Expert Groups exist. If they
can offer advisory to the politicians themselves and bicker among each other t
On Wednesday, March 19, 2025 4:05:29 PM CET you wrote:
> Michael,
>
> you can hardly create a static list from all of the domains that can
> possibly exists.
>
> I do understand the usefulness of dynamic classification.
>
> There’s just not a straightforward interface f
in general, the gateway or
a forward proxy server may be able to give better results (but encrypted
traffic
would be a pain to deal with).
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-
Negative cache TTL 1 minute
IN NS LOCALHOST.
; Examples
example.net IN CNAME localhost.
Note that the public domain name records to be redirected via RPZ cannot have a
trailing
dot.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
o the operator of this network has decided to add a second DNS
server."
Your work on the ARM is amazing Suzanne, and indeed we/they are :)
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
[1] https://www.ietf.org/rfc/rfc9103
Brett Delmage via bind-users wrote:
> Specifically for me now that's the query log including the flags. But it
> could be other log files too at times. I am running DNSSEC and primary,
> secondary, and internal resolving servers so many logs are of interest at
> different times.
I
ant here, but it's about as much
head-scratching as I can partake in right now. Pretty much just shooting in
the dark I suppose.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-user
There is also https://www.rfc-editor.org/info/rfc9632.
This document specifies how to augment the Routing Policy Specification
Language (RPSL) inetnum: class to refer specifically to geofeed
comma-separated values (CSV) data files and describes an optional scheme that
uses the Resource Pub
deo about that.
https://www.youtube.com/watch?v=vh6zanS_epw[1]
(Long story short, it's MaxMind's secret sauce and therefore a trade secret)
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
[1] https://www.youtube.com/watch?v=vh
regardless, which uh... I don't want to even entertain the idea of for
my business, thank you very much!
Business here, personal there. Overlap yes, but only up to a point.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https
On Tuesday, February 18, 2025 10:06:35 PM CET Peter 'PMc' Much wrote:
> On Tue, Feb 18, 2025 at 09:51:51PM +0100, Michael De Roover wrote:
> ! On Tuesday, February 18, 2025 9:38:58 PM CET Peter 'PMc' Much wrote:
> ! > Then they make a business of selling my own info
On Tuesday, February 18, 2025 8:48:15 PM CET Michael De Roover wrote:
> I find it a shame that this record is no longer in use. GeoIP is anything
> but accurate, and GPS data is not reasonable to request from servers. Not
> like you can just hook up a GPS receiver to a VPS. Even from i
eir API is. ipinfo.io has
been good for a long time, but their commercialization efforts made me look
elsewhere. That's how iplist.cc came to be in this guy's operations.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://list
in your
environment and why. Then progressively address them as they happen. Helps to
establish rationale for what you build and why.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users t
heart).
As with everything engineering, I suppose it's a variety of compromises.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
[1] https://www.youtube.com/watch?v=6bicunweBAQ
--
Visit https://lists.isc.org/mailman/listinfo/
r option you choose in the end, I wish you good luck :)
Best regards,
Michael
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/
be a physical
limit. Perhaps it's possible to mitigate this with hostapd voodoo, but I have
yet to master that myself.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs
On Sunday, February 9, 2025 12:54:53 PM CET Michael De Roover wrote:
> Perhaps this would be as good of an email as any to express that I once
> walked the corridors with this teacher-
Not sure to which extent this will be necessary, but by this I meant my own
teacher Gitte. I should
any
peers leave after the first month because they thought it was little more than
LAN parties. That is _not_ what this field is about! It's about network
engineering first, entertainment four-hundred-and-fifteenth!
Anyway, (forwarded) rants aside.. that's what it&#x
lding, alongside burnt libraries),
perhaps we
are now in an ideal position to come back to this issue with the benefit of
hindsight. I for
one look forward to seeing what people from various parts of the world have to
say about
it.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagi
ondary. How ironic that this is probably the
most suitable term here.
Long story short, context matters. Paul Vixie made the context pretty clear,
as an authoritative figure. Perhaps we were mistaken to tie slavery into this
discussion in the first place. Or perhaps the designers at the time were
mist
ve seen a lot
in both tablets and laptops, and that kind of hostile engineering is something
I strongly object to. Heh, maybe I should just go ahead and do that myself
too. Electronics, sysadmin, development... shit never ends, does it.
--
Met vriendelijke groet,
Michael De Roover
Mail: i..
.##;
192.168.##.##;
};
// Masters
// Source: https://www.zytrax.com/books/dns/ch7/masters.html
masters satellite {
192.168.##.#;
};
Hope this helps.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/li
r everything else. Additionally,
this is separated into 3 servers for the network I'm thinking of.. with 1
master and 2 slaves. It's really just a matter of slicing. Your given server
can certainly be a master for one slice, and a slave for another.
--
Met vriendelijke gr
f that is an undesirable status quo, then perhaps the matter of
actual collaboration is what deserves foreground attention.
For a long time, I've considered the IETF's standards in particular, to be the
"laws of the internet". Perhaps it wouldn't be a bad idea to
On Wednesday, 29 January 2025 11:40:50 CET Michael De Roover wrote:
> Granted, for my own domains, doing zone transfers in plain TLS over a VPN
> connection like WireGuard has never failed me either.
TCP, I meant TCP! Goodness gracious, doing an all-nighter was not a good idea.
-
On Wednesday, 29 January 2025 11:07:51 CET Stephen Farrell wrote:
> Hiya,
>
> On 29/01/2025 02:58, Michael De Roover wrote:
>
> > I appreciate the confirmation of this being about DoT/DoH
>
>
> Do we have any opinions as to whether the document (which
> I've
the Council) too, but they tend to separate
that into their press releases. It's interesting to be able to peek behind the
curtains at how each of these world-leading governments approaches this PR
matter.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: micha
to make? If
so, to what extent? And if authenticity is to be enforced from those with
authoritative servers, to circumvent that problem if identified as such,
wouldn't that just move the ball for ISP's to employ more intrusive methods to
comply with the law?
--
Met vriendelijke
If it doesn't work without docker, then it probably won't work with Docker.
Probably all the clue you need is in the log files. Did you read them?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works
1. I assume example.com is signed.
2. I don't understand why you can't just remove the NS records and fold the
foo.bar.example.com data in.
3. After some interval of TTL, you can delete the DS records.
If bar.example.com is served by the same server (I assume not: because if it
was, why would
Thanks!
This did the trick for me, once I built the missing zone and got the DS records
in the correct spots everything is now reporting green.
Michael Martinell
Network/Broadband Technician
Interstate Telecommunications Coop., Inc.-Original Message-
From: Mark Andrews
Sent: Wednesday
file "reverse/2607.d600.9000.300.rev";
dnssec-policy itc-no-rotate;
inline-signing yes;
};
Any idea on what I need to do to resolve this issue?
Michael Martinell
Network/Broadband Technician
Interstate Telecommunications Coop., Inc.
312 4th Street West * Clear Lake, SD 57226
P
Bowie Bailey via bind-users wrote:
> The first issue is that my server uses a few views to give different IPs
> based on which network the request comes from. I found that if I point
the
> zones in the different views to the same key directory, there are no
errors
> and all vie
On Tuesday, August 27th, 2024 at 4:21 AM, Ondřej Surý wrote:
> the Docker images have been updated to use Alpine Linux as the base image
> and the bind9 binaries are now compiled from the source while building the
> Docker images. This is more in-line with the expected Docker (Podman)
> workfl
ng that you should upgrade).
> How can we ensure that this is a network-level issue?
Through standard network troubleshooting techniques, such as packet captures
and firewall log inspection. Beyond that, you'll need to inquire elsewhere, as
I indicated at the top of this message, as this is a list abo
>> Hello Michael
>> Thank you for your response. Here is a pcap file and some logs.
>
> Hello Sami,
>
> Your pcap shows your resolver making thousands of queries that get
> no responses (or at least the pcap does not contain them). There's
> not much I can say,
> Hello Michael
> Thank you for your response. Here is a pcap file and some logs.
Hello Sami,
Your pcap shows your resolver making thousands of queries that get no responses
(or at least the pcap does not contain them). There's not much I can say,
beyond that this does not app
> Yes, sure. I grabbed three typical cases to analyze further, and
> currently trying to understand the proceedings - unsuccessfully, up
> to now. :(
>
> Case 1:
> ---
> Jun 19 17:42:12 conr named[24481]: lame-servers:
>info: success resolving '26.191.165.185.in-addr.arpa/PTR'
>
Mark Andrews wrote:
> Named and nsupdate validate input for types they know about (both text
> and wire). You would have to use versions that are not HTTPS aware and
> use unknown type format.
So, he could code it in Perl or Python or something which had a dynamic DNS
library. Bind
along with the BIND log segment which contains the
failed queries.
Michael Batchelder
ISC Support
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.
ation to reflect that:
> https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9092/diffs
>
> Petr Špaček
> Internet Systems Consortium
>
> On 06. 06. 24 21:01, Michael Paoli via bind-users wrote:
> > Ah, thanks!
> >
> > Yeah, that's what I
isc.org/isc-projects/bind9/-/blob/main/doc/misc/dnssec-policy.default.conf
>
> On Thu, Jun 6, 2024 at 8:19 AM Michael Paoli via bind-users
> wrote:
>>
>> dnssec-policy default - where/how to determine what all its settings are?
>> Documentation
>> doc/bind9-do
dnssec-policy default - where/how to determine what all its settings are?
Documentation
doc/bind9-doc/arm/reference.html#dnssec-policy-default
https://bind9.readthedocs.io/en/v9.18.27/reference.html#dnssec-policy-default
says:
A verbose copy of this policy may be found in the source tree, in the
fi
Thomas,
I just incorrectly wrote:
> So at minimum add "icmp and arp" to your filter expression.
I did not mean to use the logical "and". Your minimum filter should be
something like:
"src port 53 or icmp or arp"
Sorry for the confusion,
Michael
limit the amount of
information you provide to those who are trying to help you or make them infer
information. It's fine to mention only certain packets in an email, but put the
full packet capture on a public resource somewhere accessible.
Michael Batchelder
ISC Support
--
Visit https:
(or some level of
failure in between all queries and the ones for that one domain)? And at that
time, can you successfully query from the same system using a public resolver
(e.g. "dig @9.9.9.9 s1._domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es TXT")?
And do you have BIND's
Matthijs Mekking wrote:
> As the main developer of dnssec-policy, I would like to confirm that
> what has been said by Michael and Nick are correct.
Cool.
> - When migrating to dnssec-policy, make sure the configuration matches
> your existing keys.
Is there a way
actices. (It also provides
some level of job security :-D.)
But in this case, I think the BIND developers did a good job ensuring
there was a way to create policies that integrate well with
key-management regimes external to BIND.
michael
--
Visit https://lists.isc.org/mailman/listinfo/b
https://bind9.readthedocs.io/en/v9.16.42/advanced.html#errors). As it
is, I was too focused on finding a problem with defining a key at all.
Maybe pointing out this would be an acceptable issue...
Thanks again!
- Michael
Am 17.01.24 um 18:26 schrieb Anand Buddhdev:
On 17/01/2024 18:18, Michael
6.42/reference.html#key-statement-definition-and-usage>.
It is defined globally and should be available in all views (and the
output from tsig-list confirms this).
As this has been rejected as an error within minutes
(https://gitlab.isc.org/isc-projects/bind9/-/issues/4539) it must be a
user error.
Greg Choules via bind-users wrote:
> What would be better (IMHO) is for you to keep "example.com" as your
> external zone in an external (hopefully in a DMZ) primary server,
> serving the world with public addresses they need to reach, and
> internally create a new zone - "interna
Given VPNs, RemoteAccess and the like, I strongly recommend against split-DNS
configurations. They were great ideas in 1993, when all sites were concave,
but that's just not the case anymore.
Instead, I recommend having a sub-zone, "internal.example.com", or some other
convenient name. Put a zo
, but it will take a large company to push them to do so.
Michael Martinell
Network/Broadband Technician
Interstate Telecommunications Coop., Inc.
From: bind-users On Behalf Of Paul Stead
Sent: Saturday, October 28, 2023 11:35 AM
Cc: bind-users@lists.isc.org
Subject: Re: 9.18 BIND not iterated
7#53(2607:d600:9000:330:75:102:160:227)
;; WHEN: Fri Oct 27 09:56:31 CDT 2023
;; MSG SIZE rcvd: 125
[root@brkr-dns2 bind-9.18.12]#
Michael Martinell
Network/Broadband Technician
Interstate Telecommunications Coop., Inc.
312 4th Street West * Clear Lake, SD 57226
Phone: (605) 874-8313
michael
lves the problem if interactive. Cron running a week
later usually works)
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/
In general, you don't want to mix dynamic update zones with ones that you
want to edit by hand. I see that you are doing manual DNSSEC signing in your
cron job.
Your choices are:
a) do everything with dynamic update, and turn on automatic DNSSEC management
in bind9.
b) do your DNSSEC signing
Silva Carlos wrote:
> On server A I configured HyperLocal. On Server B I did NOT configure
> HyperLocal.
> I ran the command "dig @localhost EXAMPLES" on both servers.
> EXAMPLES: blabla.sdf.dd or teste.com.eroterrter or world.nanana
> Problem: Both Servers report that "Quer
e Question section empty."
There are some older implementations out there that don't do this
correctly. I have a vendor supported IPAM implementation, where I have
gone back to the vendor and quoted the above, and they have fixed the
implementation.
michael
On 8/31/23 17:34, Ian Bobb
Mark Andrews wrote:
> where wrong and wouldn’t normally be that way. Something or someone
> changed them. It may have happened again. We can’t see what you see
And, AppArmor can turn things into permission denied, which are rather
mysterious. So, I'd ask for dmesg output too.
sign
itctel.com.zone.jbk /var/named/forward/itctel.com.zone.new
/var/named/forward/itctel.com.zone.signed.jnl
Michael Martinell
Network/Broadband Technician
Interstate Telecommunications Coop., Inc.
312 4th Street West * Clear Lake, SD 57226
Phone: (605) 874-8313
michael.martin...@itccoop.com
www.itc-w
};
};
My apologies for not double-checking earlier, but I think this should be
everything.
--
Met vriendelijke groet / Best regards,
Michael De Roover
signature.asc
Description: This is a digitally signed message part.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
e, not
the actual
domain on the internet. The only major issue I've been facing with this so far,
is that AXFR
to secondary and tertiary name servers has some issues, and at least Windows 10
Home
will query those when the primary name server does not give a satisfactory
answer.
--
Met v
m...@at.encryp.ch wrote:
> Regarding the usage of [::] - due to usage of firewall I am able to
> block connections to the 53/udp and 53/tcp which are not coming to
> specific IP addresses or ranges, I do not need such filtering
> functionality within bind itself.
Bind doesn't list
Serg via bind-users wrote:
> As an alternative approach I have tried to run with a configuration
> "listen-on-v6 { any; }", but it does behave in a way I need - it binds
> separate socket for each discovered IP address rather wildcard address
> of [::].
Bind needs to bind a new s
Mike Lieberman wrote:
> The newer router blocks my local BIND servers (ONLY not clients using
> downstream servers) from receiving anything from the Internet. OUR BIND
> servers still have the local networks, but nothing else.
Your explanation is rather obtuse, but I think you mean t
Can you share a bit about why you want to get out of using
opendnssec/openhsm?
I would regard this as an opportunity to test key rollover with your parent
zone :-)
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works
John Thurston wrote:
> On a resolver running ISC BIND 9.16.36 with "dnssec-validation auto;" I am
> writing "category dnssec" to a log file at "severity info;" When I look
in
> the resulting log file, I'm guessing that lines like this:
> validating com/SOA: got insecure respon
E R wrote:
> I am planning on implementing the current version of BIND to replace the
> aging, undocumented authoritative servers I inherited. I want to hide the
> primary server on our internal network and have two secondary servers be
> publicly available. While reading the DN
r, president
Montague WebWorks
20 River Street, Greenfield, MA
413-320-5336
http://MontagueWebWorks.com
Powered by ROCKETFUSION
On 1/7/2023 6:24 PM, G.W. Haywood via bind-users wrote:
Hi there,
On Sat, 7 Jan 2023, Michael Muller wrote:
This is my first time posting here, and I'm not sure if i
Hello everyone,
This is my first time posting here, and I'm not sure if it's the right
place or not to ask my question. This is a general DNS question,
specifically, I think, SPF.
(Btw, I do use Bind in my system, so that's why I'm here.)
I host email using SmarterMail, and all 400+ customer
On Thu, 2022-12-22 at 05:19 +, Michael De Roover wrote:
> Hello,
>
> I have been running BIND 9 on my external and internal networks for a
> few years now -- as such I have a basic understanding of the most
> common RR types and activities such as zone transfers. However, I
>
ed information disclosure, hence
my curiosity. If it is at all possible to mitigate, I would of course
also appreciate discourse on this matter. Thank you!
[1] https://subdomainfinder.c99.nl
[2] https://criminalip.io/domain
Best regards,
Michael
--
Visit https://lists.isc.org/mailman/listinfo/bind-users
Havard Eidnes via bind-users wrote:
>To "fill" an ip6.arpa zone for a /64 requires 18446744073709551616
> records (yes, that's about 18 x 10^18 if my math isn't off). I predict
> you do not posess a machine capable of running BIND with that many
> records loaded -- I know we
ts are set according to
algorithm and usage (ZSK or KSK)
[1] https://www.cyberciti.biz/faq/unix-linux-bind-named-configuring-tsig/
Thanks again for your time to read this email, and for your insights.
--
Met vriendelijke groet / Best regards,
Michael De Roover
--
Visit https://lis
s/ch7/xfer.html
Thank you so much for taking your time to read this, and thanks in advance for
any insights.
--
Met vriendelijke groet / Best regards,
Michael De Roover
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this
ore complicated.
Regarding the legitimate queries, it would be prudent to allow common
recursors (Google, Cloudflare, Quad9 etc) to have exceptions to this
rule. Just allow their IP addresses to send traffic either
unrestricted, or using a more relaxed version of the above.
HTH,
Michael
On Tue, 2
Philip Prindeville wrote:
> What do I need to do on both ends (remote DHCP server and central DNS
> server) to push updates over?
Your list is pretty accurate.
One thing that bites me regularly is that names of the TSIG keys matters, and
that if you have a trailing . in the key name, it
I found this message:
May 8 16:41:18 tilapia named[1268]: zone ox.org/IN:
zone_rekey:dns_dnssec_keymgr failed: error occurred writing key to disk
It would be great if it could tell me the file name that failed to write, and
ideally what the error was (EPERM is my guess, but there could also be
and I don't have a CDS published.
So what happened? I shall troll my logs and see what else I can find out,
but there sure is a lot of stuff going on. Maybe lots of flotsam from my
previous situation that needs to expunged.
--
] Never tell me the odds!
Mark Andrews wrote:
> Unless you are pointing recursive clients directly at your
> authoritative servers there is no need. The recursive servers will
> lookup the CNAME target themselves. Additionally recursive servers just
> process the CNAME and ignore the rest of the response
I upgraded to 9.18 from 9.11 or something that was in debian nulleye.
Mar 11 18:14:27 tilapia named[9206]: /etc/bind/named.conf.options:40: invalid
prefix, bits [64..71] must be zero
Alas, line 40 has multiple IPv6 prefixes on it:
40 dns64 2607:f0b0:f:0:::/96 {
41 clients {
missing the appropriate incantation?
Mine are fairly plain:
[...]
channel lamers {
file "/var/log/named/lamers.log" versions 9;
print-time yes;
};
[...]
category lame-servers { lamers; };
[...]
michael
___
Please visit https://li
On 9/2/21 2:59 PM, Mark Tinka wrote:
On 9/2/21 23:51, Michael Sinatra wrote:
I have noticed this also and have opened a (similar but different)
issue, but it's a bit weird how it manifests itself.
On your freebsd installation, make sure that all of your interfaces
are configure
the meantime, I would check on your 'listen-on'
statements and make sure there aren't any stray addresses in there.
michael
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the d
flipping it so that the DNSKEY RRSET expires
quickly and the zone/RRSIG TTLs stay in cache longer. But that is still
a fairly tricky approach and I am not sure it would work...
michael
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
tion about our plans for issuing replacement releases will be
provided later; at the moment our priority is getting the news to parties as
quickly as possible so that those who have not already adopted the new releases
can postpone until corrected versions are available.
Michael McNally
Intern
Windows zips provided for the 9.17 branch this month.
Zip files with Windows packages were provided as usual for the 9.11 and
9.16 branches.
Michael McNally
ISC Support
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
rg/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bin
here that the DNS protocol has no
> means to distinguish among different types of NS host. (Yes, there
> is
> the SOA MNAME, but that is not used by resolvers.) One NS is as good
> as any other NS.
These (SOA and behavior for resolvers) probably describe where I got
confused, thanks
something like that).
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.or
e:
> Absolutely right; I wrote this Linux-centric article about it:
>
> https://kb.isc.org/docs/aa-01183
>
> It has not been updated to cover nftables.
>
> Note also that this is a good reason NOT to use the NAT that
> other posters
they are usually UDP based, and every new query is going
> to create state. Read up on state table exhaustion.
>
> Steinar Haug, Nethelp consulting, sth...@nethelp.no
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/
walls are cheap and the level of effort to run a bastion host
> > are
> > significant.
>
> Firewalls are useful when you want to protect unamanaged printers and
> Windows boxes (or Web servers with a lot of crappy PHP) but a BIND
> server on a reasonably managed Unix
just have one server for DNS and that tutorial is about
> secondary DNS server too. Can you show me another tutorial with one
> server and same goal?
> The Internet DNS server for my goal is "Authoritative DNS" ?
--
Michael De Roover
___
m this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mich
1 - 100 of 489 matches
Mail list logo
