On 02.01.12 17:03, Barry Margolin wrote:
>In that case, you probably shouldn't enable the option. I'm not even
>suggesting that the option be on by default.
>
>Actually, does libresolv really use those other facilities?
In article ,
Matus UHLAR - fantomas wrote:
highly depends on configurati
micho...@cisco.com wrote on 01/03/2012 04:54:51 PM:
> Maybe it's because I started in networking... But TCP/IP (or IPv6 these
> days) is quite the "subsystem" to avoid. Really, like it or not, you
are
> actually responsible for understanding interactions with "subsystems"
your
> managed system
2012/1/4 Mark Andrews :
>
> If you want named to be authoritative only set "recursion no;" or
> "allow-recursion { none; }" or "allow-query-cache { none; };" and
> no data will be returned from the cache. allow-recursion and
> allow-query-cache cross inherit from each other.
>
> If you only want m
If you want named to be authoritative only set "recursion no;" or
"allow-recursion { none; }" or "allow-query-cache { none; };" and
no data will be returned from the cache. allow-recursion and
allow-query-cache cross inherit from each other.
If you only want master zones to send notify messages
On 1/3/12 12:46 PM, "Kevin Darcy" wrote:
> Those server folks have strange ideas about name resolution. Strange
> enough that sometimes I don't even understand what the hell they are
> trying to accomplish.
In all fairness, lots of folks have strange ideas. We should start with
standards -- soft
On 1/2/2012 2:16 PM, Barry Margolin wrote:
In article,
Kevin Darcy wrote:
I agree with Matus. BIND should be as self-sufficient as possible, and
not make any assumptions about the capability of and/or the data it
expects to get from the system resolver
If the system resolver is good enough
2012/1/3 Chuck Swiger :
> On Jan 3, 2012, at 11:13 AM, Peter Andreev wrote:
>> Unfortunately as I learning BIND more, I understand that it is not
>> very suitable for my requirements.
>
> Which are? I've been trying to understand what the actual problem you are
> trying to solve might be.
I'm no
In article ,
Lyle Giese wrote:
> For instance, I want to attach to the server using VNC or SSH for
> maintanence. By default, they want to do do a reverse lookup of your ip
> address before allowing access. Now you wait for that query to time out
> before you can do your work. That's just
On Jan 3, 2012, at 11:13 AM, Peter Andreev wrote:
> Unfortunately as I learning BIND more, I understand that it is not
> very suitable for my requirements.
Which are? I've been trying to understand what the actual problem you are
trying to solve might be.
Regards,
--
-Chuck
__
2012/1/3 Lyle Giese :
> On 01/03/12 07:53, Peter Andreev wrote:
>>
>> 2012/1/2 Matus UHLAR - fantomas:
>>>
>>> On 21.12.11 19:21, Peter Andreev wrote:
>>
>>
>> I think that if server is authoritative - and - slave-only it should
>> use system resolver rather than querying by
2012/1/3 Matus UHLAR - fantomas :
>> 2012/1/2 Matus UHLAR - fantomas :
>>>
>>> I don't see your point now. I'm afraid that you will have to live with
>>> the
>>>
>>> fact that you can not disable sending queries from BIND when it needs
>>> them,
>>> you can only prevent it by configuring BIND (so i
On 01/03/12 07:53, Peter Andreev wrote:
2012/1/2 Matus UHLAR - fantomas:
On 21.12.11 19:21, Peter Andreev wrote:
I think that if server is authoritative - and - slave-only it should
use system resolver rather than querying by itself.
2012/1/2 Matus UHLAR - fantomas:
BIND will not use sys
2012/1/2 Matus UHLAR - fantomas :
I don't see your point now. I'm afraid that you will have to live with the
fact that you can not disable sending queries from BIND when it needs them,
you can only prevent it by configuring BIND (so it will not need them) or
firewall such packets so they will not
In article ,
Matus UHLAR - fantomas wrote:
> >> On Jan 2, 2012, at 2:16 PM, Barry Margolin wrote:
> >> > If the system resolver is good enough for every other application
> >> > running on the system, it should be good enough for BIND.
> >> >
> >> > Why not at least allow this as an option?
>
>
On Jan 2, 2012, at 2:16 PM, Barry Margolin wrote:
> If the system resolver is good enough for every other application
> running on the system, it should be good enough for BIND.
>
> Why not at least allow this as an option?
In article ,
Chuck Swiger wrote:
The system resolver will happily pro
2012/1/2 Matus UHLAR - fantomas :
> On 21.12.11 19:21, Peter Andreev wrote:
I think that if server is authoritative - and - slave-only it should
use system resolver rather than querying by itself.
>
>
>> 2012/1/2 Matus UHLAR - fantomas :
>>>
>>> BIND will not use system resolver.
In article ,
Chuck Swiger wrote:
> On Jan 2, 2012, at 2:16 PM, Barry Margolin wrote:
> > If the system resolver is good enough for every other application
> > running on the system, it should be good enough for BIND.
> >
> > Why not at least allow this as an option?
>
> The system resolver wi
On 01/02/2012 11:16, Barry Margolin wrote:
> In article ,
> Kevin Darcy wrote:
>
>> I agree with Matus. BIND should be as self-sufficient as possible, and
>> not make any assumptions about the capability of and/or the data it
>> expects to get from the system resolver
>
> If the system resolv
On Jan 2, 2012, at 2:16 PM, Barry Margolin wrote:
> If the system resolver is good enough for every other application
> running on the system, it should be good enough for BIND.
>
> Why not at least allow this as an option?
The system resolver will happily provide answers based upon data from
/
In article ,
Kevin Darcy wrote:
> I agree with Matus. BIND should be as self-sufficient as possible, and
> not make any assumptions about the capability of and/or the data it
> expects to get from the system resolver
If the system resolver is good enough for every other application
running o
On 1/2/2012 5:42 AM, Matus UHLAR - fantomas wrote:
On 21.12.11 19:21, Peter Andreev wrote:
All these servers are slaves. They don't send notifies.
2011/12/21 Matus UHLAR - fantomas :
they do, unless you have turned it off...
On 22.12.11 11:54, Peter Andreev wrote:
Of course I turned it of
On 21.12.11 19:21, Peter Andreev wrote:
I think that if server is authoritative - and - slave-only it should
use system resolver rather than querying by itself.
2012/1/2 Matus UHLAR - fantomas :
BIND will not use system resolver. BIND is the resolver. Relying on other
resolver could cause tro
2012/1/2 Matus UHLAR - fantomas :
>>> On 21.12.11 19:21, Peter Andreev wrote:
All these servers are slaves. They don't send notifies.
>
>
>> 2011/12/21 Matus UHLAR - fantomas :
>>>
>>> they do, unless you have turned it off...
>
>
> On 22.12.11 11:54, Peter Andreev wrote:
>>
>> Of course
On 21.12.11 19:21, Peter Andreev wrote:
All these servers are slaves. They don't send notifies.
2011/12/21 Matus UHLAR - fantomas :
they do, unless you have turned it off...
On 22.12.11 11:54, Peter Andreev wrote:
Of course I turned it off, it's normal practice for slaves, I assume.
even
David, thank you, I checked and all seems good :).
2011/12/21 Matus UHLAR - fantomas :
>> 2011/12/21 Matus UHLAR - fantomas :
>>>
>>> Disabling recursion should do the same afaik. However, disabling
>>>
>>> additional-from-cache is OK and afaik disabled by default.
>
>
> On 21.12.11 19:21, Peter A
On Wed, 21 Dec 2011, Peter Andreev wrote:
Ok, may be I'm a paranoid and worrying about trifles, but news about
compiled in hints astonished me.
The test shown here may calm you (if it shows refusal):
https://www.dns-oarc.net/oarc/articles/upward-referrals-considered-harmful
Dave
--
David Fo
2011/12/21 Matus UHLAR - fantomas :
Disabling recursion should do the same afaik. However, disabling
additional-from-cache is OK and afaik disabled by default.
On 21.12.11 19:21, Peter Andreev wrote:
No, it is enabled by default.
server needs to resolve names if it's supposed to send NOTIFY
2011/12/21 Matus UHLAR - fantomas :
> On 20.12.11 17:37, Peter Andreev wrote:
>>
>> Whether it means that without hint zone named still can perform
>> iterative lookups for its internal purposes?
>
>
> On 21.12.11 13:05, Peter Andreev wrote:
>>
>> Well, we run a bunch of authoritati
On 20.12.11 17:37, Peter Andreev wrote:
Whether it means that without hint zone named still can perform
iterative lookups for its internal purposes?
On 21.12.11 13:05, Peter Andreev wrote:
Well, we run a bunch of authoritative-only slave servers and obviously
they don't have to perform any kin
+jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of
Peter Andreev
Sent: Wednesday, December 21, 2011 4:05 AM
To: bind-users@lists.isc.org
Subject: Re: About root zones
2011/12/21 Matus UHLAR - fantomas :
>>>> 2
2011/12/21 Matus UHLAR - fantomas :
2011/12/20 Mark Andrews :
>
> Named has a compiled in set of root hints. It is used if
> a root zone is not defined in named.conf.
>
>
>>> On 20.12.11 17:37, Peter Andreev wrote:
Whether it means that without hint zone na
2011/12/20 Mark Andrews :
Named has a compiled in set of root hints. It is used if
a root zone is not defined in named.conf.
On 20.12.11 17:37, Peter Andreev wrote:
Whether it means that without hint zone named still can perform
iterative lookups for its internal purposes?
2
2011/12/20 Matus UHLAR - fantomas :
>> 2011/12/20 Mark Andrews :
>>>
>>> Named has a compiled in set of root hints. It is used if
>>> a root zone is not defined in named.conf.
>
>
> On 20.12.11 17:37, Peter Andreev wrote:
>>
>> Whether it means that without hint zone named still can
2011/12/20 Mark Andrews :
Named has a compiled in set of root hints. It is used if
a root zone is not defined in named.conf.
On 20.12.11 17:37, Peter Andreev wrote:
Whether it means that without hint zone named still can perform
iterative lookups for its internal purposes?
yes
2011/12/20 Mark Andrews :
>
> Named has a compiled in set of root hints. It is used if
> a root zone is not defined in named.conf.
>
> Mark
Whether it means that without hint zone named still can perform
iterative lookups for its internal purposes?
>
> --
> Mark Andrews, ISC
Named has a compiled in set of root hints. It is used if
a root zone is not defined in named.conf.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
127.0.0.1
+norecurse ns will be refused, but dig @127.0.0.1 return answer
(recursive query).
Its all ok, but... From where Bind gets informations about root zone?
If I comment line 'include "/etc/bind/named.conf.default-zones"' should
not be any informations for about ro
37 matches
Mail list logo
