Bash automation for dynamic, active/active Bind DNS server

misconfigured with my dynamic, active/active Bind DNS server syntax. If you find a bug in LinuxHA, please submit a bug report to bugs.launchpad.net/linuxha/+filebug. Kind regards, Travis Bean -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds

Re: BIND DNS Server on Windows

On Tuesday, February 11, 2025 3:10:14 PM CET Turritopsis Dohrnii Teo En Ming wrote: > I had considered getting Raspberry Pi before. But the problem is that the > device supports only 1 network card. > > Regards, > > Mr. Turritopsis Dohrnii Teo En Ming > Targeted Individuals in Singapore There

Re: BIND DNS Server on Windows

On Tuesday, February 11th, 2025 at 9:52 PM, Michael De Roover wrote: > On Monday, February 10, 2025 4:31:46 PM CET Ondřej Surý wrote: > >> I am pretty much confused, unless you are using this setup for educational > >> purposes, it makes little sense. > >> > >> Setup like this is similar to onio

Re: BIND DNS Server on Windows

On Monday, February 10th, 2025 at 11:31 PM, Ondřej Surý wrote: > I am pretty much confused, unless you are using this setup for educational > purposes, it makes little sense. > > Setup like this is similar to onion - it has layers and it makes you cry, you > can add docker for extra pain or ku

Re: BIND DNS Server on Windows

On Monday, February 10th, 2025 at 11:16 PM, Michael De Roover wrote: > On Monday, 10 February 2025 15:12:05 CET Turritopsis Dohrnii Teo En Ming > wrote: > > > It appears to be too difficult for me to understand. > > > Not gonna lie, Hyper-V is anything but easy to work with, at least initiall

Re: BIND DNS Server on Windows

On Monday, February 10, 2025 4:31:46 PM CET Ondřej Surý wrote: > I am pretty much confused, unless you are using this setup for educational > purposes, it makes little sense. > > Setup like this is similar to onion - it has layers and it makes you cry, > you can add docker for extra pain or kubern

Re: BIND DNS Server on Windows

I am pretty much confused, unless you are using this setup for educational purposes, it makes little sense. Setup like this is similar to onion - it has layers and it makes you cry, you can add docker for extra pain or kubernetes for permanent blindness. It is going to be much easier to get $5/

Re: BIND DNS Server on Windows

On Monday, 10 February 2025 15:12:05 CET Turritopsis Dohrnii Teo En Ming wrote: > It appears to be too difficult for me to understand. Not gonna lie, Hyper-V is anything but easy to work with, at least initially. It was in response to this thread that I realized that I don't even remember and n

Re: BIND DNS Server on Windows

On Sunday, February 9th, 2025 at 9:55 PM, Michael De Roover wrote: > On Sunday, February 9, 2025 12:07:48 PM CET Richard T.A. Neal wrote: > > > That's my site! 😊 > > > That is incredible! > > > One major drawback with WSL is that there doesn't seem to be a way to assign > > it a static IP -

Re: BIND DNS Server on Windows

On Sunday, February 9th, 2025 at 6:55 PM, Marco Moock wrote: > Am 09.02.2025 um 10:51:35 Uhr schrieb Turritopsis Dohrnii Teo En Ming > via bind-users: > > > Can I install WinBIND on Windows 10 and Windows 11? The following > > guide mentioned installation of WinBIND on Windows Server only. > >

RE: BIND DNS Server on Windows

tualBox instead. Regards, Mr. Turritopsis Dohrnii Teo En Ming > > -Original Message- > From: bind-users bind-users-boun...@lists.isc.org On Behalf Of Turritopsis > Dohrnii Teo En Ming via bind-users > > Sent: 09 February 2025 10:52 am > To: bind-users@lists.isc.org > Sub

Re: BIND DNS Server on Windows

On Sunday, February 9, 2025 12:07:48 PM CET Richard T.A. Neal wrote: > That's my site! 😊 That is incredible! > One major drawback with WSL is that there doesn't seem to be a way to assign > it a static IP - i.e. your WSL BIND server will change IP address every > time (it's a private routed addr

RE: BIND DNS Server on Windows

Best, Richard. -Original Message- From: bind-users On Behalf Of Turritopsis Dohrnii Teo En Ming via bind-users Sent: 09 February 2025 10:52 am To: bind-users@lists.isc.org Subject: BIND DNS Server on Windows Subject: BIND DNS Server on Windows Good day from Singapore, Can I install WinBIN

Re: BIND DNS Server on Windows

Am 09.02.2025 um 10:51:35 Uhr schrieb Turritopsis Dohrnii Teo En Ming via bind-users: > Can I install WinBIND on Windows 10 and Windows 11? The following > guide mentioned installation of WinBIND on Windows Server only. Should work, give it a try. -- Gruß Marco -- Visit https://lists.isc.org/m

BIND DNS Server on Windows

Subject: BIND DNS Server on Windows Good day from Singapore, Can I install WinBIND on Windows 10 and Windows 11? The following guide mentioned installation of WinBIND on Windows Server only. Link: https://www.winbind.org/installing-bind-on-windows/ Thank you. Regards, Mr. Turritopsis

Re: secondary dns server question :)

> On 19. 11. 2024, at 1:42, Jean-François Bachelet wrote: > […] > I am just curious, as the correct config for the secondary DNS, as if the > main one is down and the secondary have not the complete config itself how > can it take on the job of the primary one for the time of its repair ? Tha

Re: secondary dns server question :)

Hello :) Thank you and Marco, Scott and Nick :) So, Primary server is a caching server for our internal network with multiple zones (and websites and services) and secondary one is meant to automaticaly replace the primary DNS server in case of it is not able to fullfil its job so all can

Re: secondary dns server question :)

is unavaillable), if I understand >>> well the docs, the two servers should have the exact same >>> configurations, appart that the secondary is stated as 'secondary' >>> and the first 'master'. >>> >>> that for both confs and zones an

Re: secondary dns server question :)

'secondary' >> and the first 'master'. >> >> that for both confs and zones and etc... > > It depends on what you want. > A DNS server can do different tasks. > One is serving authoritative information. > > For one zone (e.g. example.org),

Re: secondary dns server question :)

see RFC 2182 for info on secondary dns servers https://www.rfc-editor.org/rfc/rfc2182 e.g. nor so good to have the on the same subnet Scott > On Nov 18, 2024, at 1:03 PM, Jean-François Bachelet > wrote: > > Hello folks :) > > just to be sure, in case we have two (internals) dns servers on t

Re: secondary dns server question :)

appart that the secondary is stated as 'secondary' > and the first 'master'. > > that for both confs and zones and etc... It depends on what you want. A DNS server can do different tasks. One is serving authoritative information. For one zone (e.g. example.org),

secondary dns server question :)

Hello folks :) just to be sure, in case we have two (internals) dns servers on the same network (for the case of one is unavaillable), if I understand well the docs, the two servers should have the exact same configurations, appart that the secondary is stated as 'secondary' and the first 'mas

Re: forward option in dns server

t;that are not hosted on the AD servers themselves.  There is no forward option to AD DNS. Forward is enable from AD DNS to A.B.C.D. bind9 server. All clients are using AD DNS infact every query, about name of ‘mydomain.it,’ is resolved from AD DNS. When client asks an external domain, e.g. www.

Re: forward option in dns server

; pid-file "….. named.pid"; >> >> session-keyfile "….. session.key"; >> >> ——— >> >> >> >> >Thirdly, I would not forward to AD DNS, unless the AD servers also >> recurse and can provide >resolution for delegated names

Re: forward option in dns server

Although I see listen-on in your named.conf snippet, I don't see query-source. You can listen on a different interface / address than the one you issue queries from. If you need to issue queries selectively on different interfaces, see the server stanza and put query-source in there. -- Fred

Re: forward option in dns server

>>>>>>> I need to know the contents of that file. >>>>>>>> >>>>>>>> Thanks, Greg >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Thu, 27 Jun 20

Re: forward option in dns server

gt;>>>>>> >>>>>>>> thank you very much for your explanation. >>>>>>>> >>>>>>>> Let’s supposte AD domain was ‘my domain.it’ and I have 6000 >>>>>>>> computers of government insti

Re: forward option in dns server

IN { >>>>>>> >>>>>>> type hint; >>>>>>> >>>>>>> file "named.ca"; >>>>>>> >>>>>>> }; >>>>>>> >>>>>>> include “…. named

Re: forward option in dns server

; >>>>>> ——— >>>>>> >>>>>> >>>>>> >>>>>> named.conf.options >>>>>> >>>>>> ——— >>>>>> >>>>>> logging { >>>>>

Re: forward option in dns server

;> >>>>> }; >>>>> >>>>> category default { named_debug; }; >>>>> >>>>> }; >>>>> >>>>> >>>>> options { >>>>> >>>>>

Re: forward option in dns server

>>>> allow-recursion {127.0.0.1; A.B.C.D; dc1.mydomain.it; dc2.mydomain.it; >>>> ….. } ; >>>> >>>> allow-query {127.0.0.1; A.B.C.D; dc1.mydomain.it; dc2.mydomain.it; >>>> ….. } ; >>>> >>>> recursive-clients 3000

Re: forward option in dns server

gt; >>> dump-file “….. cache_dump.db"; >>> >>> statistics-file “….. named_stats.txt"; >>> >>> memstatistics-file “…. named_mem_stats.txt"; >>> >>> recursing-file “… named.recursing"; >>> >>> secroots-f

Re: forward option in dns server

gt; >> >> bindkeys-file "….. named.iscdlv.key"; >> >> managed-keys-directory "….. dynamic"; >> >> pid-file "….. named.pid"; >> >> session-keyfile "….. session.key"; >> >> ——— >> >> >&g

Re: forward option in dns server

D DNS to > A.B.C.D. bind9 server. > > > > > All clients are using AD DNS infact every query, about name of ‘ > mydomain.it,’ is resolved from AD DNS. > > When client asks an external domain, e.g. www.google.it, AD server > forward query to A.B.C.D. server. (Forward opti

Re: forward option in dns server

(Forward option is set on every domain controller) Only AD DNS make queries to A.B.C.D server and it’s necessary only to solve external domains. A.B.C.D. server never makes queries to AD server. A.B.C.D. is next dns server which partecipates when it’s necessary to resolve an external domain I

Re: forward option in dns server

Hi Renzo. Firstly, please can we see your BIND configuration and have the actual AD domain name. Secondly, BIND, or any other recursive DNS server, does not 'forward' to the root servers, unless you have configured it explicitly to do so, which would be a bad idea and not work anywa

forward option in dns server

I have Active Directory domain ( 'mydomain.it' ) with 8 domain controllers to manage 8000 computers. Every Domain controller acts as dns service and resolve internal domain names while forward queries about external domains to another server, which Bind9 dns server (It's inside

Re: Question on ISC BIND DNS Server

an. > > > >Can I upgrade BIND DNS Server manually? Will it cause problems with > >Virtualmin / Webmin? > > > I think this is question for webmin/virtualmin, but from what I know about > webmin it tends to edit local configuration, so I guess it will edit primary >

Re: Question on ISC BIND DNS Server

On 22.11.23 23:44, Turritopsis Dohrnii Teo En Ming wrote: I have Virtualmin / Webmin web hosting server control panel. I have 2 Virtual Private Servers in Germany and 1 Virtual Private Server in Japan. Can I upgrade BIND DNS Server manually? Will it cause problems with Virtualmin / Webmin? I

Question on ISC BIND DNS Server

Subject: Question on ISC BIND DNS Server Good day from Singapore, I have Virtualmin / Webmin web hosting server control panel. I have 2 Virtual Private Servers in Germany and 1 Virtual Private Server in Japan. Can I upgrade BIND DNS Server manually? Will it cause problems with Virtualmin

BIND DNS Server named.conf and chroot error after upgrading Virtualmin

Subject: BIND DNS Server named.conf and chroot error after upgrading Virtualmin Good day from Singapore, I have upgraded Virtualmin web hosting control panel Master Server to the following versions on the evening of 1st Nov 2022 Tuesday. Webmin version: 2.001 Virtualmin version: 7.3 Usermin

Re: BIND9 TSIG from Windows Server 2016 DNS Server Zone

On Fri, May 27, 2022 at 3:29 PM Mirsad Goran Todorovac < mirsad.todoro...@alu.unizg.hr> wrote: > Hi Crist, > > 1. Actually, I am running dynamic updates with BIND9 and ISC DHCP server > for about a half a year and I am frankly very happy with the way it works. > This is at the Academy. So, I am fa

Re: BIND9 TSIG from Windows Server 2016 DNS Server Zone

Hi Crist, 1. Actually, I am running dynamic updates with BIND9 and ISC DHCP server for about a half a year and I am frankly very happy with the way it works. This is at the Academy. So, I am familiar with the dynamic (DDNS) updates. Though there had been some tricky stuff with sub-/24 reverse

Re: BIND9 TSIG from Windows Server 2016 DNS Server Zone

As far as I know, GSS-TSIG is only used for DNS updates, not zone transfers. https://bind9.readthedocs.io/en/v9_16_5/advanced.html#dynamic-update Sorry, don't know what capabilities AD has for securing zone transfers beyond IP ACLs, which of course is not much security at all. I've never had luck

BIND9 TSIG from Windows Server 2016 DNS Server Zone

Dear all, I have a zone local.grf.hr administered by AD, DHCP and DDNS ran by Windows Server 2016 (not by my architectural choice). However, since Windows Server 2016 had round-robin strategy of inquiring the forwarders, it performed worse than BIND9 on old Debian server. So, I had the BIND9

BIND9 TSIG from Windows Server 2016 DNS Server Zone

Dear all, I have a zone local.grf.hr administered by AD, DHCP and DDNS ran by Windows Server 2016 (not by my architectural choice). However, since Windows Server 2016 had round-robin strategy of inquiring the forwarders, it performed worse than BIND9 on old Debian server. So, I had the BIND9

BIND9 TSIG from Windows Server 2016 DNS Server Zone

Dear all, I have a zone local.grf.hr administered by AD, DHCP and DDNS ran by Windows Server 2016 (not by my architectural choice). However, since Windows Server 2016 had round-robin strategy of inquiring the forwarders, it performed worse than BIND9 on old Debian server. So, I had the BIND9

Re: Failing DNS Server Diagnostic Help Requested

On 13.01.22 14:29, Tim Daneliuk via bind-users wrote: Environment: Master/Slave with Split Horizon both on FreeBSD-STABLE Bind 9.16.24_1 Master out in a cloud server Slave on a physical server with a static IP on Comcast Business Problem: After years of s

Failing DNS Server Diagnostic Help Requested

Environment: Master/Slave with Split Horizon both on FreeBSD-STABLE Bind 9.16.24_1 Master out in a cloud server Slave on a physical server with a static IP on Comcast Business Problem: After years of stable behavior, Slave intermittently not resolving

Re: Freezing a Zone vs. Stopping the DNS Server

ndc stop* > command? Would that allow me to make zone changes followed by an *rndc > reload* command? > > Also, is it safe to simply reboot the server after OS updates, or is > it necessary to manually stop the DNS server first? > > Does it matter where in the dynamically updated

Re: Freezing a Zone vs. Stopping the DNS Server

Le 29/09/2021 à 13:41, Frank Kyosho Fallon a écrit : > Hi, > > Occasionally I need to add hosts manually to forward/reverse lookup > zones in BIND 9.16. We also have ISC DHCP. Both are on a Mac Mini > using MacPorts to install. > > Since dynamic updates are continually in progress, I understand I

Freezing a Zone vs. Stopping the DNS Server

is it necessary to manually stop the DNS server first? Does it matter where in the dynamically updated zone files I insert the new host A record and PTR record? With /etc/hosts I can add hosts on different subnets. To do that in DNS, do I first need to add a reverse zone for the additional subnet

Re: Bind9 version 9.17.12 not starting without different DNS server

Dominik, please create issue in our GitLab (https://gitlab.isc.org/) and include full logs (preferably run named with `-d 99` to get most diagnostic output). Thanks, -- Ondřej Surý (He/Him) ond...@isc.org > On 17. 5. 2021, at 9:13, Dominik wrote: > > Hello, > > yesterday I tried version 9.17.

Bind9 version 9.17.12 not starting without different DNS server

Hello, yesterday I tried version 9.17.12 because of the new TLS features. My resolv.conf only contains the local resolver 127.0.0.1 and ::1. The problem is that the new Bind9 doesn't start without having an alternative resolver in resolv.conf. It looks like something in the Bind9 startup process

Re: Impact on removing IPV6 DNS Server from client terminals when Dual-stack is enabled

s can be observed when dual-stack enabled > and send both IPV4 and IPV6 DNS server addresses to clients through DHCP or > similar. > > > According to RCF 4472, > > "Note that even though IPv6 DNS resolver discovery is a recommended >procedure, it is not requ

Impact on removing IPV6 DNS Server from client terminals when Dual-stack is enabled

Hi, This is not an issue but just to get ideas from experienced bind resources. Please ignore this question, if it is out of the scope of this mailing thread. Significant number of DNS requests can be observed when dual-stack enabled and send both IPV4 and IPV6 DNS server addresses to clients

Re: Checking if my DNS server are active

Am 12.02.21 um 15:21 schrieb The Doctor via bind-users: Hello, On of my machines in Running Centos 7 / CPanel. It says my primary and secondary DNS are not active intern or public nameservers? query-source address 192.168.81.1 port 53; don't do that! listen-on {192.168

Checking if my DNS server are active

queries_log; }; // // This logging category will only emit messages at debug levels of 1 or // higher - it can be useful to troubleshoot problems where queries are // resulting in a SERVFAIL response. // category query-errors {query-errors_log; }; }; And then some zone files. Is the above correct

Re: [External] Re: How can I launch a private Internet DNS server?

> me too, i would understand that on the spamassassin list but not here and > what i *really* don't understand is jumping into the thread with "I just > wanted to comment that there is no requirement to run a secondary DNS > server" > > even if it would not be a requ

Re: [External] Re: How can I launch a private Internet DNS server?

;I just wanted to comment that there is no requirement to run a secondary DNS server" even if it would not be a requirement (but it is) it's common sense not to contradict best practices everyone running critical services is following there are enough beginners which don't fol

Re: [External] Re: How can I launch a private Internet DNS server?

On 07-Nov-20 14:06, Tom J. Marcoen wrote: > Having at least two name servers is not a requirement by the RFC > standards but which TLD allows for only one NS server to be given when > hou register a domain? > > On Sat, 7 Nov 2020 at 16:53, Kevin A. McGrail > wrote: > >

Re: How can I launch a private Internet DNS server?

n the same *redundant* cluster and the whole backends and automation is homegrown *From:* bind-users on behalf of Kevin A. McGrail I just wanted to comment that there is no "requirement" to run a secondary DNS server. 

Re: How can I launch a private Internet DNS server?

Am 05.11.20 um 20:04 schrieb Michael De Roover: On Thu, 2020-11-05 at 11:27 -0600, Chuck Aurora wrote: On 2020-11-05 07:36, Bob Harold wrote: You appear to have confused 'secondary' authoritative servers with a second 'resolver'. Authoritative servers - listed in the NS records - are used by

Re: [External] Re: How can I launch a private Internet DNS server?

Am 07.11.20 um 15:36 schrieb Kevin A. McGrail: On 11/7/2020 9:04 AM, Reindl Harald wrote: first: there *is* a requirement of a secondary nameserver https://www.iana.org/help/nameserver-requirements Does that requirement apply to the use-case? Based on the first sentence, "These are the tech

Re: [External] Re: How can I launch a private Internet DNS server?

Having at least two name servers is not a requirement by the RFC standards but which TLD allows for only one NS server to be given when hou register a domain? On Sat, 7 Nov 2020 at 16:53, Kevin A. McGrail wrote: > On 11/7/2020 10:15 AM, Reindl Harald wrote: > > > https://tools.ietf.org/html/rfc1

Re: [External] Re: How can I launch a private Internet DNS server?

On 11/7/2020 10:15 AM, Reindl Harald wrote: > > https://tools.ietf.org/html/rfc1537 > Common DNS Data File Configuration Errors > > 6. Missing secondary servers > > > It is required that there be a least 2 nameservers > > for a domain. > > - > > that above is common know

Re: [External] Re: How can I launch a private Internet DNS server?

On 11/7/2020 9:04 AM, Reindl Harald wrote: > first: there *is* a requirement of a secondary nameserver > https://www.iana.org/help/nameserver-requirements Does that requirement apply to the use-case? Based on the first sentence, "These are the technicals tests we perform for delegation changes in

Re: How can I launch a private Internet DNS server?

ber 7, 2020 2:03 PM To: bind-users@lists.isc.org Subject: Re: How can I launch a private Internet DNS server? > Do a web search for "secondary dns provider" and "backup dns provider" > I just wanted to comment that there is no "requirement" to run a secondary DNS

Re: How can I launch a private Internet DNS server?

> Do a web search for "secondary dns provider" and "backup dns provider" > I just wanted to comment that there is no "requirement" to run a secondary DNS server.  It's certainly best practice and should be considered.  However, the goal of having two DN

Re: How can I launch a private Internet DNS server?

7:16 +0200 Jason Long via bind-users wrote: >>>> >>>> Excuse me, I just have one server for DNS and that tutorial is >>>> about secondary >>>> DNS server too. >>> >>> Just skip the chapter about the secondary.  You're better off b

Re: How can I launch a private Internet DNS server?

that tutorial is about secondary DNS server too. Just skip the chapter about the secondary. You're better off buying secondary DNS services externally. A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. Best Ale Is it not a requir

Re: How can I launch a private Internet DNS server?

> > secondary > > DNS server too. > > Just skip the chapter about the secondary. You're better off buying secondary > DNS services externally. A good secondary offloads your server noticeably, > and > keeps the domain alive in case of temporary failures. > > Bes

Re: How can I launch a private Internet DNS server?

On Thu, 2020-11-05 at 11:27 -0600, Chuck Aurora wrote: > On 2020-11-05 07:36, Bob Harold wrote: > > You appear to have confused 'secondary' authoritative servers with > > a > > second 'resolver'. > > Authoritative servers - listed in the NS records - are used by > > other > > DNS servers, not by en

Re: How can I launch a private Internet DNS server?

On 2020-11-05 07:36, Bob Harold wrote: On Thu, Nov 5, 2020 at 7:00 AM Michael De Roover wrote: On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. AFAIK, authoritative slave se

Re: How can I launch a private Internet DNS server?

Am 05.11.20 um 12:59 schrieb Michael De Roover: On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. AFAIK, authoritative slave servers are only used when the master is confirm

Re: How can I launch a private Internet DNS server?

On Thu, Nov 5, 2020 at 7:00 AM Michael De Roover wrote: > On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: > > A good secondary offloads your server > > noticeably, and > > keeps the domain alive in case of temporary failures. > > AFAIK, authoritative slave servers are only used when t

Re: How can I launch a private Internet DNS server?

On Thu 05/Nov/2020 12:59:37 +0100 Michael De Roover wrote: On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. AFAIK, authoritative slave servers are only used when the master i

Re: How can I launch a private Internet DNS server?

On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: > A good secondary offloads your server > noticeably, and > keeps the domain alive in case of temporary failures. AFAIK, authoritative slave servers are only used when the master is confirmed to be down. Lookups take significantly longer

Re: How can I launch a private Internet DNS server?

On Thu 15/Oct/2020 18:57:16 +0200 Jason Long via bind-users wrote: Excuse me, I just have one server for DNS and that tutorial is about secondary DNS server too. Just skip the chapter about the secondary. You're better off buying secondary DNS services externally. A good seco

Re: How can I launch a private Internet DNS server?

On Thu 15/Oct/2020 20:59:32 +0200 Stephane Bortzmeyer wrote: On Thu, Oct 15, 2020 at 11:16:05AM -0700, Fred Morris wrote a message of 50 lines which said: 2) If you want to run your own DNS nameservers, you will need to buy a book, read the (BIND) Administrator's Reference Manual, and/o

Re: How can I launch a private Internet DNS server?

Am 16.10.20 um 11:34 schrieb Michael De Roover: Interesting article, thanks for sharing this! I'm slightly confused about some things in it though. Does this mean that any traffic will be put on the connection tracker and be treated as stateful unless we use CT --notrack, or can the kernel mak

Re: How can I launch a private Internet DNS server?

020-10-15 11:42, alcol alcol wrote: > > A DNS server can exist if you follow NIC instractions. > > Mainly have you a leased line ever on? primary DNS can't be down or > > NIC could down your domain. > > Then you have to install and configure it. Better a fedora core

Re: How can I launch a private Internet DNS server?

/me catching up on earlier parts of this thread, On 2020-10-15 11:42, alcol alcol wrote: A DNS server can exist if you follow NIC instractions. Mainly have you a leased line ever on? primary DNS can't be down or NIC could down your domain. Then you have to install and configure it. Bet

Re: How can I launch a private Internet DNS server?

On 2020-10-16 06:05, Sami Ait Ali Oulahcen via bind-users wrote: I've been looking for a way to implement this on nft or through firewalld, but couldn't find anything comprehensive. So if it does get updated, please let us know :) It won't be by me, for more than one reason (I am no longer at

Re: How can I launch a private Internet DNS server?

On 2020-10-16 04:34, Michael De Roover wrote: Interesting article, thanks for sharing this! I'm slightly confused YW! about some things in it though. Does this mean that any traffic will be put on the connection tracker and be treated as stateful unless we use CT --notrack, or can the kernel

Re: How can I launch a private Internet DNS server?

I've been looking for a way to implement this on nft or through firewalld, but couldn't find anything comprehensive. So if it does get updated, please let us know :) On 10/16/20 10:34 AM, Michael De Roover wrote: Interesting article, thanks for sharing this! I'm slightly confused about some th

Re: How can I launch a private Internet DNS server?

Interesting article, thanks for sharing this! I'm slightly confused about some things in it though. Does this mean that any traffic will be put on the connection tracker and be treated as stateful unless we use CT --notrack, or can the kernel make a heuristic based on what's in the iptables rule (i

Re: [External] Re: How can I launch a private Internet DNS server?

On 2020-10-15 14:38, sth...@nethelp.no wrote: I would run a firewall even for BIND alone on a box in case the box gets compromised through BIND. Allowing remote access and DNS, then dropping everything else as the general firewall policy should be pretty straightforward. But with the IP on this p

Re: [External] Re: How can I launch a private Internet DNS server?

Simply stateless. Something along the lines of this (iptables): # SSH may be internal only or moved to a different port iptables -A INPUT -m tcp -p tcp --dport 22 -j ACCEPT # Enable DNS on both TCP and UDP iptables -A INPUT -m tcp -p tcp --dport 53 -j ACCEPT iptables -A INPUT -m udp -p udp --dport

Re: [External] Re: How can I launch a private Internet DNS server?

> I would run a firewall even for BIND alone on a box in case the box > gets compromised through BIND. Allowing remote access and DNS, then > dropping everything else as the general firewall policy should be > pretty straightforward. But with the IP on this particular BIND box > being public, it's

Re: [External] Re: How can I launch a private Internet DNS server?

I would run a firewall even for BIND alone on a box in case the box gets compromised through BIND. Allowing remote access and DNS, then dropping everything else as the general firewall policy should be pretty straightforward. But with the IP on this particular BIND box being public, it's really lik

Re: [External] Re: How can I launch a private Internet DNS server?

On 10/15/2020 2:50 PM, Jason Long via bind-users wrote: > Yes. > In the panel of domain name registrar I can enter something like > "NS1.example.net" and an IP address. > I want to host the host t DNS server myself. Oh yes, you will also need a domain name register that

Re: [External] Re: How can I launch a private Internet DNS server?

On Thu, Oct 15, 2020 at 02:03:52PM -0400, Kevin A. McGrail wrote a message of 8 lines which said: > Firewalls are cheap and the level of effort to run a bastion host are > significant. Firewalls are useful when you want to protect unamanaged printers and Windows boxes (or Web servers with a l

Re: How can I launch a private Internet DNS server?

On Thu, Oct 15, 2020 at 11:16:05AM -0700, Fred Morris wrote a message of 50 lines which said: > 2) If you want to run your own DNS nameservers, you will need to buy a >book, read the (BIND) Administrator's Reference Manual, and/or some >RFCs Very bad advice. RFCs are not for the faint

Re: How can I launch a private Internet DNS server?

Sent: Thursday, October 15, 2020 6:57 PM To: i...@nixmagic.com ; Michael De Roover ; bind-users@lists.isc.org Subject: Re: How can I launch a private Internet DNS server?   Yes, I have two static IP addresses. One is for DNS server and one is for my website. Excuse me, I just have one server f

Re: How can I launch a private Internet DNS server?

irect connection to the internet with a public IP on their interface then? In that case you can omit any port forwarding. The secondary DNS server is for redundancy. You can omit any instructions regarding it when following the tutorial if you intend to only make one. The server type would indeed be authorit

Re: How can I launch a private Internet DNS server?

Yes. In the panel of domain name registrar I can enter something like "NS1.example.net" and an IP address. I want to host the host t DNS server myself. On Thursday, October 15, 2020, 08:36:35 PM GMT+3:30, Stephane Bortzmeyer wrote: On Thu, Oct 15, 2020 at 04:36:58PM +0

Re: How can I launch a private Internet DNS server?

l. ;-) I registered a domain name for my web site and in the panel of it, I can enter my DNS server IP addresses. I want to launch a CentOS DNS server that my Web site using it and users can visit my website from the Internet. [...] 1) The simple answer is that you don't need to run your

Re: [External] Re: How can I launch a private Internet DNS server?

On 10/15/2020 1:00 PM, Stephane Bortzmeyer wrote: > He said that the DNS server has a public IP address so port forwarding > is probably not necessary. Firewalls are cheap and the level of effort to run a bastion host are significant. I'd recommend port forwarding as a nec

Re: [External] Re: How can I launch a private Internet DNS server?

On 10/15/2020 12:57 PM, Jason Long via bind-users wrote: > Yes, I have two static IP addresses. One is for DNS server and one is > for my website. > Excuse me, I just have one server for DNS and that tutorial is about > secondary DNS server too. Can you show me another tutorial with

  1   2   3   4   5   >