In message <519b9008.7040...@chrysler.com>, Kevin Darcy writes:
>
> Ugh, I'm trying _really_ hard not to be an annoying nitpicker (yeah, I
> know, try harder :-), but...
>
> The relevant verbiage of RFC 6762 is:
>
> Caching DNS servers SHOULD recognize these names as special and
> SHOU
Ugh, I'm trying _really_ hard not to be an annoying nitpicker (yeah, I
know, try harder :-), but...
The relevant verbiage of RFC 6762 is:
Caching DNS servers SHOULD recognize these names as special and
SHOULD NOT attempt to look up NS records for them, or otherwise
query authoritative
In message <2013052109.ga18...@fantomas.sk>, Matus UHLAR - fantomas writes:
> >> On 21.05.13 11:03, Mark Andrews wrote:
> >> > The simplest solution is to slave the root zone and
> >> > turn off notify to so you don't spam the official
> >> > root servers. 192.5.5.241 is f.root-servers.net
On 21.05.13 11:03, Mark Andrews wrote:
>The simplest solution is to slave the root zone and
>turn off notify to so you don't spam the official
>root servers. 192.5.5.241 is f.root-servers.net.
In message <20130521072352.ga17...@fantomas.sk>, Matus UHLAR - fantomas writes:
I though
On 05/21/2013 09:28 AM, Doug Barton wrote:
...which IIRC some configs for root-slaving (FreeBSD?) use by default.
It's not used by default, but it is in the config, commented out.
Ah, faulty RAM on my part ;o)
___
Please visit https://lists.isc.org
On 05/21/2013 12:39 AM, Phil Mayers wrote:
On 05/21/2013 08:23 AM, Matus UHLAR - fantomas wrote:
On 21.05.13 11:03, Mark Andrews wrote:
The simplest solution is to slave the root zone and
turn off notify to so you don't spam the official
root servers. 192.5.5.241 is f.root-servers.
In message <20130521072352.ga17...@fantomas.sk>, Matus UHLAR - fantomas writes:
> On 21.05.13 11:03, Mark Andrews wrote:
> > The simplest solution is to slave the root zone and
> > turn off notify to so you don't spam the official
> > root servers. 192.5.5.241 is f.root-servers.net.
>
On 05/21/2013 08:39 AM, Phil Mayers wrote:
ICANN run a specifc AXFR service for various infrastructure zones:
http://dns.icann.org/services/axfr/
...which IIRC some configs for root-slaving (FreeBSD?) use by default.
I should probably add that, AFAICT, opinion about the value of slaving
".
On 05/21/2013 08:23 AM, Matus UHLAR - fantomas wrote:
On 21.05.13 11:03, Mark Andrews wrote:
The simplest solution is to slave the root zone and
turn off notify to so you don't spam the official
root servers. 192.5.5.241 is f.root-servers.net.
zone "." IN {
type slave;
On 21.05.13 11:03, Mark Andrews wrote:
The simplest solution is to slave the root zone and
turn off notify to so you don't spam the official
root servers. 192.5.5.241 is f.root-servers.net.
zone "." IN {
type slave;
file "slave/root";
masters { 192.5
The simplest solution is to slave the root zone and
turn off notify to so you don't spam the official
root servers. 192.5.5.241 is f.root-servers.net.
zone "." IN {
type slave;
file "slave/root";
masters { 192.5.5.241; };
notify no;
};
On 5/20/2013 11:36 AM, Chris Buxton wrote:
On May 20, 2013, at 12:51 AM, Narcis Garcia wrote:
- Yes, I thought about not using DNS from the same internet provider,
but wanted to know if there is a way to patch only the .local response.
- This is the configuration I use in one of the LANs:
vi
On May 20, 2013, at 12:51 AM, Narcis Garcia wrote:
> - Yes, I thought about not using DNS from the same internet provider,
> but wanted to know if there is a way to patch only the .local response.
>
> - This is the configuration I use in one of the LANs:
>
> view "local-nets" {
>match-c
You need the soa record. It has to be empty but not THAT empty :-)
Sent from my iPad
On 20 May 2013, at 04:51, Narcis Garcia wrote:
> - Yes, I thought about not using DNS from the same internet provider,
> but wanted to know if there is a way to patch only the .local response.
>
> - This is th
- Yes, I thought about not using DNS from the same internet provider,
but wanted to know if there is a way to patch only the .local response.
- This is the configuration I use in one of the LANs:
view "local-nets" {
match-clients { acl_local-nets; };
recursion yes;
forward
On 19 May 2013 20:51, Narcis Garcia wrote:
The internet ISP returns positive values for .local
queries, and I need that LAN clients receive NXDOMAIN instead.
do they return positive answers for any non-existing domains?
(is this one of ISPs wanting to make money on mistypes and ling to the
peo
On 19 May 2013 23:14, Sten Carlsen wrote:
> .local actually has meaning for most modern systems, so I would question the
> wisdom of what you want to do.
>
> You may find some functions of systems not working any more. Obviously it is
> up to you in the end.
Looking at the bug link that would see
>> These LAN have a BIND9 service to provide name resolving and caching for
>> internet access, and I want to intercept the .local domain to give a
>> NXDOMAIN response. The internet ISP returns positive values for .local
>> queries, and I need that LAN clients receive NXDOMAIN instead.
.local act
But in response to the actual question... what you want to do is not
possible in BIND zone configs as you can't create a negative zone
(that I'm aware of).
However in later versions of BIND9 you can create a local RPZ zone
which you could then use to send back a negative response for .local
http:/
Why are you forwarding queries to the ISP? Implement your own caching
layer, I for one would never use/trust an ISPs caching servers. If I
want to resolve a domain I go direct to the source, not via a 3rd
party.
On 19 May 2013 20:51, Narcis Garcia wrote:
> Hello,
>
> I'm trying to solve this pro
20 matches
Mail list logo
