Hi,
> Need help with the COPR packages for BIND, they don’t seem to have DOH
> enabled / working
That's not the case, DNS-over-HTTPS should work just fine with our Copr
packages.
> Should have: compiled with DNS-over-HTTPS
> It does not no?
DNS-over-HTTPS support in BIND 9 is implemented usin
Hey Everyone,
Need help with the COPR packages for BIND, they don’t seem to have DOH enabled
/ working
sudo yum-config-manager --add-repo
https://copr.fedorainfracloud.org/coprs/isc/bind/repo/epel-9/isc-bind-epel-9.repo
sudo yum --enablerepo="copr:copr.fedorainfracloud.org:isc:bind" install
is
-- Original --
> From: "Greg Choules" ;
> Date: Sun, Apr 28, 2024 03:39 PM
> To: "Yang"<395096...@qq.com>;
> Cc: "bind-users";
> Subject: Re: [help]how to configure ecs subnet for bind-9.18-21
>
> Hello.
> Do you mean
Hello.
Do you mean 9.18-S1?
> On 28 Apr 2024, at 08:06, Yang via bind-users
> wrote:
>
>
> dear admin:
> now, i use bind-9.18-21, i want to use ecs client subnet function; but i
> don't know how to configure it, and i don't get method from google
> please give me some example,or document
* Commonly when an answer to a query is larger than UDP should handle, a
switch to TCP is required. This can be configurable and done in unexpected
ways to thwart DDOS
* I do not know of any laws specifically mentioning DNS. General computer
system/network laws could apply.
* I think there would be
On Fri, 3 Nov 2023, Amaury Van Pevenaeyge wrote:
* Would you have some articles and researches or others about DNS
protocol, DNS protocol security or good research practices for DNS
amplification attacks?
The "go to" book on my bookshelf for IP generally is Comer's
_Internetworking w
> On 3. 11. 2023, at 18:04, Fred Morris wrote:
>
> Your interpretation of what is occurring may be interfering with your
> understanding of it.
This ^^^.
You should start with understanding the wider picture by studying how DNS works.
I would recommend starting here:
https://labs.ripe.net/a
Am 03.11.2023 um 15:20:50 Uhr schrieb Amaury Van Pevenaeyge:
> Hello everyone,
>
> I'm currently a final year Master's student at the Free University of
> Brussels. As part of my Master's thesis, I have to implement a DNS
> amplification scenario within a Cyber Range. However, before
> achieving
Hello. Your interpretation of what is occurring may be interfering with
your understanding of it.
On Fri, 3 Nov 2023, Amaury Van Pevenaeyge wrote:
[...] As part of my Master's thesis, I have to implement a DNS
amplification scenario within a Cyber Range. However, before achieving
this final
dig -x 2001:db8::1 also works
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 24. 8. 2023, at 8:49, Jan-Piet Mens wrote:
>
>
>>
>> IPv6 PTR records are simply reversed.
>
You may already have BIND installed; most distros do. If not, it's easy.
You don't *have* to run named, but tools like this (and dig, particularly)
are very useful to have.
Do "which arpaname" to see if you have it already.
Cheers, Greg
On Thu, 24 Aug 2023 at 08:00, Marco wrote:
> Am 24.08.202
Am 24.08.2023 schrieb Jan-Piet Mens :
> easier said than done, for some of us. I use BIND's arpaname(1)
> utility which does the work for me:
>
> $ arpaname 2001:db8::1
> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.B.D.0.1.0.0.2.IP6.ARPA
Thanks for telling me. I used dig and extracted the
IPv6 PTR records are simply reversed.
easier said than done, for some of us. I use BIND's arpaname(1) utility which
does the work for me:
$ arpaname 2001:db8::1
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.B.D.0.1.0.0.2.IP6.ARPA
-JP
--
Visit https://lists.isc.org/mailman/listinfo/
Am 23.08.2023 23:13 schrieb Cesar Augusto Camacho Sierra:
> I am looking to generate IPv6 PTR records in a specific format for my
> BIND 9 server. The desired format is [insert format]. I've tried
> [describe any approach you've tried], but I'm having a hard time
> getting it done. Could anyone pr
On 18/04/2023 2:16 am, Matt Zagrabelny via bind-users wrote:
On Mon, Apr 17, 2023 at 9:04 AM Marco wrote:
Am 17.04.2023 um 08:59:29 Uhr schrieb Matt Zagrabelny via bind-users:
> I'm running a little older Debian bind:
>
> bind9 1:9.9.5.dfsg-9
The upgrade your
The additional problem is that you also choose to hide the domain and the IP
addresses which doesn’t help others test stuff for you.
Why do you think named asked for the addresses of the servers? What does named
have and what does it need to send out notify messages? Is the server properly
c
Hello Ondřej,
On Mon, Apr 17, 2023 at 9:26 AM Ondřej Surý wrote:
>
> > On 17. 4. 2023, at 15:59, Matt Zagrabelny via bind-users <
> bind-users@lists.isc.org> wrote:
> >
> > Greetings bind-users,
> >
> > I'm running a little older Debian bind:
> >
> > bind9 1:9.9.5.dfsg-9
>
> A litt
On Mon, Apr 17, 2023 at 9:04 AM Marco wrote:
> Am 17.04.2023 um 08:59:29 Uhr schrieb Matt Zagrabelny via bind-users:
>
> > I'm running a little older Debian bind:
> >
> > bind9 1:9.9.5.dfsg-9
>
> The upgrade your OS, stretch already has 9.10 and that is very old.
>
Agreed! It is on
> On 17. 4. 2023, at 15:59, Matt Zagrabelny via bind-users
> wrote:
>
> Greetings bind-users,
>
> I'm running a little older Debian bind:
>
> bind9 1:9.9.5.dfsg-9
A little older?
Debian Jessie reached EOL in June 2018, Debian Jessie LTS reached EOL in June
2020
So, you are r
Am 17.04.2023 um 08:59:29 Uhr schrieb Matt Zagrabelny via bind-users:
> I'm running a little older Debian bind:
>
> bind9 1:9.9.5.dfsg-9
The upgrade your OS, stretch already has 9.10 and that is very old.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe fr
Hello,
I have found the issue. Maybe it helps someone else.
In the logs above, there were "exceeded max queries resolving".
The default max-recursion-queries is 75.
I have increased it to 100 and it seems it helped. So I set it up to 150
to be on the safe side.
Best regards,
Olaf
NAVI Sp.
Hello,
One more thought - This behaviour didn't happen with bind 9.9 - on CentOS 7.
Best regards,
Olaf Frączyk
NAVI Sp. z o.o.
Promienista 5/1
60-288 Poznań
mobile: +48609769035
phone: +48616622881
fax: +48616622882
http://www.navi.pl
On 2020-10-04 01:39, Olaf Frączyk wrote:
Hello,
I'm run
>On 4 Mar 2019, at 16:20, Paul Kosinski wrote:
>> provides our users with general caching DNS service for
>> all other domains.
>
>[...]
>
>> Its "named.conf" file doesn't list any "forwarders" any more, and
>> "forward-only" is gone, but it still has a leftover "recursion yes"
>> clause. Am I cor
In article ,
Paul Kosinski wrote:
> I gather "recursion yes" (explicit or default) controls whether BIND
> *does* recursion itself, in the sense of querying other DNS servers for
> data it doesn't have, not whether it *issues* queries with the
> "recursion desired" flag set. (Somewhat confusing
I gather "recursion yes" (explicit or default) controls whether BIND
*does* recursion itself, in the sense of querying other DNS servers for
data it doesn't have, not whether it *issues* queries with the
"recursion desired" flag set. (Somewhat confusing terminology, in my
opinion.)
So is the "recu
On 4 Mar 2019, at 16:20, Paul Kosinski wrote:
provides our users with general caching DNS service for
all other domains.
[...]
Its "named.conf" file doesn't list any "forwarders" any more, and
"forward-only" is gone, but it still has a leftover "recursion yes"
clause. Am I correct is assuming
On 4 Mar 2019, at 16:20, Paul Kosinski wrote:
> provides our users with general caching DNS service for
> all other domains.
[...]
> Its "named.conf" file doesn't list any "forwarders" any more, and
> "forward-only" is gone, but it still has a leftover "recursion yes"
> clause. Am I correct i
We have a BIND server on our LAN which is authoritative for our ".local"
domain and also provides our users with general caching DNS service for
all other domains.
Its "named.conf" file doesn't list any "forwarders" any more, and
"forward-only" is gone, but it still has a leftover "recursion yes"
Iterative mode is the default lookup mode for recursive servers. It is where
the server follows the delegations from the root servers to talk to the
authoritative servers directly. Recursive mode is where you use another
recursive server (in iterative mode) to talk to the authoritative servers.
S
In article ,
vivek wrote:
> thanks, that means for Bind service to work we have to have the "recursion
> yes" else the forwarder will also not work.
>
> Actually I m bit confused between Recursive vs Iterative query mode , so
> does this mean Bind will only work in Recursive query mode & this
On 03.03.19 07:36, vivek wrote:
thanks, that means for Bind service to work we have to have the "recursion
yes" else the forwarder will also not work.
Actually I m bit confused between Recursive vs Iterative query mode , so
does this mean Bind will only work in Recursive query mode & this makes
thanks, that means for Bind service to work we have to have the "recursion
yes" else the forwarder will also not work.
Actually I m bit confused between Recursive vs Iterative query mode , so
does this mean Bind will only work in Recursive query mode & this makes the
"Forwarder " to do his requi
On 03.03.19 14:55, Vivek Aggarwal wrote:
Please help in understand what the purpose of specifying "recursion yes"
it means that BIND will provide recursion, e.g. resolve domains not
confiured locally.
in the "named.conf.options" file when I have already configured the
forwarders list in it.
In message <20180321055215.jm3ybhkz4vqgs...@mycre.ws>,
Robert Edmonds wrote:
>{... long explanation of why things are as they are, snipped...}
Thanks for all this Robert. I guess it all makes sense. I just
loath complexity. But sometimes it is unavoidable.
>If you are parsing packets and c
Ronald F. Guilmette wrote:
> In message <20180320205558.23ld7b2orcfky...@mycre.ws>,
> Robert Edmonds wrote:
>
> >Rick Dicaire wrote:
> >> For libbind9, https://packages.ubuntu.com/trusty/libbind9-90
> >
> >You would also need the ".so" symlink in order to link with -lbind9,
> >which is in this p
Tony Finch wrote:
> So the classic libc resolver API is basically the BIND4 libbind, and the
> resolvers in glibc and the BSDs still descend from this codebase.
>
> BIND8 was a significant revision of the BIND code (e.g. the improved
> configuration syntax, support for DNS extensions) but I get th
In message ,
Tony Finch wrote:
>BIND9 was a new codebase with very different internal library APIs, and an
>ambition to completely revamp the libc -> resolver interface - this is
>what the lwresd stuff was about. But no unix adopted this new design into
>its libc, so the ambition withered.
>
>S
Ronald F. Guilmette wrote:
>
> Second, I wish I undrstood your comment that the the files that appear
> on my Ubuntu system and whose names begin with "libbind9" are "unrelated"
> to the "real thing" (ISC) library of the same name.
There are a couple of events that make this confusing (the BIND4
In message <20180320205558.23ld7b2orcfky...@mycre.ws>,
Robert Edmonds wrote:
>Rick Dicaire wrote:
>> For libbind9, https://packages.ubuntu.com/trusty/libbind9-90
>
>You would also need the ".so" symlink in order to link with -lbind9,
>which is in this package:
>https://packages.ubuntu.com/trust
In message <20180320205115.wanrlpfisxx6g...@mycre.ws>,
Robert Edmonds wrote:
>It should be in the SYNOPSIS section :-)
>
>http://manpages.ubuntu.com/manpages/trusty/en/man3/resolver.3.html
>...
>Link with -lresolv.
Doh! yea. You're right. It's right there. Didn't notice.
(Argu
Rick Dicaire wrote:
> For libbind9, https://packages.ubuntu.com/trusty/libbind9-90
You would also need the ".so" symlink in order to link with -lbind9,
which is in this package:
https://packages.ubuntu.com/trusty/libbind-dev. This package is
confusingly named, though, it should probably have been
Ronald F. Guilmette wrote:
> In message <20180320193041.d2bwvgkgyvqem...@mycre.ws>,
> Robert Edmonds wrote:
>
> >For glibc versions that are less than about ten years old, these should
> >be available in libresolv, which is part of glibc.
>
> Thanks Robert! I added -lresolv to the link and now
For libbind9, https://packages.ubuntu.com/trusty/libbind9-90
On Tue, Mar 20, 2018 at 4:02 PM, Ronald F. Guilmette
wrote:
>
> In message <20180320193041.d2bwvgkgyvqem...@mycre.ws>,
> Robert Edmonds wrote:
>
> >> I am porting some code of mine from FreeBSD to this Ubuntu system
> >> and I'm getti
In message <20180320193041.d2bwvgkgyvqem...@mycre.ws>,
Robert Edmonds wrote:
>> I am porting some code of mine from FreeBSD to this Ubuntu system
>> and I'm getting the following unresolved symbols at link time:
>>
>> __res_query
>> __res_mkquery
>> __res_send
>>
>> It seems appar
Ronald F. Guilmette wrote:
> Apologies in advance to all. I am probably just making some
> bonehead mistake or small typo, but...
>
> Can someone please instruct me as to the proper way to link to
> libbind9 on Ubuntu 14.02 LTS?
>
> I am porting some code of mine from FreeBSD to this Ubuntu syst
PENG, JUNAN wrote:
>
> Why Query log off/on feature is impacting named CPU Usage ?
It has to serialize query processing in order to write to the log, and
that serialization barrier limits the parallelism that it can achieve
(due to Amdahl's law).
Tony.
--
f.anthony.n.finchhttp://dotat.at/
PENG, JUNAN wrote:
>
> Is there any way to adjust some default parameters to increase named
> process CPU usage to improve system performance when query log is on ?
No, because your problem is lock contention in BIND's logging code. But,
if you compile a more recent version with dnstap support yo
> root@recursivo-a:~# dig icap-to.com.br
>
> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> icap-to.com.br
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32316
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ;
Carr
> Sent: Saturday, August 06, 2016 5:13 PM
> To: bind-users@lists.isc.org
> Subject: Re: help
>
> On 6 August 2016 at 09:07, RAM MOHAN, Hari Ganesh
> wrote:
> > The flow is working for mi-testw03.pt but not working for
> > mi-testq03.pt. I really puzzled with suc
.org
Subject: Re: help
On 6 August 2016 at 09:07, RAM MOHAN, Hari Ganesh
wrote:
> The flow is working for mi-testw03.pt but not working for
> mi-testq03.pt. I really puzzled with such behaviour.
That's simple to answer, mi-testw03.pt is registered in the .pt zone,
mi-testq03.pt is
On 6 August 2016 at 09:07, RAM MOHAN, Hari Ganesh
wrote:
> The flow is working for mi-testw03.pt but not working for mi-testq03.pt. I
> really puzzled with such behaviour.
That's simple to answer, mi-testw03.pt is registered in the .pt zone,
mi-testq03.pt is not.
For some reason BIND is ignoring
testq03.fr. 1800IN A 10.224.8.221
;; AUTHORITY SECTION:
mi-testq03.fr. 1800IN NS hdqdns.marriott.com.
mi-testq03.fr. 1800IN NS mcncdns.marriott.com.
;; ADDITIONAL SECTION:
hdqdns.marriott.com.1800 IN A
: view hdq: transfer of 'mi-testq03.pt/IN': AXFR-style IXFR ended
Thanks & Regards,
Hari Ganesh Ram Mohan
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of S Carr
Sent: Saturday, August 06, 2016 2:30 AM
To: bind-users@lists.isc.org
Subjec
On 5 August 2016 at 19:26, RAM MOHAN, Hari Ganesh
wrote:
>
> Dig SOA gives two different results, It tells SERVFAIL and then NXDOMAIN
>
Check your BIND logs to make sure the zone has been successfully
transferred from the master.
___
Please visit https:
R: 162.130.128.167#53(162.130.128.167)
;; WHEN: Fri Aug 5 14:21:00 2016
;; MSG SIZE rcvd: 89
Thanks & Regards,
Hari Ganesh
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of S Carr
Sent: Friday, August 05, 2016 10:29 PM
To: bind-users@lists.
On 5 August 2016 at 17:21, RAM MOHAN, Hari Ganesh
wrote:
> We are not able to understand that why we are not able to resolve
> mi-testq03.pt whereas mi-testq03.fr is just working fine.
There is an A record at the apex of the mi-testq03.pt zone, right?
What do you get if you try to dig for the SOA
Alan Clegg wrote:
>
> As for NOTIMP, I'm not aware of an easy path, but I'm sure that someone here
> knows.
; <<>> DiG 9.11.0a1 <<>> +noedns dotat.at in maila
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOTIMP, id: 42331
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, A
SERVFAIL: create a delegation NS record in your zone to a server that
isn't authoritative for the zone being delegated.
REFUSED: create an ACL that matches (and denies) the query being done
NOERROR w/ no RR: query for example.com
As for NOTIMP, I'm not aware of an easy path, but I'm sur
On 2015-08-24 03:57, Daniel Ryslink wrote:
As for the SERIAL in SOA, it's just a good practice, it gives you the
information about when the zone was published, and creates less
problems when you transfer hosting of the domain to another
nameserver. Basically yes, it's just a number, but there i
Daniel Ryslink wrote:
>
> As for the SERIAL in SOA, it's just a good practice, it gives you the
> information about when the zone was published, and creates less problems
> when you transfer hosting of the domain to another nameserver. Basically
> yes, it's just a number, but there is no real good
The reasons why not to use nslookup are summarized here:
http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/nslookup-flaws.html
I have seen ISC developers discourage from using it in tihis mailing
list too.
As for the SERIAL in SOA, it's just a good practice, it gives you the
informati
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/23/2015 10:05 PM, Alan Clegg wrote:
> Never, EVER use nslookup.
Could you explain why?
- --
-
Tim Daneliuk tun...@tundraware.com
PGP Key: http://www.tund
On 8/23/15 8:30 PM, Daniel Ryšlink wrote:
> A few pointers - try to use the recommended MMDDnn format for SERIAL
> in SOA. Also try not to use nslookup.
Half of this I agree with. Half I do not.
The serial number is just a number, as long as you increment it, the
"format" is completely up t
Hello,
Your view "local" is not configured to propagate domain "ctc.cu"
authoritatively. This view is configured to propagate only two zones
authoritatively: cam.ctc.cu and Konsole outp0.168.192.in-addr.arpa
Konsole output
0.168.192.in-addr.arpa. Since "ctc.cu" is neither of them, the
nameser
Behalf Of Abdul Khader
Sent: Friday, August 21, 2015 11:36 AM
To: bind-users@lists.isc.org
Subject: Re: Help DNS
Is 127.0.0.1 allowed to query in your named.conf ?
On 8/21/2015 8:22 PM, Int wrote:
Giving problem the DNS's resolution of names
When I sell off a nslookup from localhost:127.0.0.1
Is 127.0.0.1 allowed to query in your named.conf ?
On 8/21/2015 8:22 PM, Int wrote:
Giving problem the DNS's resolution of names
When I sell off a nslookup from localhost:127.0.0.1 in the servers DNS Bind9
Here what the DNS's log generates goes: For the following consultation to the
DNS
Maybe try dig: dig -t txt google.com
On 04/14/2014 10:23 AM, Felix Rubio Dalmau wrote:
Hi everybody,
I have set up a bind9 server, and everything works fine except when I try to
request some fields (e.g., TXT) for any server. If I do
host -t txt
I get
has no TXT record
Maybe try dig: dig -t txt google.com
On 04/14/2014 10:23 AM, Felix Rubio Dalmau wrote:
Hi everybody,
I have set up a bind9 server, and everything works fine except when I try to
request some fields (e.g., TXT) for any server. If I do
host -t txt
I get
has no TXT record
What isn't clear so far is whether the TXT record you're looking up is
in the "myserver.org" zone or some other zone.
If you're authoritative for myserver.org, you're authoritative for *all*
of myserver.org. named isn't going to do "failover forwarding" just
because you neglected to add a TXT
On 4/14/2014 2:58 PM, Steven Carr wrote:
On 14 April 2014 18:53, Felix Rubio Dalmau wrote:
it is not actually a pure caching server (at least I didn't wanted it
to be :S). I have server at home, and the DNS is properly configured at the
internet. The problem is that my router is not
On 14 April 2014 18:53, Felix Rubio Dalmau wrote:
> it is not actually a pure caching server (at least I didn't wanted it
> to be :S). I have server at home, and the DNS is properly configured at the
> internet. The problem is that my router is not capable to redirect my
> requests to m
Hi Steve,
it is not actually a pure caching server (at least I didn't wanted it
to be :S). I have server at home, and the DNS is properly configured at the
internet. The problem is that my router is not capable to redirect my requests
to my server when they come from the LAN. So, I have
On 14 April 2014 17:02, Felix Rubio Dalmau wrote:
> Maybe this is my problem: I have not created any zone file :s. The only files
> I've created/modified are:
> I thought that when requesting fields that are not available in the local dns
> server, such requests would be forwarded to the forward
Maybe this is my problem: I have not created any zone file :s. The only files
I've created/modified are:
### named.conf.local
include "/etc/bind/rndc.key";
zone "myserver.org" {
type master;
file "/etc/bind/db.myserver.local";
allow-update { key rndc-key; };
};
On 14 April 2014 15:59, Felix Rubio Dalmau wrote:
> What files, exactly? Named.conf.local and named.conf.options is enough?
Yep, and the zone files that you have created that contain the TXT
records you want to query for.
Steve
___
Please visit https:/
What files, exactly? Named.conf.local and named.conf.options is enough?
Felix
On Monday 14 April 2014 14:25:53 Steven Carr wrote:
> On 14 April 2014 14:21, Felix Rubio Dalmau wrote:
> > yes, it is the server I've set up in my local LAN. How can I set it
> > to have these TXT records?
>
On 14 April 2014 14:21, Felix Rubio Dalmau wrote:
> yes, it is the server I've set up in my local LAN. How can I set it
> to have these TXT records?
Post your current config and zone files (use pastebin if they are
larger than a few lines).
Then copy/paste the full host command and it's
Hi Barry,
yes, it is the server I've set up in my local LAN. How can I set it to
have these TXT records?
Thank you,
Felix
On Monday 14 April 2014 08:18:12 Barry S. Finkel wrote:
> Felix Rubio Dalmau wrote:
> > Hi everybody,
> >
> >I have set up a bind9 server, and
Felix Rubio Dalmau wrote:
Hi everybody,
I have set up a bind9 server, and everything works fine except when I try to
request some fields (e.g., TXT) for any server. If I do
host -t txt
I get
has no TXT record
whereas if I do
host -t txt
I got the correc
DNSSEC Mastery
https://www.michaelwlucas.com/nonfiction/dnssec-mastery
On Wed, Nov 6, 2013 at 12:54 AM, babu dheen wrote:
> Dear All,
>
> I would like to understand DNSSEC on BIND Recusive DNS server running in
> RHEL 5.0. Can you please let me know resource or reference to understand
> the D
On 11/6/13 1:06 AM, Steven Carr wrote:
> Start with chapter 11.4 "The DNS Security Extensions" in DNS & BIND
> http://www.amazon.com/DNS-BIND-5th-Edition-Cricket/dp/0596100574
Lucas' "DNSSEC Mastery" is also a useful resource, not only about DNSSEC
concepts but also about required prep work and tr
babu dheen wrote:
>
> I would like to understand DNSSEC on BIND Recusive DNS server running
> in RHEL 5.0.
First upgrade BIND to version 9.8 or newer.
Check your network connectivity isn't funted. See for instance
http://www.cisco.com/web/about/security/intelligence/dnssec.html
Then add the fol
Start with chapter 11.4 "The DNS Security Extensions" in DNS & BIND
http://www.amazon.com/DNS-BIND-5th-Edition-Cricket/dp/0596100574
Steve
On 6 November 2013 08:54, babu dheen wrote:
> Dear All,
>
> I would like to understand DNSSEC on BIND Recusive DNS server running in
> RHEL 5.0. Can you ple
In article ,
John Wobus wrote:
> I will add my +1:
>
> NXDOMAIN does not mean "I don't have a number for that name but
> someone else
> might." It means "The DNS lists this name as having no number (or
> whatever)."
> There's no more reason to look further than if you got a positive
> answe
I will add my +1:
NXDOMAIN does not mean "I don't have a number for that name but
someone else
might." It means "The DNS lists this name as having no number (or
whatever)."
There's no more reason to look further than if you got a positive
answer from one server and still wondered if some oth
On 31.05.13 16:41, sumsum 2000 wrote:
The google DNS server was only examples.. it can be some internal DNS
servers and external DNS servers. For eg 10.10.10.10; 120.10.13.12 etc.
where the DNS requests are being forwarded to..
Then it was bad example. You use "type forward" when you want to as
Hi,
The google DNS server was only examples.. it can be some internal DNS
servers and external DNS servers. For eg 10.10.10.10; 120.10.13.12 etc.
where the DNS requests are being forwarded to..
There are issues with connectivity where the DNS entries are not synced up.
And these entries are all sp
On 30.05.13 12:56, sumsum 2000 wrote:
I have zone forwarders as follows with BIND9 setup with forward only option
on a Non Authoritative DNS server
zone "mytestdomain101.com" IN {
type forward;
forwarders {8.8.8.8;4.2.2.1;8.8.4.4};
forward only;
};
On 30.05.13 15:00, sum
In article ,
Ashok Agarwal wrote:
> Sorry, its not */etc/hosts* file rather its */etc/resolv.conf*.
>
>
> On Thu, May 30, 2013 at 1:25 PM, Ashok Agarwal
> wrote:
>
> > One possible way can also be to set the number of nameservers to be looked
> > upon in the /etc/hosts file.
> >
> > nameserve
So your administrator is breaking DNS if all 3 servers have been added
as NS records but the zone is not available on all 3 servers. Get
him/her to fix your DNS hierarchy first then you wont need to check
which server is hosting the subdomain.
Steve
On 30 May 2013 10:30, sumsum 2000 wrote:
> Hi
Hi,
This is a non-standard behavior and I would like to have the following:
In the case where I am working on,
/etc/resolv.conf contains localhost 127.0.0.1 and BIND is listening on
localhost port 53 as non-authoritative DNS
So all the requests are sent through 127.0.0.1 and based on the domai
Well you can do that.
It does not change the fact that NXDOMAIN is a DEFINITIVE answer - it
does not exist, there is no reason to look further.
On 30/05/13 9:56, Ashok Agarwal wrote:
> Sorry, its not */etc/hosts* file rather its */etc/resolv.conf*.
>
>
> On Thu, May 30, 2013 at 1:25 PM, Ashok Ag
Sorry, its not */etc/hosts* file rather its */etc/resolv.conf*.
On Thu, May 30, 2013 at 1:25 PM, Ashok Agarwal
wrote:
> One possible way can also be to set the number of nameservers to be looked
> upon in the /etc/hosts file.
>
> nameserver 8.8.8.8
> nameserver 4.4.2.2
> nameserver 4.1.2.2
>
> R
One possible way can also be to set the number of nameservers to be looked
upon in the /etc/hosts file.
nameserver 8.8.8.8
nameserver 4.4.2.2
nameserver 4.1.2.2
Regards,
Ashok
On Thu, May 30, 2013 at 1:05 PM, Steven Carr wrote:
> It's not possible. NXDOMAIN is NXDOMAIN, it doesn't exist, it d
It's not possible. NXDOMAIN is NXDOMAIN, it doesn't exist, it doesn't
mean try another server to see if you get lucky next time.
Steve
On 30 May 2013 08:26, sumsum 2000 wrote:
> Hi,
> I have the following change to be available from BIND9.
>
> I have zone forwarders as follows with BIND9 setup
> 1. In down level Windows, everything is OK.
> 2. In upper level dns(bind), ns record, and A record of nameserver is fine.
> 3. But A record in WIndows Server can not resolved by upper level BIND.
> I think maybe I have to do something in my windows server to "connect"
> windows with linux bind?
On Jan 10, 2012, at 3:00 PM, michoski wrote:
> On 1/9/12 11:38 PM, "babu dheen" wrote:
>> Can anyone help me how to find bind & microsoft DNS software version using
>> dig or nslookup command remotely?
>
> There are various fingerprinting methods you can use, with widely varying
> degrees of ac
On 1/9/12 11:38 PM, "babu dheen" wrote:
> Can anyone help me how to find bind & microsoft DNS software version using
> dig or nslookup command remotely?
There are various fingerprinting methods you can use, with widely varying
degrees of accuracy, but the most polite way is to use the SOA:
$ di
On 10.01.12 13:08, babu dheen wrote:
Can anyone help me how to find bind & microsoft DNS software version using dig
or nslookup command remotely?
fpdns could guess that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to
In article ,
Mark Andrews wrote:
> In message , Sam
> Wilson writes:
> > In article ,
> > Eduardo Bonsi wrote:
> >
> > > I am checking my DNS setup from inside using dig and I am getting
> > > everything ok but I need a second opinion from outside of the server to
> > > see if my ns1 and n
1 - 100 of 181 matches
Mail list logo
