RE: DNSSEC and forward zone

that much about the parent setup. Anyway, thanks and regards! David From: bind-users On Behalf Of Petr Menšík Sent: 21 April 2023 10:59 To: bind-users@lists.isc.org Subject: Re: DNSSEC and forward zone Would it make sense to create a subdomain for internal use, but have the main zone

Re: DNSSEC and forward zone

*Sent:* 19 April 2023 10:27 *To:* David Carvalho *Cc:* Bind Users Mailing List *Subject:* Re: DNSSEC and forward zone Hi David, You can disable validation on one or more domains using "validate-except" - https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statemen

Re: DNSSEC and forward zone

were, the key would be different than that on the outside servers, which is the same domain. Not optimistic Regards David -Original Message- From: bind-users On Behalf Of Petr Špacek Sent: 19 April 2023 10:35 To: bind-users@lists.isc.org Subject: Re: DNSSEC and forward zone Yo

RE: DNSSEC and forward zone

C and forward zone You can disable it, but that's just workaround. It would be better to fix it :-) I would recommend checking logs on resolver which is failing to resolve the domain. I guess you will find out a DNSSEC validation error would tell us what's misconfigured. My bet is th

RE: DNSSEC and forward zone

and forward zone Hi David, You can disable validation on one or more domains using "validate-except" - https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-validate-except Thank you, Darren Ankney On Wed, Apr 19, 2023 at 5:05 AM David Carvalho via

RE: DNSSEC and forward zone

and forward zone Hi David, You can disable validation on one or more domains using "validate-except" - https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-validate-except Thank you, Darren Ankney On Wed, Apr 19, 2023 at 5:05 AM David Carvalho via

Re: DNSSEC and forward zone

You can disable it, but that's just workaround. It would be better to fix it :-) I would recommend checking logs on resolver which is failing to resolve the domain. I guess you will find out a DNSSEC validation error would tell us what's misconfigured. My bet is that the internal domains are

Re: DNSSEC and forward zone

Hi David, You can disable validation on one or more domains using "validate-except" - https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-validate-except Thank you, Darren Ankney On Wed, Apr 19, 2023 at 5:05 AM David Carvalho via bind-users < bind-users@lists.isc.org> wrot

DNSSEC and forward zone

Hello guys Asking for your help, again. So after setting up DNSSEC I've found I couldn't reach some internal sites on my top domain, served by internal DNS servers There's no need in hiding domains as my e-mail is shown here. Top domain ubi.pt (external

Re: Forward zone does not work when allow recursive is restrictive

hat I think] important parts to here, as all the Config would be a few hundret lines (because of split view and many zones) On the first DNS-Server options { allow-recursion { localnets; localhost; internal; my-datacenter; mc-office; }; }; zone "test.lab.foo.com" { forward

Re: Forward zone does not work when allow recursive is restrictive

here, as all the Config would be a few hundret lines (because of > split view and many zones) > > On the first DNS-Server > > options { > allow-recursion { > localnets; > localhost; > internal; > my-datacenter; > mc-office; > }; > }; > > zone &qu

Forward zone does not work when allow recursive is restrictive

lnets; localhost; internal; my-datacenter; mc-office; }; }; zone "test.lab.foo.com" { forward only; forwarders { ; }; type forward; }; zone "foo.com" { file "/etc/bind/zones/foo.com.zone"; type master; }; My issue: When I am in a local network, that is whitelisted in

Re: rpz using a forward zone

solutions > then. > > Thanks. > > On 05/06/2019 12:03, Tony Finch wrote: >> Mike Woods wrote: >>> >>> So, the long and short of things, is it actually possible to point the >>> response policy at a forward zone >> >> No, the RPZ zon

Re: rpz using a forward zone

I was afraid that would be the answer, time to try some other solutions then. Thanks. On 05/06/2019 12:03, Tony Finch wrote: > Mike Woods wrote: >> >> So, the long and short of things, is it actually possible to point the >> response policy at a forward zone > > N

Re: rpz using a forward zone

Mike Woods wrote: > > So, the long and short of things, is it actually possible to point the > response policy at a forward zone No, the RPZ zone file has to be present on the resolver. The RPZ is parsed into a special fast lookup data structure so that policies can be applied efficient

rpz using a forward zone

ues for us updating bind itself right now), to that end I've setup rbldnsd to serve a parsed copy of the spamhaus zonefile (using dig to pull down a copy mitigate any issues) and this is working as expected however if I configure the response policy in bind to use the resulting forward zone fo

Re: RPZ and forward zone trouble

Lee, thanks for your quick answer. > I applied the policy based on rpz-nsip trigger instead of mg.gov.br QNAME > because of some others situations in my environment. Like I said earlier, the > doubt is why when there's no forward zone the trigger works properly? In my > opinion

Re: RPZ and forward zone trouble

On 3/25/19 11:15 PM, Crist Clark wrote: if they are cached and available, it will go ahead and use them. Does having the necessary information in an authoritative zone count as available in this context? -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature _

Re: RPZ and forward zone trouble

situations in my environment. Like I said earlier, the > doubt is why when there's no forward zone the trigger works properly? In my > opinion it should'nt have different behaviour just because of forward zone, > at least I can't imagine why this is happening. > The Bind ve

Re: RPZ and forward zone trouble

Lee, thanks for your quick answer. I applied the policy based on rpz-nsip trigger instead of mg.gov.br QNAME because of some others situations in my environment. Like I said earlier, the doubt is why when there's no forward zone the trigger works properly? In my opinion it should&#x

Re: RPZ and forward zone trouble

On 3/25/19, Miguel Mucio Santos Moreira wrote: > > Hello everybody! Hi! > I have a problem with DNS-RPZ and forward zone working together. > I've created a rpz zone with the following trigger on my recursive DNS > Server: > 18.0.0.198.200.rpz-nsip IN CNAME rpz-passthru.

RPZ and forward zone trouble

Hello everybody! I have a problem with DNS-RPZ and forward zone working together. I've created a rpz zone with the following trigger on my recursive DNS Server: 18.0.0.198.200.rpz-nsip IN CNAME rpz-passthru. It means any query response comming from a DNS Server which IP address matching

Re: Forward zone inside a view

Grant Taylor via bind-users wrote: > > I know it's not yet an option and won't yet work for Roberto C., but would > BIND's forthcoming "mirror" zone type change any of this? No. Tony. -- f.anthony.n.finchhttp://dotat.at/ safeguard the balance of nature and the environment __

Re: Forward zone inside a view

Controlling DNS resolution isn't the panacea for all security challenges, but then neither is a firewall. Or IPS. Or DLP. Or blacklisting/whitelisting. Or restrictive routing. Or NAT'ing. But some combination of those can be part of an overall security strategy. Defense in depth. - Kevin On Tue,

Re: Forward zone inside a view

All these replies are correct in the details (as usual), but miss the point. Blocking name resolution, while popular, does not meet the OP's requirement: "The point is I have several desktops that *must* have access **only** to internal domains.*" Let's say that your client's favorite illicit si

Re: Forward zone inside a view

On 02/12/2019 03:45 PM, Kevin Darcy wrote: "recursion no" is incompatible with *any* type of forwarding or iterative resolution. Should only be used if *everything* you resolve is from authoritative data, i.e. for a hosting-only BIND instance. I know it's not yet an option and won't yet work f

Re: Forward zone inside a view

On 02/07/2019 07:02 PM, Paul Kosinski wrote: I haven't analyzed the details and pitfalls, but could a Web proxy mechanism of some sort be of help? In particular, rather than having your users directly access "teamviewer.org" (or whatever), have them to access "teamviewer.local", which is resolv

Re: Forward zone inside a view

perations in this >> >public domain. >> >> if you disable recursion, any client using that server will only have >> access >> to the domains that are configured on that server internally. >> >> That also means they won't be allowed to contact any intern

Re: Forward zone inside a view

Hello. Am Donnerstag, den 07.02.2019, 10:32 -0300 schrieb Roberto Carna: > Dear, I have Bind 9.10.3 as our private DNS service with two views, > one of them let some clients to query linux.org domain from Internet > forwarding the query to our Bind resolvers, but the query is refused > by our priv

Re: Forward zone inside a view

ktops that must have access only to > internal domains. The unique exception is they have access to > teamviewer.com <http://teamviewer.com>  in order to download the > Teamviewer client and a pair of operations in this public domain. > > I think if I have setup "recursio

Re: Forward zone inside a view

ly. > > That also means they won't be allowed to contact any internal domains, > unless you configure those internal domains on that server. > Also no windows updates, nothing. > > >I think if I have setup "recursion = no", if I define a forward zone with > >&quo

Re: Forward zone inside a view

ntact any internal domains, unless you configure those internal domains on that server. Also no windows updates, nothing. I think if I have setup "recursion = no", if I define a forward zone with "type forward" and the corresponding forwarder, this option enable the recursion j

Re: Forward zone inside a view

in order to download the Teamviewer client and a pair of operations in this public domain. I think if I have setup "recursion = no", if I define a forward zone with "type forward" and the corresponding forwarder, this option enable the recursion just for this defined zone. In general,

Re: Forward zone inside a view

ew) level, not overridden at the zone level. 2. If I set "recursion no" at the view level, then a "type forward" zone has no effect: view "foo" { recursion no; ... zone "teamviewer.com" { type forward; forward only; forwarders {172.

Re: Forward zone inside a view

I haven't analyzed the details and pitfalls, but could a Web proxy mechanism of some sort be of help? In particular, rather than having your users directly access "teamviewer.org" (or whatever), have them to access "teamviewer.local", which is resolved by your internal DNS to a specialized proxy se

Re: Forward zone inside a view

On 2/7/19 2:30 PM, Roberto Carna wrote: > Dear, thanks for your contact. I've used teamviewer.com > just for tests. > > Desktops I mentioned can only access to web apps from internal domains, > but in some web apps there are links to download Teamviewer client > software fr

Re: Forward zone inside a view

t; can only be set at the top (view) level, not overridden at the zone level. 2. If I set "recursion no" at the view level, then a "type forward" zone has no effect: view "foo" { recursion no; ... zone "teamviewer.com" {

Re: Forward zone inside a view

On 07.02.19 14:58, Roberto Carna wrote: In our company we have several desktops from two different cities accessing only to internal domains distributed in two views in a private BIND with authoritative zones, where I've defined "recursion no;". But now we have to let them access to *.teamviewer

Re: Forward zone inside a view

Ok Tony, please let me explain to you. In our company we have several desktops from two different cities accessing only to internal domains distributed in two views in a private BIND with authoritative zones, where I've defined "recursion no;". But now we have to let them access to *.teamviewer.c

Re: Forward zone inside a view

Roberto Carna wrote: > > So how can I define "recursion yes" just for the zone "linux.org" ??? You can turn recursion on and off for the entire server, or per view, but not per zone. It isn't clear to me what you want this server to do. If it is providing DNS service to end-user devices (if it i

Re: Forward zone inside a view

also they are >> > resolvers that forward the queries to 8.8.8.8). >> > >> > So why you say they are authoritative only servers? >> >> Oh, I misread your explanation, I thought the "recursion no" in your >> configuration was on the target server

Re: Forward zone inside a view

ay they are authoritative only servers? > > Oh, I misread your explanation, I thought the "recursion no" in your > configuration was on the target server. But it is on the server with the > "type forward" zone, and since forwarding requires recursion, it will not >

Re: Forward zone inside a view

vers? Oh, I misread your explanation, I thought the "recursion no" in your configuration was on the target server. But it is on the server with the "type forward" zone, and since forwarding requires recursion, it will not work. Tony. -- f.anthony.n.finchhttp://dotat.at/ S

Re: Forward zone inside a view

Dear Tony, I forward the "linux.org" queries from our private Bind to our Bind resolvers (they have authoritative public zones and also they are resolvers that forward the queries to 8.8.8.8). So why you say they are authoritative only servers? A I said, can I still use the forward option for "li

Re: Forward zone inside a view

Roberto Carna wrote: > Dear, I have Bind 9.10.3 as our private DNS service with two views, one of > them let some clients to query linux.org domain from Internet forwarding > the query to our Bind resolvers, but the query is refused by our private > Bind. You can't forward to an authoritative-on

Forward zone inside a view

Dear, I have Bind 9.10.3 as our private DNS service with two views, one of them let some clients to query linux.org domain from Internet forwarding the query to our Bind resolvers, but the query is refused by our private Bind. The private Bind has these main parameters in named.conf.options: opti

Re: forward zone

Le 27/10/2018 à 14:13, Matus UHLAR - fantomas a écrit : On 27.10.18 13:53, Frédéric Lochon wrote: This is what I wanted to do. But allow-query and allow-recursion are not allowed inside a zone of type forward. aha. I haven't looked at possibbility of allow-recursion for "type for

Re: forward zone

s because it is not "trusted" As you can't have "allow-query" in a zone of type "forward", I don't find any nice solution. Le 26/10/2018 à 09:21, Matus UHLAR - fantomas via bind-users a écrit : You can and you also need to add allow-query for it.  However,

Re: forward zone

" - nobody from outside my home network is allowed to send queries because it is not "trusted" As you can't have "allow-query" in a zone of type "forward", I don't find any nice solution. You can and you also need to add allow-query for it.  However,

Re: 2 Questions - forward zone and DNS firewalling

ats just silly. > > > > > >> > >> On Fri, Oct 26, 2018 at 10:41 AM Bob Harold > >> wrote: > >> > >> > > >> > On Thu, Oct 25, 2018 at 4:34 PM N6Ghost > >> > wrote: > >> >> Hi All, > >>

Re: 2 Questions - forward zone and DNS firewalling

;> >> On Fri, Oct 26, 2018 at 10:41 AM Bob Harold >> wrote: >> >> > >> > On Thu, Oct 25, 2018 at 4:34 PM N6Ghost wrote: >> > >> >> Hi All, >> >> >> >> have two questions first, I am not a huge fan of using forwardin

Re: 2 Questions - forward zone and DNS firewalling

te: > > > >> Hi All, > >> > >> have two questions first, I am not a huge fan of using forwarding > >> zones and our "load balancing" team, has there zone delegated to > >> them in a way that needs an internal forward zone to work properly &

Re: 2 Questions - forward zone and DNS firewalling

gated to > > them in a way that needs an internal forward zone to work properly > > on the inside and not rely on on internet POP. > > > > I want to move a core namespace to the load balancer but i want > > them to let me assign them a new zone thats internally > >

Re: 2 Questions - forward zone and DNS firewalling

On Fri, 26 Oct 2018 09:46:39 -0600 Grant Taylor via bind-users wrote: > On 10/26/2018 01:08 AM, N6Ghost wrote: > > maybe its just old habits, > > Fair enough. I know that I have plenty of my own old (¿bad?) habits > too. > > > i think its a bad idea to build your infrastructure in a way the

Re: 2 Questions - forward zone and DNS firewalling

On Fri, 26 Oct 2018 09:50:31 -0600 Grant Taylor via bind-users wrote: > On 10/26/2018 08:52 AM, Kevin Darcy wrote: > > My basic rule of thumb is: use forwarding when connectivity > > constraints require it. Those constraints may be architectural, > > e.g. a multi-tiered, multi-layer network for s

Re: 2 Questions - forward zone and DNS firewalling

On 10/26/2018 08:52 AM, Kevin Darcy wrote: My basic rule of thumb is: use forwarding when connectivity constraints require it. Those constraints may be architectural, e.g. a multi-tiered, multi-layer network for security purposes, or may be the result of screwups or unintended consequences, e.g

Re: 2 Questions - forward zone and DNS firewalling

On 10/26/2018 01:08 AM, N6Ghost wrote: maybe its just old habits, Fair enough. I know that I have plenty of my own old (¿bad?) habits too. i think its a bad idea to build your infrastructure in a way the needs forward zones to work. not when you can build it with proper delegation. i just

Re: 2 Questions - forward zone and DNS firewalling

internally authoritative and use it >> as the LB domain. >> >> which would be: >> cname name.domain.com -> newname.newzone.domain.com >> >> they want: >> cname name.domain.com -> newname.oldzone.domain.com >> >> old zone is directly delagated from

Re: 2 Questions - forward zone and DNS firewalling

On Thu, Oct 25, 2018 at 4:34 PM N6Ghost wrote: > Hi All, > > have two questions first, I am not a huge fan of using forwarding zones > and our "load balancing" team, has there zone delegated to them in a > way that needs an internal forward zone to work properly on the

Re: 2 Questions - forward zone and DNS firewalling

On 26/10/2018 08:08, N6Ghost wrote: > maybe its just old habits, i think its a bad idea to build your > infrastructure in a way the needs forward zones to work. not when you > can build it with proper delegation. > > i just think when building namespaces proper delegation should be used > and for

Re: forward zone

7;t find any nice solution. You can and you also need to add allow-query for it. However, since forward zone is not stored locally, all requests for it are fowarded, so you must allow recursion for the zone, if you want to allow everyone to use it. Now I have a question, why do you want people

Re: 2 Questions - forward zone and DNS firewalling

omain. > > > > which would be: > > cname name.domain.com -> newname.newzone.domain.com > > > > they want: > > cname name.domain.com -> newname.oldzone.domain.com > > > > old zone is directly delagated from outside to them so we need an >

Re: 2 Questions - forward zone and DNS firewalling

omain. > > > > which would be: > > cname name.domain.com -> newname.newzone.domain.com > > > > they want: > > cname name.domain.com -> newname.oldzone.domain.com > > > > old zone is directly delagated from outside to them so we need an >

Re: 2 Questions - forward zone and DNS firewalling

On Thu, Oct 25, 2018 at 2:57 PM Grant Taylor via bind-users < bind-users@lists.isc.org> wrote: > On 10/25/18 2:34 PM, N6Ghost wrote: > [snip] > > > next, we where a bind shop but switched to infoblox for some stuff and > > now out grew it. and are going back to bind. > > > > but we started using

forward zone

e only solution I found is to allow queries from the whole planet Earth by changing "allow-query" in options to "any". But this is not recommended. I also though of using "views" but you can't have "options" in views. So I&#x

Re: 2 Questions - forward zone and DNS firewalling

ame name.domain.com -> newname.oldzone.domain.com old zone is directly delagated from outside to them so we need an internal forward zone for it. i dont want to rely on that. Can I ask why you don't like forwarded zones? Is it a possibility to slave the zone off of them instead of forwarding to t

2 Questions - forward zone and DNS firewalling

Hi All, have two questions first, I am not a huge fan of using forwarding zones and our "load balancing" team, has there zone delegated to them in a way that needs an internal forward zone to work properly on the inside and not rely on on internet POP. I want to move a core namesp

Re: Difference between delegation and forward zone

In message <1993722142.5470245.1488838862...@mail.yahoo.com>, Mik J via bind-users writes: > > > Barry: "Also, if there are no delegation records for the subdomain, the > parent server believes it's authoritative for them, despite having > forwarders configured." > I don't understand what you jus

Re: Difference between delegation and forward zone

Barry: "Also, if there are no delegation records for the subdomain, the parent server believes it's authoritative for them, despite having forwarders configured." I don't understand what you just wrote above. Are you saying I need to do both delegation and forwarding on my authoritative server

Re: Difference between delegation and forward zone

In article , "McDonald, Daniel (Dan)" wrote: > Yes, you can forward to a subdomain. Just define it as a separate zone and > include the forwarders and forward-only lines. I believe you need > allow-query-cache for this to work. This won't work reliably if the server is supposed to be author

Re: Difference between delegation and forward zone

Subject: Difference between delegation and forward zone Hello, I would like to check if my understanding is correct regarding delegation and forward Delegation: I want to delegate the administrative tasks to someone else for one subdomain subdomain1.mydomain.org I'll specify the NS of

Difference between delegation and forward zone

other person will be able to create rr1.subdomain1.mydomain.org Forward zone: I can forward a specific zone to a DNS that is different from the default fowarders or I won't attempt to do an iterative lookup. => Question 1: Can I have a forward zone that is a subdomain subdomain1.mydomain.

RE: Forward zone not working

> -Original Message- > From: bind-users-boun...@lists.isc.org > [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Matus UHLAR - fantomas > Sent: Saturday, May 21, 2016 1:27 PM > To: bind-users@lists.isc.org > Subject: Re: Forward zone not working > > On 2

RE: Forward zone not working

> -Original Message- > From: bind-users-boun...@lists.isc.org > [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Matus UHLAR - fantomas > Sent: Saturday, May 21, 2016 1:16 PM > To: bind-users@lists.isc.org > Subject: Re: Forward zone not working > > >

RE: Forward zone not working

> -Original Message- > From: MegaBrutal [mailto:megabru...@gmail.com] > Sent: Friday, May 20, 2016 9:11 PM > To: Woodworth, John R; bind-users > Subject: Re: Forward zone not working > > 2016-05-20 23:09 GMT+02:00 Woodworth, John R : > > The below refere

Re: Forward zone not working

On 20.05.16 21:09, Woodworth, John R wrote: This is exactly what some colleagues and I are working to get a handle on. We see this as becoming a larger and larger issue especially as IPv6 adoption increases. We have had several customers already request generics at /96 and larger blocks as they

Re: Forward zone not working

2016-05-20 23:09 GMT+02:00 Woodworth, John R : The below referenced I-D for "BULK" records: * Provides "generics" which are automatically generated based on a set of rules. * The records have similar features as wildcards where they may be superimposed an appear only where more specific

Re: Forward zone not working

2016-05-20 23:09 GMT+02:00 Woodworth, John R : > The below referenced I-D for "BULK" records: > * Provides "generics" which are automatically generated based on a set of > rules. > * The records have similar features as wildcards where they may be > superimposed > an appear only where mor

RE: Forward zone not working

> -Original Message- > From: bind-users-boun...@lists.isc.org > [mailto:bind-users-boun...@lists.isc.org] > On Behalf Of John Wobus > Sent: Friday, May 20, 2016 3:08 PM > To: bind-users > Subject: Re: Forward zone not working > > On May 16, 2016, at

Re: Forward zone not working

On May 16, 2016, at 5:35 PM, MegaBrutal wrote: > > 2016-05-16 19:45 GMT+02:00 Alan Clegg : >> On 5/16/16, 1:30 PM, "MegaBrutal" > behalf of megabru...@gmail.com> wrote: >> >>> I want to have valid reverse & forward hostnames set up >>> for this /64 subnet. >> >> This is silly. Don't do this. >

Re: Forward zone not working

On 17 May 2016 at 09:29, Woodworth, John R wrote: > > > > > >Ideally every machine should be registering its own PTR record in the > > > >DNS and addresses without machines shouldn't have PTR records. > > > >The only reason ISP did this is that they were too lazy to manage PTR > > > >records for

RE: Forward zone not working

> > > >Ideally every machine should be registering its own PTR record in the > > >DNS and addresses without machines shouldn't have PTR records. > > >The only reason ISP did this is that they were too lazy to manage PTR > > >records for their customers. > > > > And because no ISP wants "you.suck.is

Re: Forward zone not working

> >Ideally every machine should be registering its own PTR record in > >the DNS and addresses without machines shouldn't have PTR records. > >The only reason ISP did this is that they were too lazy to manage > >PTR records for their customers. > > And because no ISP wants "you.suck.isp.com" to sho

Re: Forward zone not working

In message , Alan Clegg writes: > On 5/16/16, 6:30 PM, "Mark Andrews" wrote: > > >Ideally every machine should be registering its own PTR record in > >the DNS and addresses without machines shouldn't have PTR records. > >The only reason ISP did this is that they were too lazy to manage > >PTR re

Re: Forward zone not working

On 5/16/16, 6:30 PM, "Mark Andrews" wrote: >Ideally every machine should be registering its own PTR record in >the DNS and addresses without machines shouldn't have PTR records. >The only reason ISP did this is that they were too lazy to manage >PTR records for their customers. And because no IS

Re: Forward zone not working

In message , MegaBrutal writes: > 2016-05-16 19:45 GMT+02:00 Alan Clegg : > > On 5/16/16, 1:30 PM, "MegaBrutal" > behalf of megabru...@gmail.com> wrote: > > > >>I want to have valid reverse & forward hostnames set up > >>for this /64 subnet. > > > > This is silly. Don't do this. > > Why? > >

Re: Forward zone not working

On 5/16/16, 5:35 PM, "MegaBrutal" wrote: >2016-05-16 19:45 GMT+02:00 Alan Clegg : >> On 5/16/16, 1:30 PM, "MegaBrutal" > behalf of megabru...@gmail.com> wrote: >> >>>I want to have valid reverse & forward hostnames set up >>>for this /64 subnet. >> >> This is silly. Don't do this. > >Why? Becau

Re: Forward zone not working

2016-05-16 19:45 GMT+02:00 Alan Clegg : > On 5/16/16, 1:30 PM, "MegaBrutal" behalf of megabru...@gmail.com> wrote: > >>I want to have valid reverse & forward hostnames set up >>for this /64 subnet. > > This is silly. Don't do this. Why? Most ISPs set up reverse & forward domain names for pool a

Re: Forward zone not working

Temporarily I enabled recursion on the server and then the forward zone worked well. Now, if I could enable recursion for a specific zone only, then I won. Do you have an idea how to do this? I only see options to restrict recursion for clients. Now I want to control recursion by query (which

Re: Forward zone not working

If you want to delegate space to another server DELEGATE it. Add NS records for the other server. Forward "zones" are NOT designed to do this. Doing actual delegations is *not* hard and works with every server in the world. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Aus

RE: Forward zone not working

> -Original Message- > From: bind-users-boun...@lists.isc.org > [mailto:bind-users-boun...@lists.isc.org] On Behalf Of MegaBrutal > Sent: Monday, May 16, 2016 1:31 PM > To: bind-users@lists.isc.org > Subject: Forward zone not working > > Hi all, > > I have

Re: Forward zone not working

On 5/16/16, 1:30 PM, "MegaBrutal" wrote: >I want to have valid reverse & forward hostnames set up >for this /64 subnet. This is silly. Don't do this. AlanC ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this

Re: Forward zone not working

On Mon, May 16, 2016 at 07:30:30PM +0200, MegaBrutal wrote: > zone "y.y.y.y.x.x.x.x.x.x.x.x.x.x.x.x.ip6.arpa" { > type forward; > forward only; > forwarders { ::; }; // IPv6 address of AllKnowingDNS. > }; > > Where x substitutes digits of my /48, y substitutes digits of my > /

Forward zone not working

Hi all, I have an IPv6 reverse PTR zone for a /48 subnet delegated to my BIND server, and one of its /64 subnets are used with SLAAC + Privacy Extensions. I want to have valid reverse & forward hostnames set up for this /64 subnet. Generating 2 ^ 64 reverse & forward records for BIND would be wast

Re: Bind 9.9.1 forward zone "local"

In message <53324030.1080...@hireahit.com>, Dave Warren writes: > On 2014-03-25 16:16, Mark Andrews wrote: > > ".local" is reserved for mDNS. I would say stop trying to use ".local" in > > the DNS. > > While true, I don't think it will help this particular issue. As I > understand it, BIND know

Re: Bind 9.9.1 forward zone "local"

On 2014-03-25 16:16, Mark Andrews wrote: ".local" is reserved for mDNS. I would say stop trying to use ".local" in the DNS. While true, I don't think it will help this particular issue. As I understand it, BIND knows, by knowledge of being a root server, that local. can't possibly exist, and

Re: Bind 9.9.1 forward zone "local"

".local" is reserved for mDNS. I would say stop trying to use ".local" in the DNS. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://list

Re: Bind 9.9.1 forward zone "local"

nothing, its correct name 2014-03-26 1:01 GMT+04:00 Lawrence K. Chen, P.Eng. : > What happens if you remove the "." after local? > > On 03/25/14 12:57, Андрей Ветров wrote: > > Hello. I have a problem with forwarding zone "local" to ISP resolvers. > > My config is: > > options { > > dire

Re: Bind 9.9.1 forward zone "local"

What happens if you remove the "." after local? On 03/25/14 12:57, Андрей Ветров wrote: > Hello. I have a problem with forwarding zone "local" to ISP resolvers. > My config is: > options { > directory "/tmp"; > disable-empty-zone "."; > }; > > zone "." { > type slave; >

Re: Bind 9.9.1 forward zone "local"

I would imagine your issue is a lack of an NS delegation in the root zone you are slaving. If you load a parent and then try to forward a child of that parent you must have a delegation in the parent. The delegation doesn't have to match the forwarders but it must exist. On Mar 25, 2014 1:57 PM, "

  1   2   >