Hi,
On Sun, Jan 24, 2021 at 4:44 PM Mark Andrews wrote:
>
> Use the correct zone name.
>
> 1.168.192.IN-ADDR.ARPA
>
> You have the full /24 so you don’t need to use RFC2317 techniques.
Thanks so much. That worked great.
___
Please visit https://lists.i
Use the correct zone name.
1.168.192.IN-ADDR.ARPA
You have the full /24 so you don’t need to use RFC2317 techniques.
--
Mark Andrews
> On 25 Jan 2021, at 08:04, Alex wrote:
>
> Hi, I have a fedora32 system with bind-9.11.25 and having a problem
> with setting up a reverse zone for a 192.
Hi, I have a fedora32 system with bind-9.11.25 and having a problem
with setting up a reverse zone for a 192.168.1.0/24 internal network.
It loads okay, but queries fail:
# host 192.168.1.1
Host 1.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
Jan 24 15:56:26 orion bash[1967667]: zone inside.exa
> > This sounds a bit like #336 [1],
>
> Nope - we got bit by that when we upgraded
> to 9.12, which is what resulted in the explicit
> config for rrset-order.
>
> > If you can still reproduce this with current
> > master (or with current v9_12 branch), please
> > open a new GitLab issue.
>
> Pl
Hi Michał,
Thanks for the ack.
> This sounds a bit like #336 [1],
Nope - we got bit by that when we upgraded
to 9.12, which is what resulted in the explicit
config for rrset-order.
> If you can still reproduce this with current
> master (or with current v9_12 branch), please
> open a new GitLab
order config will not round-robin
> these records.
>
> BUT, if I add a third A record, the rDNS servers
> then round-robin.
>
> I can punch in some config elements here if
> it is useful, but this smells like a bug, and
> maybe I should be reporting on gitlab.
>
these records.
BUT, if I add a third A record, the rDNS servers
then round-robin.
I can punch in some config elements here if
it is useful, but this smells like a bug, and
maybe I should be reporting on gitlab.
Thoughts?
mark
___
Please visit https
- Kevin
>
>
> -Original Message-
> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Mark
> Andrews
> Sent: Friday, January 20, 2017 3:55 PM
> To: bind-us...@isc.org
> Subject: Re: rDNS
>
>
> You have the netblock 162.202.233.8
t, and why?
- Kevin
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Mark
Andrews
Sent: Friday, January 20, 2017 3:55 PM
To: bind-us...@isc.org
Subject: Re: rDNS
You have th
Ron Wingfield wrote:
> > I am having difficulty configuring reverse DNS. This has been a
> problem
> > for over a year between my server(s) and my ISP, AT&T. Specifically, I
> > cannot eMail to any recipient that requires rDNS verification, e.g.,
> > SBCglobal.net
So if the DNS resolver used is "OK",
then is there a problem with my code for the in-addr.arpa zone
file? . . .rDNS is not working.
On 1/20/2017 10:19 AM, Bob Harold wrote:
On 20.01.17 09:57, Ron Wingfield wrote:
I am having difficulty configuring reverse DNS. This has been a problem
for over a year between my server(s) and my ISP, AT&T. Specifically, I
cannot eMail to any recipient that requires rDNS verification, e.g.,
SBCglobal.net, Comcast.net
On Fri, Jan 20, 2017 at 10:57 AM, Ron Wingfield
wrote:
> I am having difficulty configuring reverse DNS. This has been a problem
> for over a year between my server(s) and my ISP, AT&T. Specifically, I
> cannot eMail to any recipient that requires rDNS verification, e.g.,
&g
ITC , NetWork & Security Architect & Admin
From: bind-users on behalf of Reindl Harald
Sent: Friday, January 20, 2017 5:06 PM
To: bind-users@lists.isc.org
Subject: Re: rDNS
Am 20.01.2017 um 16:57 schrieb Ron Wingfield:
> I am having difficulty conf
Am 20.01.2017 um 16:57 schrieb Ron Wingfield:
I am having difficulty configuring reverse DNS. This has been a problem
for over a year between my server(s) and my ISP, AT&T. Specifically, I
cannot eMail to any recipient that requires rDNS verification, e.g.,
SBCglobal.net, Comcast.net
I am having difficulty configuring reverse
DNS. This has been a problem for over a year between my
server(s) and my ISP, AT&T. Specifically, I cannot eMail
to any recipient that requires rDNS verification, e.g.,
SBCglobal.net, Comcast.net, or
-Original Message-
From: Listas
Date: Thursday, November 14, 2013 12:57 PM
To: "bind-users@lists.isc.org"
Subject: Size boundaries for zones of IPv6 rDNS
>Hi!
>
>Are there size limits for zones of IPv6 reverse DNS ?
>
>For example, is this a valid zone?
>
Hi!
Are there size limits for zones of IPv6 reverse DNS ?
For example, is this a valid zone?
5.a.8.3.4.f.3.0.c.a.d.f.ip6.arpa
Thank you in advance!
--
Thiago Henrique
www.adminlinux.com.br
___
Please visit https://lists.isc.org/mailman/listinfo/bi
In article ,
Jim Pazarena wrote:
> I set up a subnet on my server, complete with rdns, and ARIN has been
> adjusted for my two dns servers (ns.qcislands.net & ns2.qcislands.net)
>
> the subnet: 23.235.75.0/24
>
> if you do a lookup of, for instance: 23.235.75.10
>
I set up a subnet on my server, complete with rdns, and ARIN has been
adjusted for my two dns servers (ns.qcislands.net & ns2.qcislands.net)
the subnet: 23.235.75.0/24
if you do a lookup of, for instance: 23.235.75.10
and bounce that nslookup off of other dns servers, SOME say:
Authorita
05.166.76.12 are asking me
(216.58.37.216) for the PTR for my address.
Is this just broken NS software or are they (Nintendo, FWIW) doing
something interesting, like giving everyone an opportunity to provide
an rdns for their own IP address without everyone having to make
classless in-addr.arpa delegation
On 24/07/12 14:30, Brian J. Murrell wrote:
Why? I mean other than a knee-jerk reaction to that behavior not (yet)
being documented in an RFC somewhere? I mean for practical purposes why
is what they are (or rather, could be, assuming my suggestion about what
they could be doing is correct) doi
On 12-07-24 07:53 AM, Phil Mayers wrote:
> On 24/07/12 12:05, Brian J. Murrell wrote:
>
> Change ISP?
A. You must be one of those people who live in that part of the
world where internet service providing is not a monopoly, duopoly or at
best a price-fixing oligopoly. :-) Unfortunately tha
ike giving everyone an opportunity to provide
an rdns for their own IP address without everyone having to make
classless in-addr.arpa delegation arrangements with their ISP (which
mine refused to do)?
Change ISP?
It's kind of a neat concept if it's not just an accident of broken NS
On 12-07-24 07:05 AM, Brian J. Murrell wrote:
> I've come across something interesting in my named logs:
>
> 00:14:37 named client 205.166.76.12#60486: view greatunwashed: query (cache)
> '5.37.58.216.in-addr.arpa/PTR/IN' denied
> 00:14:37 named client 205.166.76.12#60486: view greatunwashed: que
d reverse
resolved by my ISP's name servers.
What is interesting is the fact that 205.166.76.12 are asking me
(216.58.37.216) for the PTR for my address.
Is this just broken NS software or are they (Nintendo, FWIW) doing
something interesting, like giving everyone an opportunity to pr
In message <1330508848.24108.140661042811...@webmail.messagingengine.com>, nudge
writes:
> A thought regarding the pros and cons of DNSSEC that I don't recall
> being mentioned.
There are a whole set of things you can do once you have secure
DNS. You just have to use your imagination. This one
A thought regarding the pros and cons of DNSSEC that I don't recall
being mentioned.
Was reverse-dns verification introduced in response to a lack of
confidence in forward-dns ? This can cause much frustration, especially
in smaller environments. If the implementation of DNSSEC allowed us to
avoid
On Tue, Feb 28, 2012 at 06:28:54PM +, Evan Hunt wrote:
> > the one that bites us most often is that of the expired RRSIG. If
> > we could log that but go ahead and accept the data, most of the
> > pain would stop.
>
> BIND has this: "dnssec-accept-expired yes;" Note that it opens you
> to r
In message , michoski writes:
> > Doing DNSSEC verification in 2012 is lopsided the other way. You
> > cannot resolve the names you need sometimes. You're probably not
> > receiving any actual protection from spoofing.
>
> I feel similarly. I do see risk in the non DNSSEC world (thanks to Kamins
> I suppose there are different classes of failures; unfortunately on
> the resolver, there is only one result, SERVFAIL, to cover all. It
> would be better if there was a way to distinguish the "oops, admin
> bungled DNSSEC" errors from the ones which are more likely to be
> indicative of spoo
On 2/28/12 9:26 AM, "/dev/rob0" wrote:
> On Tue, Feb 28, 2012 at 01:16:16PM +0100, Marc Lampo wrote:
>> First of all : I do not deny DNSSEC adds a challenge for administrators.
>> They must understand that adding this additional SECurity aspect,
>> will generate extra work (keygeneration/re-genera
On Tue, Feb 28, 2012 at 01:16:16PM +0100, Marc Lampo wrote:
> Please allow a, partly/mostly, non-technical feedback
> as security officer for a tld (.eu)
>
> First of all : I do not deny DNSSEC adds a challenge for administrators.
> They must understand that adding this additional SECurity aspect
s,
if the signatures are simply ignored.
Kind regards,
Marc Lampo
Security Officer
EURid (for .eu)
-Original Message-
From: michoski [mailto:micho...@cisco.com]
Sent: 24 February 2012 06:01 AM
To: vinny_abe...@dell.com; kob6...@gmail.com; ma...@isc.org
Cc: bind-us...@isc.org
Subject:
On Fri, Feb 24, 2012 at 04:48:14AM +, vinny_abe...@dell.com wrote:
> I kind of had the same thought... If ISC had a DNS outage due to expired
> signatures of a zone, what chance do I have in successfully deploying and
> maintaining DNSSEC for my zones?
Somewhat ironically, the part of ISC resp
On Thu, Feb 23, 2012 at 9:00 PM, michoski wrote:
> On 2/23/12 8:48 PM, "vinny_abe...@dell.com" wrote:
>
>> I kind of had the same thought... If ISC had a DNS outage due to expired
>> signatures of a zone, what chance do I have in successfully deploying and
>> maintaining DNSSEC for my zones? Sure
On 2/23/12 8:48 PM, "vinny_abe...@dell.com" wrote:
> I kind of had the same thought... If ISC had a DNS outage due to expired
> signatures of a zone, what chance do I have in successfully deploying and
> maintaining DNSSEC for my zones? Sure, everyone makes mistakes, but I think it
> speaks volum
ubject: Re: lists.isc.org rDNS failed, DNSSEC?
On Thu, Feb 23, 2012 at 2:47 PM, Mark Andrews wrote:
>
> There was a issues with the delegation of some zones. NS records
> were not added to the parent zone when they should have been but
> the scripts which sign the zones added DS re
On Thu, Feb 23, 2012 at 2:47 PM, Mark Andrews wrote:
>
> There was a issues with the delegation of some zones. NS records
> were not added to the parent zone when they should have been but
> the scripts which sign the zones added DS records which caused the
> parent zone not to be resigned. The
There was a issues with the delegation of some zones. NS records
were not added to the parent zone when they should have been but
the scripts which sign the zones added DS records which caused the
parent zone not to be resigned. The signatures for the parent zone
eventually expired which caused
Yesterday I looked in mail logs for something else and stumbled upon
this (times are UTC):
rob0@harrier:~$ grep 'unknown\[149\.20\.64\.75\]' /var/log/maillog | wc
2713607 44087
rob0@harrier:~$ grep 'unknown\[149\.20\.64\.7
On 4/13/2010 6:42 PM, Jason Davis wrote:
> Hello,
> Is their an easy way to rdns a /20. I can only find examples for a /24
You need to create individual zones for each /24.
--
... and that's just a little bit of history repeating.
-- Pro
Hello,
Is their an easy way to rdns a /20. I can only find examples for a /24
Thanks,
Jason
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Matus UHLAR - fantomas wrote:
On Wed, Jul 8, 2009 at 5:08 PM, Mark Andrews wrote:
RRsets are unordered. Software and configurations should
be prepared for this. Where ordering is required it is
built into the RR type.
Mark
On 14.07.09 14:02, Bryan Irv
> On Wed, Jul 8, 2009 at 5:08 PM, Mark Andrews wrote:
> > RRsets are unordered. Software and configurations should
> > be prepared for this. Where ordering is required it is
> > built into the RR type.
> >
> > Mark
On 14.07.09 14:02, Bryan Irvine wrote:
> I've think I
t;> Other than to really annoy me; =A0is there a valid reason for rr rDNS?
>> >>
>> >>
>> >
>> > Once upon a time, BIND specifically *disabled* round-robin behavior for
>> > non-address (A/) record types. PTR RRsets, among other types, we
In message <53d706300907081412r191946eeo5c9a66657bf8e...@mail.gmail.com>, Bryan
Irvine writes:
> On Mon, Jul 6, 2009 at 4:08 PM, Kevin Darcy wrote:
> > Bryan Irvine wrote:
> >>
> >> Other than to really annoy me; =A0is there a valid reason for rr rDNS?
> &g
On Mon, Jul 6, 2009 at 4:08 PM, Kevin Darcy wrote:
> Bryan Irvine wrote:
>>
>> Other than to really annoy me; is there a valid reason for rr rDNS?
>>
>>
>
> Once upon a time, BIND specifically *disabled* round-robin behavior for
> non-address (A/) record
Bryan Irvine wrote:
Other than to really annoy me; is there a valid reason for rr rDNS?
Once upon a time, BIND specifically *disabled* round-robin behavior for
non-address (A/) record types. PTR RRsets, among other types, were
always given in a "fixed" order.
But, I ju
Other than to really annoy me; is there a valid reason for rr rDNS?
-Bryan
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Friday 13 March 2009 03:14 pm, Ben Bridges wrote:
> You can use one $GENERATE statement in each zone to generate all 256
> CNAME records for that zone.
I couldn't remember the name of that statement for the life of me.
Thanks!
Jeff
--
Jeff Lasman, Nobaloney Internet Services
P.O. Box 52200,
M
> To: Mark Andrews
> Cc: bind-us...@isc.org
> Subject: Re: rDNS for /20
>
> On Thursday 12 March 2009 11:17 pm, Mark Andrews wrote:
>
> > Just set up each of the /24's which make up the /20.
>
> That's what I thought I had to do. I don't even have
On Thursday 12 March 2009 11:17 pm, Mark Andrews wrote:
> Just set up each of the /24's which make up the /20.
That's what I thought I had to do. I don't even have to assign the rDNS;
I only have to set the nameservers. Do I still need lines for each
individual IP#
> > I'm trying to set up a reverse delegation to two nameservers for a
> > /20.
>
> The easiest way to do this is to set it up as 16 /24s. Are you trying
> to do something different?
Only "difference" is that all I need to do is set up the nameserver
assignm
On Thu, 2009-03-12 at 22:11 -0800, Jeff Lasman wrote:
> I've read the relevant parts of DNS and Bind over and over again, and
> I'm still going crazy. I've searched this list going back about three
> years. I've googled. Each step confuses me more .
>
> I'm trying to set up a reverse delegati
Jeff Lasman wrote:
> I've read the relevant parts of DNS and Bind over and over again, and
> I'm still going crazy. I've searched this list going back about three
> years. I've googled. Each step confuses me more .
It would help if you described in more detail what you've tried, and
what is c
In message <200903122311.24920.bli...@nobaloney.net>, Jeff Lasman writes:
> I've read the relevant parts of DNS and Bind over and over again, and
> I'm still going crazy. I've searched this list going back about three
> years. I've googled. Each step confuses me more .
>
> I'm trying to set
I've read the relevant parts of DNS and Bind over and over again, and
I'm still going crazy. I've searched this list going back about three
years. I've googled. Each step confuses me more .
I'm trying to set up a reverse delegation to two nameservers for a /20.
Netmask is 255.255.240.0 (I th
58 matches
Mail list logo
