I meant d.f.ip6.arpa rather than f.d.in-addr.arpa.
> On 24 Jul 2019, at 11:18 pm, Mark Andrews wrote:
>
> There is f.d.in-addr.arpa which is what this ticket is about and
> ipv4only.arpa which Stuart Cheshire is writing a update for and for which
> there is a seperate ticket. Both are DNSSEC
There is f.d.in-addr.arpa which is what this ticket is about and ipv4only.arpa
which Stuart Cheshire is writing a update for and for which there is a seperate
ticket. Both are DNSSEC related. Both cause operational problems. Both
involve having unsigned zones for the relevant names.
For f.d.i
> On 14 Jul 2019, at 1:18 am, Jay Ford wrote:
>
> I'm still confused about why named looks further up the tree than
> c.0.d.7.5.7.c.2.a.9.d.f.ip6.arpa which it holds authoritatively via
> master/slave zone type. That seems like incorrect behavior.
The cache doesn’t know about zones. The look
I'm still confused about why named looks further up the tree than
c.0.d.7.5.7.c.2.a.9.d.f.ip6.arpa which it holds authoritatively via
master/slave zone type. That seems like incorrect behavior.
Is this something I can fix or work around?
_
;>>
>>>> ;; AUTHORITY SECTION:
>>>> . 10796 IN SOA a.root-servers.net.
>>>> nstld.verisign-grs.com. 2019071101 1800 900 604800 86400
>>>>
>>>> ;; Query time: 0 msec
>>>> ;; SERVER: 127.0.0.1#5
I suspect this will be negative response synthesis. The cache has learnt that
d.f.ip6.arpa doesn’t exist in ip6.arpa and when the name in question is looked
up the covering NSEC is returned which covers all of ULA space.
If I’m right querying for DS d.f.ip6.arpa will load the cache appropriatel
On Fri, 12 Jul 2019, Mark Andrews wrote:
On 12 Jul 2019, at 1:00 pm, Mark Andrews wrote:
On 12 Jul 2019, at 11:12 am, Jay Ford wrote:
I have a similar problem with zones for IPv6 ULA space. I'm running BIND
9.14.3. I had hoped that validate-except would do the trick, such as:
validate-
is successful:
>>>>> dig @192.168.220.20 foo.local ns +norec
>>>>
>>>> ; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> @192.168.220.20 foo.local ns +norec
>>>> ; (1 server found)
>>>> ;; global options: +cmd
&g
Almost my point. It comes to my attention the hard way, that MDNS is
enabled by default or by accident in some Linux distros. Check
/etc/nsswitch.conf. Let us know what you find, and thanks a lot!
Longer answer: it depends on whether MDNS is in nsswitch, and what the
ordering is.
--
Fred Mo
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23
>>> ;; flags: qr aa ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 5
>>>
>>> ;; OPT PSEUDOSECTION:
>>> ; EDNS: version: 0, flags:; udp: 4000
>>> ;; QUESTION SECTION:
&
lly unfortunate, there is nat involved here, due to address space
collision, and while this obviously means the practical functionality of this
is questionable, i was expecting that with a static-stub zone, the query itself
would at least function.
i see these messages in the logs:
11-Jul-
IN A 192.168.0.20
> 02.foo.local. 3600IN A 192.168.0.21
> a2.foo.local. 3600IN A 10.201.11.8
> a1.foo.local. 1200IN A 10.201.10.119
>
> ;; Query time: 82 msec
> ;; SERVER: 192.168.220.20#53(192.168.220.20)
> ;; WHEN: Thu Ju
11 16:35:39 EDT 2019
;; MSG SIZE rcvd: 214
additionally unfortunate, there is nat involved here, due to address space
collision, and while this obviously means the practical functionality of this
is questionable, i was expecting that with a static-stub zone, the query itself
would at
Echoing Chris Buxton - you may be better served by using static-stub
rather than stub. Explanation here:
https://bugs.isc.org/Ticket/Display.html?id=45734
Cathy
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from thi
a record in /etc/hosts.
Also the stub zone file updates correctly. I have tested static-stubs
and they work as expected but stubs don't when recursion is enabled on
the BIND server.
Ben
On 08/05/2019 17:02, Chris Buxton wrote:
Remembering that a stub zone is a cache hint, more inform
Remembering that a stub zone is a cache hint, more information is needed.
o What do the two "master" DNS servers say when asked for the SOA record of
'benlavender.co.uk'?
o Are there A or records in the Additional section? If so, can the
indicated IP addresses be
Hi,
I've been trying to configure a stub zone using both BIND 9.8x and 9.9x
for some split-brain internal DNS.
The problem I have is that any client that requests the NS or SOA
records for this zone gets SERVFAIL. The BIND server populates the
/var/named/slaves/benlavender.co.uk.DB
shift (and possible unforeseen
consequences) from iterative to recursive resolution.
http://jpmens.net/2011/01/25/binds-new-static-stub-zone-type/
https://lists.isc.org/pipermail/bind-users/2012-September/088719.html
If you only have a *few*, relatively-static set of unreachables, you might
co
Have a resolver at a branch office with a view containing a stub zone
as follows:
zone "domain.com." IN {
type stub;
masters { 10.216.11.6; 10.58.4.1; 10.50.4.32; };
file "stub/domain.com";
forwarders {};
};
Other notes:
- "
; minimum (30 minutes)
>> )
>> NS ns1.concordia.ca.
>> NS ns2.concordia.ca.
>> --
[but querying it for NS gives SERVFAIL]
> Midnight insight: glue records???
Anne Bennett wrote:
>
> It all looks just peachy, but when I issued:
> dig @localhost -t ns concordia.ca.
> it gave me a SERVFAIL. I couldn't find anything abnormal
> in the syslogs. I can't for the life of my figure out why
> it's unhappy. How can I debug this?
Try rndc trace 10. The debug
NS ns1.concordia.ca.
> NS ns2.concordia.ca.
> --
[but querying it for NS gives SERVFAIL]
Midnight insight: glue records??? The two listed NS are below the
zone cut. How can a stub zone work
Tony Finch enlightens me thus:
> The difference between stub and static-stub is that stub works like the
> root zone hints, i.e. the servers in the zone override the ones that you
> configure for a stub zone, whereas the servers you configure for a
> static-stub zone override the se
In article ,
Hillary Nelson wrote:
> I was asked to add some backup master IP addresses to a slave zone file for
> some HCP system, but those IPs not active and can't do zone transfer until
> system failover.
>
> My question is, does the order of the master ip list matters, so named
> always tr
I was asked to add some backup master IP addresses to a slave zone file for
some HCP system, but those IPs not active and can't do zone transfer until
system failover.
My question is, does the order of the master ip list matters, so named
always tries
first ones until it fails tries next one? Or n
-Original Message-
From: Sowmya Manjanatha
Date: Thursday, February 21, 2013 1:11 PM
To: "bind-users@lists.isc.org"
Subject: Re: BIND master , Windows 2008 stub zone not transferring
>Well, I have a stub zone on Windows 2008 server set-up to use two
>different BIND se
> From: Sowmya Manjanatha
> Well, I have a stub zone on Windows 2008 server set-up to use two
> different BIND server as its list of IPs to use as masters. In the
> DNS manager on Windows, you can always right click on the zone and
> select "Transfer zone from Master&
Well, I have a stub zone on Windows 2008 server set-up to use two different
BIND server as its list of IPs to use as masters. In the DNS manager on
Windows, you can always right click on the zone and select "Transfer zone
from Master". With Wireshark on Windows, I have found that this
On 20.02.13 17:41, Sowmya Manjanatha wrote:
Subject: BIND master , Windows 2008 stub zone not transferring
I am having the same issue and saw a couple of questions but didn't see any
resolutions. Any one have any luck with this.
stub zone is never transferred. It is only queried f
I am having the same issue and saw a couple of questions but didn't see any
resolutions. Any one have any luck with this.
Thanks.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
On Sep 20, 2012, at 4:39 AM, M. Meadows wrote:
> Attempting to determine if a stub zone requires any kind of zone transfer.
> Reading through online doc I find mixed opinions.
No zone transfer. Just an SOA query, an NS query, and (if necessary) A and
record queries for name server
Attempting to determine if a stub zone requires any kind of zone transfer.
Reading through online doc I find mixed opinions. Here's one:
…
Stub-Zones do receive their information by just querying DNS-Servers instead of
requesting a Zone-Transfer. You can even add Stub-Zones for Zones
will=gmail@lists.isc.org
[mailto:bind-users-bounces+listswill=gmail@lists.isc.org] On Behalf Of
Gregory Machin
Sent: Wednesday, October 19, 2011 11:48 PM
To: bind-us...@isc.org
Subject: BIND master , Windows 2008 stub zone not transferring
Hi
We have a Linux server running bind 9.2.4 and dhcpd
none of the zones will transfer to the stub zones on the Windows
servers. From the windows servers I can use nslookup to do zone
transfers with out any issues. But in DNS mangers , on the stub zone ,
when I click one reload, or Transfer from Master, or Transfer new copy
from zone Master then result
On Jul 26, 2011, at 10:51 PM, Feng He wrote:
> On Wed, Jul 27, 2011 at 8:51 AM, Chris Buxton
> wrote:
>>
>> On Jul 25, 2011, at 10:33 PM, Feng He wrote:
>>
>>> On Tue, Jul 26, 2011 at 3:55 AM, ju wusuo wrote:
>>>> Would like to use the BIN
On Wed, Jul 27, 2011 at 8:51 AM, Chris Buxton wrote:
>
> On Jul 25, 2011, at 10:33 PM, Feng He wrote:
>
>> On Tue, Jul 26, 2011 at 3:55 AM, ju wusuo wrote:
>>> Would like to use the BIND stub zone function, however, heard that ISC
>>> considers stopping suppo
On 25/07/11 20:55, ju wusuo wrote:
> Would like to use the BIND stub zone function, however, heard that ISC
> considers stopping support to stub zone in the future, is that true?
I think we may have confused some people in the past about support for
this because of what's written
On Jul 25, 2011, at 12:55 PM, ju wusuo wrote:
> Would like to use the BIND stub zone function, however, heard that ISC
> considers stopping support to stub zone in the future, is that true?
I've heard that rumor from my customers, too. But I haven't heard anything fro
esday, July 26, 2011 1:33 AM
Subject: Re: stub zone
On Tue, Jul 26, 2011 at 3:55 AM, ju wusuo <juwu...@yahoo.com> wrote:
> Would like to use the BIND stub zone function, however, heard that ISC
> considers stopping support to stub zone in the future, is that true?
> _
On Jul 25, 2011, at 10:33 PM, Feng He wrote:
> On Tue, Jul 26, 2011 at 3:55 AM, ju wusuo wrote:
>> Would like to use the BIND stub zone function, however, heard that ISC
>> considers stopping support to stub zone in the futur
Thanks Mark .. I think that probably is the misunderstanding of the
"delegation" usage part.
From: Mark Andrews
To: ju wusuo
Cc: "bind-users@lists.isc.org"
Sent: Monday, July 25, 2011 9:57 PM
Subject: Re: stub zone
In message <131
On Tue, Jul 26, 2011 at 3:55 AM, ju wusuo wrote:
> Would like to use the BIND stub zone function, however, heard that ISC
> considers stopping support to stub zone in the future, is that true?
> ___
Hi,
what's the use of stub zone? I
In message <1311623708.59385.yahoomail...@web44803.mail.sp1.yahoo.com>, ju
wusuo writes:
>
> Would like to use the BIND stub zone function, however, heard that ISC cons=
> iders stopping support to stub zone in the future, is that true?=A0
No. There are no plans to remove s
Would like to use the BIND stub zone function, however, heard that ISC
considers stopping support to stub zone in the future, is that true? ___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
> On Mon, Mar 14, 2011 at 09:16:13PM -0400, Kevin Darcy wrote:
> > As a general rule, use "type forward" zones only if you have some
> > connectivity issue you need to work around, e.g. trying to resolve
> > Internet names from behind a restrictive firewall.
On 18.03.11 10:15, Marc Haber wrote
On 18.03.2011 10:17, Marc Haber wrote:
> Which it doesn't in the "forward" setup, it just immediately returns NXDOMAIN.
Do you include zones.rfc1918 in your configuration? What SOA RR does the
NXDOMAIN return?
| zone "0.10.in-addr.arpa" {
| type forward;
| forwarders { 10.0.0.2; };
| };
On Mon, Mar 14, 2011 at 01:36:10PM +0100, Jan-Piet Mens wrote:
> A stub zone tells BIND to load SOA and NS records from its masters {}.
> (forwarders {} is, I belive, both useless and incorrect here.) From that
> point onwards, your BIND will use the data in the stub to recursively
>
ve could only intermittendly reach the master
servers for the zones, so I'd need to reload these zones quite
frequently to "catch" a time when the VPN tunnel is built. Does a stub
zone use the same mechanism, or will it immediately query for the
stub's NS records when a query
ia DHCP as forwarders.
I have thus configured these zones locally, experimenting with
differnt configuration types:
zone "2.1.10.in-addr.arpa" {
type stub;
masters { 10.1.2.11; 10.1.2.45; };
file "stub/2.1.10.in-addr.arpa";
forwarders { };
On Mon, 14 Mar 2011, Jan-Piet Mens wrote:
>
> A stub zone tells BIND to load SOA and NS records from its masters {}.
> (forwarders {} is, I belive, both useless and incorrect here.) From that
> point onwards, your BIND will use the data in the stub to recursively
> find answers to q
es:
>
> zone "2.1.10.in-addr.arpa" {
> type stub;
> masters { 10.1.2.11; 10.1.2.45; };
> file "stub/2.1.10.in-addr.arpa";
> forwarders { };
> };
>
> zone "101.1.10.in-addr.arpa" {
> type forwar
Marc,
A stub zone tells BIND to load SOA and NS records from its masters {}.
(forwarders {} is, I belive, both useless and incorrect here.) From that
point onwards, your BIND will use the data in the stub to recursively
find answers to queries for that zone.
The forwarder on the other hand
;stub/2.1.10.in-addr.arpa";
forwarders { };
};
zone "101.1.10.in-addr.arpa" {
type forward;
forwarders { 10.1.101.6; };
forward only;
};
The stub zone works; the forward zone doesn't. When I ask my local
bind for 6.101.1.10.in-addr.arpa (PTR), I get an immediate NXD
On Fri, 2 Oct 2009, Mark Andrews wrote:
zone "ca." IN {
type stub;
masters { 192.228.22.190; 192.228.22.189; };
};
To make the test signed ca work you need to replace the NS RRet
with the names of the nameservers that serve the signed CA zone.
At the moment you end up with t
In message , Paul Wou
ters writes:
>
> Hi,
>
> I've been trying to configure bind to use a stub zone, for which I
> have keys configured. When I do this, I see a ServFail, with the
> logs pointing to:
>
> 01-Oct-2009 11:00:03.053 lame-servers: info: not insecu
Hi,
I've been trying to configure bind to use a stub zone, for which I
have keys configured. When I do this, I see a ServFail, with the
logs pointing to:
01-Oct-2009 11:00:03.053 lame-servers: info: not insecure resolving
'xelerance.ca/DNSKEY/IN': 193.110.157.135#53
Whe
On Thu, Mar 05, 2009 at 02:06:18PM +0100,
squid proxy wrote
a message of 13 lines which said:
> Howto create a stub zone instead of slave zone on BIND 9.3.4-P1.1?
Read the documentation ?
<https://www.isc.org/software/bind/documentation/arm95>
zone zone_name [class] {
hi
At the moment our internal DNS servers are authorative for the main
domain via slave zones, which will be generating unnecessary
replication traffic.
Howto create a stub zone instead of slave zone on BIND 9.3.4-P1.1?
What are differences between slave and stub zone?
Piotr
58 matches
Mail list logo
