Re: DNS requests error sending response: host unreachable

I see, but It should be statefull right ? On 12 March 2012 23:57, Mark Andrews wrote: > > In message < > caaoqnkg-xfkws_fen9kedub7w19vf4jocsfp52lb8ixv5+g...@mail.gmail.com> > , Romgo writes: > > > > Here is my Iptables configuration for bind : > > > > # prod.dns.in > > $IPTABLES -t filter -A IN

Re: DNS requests error sending response: host unreachable

Zitat von Romgo : I see, but It should be statefull right ? If using stateful UPD filtering you might get hit by short timeout values for UDP state matching, so packets get dropped if the query is too slow. Regards Andreas ___ Please visit

Re: Recursive queries fail after bind has been running for a few hours

B0;261;0cHi there, On Mon, Mar 12, 2012 at 12:05 PM, Mr X wrote: I'm having a bizarre issue with 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 - recursive queries stop functioning after bind has been running for a few hours. It's a very low volume system (dev), maybe a few queries per hour ... I saw so

[no subject]

Dear all, I have a problem in the understanding of the creation of a subzone. Here the situation; let's call the name server ns1.xxx.be I have zone "toto.be" with some records (not important) In the same name server, I want to create the subzone "titi.toto.be" with some records. ==> d

with subject: NS record for subzone definition

Dear all, I have a problem in the understanding of the creation of a subzone. Here the situation; let's call the name server ns1.xxx.be I have zone "toto.be" with some records (not important) In the same name server, I want to create the subzone "titi.toto.be" with some records. ==> d

Re:

On 3/13/12 8:20 AM, "hugo hugoo" wrote: > ==> do I have to create in zone "toto.be" the following NS record: > > titi.toto.be. TTL IN NSns1.xxx.be > > > I have found cases where this situation is present and other when it is not > present...and both cases seems

Re: NS records

On Tue, Mar 13, 2012 at 08:26:02AM -0500, Daniel McDonald wrote: > > On 3/13/12 8:20 AM, "hugo hugoo" wrote: > > > ==> do I have to create in zone "toto.be" the following NS record: > > > > titi.toto.be. TTL IN NSns1.xxx.be > > > > > > I have found cases where th

Re: DNS Amplification Attack Mitigation

Hello, Did I miss any feedback on this, or perhaps there isn't any to offer (?) Thank you. > > From: Fr34k >To: Bindlist >Sent: Friday, March 9, 2012 10:30 AM >Subject: DNS Amplification Attack Mitigation > > > >All, > >I am (we all are (?)) interested in te

NS record outside of our name space

How can I make a record that will allow outside DNS to control a subdomain in our space. We own example.com We have a zone call wordpress.example.com If I make an NS record in the zone nothing seems to happen? ORIGIN wordpress.example.com NS wordpress.outside.com -- Hal King - h...@utk.edu

RE:

Thanks for the feedback. Is this a glue record? I do not have any IP defined in the NS record. What is the flow of a request to a subzone? Is the content of the zone checked before checking the subzone? > Date: Tue, 13 Mar 2012 08:26:02 -0500 > Subject: Re: > From: dan.mcdon...@austinenergy

Re: NS record outside of our name space

Here's an example of my zone record: $ORIGIN . $TTL 1800 ; 30 minutes Wordpress.example.com. IN SOA hiddenmaster.example.com. ipmgr.example.com. ( 2012020601 ; serial 10800 ; refresh (3 hours)

Re:

On Tue, Mar 13, 2012 at 01:42:00PM +, hugo hugoo wrote: > > Thanks for the feedback. > Is this a glue record? I do not have any IP defined in the NS record. No, a glue record is an address record (A or ) for an NS record in the parent zone, to avoid the problem of having the child zone n

RE:

If you do not delegate the subdomains with NS records you are not fully delegating the subdomain. It will work fine in the short term, but are setting up a landmine for someone to step on later. If decide to move that subdomain to other dns servers later it will disappear without the NS records. T

RE:

Thanks for this clear feedback. I understand the problem if the subdomain is not on the same name servers as the domain. The NS record is needed to could find the subdomain on the other name server. You said that the NS is not mandatory (it will work fine in the short term) in case of the same

Re: NS record for subzone definition

On Mar 13 2012, hugo hugoo wrote: Thanks for this clear feedback. I understand the problem if the subdomain is not on the same name servers as the domain. The NS record is needed to could find the subdomain on the other name server. You said that the NS is not mandatory (it will work fine in t

Re: NS record outside of our name space

On 3/13/2012 9:49 AM, King, Harold Clyde (Hal) wrote: > Here's an example of my zone record: > > $ORIGIN . > $TTL 1800 ; 30 minutes > Wordpress.example.com. IN SOA hiddenmaster.example.com. > ipmgr.example.com. ( > 2012020601 ; serial >

Re: Recursive queries fail after bind has been running for a few hours

On Mon, Mar 12, 2012 at 3:37 PM, Kevin Oberman wrote: > On Mon, Mar 12, 2012 at 12:05 PM, Mr X wrote: > > Hey there > > > > I'm having a bizarre issue with 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 - > > recursive queries stop functioning after bind has been running for a few > > hours. It's a very low

RE: NS record for subzone definition

Thanks for this interesting feedback. Now I have the problem to detect this kind of bad configuration. If I have: Zone toto.be: toto.be. NS ns1.xxx.be + some records Zone titi.toto.be: titi.toto.be. NS ns1.xxx.be + some records. What

Re: DNS requests error sending response: host unreachable

All right. this seems to correct the issue. But that's the first time I had to open the firewall for a packet answer. weird. Thanks for the help. On 13 March 2012 10:19, wrote: > Zitat von Romgo : > > > I see, but It should be statefull right ? >> >> > If using stateful UPD filtering you m

Re: NS record outside of our name space

I tried adding the NS records but it looked like the entire example.com was now subject to the NS of wordpress.com. I just want the sub domain to get it's DNS from the wordpress.com NS servers. Not to give away my whole example.com domain. -- Hal King - h...@utk.edu Systems Administrator Offi

Re: NS record outside of our name space

On 3/13/2012 1:35 PM, King, Harold Clyde (Hal) wrote: > I tried adding the NS records but it looked like the entire example.com > was now subject to the NS of wordpress.com. I just want the sub domain to > get it's DNS from the wordpress.com NS servers. Not to give away my whole > example.com doma

Re:

In message , Daniel McDonald writ es: > > On 3/13/12 8:20 AM, "hugo hugoo" wrote: > > > ==> do I have to create in zone "toto.be" the following NS record: > > > > titi.toto.be. TTL IN NSns1.xxx.be > > > > > > I have found cases where this situation is present an

Re: with subject: NS record for subzone definition

On Mar 13, 2012, at 6:23 AM, hugo hugoo wrote: > I have zone "toto.be" with some records (not important) > > In the same name server, I want to create the subzone "titi.toto.be" with > some records. > > > ==> do I have to create in zone "toto.be" the following NS record: > >

max-cache-ttl usage and best-practices

Hi All, I wanted some feedback on max-cache-ttl usage and best-practices, please. The BIND 9 ARM says: "max-cache-ttl Sets the maximum time for which the server will cache ordinary (positive) answers. The default is one week (7 days). A value of zero may cause all queries to return SERVFAIL

BIND 9.6-ESV-R6rc2 is now available

Introduction BIND 9.6-ESV-R6rc2 is the second release candidate for BIND 9.6-ESV-R6. This document summarizes changes from BIND 9.6-ESV-R5 to BIND 9.6-ESV-R6rc2. Please see the CHANGES file in the source code release for a complete list of all changes. Please see the CHANGES file in t

BIND 9.7.5rc2 is now available

Introduction BIND 9.7.5rc2 is the second release candidate for BIND 9.7.5. This document summarizes changes from BIND 9.7.4 to BIND 9.7.5rc2. Please see the CHANGES file in the source code release for a complete list of all changes. Download The latest versions of BIND 9 software can

BIND 9.8.2rc2 is now available

Introduction BIND 9.8.2rc2 is the second release candidate for BIND 9.8.2. This document summarizes changes from BIND 9.8.1 to BIND 9.8.2rc2. Please see the CHANGES file in the source code release for a complete list of all changes. Download The latest versions of BIND