On 04/15/2012 11:40 PM, Tobias Krais wrote:
Hi Ben,
hmm. How can I manage what google suggests:
"Information for school network administrators about the No-SSL option
To utilize the no SSL option for your network, configure the DNS entry
for www.google.com to be a CNAME for nosslsearch.google.c
Hello all.
I'm developing a web application to apply massive dns changes
automatically.
I have a master dns server and three slaves. To test the application I'm
going to create an identical copy of the master server (in the same
network too).
What is scaring me is the update of the slaves. If I don
On 16/04/12 10:35, Chiesa Stefano wrote:
Hello all.
I'm developing a web application to apply massive dns changes
automatically.
I have a master dns server and three slaves. To test the application I'm
going to create an identical copy of the master server (in the same
network too).
What is scari
On 4/16/2012 3:30 AM, Phil Mayers wrote:
On 04/15/2012 11:40 PM, Tobias Krais wrote:
Hi Ben,
hmm. How can I manage what google suggests:
"Information for school network administrators about the No-SSL option
To utilize the no SSL option for your network, configure the DNS entry
for www.google.
Actually, this can be done.
Create a zone file for "www.google.com", not "google.com". The zone file
should like this (replace THIS_HOSTNAME with the name of your nameserver:
@ IN SOA localhost root@localhost. (
2012041
On 4/16/2012 9:40 AM, Matthew Huff wrote:
> Actually, this can be done.
>
> Create a zone file for "www.google.com", not "google.com". The zone file
> should like this (replace THIS_HOSTNAME with the name of your nameserver:
>
>
> @ IN SOA localhost root@localhost. (
>
This is incorrect. It is illegal to have a cname and any other record on
the same name in dns. The ns and soa count as records.
On Apr 16, 2012 9:41 AM, "Matthew Huff" wrote:
> Actually, this can be done.
>
> Create a zone file for "www.google.com", not "google.com". The zone file
> should like
On Mon, Apr 16, 2012 at 09:40:16AM -0400, Matthew Huff wrote:
> Actually, this can be done.
>
> Create a zone file for "www.google.com", not "google.com". The zone file
> should like this (replace THIS_HOSTNAME with the name of your nameserver:
>
>
> @ IN SOA localhost
I had forgotten that about CNAME. But you can hard-code an A record to the
nosslsearch.google.com record
We have to use this technique (we point the A record to a proxy) for
regulatory reasons to block IM connections except through our IM proxy.
Matthew Huff | 1 Manhattanville R
On Mon, Apr 16, 2012 at 11:35:04AM +0200, Chiesa Stefano wrote:
> I'm developing a web application to apply massive dns changes
> automatically.
> I have a master dns server and three slaves. To test the application I'm
> going to create an identical copy of the master server (in the same
> network
I have a situation where I need to filter out our private infrastructure from
our public-facing DNS servers. This is certainly something that should have
been done a long time ago, but I just recently took over the spot. Now, I've
seen plenty of examples using views and separate zonefiles, but w
On 16/04/12 16:36, Eric Chandler wrote:
Now, what I would like to have are slave servers that would zone-xfer
both the internal and external-flavored files for example.com and serve
You need to use TSIG keys, and match on key rather than IP address. This
comes up on the list from time to time
I've been pointed to the right place to figure this out. The answer is in
using TSIG. That saved me a lot of time. I searched everywhere but the
most-obvious place - the bind9 faq.
Eric Chandler
Systems Architect
From: bind-users-bounces+eric.chandler=vonage@lists.isc.org
[mail
On Apr 15, 2012, at 3:40 PM, Tobias Krais wrote:
> Hi Ben,
>
> hmm. How can I manage what google suggests:
> "Information for school network administrators about the No-SSL option
>
> To utilize the no SSL option for your network, configure the DNS entry
> for www.google.com to be a CNAME for no
You can also do it by IP in views but need separate IPs for each view. You
can do that with virtual IPs on the same NICs as the primary IPs. Such
virtual IPs of course have to be in the same subnet as the primary and also
you’d need to insure firewall (including host level if any) is opened
What is the best way to log DNSSEC failures in Bind without enforcing
DNSSEC validation?
That is I want to see what Bind would have rejected because of failed
DNSSEC validation, but I do not want to return SERVFAIL to my client.
--
Augie Schwer - au...@schwer.us - http://schwer.us
_
I was under the impression that bind would determine the best target
forwarders to use, and send queries to those forwarders, but we had a
situation over the weekend where one of the servers in the forwarder
list was down, and bind continued to send queries to that forwarder
even though it wasn't r
17 matches
Mail list logo
