On 2013.02.20 01.14, Chuck Peters wrote:
Robert Moskowitz said:
Delving further into my challenges.
But they don't seem to support DNSSEC protected domains, and even
IPv6 glue records are special requests, it seems.
I would like to know how can I handle DNSSEC key rollovers without
manually e
On Feb 20, 2013, at 1:14 AM, Chuck Peters wrote:
> Robert Moskowitz said:
>> Delving further into my challenges.
>>
>> But they don't seem to support DNSSEC protected domains, and even
>> IPv6 glue records are special requests, it seems.
>
> I would like to know how can I handle DNSSEC key rol
Hi,
I've written a short book on DNSSEC. The goal is to help existing DNS
admins implement DNSSEC on BIND.
I have a trusted technical reviewer, but I'm interested in getting
additional feedback before it goes out. And naturally I thought of
this list. No one person catches everything.
If you kn
I can't seem to create an extra A record that works. I've created A
records for ns1 and mail and they work if I do a bind lookup, but
nothing else works. I did a lot of research before reaching out here.
This is my zone file. "Remote.example.com" never works...This is
Bind9 running on Ubuntu s
Are you sure BIND is loading the zone file? Are you remembering to update the
SOA / serial? Are you restarting BIND after making changes?
If you make a change (and update the SOA), if you do:
dig soa example.com do you see the new serial #?
W
On Feb 20, 2013, at 12:40 PM, Jsilliman wrote:
> I
Just to cover all the bases, you're doing your lookup directly against
your server, correct? Easy to accidentally query a different nameserver
and not see what you're expecting.
Otherwise I'd second Warren's suggestion to double-check your serial number.
John
On 02/20/2013 12:40 PM, Jsillim
The serial number gets updated in the logs, but not when I do a dig.
(21 vs 3-old)
example.com. 603817 IN SOA ns1.example.com.
root.localhost. 3 604800 86400 2419200 604800
Feb 20 10:26:08 server1 named[15739]: reloading configuration succeeded
Feb 20 10:26:08 server1 named[15
On Feb 20, 2013, at 1:30 PM, Jsilliman wrote:
> The serial number gets updated in the logs, but not when I do a dig.
Do you have more than one copy of BIND running?
AlanC
--
Alan Clegg | +1-919-355-8851 | a...@clegg.com
___
Please visit https://lis
No, I think it's only loaded once, but port 53 is listening on
localhost
tun0 interface for Openvpn
69.62.x.x
15739 ?Ssl0:04 /usr/sbin/named -u bind
On Wed, Feb 20, 2013 at 10:31 AM, Alan Clegg wrote:
>
> On Feb 20, 2013, at 1:30 PM, Jsilliman wrote:
>
>> The serial number gets
Jsilliman wrote on 02/20/2013 01:44:20 PM:
> No, I think it's only loaded once, but port 53 is listening on
Try "ps aux |grep named" to prove it.
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for t
Jsilliman wrote:
> The serial number gets updated in the logs, but not when I do a dig.
> (21 vs 3-old)
Did you dig @localhost or is dig querying some recursive server elsewhere?
What does /etc/resolv.conf contain?
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Forties, Cromarty: East, veering
And as was stated before, "cat /etc/resolv.conf" and let's see where your dig
is actually going...
--
Alan Clegg | +1-919-355-8851 | a...@clegg.com
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind
Ubuntu does not use that:
root@:/etc/bind# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
On Wed, Feb 20, 2013 at 10:56 AM, Alan Clegg wrote:
> And as was stated b
On Feb 20, 2013, at 1:57 PM, Jsilliman wrote:
> Ubuntu does not use that:
>
> root@:/etc/bind# cat /etc/resolv.conf
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
Actually, it do
-Original Message-
From: Jsilliman
Date: Wednesday, February 20, 2013 1:57 PM
To: Alan Clegg
Cc: "bind-users@lists.isc.org"
Subject: Re: Cannot create A record issue
>Ubuntu does not use that:
>
>root@:/etc/bind# cat /etc/resolv.conf
># Dynamic resolv.conf(5) file for glibc res
Check this out:
dig @localhost 69.62.x.x
10800 IN SOA a.root-servers.net. nstld.verisign-grs.com.
Shouldn't this be going to my local server for SOA ?
The issue is that when I create a new A record, such as,
remote.example.com, I cannot do a dig on that record, only mx and ns
recor
Phase I is hopefully complete. A new onlo.htt-consult.com is up in
place of the old one.
This is a faster box with current software. I will 'leave it alone' for
a week, unless someone tells me something is wrong with it.
Next I unlock my domain from NetSol and choose my new registrar and
m
On Feb 20, 2013, at 2:06 PM, Jsilliman wrote:
> Check this out:
>
> dig @localhost 69.62.x.x
>
> 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com.
>
>
> Shouldn't this be going to my local server for SOA ?
>
> The issue is that when I create a new A record, such as,
> remo
I just changed the domain name in output. If I do a dig on
dig example.com
** Returns nothing. I have to actually dig on ns1.example.com,
www..., or mail...
I am trying to add an A record (remote.example.com), and have it work...
root@server1:/etc/bind# dig remote.example.com
; <<>> DiG 9.8
On Feb 20, 2013, at 2:17 PM, Jsilliman wrote:
> I just changed the domain name in output. If I do a dig on
>
> dig example.com
>
> ** Returns nothing. I have to actually dig on ns1.example.com,
> www..., or mail...
>
> I am trying to add an A record (remote.example.com), and have it work...
Thanks, I found the issue. I had a typo in named.conf for the zone
file name. Doh
On Wed, Feb 20, 2013 at 11:29 AM, Warren Kumari wrote:
>
> On Feb 20, 2013, at 2:17 PM, Jsilliman wrote:
>
>> I just changed the domain name in output. If I do a dig on
>>
>> dig example.com
>>
>> ** Returns noth
I am having the same issue and saw a couple of questions but didn't see any
resolutions. Any one have any luck with this.
Thanks.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
It looks like no system, internal or external could access the DNS on my
new server. IPTABLES was set for 53 both UDP and TCP. Firewall was OK.
In fact a local system on the same subnet, thus NOT going through my
firewall was denied access to the internal domain. Localhost of course
works.
On 02/20/2013 08:28 PM, Robert Moskowitz wrote:
It looks like no system, internal or external could access the DNS on
my new server. IPTABLES was set for 53 both UDP and TCP. Firewall was
OK. In fact a local system on the same subnet, thus NOT going through
my firewall was denied access to t
What about allow-query?
At some point the default changed to allow only localhost.
On 21/02/13 2:59, Robert Moskowitz wrote:
>
> On 02/20/2013 08:28 PM, Robert Moskowitz wrote:
>> It looks like no system, internal or external could access the DNS on
>> my new server. IPTABLES was set for 53 both
25 matches
Mail list logo
