On 20.02.13 17:41, Sowmya Manjanatha wrote:
Subject: BIND master , Windows 2008 stub zone not transferring
I am having the same issue and saw a couple of questions but didn't see any
resolutions. Any one have any luck with this.
stub zone is never transferred. It is only queried for NS record
On 02/21/2013 02:38 AM, Sten Carlsen wrote:
What about allow-query?
At some point the default changed to allow only localhost.
oh. Yes I see; at bind 9.4.1.P1... And my old server is a bit earlier
than that! So this is most likely my problem. Will change and test
again. thanks.
On
On 02/21/2013 02:38 AM, Sten Carlsen wrote:
What about allow-query?
OK. That was it. The default named.conf had:
allow-query { localhost; };
and I commented that out, but ASSuMEd that if the default conf was
forcing it to localhost, the default must be any. Yeah, right. So
righ
I am reading: https://www.isc.org/software/bind/faq and 'What has
changed in the behavior of "allow-recursion" and "allow-query-cache" '.
I am struggling here trying to match up the various access control
features, particularly when we are suppose to have different views for
different clients
Hello everyone,
Here's something I hadn't put much thought into until recently--it's
never been a problem--how do resolvers behave when they receive a
request for an expired entry in the cache, but cannot contact the
authoritative nameserver? I'd imagine they return a SERVFAIL, but I
could s
On 21.02.13 08:59, Robert Moskowitz wrote:
I am reading: https://www.isc.org/software/bind/faq and 'What has
changed in the behavior of "allow-recursion" and "allow-query-cache"
'.
I am struggling here trying to match up the various access control
features, particularly when we are suppose t
On 21.02.13 10:38, John Miller wrote:
Here's something I hadn't put much thought into until recently--it's
never been a problem--how do resolvers behave when they receive a
request for an expired entry in the cache, but cannot contact the
authoritative nameserver? I'd imagine they return a SER
Thanks, Matus. Much appreciated--a SERVFAIL is much better than an
NXDOMAIN in this scenario.
John
On 02/21/2013 10:41 AM, Matus UHLAR - fantomas wrote:
On 21.02.13 10:38, John Miller wrote:
Here's something I hadn't put much thought into until recently--it's
never been a problem--how do re
On 02/21/2013 10:40 AM, Matus UHLAR - fantomas wrote:
On 21.02.13 08:59, Robert Moskowitz wrote:
I am reading: https://www.isc.org/software/bind/faq and 'What has
changed in the behavior of "allow-recursion" and "allow-query-cache" '.
I am struggling here trying to match up the various acces
> > correct, no external hosts should query your cache.
> >
> OK.
There is no substitute for testing assumptions, mailing list assurances,
understandings of documentation, etc. Test from outside your network
to see that your DNS servers don't answer requests they shouldn't and
answer those they s
On 21.02.13 08:59, Robert Moskowitz wrote:
I am reading: https://www.isc.org/software/bind/faq and 'What has
changed in the behavior of "allow-recursion" and
"allow-query-cache" '.
I am struggling here trying to match up the various access
control features, particularly when we are suppose t
On 02/21/2013 12:10 PM, Matus UHLAR - fantomas wrote:
On 21.02.13 08:59, Robert Moskowitz wrote:
I am reading: https://www.isc.org/software/bind/faq and 'What has
changed in the behavior of "allow-recursion" and
"allow-query-cache" '.
I am struggling here trying to match up the various acce
On 02/21/2013 11:50 AM, Vernon Schryver wrote:
correct, no external hosts should query your cache.
OK.
There is no substitute for testing assumptions, mailing list assurances,
understandings of documentation, etc. Test from outside your network
to see that your DNS servers don't answer reque
-Original Message-
From: Robert Moskowitz
Date: Thursday, February 21, 2013 12:53 PM
To: Vernon Schryver
Cc: "bind-users@lists.isc.org"
Subject: Re: allow-query and views
>Whow... This is news. A hidden view? Where is this documented. I
>have no restrictions in my general options s
Well, I have a stub zone on Windows 2008 server set-up to use two different
BIND server as its list of IPs to use as masters. In the DNS manager on
Windows, you can always right click on the zone and select "Transfer zone
from Master". With Wireshark on Windows, I have found that this triggers a
> From: Sowmya Manjanatha
> Well, I have a stub zone on Windows 2008 server set-up to use two
> different BIND server as its list of IPs to use as masters. In the
> DNS manager on Windows, you can always right click on the zone and
> select "Transfer zone from Master". With Wireshark on Wind
-Original Message-
From: Sowmya Manjanatha
Date: Thursday, February 21, 2013 1:11 PM
To: "bind-users@lists.isc.org"
Subject: Re: BIND master , Windows 2008 stub zone not transferring
>Well, I have a stub zone on Windows 2008 server set-up to use two
>different BIND server as its list of
On 02/21/2013 12:58 PM, Mike Hoskins (michoski) wrote:
-Original Message-
From: Robert Moskowitz
Date: Thursday, February 21, 2013 12:53 PM
To: Vernon Schryver
Cc: "bind-users@lists.isc.org"
Subject: Re: allow-query and views
Whow... This is news. A hidden view? Where is this do
On 21.02.13 12:45, Robert Moskowitz wrote:
Fact:
No clients could access DNS from my server, both internal and
external (I have hotspot on my cellphone, so I can attach a client to
it to get external testing) UNTIL I added the allow-query option.
Once added things started working right.
W
> From: Robert Moskowitz
> Whow... This is news. A hidden view? Where is this documented.
The ARM says in part:
Built-in server information zones
The server provides some helpful diagnostic information through a
number of built-in zones under the pseudo-top-level-domain bind
i
On 02/21/2013 01:54 PM, Matus UHLAR - fantomas wrote:
On 21.02.13 12:45, Robert Moskowitz wrote:
Fact:
No clients could access DNS from my server, both internal and
external (I have hotspot on my cellphone, so I can attach a client to
it to get external testing) UNTIL I added the allow-quer
On 21.02.2013 19:20, Nikita Koshikov wrote:
I haven't tested this in detail but here's what I would try:
I'm trying to "cut" /24 network from the scope of /8 network, here is
example:
zone "11.2.10.in-addr.arpa" {
type forward;
forwarders { 192.168.1.
You need to ensure if the resolver that is doing the forwarding also loads
the blank 10/8 that you have the smaller /24 delegated in the 10/8.
The reason being if it loads the /8 with no /24 delegation it will ignore
the forward because it believes the /24 doesn't exist.
On Feb 21, 2013 1:21 PM, "N
> The ARM says in part:
>
> Built-in server information zones
> The server provides some helpful diagnostic information through a
> number of built-in zones under the pseudo-top-level-domain bind
> in the CHAOS class. These zones are part of a built-in view (see
> the section call
On 02/21/2013 02:04 PM, Vernon Schryver wrote:
From: Robert Moskowitz
Whow... This is news. A hidden view? Where is this documented.
The ARM says in part:
Built-in server information zones
The server provides some helpful diagnostic information through a
number of built-in zon
On 02/21/2013 02:16 PM, Vernon Schryver wrote:
The ARM says in part:
Built-in server information zones
The server provides some helpful diagnostic information through a
number of built-in zones under the pseudo-top-level-domain bind
in the CHAOS class. These zones are part of
On 02/21/2013 10:20 AM, Nikita Koshikov wrote:
Hello list,
I'm trying to "cut" /24 network from the scope of /8 network, here is
example:
zone "11.2.10.in-addr.arpa" {
type forward;
forwarders { 192.168.1.23; 192.168.1.24; };
};
zon
In message
, Nikita
Koshiko
v writes:
> Hello list,
>
>
> I'm trying to "cut" /24 network from the scope of /8 network, here is
> example:
>
> zone "11.2.10.in-addr.arpa" {
> type forward;
> forwarders { 192.168.1.23; 192.168.1.24; };
> };
>
>
On 02/21/2013 06:49 PM, Mark Andrews wrote:
In message
, Nikita
Koshiko
v writes:
Hello list,
I'm trying to "cut" /24 network from the scope of /8 network, here is
example:
zone "11.2.10.in-addr.arpa" {
type forward;
forwarders { 192.168.1.23; 192
1) The issues with GoDaddy are FAR more then a few disgruntled customers...
2) We don't buy or maintain street addresses from a for profit company, why
should domain name be any different? Domain name registration should be a free
government/ ma'bell function.
> Date: Tue, 19 Feb 2013 19:02
In message <5126e59a.3030...@htt-consult.com>, Robert Moskowitz writes:
>
> On 02/21/2013 06:49 PM, Mark Andrews wrote:
> > In message com>, Nikita Koshiko
> > v writes:
> >> Hello list,
> >>
> >>
> >> I'm trying to "cut" /24 network from the scope of /8 network, here is
> >> example:
> >>
> >>
31 matches
Mail list logo
