Re: FW: CVE-2013-2266 Question

Hi there, On Wed, 27 Mar 2013, Manson, John wrote: Does 'make clear' affect the running named No. The 'configure' step and the 'make' steps are repsectively configuring the software source files for your environment before the build (more or less compile and link) process, and then the build

Recursion issue

My external authoritative dns does not allow recursion. We have vanity names like speaker.gov. When we add an entry like: www.speaker.gov CNAME www.house.gov it fails because of the recursion statement even though the external dns is authorit

Re: Recursion issue

On Mar 28, 2013, at 7:56 AM, Manson, John wrote: > My external authoritative dns does not allow recursion. > We have vanity names like speaker.gov. > When we add an entry like: > www.speaker.gov CNAMEwww.house.gov > it fails because of the recursion statement even though the external dns

RE: Recursion issue

>From the internet: Answer records nameclass typedatatime to live test.gopleader.gov IN CNAME testwww.house.gov Testwww from the internet: Answer records nameclass typedatatime to live testwww.house.gov IN A 12.13.14.15 900s(00:15:

Re: Recursion issue

On Mar 28, 2013, at 8:27 AM, Manson, John wrote: > From the internet: > Answer records > > name class typedatatime to live > test.gopleader.govIN CNAME testwww.house.gov > > Testwww from the internet: > Answer records > > name class typedatatime to live > testww

RE: Recursion issue

Why do the 2 web-based test sites that I use fail? Hostnames or IP addresses: Type: Options: Show command Colorize output Stats Trace Short No recursive Only first nameserver Compare output Nameservers: Resolver: All Authoritative NIC Specify myself: test.goplead

RE: Recursion issue

I disagree with your statement about recursion. What stops an authoritative server from doing recursion if you do not have the recursion statement? I guess the bind default is recursion yes. -Original Message- From: Chris Buxton [mailto:cli...@buxtonfamily.us] Sent: Thursday, March 28, 2

Re: Recursion issue

On 28.03.13 16:05, Manson, John wrote: I disagree with your statement about recursion. What stops an authoritative server from doing recursion if you do not have the recursion statement? I guess the bind default is recursion yes. if your server does not allow recursion, it will still answer

Re: Recursion issue

On Mar 28, 2013, at 9:05 AM, Manson, John wrote: > I disagree with your statement about recursion. > What stops an authoritative server from doing recursion if you do not have > the recursion statement? > I guess the bind default is recursion yes. OK, bad choice of words on my part. I did not mea

RE: Recursion issue

Maybe my understanding of how bind works is faulty. I thought bind would do the leg work to get an IP. Especially when it is authoritative for CNAME domain. Even a dig on mercury gives the same 'no IP' result. Sorry for the bother. -Original Message- From: Chris Buxton [mailto:cli...@buxto

Re: Looking for a pointer on getting reverse mapping with DDNS to work with DHCPD & Named.

Hi Mark, Graham, & others. I've spent the last day trying all sorts of things to get this working (to no avail). I'm still at the stage of DHCP offering the lease IP address, but the DNS is not automatically updating the two "zones" files with the newly leased addresses. Here is a grief summary

Re: Looking for a pointer on getting reverse mapping with DDNS to work with DHCPD & Named.

Apparently the DHCP server tries to put the change into BIND but times out. What does the named log tell about this? Either it did see the request or it will have an explanation why it won't do it. On 28/03/13 18:18, Jim Bucks wrote: > Hi Mark, Graham, & others. > > I've spent the last day trying

Re: Recursion issue

On 28.03.13 17:09, Manson, John wrote: Maybe my understanding of how bind works is faulty. I thought bind would do the leg work to get an IP. Especially when it is authoritative for CNAME domain. Even a dig on mercury gives the same 'no IP' result. Sorry for the bother. I got the same result as

Re: Looking for a pointer on getting reverse mapping with DDNS to work with DHCPD & Named.

Hi Sten, Thanks for the response, I only dabble in DNS setups every 5 years (or so). I really thought this would be a "no brainer", and most likely have some simple command / syntax error causing all of this. >From /var/log/messages Mar 28 11:22:57 dns04 dhcpd: DHCPOFFER on 172.10.20.101 to 00

Re: Looking for a pointer on getting reverse mapping with DDNS to work with DHCPD & Named.

Hi Jim, Lost track but have you tried using the IP address of the server for the primary, 172.10.20.101 instead of 127.0.0.1? zone dhcp.coloradostudios.com. { primary 172.10.20.101; <- change from 127.0.0.1 key DHCP_UPDATER; } best! jim On 3/28/2013 1:31

Re: Looking for a pointer on getting reverse mapping with DDNS to work with DHCPD & Named.

Here's from a recent re-start of the named service. There were no additional log entries when the dhcp service granted the lease and failed to update the "zones" files. Mar 28 11:38:15 dns04 named-sdb[3493]: received control channel command 'stop' Mar 28 11:38:15 dns04 named-sdb[3493]: shutting d

Recursion Issue

http://www.digwebinterface.com/? Is one of the internet sites I use. John Manson CAO/HIR/NAF Data-Communications | U.S. House of Representatives | Washington, DC 20515 Desk: 202-226-4244 | TCC: 202-226-6430 | john.man...@mail.house.gov __

Re: Looking for a pointer on getting reverse mapping with DDNS to work with DHCPD & Named.

No I have not tried that, but .101 is a leased IP address for a Windows workstation. I'm willing to try it, but it seems like that would mean I would need a zone like this for all of my leased addresses??? Jim On Thu, Mar 28, 2013 at 11:42 AM, Jim Glassford wrote: > Hi Jim, > > Lost track bu

Re: Recursion Issue

On Mar 28, 2013, at 10:51 AM, Manson, John wrote: > http://www.digwebinterface.com/? Is one of the internet sites I use. http://www.digwebinterface.com/?hostnames=test.gopleader.gov&type=A&showcommand=on&colorize=on&stats=on&norecursive=on&useresolver=8.8.4.4&ns=auth&nameservers=

Re: Looking for a pointer on getting reverse mapping with DDNS to work with DHCPD & Named.

I'm completely unable to fix the top-post/body comments here, so my comments are at the bottom: On Mar 28, 2013, at 1:52 PM, Jim Bucks wrote: > No I have not tried that, but .101 is a leased IP address for a Windows > workstation. > > I'm willing to try it, but it seems like that would mean I

Re: Looking for a pointer on getting reverse mapping with DDNS to work with DHCPD & Named.

Hi Jim, No, sorry, wrong IP address, the real IP address of the dns server, not the client. zone dhcp.coloradostudios.com . { primary your_dns_server_IP_address; <- change from 127.0.0.1 key DHCP_UPDATER; } Also do you have a /var/log/named.log file

Re: Looking for a pointer on getting reverse mapping with DDNS to work with DHCPD & Named.

Thanks Leonard, I thought I had all the IP6 stuff turned off! I'll scour through the configurations & make sure that whatever straggler is left has been commented out / de-activated. Jim On Thu, Mar 28, 2013 at 12:08 PM, Leonard Mills wrote: > Hi Jim, > > Based on my experience, the importan

Re: Looking for a pointer on getting reverse mapping with DDNS to work with DHCPD & Named.

Hi All (sorry for the top-posting) Alan - thanks for the link. I'll be checking it out / looking it over. Jim, Based on the nsupdate output (below), it looks like I've hosed up something in my "key". I used the key string from the .private key file (I've found some search results that say

Forward First on Master Zone (bypass SOA)

Hello, My organization is evaluating the use of split-view DNS in our environment. One of the challenges I've yet to overcome in my trials, is the ability to minimize the administrative overhead of maintaining two copies of the zone. Upon reviewing some of the BIND options, "forward first;" caugh

Re: Looking for a pointer on getting reverse mapping with DDNS to work with DHCPD & Named.

Hi All, Alan, I looked that doc over and the only thing I found different than what I used the key string from the .private key file. Jim, thanks for the nsupdate pointer. I've never had to delve into that level of debugging. When using nsupdate, I was able to update the forward and reverse zon

Re: Looking for a pointer on getting reverse mapping with DDNS to work with DHCPD & Named.

Hi Jim, Looking at your config files, believe the keys do not match in named.conf and dhcpd.conf but maybe they were adjusted for the posting to the list. Alan Clegg's link shows creating the key and adding it to the files and also some nsupdate examples. Would want like the following, only

Re: Forward First on Master Zone (bypass SOA)

A server will not forward a zone it is also authoritative for. On Mar 28, 2013 3:33 PM, "Ben-Eliezer, Tal (ITS)" < tal.ben-elie...@its.ny.gov> wrote: > Hello, > > ** ** > > My organization is evaluating the use of split-view DNS in our environment. > > > One of the challenges I’ve yet to

Re: Looking for a pointer on getting reverse mapping with DDNS to work with DHCPD & Named.

Hi Jim, Shouldn't there be quotes around the key string in the named .conf file? I have quotes around mine in named.conf. I do not have quotes around the key string in the dhcpd.conf. If this is correct, I've made sure they match (I was trying to "genericize" the key string before), but not any

Precautions for upgrading from 9.7.7 to 9.9.2-P2

Hello, I am in the process of preparing bind upgrade from 9.7.7 to 9.9.2-p2. I am reading release notes from 9.8.0 up to see if there are new things/features that might cause issues. I would welcome and appreciate advice on precautions I should take before, during, and after upgrade. Any issue

Re: Precautions for upgrading from 9.7.7 to 9.9.2-P2

Wang, Yu wrote: > > I am in the process of preparing bind upgrade from 9.7.7 to 9.9.2-p2. I > am reading release notes from 9.8.0 up to see if there are new > things/features that might cause issues. I would welcome and appreciate > advice on precautions I should take before, during, and after upg

Re: Forward First on Master Zone (bypass SOA)

On Mar 28, 2013, at 12:28 PM, Ben-Eliezer, Tal (ITS) wrote: > I’ve spent hours researching a way to accomplish this without any luck. Is > there any way to accomplish what I’m trying to do? No, not unless you want to monkey around with static zones and $INCLUDE directives -- something like this

RE: Forward First on Master Zone (bypass SOA)

Hi Chris, this looks interesting, I'll do some testing and report back! Thank you, Tal -Original Message- From: Chris Buxton [mailto:cli...@buxtonfamily.us] Sent: Thursday, March 28, 2013 5:02 PM To: Ben-Eliezer, Tal (ITS) Cc: bind-users@lists.isc.org Subject: Re: Forward First on Master

Re: Forward First on Master Zone (bypass SOA)

On 3/28/2013 3:28 PM, Ben-Eliezer, Tal (ITS) wrote: Hello, My organization is evaluating the use of split-view DNS in our environment. One of the challenges I've yet to overcome in my trials, is the ability to minimize the administrative overhead of maintaining two copies of the zone. Up

Re: Precautions for upgrading from 9.7.7 to 9.9.2-P2

Hmmm, I forget just what all I muttered when I upgraded from 9.7 to 9.9.2-P1. I think the main beef I had was doing it the day before I left for LISA'12 guess I didn't join this list until around that time. As, I recall...the main thing that tripped me up was change in empty-zones behavior

Re: Precautions for upgrading from 9.7.7 to 9.9.2-P2

In message <22783305.318587.1364508740276.javamail.r...@k-state.edu>, "Lawrence K. Chen, P.Eng." writes: > Hmmm, I forget just what all I muttered when I upgraded from 9.7 to 9.9.2-P1. > I think the main beef I had was doing it the day before I left for LISA'12. > ... guess I didn't join this l

Dynamic Update Policy.....

I'm trying to get bind to use ddns updates for our environment, however I'm getting errors in the logs on the system that the host is being denied from making the changes. Currently, I'm only allowing certain hosts to update their records, as a test. The stanza for update-policy follows: z

Re: Forward First on Master Zone (bypass SOA)

On 03/28/2013 12:28 PM, Ben-Eliezer, Tal (ITS) wrote: My organization is evaluating the use of split-view DNS in our environment. Simple ... don't do it. It's almost never the right answer, and as you're learning carries with it more administrative overhead than the problems it's designed to