Re: How to disable DNSSEC/EDNS for lwresd

- Original Message - > > In message <483759859.6291670.1398781076480.javamail.zim...@redhat.com>, > Tomas H > ozza writes: > > Hi. > > > > I'm trying to disable DNSSEC/EDNS for the lwresd using the > > following lwresd.conf: > > > > options { > > directory "/var/named/"; > > > >

Re: Strange validation failure for answers.ssh.com

Tony Finch wrote: > We have a couple of recursive servers running 9.9.5 which are persistently > unable to validate answers.ssh.com, returning SERVFAIL. Some days later one of our servers has been restarted and is successfully resolving this name. The other is still persistently failing. Shouldn

Re: How to setup a backup NameServer?

On 29.04.14 10:24, houguanghua wrote: I'm designing how to protect DNS for an ISP. The zones are not owned by the ISP. The ISP wants to proect the DNS query during attacking. So it's not standard DNS solution. During the attacking, the backup server will provide the DNS query and it works ev

Forwarding request to another DNS server but the same domain

Dear, I would like to ask for solution related with DNS (bind) configuration to allow forward requests to another DNS but related with the same domain. I'm asking about two authoritative name servers serving the same domain but with different zone file info on each and have one of them forward rec

GeoIP Patch for 9.9.5

Hi All I did compile latest stable 9.9.5 on Centos 6 and it worked just fine. What I need to do now is enable the geo ip patch. I have done it before for earlier versions, however for the latest Bind release the available patch is failing. And 9.10 is still in Alpha 2. So does anybody know about

Re: Forwarding request to another DNS server but the same domain

Being authoritative means that you know everything about the zone. If you know everything about a zone, why ask anyone else? Split DNS does not follow the DNS paradigm, so there is no "standard" way to implement it, and despite many people asking over the years, there is no "NXDOMAIN failover

Re: Forwarding request to another DNS server but the same domain

Hi Jeronimo, First of all, please just tell us the real domain. Yes, we could try and talk about a fictitious "example.com" or "company.com," but having the real domain name lets us actually query your nameservers. Let me be sure I understand: you have two DNS servers. Each of them is authorita

Re: a note on 9.10.0rc2: eleven, twelve; dig and delv(e)

Evan, I mulled over your response and considered not pursuing this further, but apparently I can't help myself. :) On 04/27/2014 12:00 PM, Evan Hunt wrote: On Sun, Apr 27, 2014 at 07:36:22PM +0100, Chris Thompson wrote: I rather liked "delve", but the truncation to "delv" does indeed seem su

Re: GeoIP Patch for 9.9.5

On 30/04/2014 22:14, Ali Jawad wrote: > Hi All > > I did compile latest stable 9.9.5 on Centos 6 and it worked just fine. What > I need to do now is enable the geo ip patch. I have done it before for > earlier versions, however for the latest Bind release the available patch > is failing. And 9.

Re: Forwarding request to another DNS server but the same domain

Dear John, this is my scenario: 1) Office 1: people work with some machines and fill up a local master zone "company.com" with records in DNS1 2) Office 2: people works with some others machines and fill up a local master zone "company.com" with another records in DNS2 So both office have a diffe

Re: GeoIP Patch for 9.9.5

That is actually great news, I prefer it to be built in, I think I did read the wrong release notes in that case. I think I will give it a try. Regards On Wed, Apr 30, 2014 at 10:24 PM, Anand Buddhdev wrote: > On 30/04/2014 22:14, Ali Jawad wrote: > > > Hi All > > > > I did compile latest stabl

Re: Forwarding request to another DNS server but the same domain

Oh, I thought this was an external-versus-internal scenario. But, this is even easier. A) One of the nameservers (pick DNS1 or DNS2) becomes a slave (of the "stealth" variety, if you want) of the other B) People use nsupdate to maintain the zone For security, TSIG-sign the updates. For fast c

Re: Forwarding request to another DNS server but the same domain

First of all, unless you need separate views for each office, don't go down that path. Why are you attempting this as opposed to standard master-slave replication? There's something else I'm not understanding here: why would recursive queries from one office go to the other office's nameservers?

GeoIP in 9.10 RC2

Hi I did compile 9.10 with GeoIP config is below : in options geoip-directory "/usr/share/GeoIP/"; Then acl "US" { geoip country US; }; view "US" { match-clients { US; }; include "/etc/named.rfc1912.zones"; }; Start up log shows : Apr 30 17:24:19 sj named[24407]

Re: GeoIP in 9.10 RC2

> So the the IPv4 Country DB is recognized and loaded, but digs from US to > that server still result in queries from the ALL view, which is the last > view in the config file and the test View above is the first View in teh > config file. You may want to try the geoiplookup (provided by GeoIP sof

Re: GeoIP in 9.10 RC2

Hi Jeremy I did actually test with the online demo of maxmind, did redo the test with geoiplookup ip.ip.ip.ip and it did return the correct info, so that does not appear to be the issue. Regards On Wed, Apr 30, 2014 at 11:47 PM, Jeremy C. Reed wrote: > > So the the IPv4 Country DB is recognized

Re: GeoIP in 9.10 RC2

On Wed, 30 Apr 2014, Ali Jawad wrote: > view "US" { > >        match-clients { US; }; For now please change to: match-clients { geoip country US; };___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind

Re: Forwarding request to another DNS server but the same domain

In office #1, the "company.com" master zone is updated automatically from some Windows machines inn DNS1 and in office #2 the same zone is updated manually in DNS2 by the administrator who shouldn't update (using freeze and unfreeze) the master zone from office #1. This is the scenario, and we need

Re: a note on 9.10.0rc2: eleven, twelve; dig and delv(e)

On Wed, Apr 30, 2014 at 01:22:24PM -0700, Doug Barton wrote: > I mulled over your response and considered not pursuing this > further, but apparently I can't help myself. :) It's okay, we can forgiv. :) > On 04/27/2014 12:00 PM, Evan Hunt wrote: > >On Sun, Apr 27, 2014 at 07:36:22PM +0100, Chris

Re: Forwarding request to another DNS server but the same domain

I'm still not understanding your constraints. If *all* updates come in through Dynamic Update, then you don't need freeze/unfreeze. - Kevin On 4/30/2014 6:47 PM, Jeronimo L. Cabral wrote: In office #1, the "company.com " master zone is updated automatically from som

Re: Forwarding request to another DNS server but the same domain

DNS1 with dynamic update and DNS2 with manually update On Wed, Apr 30, 2014 at 8:11 PM, Kevin Darcy wrote: > I'm still not understanding your constraints. If *all* updates come in > through Dynamic Update, then you don't need freeze/unfreeze. > >

Re: Forwarding request to another DNS server but the same domain

Either do as Kevin Darcy said or else use separate names: company.com office1.company.com office2.company.com The admin in office 2 updates the office2 zone. The dynamic updates in office 1 go to the office1 zone. The company.com zone delegates both. Everyone can find everything via that delega

Re: GeoIP in 9.10 RC2

On Wed, Apr 30, 2014 at 11:33:06PM +0200, Ali Jawad wrote: > Any hints ? So, yeah, that's embarrassing. It never crossed my mind to test geoip ACL elements by referencing them indirectly in named ACLs, as you did; I only referenced them directly. Apparently none of the folks who've been using the

Re: GeoIP in 9.10 RC2

Hi Evan You guys are doing a great job. I did actually try before without acl directly in view. The error was at the time No ACL geoip. Will retry with patch. Thanks ! On May 1, 2014 6:38 AM, "Evan Hunt" wrote: > On Wed, Apr 30, 2014 at 11:33:06PM +0200, Ali Jawad wrote: > > Any hints ? > > So,