Hi their i need an new ideas for securing the bind dns server for centos 6.6
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/
On 18 March 2015 at 07:23, Heamnath J wrote:
> Hi their i need an new ideas for securing the bind dns server for centos 6.6
Securing which part? the CentOS system or the BIND DNS name server
software/configuration?
Have you read... Secure Domain Name System (DNS) Deployment Guide from
NIST? http
I see why it may lead to problems.
But in fact the configuration with only one writable file referenced
several times is suported now. If I write:
view "view1" {
zone "aaa.exampe.org" {
masters {IP;};
file "slave/aaa.exmaple.org";
};
};
view "view2
How to change centos server as real time cloud server ?..
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On 18.03.15 14:18, Heamnath J wrote:
How to change centos server as real time cloud server ?..
please be more specific.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDO
On 18.03.15 11:48, Constantin Stefanov wrote:
But in fact the configuration with only one writable file referenced
several times is suported now. If I write:
view "view1" {
zone "aaa.exampe.org" {
masters {IP;};
file "slave/aaa.exmaple.org";
};
};
On 18.03.2015 11:56, Matus UHLAR - fantomas wrote:
> On 18.03.15 11:48, Constantin Stefanov wrote:
>> But in fact the configuration with only one writable file referenced
>> several times is suported now. If I write:
>>
>> view "view1" {
>> zone "aaa.exampe.org" {
>> masters {IP;}
On 18.03.15 11:48, Constantin Stefanov wrote:
then both views will refernce ther same writable file, won't they? Or am
I missing something about "in-view" directive?
On 18.03.2015 11:56, Matus UHLAR - fantomas wrote:
maybe you could put all those zone definitions into one file and include it
On 18.03.2015 13:02, Matus UHLAR - fantomas wrote:
>>> On 18.03.15 11:48, Constantin Stefanov wrote:
then both views will refernce ther same writable file, won't they? Or am
I missing something about "in-view" directive?
>
>> On 18.03.2015 11:56, Matus UHLAR - fantomas wrote:
>>> maybe y
On 18.03.2015 13:02, Matus UHLAR - fantomas wrote:
On 18.03.15 11:48, Constantin Stefanov wrote:
then both views will refernce ther same writable file, won't they? Or am
I missing something about "in-view" directive?
On 18.03.2015 11:56, Matus UHLAR - fantomas wrote:
maybe you could put all
On 18.03.2015 13:22, Matus UHLAR - fantomas wrote:
>>> On 18.03.15 12:05, Constantin Stefanov wrote:
I can't. It stopped working after upgrade to 9.10, but worked before
with 9.6. And the question is how to keep the config as simple as it was
before upgrade.
>>>
>>> I mean, the "in-v
It isn't really that hard to maintain two separate zone files for each domain.
We've been doing it for years.
It isn't really clear why you're using views if all your zone files are the
same as you seem to imply. Here we do views specifically because for some
domains the zone files DO need
On 18.03.2015 16:12, Lightner, Jeff wrote:
> It isn't really that hard to maintain two separate zone files for
> each domain. We've been doing it for years.
It isn't. But maintaining one file is easier. And having to maintain two
after five years everything worked fine with one is annoying.
> It i
If you can't arrange for the source address of the nsupdate to fall within the
match-clients of the view, you can always put a TSIG key in the match-clients
for the view, and then sign the update with that key.
- Ke
On 18 March 2015 at 13:30, Konstantin Stefanov wrote:
> It isn't. But maintaining one file is easier. And having to maintain two
> after five years everything worked fine with one is annoying.
This highlights the need for a test environment, don't apply untested
updates to production systems, it'
On 18.03.2015 16:55, Steven Carr wrote:
> On 18 March 2015 at 13:30, Konstantin Stefanov wrote:
>> It isn't. But maintaining one file is easier. And having to maintain two
>> after five years everything worked fine with one is annoying.
>
> This highlights the need for a test environment, don't a
rOn 18.03.15 17:10, Konstantin Stefanov wrote:
The issue is that named started to detect it since, if I'm not mistaken,
9.7. It happened because such config was leading to bugs, but instead of
fixing the bugs, the whole feature was prohibited.
those bugs _were_ fixed: the in-view statement and
On Wed, Mar 18, 2015 at 11:48:40AM +0300, Constantin Stefanov wrote:
> I see why it may lead to problems.
>
> But in fact the configuration with only one writable file
> referenced several times is suported now. If I write:
>
> view "view1" {
> zone "aaa.exampe.org" {
> maste
On 18.03.2015 17:18, Matus UHLAR - fantomas wrote:
> rOn 18.03.15 17:10, Konstantin Stefanov wrote:
>> The issue is that named started to detect it since, if I'm not mistaken,
>> 9.7. It happened because such config was leading to bugs, but instead of
>> fixing the bugs, the whole feature was prohi
On 18.03.2015 17:41, /dev/rob0 wrote:
> On Wed, Mar 18, 2015 at 11:48:40AM +0300, Constantin Stefanov wrote:
>> I see why it may lead to problems.
>>
>> But in fact the configuration with only one writable file
>> referenced several times is suported now. If I write:
>>
>> view "view1" {
>>
Finally our secondary's server BIND is working
but not the ping/traceroute tools.
Unless one server is up, ping/traceroute does not work on the secondary DNS.
What do I need to find this issue?
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and cou
On 18.03.2015 18:10, wbr...@e1b.org wrote:
> From: Konstantin Stefanov
>
>> The issue is that named started to detect it since, if I'm not mistaken,
>> 9.7. It happened because such config was leading to bugs, but instead of
>> fixing the bugs, the whole feature was prohibited.
>
> "That's not a
Am 18.03.2015 um 16:31 schrieb Konstantin Stefanov:
I wrote earlier and may repeat again. The feature for me is not using
the same file, the feature is having a clear and maitainable config. In
this case it means to have only one description for a zone.
did you ever consider provisioning your
On 18.03.2015 18:37, Reindl Harald wrote:
>
> Am 18.03.2015 um 16:31 schrieb Konstantin Stefanov:
>> I wrote earlier and may repeat again. The feature for me is not using
>> the same file, the feature is having a clear and maitainable config. In
>> this case it means to have only one description f
Are you using IP addresses or domain names when testing? If it works with IP
address, but not with names, the sec. DNS server is lacking proper DNS services
itself.
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of The Doc
In article ,
Jukka Pakkanen wrote:
>Are you using IP addresses or domain names when testing? If it works with =
>IP address, but not with names, the sec. DNS server is lacking proper DNS s=
>ervices itself.
>
Both name and IP Adresses resolve. That is the weird part.
>
>-Original Message-
Am 18.03.2015 um 17:37 schrieb The Doctor:
In article ,
Jukka Pakkanen wrote:
Are you using IP addresses or domain names when testing? If it works with =
IP address, but not with names, the sec. DNS server is lacking proper DNS s=
ervices itself.
Both name and IP Adresses resolve. That is
On Wed, Mar 18, 2015 at 06:11:56PM +0300, Konstantin Stefanov wrote:
> On 18.03.2015 17:41, /dev/rob0 wrote:
> > On Wed, Mar 18, 2015 at 11:48:40AM +0300, Constantin Stefanov wrote:
> >> I see why it may lead to problems.
> >>
> >> But in fact the configuration with only one writable file
> >> ref
On 18.03.2015 20:10, /dev/rob0 wrote:
> On Wed, Mar 18, 2015 at 06:11:56PM +0300, Konstantin Stefanov wrote:
>> On 18.03.2015 17:41, /dev/rob0 wrote:
>>> On Wed, Mar 18, 2015 at 11:48:40AM +0300, Constantin Stefanov wrote:
I see why it may lead to problems.
But in fact the configur
29 matches
Mail list logo
