Matthew Pounsett wrote:
>
> Privsep doesn't actually fix the same problem chroot does. As I
> understand it, privsep reduces the attack surface for remote execution
> exploits by shuffling off privileged operations to a separate process, but
> if that process isn't chrooted and it has a remote c
Hello
We are facing a resolving problem on BIND DNS when adding a CNAME RR for
root domain and other records.
Do you have any work around since it is not feasible as per the following
article http://www.faqs.org/rfcs/rfc1034.html RFC1034 section 3.6.2?
Example:
Domain.com CNAME x.y.c
On Wed, Apr 27, 2016 at 02:55:18PM +0300,
Daniel Dawalibi wrote
a message of 99 lines which said:
> We are facing a resolving problem on BIND DNS when adding a CNAME RR
> for root domain and other records.
I don't think that you manage the root domain so you probably mean
that you want to add
On 27 April 2016 at 03:07, Tony Finch wrote:
> Matthew Pounsett wrote:
> >
> > Privsep doesn't actually fix the same problem chroot does. As I
> > understand it, privsep reduces the attack surface for remote execution
> > exploits by shuffling off privileged operations to a separate process,
>
On Wed, Apr 27, 2016, at 06:30 AM, Matthew Pounsett wrote:
> > Actually it is normal for privsep processes to chroot themselves, usually
> > to /var/empty - e.g.
>
> Right, so "no chroot necessary" (which is what I was responding to) isn't
> accurate.
Oh. That's not what I got out of your comm
Assuming you mean this (notice the dots):
Domain.com. CNAME x.y.com.
www CNAME x.y.com.
it should work. Some people believe that you can't have other records
at names below a name with a CNAME, but they are mistaken.
On the other hand, this will not work.
domain.com. CNAME x.y.com.
Hello John
The below is not working on our BIND version BIND 9.10.0-P2 unless it is
working on other version
Domain.com. CNAME x.y.com.
www CNAME x.y.com.
Errors returned when adding these records:
general: dns_master_load: ourweddingaccount.com.db.inter:13:
ourweddingaccount.com: CNAME
On 27 April 2016 at 06:56, John Levine wrote:
> Assuming you mean this (notice the dots):
>
> Domain.com. CNAME x.y.com.
> www CNAME x.y.com.
>
No, this does not work. You're forgetting what goes around the example
records:
domain.com. IN SOA ...
domain.com IN CNAME x.y.com.
domain.com
In article ,
"John Levine" wrote:
> Assuming you mean this (notice the dots):
>
> Domain.com. CNAME x.y.com.
> www CNAME x.y.com.
>
> it should work. Some people believe that you can't have other records
> at names below a name with a CNAME, but they are mistaken.
The problem isn't w
Hello Barry
DNS registrar that can offer this option by using apex/naked/root domain
redirection
Regards
Daniel
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Barry Margolin
Sent: 27 April, 2016 5:23 PM
To: comp-protocol
On Wed, Apr 27, 2016 at 05:05:50PM +0300,
Daniel Dawalibi wrote
a message of 52 lines which said:
> our setup requires a CNAME record.
Bad setup. (And has always been bad.)
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs
On Wed, Apr 27, 2016 at 01:56:27PM -,
John Levine wrote
a message of 23 lines which said:
> Assuming you mean this (notice the dots):
>
> Domain.com. CNAME x.y.com.
> www CNAME x.y.com.
>
> it should work.
I disagree. I have the same experience as Daniel Dawalibi, it does not
wo
If your domain is ourweddingaccount.com, and you're looking to have
the apex record
ourweddingaccount.com.CNAME some.other.domain.
but still host other records in the ourweddingaccount.com zone, you
can't. That's not how CNAME records work. A CNAME record is an alias
for a particular _l
On 27 April 2016 at 07:26, Stephane Bortzmeyer wrote:
> On Wed, Apr 27, 2016 at 05:05:50PM +0300,
> Daniel Dawalibi wrote
> a message of 52 lines which said:
>
> > our setup requires a CNAME record.
>
> Bad setup. (And has always been bad.)
>
>
This isn't really his fault. The OP's goal shoul
On Wed, Apr 27, 2016 at 05:26:53PM +0300,
Daniel Dawalibi wrote
a message of 50 lines which said:
> DNS registrar that can offer this option by using apex/naked/root
> domain redirection
Sorry, but I cannot parse this sentence.
Also, as I said, this is not about the root, it is about your
ou
On Wed, Apr 27, 2016 at 10:23:19AM -0400,
Barry Margolin wrote
a message of 28 lines which said:
> You would only be able to do this if you could put the CNAME record
> in the parent domain, instead of delegating domain.com to your own
> server. But do any domain registrars support that optio
On Wed, Apr 27, 2016 at 07:32:48AM -0700,
Matthew Pounsett wrote
a message of 49 lines which said:
> One of these days I'd like to lead a serious lobbying effort against
> the browser developers at the W3C to have SRV records for HTTP
> standardized.
I fully agree and, if you're brave enough
Any thoughts on a service like Cloudfare's 'CNAME Flattening' [1]?
[1]
https://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cnames-at-a-domains-root/
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Steph
Assuming you mean this (notice the dots):
Domain.com. CNAME x.y.com.
www CNAME x.y.com.
No, this does not work. You're forgetting what goes around the example
records:
domain.com. IN SOA ...
domain.com IN CNAME x.y.com.
domain.com IN NS ...
www.domain.com. IN CNAME x.y.com.
Oh, rig
On 27 April 2016 at 07:42, Baird, Josh wrote:
> Any thoughts on a service like Cloudfare's 'CNAME Flattening' [1]?
>
> [1]
> https://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cnames-at-a-domains-root/
It's possible. We do a similar thing at eNom... we allow end-users to
in
On 27 April 2016 at 07:40, Stephane Bortzmeyer wrote:
> On Wed, Apr 27, 2016 at 07:32:48AM -0700,
> Matthew Pounsett wrote
> a message of 49 lines which said:
>
> > One of these days I'd like to lead a serious lobbying effort against
> > the browser developers at the W3C to have SRV records fo
In article ,
"Baird, Josh" wrote:
> Any thoughts on a service like Cloudfare's 'CNAME Flattening' [1]?
>
> [1]
> https://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cnames-
> at-a-domains-root/
Akamai has had a similar feature in their EDNS service for years.
One problem t
> But this is getting way off topic for BIND-users, and should probably be
> moved to dns-operati...@dns-oarc.net if we want to continue.
Much obliged!
John
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this lis
Thank you for your response. Basically what I am trying to do is migrate
the BIND server from a Centos 5.11 machine to a CentOS 7.2 machine. The
BIND on CentOS 5.11 was compiled manually by source and its named.conf file
looks very different than what CentOS/Red Hat provides in the RPM package
nam
At the same time, the browser developers, almost without exception, refuse
to implement SRV because they don't like the idea that they might have to
do another DNS lookup prior to displaying a web page. And they lobby the
W3C pretty hard to not standardize SRV for HTTP.
That's a pretty serious i
On 27 April 2016 at 08:34, Sean Son
wrote:
> Thank you for your response. Basically what I am trying to do is migrate
> the BIND server from a Centos 5.11 machine to a CentOS 7.2 machine. The
> BIND on CentOS 5.11 was compiled manually by source and its named.conf file
> looks very different tha
>> You would only be able to do this if you could put the CNAME record
>> in the parent domain, instead of delegating domain.com to your own
>> server. But do any domain registrars support that option?
>
>And would the registry (here, Verisign) accept it? As far as I know,
>no.
This smells a lot
Thank you for your responses guys. Here is a n00b question: Because this
new server will be a slave DNS server, do I have to manually copy the zone
files from the current slave DNS server (The CentOS 5.11) one, or does the
new server automatically get the zones from the master DNS server?
Thanks
In article ,
"Baird, Josh" wrote:
> Any thoughts on a service like Cloudfare's 'CNAME Flattening' [1]?
>
> [1]
> https://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cnames-at-a-domains-root/
Does anyone else find themselves mentally yelling "apex!" whenever they
read the
On Wed, Apr 27, 2016 at 11:52 AM, Sean Son wrote:
> Thank you for your responses guys. Here is a n00b question: Because this
> new server will be a slave DNS server, do I have to manually copy the zone
> files from the current slave DNS server (The CentOS 5.11) one, or does the
> new server auto
Baird, Josh wrote:
> Any thoughts on a service like Cloudfare's 'CNAME Flattening' [1]?
>
> [1]
> https://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cnames-at-a-domains-root/
Run a command like this from cron
aname example.com www.example.com | nsupdate -l
Using th
On Wed, Apr 27, 2016 at 11:39 AM, John R. Levine wrote:
> At the same time, the browser developers, almost without exception, refuse
>> to implement SRV because they don't like the idea that they might have to
>> do another DNS lookup prior to displaying a web page. And they lobby the
>> W3C pre
In article ,
Sam Wilson wrote:
> In article ,
> "Baird, Josh" wrote:
>
> > Any thoughts on a service like Cloudfare's 'CNAME Flattening' [1]?
> >
> > [1]
> > https://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cname
> > s-at-a-domains-root/
>
>
> Does anyone else find t
33 matches
Mail list logo
