Re: Anycast DNS

2012-02-29 Thread Barry Margolin
So Google has to be concerned about having diverse routes from many different ISPs, and announcing two /24's facilitates this. Level(3) is only concerned with routing within their network, and their OSPF routing can achieve diversity at the /32 level. -- Barry Margolin Arlington, MA _

Re: More than 4k TXT entries

2012-02-29 Thread Barry Margolin
In article , Darvin Denmian wrote: > I'm asking this because one of the domains configured in my Bind > server have more than 4k TXT entries and its zone file have more than > 400KB. Do you mean 4K TXT entries for a single name, or across all names in the zone? -- Barry Marg

Re: More than 4k TXT entries

2012-02-29 Thread Barry Margolin
;>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59810 NXDOMAIN means the name doesn't exist. Have you checked the log to see if it's getting an error trying to load the zone fie? -- Barry Margolin Arlington, MA ___ Please visit https:/

Re: Anycast DNS

2012-03-01 Thread Barry Margolin
nameserver and withdraw the route automatically if it went down. We just had static routes on the upstream router; if a server went down, the NOCC had to reconfigure the router to take it out of anycast. So we depended on clients timing out and failing over to the backup resolver IPs. -- Ba

Re: RFC 6303 and bind 9.9.0

2012-03-01 Thread Barry Margolin
ts file is usually harmless - it is only a *hint*. Right. One of the first things BIND does after starting up is query one of the root servers to get the current set of root servers. So the only potential problem would be if someone were to hijack one (or more) of the root servers and make it g

Re: RFC 6303 and bind 9.9.0

2012-03-02 Thread Barry Margolin
3600000 IN 2001:500:1::803f:235 i.root-servers.net. 360 IN A 192.36.148.17 i.root-servers.net. 360 IN 2001:7fe::53 -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Master/slave configuration

2012-03-07 Thread Barry Margolin
nce the resolver has to wait for a timeout before failing over to the backup server. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Master/slave configuration

2012-03-08 Thread Barry Margolin
with a > reasonable expire time. :-) Master/slave also predated VIPs. It goes back to the early days of TCP/IP, many years before anyone had ever implemented load balancers, anycast, and other HA solutions. -- Barry Margolin Arlington, MA ___

Re: BIND Lameness

2012-04-03 Thread Barry Margolin
nsvalidation.com/reports/4f7a97bd7d79ee3d420c > > ns3.silverorange.com seems to be down, and the other two nameservers being Since the log message is specifically about ns1, how could ns3's status be relevant? > listed aren't responding to TCP port 53. Why would clementine b

Re: BIND Lameness

2012-04-03 Thread Barry Margolin
In article , Keith Burgoyne wrote: > On 04/03/2012 11:14 AM, Barry Margolin wrote: > > In article, > > Chuck Swiger wrote: > > > >> On 4/2/2012 10:37 PM, Keith Burgoyne wrote: > >> [ ... ] > >>> I've recently replaced the master ser

Re: BIND Lameness

2012-04-04 Thread Barry Margolin
iew cause a lame error? Do you have a copy of all your hosted zones in the internal view? If not, when an internal client makes a query, the server will have to recurse. It will query itself, but my guess is that its own address is also in the internal view, so it won't be able to answer

Re: merging cache and Authoriative

2012-04-17 Thread Barry Margolin
e for all zones listed as "master" or "slave" in named.conf, and caching for all other zones. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

Re: Bind doesn't make zone delegation.

2012-04-19 Thread Barry Margolin
> > view internal { > > match-clients { > > 127.0.0.0/8; > > 172.16.0.0/12; > > }; > > ... > > zone "united-networks.ru" { > > type master; > > file "master/forward/united-networks.ru.internal"; > > allow-

Re: Bind doesn't make zone delegation.

2012-04-20 Thread Barry Margolin
> >>> 127.0.0.1; > >>> 172.16.0.1; > >>> 172.16.1.1; > >>> 172.16.2.1; > >>> 172.31.0.1; > >>>

Re: SERVFAIL with ocsp.entrust.net.

2012-04-24 Thread Barry Margolin
hounn1.oamp.sgns.net. > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56868 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; AUTHORITY SECTION: > oamp.sgns.ne

Re: Convice Bind to listen on IP alias with a range of IPs.

2012-05-01 Thread Barry Margolin
ut, this is apparently a Linux extension to the loopback interface -- giving it a wider subnet mask automatically aliases the other addresses in the range. But this is done in a way that BIND can't take advantage of through the normal socket calls. -- Barry Margolin Arlington, MA

Re: Host command timing out sporadically

2012-05-02 Thread Barry Margolin
names by default; when given an IP, it converts it to the corresponding IN-ADDR.ARPA name and does a PTR lookup. Does it also have a similar heuristic for IPv6 addresses? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/list

Re: New to BIND - Setting up slaveserver

2012-05-07 Thread Barry Margolin
ip address supplied (Master). > > allow-notify is a list of additional addresses to notify about zone changes > other than those listed as "NS" records in your zone files. Isn't that ALSO-notify? -- Barry Margolin Arlington, MA _

Re: Configuring CNAME for nosslsearch.google.com

2012-05-08 Thread Barry Margolin
;- > > But this does not work. Can you tell me whats wrong? > > Greetings, > > Tobias "#" isn't the comment character in DNS zond files, ";" is. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc

Re: DNSSEC

2012-05-09 Thread Barry Margolin
e. But DNSSEC is new enough that there tend to be more failures of this kind, even by organizations that until now have seemed to know what they're doing. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-use

Re: DNSSEC

2012-05-09 Thread Barry Margolin
resolver to check. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: DNSSEC

2012-05-10 Thread Barry Margolin
In article , Tony Finch wrote: > Barry Margolin wrote: > > > > [Validation is] only untroublesome until someone screws things up on > > their auth server. When one of your users can't access something.gov, > > they'll complain to YOU, even though it's

Re: Secondary Master

2012-05-11 Thread Barry Margolin
nary slave -- nothing to do with turning that slave into a replacement master. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: bind multiple instances

2012-05-18 Thread Barry Margolin
m to have different default directories. Use the listen-on option in each named.conf to specify the IP that it uses. However, for most purposes where you might want to have multiple instances, you can achieve the same thing with views. What are you trying to do that views doesn't accommod

Re: Reverse zone delegation for 172.16.16.0/20 - HOW TO?

2012-05-18 Thread Barry Margolin
ENERATE 0-256 $.31.16.172.in-addr.arpa. IN CNAME > $.0.31/20.16.172.in-addr.arpa. This technique is really only needed for delegations of blocks smaller than /24. For anything larger, just do multiple delegations. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Checking for zone expiration?

2012-05-21 Thread Barry Margolin
attempts. I was wondering if there's a > way to check the remaining time on a zone for monitoring? If you fetch > the SOA, you get the full ttl, for obvious reasons, not the server's > timer... Check the modification time of the zone file on the slave server, that'

Re: different between views and having multiple instances

2012-05-24 Thread Barry Margolin
only affects specified views. Even if you don't have to stop the server, you might want to run separate instances so that there's less danger of breaking the named.conf used by the production server during testing. -- Barry Margolin Arlington, MA __

Re: different between views and having multiple instances

2012-05-25 Thread Barry Margolin
g you're running on one of the instances, since each VM will have to run the full OS and background processes. But if you want to have a general testbed, it seems like a good fit. -- Barry Margolin Arlington, MA ___ Please visit https://lists.

Re: forwarders

2012-05-28 Thread Barry Margolin
r? Your ISP needs to delegate the reverse DNS to your servers. This should have been necessary all along. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: How to handle zones that need to be the same in all views?

2012-06-11 Thread Barry Margolin
; with the slaved data being identically visible to all views. > >> > >> In a perfect world, BIND would let me tell it that some zones were > >> global to all views, but this feature doesn't seem to exist. > >> > >> Does anyone have any suggest

Re: How to handle zones that need to be the same in all views?

2012-06-12 Thread Barry Margolin
r recursive queries. I think he's dealing with an auth server. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org http

Re: How to handle zones that need to be the same in all views?

2012-06-13 Thread Barry Margolin
r only has one view, while the slave has multiple views. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.i

Re: BIND ignores changes in zonefiles

2012-06-14 Thread Barry Margolin
is log message showed that it loaded the correct file, or at least a file with the correct serial number. How about this: does the server use "views"? If the zone is in multiple views, you may only be updating one of them. -- Barry Margolin Arlington, MA ___

Re: Moving DNS out of non-cooperative provider

2012-06-18 Thread Barry Margolin
ers. Are recent versions of BIND better about this? What about other caching DNS implementations? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing li

Re: Moving DNS out of non-cooperative provider

2012-06-18 Thread Barry Margolin
zones I would suggest > that you send them a Cease and Decist notice if they are still doing > it. Aren't client nameservers supposed to ignore the extra records from the server following the CNAME, since the brandeis.edu zone isn't delegated to those servers? -- Barry Margoli

Re: Moving DNS out of non-cooperative provider

2012-06-19 Thread Barry Margolin
gt; > Here's a tip for anyone running an open DNS hosting service: you can use > "additional-from-auth no; additional-from-cache no;" to reduce problems of > this kind. Good ideas, but if you're a customer there's not much you can do about this. -- Barry Margoli

Duplicates in newsgroup gateway

2012-06-25 Thread Barry Margolin
I read bind-users through the comp.protocols.dns.bind newsgroup. I'm seeing lots of duplicate posts. Most of the replies in the "CNAME Rules" thread showed up twice. Is there a problem with the gateway? -- Barry Margolin Arlington, MA ___

Re: Understanding cause of DNS format error (FORMERR)

2012-06-26 Thread Barry Margolin
pe of inconsistency often suggests a DNS-based load balancer is involved. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: OpenSSL problem: bind98-base FreeBSD port

2012-07-08 Thread Barry Margolin
gure script doesn't have any information in it about disabling > >> individual ciphers. > > > > I wouldn't accept it anyway. For better or worse, GOST is part of the > > protocol. > > Okay. > > So to answer my earlier question, what file were yo

Articles not getting gatewayed to news

2012-07-09 Thread Barry Margolin
in replies, but I never see those intermediate messages. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.or

Re: Survey - how many people running ISP nameservers define "minimal-responses" - was Re: What is the deal on missing "Authority Section" and "additional section" from google's DNS servers?

2012-07-11 Thread Barry Margolin
policy: Caching nameserver: minimal-responses yes. The clients of these are primarily stub resolvers, which probably won't cache the additional data, so it's a waste of bandwidth and could potentially cause problems. Authoritative nameserver: minimal-responses no. The clients

Re: Survey - how many people running ISP nameservers define "minimal-responses" - was Re: What is the deal on missing "Authority Section" and "additional section" from google's DNS servers?

2012-07-12 Thread Barry Margolin
In article , Mark Andrews wrote: > In message , Barry > Margolin writes: > > In article , > > "Michael Hoskins (michoski)" wrote: > > > > > while it's largely personal preference -- i generally like to "be > > > conservative in

Re: Weird stuff with one host... :-S

2012-07-15 Thread Barry Margolin
In article , Michelle Konzack wrote: > ANY hosts are working from any workstations/servers except > on . Views? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

Re: erros on slave "server refresh: unexpected rcode (NXDOMAIN)"

2012-07-23 Thread Barry Margolin
domain.example.com, the master replies with an NXDOMAIN error, indicating that the name domain.example.com doesn't exist. I think you have a typo in one of your named.conf files, so the zone names aren't matching. -- Barry Margolin Arlington, MA _

Re: dig: Transfer failed

2012-07-24 Thread Barry Margolin
.in-addr.arpa. /etc/bind/db. > outputs "OK" too. > > What should I check? > > Cheers Check the 'allow-transfer' option in your named.conf. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/

Re: ho to filter hundeds of domains ?

2012-08-30 Thread Barry Margolin
y're wrong technically > (see O'Reilly's answer). What about legally? Many are doing it because the government requires it. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe fro

Re: ho to filter hundeds of domains ?

2012-08-31 Thread Barry Margolin
In article , sth...@nethelp.no wrote: > I sometimes suspect their view is of the type "We must do something. > This is something, therefore we must do it." Or more like "We know we can't do it perfectly, but this is better than nothing." -

Re: cache does truely in local and doesn't work in remote

2012-09-02 Thread Barry Margolin
t; DiG 9.8.1-P1 <<>> yahoo.com @184.22.226.206 > ;; global options: +cmd > ;; connection timed out; no servers could be reached > > > > What do i set to solve it? My guess is you need to open TCP and UDP port 5

Re: cache does truely in local and doesn't work in remote

2012-09-02 Thread Barry Margolin
;No servers could be reached", that's why I thought it was a communication problem. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list

Re: Dynamically Reducing TTL of few selected ResourceRecords

2012-09-30 Thread Barry Margolin
st the default for records with no explicit TTL (which in most zone files is all of them). -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bin

Re: Dynamically Reducing TTL of few selected ResourceRecords

2012-09-30 Thread Barry Margolin
n a removed entry though. That's not correct. If you ask a caching server for ANY records, it will just return the types that happen to be in its cache. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bin

Re: about DNS RRL

2012-10-17 Thread Barry Margolin
how can it stop the real > life attack? You're thinking that the rate limit is intended to protect YOUR server. It's actually to prevent your server from being used as a reflector to attack some OTHER server. The spoofed addresses all point to that server. --

Re: BIND does not answer

2012-10-24 Thread Barry Margolin
IND doesn't see it, my guess would be a packet filter on B. I assume tcpdump gets to see packets before they go through the filter. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: forwarder is ignored when authoritative zone is added

2012-10-26 Thread Barry Margolin
tative for the zone, and there are no NS records delegating the subdomain away, it doesn't need to recurse and just returns what it has (in this case the record synthesized from the wildcard). Why not configure your resolvers as slaves or stubs for the internal subdomain? -- Barry Margolin

Re: Spotty Lookups on One of Our Networks

2012-10-30 Thread Barry Margolin
e not having any > problems like this. > > There seems to be no reason why some remote domains > work and others don't. I am asking on this list in hopes that > somebody has seen something like this somewhere else and found > the cause. > > Thank you. > >

Re: Spotty Lookups on One of Our Networks

2012-10-31 Thread Barry Margolin
oast servers. Resolvers should work around this by failing over to other servers (assuming the organization has them geographically distributed, as NOAA.GOV does), but dig +trace doesn't. -- Barry Margolin Arlington, MA ___ Please visit https://li

Re: Need to improve named performance

2012-11-12 Thread Barry Margolin
es. It doesn't control the applications that send log messages in the first place, that's controlled by the application's own configuration. named doesn't log queries unless you tell it to. -- Barry Margolin Arlington, MA ___ Please vi

Re: SPF records in reverse zones?

2012-12-05 Thread Barry Margolin
ss to have SPF records to support them. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Can we load balance traf[f]ic for CNAME records?

2012-12-14 Thread Barry Margolin
In article , SM wrote: > See RFC 6186. Verify whether the mail clients support that specification. Are there any mail clients that support this yet? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-us

Re: Can we load balance traf[f]ic for CNAME records?

2012-12-14 Thread Barry Margolin
In article , "Novosielski, Ryan" wrote: > Won't the DNS server randomly report the the defined IP addresses? RFC 6186 is about using SRV records, not round-robin DNS. > - Original Message - > From: Barry Margolin [mailto:bar...@alum.mit.edu] > Sent: Friday,

Re: "Short" domains...

2012-12-17 Thread Barry Margolin
ead of the servers listed in the NS records of the zone. It sounds like the legacy app is sending queries without the Recursion Desired flag set. Is the above server your caching server or authoritative server? You could configure the server as a slave for the selfservice zone. -- Barry Margo

Re: Wildcard CNAME record?

2013-01-16 Thread Barry Margolin
ll never occur. They're the DNS equivalent of trees falling in a forest. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: MNAME not a listed NS record

2013-01-16 Thread Barry Margolin
ic tools throw warnings, but as far as I can > > tell from the RFCs, this is a valid configuration. Is it valid? Are there > > any operational gotchas to be aware of or can I ignore the "warnings"? Consider this a sanity check, in

Re: MNAME not a listed NS record

2013-01-16 Thread Barry Margolin
In article , Chuck Swiger wrote: > On Jan 16, 2013, at 1:42 PM, Barry Margolin wrote: > > In article , > > Chuck Swiger wrote: > > > >> On Jan 16, 2013, at 12:40 PM, Dave Warren wrote: > >>> Is there anything technically wrong with having a SOA MN

Re: MNAME not a listed NS record

2013-01-16 Thread Barry Margolin
In article , Chuck Swiger wrote: > On Jan 16, 2013, at 4:30 PM, Barry Margolin wrote: > [ ... ] > >>>> On Jan 16, 2013, at 12:40 PM, Dave Warren wrote: > >>>>> Is there anything technically wrong with having a SOA MNAME field that > >>>>&g

Re: MNAME not a listed NS record

2013-01-17 Thread Barry Margolin
In article , Dave Warren wrote: > Because it is actually the master, and from what I can tell, the slaves > will check against the MNAME to confirm whether they're up to date or not. No, slaves check against the IPs listed in the "master" clause in their named.conf

Re: question about dns query distribution

2013-02-08 Thread Barry Margolin
w what other DNS > implementations do. His question is about a caching NS, not the authoritative servers listed in NS records. So the distribution is dependent on how client resolvers behave, not how other BIND servers operate. -- Barry Margolin Arlington, MA

Re: 3rd party CNAMEs and open recursion

2013-03-04 Thread Barry Margolin
anslate it. What's the problem? If the query comes from a local user, recursion will be allowed, and the CNAME will be resolved. If the query comes from a remote resolver, recursion shouldn't even be requested. You'll respond with the CNAME, and the remote resolver will then

Re: Overriding Included Zone File Entries

2013-03-05 Thread Barry Margolin
al config structure that has worked for someone > trying to do a similar setup? Instead of one include file for everything, use separate include files: $INCLUDE db.common.mail.inc $INCLUDE db.common.www.inc $INCLUDE db.common.spf.inc Then you can omit some $

Re: I'm having thousands of queries a domain isc.org and this increases my cpu percentage to 100%. That may be happening and how I can control this? is an attack? attachment of the log I made an updat

2013-04-16 Thread Barry Margolin
gle.com, www.yahoo.com, etc.), not just isc.org? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: “Foreign” name in the reverse lookup zone

2013-04-17 Thread Barry Margolin
n put " PTR foo.company.com." in their reverse zone. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: How does bind select what master to use?

2013-04-29 Thread Barry Margolin
bers retrieved from each and prefers the one with the highest > value. But if all of them have the same serial (and they're all higher than the local value, of course), how does it decide which one to transfer from? -- Barry Margolin Arlington, MA

Re: Classless PTR query issue

2013-05-07 Thread Barry Margolin
f 64-26.1.1.1.in-addr.arpa. But the client IP appears to be one of your own addresses. They should be pointing to your caching server, not the authoritative server. It should then follow the ISP's delegation. If you're using the same server for auth and caching, you need to pu

Re: Classless PTR query issue

2013-05-07 Thread Barry Margolin
zone. The problem with this is that the responses will claim authority for the /24, even though the ISP is supposed to be authoritative. This may cause some servers to reject the responses (or worse, cache these authority records and lose the ability to do reverse lookups in the rest of the /24).

Re: Help on NXDOMAIN to try next forwarder in the list

2013-05-30 Thread Barry Margolin
t; upon in the /etc/hosts file. > > > > nameserver 8.8.8.8 > > nameserver 4.4.2.2 > > nameserver 4.1.2.2 No. /etc/resolv.conf failover only happens on errors, not NXDOMAIN responses. -- Barry Margolin Arlington, MA ___ Please visit https://li

Re: Help on NXDOMAIN to try next forwarder in the list

2013-05-31 Thread Barry Margolin
nsive use of caching, and it's understood that there will be windows during which different clients may have different views of a record. TTLs, refresh times, and NOTIFY allow DNS administrators to limit the size of those windows. Application developers are expected to work around

Re: any requests

2013-06-03 Thread Barry Margolin
it should recurse is when it doesn't have the name in its cache yet. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: any requests

2013-06-03 Thread Barry Margolin
ady has the name in cache, the ANY query will just return it, not force a recursion. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-use

Re: any requests

2013-06-03 Thread Barry Margolin
retty certain that if you direct this to the BIND server the second query will only return the A record, not the MX record. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

Re: any requests

2013-06-06 Thread Barry Margolin
ther queries. Unless the links in the CNAME chain are in the same bailiwick, isn't the client going to ignore them and follow them itself, to avoid cache poisoning? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listi

Re: Answers from cache or authority section?

2013-06-25 Thread Barry Margolin
use, another for external. The external view should contain the public NS records and other records for publicly-accessible servers; the internal view can contain internal NS records and all the machines on your LAN. -- Barry Margolin Arlington, MA __

Re: servfail response message question

2013-06-26 Thread Barry Margolin
erver should return a delegation to the LB, and then the caching server should query the LB. Regarding the problem as you state it, is the LB responding authoritatively? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/l

Re: servfail response message question

2013-06-26 Thread Barry Margolin
mail-to-news gateway? > Ryan ________ From: Barry Margolin > To: comp-protocols-dns-b...@isc.org Sent: Wednesday, > June 26, 2013 10:24 AM Subject: Re: servfail response message question In > article , RYAN > CHERVENKA wrote: > I currently have a domain > example

Re: Reverse address entries

2013-07-02 Thread Barry Margolin
sshd: *.yourdomain.com then the server will do a reverse lookup and forward validity check before testing whether the hostname ends in .yourdomain.com. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to

Re: RFC requirements for relative CNAME targets?

2013-07-18 Thread Barry Margolin
answer off the top of their head. All names in a zone file that do not end with "." get the $ORIGIN appended to them. This is required by the zone file specification. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.or

Re: IPv4 not working reverse on > /24 cidr

2013-07-22 Thread Barry Margolin
zone "128/27.1.10.10.IN-ADDR.ARPA" { > type master; > file "/usr/named/rev/10.10.1.128.rev"; > }; Do you also have a 1.10.10.in-addr.arpa zone, and does it have all the necessary CNAME records pointing x.1.10.10.in-addr.arpa to x.128/27.1.10.10.in-addr.arpa?

Re: New warning message...

2013-07-22 Thread Barry Margolin
mail to bar...@alum.mit.edu is automatically forwarded by the alum.mit.edu server to my ISP email address. Many people also have vanity domains with auto-forwarding enabled like this. Who should the sender be changed to? AFAIK, it has never been standard practice to rewrite the sender when simp

Re: IPv4 not working reverse on > /24 cidr

2013-07-22 Thread Barry Margolin
out that it should look in the RFC 1918 zone? The CNAMEs are the link between the normal reverse DNS name and the CIDR-style name. There's nothing automatic about RFC 1918. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mail

Re: BIND slave stops updating from master after 1-3 days

2013-07-30 Thread Barry Margolin
or loading the zone file, it will make itself non-authoritative, to avoid propagating the errors to slaves. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-user

Re: Internernal view is answering to external ping

2013-07-31 Thread Barry Margolin
R.ARPA" { > >> // type master; > >> // file "/etc/empty"; > >> //}; > >> > >> > >> > >> // zone "com" { type delegation-only; }; > >> // zone "net" { type delegation-only; }; >

Re: How does it work, if I don't give the named.ca information for cache only dns server

2013-08-10 Thread Barry Margolin
In article , Sury Bu wrote: > Can anyone who can tell me How the cache server can query without given > named.ca? BIND has a default list of root servers built into the code. These are used if no "type hint" zone is in the named.conf. -- Barry Margol

Re: code understanding

2013-08-21 Thread Barry Margolin
discussion of contributions to the public BIND code, not just personal interest). -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.

Re: rndc flush and TTL values

2013-08-22 Thread Barry Margolin
. Is this the > expected behavior. > Thanks > S Do you use forwarders for other zones beside makemytrip.com? If you forward to a caching server, you'll get their TTLs when you re-query afte flushing, not the TTLs from the authoritative servers. -- Barry Margolin Arlington, MA __

Re: rndc flush and TTL values

2013-08-22 Thread Barry Margolin
In article , sumsum 2000 wrote: > Yes, i do have other zones beside makemytrip.com. Thanks for the info In particular, do you use forwarders for abc.com, and are you forwarding to a caching server? > > > On Thu, Aug 22, 2013 at 5:11 PM, Barry Margolin wrote: >

Re: Strange problem with a query deleting a record...

2013-08-23 Thread Barry Margolin
Site Selectors) > > and work around it by having a "shadow" version of the zone, which the > > GSSes proxy to for QTYPEs they don't handle. That "shadow" version of > > the zone has a wildcard entry in it which forces responses to be NODATA > >

Re: Strange problem with a query deleting a record...

2013-08-24 Thread Barry Margolin
NOERROR. Maybe there's a configuration option in squid that tells it not to try to use IPv6, so it won't request records. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this

Re: nxdomain

2013-08-29 Thread Barry Margolin
come broken again. > > So I guess those 3rd party servers I've tested still use te older and > "fixed" version. What does your /etc/resolv.conf look like? This looks like it might be an "ndots" issue, causing host (and other applications that use the defau

Re: Problem with "authoritative answer"

2013-09-11 Thread Barry Margolin
s in the client or registering the amanda > server by IP? > > Is there a DNS fix? Do I need to update by DNZ zone file to make the > other domains DNS, which only has forwarder records for us, authoritative > by adding an NS record for it? > > A

Re: Synthesized CNAME from NXDOMAIN

2013-10-04 Thread Barry Margolin
> the new namespace. Anyway, there might not be an easy way to to do it, and > we might just have to lose our safety net, but I wanted to ask users on the > list if there's some obscure configuration that might be helpful. Isn't this what DNAME is for? -- Barry Margolin

Re: authoritative rDNS

2013-10-09 Thread Barry Margolin
ly for the NS records they show it: $ dig @8.8.8.8 -x 23.235.75 ns ;; ANSWER SECTION: 75.235.23.in-addr.arpa. 21600 IN NS ns2.qcislands.net. 75.235.23.in-addr.arpa. 21600 IN NS ns.qcislands.net. -- Barry Margolin Arlington, MA ___ Please visit https

  1   2   3   4   5   6   >