bind caching dns

? Regards, Ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

DNSSEC

, Ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: DNSSEC

Hi, How's your experience with DNSSEC while using it with caching dns and authoritative dns ? If we are using DNSSEC enable with caching resolver, and remote domain is not DNSSEC enabled so in that case , do we face any problem, means any failure or something? Regards, Ben Gaurav K

erros in logs

/IN': 2001:500:90:1::31#53 error (network unreachable) resolving 'ns-921.amazon.com/A/IN': 2001:500:94:1::31#53 Network unreachable mean, dns can not resolve query or something in network / firewall problem ? some says format error and all. Thanks, Ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: erros in logs

Hi, Currently we using ipv4 network for our customers and all.By the way, we do not block any ipv6 , so why we got ipv6 resolution as network unreachable in logs? On 10/05/12 09:47, Ben wrote: Hi, I just enable bind as caching name server and when watching logs i got below erros. It

Re: bind caching dns

Hi Matthew, Sorry for late response.I enabled statistics-channel , and it gives web based output.What is caching hit ratio filed , i mean which option / filed tell us about how many queries comes from cache or...? BR Ben On 08/05/2012 10:09, Ben wrote: I am new with bind.I am trying to

Re: bind caching dns

Hi, Any clue to resolve this. BR Ben Hi Matthew, Sorry for late response.I enabled statistics-channel , and it gives web based output.What is caching hit ratio filed , i mean which option / filed tell us about how many queries comes from cache or...? BR Ben On 08/05/2012 10:09, Ben wrote

Re: bind caching dns

Hi Warren, I am not pointing any problem to anyone like late response or other things, if u feel like that sorry for the same. Actually i took time to try to find answer from myself and even try to do it from google. But unfortunately, I am not finding proper clue. BR, Ben On May 15

Operation cancelled Error

machine : /usr/local/nom/bin/resperf -s 10.115.1.231 -d /root/dnsperf_test_queries.tsv DNS Resolution Performance Testing Tool Nominum Version 2.0.0.0 [Status] Command line: resperf -s 10.115.1.231 -d /root/dnsperf_test_queries.tsv [Status] Sending [Status] Reached 65536 outstanding queries [St

Re: Operation cancelled Error

Hello, Any reply please... Regards, Ben Hi, I am doing load testing for bind as caching dns server.Fro that i configure one machine as client and one as server.I setup bind as caching dns server and set recursive-clients 3. While doing load test from client machine via resperf, i got

Re: Operation cancelled Error

Hi Jeremy, Thanks for your kind response. On Thu, 24 May 2012, Ben wrote: version: 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 CPUs found: 8 worker threads: 8 number of zones: 19 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is ON recursive clients: 6400

Re: Operation cancelled Error

6000-6500 , and then goes back to 0.. Is there anything remaining in bind to configure or any issue in OS? I would request you to please suggest me to solve this. Regards, Ben Hi Jeremy, Thanks for your kind response. On Thu, 24 May 2012, Ben wrote: version: 9.7.3-P3-RedHat-9.7.3-8.

Re: Operation cancelled Error

Dear ISC Team, Any suggestions please. Regards, Ben Hi, I tried all things to avoid current problem, but still same.Can we have information that why bind shows "Operation canceled" error in named.run file? and why bind does not take full power?when i do load test and same tim

Re: Operation cancelled Error

Dear ISC Team, Any input please, if is there anything from my side, kindly suggest me. Best Regards, Ben Dear ISC Team, Any suggestions please. Regards, Ben Hi, I tried all things to avoid current problem, but still same.Can we have information that why bind shows "Operation can

getting edns disabling message in logs

A' (in '.'?) after disabling EDNS How to check that current bind installation has EDNS enabled or ? what could be reason behind it? we do not disable any EDNS in named.conf. Please suggest me to resolve it. Bind version : BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 Regards, Ben _

Re: getting edns disabling message in logs

Hi Tony, Thanks for your kind response. Disabling EDNS due to firewall misconfiguration, raise any problem to DNS activity.? I mean my users face any name resolution problesms or ...? Is there any way that we can show that current disabling EDNS happens by firewall issue ? Regards, Ben

Operation Cancelled Error

11:47:42.731 lame-servers: info: error (operation canceled) resolving 'technologie.gazeta.pl/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.731 lame-servers: info: error (operation canceled) resolving 'ns1.kasperskylabs.net/A/IN': 8.8.8.8#53 10-Jul-2012 11:47:42.732 lame-servers: info

Re: Operation Cancelled Error

Hi, On Jul 10, 2012, at 2:25 AM, Ben wrote: Hi, We deploy BIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 and trying to do load test while doing it we got so many erros logs in named.run. I must admit to being a little confused… It *looks* to me like you are forwarding all queries to 8.8.8.8? (If

Re: Operation Cancelled Error

misconfiguration or something else? If someone share his experience with it, What are the maximum QPS handled by bind? that is good to understand more. Regards, Ben Hi Ben, At 05:37 11-07-2012, Ben wrote: Actually, I am doing load testing with my CACHING DNS SERVER, and for that i setup one

Re: Operation Cancelled Error

How to check from 10 queries, which are on cache and which are not ? Still, my question is open.. Dear ISC team, can you please suggest what happend with my caching DNS load test.? I mean, want to find root cause of it. Den 12. juli 2012 kl. 01:49 skrev Ben : If someone share his

rndc stats command

append fresh/new named statistics to defined fiel, is it so? Or is there any interval for rndc / named to generate fresh/new statistics.? Kindly correct me if I am missing something... Regards, Ben ___ Please visit https://lists.isc.org/mailman

Re: rndc stats command

output from it by any command or something? My concern is that to find QPS / no. of queries per RR / hit ratio. Best Regards, Ben On Jul 18 2012, Ben wrote: Hi, As per man page and my understanding rndc stats writes a current named statistics into defined file in named.conf so suppose, if i

Queries aborted due to Quota

resource limitation or ? BIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 Regards, Ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org

Re: Queries aborted due to Quota

or link from which, we can read about rndc stats commands in deep or any FAQ/Information about general error messages regarding bind services. Best Regards, Ben Hi, I am monitoring rndc stats output and got ++ Resolver Statistics ++ [Common] 82121 queries aborted due to quota

Recursive client query rate-limiting

king about. Thanks, .Ben Bridges. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list

Re: record PTR

The in-addr.arpa domain for your IP space will need to be delegated to your DNS servers. That generally happens at the entity that assigned the block. For instance ARIN, RIPE, or APNIC. On Thu, Mar 14, 2024, 8:06 AM wrote: > Hello, please, I want to know if I need to delegate a range of IP > add

Re: record PTR

@0 -x 197.242.181.69', it works. Do I need to request a > delegation of 197.242.181.69 to the name servers ns1.sami.tn? > > > > *De :* Ben Croswell > *Envoyé :* jeudi 14 mars 2024 13:10 > *À :* RAHAL Sami SOFRECOM ; ML BIND Users < > bind-users@lists.isc.org> >

Re: log for one domain

We rip the logs apart put them into a database with a web front end. We watch for 6 months then remove ones with no traffic. On Mar 11, 2012 6:12 PM, "hugo hugoo" wrote: > Dear all, > > Is it possible to logs queries to a specific domain? > I have a domain configured in my system but I do not kn

RE:

If you do not delegate the subdomains with NS records you are not fully delegating the subdomain. It will work fine in the short term, but are setting up a landmine for someone to step on later. If decide to move that subdomain to other dns servers later it will disappear without the NS records. T

Re: external view recursion issue

If you are authoritative for a cname that points to an A elsewhere, your server will resolve the cname and leave it to the client dns server to go get the A from the server that hosts it. On Mar 16, 2012 10:14 AM, "Samantha Steers" wrote: > Hi, > > I am getting prepped to migrate dns from one ser

Re: TC Flag

The TC flag is set when the response is larger than your max udp packet size. 512 bytes with no edns0 and up to 4096 bytes with edns0 fully functioning. On Apr 10, 2012 9:55 AM, "rams" wrote: > When I get TC flag for UDP query? > > ___ > Please visit ht

Re: Configuring CNAME for nosslsearch.google.com

What you are asking for can't be done. If you load the google.com zone everything you don't load in the zone will be black holed and not resolve. If you try to load WWW.Google.com you will not be able to make WWW a cname due to the no cname and other data rule. On Apr 15, 2012 5:39 PM, "Tobias Kra

RE: Configuring CNAME for nosslsearch.google.com

+mhuff=ox@lists.isc.org [mailto:bind-users- > > bounces+mhuff=ox@lists.isc.org] On Behalf Of Lyle Giese > > Sent: Monday, April 16, 2012 8:50 AM > > To: bind-users@lists.isc.org > > Subject: Re: Configuring CNAME for nosslsearch.google.com > > > > On 4/1

Re: new here

You set a listen-on that does not include 127.0.0.1. On Apr 22, 2012 11:08 PM, "David Milholen" wrote: > I am a Wisp admin and I have just configured a couple of new Bind9 > servers. > They will resolve using dig google.com @9x.1xx.104.14 > I am having some trouble getting them to answer themsel

Re: How to influence forwarder selection BIND 9.7.3

A certain percentage of queries will always go to all of the forwarders listed. If you have servers A B and C and A is the fastest SRTT, whenever A answers the SRTT for B and C will be decremented by a small percentage. Eventually they will be lower than A and get used. The likely result is that t

Re: new here

than you are loading it as. You load 104.16.98.in-addr.arpa. they are transferring 104-22.16.98.in-addr.arpa. -Ben Croswell On May 2, 2012 1:18 PM, "David" wrote: > ** > Hello All, > I am new here but have been watching the list for a while. > I run a small WISP and we ha

Re: Why does a non-delegated sub-domain work?

gation the subdomain will disappear. -Ben Croswell On May 7, 2012 1:08 PM, "M. Meadows" wrote: > > So ... if we have > > exacttarget.com delegated to ns1 and ns2.exacttarget.com nameservers > > and ... we manage the s6.exacttarget.com zone file from ns1 and > ns2.exactt

Re: How does a child find its parent?

The child doesn't know it's parent and goes up to the root like any other server would. -Ben Croswell On May 8, 2012 2:13 PM, "Mike Bernhardt" wrote: > Reading the section on delegation in the O'Reilly book, I'm confused about > something: The parent is con

RE: How does a child find its parent?

Another option would be zone level forwarding on the child to point at the parent or stub zones. -Ben Croswell On May 8, 2012 3:59 PM, "Mike Bernhardt" wrote: > In this case, the root only knows the external public server, not the > internal parent who is doing the delegating.

Re: global forwarders - current BIND9 behaviour documentation

x27;s the method for retrying a forwarder after it was set high due to a timeout etc. -Ben Croswell On Jul 25, 2012 2:36 PM, "ip admin" wrote: > Hi, > > anybody there who can provide a definitive answer on the current BIND 9.7 > (or higher) global forwarder behaviour? > &

Re: forwarder is ignored when authoritative zone is added

on. I assume the logic is, why would I forward a subdomain I know doesn't exist. -Ben Croswell On Oct 26, 2012 2:17 AM, "Frank Even" wrote: > I've recently had an issue that I'm having some issues finding > information on solving. > > I have internal DNS resolver

Re: forwarder is ignored when authoritative zone is added

The thing that brings me back to a delegation issue is the statement of slaving an external version of the second level domain the internal DNS server. I know if I was splitting a domain I would not put internal only delegations external. -Ben Croswell On Oct 26, 2012 7:23 AM, "Sten Ca

RE: Performance tuning

I did digs to both names from my work DNS infrastructure. The response was 58ms to resolve the WWW entry and 44ms for the non WWW entry. Would not appear to be a resolution related slow down. -Ben Croswell On Nov 26, 2012 1:25 PM, "Lightner, Jeff" wrote: > For question 1: >

Re: Bind not forwarding all requests

It is probably related to forward first versus forward only. Forward first is default but will fall back to no forwarding if the forwarders fail. On Dec 7, 2012 12:06 PM, "Romgo" wrote: > Hello, > > I am currently running two bind9 server on Debian Squeeze. > 1:9.7.3.dfsg-1~squeeze8 > > Server 1

Re: Name resolution fails if not forwarding

My first thought would be lack of firewall rules and connectivity to the Internet. On Jan 8, 2013 9:35 AM, "Daniele" wrote: > If I use BIND9 forwarding all the queries not belonging to my local zones, > it works. > > But if I don't forward those queries, `dig` sometimes (and this is weird) > fail

Re: MNAME not a listed NS record

There is no issue with a configuration like this. It is the very definition of a stealth master and is a very common configuration. Any DDNS updates will continue to reach the stealth master via the mname and no resolvers will find the master via NS records so it won't be queried. On Jan 16, 2013 3

Re: Define an internal zone with only a couple of A records, then forward to an external dns server

If you load the zone your server will believe it knows everything about the zone and not forward anything below it. If you load foo.com with two records, nothing but those two records will ever resolve on that server for foo.com. One way to make it work would be to load two zones. Vpn1.foo.com an

Re: What causes 'zone transfer setup failed' ?

A common issue is the secondary not being allowed to query the master for the SOA of the zone. Ensure the master has an allow-query that includes the secondary. On Jan 25, 2013 6:06 AM, "Jan-Piet Mens" wrote: > Hello, > > I'm seeing quite a number of messages like > > xfer-out: debug 3: c

Re: Most specific match on PTR records

You need to ensure if the resolver that is doing the forwarding also loads the blank 10/8 that you have the smaller /24 delegated in the 10/8. The reason being if it loads the /8 with no /24 delegation it will ignore the forward because it believes the /24 doesn't exist. On Feb 21, 2013 1:21 PM, "N

Re: Forward First on Master Zone (bypass SOA)

A server will not forward a zone it is also authoritative for. On Mar 28, 2013 3:33 PM, "Ben-Eliezer, Tal (ITS)" < tal.ben-elie...@its.ny.gov> wrote: > Hello, > > ** ** > > My organization is evaluating the use of split-view DNS in our environment. > >

Re: Confused about a basic concept

Bryan > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users &g

Re: Delegation and Forwarding

The basic answer is that you use null forwarders for any domains that you want to turn off the global forwarders. If you have a global forwarder and then you have bob.com with a null forwarder, bob.com and the domains below is will follow delegation. On Dec 11, 2013 7:10 AM, "Bob McDonald" wrote:

Re: I may be confused regarding sub delegated zone

A freshly started server with no cache will be directed to nd1 first which will give a referral to ns2 for the subdomain. After that it will go to ns2 directly until the ns records time out in cache. On Jan 23, 2014 12:30 PM, "Blason R" wrote: > Hello friends, > > I may sound like novice but have

Re: how to modify the cache

You can't modify cache. If that was allowed you could cache poison any domain you wanted. On Feb 14, 2014 8:52 AM, "houguanghua" wrote: > Hi all, > Bind provides rndc tools to operate the cache. But how to change a record > in the cache. For example: > to modify origin record " *www.abc.com*

Re: how to modify the cache

What you say is true, but the OP wasn't clear in who owned the record he wanted to override. I assumed it was someone else's or you would just change authoritative source that you own. On Feb 14, 2014 10:20 AM, "Barry Margolin" wrote: > In article , > Ben Croswe

Re: Bind vs flood

I guess I am missing why anyone on the internet should be able to open queries against your caching resolver. Why would in bound queries be allowed to servers that are for your people to get out? On Feb 27, 2014 10:13 AM, "Ivo" wrote: > Hi Dmitry, > > We observed that similar requests are landi

Re: Bind vs flood

Ah I see you are in provider situation. Shows my assumption you were in an enclosed enterprise environment. On Feb 27, 2014 10:57 AM, "Ivo" wrote: > Ben, > > No, our server is not an open resolver, we have a large user community > and the problem is that users install t

Re: which Name sever is selected?

RTT banding was removed in early versions of 9.8 due to the performance hit being larger than any security benefit. So it would depend what version of bind is being used in this case. https://www.isc.org/blogs/rtt-banding-removal-from-bind-9/ It is important to note that all ns records will take s

Re: which Name sever is selected?

back to being slower. On Mar 3, 2014 8:24 AM, "houguanghua" wrote: > Hi Ben, > > What's the meaning of bind "decaying"? Where can I find the detailed > description? Thanks! > > Guanghua > > > ---- > Date

Re: Bind 9.9.1 forward zone "local"

I would imagine your issue is a lack of an NS delegation in the root zone you are slaving. If you load a parent and then try to forward a child of that parent you must have a delegation in the parent. The delegation doesn't have to match the forwarders but it must exist. On Mar 25, 2014 1:57 PM, "

Re: Slave zero-TTL on CNAMES

Cisco routers do have the ability to "doctor" DNS packets when doing NAT. When it doctors it sets the TTL to 0 but I dont know why it would only do it on CNAME records. On Jun 5, 2014 12:43 PM, "Reindl Harald" wrote: > > > Am 05.06.2014 17:58, schrieb /dev/rob0: > > On Thu, Jun 05, 2014 at 05:21:

Re: Diagnostic help

The default for allow query is local host local nets. Basically the server itself and directly connected networks On Sep 29, 2014 8:03 PM, "Bill Christensen" wrote: > Hi folks, > > Something got sideways on one of my DNS servers, and I would appreciate > some help in figuring out what's going o

Re: About CVE-2015-5477 ("An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure")

Is it safe to say the only vulnerable hosts would be those accepting queries from the outside world, or would this also pertain servers getting responses from the outside world with no inbound queries? On Jul 28, 2015 5:42 PM, "Michael McNally" wrote: > As the security incident manager for this

Re: About CVE-2015-5477 ("An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure")

> On Tue, Jul 28, 2015 at 07:06:16PM -0400, Ben Croswell wrote: > > Is it safe to say the only vulnerable hosts would be those > > accepting queries from the outside world, or would this also > > pertain servers getting responses from the outside world with > > no inboun

Re: CVE-2015-7547: getaddrinfo() stack-based buffer overflow

Cyber folks asked if there was any way for the DNS servers to "protect" the vulnerable clients. The only thing i could see from the explanation was disabling or limiting edns0 sizes. That is obviously not a long term option. On Feb 17, 2016 11:39 AM, "Alan Clegg" wrote: > On 2/17/16, 11:34 AM,

Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

for all five records to 300 (or more specifically, the TTL of the first one of the RRs in the file). I looked for a BIND directive in the manual to change this behavior but could find no obvious candidate. Thanks, Ben Bridges Springfield, MO ___ P

RE: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

longer TTL for most records (including other TXT records) in order to reduce the query load on our servers. It would be nice to be able to set a short TTL for the Office 365 record but a longer TTL for other TXT records for the same domain name. Thanks, Ben From: bind-users-boun...@lis

RE: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

I tend to agree with you about the overloading of TXT records. Thanks, Ben -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Ray Bellis Sent: Thursday, March 24, 2016 11:22 AM To: bind-users@lists.isc.org Subject: Re

statistics-channels not serving rdtype records

BIND ii libbind9-90 1:9.9.5.dfsg-3ubuntu0.8 amd64 BIND9 Shared Library used by BIND Any idea's what I'm missing here? Thanks! Ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to uns

Re: statistics-channels not serving rdtype records

Uh, user error. Turns out they aren't created until the server actually received requests. I started testing the server for completeness, and the records started showing up! In any case: statistics-channels { inet * port 8053 allow { any; }; }; Thanks! Ben On Thu, Apr 7, 2016 at 4:

Re: bind DoH ANd DoT Implementation

They go over this in the YT video https://www.youtube.com/watch?v=eRbAigV2byE It might not give you a total insight on how to configure it step-by-step but enough On 08/06/2020 06:13, ShubhamGoyal wrote:  Dear all,    I want to ask about bind DoH Impl

Re: BIND Masters and slaves

The terminology is fairly misleading, as in the slave is not doing the work on-behalf of or instruction of the the master. But there is ways for the master to influence the slaves; such as "allow-transfer". I don't see the big issue with making a terminology change in this case. On 15/06/2020

Re: [Non-DoD Source] Re: BIND Masters and slaves

Some servers already do Regards Ben Lavender On Mon, 15 Jun 2020, 19:02 DeCaro, James John (Jim) CIV DISA FE (USA) via bind-users, wrote: > Or you can call the slave servers 'secondary' servers. > > > V/R > Jim DeCaro > DISA > Systems Administrator > Windows

Re:

In this case a zone level forwarder takes priority over the global forwarder. Abc.com would go to 1.1.1.1 On Sat, Jun 27, 2020, 11:44 PM baalchina wrote: > Hi all, > > I had a bind 9.16.4 as recursive name server. I want to forward all > queries to a specific dns server out of my net such as 8.8

Re: CNAME / TXT

If you uncomment that mg CNAME you end up with a CNAME mx and TXT at the same node in to the DNS tree and that is illegal. That is why you get the error "cname and other data". The mx and txt are the other data. On Sat, Aug 22, 2020, 8:19 PM Jukka Pakkanen wrote: > Cannot figure out what is wron

Do not cache certain domains

Hi, Without having to alter the TTL of the existing RRs as well as the default TTL. I know this can be done using cache-max-ttl to limit the whole cache, but can this be done for say one single or multiple defined domains only? Thanks ___ Please v

Re: Do not cache certain domains

Anyone think they may know the answer to this? Thanks Ben On 07/09/2020 23:00, Ben Lavender wrote: Hi, Without having to alter the TTL of the existing RRs as well as the default TTL. I know this can be done using cache-max-ttl to limit the whole cache, but can this be done for say one

Re: Do not cache certain domains

Thanks, yes the second is actually the aim. We don't have secondaries since we use ADDS and BIND simply acts as a recursive service for the other internal domains. On 10/09/2020 16:01, Carl Byington wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2020-09-10 at 15:35 +0100

BIND OS tuning

Does BIND take advantage of net.core.rmem_max on Linux boxes? If I set the rmem_max to 12.5mb but leave the rmem_default as the OS default will I see a benefit on a high QPS DNS server? Or does BIND look to the rmem_default and ignore the rmem_max? -- -Ben Croswell

Re: Forwarding zone, setup

Are you loading the parent domain and trying to zone forward a child domain on the same DNS server? I.e. loading somedomain.local and trying to forward ab.somedomain.local If so an NS delegation is required in every instance I have done in my environment. The NS doesn't need to be "right" but it n

Re: Determining Which Authoritative Sever to Use

subscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listin

Re: Determining Which Authoritative Sever to Use

I would concur that internally Anycast is best for client facing edge nodes to reduce client configuration complexity as well as reducing impact of a first resolver outage. On Sun, May 8, 2022, 7:59 AM Tony Finch wrote: > Bob McDonald wrote: > > > > My question is this; how do the recursive ser

Re: Determining Which Authoritative Sever to Use (Bob McDonald)

b McDonald wrote: > Thanks for the answers. A couple more questions and then I'll stand down. > > First, it's Ben Croswell. Just pointing that out. > > Second, my reading of the definition of a static-stub zone in the Bvarm > indicates that its use is to allow a local

Re: Determining Which Authoritative Sever to Use

I will say edge DNS servers reduce client config complexity, even if you have DHCP, and increase resiliency of the initial resolver. Where it's true with DHCP you can change the DHCP server options it doesn't help if someone just got a 4 day lease and then the DNS server dies. Additionally the ab

Re: AXFR from Windows 2008R2 failing after upgrading to 9.18

Any logs? Regards Ben Lavender On Mon, 23 May 2022, 21:52 Lefteris Tsintjelis via bind-users, < bind-users@lists.isc.org> wrote: > I must be missing something. Any ideas why does it fail? Everything > seems normal. Works well with Windows 2016. Downgrading to 9.16 works > agai

Bind 9.16.1 crash

uch appreciated. If this is not the proper forum for this posting, please point me in the right direction. Thanks, Ben Bridges [City Utilities] [SpringNet]<http://www.springnet.net> Sales 417.575.7000 | Support 417.874.8000 | springnet.net<http://www.springnet.net> -- Visit

RE: Bind 9.16.1 crash

Ubuntu 20.04.5 is LTS and BIND 9.16 is the current stable ESV release, so they’re both still fully supported (and fully patched). Thanks, Ben Bridges From: bind-users On Behalf Of John Thurston Sent: Wednesday, December 7, 2022 2:32 PM To: bind-users@lists.isc.org Subject: Re: Bind 9.16.1

RE: Bind 9.16.1 crash

From: Emmanuel Fusté Sent: Wednesday, December 7, 2022 4:22 PM To: Ben Bridges ; bind-users@lists.isc.org Subject: Re: Bind 9.16.1 crash Current ESV : 9.16.35 No, your release is not patched. Add the ISC PPA repo and install the latest ESV. ISC PPA packaged are packaged by the same maintainers

RE: Bind 9.16.1 crash

It looks like that issue was occurring in a different part of the netmgr code and was fixed 8 months ago. Thanks, Ben Bridges From: bind-users On Behalf Of Andrew Latham Sent: Wednesday, December 7, 2022 2:35 PM Cc: bind-users@lists.isc.org Subject: Re: Bind 9.16.1 crash I see https

RE: Bind 9.16.1 crash

When you say “ISC packages”, are you referring to the packages in the ppa:isc/bind repository on launchpad? Ben Bridges From: Ondřej Surý Sent: Thursday, December 8, 2022 12:26 AM To: Ben Bridges Cc: Emmanuel Fusté ; bind-users@lists.isc.org Subject: Re: Bind 9.16.1 crash In fact, it’s as

Re: Question about Records not authoritative for

This is exactly what we have done in the past to mitigate malware. Just load somebaddomain.com with no A records or with a wildcard pointing to 127.0.0.1. -- -Ben Croswell On Thu, Dec 11, 2008 at 11:29 AM, Baird, Josh wrote: > You could just create an authoritative zone for the domain

Re: recursion for reverse/in-addr.arpa zones

Are there NS records and/or zone forwarding for the 10.131.10.0? If there is the servers will look to the most specfic domain. -- -Ben Croswell On Thu, Dec 11, 2008 at 4:38 PM, Todd Snyder wrote: > Good day, > > We are working on an odd issue. I can provide more detail as necessa

Issue with case changing from master on BIND 9 to slave on BIND 8

directory shows .COM. I was wondering if anyone had experienced an issue like this. And I understand both of those version are ancient and need to be removed from the environment. -- -Ben Croswell ___ bind-users mailing list bind-users@lists.isc.org

RE: is this a valid zone file?

I've always assumed that the ";..." line in the example zone file right after the SOA record and the (...) in the SOA record itself meant that such information about the parent zone 2.0.192.in-addr.arpa had been intentionally left out for the sake of brevity and clarity. Ben Br

RE: is this a valid zone file?

Since you are digging @127.0.0.1, I can't tell for sure on which server you are performing the dig. But based on the responses, I'd say you were performing the dig on d62.test.net. d62 is authoritative for 168.192.in-addr.arpa but not for 0/16.168.192.in-addr.arpa. (The NS record for 0/16.168

Re: DNS spoofing

He states in his messasge that he only wants to change one host in the domain and that all other information for the domain needs to remain intact. If he loads or forwards the domain on his servers nothing other than what he loads will be resolved. -- -Ben Croswell On Fri, Jan 16, 2009 at 1:24

Re: bind cname for corporate web

records. You will need to make example.com an A record or use www.example.com IN CNAME someother.site.com. -- -Ben Croswell On Sun, Jan 18, 2009 at 12:37 PM, Dhaval Thakar < dhaval.tha...@networthdirect.com> wrote: > > > Hi, > > I am using bind 9.6.0. > > I want to co

RE: reverse lookup to CNAME

ial meaning or further processing is associated with it (hence implying that it is ok if that domain-name is defined as a CNAME somewhere else in the domain space). Is that not the case? Is there some other part of the DNS specification that forbids it? Ben Bridges > -- > Matus UHLAR - fantom

RE: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

When Section 5.1 of RFC 5321 says "If a CNAME record is found, the resulting name is processed as if it were the initial name", it is referring to the situation where a query is sent for the MX record for xyz.com, and instead of an MX record being returned for xyz.com, a CNAME record is returned fo

RE: wildcarding everything

What specifically are you intending to wildcard? "com."? "net."? "."? If so, then you would be implicitly making your name servers authoritative for domains for which your servers are not supposed to be authoritative. Ben Bridges > -Original Mes

  1   2   3   >