fact
doing some sort of wildcarding. Maybe they have some sort of special
arrangement with the domain registrars???
> -Original Message-
> From: Scott Haneda [mailto:talkli...@newgeo.com]
> Sent: Thursday, January 29, 2009 12:06 AM
> To: Mark Andrews
> Cc: Ben Bridge
f so, then iceman is misconfigured. Iceman
should be authoritative for jatec.us. The PTR record for 205.171.3.65
says it is resolver1.qwest.net. What is the output of "dig @127.0.0.1
jatec.us"?
Ben Bridges
> -Original Message-
> From: bind-users-boun...@lists.isc.org
The authoritative name servers for nullmx.domainmanager.com are
ns1.domainmanager.com and ns2.domainmanager.com. They are domain
parking name servers. They return 64.40.103.249 (or at least something
close to that) to the query for any A record. The real address of
mta.dewile.net is 69.59.189.80
I have never heard of there being any downside to a large number of NS
records for a domain.
I know internally to my company we have large numbers of NS records for the
internal domains.
--
-Ben Croswell
On Sun, Feb 1, 2009 at 7:51 PM, shulkae wrote:
> How may NS entries typically is allo
It also appears that your name server (iceman) is configured to accept
IPv4 queries only from itself.
>#listen-on port 53 { 127.0.0.1; };
> -Original Message-
> From: bind-users-boun...@lists.isc.org
> [mailto:bind-users-boun...@lists.isc.org] On Behalf Of
> Matthew Pounsett
>
s.isc.org] On Behalf Of Ben Bridges
> Sent: Monday, February 02, 2009 1:29 PM
> To: S. Jeff Cold
> Cc: bind-users@lists.isc.org
> Subject: RE: BIND still will not resolve
>
> It also appears that your name server (iceman) is configured to accept
> IPv4 queries only from itself.
&g
That was my understanding. It would only overflow if you actually had
enough NS records that the NS records themselves couldn't fit in the answer
section.
--
-Ben Croswell
On Tue, Feb 3, 2009 at 1:00 AM, Barry Margolin wrote:
> In article , bsfin...@anl.gov wrote:
>
> > One
it because it is
illegal.
If you put a CNAME at the domain level you are causing the CNAME to collide
with an SOA records, and 1 or more NS records at the very minimum.
--
-Ben Croswell
On Thu, Feb 5, 2009 at 12:36 PM, RJValenta wrote:
> forever ago, i set myself up with a solid bandwidth a
i.e. someotherhost.time.windows.com won't work
2) Everything under windowsupdate.com will not be resolvable other than
download.windowsupdate.com i.e. someotherhost.windowsupdate.com
As long as you are aware of and ok with those caveats you should be fine.
--
-Ben Croswell
On Sun, Feb 8, 2009 at 6:03 PM, wr
omain to ns1/ns2 as far as the Internet is concerned then
have your zone forwarder in place. I don't know for sure how ns1/ns2 would
react to having a zone forwarder statement and then recieving an iterative
query for it.
--
-Ben Croswell, RHCE GSEC
On Fri, Feb 13, 2009 at 1:31 PM, Wim Liv
> sun
>NB: it also forwards to "isp" dns server.
If your sun server is configured to use your isp dns server as a forwarder,
then I think it will forward requests for example.test to the isp server even
though it delegated example.test to plesk. That would seem to be supported by
the fact
Since you're not getting any response from your server (I'm assumimg
dns.tp.edu.tw is your server), you might want to check and make sure there are
no firewalls or ACL's blocking dns requests to your name servers.
From: bind-users-boun...@lists.isc.or
Something like the following might work.
BIND:
...
channel my_syslog {
syslog local6;
severity info;
};
...
syslog.conf:
...
local6.* @remote-syslog-server // Forward all messages
with local6 facility t
he distro's packaged bind.
> There are a few Bind messages in /var/log/messages but no errors
> (other than no-start error when I have a bad config).
I'm running CentOS 5.5 too and the default Bind package is
9.3.6-4.P1.el5_4.2.
Dotan, if you run "yum list bind" you can confirm
On 7/10/10 1:47 AM, Kevin Oberman wrote:
>
> I keep hoping for a BIND distro that upgrades nslookup(1) to:
> print STDERR, "nslookup(1) has been replaced by host(1)\n"; exit 0;
Wasn't nslookup already deprecated about ten years or so ago?
Regards,
Ben
signature.
x27;m aware it only hung around because it was available on
Windows NT/2K/etc., while host and dig were not.
Regards,
Ben
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ge them.
Nothing quite like coding/sysadmin laziness is there. Still, I probably
can't talk on that front.
Regards,
Ben
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
ed this on.
Mind you, when the date rolls around we'll have bigger problems when
running systems that are affected by that.
Regards,
Ben
--
Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes
Systems Administrator, Writer, ICT Consultant
Encrypted email preferred - primary Op
not be able to upgrade without
forfeiting their support and/or certification. That version will
include back-ported security fixes.
Regards,
Ben
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.or
On 22/11/10 5:05 PM, Doug Barton wrote:
> On 11/21/2010 21:58, Ben McGinnes wrote:
>> On 22/11/10 7:12 AM, Doug Barton wrote:
>>> On Thu, 18 Nov 2010, CT wrote:
>>>
>>>> - BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
>>>
>>> Really old, definite
What technical problem are you trying to solve with rsync? It seems like you
are making the process more complex, instead of just letting BIND do it's
job.
On Dec 31, 2010 9:02 AM, wrote:
> Torinthiel writes:
>
>
>>
>> If you know which zone has changed, than you can do "rndc reload
zonename".
>>
That is no longer the case. It doesn't respond authoritative on the first
query.
-Ben Croswell
On Jan 30, 2011 10:01 AM, "Kevin Oberman" wrote:
> On Sat, 2011-01-29 at 14:49 +0800, p...@mail.nsbeta.info wrote:
>> The book "Pro DNS and BIND" says:
>>
&
In that case technically you are creating undelegated subdomains for each
router.
The dot is a delimiter and can't be part of a hostname.
-Ben Croswell
On Jan 31, 2011 11:19 AM, "Vyto Grigaliunas" wrote:
___
bind-users mailing
The rfc you quote clearly states when used as a delimiter of a domain as I
stated.
-Ben Croswell
On Jan 31, 2011 8:58 PM, wrote:
> Ben Croswell writes:
>
>> In that case technically you are creating undelegated subdomains for each
>> router.
>> The dot is a delimite
zone "." {
type hint;
file "/dev/null";
};
zone "bind" {
type master;
file "/etc/bind/zones/system/db.bind";
};
allow-query {
"localhost";
};
allow-transfer {
"none";
};
};
regards
-ben thielsen
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
The dots delineate domains even if you don't view it as a new domain.
-Ben Croswell
On Mar 9, 2011 1:13 PM, "Matt Rae" wrote:
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
onth, one more year and
it's gone (not counting paying exorbitant sums for additional
support):
https://rhn.redhat.com/errata/RHSA-2011-0219.html
Regards,
Ben
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind
First and foremost you shouldn't be running any version of BIND 8. That is
way out of date and open to a lot of exploits.
That being said if by some
-Ben Croswell
On Mar 29, 2011 4:55 AM, "Kay" wrote:
> Dear my friends.
>
> I use bind 8.4.7-REL on RHEL 4.4 OS and h
ng.
The f5 is load balancing so you would see a more even load across the 12
servers.
-Ben Croswell
On Mar 29, 2011 4:55 AM, "Kay" wrote:
> Dear my friends.
>
> I use bind 8.4.7-REL on RHEL 4.4 OS and have thousands of domains.
>
> In my case ;
> some domain has 12 IPs
IN PTR
;; ANSWER SECTION:
1.151.33.50.in-addr.arpa. 86400 IN PTR
static-50-33-151-1.mskg.mi.frontiernet.net.
;; Query time: 553 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Mar 29 23:41:54 2011
;; MSG SIZE rcvd: 98
whic
In the bind 8 days people would put the same address multiple times and then
other addresses as well to "weight" the responses.
-Ben Croswell
On Apr 17, 2011 2:45 PM, "Eivind Olsen" wrote:
>> Hi,
>> we have internal domain called sva.com and address record f
resolve the end
point of the cname chain.
If you specifically ask for cname first, it caches the cname and then
further queries don't go to the second box and your first box just resolves
the end of the chain.
-Ben Croswell
On Apr 20, 2011 7:23 AM, "Adam Goodall" wrote:
> On 20 Apri
Nagios is a very move tool for synthetic transaction monitoring. You put in
whatever hosts and host names to resolve and it does it.
-Ben Croswell
On Jul 13, 2011 11:01 AM, "Karl Auer" wrote:
> We have some nameservers :-) that are used by quite a few thousands of
> people. Ev
That doesn't work with recent versions. BIND discards the duplicates.
-Ben Croswell
On Jul 16, 2011 4:28 PM, wrote:
> Hi,
>
> I’ve got a problem getting weighted round robin dns to work. What I need
is
> ip adress 1 getting twice the hits of ip address 2, however making
multipl
m missing it..) .. (4) a link or referral to any kind of relevant
information would be useful -- documentation, mailing lists, anything
-- I did a _lot_ of googling and even peeked around on IRC asking
around, but either I'm not asking the question correctly, or it's not
a very common th
Actually he said the DNS protocol allows for it and ISC had been considering
adding it.
-Ben Croswell
On Sep 27, 2011 11:38 AM, "Issam Harrathi" wrote:
> As i test it's not cached at all, and you say here it's cached for 30
> seconds?!
> i'm using 9.7.2-P3.
Either is fine. Using the cname would require a single update if your ip
changes, but prevents other records at the same level. So you couldn't
attach mx for instance at example.com and www.example.com if you wanted to.
Neither is wrong and both have pros and cons
-Ben Croswell
On Sep 28,
That makes no sense.
If he didn't have a dns entry for both sites, how does the user get to site
without the dns entry to be rewritten by Apache?
-Ben Croswell
On Sep 28, 2011 10:52 AM, "风河" wrote:
> this is the stuff what should be done by webserver rather than by DNS.
i,e
Actually a . is not part of a host name. It separates all the parts of
FQDN. If you put one in a host name you have an undelegated subdomain as I
stated before.
-Ben Croswell
On Oct 31, 2011 6:59 AM, "Kristen Eisenberg"
wrote:
> Ben Croswell writes:
>
> > In that ca
delay in exhausting the forwarders
before attempting the roots.
-Ben Croswell
On Nov 1, 2011 9:23 AM, "Will Lists" wrote:
> We recently tried a test to see how our internal servers would react to a
> loss of their external peers, with the goal being that the internal servers
>
ied
before going to NS or there is no way of knowing when the forwarders are
back.
In your case if you have a limited number of servers a quick removal of the
forwarders may be the quickest way to restore service.
-Ben Croswell
On Nov 1, 2011 10:03 AM, "Will Lists" wrote:
> Be
e the view, named doesn't complain. why is named trying to do dnssec
stuff for objects in the chaos class? that was the surprising bit. a few
details below.
thanks
-ben
>named -V
BIND 9.8.1 built with '--prefix=/usr' '--mandir=/usr/share/man'
'--infodir=/u
I would imagine the IP you trying to transfer on is not in the allow-query
acl of the master. You have to be to do soa queries to the master.
-Ben Croswell
On Dec 5, 2011 7:34 AM, "Gaurav Kansal" wrote:
> Dear All,
>
> ** **
>
> I have a master DNS on IPv4 AND sla
I don't see the desired outcome of making them both master and the trying
to have one transfer from the other.
Have one be master and one be slave from the master. No reason to alter
code and query responses will be the same to your clients.
-Ben Croswell
On Dec 8, 2011 8:57 PM, "蔡
Did the BIND version change with the OS upgrade?
-Ben Croswell
On Dec 24, 2011 6:38 PM, "Michelle Konzack"
wrote:
> Hello *,
>
> my Inttranet NameServer (my DNS-Master) was running Debian Lenny/5.0 and
> is now upgraded to Debian Squeeze/6.0 and et I get per day v
Not sure how this is a BIND related issue.
-Ben Croswell
On Dec 26, 2011 11:55 AM, "feralert" wrote:
> Dear all,
>
> Squid is not loading an advert in a web page frame which loads fine
> when using a direct connection to the internet.
> The versions used are 2.7.STABL
You can't cnane mydomain.com to anything because it has, at the minimum, ns
and soa records.
-Ben Croswell
On Jan 8, 2012 1:11 PM, "Jukka Pakkanen" wrote:
>
> www in cname mydomain.myshopify.com.
> mydomain.com. in cname mydomain.myshopify.com.
>
> Is
You can freeze thaw or use nsupdate to dynamically add the static entries.
rndc freeze
Edit zone
rndc thaw
You will lose any ddns updates during the freeze.
-Ben Croswell
On Jan 11, 2012 3:52 PM, "Dan Letkeman" wrote:
> Ah, I did not know that. So then my scenario must be so
e, as it says, but then not
using the data? also, why are these messages only printed upon rndc
reload/reconfig, and not when named first starts? this is bind 9.8.1, courtesy
of debian's package repository.
regards
-ben
___
Please vis
The first query for 130.168.193.66.in-addr.arpa/PTR/IN (with recursion
disabled) failed because your server is not authoritative for that
record and, since you have recursion disabled, it will not query the
authoritative server for it.
The second query for 130.168.193.66.in-addr.arpa/PTR/IN succee
> If I dump the delegation and make an MX record in the master, mail will be
> OK, but then no one can query records in that zone because it's not
> actually delegated unless they point at MS-DNS.
Is there a reason why you can't point all of your internal hosts (AD and
non-AD) at your AD's for re
What is not working? Are you not getting the CNAME record for email.test.com?
Are you not getting the A record for email.tzqian.com? Are both zones on the
same dns server, or is each zone on a separate server? Which server are you
querying, and from what device are you issuing the query?
You can use one $GENERATE statement in each zone to generate all 256
CNAME records for that zone.
Ben
> -Original Message-
> From: bind-users-boun...@lists.isc.org
> [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Jeff Lasman
> Sent: Friday, March 13, 2009 3:31 P
heir non-AD internal hosts would qualify as a
"quick" fix (which is what he asked for).
Ben
> -Original Message-
> From: bind-users-boun...@lists.isc.org
> [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Kevin Darcy
> Sent: Thursday, March 12, 2009 10:45 PM
> T
I agree, it's arbitrary. If you are wanting to format the name of your zone
similarly to the RFC, I believe the format would be
96/27.51.212.195.in-addr.arpa (for the subnet 195.212.51.96/27).
From: bind-users-boun...@lists.isc.org on behalf of Alan Clegg
Sen
It sounds like you are looking for some configuration shorthand for BIND that
will allow you to configure it to be authoritative for the 16 /24's comprising
the /20 without having to explicitly configure 16 zones on BIND. I think
you're out of luck - BIND needs to have a zone statement for each
You have recursion disabled on your abc.com server, and I believe that
is preventing your query from succeeding. My understanding is that the
contents of the root hints file are not stored in the server's cache
(which means, I think, that they are not themselves returned in response
to queries for
for which it
is not authoritative is a bit of a self-contradiction.
Ben
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of T
MANIKANDAN-PKXR74
Sent: Tuesday, March 24, 2009 12:52 AM
To: bind-users@lists.isc
uot; and internal versions of other zones like
"abc.com"). You'd want "allow-query" and "allow-recursion" statements
in your global options restricting queries and recursion to your
internal clients. (I suppose you could use "recursion=yes" instead of
"
My one caution on this would be you may run into false negatives with TCP if
people have misconfigured firewalls.
It's surprising the number of people out there that believe TCP is only for
xfers.
--
-Ben Croswell
On Tue, Apr 7, 2009 at 3:17 PM, Mark Elkins wrote:
> I'm involved
Also if EDNS0 is in effect theoretically the max size would be 4096 bytes
before a truncate happened.
--
-Ben Croswell
On Mon, May 4, 2009 at 8:55 PM, Martin McCormick
wrote:
> Matt Baxter writes:
> > When a response can not fit in a single UDP packet the server will mark
> > th
You have to make sure that you actually have NS delegations in xxx.com for
child.xxx.com. That has bitten me on occasion.
If you load the parent and the parent has no NS delegation for a child, it
assumes the child doesn't really exist and ignores the zone forward.
--
-Ben Croswell
200
27.10.in-addr.arpa. Try changing your
$GENERATE directives to
$GENERATE 0-127 $.10.in-addr.arpa. NS dhcp-01.adm.bart.gov.
$GENERATE 0-127 $.10.in-addr.arpa. NS mrep-02.adm.bart.gov.
and see if that works.
Ben Bridges
> -Original Message-
> From: bind
I wasn't thinking straight. Ignore that. My apologies.
> -Original Message-
> From: bind-users-boun...@lists.isc.org
> [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Ben Bridges
> Sent: Thursday, May 07, 2009 2:42 PM
> To: Mike Bernhardt
> Cc: b
If you want to force forwarding you will probably want to add the forward
only; directive.
By default your server will try to follow NS delegations and then forward if
it can't follow them
Forward only; tells it to not even bother trying to follow NS delegations.
--
-Ben Croswell
On Fri
With the "file" statement in the zone declaration for that zone.
Zone "0/27.146.68.12.in-addr.arpa" {
...
file "blah-blah";
# orfile "0.27.146.68.12.in-addr.arpa"; as I believe Mark Andrews suggested
...
};
(See also Jeff Lightner's example earlier in this thread.)
Try
82.80-28.115.25.70.in-addr.arpa.IN PTR
mail.bgrinformatique.com.
instead of
82.115.25.70.in-addr.arpa. IN PTR mail.bgrinformatique.com.
> -Original Message-
> From: bind-users-boun...@lists.isc.org
> [mailto:bind-users-boun...@lists.isc.org] On Beha
subdomain of a domain
you load. If you want to delegate foo.bar.com to someone you put the NS
records in bar.com not foo.bar.com.
--
-Ben Croswell
On Tue, Aug 18, 2009 at 8:31 AM, Tim Huffman wrote:
> Guys,
>
>
>
> We’re a smallish (but growing) ISP, and we’ve been asked by one of our
bout the particular templates to use.
But the principle is still valid. It's the SWIP information filed with
ARIN that determines what dns servers are authoritative for the
in-addr.arpa zones for your /24's.)
Ben
From: bind-users-boun...@lists.isc.org
It appears that dns1.zmi.at is refusing queries for
48-28.164.69.212.in-addr.arpa:
# dig @dns1.zmi.at 48-28.164.69.212.in-addr.arpa NS +norecurs
; <<>> DiG 9.5.0-P1 <<>> @dns1.zmi.at 48-28.164.69.212.in-addr.arpa NS
+norecurs
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HE
own "right" answer
it should failover fairly quickly. If both answer then you will be at the
mercy of the RTT as to which answer you will get.
--
-Ben Croswell
On Thu, Sep 17, 2009 at 12:27 PM, Kevin Darcy wrote:
> RUOFF LARS wrote:
>
>>
>>
>>
>>> [
ernational Traffic in Arms Regulations (ITAR) and/or
> the Export Administration Regulations, as applicable.
>
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
-Ben Croswell
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ords requiered ?
>
> I understand that is not. Is this right ?
>
> Regards,
> --
> Sergio R.
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
-Ben Croswell
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ference ?
>
> Book, URL, distribution, tutorial…
>
>
>
> Thank you, your help is appreciated.
>
>
>
> *Martin*
>
>
>
>
>
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://list
86 Tel. FR: +33 6 61925193
>
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
-Ben Croswell
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
k?
>
> Cheers,
>
> Dave
>
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
-Ben Croswell
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
If your secondaries can't reach the primary for the period of time you have
in your SOAs for refresh the secondaries wills top answering.
--
-Ben Croswell
On Thu, May 6, 2010 at 10:37 PM, Dave Filchak wrote:
> Our master server machine had a drive failure and looks like it will be
&
I think what we see as a result of this attack is DNS provider diversity
being the new buzz phrase. The same as not relying on a single ISP link i
see more people using multiple DNS providers.
The size of these attacks will grow as IoT continues to grow. It makes
sense to have diverse providers to
The other option being having a master owned by your company and then
setting both external providers to secondary from your master. You to
maintain control over data and hqve diversity.
On Nov 1, 2016 10:42 AM, "Barry Margolin" wrote:
> In article ,
> Ben Croswell wrote:
&g
Ensure that the allow-query clause on the master includes the slave. If the
slave can't query for the SOA on the zone it can't do an xfer.
On Mar 2, 2017 6:34 AM, "Xavier Humbert"
wrote:
> The whole configuration, comments removed :
>
> -- Master --
> acl my-slaves {
This would only change behavior if the server has global forwarding.
If it is master for a foo.com and also has global forwarding it will use
the global forward for any delegated child domains under foo.com unless
they are also loaded locally. The forward{} turns off global forwarding
for that br
orward {} the global forward will be short circuited for foo.com and
below resulting in a path of A > B
On May 12, 2017 11:56 AM, "Mik J" wrote:
Thank you Ben for your answer
My server uses a global forwarding
I don't understand what you wrote
"If it is master for a foo.com a
Have you checked deeper at the OS level? I have seen on Linux DNS servers
silent drops of queries on very busy servers that were exhausting UDP
receive buffers.
On Jun 28, 2017 10:26 AM, "Marc Richter"
wrote:
Hi,
we have a setup here consisting of a recursive DNS server and two
monitoring serve
If the AD environment loads company.com you need to make sure it has NS
delegations. The nameserver will ignore the zone forwarded if it knows the
child doesn't exist.
On Oct 10, 2017 11:22 AM, "seanliam73" wrote:
> Hi
>
> I have a subdomain delegated from AD to a bind9 instance I have running
>
A)"
wrote:
But surely you’d get an NXDOMAIN in that case, not a SERVFAIL.
The assumption I made in my post was that the delegation was pointed to the
forwarding BIND instance, which is a non-starter.
- Kevin
*From:* bind-users [mailto:bind-users-boun...@lists.isc.org] *On
I would like to use the client subnet option to overcome some hurdles
related to proximity load-balancing.
I have looked through the ARM and found references to setting the option in
a dig. However I was not able locate options for sourcing that option on
the DNS server.
Is anyone using ECS curre
o control every client side to send
> > the client-subnet option.
>
> It would help if Ben provided more details about what he's trying to
> achieve.
>
> I do have a draft that I'm trying to get adopted at IETF to allow
> client-related information to be carried from
That is a valid consideration but being a slave doesn't always mean being
in the NS records.
On Dec 18, 2017 9:47 AM, "Barry S. Finkel" wrote:
> On Sun, 17 Dec 2017 22:06:58 +0530, vijay bommareddy
> wrote:
>
>> Hello folks,
>>
>> I'm trying to find more information on the practical limitations
tname and send all those
customers a "your computer/network on IP $FOO has been compromised,
you have X days to fix it or your connection will be suspended."
Just warn your support staff before you do that because they're the
ones who will rec
When we ran into UDP tuning issues on high traffic devices it presented as
silent discards rather than SERVFAIL.
On Thu, Sep 27, 2018, 12:04 PM Alex wrote:
> Hi,
>
> > On Thu, Sep 27, 2018 at 10:53:25AM -0400, Alex wrote:
> > > Many of these values I've already tweaked and have had no effect on
As long as all 4 DNS servers are running the same version, my first
suggestion would be to check firewalls for dropped packets.
Some FW/IPS drop packets with edns versions other 0 because they see it as
an attack.
On Fri, Jan 18, 2019, 12:02 PM N. Max Pierson Hi List,
>
> I am trying to ensure o
Has ISC released minimum viable BIND version for flag day?
I looked around and couldn't find anything.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
htt
toria Risk
> On Jan 18, 2019, at 9:09 AM, Ben Croswell wrote:
>
> Has ISC released minimum viable BIND version for flag day?
>
>
> Most versions of BIND authoritative servers, going back years, are EDNS
> compatible. Certainly ALL currently supported versions are compatible. I
:29 PM N. Max Pierson Thanks to the response Ben. After looking at the results, it seems we do
> have a different firewall between the 4 servers and they have IPs out of
> the same subnet for 2 of them which are failing. So this lets me know it is
> firewall related and now I can check tha
I’ll not hear
> back from them.
>
> Is there a list of known edns compliant Registrar name severs for the
> larger Registrars?
>
> Is it possible the failures seen are false? If so, are there alternate
> edns compliance checkers that might show different responses than
> dnsf
I would imagine "its a hoax" is code for we dont want to bother remediating.
On Fri, Jan 18, 2019, 3:20 PM Warren Kumari
>
> On Fri, Jan 18, 2019 at 2:58 PM Ben Croswell
> wrote:
>
>> I would say we had one provider go as far as saying this whole flag day
>>
BIND has always required UDP and TCP 53 for proper functionality. It
sometimes mistakenly believed that TCP is only for zone transfers but that
is not the case.
On Mon, Feb 4, 2019, 8:46 AM Roberto Carna Dear, I have a BIND 9.10 public server and I have delegated some public
> domains.
>
> When I
again over TCP for the full answer.
The TC bit is also used in conjunction with RRL.
On Mon, Feb 4, 2019, 8:57 AM Roberto Carna Thanks Ben for your response, can you tell me the types of TCP traffic I
> have to expect in BIND, excepting Zone Tansfer?
>
> Thans a lot again!!!
>
>
an NS record which returns either "localhost" (preferably) or the
BIND server itself.)
Thanks,
Ben Bridges
[City Utilities]
[SpringNet]<http://www.springnet.net>
Sales 417.575.7000 | Support 417.874.8000 |
springnet.net<http://www.springnet.net>
___
Hi,
I've been trying to configure a stub zone using both BIND 9.8x and 9.9x
for some split-brain internal DNS.
The problem I have is that any client that requests the NS or SOA
records for this zone gets SERVFAIL. The BIND server populates the
/var/named/slaves/benlavender.co.uk.DB file with
101 - 200 of 216 matches
Mail list logo
