Re: record PTR

The in-addr.arpa domain for your IP space will need to be delegated to your DNS servers. That generally happens at the entity that assigned the block. For instance ARIN, RIPE, or APNIC. On Thu, Mar 14, 2024, 8:06 AM wrote: > Hello, please, I want to know if I need to delegate a range of IP > add

Re: record PTR

@0 -x 197.242.181.69', it works. Do I need to request a > delegation of 197.242.181.69 to the name servers ns1.sami.tn? > > > > *De :* Ben Croswell > *Envoyé :* jeudi 14 mars 2024 13:10 > *À :* RAHAL Sami SOFRECOM ; ML BIND Users < > bind-users@lists.isc.org> >

Re: log for one domain

We rip the logs apart put them into a database with a web front end. We watch for 6 months then remove ones with no traffic. On Mar 11, 2012 6:12 PM, "hugo hugoo" wrote: > Dear all, > > Is it possible to logs queries to a specific domain? > I have a domain configured in my system but I do not kn

RE:

If you do not delegate the subdomains with NS records you are not fully delegating the subdomain. It will work fine in the short term, but are setting up a landmine for someone to step on later. If decide to move that subdomain to other dns servers later it will disappear without the NS records. T

Re: external view recursion issue

If you are authoritative for a cname that points to an A elsewhere, your server will resolve the cname and leave it to the client dns server to go get the A from the server that hosts it. On Mar 16, 2012 10:14 AM, "Samantha Steers" wrote: > Hi, > > I am getting prepped to migrate dns from one ser

Re: TC Flag

The TC flag is set when the response is larger than your max udp packet size. 512 bytes with no edns0 and up to 4096 bytes with edns0 fully functioning. On Apr 10, 2012 9:55 AM, "rams" wrote: > When I get TC flag for UDP query? > > ___ > Please visit ht

Re: Configuring CNAME for nosslsearch.google.com

What you are asking for can't be done. If you load the google.com zone everything you don't load in the zone will be black holed and not resolve. If you try to load WWW.Google.com you will not be able to make WWW a cname due to the no cname and other data rule. On Apr 15, 2012 5:39 PM, "Tobias Kra

RE: Configuring CNAME for nosslsearch.google.com

This is incorrect. It is illegal to have a cname and any other record on the same name in dns. The ns and soa count as records. On Apr 16, 2012 9:41 AM, "Matthew Huff" wrote: > Actually, this can be done. > > Create a zone file for "www.google.com", not "google.com". The zone file > should like

Re: new here

You set a listen-on that does not include 127.0.0.1. On Apr 22, 2012 11:08 PM, "David Milholen" wrote: > I am a Wisp admin and I have just configured a couple of new Bind9 > servers. > They will resolve using dig google.com @9x.1xx.104.14 > I am having some trouble getting them to answer themsel

Re: How to influence forwarder selection BIND 9.7.3

A certain percentage of queries will always go to all of the forwarders listed. If you have servers A B and C and A is the fastest SRTT, whenever A answers the SRTT for B and C will be decremented by a small percentage. Eventually they will be lower than A and get used. The likely result is that t

Re: new here

than you are loading it as. You load 104.16.98.in-addr.arpa. they are transferring 104-22.16.98.in-addr.arpa. -Ben Croswell On May 2, 2012 1:18 PM, "David" wrote: > ** > Hello All, > I am new here but have been watching the list for a while. > I run a small WISP and we ha

Re: Why does a non-delegated sub-domain work?

gation the subdomain will disappear. -Ben Croswell On May 7, 2012 1:08 PM, "M. Meadows" wrote: > > So ... if we have > > exacttarget.com delegated to ns1 and ns2.exacttarget.com nameservers > > and ... we manage the s6.exacttarget.com zone file from ns1 and > ns2.exactt

Re: How does a child find its parent?

The child doesn't know it's parent and goes up to the root like any other server would. -Ben Croswell On May 8, 2012 2:13 PM, "Mike Bernhardt" wrote: > Reading the section on delegation in the O'Reilly book, I'm confused about > something: The parent is con

RE: How does a child find its parent?

Another option would be zone level forwarding on the child to point at the parent or stub zones. -Ben Croswell On May 8, 2012 3:59 PM, "Mike Bernhardt" wrote: > In this case, the root only knows the external public server, not the > internal parent who is doing the delegating.

Re: global forwarders - current BIND9 behaviour documentation

x27;s the method for retrying a forwarder after it was set high due to a timeout etc. -Ben Croswell On Jul 25, 2012 2:36 PM, "ip admin" wrote: > Hi, > > anybody there who can provide a definitive answer on the current BIND 9.7 > (or higher) global forwarder behaviour? > &

Re: forwarder is ignored when authoritative zone is added

on. I assume the logic is, why would I forward a subdomain I know doesn't exist. -Ben Croswell On Oct 26, 2012 2:17 AM, "Frank Even" wrote: > I've recently had an issue that I'm having some issues finding > information on solving. > > I have internal DNS resolver

Re: forwarder is ignored when authoritative zone is added

The thing that brings me back to a delegation issue is the statement of slaving an external version of the second level domain the internal DNS server. I know if I was splitting a domain I would not put internal only delegations external. -Ben Croswell On Oct 26, 2012 7:23 AM, "Sten Ca

RE: Performance tuning

I did digs to both names from my work DNS infrastructure. The response was 58ms to resolve the WWW entry and 44ms for the non WWW entry. Would not appear to be a resolution related slow down. -Ben Croswell On Nov 26, 2012 1:25 PM, "Lightner, Jeff" wrote: > For question 1: >

Re: Bind not forwarding all requests

It is probably related to forward first versus forward only. Forward first is default but will fall back to no forwarding if the forwarders fail. On Dec 7, 2012 12:06 PM, "Romgo" wrote: > Hello, > > I am currently running two bind9 server on Debian Squeeze. > 1:9.7.3.dfsg-1~squeeze8 > > Server 1

Re: Name resolution fails if not forwarding

My first thought would be lack of firewall rules and connectivity to the Internet. On Jan 8, 2013 9:35 AM, "Daniele" wrote: > If I use BIND9 forwarding all the queries not belonging to my local zones, > it works. > > But if I don't forward those queries, `dig` sometimes (and this is weird) > fail

Re: MNAME not a listed NS record

There is no issue with a configuration like this. It is the very definition of a stealth master and is a very common configuration. Any DDNS updates will continue to reach the stealth master via the mname and no resolvers will find the master via NS records so it won't be queried. On Jan 16, 2013 3

Re: Define an internal zone with only a couple of A records, then forward to an external dns server

If you load the zone your server will believe it knows everything about the zone and not forward anything below it. If you load foo.com with two records, nothing but those two records will ever resolve on that server for foo.com. One way to make it work would be to load two zones. Vpn1.foo.com an

Re: What causes 'zone transfer setup failed' ?

A common issue is the secondary not being allowed to query the master for the SOA of the zone. Ensure the master has an allow-query that includes the secondary. On Jan 25, 2013 6:06 AM, "Jan-Piet Mens" wrote: > Hello, > > I'm seeing quite a number of messages like > > xfer-out: debug 3: c

Re: Most specific match on PTR records

You need to ensure if the resolver that is doing the forwarding also loads the blank 10/8 that you have the smaller /24 delegated in the 10/8. The reason being if it loads the /8 with no /24 delegation it will ignore the forward because it believes the /24 doesn't exist. On Feb 21, 2013 1:21 PM, "N

Re: Forward First on Master Zone (bypass SOA)

A server will not forward a zone it is also authoritative for. On Mar 28, 2013 3:33 PM, "Ben-Eliezer, Tal (ITS)" < tal.ben-elie...@its.ny.gov> wrote: > Hello, > > ** ** > > My organization is evaluating the use of split-view DNS in our environment. > > > One of the challenges I’ve yet to

Re: Confused about a basic concept

Bryan > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users &g

Re: Delegation and Forwarding

The basic answer is that you use null forwarders for any domains that you want to turn off the global forwarders. If you have a global forwarder and then you have bob.com with a null forwarder, bob.com and the domains below is will follow delegation. On Dec 11, 2013 7:10 AM, "Bob McDonald" wrote:

Re: I may be confused regarding sub delegated zone

A freshly started server with no cache will be directed to nd1 first which will give a referral to ns2 for the subdomain. After that it will go to ns2 directly until the ns records time out in cache. On Jan 23, 2014 12:30 PM, "Blason R" wrote: > Hello friends, > > I may sound like novice but have

Re: how to modify the cache

You can't modify cache. If that was allowed you could cache poison any domain you wanted. On Feb 14, 2014 8:52 AM, "houguanghua" wrote: > Hi all, > Bind provides rndc tools to operate the cache. But how to change a record > in the cache. For example: > to modify origin record " *www.abc.com*

Re: how to modify the cache

What you say is true, but the OP wasn't clear in who owned the record he wanted to override. I assumed it was someone else's or you would just change authoritative source that you own. On Feb 14, 2014 10:20 AM, "Barry Margolin" wrote: > In article , > Ben Croswe

Re: Bind vs flood

I guess I am missing why anyone on the internet should be able to open queries against your caching resolver. Why would in bound queries be allowed to servers that are for your people to get out? On Feb 27, 2014 10:13 AM, "Ivo" wrote: > Hi Dmitry, > > We observed that similar requests are landi

Re: Bind vs flood

heir own wifi box like Zyxel or > similar which may have open resolver by default. > > Ivo > > On 2/27/14 5:18 PM, Ben Croswell wrote: > > I guess I am missing why anyone on the internet should be able to open > queries against your caching resolver. > > Why would in b

Re: which Name sever is selected?

RTT banding was removed in early versions of 9.8 due to the performance hit being larger than any security benefit. So it would depend what version of bind is being used in this case. https://www.isc.org/blogs/rtt-banding-removal-from-bind-9/ It is important to note that all ns records will take s

Re: which Name sever is selected?

back to being slower. On Mar 3, 2014 8:24 AM, "houguanghua" wrote: > Hi Ben, > > What's the meaning of bind "decaying"? Where can I find the detailed > description? Thanks! > > Guanghua > > > ---- > Date

Re: Bind 9.9.1 forward zone "local"

I would imagine your issue is a lack of an NS delegation in the root zone you are slaving. If you load a parent and then try to forward a child of that parent you must have a delegation in the parent. The delegation doesn't have to match the forwarders but it must exist. On Mar 25, 2014 1:57 PM, "

Re: Slave zero-TTL on CNAMES

Cisco routers do have the ability to "doctor" DNS packets when doing NAT. When it doctors it sets the TTL to 0 but I dont know why it would only do it on CNAME records. On Jun 5, 2014 12:43 PM, "Reindl Harald" wrote: > > > Am 05.06.2014 17:58, schrieb /dev/rob0: > > On Thu, Jun 05, 2014 at 05:21:

Re: Diagnostic help

The default for allow query is local host local nets. Basically the server itself and directly connected networks On Sep 29, 2014 8:03 PM, "Bill Christensen" wrote: > Hi folks, > > Something got sideways on one of my DNS servers, and I would appreciate > some help in figuring out what's going o

Re: About CVE-2015-5477 ("An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure")

Is it safe to say the only vulnerable hosts would be those accepting queries from the outside world, or would this also pertain servers getting responses from the outside world with no inbound queries? On Jul 28, 2015 5:42 PM, "Michael McNally" wrote: > As the security incident manager for this

Re: About CVE-2015-5477 ("An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure")

> On Tue, Jul 28, 2015 at 07:06:16PM -0400, Ben Croswell wrote: > > Is it safe to say the only vulnerable hosts would be those > > accepting queries from the outside world, or would this also > > pertain servers getting responses from the outside world with > > no inboun

Re: CVE-2015-7547: getaddrinfo() stack-based buffer overflow

Cyber folks asked if there was any way for the DNS servers to "protect" the vulnerable clients. The only thing i could see from the explanation was disabling or limiting edns0 sizes. That is obviously not a long term option. On Feb 17, 2016 11:39 AM, "Alan Clegg" wrote: > On 2/17/16, 11:34 AM,

Re:

In this case a zone level forwarder takes priority over the global forwarder. Abc.com would go to 1.1.1.1 On Sat, Jun 27, 2020, 11:44 PM baalchina wrote: > Hi all, > > I had a bind 9.16.4 as recursive name server. I want to forward all > queries to a specific dns server out of my net such as 8.8

Re: CNAME / TXT

If you uncomment that mg CNAME you end up with a CNAME mx and TXT at the same node in to the DNS tree and that is illegal. That is why you get the error "cname and other data". The mx and txt are the other data. On Sat, Aug 22, 2020, 8:19 PM Jukka Pakkanen wrote: > Cannot figure out what is wron

BIND OS tuning

Does BIND take advantage of net.core.rmem_max on Linux boxes? If I set the rmem_max to 12.5mb but leave the rmem_default as the OS default will I see a benefit on a high QPS DNS server? Or does BIND look to the rmem_default and ignore the rmem_max? -- -Ben Croswell

Re: Forwarding zone, setup

Are you loading the parent domain and trying to zone forward a child domain on the same DNS server? I.e. loading somedomain.local and trying to forward ab.somedomain.local If so an NS delegation is required in every instance I have done in my environment. The NS doesn't need to be "right" but it n

Re: Determining Which Authoritative Sever to Use

subscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listin

Re: Determining Which Authoritative Sever to Use

I would concur that internally Anycast is best for client facing edge nodes to reduce client configuration complexity as well as reducing impact of a first resolver outage. On Sun, May 8, 2022, 7:59 AM Tony Finch wrote: > Bob McDonald wrote: > > > > My question is this; how do the recursive ser

Re: Determining Which Authoritative Sever to Use (Bob McDonald)

b McDonald wrote: > Thanks for the answers. A couple more questions and then I'll stand down. > > First, it's Ben Croswell. Just pointing that out. > > Second, my reading of the definition of a static-stub zone in the Bvarm > indicates that its use is to allow a local

Re: Determining Which Authoritative Sever to Use

I will say edge DNS servers reduce client config complexity, even if you have DHCP, and increase resiliency of the initial resolver. Where it's true with DHCP you can change the DHCP server options it doesn't help if someone just got a 4 day lease and then the DNS server dies. Additionally the ab

Re: Question about Records not authoritative for

This is exactly what we have done in the past to mitigate malware. Just load somebaddomain.com with no A records or with a wildcard pointing to 127.0.0.1. -- -Ben Croswell On Thu, Dec 11, 2008 at 11:29 AM, Baird, Josh wrote: > You could just create an authoritative zone for the domain

Re: recursion for reverse/in-addr.arpa zones

Are there NS records and/or zone forwarding for the 10.131.10.0? If there is the servers will look to the most specfic domain. -- -Ben Croswell On Thu, Dec 11, 2008 at 4:38 PM, Todd Snyder wrote: > Good day, > > We are working on an odd issue. I can provide more detail as necessa

Issue with case changing from master on BIND 9 to slave on BIND 8

directory shows .COM. I was wondering if anyone had experienced an issue like this. And I understand both of those version are ancient and need to be removed from the environment. -- -Ben Croswell ___ bind-users mailing list bind-users@lists.isc.org

Re: DNS spoofing

He states in his messasge that he only wants to change one host in the domain and that all other information for the domain needs to remain intact. If he loads or forwards the domain on his servers nothing other than what he loads will be resolved. -- -Ben Croswell On Fri, Jan 16, 2009 at 1:24

Re: bind cname for corporate web

records. You will need to make example.com an A record or use www.example.com IN CNAME someother.site.com. -- -Ben Croswell On Sun, Jan 18, 2009 at 12:37 PM, Dhaval Thakar < dhaval.tha...@networthdirect.com> wrote: > > > Hi, > > I am using bind 9.6.0. > > I want to co

Re: How many nameservers?

I have never heard of there being any downside to a large number of NS records for a domain. I know internally to my company we have large numbers of NS records for the internal domains. -- -Ben Croswell On Sun, Feb 1, 2009 at 7:51 PM, shulkae wrote: > How may NS entries typically is allo

Re: How many nameservers?

That was my understanding. It would only overflow if you actually had enough NS records that the NS records themselves couldn't fit in the answer section. -- -Ben Croswell On Tue, Feb 3, 2009 at 1:00 AM, Barry Margolin wrote: > In article , bsfin...@anl.gov wrote: > > > One

Re: possible noob question - @ CNAME?

it because it is illegal. If you put a CNAME at the domain level you are causing the CNAME to collide with an SOA records, and 1 or more NS records at the very minimum. -- -Ben Croswell On Thu, Feb 5, 2009 at 12:36 PM, RJValenta wrote: > forever ago, i set myself up with a solid bandwidth a

Re: time.windows.com and download.windowsupdate.com

i.e. someotherhost.time.windows.com won't work 2) Everything under windowsupdate.com will not be resolvable other than download.windowsupdate.com i.e. someotherhost.windowsupdate.com As long as you are aware of and ok with those caveats you should be fine. -- -Ben Croswell On Sun, Feb 8, 2009 at 6:03 PM, wr

Re: forwarding subdomain to internal box

omain to ns1/ns2 as far as the Internet is concerned then have your zone forwarder in place. I don't know for sure how ns1/ns2 would react to having a zone forwarder statement and then recieving an iterative query for it. -- -Ben Croswell, RHCE GSEC On Fri, Feb 13, 2009 at 1:31 PM, Wim Liv

Re: bind replication

What technical problem are you trying to solve with rsync? It seems like you are making the process more complex, instead of just letting BIND do it's job. On Dec 31, 2010 9:02 AM, wrote: > Torinthiel writes: > > >> >> If you know which zone has changed, than you can do "rndc reload zonename". >>

Re: cache server with authoritative answer

That is no longer the case. It doesn't respond authoritative on the first query. -Ben Croswell On Jan 30, 2011 10:01 AM, "Kevin Oberman" wrote: > On Sat, 2011-01-29 at 14:49 +0800, p...@mail.nsbeta.info wrote: >> The book "Pro DNS and BIND" says: >> &

Re: RE: what's a valid domain name?

In that case technically you are creating undelegated subdomains for each router. The dot is a delimiter and can't be part of a hostname. -Ben Croswell On Jan 31, 2011 11:19 AM, "Vyto Grigaliunas" wrote: ___ bind-users mailing

Re: what's a valid domain name?

The rfc you quote clearly states when used as a delimiter of a domain as I stated. -Ben Croswell On Jan 31, 2011 8:58 PM, wrote: > Ben Croswell writes: > >> In that case technically you are creating undelegated subdomains for each >> router. >> The dot is a delimite

Re: dots in hostnames problem

The dots delineate domains even if you don't view it as a new domain. -Ben Croswell On Mar 9, 2011 1:13 PM, "Matt Rae" wrote: ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: dns RR method is not equal balanced?

First and foremost you shouldn't be running any version of BIND 8. That is way out of date and open to a lot of exploits. That being said if by some -Ben Croswell On Mar 29, 2011 4:55 AM, "Kay" wrote: > Dear my friends. > > I use bind 8.4.7-REL on RHEL 4.4 OS and h

Re: dns RR method is not equal balanced?

ng. The f5 is load balancing so you would see a more even load across the 12 servers. -Ben Croswell On Mar 29, 2011 4:55 AM, "Kay" wrote: > Dear my friends. > > I use bind 8.4.7-REL on RHEL 4.4 OS and have thousands of domains. > > In my case ; > some domain has 12 IPs

Re: multiple IP address in Address Record in BIND

In the bind 8 days people would put the same address multiple times and then other addresses as well to "weight" the responses. -Ben Croswell On Apr 17, 2011 2:45 PM, "Eivind Olsen" wrote: >> Hi, >> we have internal domain called sva.com and address record f

Re: Strange behaviour resolving CNAME's via a forwarder.

resolve the end point of the cname chain. If you specifically ask for cname first, it caches the cname and then further queries don't go to the second box and your first box just resolves the end of the chain. -Ben Croswell On Apr 20, 2011 7:23 AM, "Adam Goodall" wrote: > On 20 Apri

Re: monitoring BIND

Nagios is a very move tool for synthetic transaction monitoring. You put in whatever hosts and host names to resolve and it does it. -Ben Croswell On Jul 13, 2011 11:01 AM, "Karl Auer" wrote: > We have some nameservers :-) that are used by quite a few thousands of > people. Ev

Re: bind weighted round robin not working

That doesn't work with recent versions. BIND discards the duplicates. -Ben Croswell On Jul 16, 2011 4:28 PM, wrote: > Hi, > > I’ve got a problem getting weighted round robin dns to work. What I need is > ip adress 1 getting twice the hits of ip address 2, however making multipl

Re: servfail are not cached!

Actually he said the DNS protocol allows for it and ISC had been considering adding it. -Ben Croswell On Sep 27, 2011 11:38 AM, "Issam Harrathi" wrote: > As i test it's not cached at all, and you say here it's cached for 30 > seconds?! > i'm using 9.7.2-P3.

Re: CNAME or A record?

Either is fine. Using the cname would require a single update if your ip changes, but prevents other records at the same level. So you couldn't attach mx for instance at example.com and www.example.com if you wanted to. Neither is wrong and both have pros and cons -Ben Croswell On Sep 28,

Re: CNAME or A record?

That makes no sense. If he didn't have a dns entry for both sites, how does the user get to site without the dns entry to be rewritten by Apache? -Ben Croswell On Sep 28, 2011 10:52 AM, "风河" wrote: > this is the stuff what should be done by webserver rather than by DNS. i,e

Re: what's a valid domain name?

Actually a . is not part of a host name. It separates all the parts of FQDN. If you put one in a host name you have an undelegated subdomain as I stated before. -Ben Croswell On Oct 31, 2011 6:59 AM, "Kristen Eisenberg" wrote: > Ben Croswell writes: > > > In that ca

Re: Switching from forwarding to recursion

delay in exhausting the forwarders before attempting the roots. -Ben Croswell On Nov 1, 2011 9:23 AM, "Will Lists" wrote: > We recently tried a test to see how our internal servers would react to a > loss of their external peers, with the goal being that the internal servers >

Re: Switching from forwarding to recursion

ied before going to NS or there is no way of knowing when the forwarders are back. In your case if you have a limited number of servers a quick removal of the forwarders may be the quickest way to restore service. -Ben Croswell On Nov 1, 2011 10:03 AM, "Will Lists" wrote: > Be

Re: Zone Transfer Query

I would imagine the IP you trying to transfer on is not in the allow-query acl of the master. You have to be to do soa queries to the master. -Ben Croswell On Dec 5, 2011 7:34 AM, "Gaurav Kansal" wrote: > Dear All, > > ** ** > > I have a master DNS on IPv4 AND sla

Re: What does this mean ? INSIST(zone->type == dns_zone_stub) failed

I don't see the desired outcome of making them both master and the trying to have one transfer from the other. Have one be master and one be slave from the master. No reason to alter code and query responses will be the same to your clients. -Ben Croswell On Dec 8, 2011 8:57 PM, "蔡

Re: New problem with "lame-server" after Dist-Upgrade

Did the BIND version change with the OS upgrade? -Ben Croswell On Dec 24, 2011 6:38 PM, "Michelle Konzack" wrote: > Hello *, > > my Inttranet NameServer (my DNS-Master) was running Debian Lenny/5.0 and > is now upgraded to Debian Squeeze/6.0 and et I get per day v

Re: Problem at loading advert in Squid 2.7 & 3.1

Not sure how this is a BIND related issue. -Ben Croswell On Dec 26, 2011 11:55 AM, "feralert" wrote: > Dear all, > > Squid is not loading an advert in a web page frame which loads fine > when using a direct connection to the internet. > The versions used are 2.7.STABL

Re: forwarding "@" to a different domain?

You can't cnane mydomain.com to anything because it has, at the minimum, ns and soa records. -Ben Croswell On Jan 8, 2012 1:11 PM, "Jukka Pakkanen" wrote: > > www in cname mydomain.myshopify.com. > mydomain.com. in cname mydomain.myshopify.com. > > Is

Re: zone update to slave

You can freeze thaw or use nsupdate to dynamically add the static entries. rndc freeze Edit zone rndc thaw You will lose any ddns updates during the freeze. -Ben Croswell On Jan 11, 2012 3:52 PM, "Dan Letkeman" wrote: > Ah, I did not know that. So then my scenario must be so

Re: Using TCP for checking

My one caution on this would be you may run into false negatives with TCP if people have misconfigured firewalls. It's surprising the number of people out there that believe TCP is only for xfers. -- -Ben Croswell On Tue, Apr 7, 2009 at 3:17 PM, Mark Elkins wrote: > I'm involved

Re: tcp versus udp

Also if EDNS0 is in effect theoretically the max size would be 4096 bytes before a truncate happened. -- -Ben Croswell On Mon, May 4, 2009 at 8:55 PM, Martin McCormick wrote: > Matt Baxter writes: > > When a response can not fit in a single UDP packet the server will mark > > th

Re: child zone not forwarded

You have to make sure that you actually have NS delegations in xxx.com for child.xxx.com. That has bitten me on occasion. If you load the parent and the parent has no NS delegation for a child, it assumes the child doesn't really exist and ignores the zone forward. -- -Ben Croswell 200

Re: Single Zone Forwarding Dilema

If you want to force forwarding you will probably want to add the forward only; directive. By default your server will try to follow NS delegations and then forward if it can't follow them Forward only; tells it to not even bother trying to follow NS delegations. -- -Ben Croswell On Fri

Re: Delegating reverse DNS to a customer

subdomain of a domain you load. If you want to delegate foo.bar.com to someone you put the NS records in bar.com not foo.bar.com. -- -Ben Croswell On Tue, Aug 18, 2009 at 8:31 AM, Tim Huffman wrote: > Guys, > > > > We’re a smallish (but growing) ISP, and we’ve been asked by one of our

Re: Need help on delegation to subdomain/external servers

own "right" answer it should failover fairly quickly. If both answer then you will be at the mercy of the RTT as to which answer you will get. -- -Ben Croswell On Thu, Sep 17, 2009 at 12:27 PM, Kevin Darcy wrote: > RUOFF LARS wrote: > >> >> >> >>> [

Re: FW: Blocking top level domain

ernational Traffic in Arms Regulations (ITAR) and/or > the Export Administration Regulations, as applicable. > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- -Ben Croswell ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: SIBLING GLUE address records (A or AAAA)

ords requiered ? > > I understand that is not. Is this right ? > > Regards, > -- > Sergio R. > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- -Ben Croswell ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: New BIND user

ference ? > > Book, URL, distribution, tutorial… > > > > Thank you, your help is appreciated. > > > > *Martin* > > > > > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://list

Re: Poblem with ZONE (subdomain)

86 Tel. FR: +33 6 61925193 > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- -Ben Croswell ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Master server offline

k? > > Cheers, > > Dave > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- -Ben Croswell ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Master server offline

If your secondaries can't reach the primary for the period of time you have in your SOAs for refresh the secondaries wills top answering. -- -Ben Croswell On Thu, May 6, 2010 at 10:37 PM, Dave Filchak wrote: > Our master server machine had a drive failure and looks like it will be &

Re: The DDOS attack on DYN & RRL ?

I think what we see as a result of this attack is DNS provider diversity being the new buzz phrase. The same as not relying on a single ISP link i see more people using multiple DNS providers. The size of these attacks will grow as IoT continues to grow. It makes sense to have diverse providers to

Re: The DDOS attack on DYN & RRL ?

The other option being having a master owned by your company and then setting both external providers to secondary from your master. You to maintain control over data and hqve diversity. On Nov 1, 2016 10:42 AM, "Barry Margolin" wrote: > In article , > Ben Croswell wrote: &g

Re: Bind master keeps saying it is not authoritative

Ensure that the allow-query clause on the master includes the slave. If the slave can't query for the SOA on the zone it can't do an xfer. On Mar 2, 2017 6:34 AM, "Xavier Humbert" wrote: > The whole configuration, comments removed : > > -- Master -- > acl my-slaves {

Re: Why would a master zone use forwarders ?

This would only change behavior if the server has global forwarding. If it is master for a foo.com and also has global forwarding it will use the global forward for any delegated child domains under foo.com unless they are also loaded locally. The forward{} turns off global forwarding for that br

Re: Why would a master zone use forwarders ?

mydomain.com A 1.1.1.1 What's the difference between the global forward for delegated child domains and the delegation I do ? Thank you Le Vendredi 12 mai 2017 15h34, Ben Croswell a écrit : This would only change behavior if the server has global forwarding. If it is master for a foo.com and

Re: strange problem with query being dropped/ignored by the BIND process

Have you checked deeper at the OS level? I have seen on Linux DNS servers silent drops of queries on very busy servers that were exhausting UDP receive buffers. On Jun 28, 2017 10:26 AM, "Marc Richter" wrote: Hi, we have a setup here consisting of a recursive DNS server and two monitoring serve

Re: Forwarding from delegated zone not working

If the AD environment loads company.com you need to make sure it has NS delegations. The nameserver will ignore the zone forwarded if it knows the child doesn't exist. On Oct 10, 2017 11:22 AM, "seanliam73" wrote: > Hi > > I have a subdomain delegated from AD to a bind9 instance I have running >

  1   2   >