move such options
inside the view definition.
Mvh. / Regards
Bob
On 2011-07-25 16:24, Thomas Schweikle wrote:
Hi!
I have set up a view for one site. It is bound to change answers as
necessary for different IP-ranges. It works as far as I could see.
But with one ip-range there is a problem ...
I
querylog
#> rndc trace 3
Then I tail all the relevant logfiles.
Mvh. / Regards
Bob
On 2011-07-28 18:31, Thomas Schweikle wrote:
Am 28.07.2011 01:18, schrieb Bob:
These two views are identical in any way I can see, so the fault may
be in an included configuration file that is not included in y
tion needs to be a bit
more clear on this. Would it be helpful to have a version of the bind.keys
file for bind 9.16 and above?
Regards,
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support sub
Thanks Evan and Ondrej. I'll let the folks at FreeBSD know also. Their
bind packages still include that file.
Bob
On Wed, Jan 4, 2023, 14:59 Evan Hunt wrote:
> On Mon, Jan 02, 2023 at 07:33:46AM -0500, Bob McDonald wrote:
> > I've upgraded to bind 9.16.36.
> >
>
hought and testing. The
ultimate value depends on the volume of updates being generated.
Hope that helps,
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact u
Mea Culpa. Apparently RPZ IS the issue here.
I learn something new every time I read this list.
My apologies for the waste of bandwidth.
Bob
On Mon, Jan 16, 2023 at 9:02 AM Bob McDonald wrote:
> This is just conjecture but I'll take a stab at this problem.
>
> First, the fact
at will go away
eventually. Any comments are welcome.
Thanks,
Bob
named.conf:
acl rfc1918-nets {
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
};
include "/usr/local/etc/namedb/rndc.key";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-
Before answering this question, can you tell me the proper place where I
should be asking this question?
"We are researching DDoS protection, including DNS. What companies or
products or methods should I be looking at?"
--
Bob Harold
--
Visit https://lists.isc.org/mailman/listinfo/
tware versions. e.g. FreeBSD offers 9.16, 9.18, and
9.19. They are also a little quicker to offer packages for new releases.
YMMV,
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Co
DNS Authoritative servers?
(Granted, the actual answer size to the client could be large enough to
cause fall-back to TCP, but that is not because of DNSSEC.)
--
Bob Harold
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this
the associated DNSSEC records
(if they exist). It doesn't affect validation. You must make the options
change indicated by Greg Choules in his previous post to disable DNSSEC
validation for a specific domain.
Sorry if this is redundant or very rudimentary.
Bob
--
Visit https://lists.is
This is why I try to read this list every day...
Thanks Mark.
I need to go back to RTFM (or read the man page)
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at htt
e or more forwarders, and they are queried in turn until the list is
exhausted
or an answer is found." So the first one will get all the traffic, the
second is just a backup to be used if the first fails.
If you expect that to do load balancing, it will not. Try a real load
balancer, or &
nk that dig should be adjusted to suppress cryptographic
> material from other records such as TLSA, SSHFP, CDNSKEY, CDS, etc, and
> the man page updated to reflect this?
>
> Regards,
> Anand Buddhdev
> --
>
> Just my opinion, but I would like it to apply to all crypto
works but it's REALLY slow.
Dig shows both the address of the server providing the answer and the
amount of time it took for the resolution. That MAY provide some clues as
to what's going on.
I suspect this is an issue with bind 9.18.24. I can't say for sure.
HTH,
Bob
Sent from m
Would this be true for FreeBSD as well? I also have a bind 9.18.24
instance running on freeBSD
and it seems to be ok.
Bob
> The crypto policy stuff ultimately creates and maintains files in
/etc/crypto-policy/backends, which has a list of acceptable or
not-acceptable crypto settings.
>
Thanks Mark. It's right there in the log.
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-
Its libxml2 and libxml2-devel
Please refer to the following for information.
https://kb.isc.org/docs/aa-00769
Regards,
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions
ertificate, LetEncrypt using Unbound was verifying every NS record and
sometimes gave up, with an error message "exceeded the maximum nameserver
nxdomains" even though there were no 'nxdomains' in the log. I simplified
my NS records and the problem went away.
--
Bob Harold
O
.telekom.net.
telekom.de. 3600 IN NS dns1.telekom.de.
telekom.de. 3600 IN NS dns2.telekom.de.
telekom.de. 3600 IN NS pns.dtag.de.
This is the type of NS record 'tree' that I also had, that caused me
problems.
--
Bob Harold
On Fri, Sep 6, 2024 at 3:27 PM Ondřej Surý wrote:
> Ok, so
that works
also)
If you need my named.conf, just ask. Sometimes it helps to compare notes.
Are you running on a router or some other device?
Are you running RPZ?
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software
ANYCAST (in one cloud).
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
this is not clear (at least to me ).
Is there a difference if the parent is local and the child is forwarded?
(or both forwarded but to different addresses?)
Thanks,
Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
};
>>>
>>> empty:
>>> @ 0 IN SOA . stop.using.this.nameserver 0 0 0 0 0
>>> @ 0 IN NS .
>>> @ 0 IN A 127.0.0.1
>>
>> Or really mess with them and answer all A queries with 199.181.132.249
>
&g
> Unless the goal is to move all DNS services off that subnet. Our network
> staff would love to reclaim the /24 our DNS servers are tying up with very
> little else on it wasting 250 addresses.
I'm not sure I'm describing a properly configured anycast environment
well. Since in anycast the clie
; or "C" it will automatically be
forwarded to "A".
If "B" or "C" are in the allow-updates ACL on "A" all updates will be
applied.
If "D" is in the allow-udates ACL on "A" (and not "B" or &quo
e a
fairly painless way to convert all the AD machines to signed updates?
TIA,
Bob
On Fri, Mar 14, 2014 at 12:41 PM, Mark Andrews wrote:
>
> If you are going to forward updates use TSIG or SIG(0) to sign the
> update and stop worrying about addresses. TSIG and SIG(0) are
> bi
Ok so it's not painless. Do the updates still get forwarded to the master
by the slaves or do I need to have all Windows devices needing update
capability to point at the master?
TIA,
Bob
On Fri, Mar 14, 2014 at 7:36 PM, Chris Buxton wrote:
> On Mar 14, 2014, at 10:50 AM, Bob
Signed updates, that is...
On Sun, Mar 16, 2014 at 5:32 AM, Bob McDonald wrote:
> Ok so it's not painless. Do the updates still get forwarded to the master
> by the slaves or do I need to have all Windows devices needing update
> capability to point at the master?
>
> TIA
This sounds like a Microsoft IP stack where it can be configured to search
the parent domain after a domain failure. (as opposed to domain suffix
search order). An attempt to resolve everything for the client no matter
what the client types in. This generates unnecessary traffic, IMHO.
Bob
e did not find anything - but it is
hard to filter on just "allow-query-on" as a complete string.
Has anyone even used that option?
--
Bob Harold
DNS hostmaster
University of Michigan
___
Please visit https://lists.isc.org/mailman/listinfo/bi
s.)
The authoritative servers are a separate set of servers, not using anycast,
not involved in this.
--
Bob Harold
DNS Hostmaster
University of Michigan
On Wed, Jul 2, 2014 at 11:12 AM, Reindl Harald
wrote:
>
> Am 02.07.2014 17:08, schrieb Bob Harold:
> > I am using Ubuntu 12.04.4, BI
rks as
> documented.
> Any clue how to get "allow-query-on" to work?
> Searching the mail archives and Google did not find anything - but it is
> hard to filter on just "allow-query-on" as a complete string.
> Has anyone even
"listen-on" defaults to all the computer's IPv4 addresses, including the
loopback, so I did not put an explicit "listen-on" statement. It answers
queries to both the loopback and other addresses.
--
Bob Harold
DNS hostmaster
University of Michigan
On Wed, Jul 2, 2014
ords/
http://aws.amazon.com/route53/faqs/#Supported_DNS_record_types
http://blog.andrewallen.co.uk/2012/06/27/cname-is-out-hello-aname/
(This last one points out a problem with the current implementations - I
think proper support in the DNS protocol would solve this.)
--
Bob Ha
eme.com in a | awk '/[\t ]A[\t ]/ {print $NF}'
23.24.150.141
$ dig +noall +answer dave.knig.ht in a | awk '/[\t ]A[\t ]/ {print $NF}'
216.235.14.46
--
Bob Harold
hostmaster, UMnet, ITcom
Information and Technology Services (ITS)
rharo...@umich.edu
734-647-6524 desk
On Wed, Oct
On Wed, Dec 10, 2014 at 3:36 AM, Matus UHLAR - fantomas
wrote:
> On 09.12.14 21:36, Frank Bulk wrote:
>
>> Perhaps it wasn't NXDOMAIN -- I didn't capture the output. But there
>> definitely was not answer. The institution only has two authoritative
>> nameserver entries, both pointing to the sa
file size. I wish the entries had dates, even if just as a comment -
it would be a good log of changes, and I would be able to see how far back
in history the journal went.
--
Bob Harold
hostmaster, UMnet, ITcom
Information and Technology Services (ITS)
rharo...@umich.edu
734-647-6524 desk
O
or more complicated:
2. Have your provisioning system update a hidden master DNS server, and
have the DNS server that others see be a slave. Only valid zones will
transfer to the slave.
--
Bob Harold
hostmaster, UMnet, ITcom
Information and Technology Services (ITS)
rharo...@umich.edu
734-647-6524 d
ies-outside; next} {print $0 > named-queries-other}' &
(not tested, but have used similar before)
--
Bob Harold
hostmaster, UMnet, ITcom
Information and Technology Services (ITS)
rharo...@umich.edu
734-647-6524 desk
On Mon, Mar 9, 2015 at 9:55 PM, Alan Clegg wrote:
> ---
On Thu, Apr 2, 2015 at 4:05 PM, Jan-Piet Mens wrote:
> > 2001:67c:2e8:5::c100:c6#53: Transfer completed: 0 messages, 0 records, 0
> >
> > Is there any logic to this that I'm missing?
>
> s/completed/failed/ on error cannot be particularly difficult to
> implement.
>
> -JP
>
> +1 for makin
Jeff,
That only works on the master zone server, without dynamic updates. Any
slave zones or zones with dynamic updates will have problems because the
zone file will be overwritten with one zone each time it is updated.
--
Bob Harold
hostmaster, UMnet, ITcom
Information and Technology
MAIN response. The CNAME
target is also in RPZ (As shown in the second DIG)
Is this normal behaviour?
I'd also like to know if it's possible to generate "fake" resposes for MX,
NS, and/or SRV records.
Regards,
Bob
operator@sapphire-x5-agent:/home/operator >/opt/incontrol/dns
-zone02.
$TTL 28800
www.arqiva.com 28800 IN CNAME www.arqiva-integration.com.
www.arqiva-integration.com 28800 IN A 83.138.41.100
Let me know what else you need.
Regards,
Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
devices. Routing
protocols can use BFD state to rapidly (< 1 second) withdraw routes in the
event of a failure, without having to wait for a routing protocol timeout
(3 minutes by default for BGP).
Seems to work well.
--
Bob Harold
___
Please vi
(normal FQDN). If the target name is in RPZ it should not be terminated
with a period. Apparently when doing the recursion required to resolve the
target names, bind doesn't use RPZ. Is this the correct behaviour? Details
are in my previous posts.
Regards,
Bob
On Thu, Apr 16, 2015 at 2:07 PM
your config. (Do not
allow 'all', please.)
--
Bob Harold
hostmaster, UMnet, ITcom
Information and Technology Services (ITS)
rharo...@umich.edu
734-647-6524 desk
On Wed, Jun 3, 2015 at 3:34 PM, Samad Agha wrote:
> I put together a simple working DNS server and called it new-
On Mon, Jun 8, 2015 at 5:38 AM, Anand Buddhdev wrote:
> Hi BIND users and developers,
>
> I'm trying to figure out how BIND 9.10.2 refreshes slave zones. I've
> looked for this information in the ARM, but can't find it.
>
> Assuming that there are no NOTIFY messages coming in, and it is time to
>
.
Regards,
Bob
> Message: 3
> Date: Wed, 10 Jun 2015 17:17:33 +0800
> From: liumingxing
> To: bind-users
> Subject: Set up a recursive servers to provide different data
> Message-ID: <2015061017173296836...@cnnic.cn>
> Content-Type: text/plain; charset="gb2312"
&g
and/or DHCP.
Email me separately for a short list.
Regards,
Bob
Message: 4
Date: Tue, 7 Jul 2015 12:26:01 +0300
From: "Ejaz"
To:
Subject: bind-web-based control panel
Message-ID: <18f101d0b896$f3955640$dac002c0$@cyberia.net.sa>
Content-Type: text/plain; charset="us-asci
or other unixes because of differing bind
versions (but probably not)
Regards,
Bob
>Message: 5
>Date: Wed, 08 Jul 2015 12:38:20 -0400
>From: Barry Margolin
>To: comp-protocols-dns-b...@isc.org
>Subject: Re: Receiving Timeout from DNS Server for a zone file Not
> prese
On Wed, Jul 8, 2015 at 11:55 PM, John Miller wrote:
...
>
>
> dig @8.8.8.8 trombone.org +showsearch
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @8.8.8.8
> trombone.org +showsearch
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, statu
Is SELINUX enabled on the server? (several of the red hat centric distros
have it enabled by default.) That would cause the server to act as if it
were running normally while not accepting queries.
Regards,
Bob
>Message: 2
>Date: Fri, 10 Jul 2015 08:42:32 +1000
>From: "Neil"
t; when) ?
>
My $.02
That is a valid idea and useful. But if the NS, A, and records are
approaching the max packet size, then I would avoid doing it. Also, it
adds more steps to the process. So it takes a little longer but is a
little less risk. Your choice.
-- Bob Harold
&
https://kb.isc.org/article/AA-00296/0/My-slave-server-for-both-an-internal-and-an-external-view-has-both-views-transferred-from-the-same-master-view-how-to-resolve-.html
--
Bob Harold
hostmaster, UMnet, ITcom
Information and Technology Services (ITS)
rharo...@umich.edu
734-647-6524 desk
On
Bind 9 provides configurable hosts within the chaos class which can be
queried to provide troubleshooting infornation. They are:
version.bind
hostname.bind
These are all configurable within the options block of the DNS
configuration file. In the past, the suggestion was to specify something
other
ets can be much more template friendly, I know.
However, your suggestion changes my response for excluded addresses from
SERVFAIL to REFUSED. Much better.
Cheers!
On Wed, Aug 26, 2015 at 5:02 AM, Tony Finch wrote:
> Bob McDonald wrote:
>
> > To further lock this information down
The warning is issued either way (with or without recursion specified). But
I see the logic in not needing it if recursion is set to no.
Thanks again,
Bob
On Wed, Aug 26, 2015 at 5:45 AM, Tony Finch wrote:
> Bob McDonald wrote:
> >
> > I'd still include the hint zone (a
atement. If I also remove the zones from view "bind", it
returns a SERFAIL to queries for selected devices in that view of class
chaos. I think I understand this last one.
Setting recursion off does not seem to affect the warning message generated
by omitting the root hints zone for cla
No, and there seems to be sparse documentation of the use of NSID in
troubleshooting. I'm all ears. I would. however, like to restrict queries
to inside networks/users and negate access to that data from the outside
altogether.
TIA,
Bob
Alan Clegg wrote:
> Has anyone recommend
It appears that receiving an NSID response depends on having server-id set
in the options block. However, I'm seeing no way to restrict such queries.
regards,
Bob
On Fri, Aug 28, 2015 at 7:48 AM, Bob McDonald wrote:
> No, and there seems to be sparse documentation of the use of
tp.org" and hence any other box needs just an IP
> address for doing "ntpdate xx.xx.xx.xx" *before* it's own ntpd starts
>
> so you just need to make sure the correct order
>
> * ntpdate xx.xx.xx.xx
> * start ntpd
> * start named
>
> Can I suggest t
head of time (by at least
the current TTL), then the change would reach all users quickly, without
you or anyone else having to do any work. Once everything is verified
working (could wait for the next business day), then the TTL can be changed
back
dress.. It's
NATed to the outside address (query-source). Several options are defaults
and specified for clarity.
Does anything jump out as being incorrect? Are there implications to
setting minimal-responses to yes?
Thanks,
Bob
___
Please visit
can be between
the two views on the same slave server, and not hit the master server or
the network again.
--
Bob Harold
> You will be able to update both views with one zone transfer after
> upgrading to 9.10 by using the in-view option, but 9.8 does not have
> that feature.
&g
names-for-KDCs
--- But not sure if the 'port' is actually used, since it can also be
defined in the conf file.
--
Bob Harold
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing l
On Sat, Oct 17, 2015 at 12:48 AM, Woodworth, John R <
john.woodwo...@centurylink.com> wrote:
> > -Original Message-
> > From: Mark Andrews [mailto:ma...@isc.org]
> > Sent: Friday, October 16, 2015 7:08 PM
> > To: Woodworth, John R
> > Cc: 'bind-users@lists.isc.org'
> > Subject: Re: Best pr
Is this hosted on some sort of load-balancer?
Add a +norecurse to your dig and see how that changes things.
Regards,
Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind
sters. What is the disadvantage of having slaves using just the vip and
> have all masters behind the vip?
>
> thanks
> Blr
>
> As others have said, I think the recommended approach is to do zone
transfers to the real servers. That is what I do
ll
be non-recursive authoritative servers. There should be a separate
resolver.
Looks like the contents of "db.bongo.com" were not fully anonymized.
--
Bob Harold
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsu
omania.ro.
ebsromania.ro. 86400 IN NS ns02.ebsromania.ro.
;; Received 112 bytes from 193.239.218.2#53(ns01.ebsromania.ro) in 51 ms
Any insight as to what's wrong? The software and configurations are exactly
the same. These are caching only servers.
Regards,
Bob
It's not that I don't trust you, but someone could spoof your
email.
So I am waiting for the new IP to show up in the root zone or some other
trusted place. Has it already been published in some place that can be
verified? (I should have asked this when it was first announced.)
--
Bob H
t; the slaves non-authoritative?
>
> Thanks again,
>
> -Mathew Eis
>
>
A slave server has a copy of the zone, so it is by definition
"authoritative". I think what you mean by "non-authoritative slave" is
"hidden slave" - not listed in NS records. I see
t be able to use RPZ to give a list of users a different answer for
certain queries, and that can be dynamically updated quickly, if I
understand it correctly. That might work better than ACLs and views for a
fast-changing list of users.
--
Bob Harold
___
On Tue, Apr 26, 2016 at 10:22 AM, Ali Jawad wrote:
> Hi Bob
> I did have a look at
> http://www.zytrax.com/books/dns/ch7/rpz.html#policy-client-ip-trigger ,
> and while in theory it can be used in a way similar to ACL I cant see how
> it accommodates for faster changes, w
; new server automatically get the zones from the master DNS server?
>
>
> Thanks again!
>
>
It is automatic, and if it does not work, something is wrong. Copying the
files will only make it harder to debug. (Unless you have a lot of files
and just want to speed up the process. But
kludge is
> ugly, but it's straightforward and a whole lot of DNS operators (including
> me) do it.
>
> R's,
> john
>
>
I realize that ANAME seems like a kludge, but if we could make it a
standard, and get the various DNS software (auth, resolvers, and clien
vance!
>
>
>
> --
> View this message in context:
> http://bind-users-forum.2342410.n4.nabble.com/Automatic-DNSSEC-signing-workflow-tp2333.html
> Sent from the Bind-Users forum mailing list archive at Nabble.com.
>
>
I am not using DNSSEC yet, but I would say try updating u
her than the master, but renumbering the master without any other
> changes is also moderately trivial as updating the slaves can (and is)
> scripted.
>
> --
> Dave Warren
> http://www.hireahit.com/
> http://ca.linkedin.com/in/davejwarren
>
child domain through the master
server?
I hope the picture I've tried to describe is somewhat clear.
Regards,
Bob
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lis
mply refer me to server B?)
Hope that's clearer.
Bob
On Thu, Aug 11, 2016 at 11:52 AM, Matthew Pounsett
wrote:
>
>
> On 11 August 2016 at 09:13, Bob McDonald wrote:
>
>> I have a child domain that is delegated to a second site. Pretty
>> straightforward situatio
or an answer as to whether or not this might work. I'm ok
either way. Just curious.
Thanks for the replies.
Bob
On Thu, Aug 11, 2016 at 12:21 PM, Matthew Pounsett
wrote:
>
>
> On 11 August 2016 at 10:14, Bob McDonald wrote:
>
>>
>> Currently, clients sending que
"externalzone1.com" IN {
>> type master;
>> file "externalzone1";
>> allow-transfer { key tsigkeyext; };
>>
>> zone"sharedzone.com" IN {
>> type master;
>> file "sharedzone2.com&
ist we'll call it "trusted".
> We have an allow query statement in the global options to only allow
> queries from IP's in the trusted ACL. However every one of our zone entries
> in the conf file also has an "allow-query { any; }; statement. Doesn't that
> defe
> I agree with one PTR per IP. But since you have 5 IP's, you can have one
PTR record on each, just be sure there is a matching forward "A" record.
Your list of 5 names looks good, but only if each service uses the
corresponding IP for its outgoing connections, which could be di
>
> view external {
>
> match clients - external {
>
> zone example.org {
> };
>
> zone example.com {
> };
>
> };
>
>
>
> On Tue, Aug 30, 2016 at 2:53 PM, Bob Harold wrote:
>
>>
>> On Thu, Aug 25, 2016 at 12:56 PM, project722
>> wr
On Wed, Sep 7, 2016 at 11:37 AM, project722 wrote:
> Thanks Bob, I will look into this. Do you know if the forwarders feature
> is supported in Bind 9.8.2?
>
>
Yes, forwarders is an old and stable feature.
("in-view" is new and experimental)
--
Bob Harold
> On We
On Wed, Sep 7, 2016 at 12:34 PM, /dev/rob0 wrote:
> On Wed, Sep 07, 2016 at 11:48:54AM -0400, Bob Harold wrote:
> > On Wed, Sep 7, 2016 at 11:37 AM, project722
> wrote:
> >
> > > Thanks Bob, I will look into this. Do you know if the forwarders
> > >
On Wed, Sep 7, 2016 at 12:49 PM, project722 wrote:
> Bob, I have few questions regarding your sample config. First off it is
> slightly different than mine, which does work BTW at least in a lab
> environment. In your internal view what is the purpose of having this line:
>
> //
automatically got
the "empty zones" created, so any queries in those zones did not get
forwarded. I am fixing it by adding to that view the line:
empty-zones-enable no;
--
Bob Harold
On Thu, Sep 8, 2016 at 9:41 AM, Bob Harold wrote:
>
> On Thu, Sep 8, 2016 at 9:13 AM, project722
actual link local IP so I am not sure where/how that is
> being generated. My actual link local is
> fe80::f21f:afff:fedd:6a26/64
>
>
I have the "server ... bogus ..." statement in each view, so try it there.
> Any help is greatly appreciated.
>
> On Thu, Sep 8,
t;
>
Scott,
To directly give an opinion on your last question - client applications
can often be slow to recover from failed connections, so updating the A
records in the zone is a good idea - best to use nsupdate, do not edit zone
file and reload. DNS Recursive resolvers should failover in secon
ary.
--
Bob Harold
On Thu, Feb 27, 2020 at 3:23 PM Alistair Bayley <
alistair.bay...@kordia.co.nz> wrote:
> Hello,
>
> I didn't get any response to this. Is there some documentation that I
> haven't yet found that explains what these measurements mean? Has anyone
>
nfo/bind-users
>
>
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen thos
ique names just to be sure which queries you
are looking at.
That's the best that I can suggest.
--
Bob Harold
On Mon, Mar 30, 2020 at 1:07 PM Marc Chamberlin via bind-users <
bind-users@lists.isc.org> wrote:
> Hello - I am running the Bind server
>
> > named -v
> BIND
don't see where that
handles updates.
--
Bob Harold
On Wed, Apr 1, 2020 at 9:39 AM Ondřej Surý wrote:
> I would recommend dnspython as a start. The API is very non-Python,
> but once you get hang of it, it’s not that bad.
>
> Ondrej
> --
> Ondřej Surý
> ond...@is
I would suggest:
tsig-keygen your-key-name
It does not need any options, the defaults are fine.
--
Bob Harold
On Fri, Apr 10, 2020 at 7:52 PM moo can via bind-users <
bind-users@lists.isc.org> wrote:
> Hello,
>
> For educational purpose I need to setup an DDNS be
http://www.tundraware.com/PGP/
Is 127.0.0.1 in the 'trustedhosts' list?
Are you telling 'dig' what server to use - dig @127.0.0.1
What servers are listed in /etc/resolv.conf? Do they resolve the reverse
zones?
Are local queries hitting the right 'view'
On Fri, Apr 17, 2020 at 10:34 AM Tim Daneliuk wrote:
> On 4/17/20 7:26 AM, Bob Harold wrote:
> >
> > On Thu, Apr 16, 2020 at 7:17 PM Tim Daneliuk <mailto:tun...@tundraware.com>> wrote:
> >
> > We have split horizon setup and enable our internal and t
On Fri, Apr 17, 2020 at 11:03 AM Konstantin Stefanov
wrote:
> On 17.04.2020 17:56, Tim Daneliuk wrote:
> > On 4/17/20 9:50 AM, Bob Harold wrote:
> >>
> >> Agree, that's odd, and not what the man page says. Any chance that
> there is some other DNS helper ru
1 - 100 of 237 matches
Mail list logo
