prove the
negative, and that happens by enumerating all the possible positive answers
"near" the query.
Regards,
Chris Buxton
BlueCat Networks
On Feb 14, 2012, at 9:23 AM, Gaurav kansal wrote:
> Dear Team,
>
> We have a Authenticated Response in DNSSEC through trust chain.
>
ue to
connect (and reconnect as needed) to whatever address was first retrieved via
the stub resolver.
Regards,
Chris Buxton
BlueCat Networks
On Feb 14, 2012, at 2:59 AM, goran kent wrote:
> Hi,
>
> I need to setup an A record for a machine who's IP might change
> unexpectedly
data,
but most implementations do not enable this. As I recall, the value has to be
set in the source code before compiling the binary.
Regards,
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to un
t;*" name /^a-zA-Z0-9_\-/; };
> ?
>
> (For thos who don't speak regex: deny all names with something in it what is
> no letter or digit or underscore or dash.
Does a check-names policy achieve this? I'm honestly not sure.
BTW: _ is not a valid host
topic:
http://www.isc.org/community/blog/201107/major-improvement-bind-9-startup-performance
http://www.isc.org/community/blog/201107/isc-bind-981b3-provides-startup-performance-improvements
Regards,
Chris Buxton
BlueCat Networks
On Feb 17, 2012, at 1:24 AM, Nick Edwards wrote:
> Hi,
> In a
accepts it
- BIND sends answer back to client, along with the best auth and add'l data it
has in cache, which might be from the root zone
- Client gets answer, but drops auth and add'l sections
Harmless. Normal. Nothing to be worried about.
Regards,
Chris Buxton
BlueCat Networks
. Disable
forwarding selectively or remove it from your architecture completely.
Regards,
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
on stub zones.
Regards,
Chris Buxton
BlueCat Networks
On Feb 28, 2012, at 3:11 PM, Mike Bernhardt wrote:
> So, it seems that the stub zone only works as I expected if I disable ALL
> forwarding- not just in the parent zone but also in global options. Is that
> the expected behavior f
On Mar 7, 2012, at 9:15 AM, mustafa alhussona wrote:
> hi
> i have problem with installing bind (i tried 9.7.4,9.8.1,9.9.0 versions)
> service manually on debian squeeze, the problem is the service is installed
> but i cant find the configuration file and there is some error logs, please
> can
ate the NS records. If you are using the exact same set of
servers for the subzone as for the child, and are not using DNSSEC, you can get
away without the NS records, but you shouldn't get into this bad habit.
Regards,
Chris Buxton
BlueCat Networks
_
Regards,
Chris Buxton
BlueCat Networks___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
sure to reload the zone after each change, or if your zone is dynamic, use
a dynamic update that adds the SOA record again and sets the new serial number.
Regards,
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-
ever mechanism caused it to be created), then you have
to get rid of your cron job, or modify how it works. Arbitrarily replacing a
zone file when there's a journal file can cause exactly the problem you're
seeing.
Chris Buxton
BlueCat Networks
> On 04/12/2012 02:03 PM, Phil Mayers
the name server (or some other host), rather than getting
the real answer from Apple's name servers, what you want is an authoritative
zone, not forwarding.
zone "guzzoni.apple.com" {
type master;
file "short-circuit-queries.db";
};
Chris Buxton
BlueCat
response policy (RPZ) to achieve this. Or you can use
just about any non-BIND resolver (e.g. unbound) to achieve this.
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
On Jun 5, 2012, at 9:58 AM, Manson, John wrote:
> Will bind run on VMware?
Yes.
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-us
from the slave server.
- 'rndc reload' on both servers.
- Check the logs and the slave's zone files.
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind
Probably nothing. I believe the default format for slave zones is now compiled
rather than text. Remove all the zone files on the slave and reload it.
Chris Buxton
BlueCat Networks
On Jun 8, 2012, at 12:26 PM, David L. Beem wrote:
> Just upgraded to 9.9.1 from 9.8.0, the end results seem to
journal file to the zone file and then
> empties the journal.
I don't believe that is entirely correct. The journal file needs to be retained
to support ixfrs. My understanding is that it will be automatically trimmed to
max-journal-s
On Aug 5, 2012, at 11:26 PM, Evan Hunt wrote:
>> Looking to find information as to whether I can set up bind for
>> multi-master DNS. I want to be able to update DNS records via any or more
>> than one nameserver in the domain and have the records updated and
>> propagated regardless if the "master
On Aug 6, 2012, at 7:37 PM, john.debe...@teradyne.com wrote:
> Don't know. I haven't used it. Do you have experience with it?
>
No, I don't have experience with DLZ. However, I believe multi-master DNS
should be possible with DLZ and active-active database replication.
ectly, but I can't see how the bad effects would go any further than that.
Perhaps someone else can explain how this misbehaves in this particular
situation.
Chris Buxton
BlueCat Networks
On Sep 18, 2012, at 8:08 AM, M. Meadows wrote:
>
> Why / how does this work?
>
>
ry. But at least it's able to answer queries.
Chris Buxton
BlueCat Networks
On Sep 18, 2012, at 9:59 AM, M. Meadows wrote:
>
> Thanks Kevin. I understand how the chained alias works. Sorry, I didn't
> explain my question very well.
>
> I can see that the 8.8.8.8 goog
names.
Chris Buxton
BlueCat Networks
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
guration, are there any downsides to changing from forward
> zones to static-stub?
Type static-stub should work great here. Type stub, which has been around since
before I started managing DNS servers (a very long time now), would probably
also have worked.
Chris Buxton
BlueCat Networks
On Sep 20, 2012, at 5:38 PM, Alex wrote:
> I have a bind-9.7.4 server running on fc15. I use the 'size' parameter
> with the query log file to automatically rotate them. How can I do
> this with the statistics-file file? It doesn't seem to be documented?
AFAIK, you can&
r this reason, the default server in rndc.conf should always be some form of
localhost.
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind
ne is not loading for some reason.
The reason it works locally and not remotely is, the local query is in the
default allow-recursion ACL, but the remote host is not.
The recursion settings are a red herring. Solve the missing 'aa' flag.
Chris Buxton
BlueCat Networks
_
the
following names to cover all of the names other than s1.test:
test.cloudns.tk.
*.test.cloudns.tk.
*.s1.test.cloudns.tk.
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this l
g able to
>>>> rebuild a "drop-in" binary for BIND when you didn't have access to the
>>>> build directory (where the config.log contains the information) was a
>>>> good thing.
>>>
>>> Yah, a very good thingŠ This has been really real
eB, I don't see anything.
>
> What could be wrong, and how do I solve it? What tools are available to help
> out? If I try to ask for recursive request (let's say www.google.com) from
> anywhere, pointing at SiteA, I get a proper answer.
What happens if you use 'dig +nore
do both -- use the client-supplied value if one is supplied, or else use the
default.
Bear in mind, I'm not saying client updates are necessarily bad, only that you
could have done it the other way.
Chris Buxton
BlueCat Networks
___
Please visit https://
to Microsoft's DNS snap-in for MMC, whereby users then develop
mistakes in their thinking about how DNS works and therefore are unable to
properly troubleshoot and fix real problems when they occur.
I would prefer to promote a correct understanding of the actual rules of DNS.
Chris Bux
think this way when designing such a product.
We have mostly managed to avoid this type of stupidity, but I still get tripped
up by it occasionally. When I find it, it gets logged as a bug report, of
course, because we have plenty of customers who rely on &qu
you are best off
using a packet sniffer of some kind. There are even commercial offerings
available from multiple vendors that will capture, collect, and analyze this
data for you.
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/
e pretty useless. If
there isn't a matching A record in the videolinedvd.com zone as served by those
two servers, it just won't work.
Chris Buxton
BlueCat Networks
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
P
>> actually, they have glue A record in .com zone:
>>>
>>> ;; AUTHORITY SECTION:
>>> videolinedvd.com. 172800 IN NS ns1.videolinedvd.com.
>>> videolinedvd.com. 172800 IN NS ns2.videolinedvd.com.
>>>
>>> ;; ADDITION
er is not a TTL timer. The two are different.
Zone expiration should usually be at least a week. I've set mine to 6 weeks.
This timer has nothing to do with the refresh interval, which is also defined
in the SOA record.
Chris Buxton
BlueCat Networks
timers.
Note that there is no scavenging function in BIND (nothing similar to MS DNS'
aging and scavenging feature set), and no way to really implement it purely in
DNS. Any attempt to use the expire timer to achieve this is evidence of a
profound misunderstanding of the use of these
ot; being "/etc/bind/" the working
> directory of the server.
Look in /var/cache/bind. That's the working directory for the bind9 package
default configuration. (To see this, use 'grep directory
/etc/bind/named.conf.options'.)
Chris Buxton
BlueCat Networks
olver, on encountering a stale RRSIG, would typically query one of the
zone's authoritative servers directly (in the absence of forwarding
configuration) to get a current RRSIG record. Therefore, the only problem these
expired RRSIGs might cause is a little bit of
7.3-P3 on the Auths, and 9.8.1-P1 on the resolvers.
>
> We currently do not use a root hints file – If we put a hints file in
> named.conf, then will named will use it, rather than the compiled in hints?
Yes.
Chris Buxton
BlueCat Networks_
ias. If the target of that alias changes (gets a
new address, gets a new MX record, or whatever), the alias need not change to
gain the same benefit. Deciding when to use a CNAME record in place of one or
more other records is a matter of taste, management tools, and use cases.
Chris Buxton
BlueCat
On Jan 8, 2013, at 1:24 PM, Manson, John wrote:
> Can this option be used in a ‘slave’ config to prevent out-bound transfers?
> Transfers-out 0;
> The 9.9.2 ARM is ambiguous.
Wouldn't it be simpler to just write this instead, in your options statement?
allow-transfer { none; };
he client will try three times,
assuming these three cases are all different. (I'm not counting potential
retries to the same target to attempt use of GSS-TSIG.)
I believe nsupdate behaves the same as dhcpd, but it's been a while since I
last tested this.
Chris Buxton
BlueCa
nd validate the responses.
Type forward? Really? I didn't expect that to come from someone at ISC.
Use 'type stub' instead, with a masters statement rather than a forwarders
statement.
Chris Buxton
___
Please visit https://lists.isc.org/m
. But
in that case, you (ideally) shouldn't have any zones configured on the name
servers other than (possibly) RPZs, stub zones, and (if you really must)
conditional forwarding zones.
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/m
nges.
- Are you sure you're editing the right file?
Chris Buxton
BlueCat Networks
> rndc reload sturdymemorial.org
> zone reload up-to-date
>
>
> dig @localhost sturdymemorial.org soa
>
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; -&
s available.
- Start named with the -4 argument to prevent it from trying to contact IPv6
addresses.
Chris Buxton
BlueCat Networks___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
igrating customers from
their old platform to our appliances:
#!/bin/bash
mv $2{,.orig}
named-compilezone -i none -k ignore -o $2 $1 $2.orig
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
inations network list and it is still using the external
> view.
The hostname 'localhost' can mean different things to different computers. It
probably means ::1 (IPv6 localhost) in this case. Try explicitly specifying the
IP address rather than using the hostname.
Chris Buxton
precise and complete in his explanation.
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
east until
you start rolling out DNSSEC (at which point you will probably need to use
either views or separate servers).
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
er ... { bogus yes; }; clause which stops named from
> sending queries to a particular address range.
No, I'm pretty sure the OP wants to strip records from responses if the records
are A records referring to private address space (RFC 1918).
I've no idea how you would do this.
Chri
On Mar 14, 2013, at 9:07 AM, Niall O'Reilly wrote:
>
> On 14 Mar 2013, at 15:57, Chris Buxton wrote:
>
>> No, I'm pretty sure the OP wants to strip records from responses if the
>> records are A records referring to private address space (RFC 1918).
>>
urrent environment is not working? In
your public data, I see:
www.speaker.gov.300 IN CNAME wc.house.gov.edgekey.net.
wc.house.gov.edgekey.net. 17789 IN CNAME e4776.g.akamaiedge.net.
e4776.g.akamaiedge.net. 20 IN A
em recursively anyway.
I continue to fail to see the problem that you're trying to solve.
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Therefore, I would recommend turning it off using
'recursion no;' in your options or view statement.
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users m
12640 IN CNAME a1164.g.akamai.net.
a1164.g.akamai.net. 19 IN A 165.254.47.115
a1164.g.akamai.net. 19 IN A 165.254.47.112
Everything is as it should be.
Chris Buxton
BlueCat Networks
___
Please visit http
l, and common. Note that this is not compatible with dynamic zones.
If you need to support dynamic zones (and who doesn't, these days?), you're out
of luck.
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listin
to allow dhcpd to make the changes
> (and they work correctly), however the forward zone does not.
At a guess, you're not using GSS-TSIG for reverse record updates, correct?
Is there a reason not to have DHCP update the host records as well as the
reverse?
Chris Buxton
BlueCat Networks
__
On Mar 29, 2013, at 1:46 AM, Francesco wrote:
> Hello,
> i need to log queries into bind.log for all views except only one view (i
> call it the deafult view, where it logs all attacks, flood, ecc.).
>
> But i noticed i can not insert logging clause into a view.
>
> Is the
nario would be the same (at
least as far as the answer section of the response is concerned) coming from
BIND 9.9, 9.3, 9.1, 8.2, or 4.9. (I can't speak for 4.8.)
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listinfo/b
n the Internet or can't be resolved due to an error."
Chris Buxton
BlueCat Networks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Apr 3, 2013, at 4:13 PM, Vernon Schryver wrote:
>> From: Chris Buxton
>
>> If a name exists in the response policy, and also exists in the real
>> Internet namespace, the value from the policy is returned. But if it
>> doesn't exist out on the Internet, then th
On Apr 4, 2013, at 1:42 AM, Phil Mayers wrote:
> On 04/04/2013 12:50 AM, Chris Buxton wrote:
>
>> Thanks for the explanation. It seems to me this is a gap in coverage
>> of RPZ -- the algorithm should be updated, in my opinion, to cover
>> the case of a negative
Apr-2013 00:45:37.447 general: warning: zone
>> /IN: gc._msdcs./A: bad owner name (check-names)
>
> Hmm, aren't those supposed to be SRV records?
No, they are the addresses of the global catalog servers. If they were SRV
records, check-n
raw format. Then in the event of
a disaster, change all the zone statements from slave to master. That way, you
won't be dependent on OS processes for transferring and synchronizing the data
between the two masters.
Your other choice is to use rsync to synchronize files between the tw
On Apr 24, 2013, at 2:21 PM, Manson, John wrote:
> Works great. Got the conf file down to about 12 lines (only transferring 1
> zone file for test).
> Only problem is the file is in slave format.
> Is the master going to have a problem sending the db.x.bak to slaves?
> When a slave receives the t
ught DNS and BIND
courses for Men & Mice, the live interaction was a key component of the value
of the class. You just don't get that remotely.
Chris Buxton
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
to forwarders, then yes, RTT is used. If
you're talking about recursion, then yes, RTT is used.
Chris Buxton
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
would have a 1/3 chance of hitting a NS with a higher latency?
RTT means almost always hitting the fastest server.
Chris Buxton
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing lis
lder to see if there are
new messages in it.
My mail client shows the number of unread messages next to each mail folder,
except for those that have no unread messages. I do not have to click on each
folder to cause this to happen.
Regards,
Chris Buxton
_
On May 20, 2013, at 12:51 AM, Narcis Garcia wrote:
> - Yes, I thought about not using DNS from the same internet provider,
> but wanted to know if there is a way to patch only the .local response.
>
> - This is the configuration I use in one of the LANs:
>
> view "local-nets" {
>match-c
e A record, not the MX record. And that
represents a failure of the SMTP protocol implementation.
Chris Buxton
On Jun 3, 2013, at 3:42 PM, Leonard Mills wrote:
> If your some of your clients are SMTP relays, then ANY is the default lookup
> for an MX and is perfectly normal.
>
>
On Jun 5, 2013, at 11:59 AM, Doug Barton wrote:
> On 06/05/2013 11:33 AM, Tony Finch wrote:
>> I believe the ANY hack on mail servers was a Sendmailism 20ish years ago.
>
> s/Send/q/
That makes even more sense. DJB always thinks he knows best.
___
Plea
that zone get a SERVFAIL response.
Am I understanding the evidence correctly?
Regards,
Chris Buxton
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists
On Jun 12, 2013, at 5:23 AM, Tony Finch wrote:
> Chris Buxton wrote:
>>
>> If an authoritative server is configured to send minimal responses, will
>> a stub zone get all the necessary data from that server? What I'm seeing
>> is, the recursive server sends an
match?
>
> Any comments and best practice solution info very welcome.
You might consider using anycast to route around the problem.
In practice, though, your best bet is to find out why that small group of
customers are having problems. Are they querying the servers directly?
Chris Buxton
___
On Jun 20, 2013, at 7:30 PM, Julie Xu wrote:
> Hi Steven, Jason, Ged and Bind expert
>
> Thanks for the reply. It is great help.
>
> However, I need ask more.
>
> For this include clause to be added in, I have also need to add DKIM records.
SPF and DKIM are unrelated. There is no way to refe
On Jun 22, 2013, at 12:50 PM, "Lawrence K. Chen, P.Eng." wrote:
> Or don't use nslint?
+1
Use 'named-checkconf -z' instead. Or run it without '-z', and then use
'named-checkzone' against each zone file, with suitable options to tweak the
tests to meet your needs.
Chris
__
On Jun 24, 2013, at 10:09 AM, Brian Cuttler wrote:
> On Mon, Jun 24, 2013 at 09:40:36AM -0700, Chris Buxton wrote:
>> On Jun 22, 2013, at 12:50 PM, "Lawrence K. Chen, P.Eng."
>> wrote:
>>
>>> Or don't use nslint?
>>
>> +1
>>
&
nal name servers internally (but this can require firewall
changes)
- Make your internal name servers reachable from the Internet
Regards,
Chris Buxton
BLUECAT
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Jul 2, 2013, at 7:33 PM, Arie Lendra Putra wrote:
> PS: sometimes this happens when our upstream is down, many unanswered DNS
> request sometimes trigger named not responding.
Stop forwarding. Do your own recursion.
Regards,
Chris Buxton___
Please
f configuration settings can impact
performance. Once such example is query logging to file (instead of to syslog),
which can completely gut performance.
Regards,
Chris Buxton
BLUECAT
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users t
y its master server.
Were I you, I would refuse to slave the /24 reverse zone.
Regards,
Chris Buxton
BLUECAT
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.o
On Jul 22, 2013, at 1:24 PM, Barry S. Finkel wrote:
> On 7/22/2013 11:17 AM, bind-users-requ...@lists.isc.org wrote:
This was discussed here already, and imho this is anti-spf bullshit like
>>all those "spf breaks forwarding" FUD. The SPF RR is already here and is
>>preferred over
let BIND write and rotate log files, but
then process them with logrotate afterward.
Another option is to send all log messages through syslog, which allows for:
- asynchronous (batched) file writing
- all kinds of other, more advanced features that BIND doesn't support nativel
bout what has changed since
Net::DNS was taken over by a new maintainer, meaning post-0.68. A small number
of quite disruptive changes were made in 0.69.
Regards,
Chris Buxton
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Aug 28, 2013, at 2:35 PM, Nidal Shater wrote:
> when I typed dig or named ,,, what is the location of the executable program
> dig and named is ?
Your answer can be found with this command, available on many operating systems:
which dig
or:
which named
Regards,
Chris
name servers
behave this way, but they are supposed to. BIND 9 behaves correctly.
Regards,
Chris Buxton
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Sep 23, 2013, at 7:59 AM, Vernon Schryver wrote:
> From: Eliezer Croitoru
>
>> I was looking for something like that but I am sure a dynamic DB is
>> needed for the task right?
>
> Large DNSBLs are not very dynamic, because they have relatively few
> changes per day. From another perspect
On Sep 21, 2013, at 8:35 AM, Steve Arntzen wrote:
> Good morning/day/evening.
>
> What exactly does "beneath" mean in the following line from the 9.9.4
> bug fixes?
>
> "Fix forwarding for forward only "zones" beneath automatic empty zones.
> [RT #34583]"
"Beneath" in this case refers to the
extra configuration. I don’t know the purpose of this RPZ, so I can’t
give you the exact syntax. Perhaps someone from Spamhaus can help you with that.
I don’t have enough context to answer your question about a whitelist. Perhaps
someone else can help you with that.
Regards,
Chris Buxton
On D
hat when asked for an record, the load balancer
gives an otherwise-proper-looking negative response that claims to be from the
wrong zone.
Regards,
Chris Buxton
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
On Dec 30, 2013, at 9:46 PM, Gaurav Kansal wrote:
> I am getting the error message for lot of domains.
>
> Log of error entries are attached.
All the ones I checked were caused by broken implementations.
> Is it possible to configure bind so that error message should not be
> generated in log
t;
>> All the ones I checked were caused by broken implementations.
>
> Is this a broken implementation of IPv6 or something else. As this DNS Server
> is running IPv6 only.
Broken implementations of name servers. They’re probably mostly load balancers.
Regards,
Chris Buxton
72. Or there’s a release candidate for 0.74 that apparently
fixes it, but I haven’t tested it.
Regards,
Chris Buxton
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-u
or something like that) before starting
named. It would then stay open.
I’d bet that the package from Men & Mice includes this script or an equivalent
workaround. When I wrote the original script I wrote about above, I worked at
Men & Mice.
Regards,
Chris Buxton
__
ears you’re
asking about specifically this case. This behavior is described in RFC 1034 or
1035, I believe.
As for responding to this data by following up on a referral and asking a
listed name server, the BIND name server uses the RTT (round trip time)
algorithm. Basically, it tries to guess
1 - 100 of 396 matches
Mail list logo
