Hi,
I'm hoping someone can point out where I'm going wrong as i seem to be going
round in circles!
I am trying to create a DNS server for my office network. I have created a
smb domain (mydomain.now) which i am able to join from my windows pc's but
only while the old windows DNS server is
g] On Behalf Of Dave
Sent: 16 December 2008 10:14
To: bind-users@lists.isc.org
Subject: NSLOOKUP not finding server
Hi,
I'm hoping someone can point out where I'm going wrong as i seem to be going
round in circles!
I am trying to create a DNS server for my office network. I hav
-users on behalf of
Dave Warren
*Sent:* 17 September 2018 19:01
*To:* bind-users@lists.isc.org
*Subject:* Re: ISC Bind stops answering queries
On Mon, Sep 17, 2018, at 06:07, Ian Collins wrote:
I have been runnig various versions of ISC Bind for a number of years
without any issues.
My current
Hi Guys
A new option was added in 9.9 to cache slave zones in 'raw' format rather
than text format.
Is there any specific documentation on what the format of this 'raw' format
actually is?
thanks
Dave
___
Please visit https://l
Just one follow up question Evan
I understand as you say that its the wire format, but for info is it
proprietary or is it related to the message standards defined in RFC
1035<http://www.zytrax.com/books/dns/apd/rfc1035.txt>.
or is it something else
Cheers
Dave
On 4 May 2012 18:47
M or dd.
I've given up contacting so-called validation tools and asking them to
remove warnings about valid serials, they seem happier reporting
non-errors, and at best they'll return a "Not standard, but I guess it's
okay". It's a shame too, as these tools can
providers auth servers.
It is the delegation that is wrong, not the response from the DNS server.
--
Dave
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.is
online DNS diagnostic tools throw warnings, but as far as I can
tell from the RFCs, this is a valid configuration. Is it valid? Are
there any operational gotchas to be aware of or can I ignore the "warnings"?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedi
this point I don't do any dynamic DNS through BIND at all right now,
the only dynamic zones we currently host are internal-only on Microsoft
DNS and update via AD, so I think we'll be safe in this regard.
Thanks!
--
Dave Warren
http://
ing significantly longer to answer. It's also on a
somewhat overloaded server, so it just makes more sense to push external
traffic to more ideal services.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please vis
om tweaking these numbers.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
http
don't understand.
GoDaddy wants your money. What more do you need to understand?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscr
I updated my management interface to encourage "SPF"
records, and to automatically create matching TXT records, but only
because it's easier to sanity check when I know the intent is SPF.
I almost wouldn't bother with SPF records these days though, except that
the code
On 3/13/2013 17:11, Noel Butler wrote:
On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote:
I almost wouldn't bother with SPF records these days though, except that
the code was already written.
# grep SPF maillog |grep -c '\-all'
2438
# grep SPF maillog |grep -c '\
work" throughout the transition?
Sure, depending on TTLs involved, some clients might hit the old NS and
some would hit the new NS until the records aged out of caches, but as
long as the other records are identical, users will hit the same web
servers, the same MX, etc.
--
D
venting another standard for
the majority to ignore would help at this point.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
?
I've been meaning to test this in the real world, but if anyone can tell
me, it would save a bit of time :)
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-
On 2013-03-18 23:12, Steven Carr wrote:
On 18 March 2013 23:08, Dave Warren wrote:
Does it actually check each master for a serial number, or does it stop at
the first one queried if it has a higher-than-current serial number?
It would have to otherwise how would it know who has the highest
n a split DNS environment this is less of a factor.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
) and we can just lie to
the AD servers and use them as the bare domain name.
It's just just the servers though, it's any client that needs to access
Active Directory resources that might potentially hit the web server
when it's looking for your AD environment.
--
D
state.edu","www.webmail.k-state.edu". and SSL certs to work for all those.
Sounds like it is time to have some fun with recursion...
You should mention that since "www.webmail.ksu.edu" exists,
"www.www.webmail.ksu.edu" should work too. :D
--
Dave
is tend to return slower results on average since a
potential user would have a 1/3 chance of hitting a NS with a higher
latency?
I realize that the difference isn't very significant in the grand scheme
of things, but it's always nice to shave a few ms off of initial page
load times.
On 2013-04-29 21:35, Gary L. Burnore wrote:
I would contend that fast inititial page load times is achieved through
blazing web servers and a wide data path.
It sure doesn't hurt, but introducing ~200ms of DNS lookups sure won't
make things any faster.
--
Dave Warren
http://www.hi
to
evaluate the results.
I realize I've probably spent more time thinking about it than I'll
possibly save anyone else anyway, so perhaps that's my answer.
I appreciate all the input.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
ell, but it would just as well with NS
delegations.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
, at least until they run
into enough problems to frustrate them into something more compatible
with current practice.
I made the same mistake many moons ago and I'm still stuck with it. I
wish I'd known better.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/d
On 2013-05-09 11:27, Jeremy P wrote:
I certainly didn't intend to spark off such a firestorm with my
original question. I have learned a lot from the debate though.
On the question of what to use with students, it is a fine thing to
say "we should only do things the way they are done in real
using a real domain.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://l
On 2013-05-10 16:39, b...@bitrate.net wrote:
On May 10, 2013, at 01.18, Dave Warren wrote:
On 2013-05-08 11:13, btb wrote:
it's also mildly humorous that they used to quite religiously endorse .local, in some
documents even categorizing use of the same domain name on an interna
ot; includes
things like routing and DNS. You're not taking over their territory just
yet, just adding yours to theirs.
Politics aside, it solves the technical issues without butchering DNS or
adding excessive unreliability.
But then I just hate forwards. Burned 1000x times, lesson l
e office where the
pipe is neither fat nor reliable. See #1 and #2 above.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
t shared caches on powerful, well connected
boxes.
Either way, when you're playing with a single test domain,
experimentally, they'll absolutely expire just the way anybody else does.
--
Dave Warren
http://www.hireahit.com/
http://ca
On 6/11/2013 7:12 PM, Gary Wallis wrote:
What really happens in the real world when 1 out of three
authoritative NSs are down for 30 minutes due to a datacenter outage?
For example, we have 3 NSs:
ns1.someisp.net 12.23.34.45
ns2.someisp.net 23.34.45.56
ns3.someisp.net 34.45.56.67
All in dif
pike unless it's disruptive to
performance)
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
ttle difference.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https:
On 2013-08-18 16:36, LuKreme wrote:
On 18 Aug 2013, at 14:06 , Dave Warren wrote:
Change the zones from master to slave in your named.conf? There really isn't
much more to it than that, assuming you have a new authoritative master is
already configured and serving the zones.
Oh, ther
On 2013-10-16 09:47, Manson, John wrote:
I would add that Windows PC OSs by default have the dns client cache set to
'enable'.
Yes. And like Windows Server's DNS cache, these honour TTLs too, so as
long as TTLs are set properly, it's not an issue.
--
Dave Warren
htt
On 2013-11-06 01:04, Steven Carr wrote:
This is all explained clearly on their website...
http://www.spamhaus.org/organization/dnsblusage/
Perhaps you can point out where on that page RPZ is mentioned?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
On 2013-11-06 06:08, Steven Carr wrote:
On 6 November 2013 11:19, Dave Warren wrote:
Perhaps you can point out where on that page RPZ is mentioned?
The Spamhaus news article announcing the "beta" RPZ service
(http://www.spamhaus.org/news/article/669/) indicates that the
Spamhaus DB
so my memory recalls, there were so many minor disasters during
testing on that roll-out that I might have some details off in my brain,
but if this doesn't help, I'll ask around and see.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com
.
But this doesn't helps.
I want to ask is it possible to have a CNAME configuration by which I
can divert all queries for my xyz.gov.in domain to xyz.in domain.
That sounds roughly like a possible use for a DNAME record, I believe.
--
Dave Warren
http://www.hireahit.com/
-routable IP addresses outside of expected/predictable locations.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
's an imperfect world.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc
closer anycast farms/points, it
can potentially assume that that query is part of an attack and rate
limit much more drastically than is normally done.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
The cigarette does the smoking, you
NSBL operator knows that certain IPs are not candidates for
listing (or at least not candidates for automated listing), why not let
DNS caches keep that information for as long as possible?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
Usenet is like a herd of perf
On 2014-01-28 14:20, Mark Andrews wrote:
In message <52e8258e.3060...@hireahit.com>, Dave Warren writes:
On 2014-01-28 11:28, Matus UHLAR - fantomas wrote:
On 27.01.14 18:23, John Levine wrote:
A friend (really) asks this question: they have some DNSBLs, which get
a lot of queries. Som
re in those recently added/modified records,
so if you just plan for 15 minute update times for non-MS secondaries to
sync up and ignore the periodic "serial is lower than expected"
warnings, multi-mastering works fine in practice.
--
Dave Warren
http://www.hireahit.com/
http://ca.
term shall not exceed ten years."
In reality, they'll probably issue the renewal automagically once you're
under the 9-year mark and the domain is renewal-eligible.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
__
cts are based on one party
or the other doing something and the other promising to do something later.
Luckily registrars don't have much of an incentive to jerk people
around, saving themselves $9 isn't worth the lawsuit and potential loss
of accreditation.
--
Dave Warren
me, just leave the
forwarders list blank and Microsoft DNS does full recursion. The old DNS
setup wizards encouraged forwarders since they made a lot more sense in
the high-latency, well maintained DNS server worlds of yester-year, but
today, you'll probably do a better job of doing your own r
ation that
wouldn't work with this configuration.
Switching BIND to use hints instead of acting as a root seems to work
around this (broken) local configuration.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
u host, or things like Google?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc
of different methods. Anycasting within your network
might be a good choice in a large environment. If your connectivity is
so badly interrupted that you can't pull off DNS queries against
authoritative servers, there's little value to keeping DNS up since
everything else is b
ion, I wouldn't expect zones drifting out of sync or
having minor differences to be a big factor since it happens in the wild
already.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.
l accounts to the CNAME site as you can't have a CNAME and SOA/NS
records at the same level.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubsc
On 2014-05-08 07:45, Barry Margolin wrote:
In article ,
Tony Finch wrote:
Dave Warren wrote:
DNSMadeEasy calls this an "ANAME" record, internally they just lookup the
destination's IP and cache it, updating it as needed.
It works, but it would be nice if this could be don
On 2014-05-08 15:09, Mark Andrews wrote:
In message <536bcced.8060...@hireahit.com>, Dave Warren writes:
On 2014-05-08 07:45, Barry Margolin wrote:
In article ,
Tony Finch wrote:
Dave Warren wrote:
DNSMadeEasy calls this an "ANAME" record, internally they just lookup t
mes, etc.
>> (especially since I'm using unix timestamp for zone serialavoids
>> issues of multiple admins incrementing serial without
>> noticing others and/or collisions with DNSSEC's
>> incrementing of serials.)
Dave Warren replied:
I wouldn't expect any
ase your three wishes to an evil
genie. "CNAME the apex? As you wish, master... mwahahaha!"
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to un
On 10/1/2014 3:45 PM, Tony Finch wrote:
(Sorry for straying off topic. I have less experience of Cisco PIX/ASA
breaking DNS than of them breaking SMTP.)
I can't resist either..
I specifically remember a PIX that bit me by "helpfully" changing the
payload of an axfr so that the A records that tr
ig.ht in a dave.knig.ht in | egrep
'IN\t(A|)\t' | cut -f6
216.235.14.46
2001:4900:1:393::2
dave
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs
On Oct 22, 2014, at 5:56, Niall O'Reilly wrote:
> At Tue, 21 Oct 2014 22:31:28 -0500,
> Frank Bulk wrote:
>>
>> Dave,
>>
>> Thanks for the input, but what I was looking for was a dig command that
>> returns the IP(s) or a fail. It looks like the host
ot;v=DMARC1\; p=reject\;
rua=root@dns-test-1.\; aspf=s\; rf=afrf\; sp=reject"
http://www.dmarc.org/faq.html#s_12 has some information on what is
happening here.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
__
ASHA256 in any reasonable level of time, it would be equally
feasible to invest in 2x-8x the hardware and start breaking roots in
under 3 months.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please v
ail, where www.mydomain.com is my
public webserver defined in my domain registrar's zone file
- lookups to www.mydomain.co.nz work only if the host is configured to
use the public DNS server
Any advice please and pointers on how to best approach this would be
appreciated :)
--
Dave Koelmey
On 09/08/15 16:44, Dave Koelmeyer wrote:
> - lookups to www.mydomain.co.nz fail, where www.mydomain.com is my
> public webserver defined in my domain registrar's zone file
Correction: this should obviously read "lookups to www.mydomain.co.nz
fail, where www.mydomain.co.nz is my
anks very much for your responses, much appreciated. Sounds like
creating a home subdomain is the way to go (I've seen this mentioned
online), so I'll go down that path.
Cheers,
Dave
--
Dave Koelmeyer
http://blog.davekoelmeyer.co.nz
GPG Key ID: 0x238BFF87
_
riation on "4.9.4-P1", with a
possible reference to Win98SE for some roles (depending on which system
manages their configuration), just in case anyone looks. Nobody seems to
care.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedi
using, but that's good enough for our typical
customer, and we can offer dynamic zones to customers that need it. I
don't think we have any of those left anymore.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
__
nd so falling back
on the SOA's "minimum" field would seem to be a more sane choice than
making one up or refusing the zone, if only as a nod to the legacy use
of this field.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
__
re at
least three different serial numbers being returned by those various
servers, with different TTLs on the NS records depending on which server
you query.
I wonder if they're in the process of updating and the records only
partially updated? Odd that it was served at all though.
--
D
esired, one would probably not enable this functionality.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailin
would only impact resolvers that
had outdated root hints, and also happened to try that particular IP
first, but it's at least a theoretical risk.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please v
On 2015-11-17 14:13, Mark Andrews wrote:
In message <564ba3e3.9060...@hireahit.com>, Dave Warren writes:
On 2015-11-16 18:09, Grant Taylor wrote:
It's my understanding that ALL of the root servers would have to
change all of their addresses at the same time for DNS to be impacted.
.myzone.com. in a separate zone entirely, allowing you to use
views for that that one zone?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
NAME chain only violates a
"should", and later in that RFC it says that software "should not" fail
to handle chains, so even if you take a "should" as gospel, the "should
not" should be equally gospel, making CNAME chains supported (although
not advise
in having your resolvers be as ignorant about internal
infrastructure as possible.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this l
fresh
value took care of it.
It's not perfect, it could be better, but it worked with a minimum of
hassle.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bin
Y, or a
way to keep that list up to date. It was just faster to code up a sloppy
/etc/hosts script to update a handful of critical records. Lame reasons,
but it works well enough and hasn't blown up in my face yet.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwa
On 2016-03-19 19:03, Barry Margolin wrote:
In article ,
Dave Warren wrote:
My current logic is that I do a SOA query and check the serial number,
if it has changed, I query every needed hostname into a temp file, and
if every single query was successful, check the SOA again, and if it
still
his? For average resolvers, what
is the longest TTL that has any utility?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this lis
elf" that there are
missing records that need to be replaced, what would be the point of
keeping any records with a longer TTL? A resolver would still be sending
the same queries to refresh the entry with the shortest TTL anyway, so
it wouldn't reduce the query volume.
--
Dave Warre
On 2016-03-24 15:20, Tony Finch wrote:
Dave Warren wrote:
On 2016-03-24 09:46, Ray Bellis wrote:
On 24/03/2016 16:41, Tony Finch wrote:
When I changed our TTLs from 24h to 1h last year, it didn't have a visible
effect on authoritative server query load, much to my surprise.
I'
On 2016-03-24 18:28, Barry Margolin wrote:
In article ,
Dave Warren wrote:
On 2016-03-24 15:20, Tony Finch wrote:
Dave Warren wrote:
On 2016-03-24 09:46, Ray Bellis wrote:
On 24/03/2016 16:41, Tony Finch wrote:
When I changed our TTLs from 24h to 1h last year, it didn't have a
vi
On 2016-03-25 07:21, Barry Margolin wrote:
In article ,
Dave Warren wrote:
I'm more interested in the impact from the perspective of an
authoritative server operator and in some respects sites that use short
TTLs will increase the odds of my longer-TTL's records staying in the
ca
ot servers.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lis
ively simple, other than the master, but renumbering the master
without any other changes is also moderately trivial as updating the
slaves can (and is) scripted.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visi
wer, should
not be cached in such a way that they would ever be returned as
answers to a received query.
It'll also, irrespective of caching, break DNSSEC.
Whatever you're trying to do, this is not the right way to do it; you
cannot arbitrarily add data to zones that are not under
the zone eventually expires?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
zones
soon after they move, whether they notify you or not.
Or, separate your resolver and authoritative roles, in which case this
won't be an issue. One should still monitor for zones for customers who
have departed, obviously, but it's not likely to cause any operational
issues.
> I am trying to understand why caching is required on the bind server,
> when the client receiving the responses would be caching based on TTL
> values.
>
> So,
> Is caching required on the server, if the client is not able to
> cache such responses? Isn't it a overhead on both the client and se
On Sat, Aug 27, 2016, at 11:32, Paul Kosinski wrote:
> So my question is, is it possible to configure my forwarding BIND to
> have a primary and *secondary* path for sending out DNS queries? As far
> as I can tell, the "query-source address" option in named.conf only
> allows one outbound interface
On Sun, Aug 28, 2016, at 19:22, Paul Kosinski wrote:
> "... whatever else you use to failover from the primary to the
> secondary would automatically ensure BIND resolves too."
>
> That's the root of the problem: there is no automatic failover, and
> providing one is a lot of work. I was hoping th
The easiest answer is: Whatever you want. Strictly speaking,
alphazulu.com can send mail on behalf of foxtrot.com using a
alphazulu.com DKIM selector, and that's perfectly valid under DKIM.
However, it won't have DMARC alignment, which is becoming more and more
important, so if alignment is relevan
On Mon, Sep 5, 2016, at 09:46, John Levine wrote:
> >1. pick a primary domain from the list of virtual hosts (example2.com)
> >2. use the "real" host name of the server (juvat.example1.com)
> >3. the mail server name (mail.example1.com)
> >4. the dns server name (ns2.example1.com)
> >5. anothe
On 2016-09-06 08:01, Bob Harold wrote:
I agree with one PTR per IP. But since you have 5 IP's, you can have
one PTR record on each, just be sure there is a matching forward "A"
record. Your list of 5 names looks good, but only if each service uses
the corresponding IP for its outgoing connectio
On 2020-08-21 16:26, Marc Roos wrote:
Is it possible to use srv lookups, like eg cname. I do not want to
create SRV record, I just want to 'get' the ip addresses, that I would
get vai srv lookup.
I don't think so, nor does it seem to make sense to me that you would
want such a thing (in the ge
On 2022-05-03 06:31, Gaurav Kansal wrote:
Yup. But if the DNS infra is under my control, then definitely the keys (which
i have used for encryption) will also be with me. Am i missing something here ?
🧐
I'll see your privacy keys and raise you Perfect Forward Secrecy.
Although I'm not really
On 2022-05-02 18:01, Timothe Litt wrote:
Still, overall DNS seems to generate more problems than fun, so if LOC
provides amusement, it's a good thing.
I know one of my users found them quite amusing. I can't recall what
location they picked or why, but it had some sort of personal
significanc
monly queried by multiple sources within an about 30-60 second window.
Other than that window, the queries aren't repeated in at least 48 hours.
--
Dave
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
1 - 100 of 174 matches
Mail list logo