NSLOOKUP not finding server

Hi, I'm hoping someone can point out where I'm going wrong as i seem to be going round in circles! I am trying to create a DNS server for my office network. I have created a smb domain (mydomain.now) which i am able to join from my windows pc's but only while the old windows DNS server is

RE: NSLOOKUP not finding server

g] On Behalf Of Dave Sent: 16 December 2008 10:14 To: bind-users@lists.isc.org Subject: NSLOOKUP not finding server Hi, I'm hoping someone can point out where I'm going wrong as i seem to be going round in circles! I am trying to create a DNS server for my office network. I hav

Re: ISC Bind stops answering queries

-users on behalf of Dave Warren *Sent:* 17 September 2018 19:01 *To:* bind-users@lists.isc.org *Subject:* Re: ISC Bind stops answering queries On Mon, Sep 17, 2018, at 06:07, Ian Collins wrote: I have been runnig various versions of ISC Bind for a number of years without any issues. My current

Secondary Zone 'Raw' File format

Hi Guys A new option was added in 9.9 to cache slave zones in 'raw' format rather than text format. Is there any specific documentation on what the format of this 'raw' format actually is? thanks Dave ___ Please visit https://l

Re: Secondary Zone 'Raw' File format

Just one follow up question Evan I understand as you say that its the wire format, but for info is it proprietary or is it related to the message standards defined in RFC 1035<http://www.zytrax.com/books/dns/apd/rfc1035.txt>. or is it something else Cheers Dave On 4 May 2012 18:47

Re: gitnamed, a project to manage name server by git

M or dd. I've given up contacting so-called validation tools and asking them to remove warnings about valid serials, they seem happier reporting non-errors, and at best they'll return a "Not standard, but I guess it's okay". It's a shame too, as these tools can

Re: Logging

providers auth servers. It is the delegation that is wrong, not the response from the DNS server. -- Dave ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.is

MNAME not a listed NS record

online DNS diagnostic tools throw warnings, but as far as I can tell from the RFCs, this is a valid configuration. Is it valid? Are there any operational gotchas to be aware of or can I ignore the "warnings"? -- Dave Warren http://www.hireahit.com/ http://ca.linkedi

Re: MNAME not a listed NS record

this point I don't do any dynamic DNS through BIND at all right now, the only dynamic zones we currently host are internal-only on Microsoft DNS and update via AD, so I think we'll be safe in this regard. Thanks! -- Dave Warren http://

Re: MNAME not a listed NS record

ing significantly longer to answer. It's also on a somewhat overloaded server, so it just makes more sense to push external traffic to more ideal services. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please vis

Re: broken ISP in china

om tweaking these numbers. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org http

Re: Registrar that supports self-run domains and provides DNSSEC support

don't understand. GoDaddy wants your money. What more do you need to understand? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscr

Re: spf ent txt records.

I updated my management interface to encourage "SPF" records, and to automatically create matching TXT records, but only because it's easier to sanity check when I know the intent is SPF. I almost wouldn't bother with SPF records these days though, except that the code

Re: spf ent txt records.

On 3/13/2013 17:11, Noel Butler wrote: On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote: I almost wouldn't bother with SPF records these days though, except that the code was already written. # grep SPF maillog |grep -c '\-all' 2438 # grep SPF maillog |grep -c '\

Re: How to minimize the downtime in my case

work" throughout the transition? Sure, depending on TTLs involved, some clients might hit the old NS and some would hit the new NS until the records aged out of caches, but as long as the other records are identical, users will hit the same web servers, the same MX, etc. -- D

Re: spf ent txt records.

venting another standard for the majority to ignore would help at this point. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: Multiple masters for slave zone

? I've been meaning to test this in the real world, but if anyone can tell me, it would save a bit of time :) -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-

Re: Multiple masters for slave zone

On 2013-03-18 23:12, Steven Carr wrote: On 18 March 2013 23:08, Dave Warren wrote: Does it actually check each master for a serial number, or does it stop at the first one queried if it has a higher-than-current serial number? It would have to otherwise how would it know who has the highest

Re: Simple question about zone and CNAME

n a split DNS environment this is less of a factor. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list

Re: Simple question about zone and CNAME

) and we can just lie to the AD servers and use them as the bare domain name. It's just just the servers though, it's any client that needs to access Active Directory resources that might potentially hit the web server when it's looking for your AD environment. -- D

Re: Simple question about zone and CNAME

state.edu","www.webmail.k-state.edu". and SSL certs to work for all those. Sounds like it is time to have some fun with recursion... You should mention that since "www.webmail.ksu.edu" exists, "www.www.webmail.ksu.edu" should work too. :D -- Dave

NS geo-distribution

is tend to return slower results on average since a potential user would have a 1/3 chance of hitting a NS with a higher latency? I realize that the difference isn't very significant in the grand scheme of things, but it's always nice to shave a few ms off of initial page load times.

Re: NS geo-distribution

On 2013-04-29 21:35, Gary L. Burnore wrote: I would contend that fast inititial page load times is achieved through blazing web servers and a wide data path. It sure doesn't hurt, but introducing ~200ms of DNS lookups sure won't make things any faster. -- Dave Warren http://www.hi

Re: NS geo-distribution

to evaluate the results. I realize I've probably spent more time thinking about it than I'll possibly save anyone else anyway, so perhaps that's my answer. I appreciate all the input. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___

Re: architecture question

ell, but it would just as well with NS delegations. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list

Re: architecture question

, at least until they run into enough problems to frustrate them into something more compatible with current practice. I made the same mistake many moons ago and I'm still stuck with it. I wish I'd known better. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/d

Re: architecture question

On 2013-05-09 11:27, Jeremy P wrote: I certainly didn't intend to spark off such a firestorm with my original question. I have learned a lot from the debate though. On the question of what to use with students, it is a fine thing to say "we should only do things the way they are done in real

Re: architecture question

using a real domain. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://l

Re: architecture question

On 2013-05-10 16:39, b...@bitrate.net wrote: On May 10, 2013, at 01.18, Dave Warren wrote: On 2013-05-08 11:13, btb wrote: it's also mildly humorous that they used to quite religiously endorse .local, in some documents even categorizing use of the same domain name on an interna

Re: does zone trump forward?

ot; includes things like routing and DNS. You're not taking over their territory just yet, just adding yours to theirs. Politics aside, it solves the technical issues without butchering DNS or adding excessive unreliability. But then I just hate forwards. Burned 1000x times, lesson l

Re: does zone trump forward?

e office where the pipe is neither fat nor reliable. See #1 and #2 above. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

Re: any requests

t shared caches on powerful, well connected boxes. Either way, when you're playing with a single test domain, experimentally, they'll absolutely expire just the way anybody else does. -- Dave Warren http://www.hireahit.com/ http://ca

Re: What happens when one out of three NSs are down?

On 6/11/2013 7:12 PM, Gary Wallis wrote: What really happens in the real world when 1 out of three authoritative NSs are down for 30 minutes due to a datacenter outage? For example, we have 3 NSs: ns1.someisp.net 12.23.34.45 ns2.someisp.net 23.34.45.56 ns3.someisp.net 34.45.56.67 All in dif

RRL and avoiding contributing to DDoS (Was: How to suppress ADDITIONAL SECTION per zone)

pike unless it's disruptive to performance) -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing

Re: Bind99 and a slave named server

ttle difference. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https:

Re: Bind99 and a slave named server

On 2013-08-18 16:36, LuKreme wrote: On 18 Aug 2013, at 14:06 , Dave Warren wrote: Change the zones from master to slave in your named.conf? There really isn't much more to it than that, assuming you have a new authoritative master is already configured and serving the zones. Oh, ther

Re: Refreshing cache in other DNS Servers

On 2013-10-16 09:47, Manson, John wrote: I would add that Windows PC OSs by default have the dns client cache set to 'enable'. Yes. And like Windows Server's DNS cache, these honour TTLs too, so as long as TTLs are set properly, it's not an issue. -- Dave Warren htt

Re: Is SpamHaus Feed for RPZ is free or subscription based?

On 2013-11-06 01:04, Steven Carr wrote: This is all explained clearly on their website... http://www.spamhaus.org/organization/dnsblusage/ Perhaps you can point out where on that page RPZ is mentioned? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren

Re: Is SpamHaus Feed for RPZ is free or subscription based?

On 2013-11-06 06:08, Steven Carr wrote: On 6 November 2013 11:19, Dave Warren wrote: Perhaps you can point out where on that page RPZ is mentioned? The Spamhaus news article announcing the "beta" RPZ service (http://www.spamhaus.org/news/article/669/) indicates that the Spamhaus DB

Re: Forward zone giving SERVFAIL

so my memory recalls, there were so many minor disasters during testing on that roll-out that I might have some details off in my brain, but if this doesn't help, I'll ask around and see. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com

Re: Query regardign CNAME

. But this doesn't helps. I want to ask is it possible to have a CNAME configuration by which I can divert all queries for my xyz.gov.in domain to xyz.in domain. That sounds roughly like a possible use for a DNAME record, I believe. -- Dave Warren http://www.hireahit.com/

Re: Sites that points their A Record to localhost

-routable IP addresses outside of expected/predictable locations. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users

Re: Sites that points their A Record to localhost

's an imperfect world. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc

Re: "Recursive no;" implications?

closer anycast farms/points, it can potentially assume that that query is part of an attack and rate limit much more drastically than is normally done. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren The cigarette does the smoking, you

Re: Variable SOAs in negative responses

NSBL operator knows that certain IPs are not candidates for listing (or at least not candidates for automated listing), why not let DNS caches keep that information for as long as possible? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren Usenet is like a herd of perf

Re: Variable SOAs in negative responses

On 2014-01-28 14:20, Mark Andrews wrote: In message <52e8258e.3060...@hireahit.com>, Dave Warren writes: On 2014-01-28 11:28, Matus UHLAR - fantomas wrote: On 27.01.14 18:23, John Levine wrote: A friend (really) asks this question: they have some DNSBLs, which get a lot of queries. Som

Re: Monitoring Zonefiletransfer

re in those recently added/modified records, so if you just plan for 15 minute update times for non-MS secondaries to sync up and ignore the periodic "serial is lower than expected" warnings, multi-mastering works fine in practice. -- Dave Warren http://www.hireahit.com/ http://ca.

Re: whois expiration limit?

term shall not exceed ten years." In reality, they'll probably issue the renewal automagically once you're under the 9-year mark and the domain is renewal-eligible. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren __

Re: whois expiration limit?

cts are based on one party or the other doing something and the other promising to do something later. Luckily registrars don't have much of an incentive to jerk people around, saving themselves $9 isn't worth the lawsuit and potential loss of accreditation. -- Dave Warren

Re: Internal clients' queries for "myhostname." get sent to forwarders. Why?

me, just leave the forwarders list blank and Microsoft DNS does full recursion. The old DNS setup wizards encouraged forwarders since they made a lot more sense in the high-latency, well maintained DNS server worlds of yester-year, but today, you'll probably do a better job of doing your own r

Re: Bind 9.9.1 forward zone "local"

ation that wouldn't work with this configuration. Switching BIND to use hints instead of acting as a root seems to work around this (broken) local configuration. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___

Re: How to setup a backup NameServer?

u host, or things like Google? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc

Re: How to setup a backup NameServer?

of different methods. Anycasting within your network might be a good choice in a large environment. If your connectivity is so badly interrupted that you can't pull off DNS queries against authoritative servers, there's little value to keeping DNS up since everything else is b

Re: Multi-master (HA)

ion, I wouldn't expect zones drifting out of sync or having minor differences to be a big factor since it happens in the wild already. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.

Re: Point domain name of my zone to name in somebody else's zone?

l accounts to the CNAME site as you can't have a CNAME and SOA/NS records at the same level. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubsc

Re: Point domain name of my zone to name in somebody else's zone?

On 2014-05-08 07:45, Barry Margolin wrote: In article , Tony Finch wrote: Dave Warren wrote: DNSMadeEasy calls this an "ANAME" record, internally they just lookup the destination's IP and cache it, updating it as needed. It works, but it would be nice if this could be don

Re: Point domain name of my zone to name in somebody else's zone?

On 2014-05-08 15:09, Mark Andrews wrote: In message <536bcced.8060...@hireahit.com>, Dave Warren writes: On 2014-05-08 07:45, Barry Margolin wrote: In article , Tony Finch wrote: Dave Warren wrote: DNSMadeEasy calls this an "ANAME" record, internally they just lookup t

Re: Multi-master (HA)

mes, etc. >> (especially since I'm using unix timestamp for zone serialavoids >> issues of multiple admins incrementing serial without >> noticing others and/or collisions with DNSSEC's >> incrementing of serials.) Dave Warren replied: I wouldn't expect any

Re: Point domain name of my zone to name in somebody else's zone?

ase your three wishes to an evil genie. "CNAME the apex? As you wish, master... mwahahaha!" -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to un

Re: Diagnostic help part 2

On 10/1/2014 3:45 PM, Tony Finch wrote: (Sorry for straying off topic. I have less experience of Cisco PIX/ASA breaking DNS than of them breaking SMTP.) I can't resist either.. I specifically remember a PIX that bit me by "helpfully" changing the payload of an axfr so that the A records that tr

Re: Digging to the final IP

ig.ht in a dave.knig.ht in | egrep 'IN\t(A|)\t' | cut -f6 216.235.14.46 2001:4900:1:393::2 dave signature.asc Description: Message signed with OpenPGP using GPGMail ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs

Re: Digging to the final IP

On Oct 22, 2014, at 5:56, Niall O'Reilly wrote: > At Tue, 21 Oct 2014 22:31:28 -0500, > Frank Bulk wrote: >> >> Dave, >> >> Thanks for the input, but what I was looking for was a dig command that >> returns the IP(s) or a fail. It looks like the host

Re: DMARC Record issue

ot;v=DMARC1\; p=reject\; rua=root@dns-test-1.\; aspf=s\; rf=afrf\; sp=reject" http://www.dmarc.org/faq.html#s_12 has some information on what is happening here. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren __

Re: do not stupidly delete ZSK files

ASHA256 in any reasonable level of time, it would be equally feasible to invest in 2x-8x the hardware and start breaking roots in under 3 months. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please v

Access external hosts with internal split DNS resolver

ail, where www.mydomain.com is my public webserver defined in my domain registrar's zone file - lookups to www.mydomain.co.nz work only if the host is configured to use the public DNS server Any advice please and pointers on how to best approach this would be appreciated :) -- Dave Koelmey

Re: Access external hosts with internal split DNS resolver

On 09/08/15 16:44, Dave Koelmeyer wrote: > - lookups to www.mydomain.co.nz fail, where www.mydomain.com is my > public webserver defined in my domain registrar's zone file Correction: this should obviously read "lookups to www.mydomain.co.nz fail, where www.mydomain.co.nz is my

Re: Access external hosts with internal split DNS resolver

anks very much for your responses, much appreciated. Sounds like creating a home subdomain is the way to go (I've seen this mentioned online), so I'll go down that path. Cheers, Dave -- Dave Koelmeyer http://blog.davekoelmeyer.co.nz GPG Key ID: 0x238BFF87 _

Re: Version Number

riation on "4.9.4-P1", with a possible reference to Win98SE for some roles (depending on which system manages their configuration), just in case anyone looks. Nobody seems to care. -- Dave Warren http://www.hireahit.com/ http://ca.linkedi

Re: Help DNS

using, but that's good enough for our typical customer, and we can offer dynamic zones to customers that need it. I don't think we have any of those left anymore. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren __

Re: DNS Negative Caching

nd so falling back on the SOA's "minimum" field would seem to be a more sane choice than making one up or refusing the zone, if only as a nod to the legacy use of this field. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren __

Re: How are DNS Records added dynamically in DNS Servers?

re at least three different serial numbers being returned by those various servers, with different TTLs on the NS records depending on which server you query. I wonder if they're in the process of updating and the records only partially updated? Odd that it was served at all though. -- D

Re: Adding DNS ALG support to Bind?

esired, one would probably not enable this functionality. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailin

Re: root hints operation

would only impact resolvers that had outdated root hints, and also happened to try that particular IP first, but it's at least a theoretical risk. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please v

Re: root hints operation

On 2015-11-17 14:13, Mark Andrews wrote: In message <564ba3e3.9060...@hireahit.com>, Dave Warren writes: On 2015-11-16 18:09, Grant Taylor wrote: It's my understanding that ALL of the root servers would have to change all of their addresses at the same time for DNS to be impacted.

Re: Overriding a single record with dynamic-dns

.myzone.com. in a separate zone entirely, allowing you to use views for that that one zone? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: frequent queries to root servers

NAME chain only violates a "should", and later in that RFC it says that software "should not" fail to handle chains, so even if you take a "should" as gospel, the "should not" should be equally gospel, making CNAME chains supported (although not advise

Re: Tuning for lots of SERVFAIL responses

in having your resolvers be as ignorant about internal infrastructure as possible. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this l

Re: Tuning for lots of SERVFAIL responses

fresh value took care of it. It's not perfect, it could be better, but it worked with a minimum of hassle. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bin

Re: Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive

Y, or a way to keep that list up to date. It was just faster to code up a sloppy /etc/hosts script to update a handful of critical records. Lame reasons, but it works well enough and hasn't blown up in my face yet. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwa

Re: Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive

On 2016-03-19 19:03, Barry Margolin wrote: In article , Dave Warren wrote: My current logic is that I do a SOA query and check the serial number, if it has changed, I query every needed hostname into a temp file, and if every single query was successful, check the SOA again, and if it still

Re: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

his? For average resolvers, what is the longest TTL that has any utility? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this lis

Re: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

elf" that there are missing records that need to be replaced, what would be the point of keeping any records with a longer TTL? A resolver would still be sending the same queries to refresh the entry with the shortest TTL anyway, so it wouldn't reduce the query volume. -- Dave Warre

Re: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

On 2016-03-24 15:20, Tony Finch wrote: Dave Warren wrote: On 2016-03-24 09:46, Ray Bellis wrote: On 24/03/2016 16:41, Tony Finch wrote: When I changed our TTLs from 24h to 1h last year, it didn't have a visible effect on authoritative server query load, much to my surprise. I'

Re: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

On 2016-03-24 18:28, Barry Margolin wrote: In article , Dave Warren wrote: On 2016-03-24 15:20, Tony Finch wrote: Dave Warren wrote: On 2016-03-24 09:46, Ray Bellis wrote: On 24/03/2016 16:41, Tony Finch wrote: When I changed our TTLs from 24h to 1h last year, it didn't have a vi

Re: Configuring different TTLs in multiple RRs for the same domain name, TYPE, and CLASS

On 2016-03-25 07:21, Barry Margolin wrote: In article , Dave Warren wrote: I'm more interested in the impact from the perspective of an authoritative server operator and in some respects sites that use short TTLs will increase the odds of my longer-TTL's records staying in the ca

Re: g.root-servers.net not reachable anymore

ot servers. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lis

Re: Guidelines for role separations forwarding vs authoritative

ively simple, other than the master, but renumbering the master without any other changes is also moderately trivial as updating the slaves can (and is) scripted. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visi

Re: Additional Section - TXT Format?

wer, should not be cached in such a way that they would ever be returned as answers to a received query. It'll also, irrespective of caching, break DNSSEC. Whatever you're trying to do, this is not the right way to do it; you cannot arbitrarily add data to zones that are not under

Re: getting not authoritative with some notifies - Solved

the zone eventually expires? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users

Re: getting not authoritative with some notifies - Solved

zones soon after they move, whether they notify you or not. Or, separate your resolver and authoritative roles, in which case this won't be an issue. One should still monitor for zones for customers who have departed, obviously, but it's not likely to cause any operational issues.

Re: Need of caching on bind server

> I am trying to understand why caching is required on the bind server, > when the client receiving the responses would be caching based on TTL > values. > > So, > Is caching required on the server, if the client is not able to > cache such responses? Isn't it a overhead on both the client and se

Re: Forwarding via different external networks

On Sat, Aug 27, 2016, at 11:32, Paul Kosinski wrote: > So my question is, is it possible to configure my forwarding BIND to > have a primary and *secondary* path for sending out DNS queries? As far > as I can tell, the "query-source address" option in named.conf only > allows one outbound interface

Re: Forwarding via different external networks

On Sun, Aug 28, 2016, at 19:22, Paul Kosinski wrote: > "... whatever else you use to failover from the primary to the > secondary would automatically ensure BIND resolves too." > > That's the root of the problem: there is no automatic failover, and > providing one is a lot of work. I was hoping th

Re: SPF and domain keys

The easiest answer is: Whatever you want. Strictly speaking, alphazulu.com can send mail on behalf of foxtrot.com using a alphazulu.com DKIM selector, and that's perfectly valid under DKIM. However, it won't have DMARC alignment, which is becoming more and more important, so if alignment is relevan

Re: Request reverse dns mapping advice

On Mon, Sep 5, 2016, at 09:46, John Levine wrote: > >1. pick a primary domain from the list of virtual hosts (example2.com) > >2. use the "real" host name of the server (juvat.example1.com) > >3. the mail server name (mail.example1.com) > >4. the dns server name (ns2.example1.com) > >5. anothe

Re: Request reverse dns mapping advice

On 2016-09-06 08:01, Bob Harold wrote: I agree with one PTR per IP. But since you have 5 IP's, you can have one PTR record on each, just be sure there is a matching forward "A" record. Your list of 5 names looks good, but only if each service uses the corresponding IP for its outgoing connectio

Re: srv lookup in record

On 2020-08-21 16:26, Marc Roos wrote: Is it possible to use srv lookups, like eg cname. I do not want to create SRV record, I just want to 'get' the ip addresses, that I would get vai srv lookup. I don't think so, nor does it seem to make sense to me that you would want such a thing (in the ge

Re: getting answers from DNS queries

On 2022-05-03 06:31, Gaurav Kansal wrote: Yup. But if the DNS infra is under my control, then definitely the keys (which i have used for encryption) will also be with me. Am i missing something here ? 🧐 I'll see your privacy keys and raise you Perfect Forward Secrecy. Although I'm not really

Re: Supporting LOC RR's

On 2022-05-02 18:01, Timothe Litt wrote: Still, overall DNS seems to generate more problems than fun, so if LOC provides amusement, it's a good thing. I know one of my users found them quite amusing. I can't recall what location they picked or why, but it had some sort of personal significanc

Re: Random nx name queries, anyone see this before?

monly queried by multiple sources within an about 30-60 second window. Other than that window, the queries aren't repeated in at least 48 hours. -- Dave ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

  1   2   >