I know this is a very lame question, But I have been out of the Bind loop
for a number of years ( yes I went over to the dark side ...MS DNS) but I
want to come back. My question is this I have win2K servers what version of
bind will run on this?
Thanks
Greg
This message has been checked by
Please raise a beverage of choice and celebrate the 25th birthday of BIND9:
commit 7ee52cc7d195433bb8f55972e2a8ab29668f7bce
Date: Mon Aug 17 22:05:58 1998 +
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software wi
for a couple of
zones you are having trouble with, as examples. Not the whole config.
- "rndc zonestatus ". Use the same zones you chose from above.
Let’s see what we see.
Cheers, Greg
> On 8 Sep 2023, at 01:24, Leroy Tennison via bind-users
> wrote:
>
> Just to clarify,
some nicer wording, or any other changes
you think would be beneficial.
Hope that helps.
Cheers, Greg
> On 21 Sep 2023, at 17:22, John Thurston wrote:
>
> I just spent 4 hours* of my life trying to figure out why BIND 9.16
> complained on startup:
>
>
>> rpz '
Hello.
Do you mean 9.18-S1?
> On 28 Apr 2024, at 08:06, Yang via bind-users
> wrote:
>
>
> dear admin:
> now, i use bind-9.18-21, i want to use ecs client subnet function; but i
> don't know how to configure it, and i don't get method from google
> please give me some example,or document
latest
version, which is 9.18.26 (you can see in your screenshot).
I hope that helps.
Greg
> On 28 Apr 2024, at 08:42, Yang <395096...@qq.com> wrote:
>
>
>
> is v.9.18.21 below this reference
>

>
>
>
> Yang
> 395096...@qq.com
>
Odd numbers (9.17, 9.19…) are the development versions. Even numbers (9.18,
9.20 - soon…) are the production versions, based on the odd-numbered version
before.
So 9.18.27 (currently) would be the one to go for.
Cheers, Greg
> On 22 May 2024, at 16:53, Robert Wagner wrote:
>
&
I have a similar setup, and I do it the way that Greg Choules suggests.
I could probably dig up the exact way I have BIND configured, but the
function is like this:
Clients query the non-AD BIND servers, for *all* queries. For the AD zone,
we use something like this; Our first level domain, lets
best to ignore it. We will document this properly!
-n sets the number of event loops. You can tweak this manually if you find that
the autodetected value is not suitable for your environment and usage.
I hope that helps.
Greg
> On 10 Jul 2024, at 15:43, Thomas Hungenberg via bind-us
53>. I'm not aware of a
libuv fix for Linux yet.
Running both FreeBSD _and_ Linux is a good idea. Among other things, it's an
excellent way to provide maximum availability for DNS.
--
Greg Rivers
___
Please visit https://lists.isc.org
rvers running BIND 9.16.2 on FreeBSD. I've opened a
ticket with ISC, and they are looking into it. Can you share any additional
information that might aid troubleshooting?
If anyone else experiences this, please report it.
--
Greg
___
Please vis
t;
<https://gitlab.isc.org/isc-projects/bind9/-/issues/1859>
--
Greg
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Conta
e only.
> Around 800 zones of varying sizes. DNSSEC in use.
>
https://gitlab.isc.org/isc-projects/bind9/-/issues/1893
--
Greg
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the d
whcih always remains in
a /16 format.
Please see below for details and if you need any further information please
let me know.
###
named.conf
###
greg@hp-linux:/etc/bind$ cat named.conf
## OPTIONS
options {
directory "/var/cache
Adding mailing list for archiving.
-- Forwarded message -
From: Greg Donohoe
Date: Wed, Jan 27, 2021 at 6:11 PM
Subject: Re: Reverse zone reformatting after nsupdate execution
To: Chris Isaksen
Thank you very much for your reply Chris. Changing the masterfile-style has
security?
All input greatly appreciated.
Thanks.
Greg.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https
but nsdiff may be a
good option.
Rgds,
Greg.
On Thu, Apr 22, 2021 at 8:38 PM Tony Finch wrote:
> Greg Donohoe wrote:
>
> > I have created a CI/CD pipeline in order to amend zone files using
> nsupdate
> > based on a front end user request. This portion of the pipelin
named & zone files?
I dont want anyone/anything else other than my local machine to make any
changes on my remote BIND server.
Rgds,
Greg.
On Fri, Apr 23, 2021 at 11:21 AM Anand Buddhdev wrote:
> Hi Greg,
>
> You don't need to SSH into a remote server to do dynamic DNS updates!
>
the communication done through the ACL and the key is
TSIG only used to allow me to make changes to the zone file?
The main reason why I was leaning towards SSH was to try to ensure that all
communication between local & remote was encrypted.
Rgds,
Greg.
On Fri, Apr 23, 2021 at 2:21 PM A
tion & management best
practices?
Rgds,
Greg.
On Mon, Apr 26, 2021 at 4:16 PM Tony Finch wrote:
> Anand Buddhdev wrote:
> >
>
> Anand's advice is good, as usual :-)
>
> But a small pedantic point:
>
> > The DNS protocol itself has recently been updated to all
Hello.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-
Hi bind-users,
This vulnerability was recently fixed in BIND 9.16.33:
CVE-2022-2795: Processing large delegations may severely degrade resolver
performance
Question: Would a server that is configured to forward all queries be impacted
by this issue?
Thanks,
Greg
--
Visit https
they (the distro maintainers) could not agree to put anything in the same place
if the worlds sanity depended on it.
/var/named
/srv/bind
/etc/bind
/var/lib/named
/usr/local/named
it's all over the place. myself i just create links from /var/named (which is
where I think it was found on most
someone with way more bind clues than I would be able to give you a better
answer.the error returned begs two questions..
1. is this server behind or running a local firewall?
2. is bind actually listening on the proper interface?
you could confirm #2 by typing 'nslookup ns1.example.de 1.1.1
its as if they think hackers main source of targets comes from here.doesn't
appear to really want any help anyway.
-g
On Oct 4, 2010, at 8:35 PM, Noel Butler wrote:
> On Mon, 2010-10-04 at 17:29 -0500, Lyle Giese wrote:
>> Dotan Cohen wrote:
>
>>> The ports aren't blocked as another s
i'm wondering if domain.net and ns1.nameserver.net are defaults which haven't
been configured yet. but he is a senior sysadmin, i'm sure he considered that
already…
-g
On Dec 7, 2010, at 7:37 AM, Matus UHLAR - fantomas wrote:
> On 07.12.10 11:06, Ejaz wrote:
>> We have problem in sending mai
I have thousands of zones most of them will transfer to the secondary.
I have tried many things with no luck(my secondary was running an older
version of bind so I upgraded it)
Any help would be appreciated.
Greg Kuechle
Sorry about the notice appended to the email
NOTICE: This confide
anycast is cheaper than buying a load balancing switch, quagga is free.
Greg.
From: sasa sasa
To: bind dns
Date: 04/05/2010 12:07 AM
Subject:Load Balancer for DNS
Sent by:
bind-users-bounces+greg.kuechle=sasktel.sk...@lists.isc.org
Hello everyone,
Any one used any
at its about. Is it really a Day Light
related?
thanks much for your time,
greg
the error:
[r...@fido ~]# /etc/init.d/named start
Starting named:[FAILED]
[r...@fido ~]# grep named /var/log/messages
Jun 13 10:20:00 fido named[2430]: starting BIND 9.7.
ith "named DST".
hoping someone here might know what its about. Is it really a Day Light
related?
thanks much for your time,
greg
the error:
[r...@fido ~]# /etc/init.d/named start
Starting named:[FAILED]
[r...@fido ~]# grep named /var
thers, the error went away.
thanks again and have a great day,
greg
On Jun 14, 2010, at 6:25 AM, Cathy Almond wrote:
> Greg Whynott wrote:
>> sorry, forgot the subject. not very good on my first posting
>>
>> Hello,
>>
>> I'm seeing an unfamiliar er
I'd say no, and your ISP may need to gain a working knowledge of bind views if
they need to resolve 1812 addresses for their own needs without affecting
customers who are using the ISP DNS servers as their resolver.
the way you could fix this without their involvement is to bring up your own
D
sorry, 1918, not 1812…
On Aug 10, 2010, at 10:43 AM, Greg Whynott wrote:
> I'd say no, and your ISP may need to gain a working knowledge of bind views
> if they need to resolve 1812 addresses for their own needs without affecting
> customers who are using the ISP DNS se
Hi,
Can I ask if anyone has a good idea for how I could identify (filter
packets) that are transiting via a company proxy server [e.g.
proxy.mycompany.com]. The challenge here is that the DNS server will
issue any one of a number of IP addresses back to the browser to use,
associated with the ra
sters { xxx.xxx.xxx.xxx; yyy.yyy.yyy.yyy; }; };
zone "31.172.in-addr.arpa" { type stub; file "/etc/namedb/slave/172.31.db";
masters { xxx.xxx.xxx.xxx; yyy.yyy.yyy.yyy; }; };
zone "168.192.in-addr.arpa" { type stub; file "/etc/namedb/slave/192.168.db&qu
ot;For many pieces of software, this list comes built into the
software.". As I recall, this is true for BIND.
--
Greg Rivers
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind
che expiring, were other requests
> being rejected due to the two nameservers for that zone being
> unreachable?
>
No. You should find the zone expiration event in your logs.
--
Greg Rivers
___
Please visit https://lists.isc.org/mailman/listin
rnet via hostname, if I did a nat on
> the firewall?
>
No, by definition, private addresses are not routable on the Internet.
--
Greg Rivers
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
ay be that we
misunderstood the wording of your question. If your actual question was "can I
publish a public IP in DNS and NAT it to a private IP behind my firewall", then
of course the answer is "yes". Otherwise, trust the
On Thursday, August 02, 2018 12:58:32 Randy Bush wrote:
> ... are there that many folk doing tcp out there?
>
All name servers fall back to TCP when they receive truncated replies.
--
Greg Rivers
___
Please visit https://lists.isc.org/mailman/li
you serve. If your
answers don't fit in 512 bytes (without EDNS) or ~4096 bytes (with EDNS),
you're going to be serving over TCP. Obviously you're way more likely to see
TCP queries from systems that don't support EDNS. Perhap
74 +E(0)
135 -TC
131 -E(0)TDK
98 +E(0)TDC
19 +E(0)D
18 +E(0)K
8 -E(0)TC
3 +E(0)T
54353539
FWIW, this indicates that most TCP queries come from clients that claim to
support EDNS0.
--
Greg Rivers
___
Please visit https://lists.isc.org/mail
DDI product[1]
supports multi-master across multiple disparate primaries with their "xDNS"
plugin. But I wouldn't say that multi-master is a good idea in general, as it
suffers from all of the problems that come with having multiple versions of the
truth.
[1] <https://www
nd as you noticed, named's
configuration and data are now under /opt/isc/isc-bind/.
--
Greg
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
gt; No chance to get an log entry per server and the TSIG key in use.
>
As Rick Dicaire said previously, "Notifications themselves don't use TSIG". You
will never see a TSIG key associated with a notify because notifies aren't
signed; the zone tra
NOTIFY
> messages, and zone transfer requests (AXFR or IXFR) will be signed using the
> specified key. Keys may also be specified in the also-notify statement of a
> master or slave zone, causing NOTIFY messages to be signed using the specified
> key.
>
So it does. Seems my knowledg
Hi Bob.
See if this article helps any first, before we get into configs:
https://kb.isc.org/docs/the-umbrella-feature-in-detail
Cheers, Greg
> On 16 Oct 2024, at 14:55, Robert Mankowski
> wrote:
>
> I recently implemented a forward only BIND server for home. I was forwarding
and be retrying anyway.
I hope that helps.
Greg
> On 8 Nov 2024, at 10:20, Pedro García Segura wrote:
>
> Hello,
>
> Recently we had a Internet outage that lasted for a few hours and quickly
> filled the recursive clients quota (set at 1000) since most internet-bound
> re
Hi Kees.
I would upgrade to 9.18 and not spend time trying to diagnose 9.16, which is
not supported anymore. If the same problem occurs on 9.18 (latest), please let
us know.
I hope that helps.
Greg
> On 3 Dec 2024, at 10:36, Kees Bakker via bind-users
> wrote:
>
> Hi,
>
&
> On 24 Jan 2025, at 19:07, Lee wrote:
>
> On Mon, Jan 20, 2025 at 4:55 AM Petr Špaček wrote:
>>
>> On 15. 01. 25 19:55, Lee wrote:
>>> On Wed, Jan 15, 2025 at 11:55 AM Ondřej Surý wrote:
On 14. 1. 2025, at 16:56, Lee wrote:
In other words, should I submit a bug report to the D
> On 24 Jan 2025, at 21:32, Lee wrote:
>
> On Fri, Jan 24, 2025 at 3:27 PM Greg Choules wrote:
>>
>>
>>> On 24 Jan 2025, at 19:07, Lee wrote:
>>>
>>> On Mon, Jan 20, 2025 at 4:55 AM Petr Špaček wrote:
>>>>
>>>> On 15
a look at is BIND’s GeoIP support, described
here: https://bind9.readthedocs.io/en/latest/chapter7.html#access-control-lists
here:
https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-geoip-directory
and here: https://kb.isc.org/docs/aa-00971
I hope that helps.
Cheers
Hi Duan.
Firstly, please upgrade to the latest BIND as 9.11 is very old now and has many
security flaws that will not be fixed because it is obsolete.
Secondly, after you have upgraded try it again and if the problem still exists,
come back here.
Cheers, Greg
> On 13 Mar 2025, at 09:23, D
structure of your config day one. It's a bit like configuring an Ethernet
switch: do I configure VLANs even though (today) it's one flat network?
Hope that helps.
Greg
On Wed, 4 Jan 2023 at 01:15, E R wrote:
> New to BIND and just starting to read the 5th edition from O'Reilly af
Hi Jeff.
Query logging is quite an overhead and very heavy on writing to storage, so
use it sparingly as it can have a detrimental impact on performance. For
any moderately loaded server I would not have it enabled by default.
Cheers, Greg
On Thu, 12 Jan 2023 at 18:22, Jeff Sumner wrote
Hi Jesus.
No. Zone Transfer always uses TCP. Is it really that much of an overhead
for you?
Cheers, Greg
On Fri, 13 Jan 2023 at 05:56, Jesus Cea wrote:
> I have a dns zone with many dns updates per minute. The updates are
> tiny, like 2-3 records, <500 bytes in total.
>
&g
x27;s not worth worrying about.
Cheers, Greg
On Fri, 13 Jan 2023 at 06:19, Jesus Cea wrote:
> On 13/1/23 7:12, Greg Choules via bind-users wrote:
> > Hi Jesus.
> > No. Zone Transfer always uses TCP. Is it really that much of an overhead
> > for you?
>
> Not now
ou see the SERVFAIL and have fun in Wireshark.
If you can afford to put up with the noise, turn debugging up to the max -
rndc trace 99 - and see if anything pops out.
Also, when you say "even with dnssec turned off.." what do you mean,
exactly?
HTH
Greg
On Wed, 18 Jan 2023 at 12:
rvers make queries out
to other places? If so, recursion must be enabled.
Secondly, do you have "minimal-responses" configured on either/both
servers? If so, what is it set to? There were changes in 9.16 so maybe
these explain your observations.
Cheers, Greg
On Tue, 24 Jan 2023 at 1
;"?
- Do Akamai have any knobs you can tweak (I believe they have a customer
web portal for viewing/changing settings?) that would make them behave like
an RFC compliant DNS server?
Cheers, Greg
On Tue, 24 Jan 2023 at 21:17, John Thurston
wrote:
> My "resolvers" running BIND 9
esn't need to, just like real users. If you
*want* to see all the Authority and Additional data then add "+norecurse"
to your dig command, which causes it to set RD=0. Your server is then not
being asked to do recursion, so it will just reply with everything (if
anything) it has.
Hope
done. But if it's
only you looking at them, drop the "x")
- pcaps on a working and the troublesome box (and on the primary) and a
lot of time in Wireshark. There *must* be *something* different going on.
*If* it turns out that 9.18.11 is behaving incorrectly, ISC will wa
-F text -o junk.raw.txt junk junk.raw
Is that what you're after? Or is it specifically whether 9.18's
interpretation of "raw" is different to 9.16's? (I don't know at the moment
and I don't have a raw file generated with 9.16 to test it).
Cheers, Greg
On Mon,
ctually doing.
I hope that helps, Greg
On Thu, 2 Feb 2023 at 23:43, Bhangui, Sandeep - BLS CTR via bind-users <
bind-users@lists.isc.org> wrote:
> Hi
>
> We are running ISC DNS Bind Version 9.18.10 ( will soon be moving to
> 9.18.11) on our Linux Servers.
>
> DNS resoluti
sending it any queries at all. Just sit and
watch it, monitor the system and process memory use. etc.
That turned into a bit more than a few! I hope some of that helps a bit.
Cheers, Greg
On Sun, 12 Feb 2023 at 01:14, Jan Schaumann via bind-users <
bind-users@lists.isc.org> wrote:
> Hi,
lt) called "named_dump.db" in named's working
directory. Grep for NXDOMAIN in that file.
Cheers, Greg
On Tue, 14 Feb 2023 at 15:29, Jan Schaumann via bind-users <
bind-users@lists.isc.org> wrote:
> Jan Schaumann via bind-users wrote:
> > Greg Choules wrote:
>
>
much RAM as you can afford. That way you minimise the frequency of cache
cleaning, which is an overhead.
Greg
On Wed, 15 Feb 2023 at 19:45, Jan Schaumann via bind-users <
bind-users@lists.isc.org> wrote:
> Greg Choules wrote:
>
> > Since the queries are unique the responses
TSIG tsig-key.movie.edu: tsig verify failure
(BADKEY)
I'd take packet captures of both cases and compare them, see what the
differences are.
Hope that helps.
Greg
On Tue, 21 Feb 2023 at 16:06, Patrik.Graser--- via bind-users <
bind-users@lists.isc.org> wrote:
> Hi all
>
>
>
> Due
apabilities enabled. 'named' starts as root, but immediately drops to a
lower-priviliged user, which can prevent it from discovering new addresses
unless it has the necessary linux-caps.
Cheers, Greg
On Mon, 13 Mar 2023 at 09:16, Serg via bind-users
wrote:
> The problem is I have l
Hi Nath.
What have you got on SrvB for biopyrenees.net, or net?
On SrvB, please do "dig @127.0.0.1 sri.biopyrenees.net" (please use the
actual address rather than "localhost") and paste the full result here. I
am interested in flags and the query time right now.
Cheers, Greg
170.141.168.22
QM can't be disabled per destination server, only globally.
I would recommend you contact the NS administrators and inform them they
have a problem. According to the SOA the RNAME is
named-...@wannms.state.tn.us
Cheers, Greg
On Mon, 27 Mar 2023 at 18:54, wrote:
> Hi,
>
iple zones of the
same name but different contents caused me problems daily. I would
recommend having internal zones be proper delegations from external zones.
e.g.:
external "example.com"
internal "internal.example.com"
Cheers, Greg
On Mon, 17 Apr 2023 at 14:41, Jiam
internally with different answers.
Cheers, Greg
On Tue, 18 Apr 2023 at 12:59, Jiaming Zhang wrote:
> Dear Greg,
>
> The initiative was that we have certain records that wish to be view only
> internally and may resolve to private address (e.g. insite A 10.1.1.1).
>
> Kind Regard
making queries for NS records normally.
But what if they do? Why does it matter if clients find out the NS names
for the internal zones?
Cheers, Greg
On Tue, 18 Apr 2023 at 13:27, Jiaming Zhang wrote:
> Dear Greg,
>
> I agree using child zones is a better idea, and I'm actually usin
Hi Håvard
Odd, it works for me. Try a literal copy/paste of the link below. Or go to
https://kb.isc.org and search for packages:
https://kb.isc.org/docs/isc-packages-for-bind-9
Cheers, Greg
On Wed, 19 Apr 2023 at 12:03, Havard Eidnes via bind-users <
bind-users@lists.isc.org>
DNSSEC
validation to work internally.
Hope that helps.
Greg
On Wed, 19 Apr 2023 at 18:20, Jiaming Zhang wrote:
> Dear Greg,
>
> That’s what I thought, of each individual zone must have NS record point
> to it. But my point is not hiding NS record (or which server handles it)
>
or very little - benefit. Just my
2p.
Cheers, Greg
On Fri, 21 Apr 2023 at 15:41, Jiaming Zhang wrote:
> Hi Greg,
>
> Thanks for the example given. I was trying to digest your answer, it seems
> it would be better to have intermediate subdomain for the purpose. So it
> will be sit
that helps.
Greg
On Tue, 9 May 2023 at 21:43, Pacific wrote:
> Installing bind9 (9.18.14) on macOS Ventura (13.3.1) — install is not
> creating a namedb directory nor can I find a boilerplate named.conf.
>
> Steps taken:
>
> Downloaded tar directly from isc, saved to a local d
e /usr/local/sbin/named
/usr/local/sbin/named: Mach-O 64-bit executable x86_64
If you find an executable, do /named -V (uppercase V), which will
print a summary of how it was built.
Similarly /named -C (uppercase) will print the defaults.
Hope this helps.
Greg
On Wed, 10 May 2023 at 05:55, Paci
esn't know
what to do with. Either way, it should be fixed.
Hope that helps.
Greg
On Tue, 16 May 2023 at 15:53, Alex wrote:
> Hi,
> I have a bind-9.18.7 system on fedora37 and having some strange errors
> with some queries.
>
> $ host info.apr.gov.rs
> Host info.apr.gov.rs
You are most welcome, I'm glad you got it running. Now the fun starts! :D
Greg
On Tue, 30 May 2023 at 21:02, Pacific wrote:
> Thank you and to everyone who took the time to respond. Your collective
> input did the trick and I now have bind running successfully through a brew
>
es to the server and any
queries the server makes to try and get answers, plus all the responses.
Please do that and share the results, using real domains, not examples.
Hope that helps, Greg
On Mon, 19 Jun 2023 at 09:39, wrote:
> Hello Thank you for your feedback,
> yes it works like tha
to be authoritative for "antlauncher.com".
Personally I would live with the SERVFAIL because it tells you that
something is wrong, not just that it doesn't exist. Then try to contact the
people who own this domain and tell them it is broken.
Cheers, Greg
On Mon, 19 Jun 2023 at 10:
Hi Sami.
That's not what I said.
Yes, you can do this with RPZ if you want - it's all in the BIND ARM - but
it's not something I would do.
Cheers, Greg
On Mon, 19 Jun 2023 at 12:40, wrote:
> Thank you Greg
>
> So if I understand correctly if we receive a servfail
>From the correct email alias this time!
On Mon, 19 Jun 2023 at 16:50, Greg Choules
wrote:
> Hi Lee/Sami.
> `break-dnssec yes;` *may* also be needed in some cases. But not here as
> the zone isn't signed anyway.
>
> The reason that "example.com" works but "
Hi Sami.
Let me ask you a question.
How would you define the terms "latency" and "response time"?
Greg
On Tue, 27 Jun 2023 at 17:23, wrote:
> Hello In DNS benchmarking which is more important latency or response
> time? for a DNS server what is the differe
Note that this requires clients to use FQDNs, which IMHO is a good thing. I
always try to avoid "search" in resolv.conf because it leaves the OS
stub resolver guessing what the user actually wants.
Hope that helps. But as i said, configs please and then *we* don't have to
guess :
t;net5.domain.com" {
# 10.32.30.0/24
etc...
zone "net6.domain.com" {
# ?.?.?.?
etc...
"system" has A records in all of these, with the relevant interface address
for the network. Clients lookup the FQDN of interest to them at the time.
This way there is guaranteed no ambig
r
primary zones in one place (or two for resilience). It makes it easier to
administer and to understand which way data is flowing.
Cheers, Greg
On Thu, 29 Jun 2023 at 16:14, Ubence Quevedo wrote:
> Hi,
>
> Actually, that config was from the primary at 192.168.10.3.
>
> B
IL.
It looks like your server cannot resolve cadyst.com/A for some reason,
which would explain what gets sent back to the client.
However, it resolves fine for me:
cadyst.com. 908 IN A 146.59.209.152
Maybe you have some other issue with your resolver?
Cheers, Greg
On Wed, 12 Jul 2023 at 09:26, wrote:
Real data please:
- example queries (genuine, not invented for illustration)
- real domains
- real IP addresses
- packet captures
- both BIND server configs
- zone file contents
- startup logs
There are so many things it *could* be, the more information the better.
Cheers, Greg
On Sun, 16 Jul
This time from the correct email alias!
On Mon, 17 Jul 2023 at 22:58, Greg Choules
wrote:
> Hi.
> Some observations:
> - Please don't use nslookup. Please use dig, it is much more versatile and
> gives much more information with which to try and interpret what might be
> goi
You may already have BIND installed; most distros do. If not, it's easy.
You don't *have* to run named, but tools like this (and dig, particularly)
are very useful to have.
Do "which arpaname" to see if you have it already.
Cheers, Greg
On Thu, 24 Aug 2023 at 08:00,
rally: see below.
DNSSEC validation is on ("auto") by default these days. Please don't turn
it off for everything.
options {
...
validate-except {
incometax.gov.in;
...
};
...
};
Hope this helps.
Greg
On Wed, 30 Aug 2023 at 14:20, Blason R wrote:
> Hi all,
>
> I have bind
t which a given client will be sent
responses.
It's all in the ARM :) https://bind9.readthedocs.io/en/latest/index.html
Cheers, Greg
On Wed, 30 Aug 2023 at 18:42, Ben Bridges wrote:
> Hi,
>
> Is there a BIND configuration option that would limit the number of
> recursive clien
primary because it
already has the zone file stored locally. Just change the "type", leave the
"file" statement alone and delete (or comment) the "primaries".
Does that help?
Greg
On Thu, 7 Sept 2023 at 19:31, Fred Morris wrote:
> Re-reading the KB article refe
trying to understand just what is the problem.
- How much of 10 do you use?
- What do you mean by "...can be published from two different DNS
services."? Could you expand on that please?
- Is there any zone transfer between BIND and MS DNS?
Thanks, Greg
On Fri, 15 Sept 2023 at 21:00, John Thur
knows who is responsible for all addresses starting 10.1
or 10.2
Long-winded, I know. But I think it's important to understand your end goal
before configuration.
Cheers, Greg
On Sat, 16 Sept 2023 at 01:16, John Thurston
wrote:
> A host which auto-registers in MS DNS, creates an A in fo
Hi.
Although it is technically possible to do reverses on non-octet boundaries
(for example, see https://www.ietf.org/rfc/rfc2317.txt) it is a
complete pita, in my experience. Personally I would not head down that
path. Stick to /8, /16 or /24.
Cheers, Greg
On Sat, 16 Sept 2023 at 09:20, G.W
>From the correct mail alias!
On Sat, 16 Sept 2023 at 21:50, Greg Choules
wrote:
> Hi Ged.
> 172.16/12 is not a special case. The whole problem (IMHO) stems from how
> humans have chosen to represent both IP addresses (v4; v6 are different and
> actually a little easier) AND D
1 - 100 of 224 matches
Mail list logo
