Hi Samad,
It's entirely possible to roll out a parallel BIND installation. We're
doing something similar at Brandeis right now--a mix of BIND and
PowerDNS servers. I take it that your current BIND setup is purely
authoritative? Or is it also handling recursive requests?
John
On 05/03/20
Hi Alexander,
We've actually run into this before. Once upon a time, RCN cable used
to run some slave servers for us, but we've long since moved away from
them, including zone transfers. We yanked them from our registrar a
long time ago, and life was good. For whatever reason, RCN's still
eople's domains), so I've
contacted them again. Hopefully the cease-and-desist won't be necessary.
John
On 06/19/2012 06:45 AM, Tony Finch wrote:
Mark Andrews wrote:
In message<4fdf631a.4060...@brandeis.edu>, John Miller writes:
We've actually run into this bef
ong shot!
John
On Mon, Jun 18, 2012 at 11:22 PM, Mark Andrews wrote:
>
> In message <4fdf631a.4060...@brandeis.edu>, John Miller writes:
> > Hi Alexander,
> >
> > We've actually run into this before. Once upon a time, RCN cable used
> > to run some sl
e to a bug report and/or
changelog for this? A quick Google search for 'bind resolver source
address bug' didn't yield much.
John
--
John Miller
Systems Engineer
Brandeis University
781-736-4619
johnm...@brandeis.edu
___
Please visit h
Thanks, Kevin. It sounds like if there was a bug in the resolver when
using 127.0.0.1, it's long since been resolved. For the reason of
portability alone, 127.0.0.1's a good choice, and what we've been doing.
I hadn't considered the NIC offloading issue, but I suppose it _could_
happen.
Th
On 07/24/2012 05:10 PM, Mark Andrews wrote:
No. It was a kernel bug. The kernel wouldn't let you un-bind the
socket. When you sent to 127.0.0.1 the local address was set to
127.0.0.1 then when you sent to some other address 127.0.0.1 was
used as the source address which doesn't work. Modern r
Hi Thomas,
Since this is Ubuntu, what does /var/log/syslog have to say about the
matter? Do you have any specific configuration for rndc controls, or
are you primarily using the stock Ubuntu named.conf.local and
named.conf.options?
John
On 10/04/2012 11:27 AM, Thomas Manson wrote:
Hi,
raffic? Not tying up NAT
tables seems like the way to go, but lack of probes is a deal-breaker on
this end.
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to un
IMO, the only boxes which should have IPs in both public and private netblocks
should be your firewall/NAT routing boxes.
That's how we usually have our servers set up--the load balancer gets
the public IPs, the servers get the private IPs, and we use NAT to
translate between the two.
Here
Thanks Daniel. Good to hear of someone using NAT for DNS traffic. My
fears of it are mostly performance-based--every DNS query takes up a new
entry in the ACE's NAT table. In our case, that's thousands of queries
per second that the ACE has to keep in memory. I've shown it to be a
slight (2
/25/2012 11:53 AM, Phil Mayers wrote:
On 25/10/12 15:54, John Miller wrote:
Is BIND associating each request with a particular socket, then? It
would certainly make sense if that were the case. This was something I
didn't fully realize.
Yes.
Something else I didn't fully realize w
Hi Martin,
Just to clarify, how many domain names are doing this for you? Are they
all remote domains, or are some of them okstate.edu domains?
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
On 10/30/2012 04:10 PM, Martin McCormick wrote:
I don&#
7 ms
>
> Barry Margolin writes:
> > I'm not sure what you mean by that sentence about getting authoritative
> > DNSs from X when it sbould be from Y. Can you post the actual dig?
> >
> > BTW, @servername doesn't mean much when using +trace, since +trace
> &
Hey there Hal,
It doesn't look like .local is officially reserved
(http://tools.ietf.org/html/rfc2606), but .localdomain definitely is.
John
John Miller
Systems Engineer
Brandeis University
781-736-4619
johnm...@brandeis.edu
On 11/14/2012 10:02 AM, King, Harold Clyde (Hal) wrote:
I&#x
Thanks for the catch--guess I was writing a little too quickly this
morning. .localhost is reserved; .localdomain isn't.
John
On 11/14/2012 11:17 AM, SM wrote:
At 07:15 14-11-2012, John Miller wrote:
It doesn't look like .local is officially reserved
(http://tools.ietf.org/ht
ormat, and wanted to be sure I had
my ducks in a row.
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
Thanks, Phil. Those were my thoughts as well. For the present, I'll
write my own monitoring plugin to parse the XML data.
John
On 11/15/2012 11:47 AM, Phil Mayers wrote:
On 15/11/12 16:44, John Miller wrote:
Hello everyone,
When did BIND 9 switch over from the older
I think tha
work for us.
John
On 11/15/2012 11:58 AM, Carsten Strotmann wrote:
Hello John,
John Miller writes:
Hello everyone,
When did BIND 9 switch over from the older
+++ Statistics Dump +++ (timestamp)
success #
referral #
nxrrset #
nxdomain #
recursion #
failure #
--- Statistics Dump --- (time
Thank you! Just downloaded a copy, and looks pretty straightforward.
John
On 11/15/2012 12:13 PM, Jan-Piet Mens wrote:
Thanks, Phil. Those were my thoughts as well. For the present,
I'll write my own monitoring plugin to parse the XML data.
If you need some inspiration, I wrote a bit of C c
ges.
John
On 11/15/2012 12:22 PM, Evan Hunt wrote:
On Thu, Nov 15, 2012 at 11:44:12AM -0500, John Miller wrote:
Hello everyone,
When did BIND 9 switch over from the older
The new stats counters were added in 9.5.0. They're in all currently-
supported releases; the old format is fully depr
Just to cover all the bases, you're doing your lookup directly against
your server, correct? Easy to accidentally query a different nameserver
and not see what you're expecting.
Otherwise I'd second Warren's suggestion to double-check your serial number.
John
On 02/20/2013 12:40 PM, Jsillim
Hello everyone,
Here's something I hadn't put much thought into until recently--it's
never been a problem--how do resolvers behave when they receive a
request for an expired entry in the cache, but cannot contact the
authoritative nameserver? I'd imagine they return a SERVFAIL, but I
could s
Thanks, Matus. Much appreciated--a SERVFAIL is much better than an
NXDOMAIN in this scenario.
John
On 02/21/2013 10:41 AM, Matus UHLAR - fantomas wrote:
On 21.02.13 10:38, John Miller wrote:
Here's something I hadn't put much thought into until recently--it's
never been a
On 03/04/2013 03:26 PM, Verne Britton wrote:
my test server (its up and down a lot) is at yournameserver with these two test
zones ... what I want to be able to do is:
1. serve the A records as authoritative
Looks like it's working in that regard:
jm@workstation:~$ dig +norecurse @yournamese
Hi Lawrence,
I'm going to answer your questions a bit out of order, but hopefully
things'll still be clear.
> How do you have an AD domain where your AD servers aren't authoritative
> for itself?
>
>
This is how our AD domain is set up -- the root of the AD domain is
brandeis.edu, but the domain
> Probably should've wrote that is the first case it was:
>
> $ORIGIN foo.example.com.
> ...
> ads NS ads.foo.example.com.
> ...
> ads A a.b.c.d
> dc2 A a.b.c.e
> dc3 A a.b.c.f
>
> And, the modified case was:
>
> $ORIGIN foo.example.com
> ...
> ads NS dc2.foo.example.com.
> NS dc
Hi Mike,
To keep my answer simple, if BIND is set up to allow recursion, and gets
a recursive query for a zone it's not authoritative for, it'll:
1) Answer from cache
2) pass the query off to the configured forwarders
3) If the forwarders are unavailable, follow delegation itself to answer
th
.isc.org/mailman/**listinfo/bind-users<https://lists.isc.org/mailman/listinfo/bind-users>to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/**listinfo/bind-users<https://lists.isc.org/mailman/listinfo/
_
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
John Miller
Systems En
Hey there folks,
I know that for the following record in a zone file:
host.example.com.
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
CNAME otherhost.
be equally valid from an RFC perspective? Obviously this would also
pertain to NS, MX, SRV, PTR, etc. records.
John
On Thu, Jul 18, 2013 at 4:12 PM, John Miller wrote:
> Hey there folks,
>
> I know that for the following record in a zone file:
>
> host.exampl
On Thu, Jul 18, 2013 at 4:29 PM, Charles Swiger wrote:
> On Jul 18, 2013, at 1:18 PM, John Miller wrote:
> > I know that for the following record in example.com's zone file:
> >
> > host.example.com. IN CNAME otherhost
> >
> > BIND will retur
On 07/18/2013 06:07 PM, Barry Margolin wrote:
In article ,
John Miller wrote:
I think what I was getting at was whether appending $ORIGIN to an
unqualified target--only talking target, not label--was _required_ by the
RFCs, and if so, the RFC/section. I'll read through 'em; was j
Ryan wrote:
Are you asking if the target of a CNAME need be an FQDN if $ORIGIN is
defined? If so, no, I use short names (no trailing dot) all the time.
*From*: John Miller [mailto:johnm...@brandeis.edu]
*Sent*: Thursday, July 18, 2013 05:49 PM
*To*: Bind Users Mailing List
*Subject*: Re: RFC requir
On 07/18/2013 06:07 PM, Barry Margolin wrote:
In article ,
John Miller wrote:
I think what I was getting at was whether appending $ORIGIN to an
unqualified target--only talking target, not label--was _required_ by the
RFCs, and if so, the RFC/section. I'll read through 'em; was j
Hi Manish,
You can always grab a pre-canned ISO from turnkeylinux.org. You could
also use Puppet or Chef recipes to get BIND up and running. I'm sure
someone also has a Vagrant box available -- try vagrantbox.es.
Generally speaking, though, if you're using an appliance in production,
you n
__
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
John Miller
Systems Engineer
Brandeis University
johnm...
Hello folks,
I'm getting ready to revamp our dynamic DNS setup here on campus, and am
curious: what is everyone doing for update forwarding? Have you seen
certain clients that will send updates based on NS records rather than
the SOA record?
Perhaps a better question is: has anyone been bit
On 12/11/2013 08:42 PM, Mark Andrews wrote:
In message <52a8e44a.1070...@brandeis.edu>, John Miller writes:
Hello folks,
I'm getting ready to revamp our dynamic DNS setup here on campus, and am
curious: what is everyone doing for update forwarding? Have you seen
certain clients tha
On Fri, Jan 31, 2014 at 11:10 AM, Steve Presser wrote:
> Hey all,
> Please forgive me if any of my terminology is off - I have not spent as
> much time in the documentation as I'd like.
> I have an odd situation that I would like to know if it is possible and
> would much appreciate a pointer to
rom derived A or records.
>
>
> Vernon Schryverv...@rhyolite.com
>
Indeed, the intent of my words was that SPF only makes sense if it's
public--presumably you set up trust between your internal mail servers in
other ways. It's not required for SMTP to work--plen
o modify the cache.
>
> Who can tell me how to do?Thanks.
> Guanghua
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://list
and is for the sole use of the intended
> recipient(s). If you are not the intended recipient, any disclosure,
> copying, distribution, or use of the contents of this information is
> prohibited and may be unlawful. If you have received this electronic
> transmission in error, please reply
hanks a lot !!!
>
> JeLo
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-u
s://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
he same company, so I need that any client PC can
> resolve a hostname from "company.com" domain, independently if this
> record is in DNS1 or DNS2.
>
> Thanks again, regards.
>
> JeLo
>
>
>
> On Wed, Apr 30, 2014 at 5:21 PM, John Miller wrote:
>
>> Hi Jeronimo,
.edu'
A
named[12766]: client 129.64.8.232#49802: send
named[12766]: client 129.64.8.232#49802: sendto
named[12766]: client 129.64.8.232#49802: senddone
named[12766]: client 129.64.8.232#49802: next
Even though it sends valid TKEY credentials, why doesn't Windows actually
sign its upda
Thanks to both Mark and Nicholas for the help. Unfortunately, still not
able to get this working (BIND 9.8.2 (RHEL 6) & AD 2008R2). It's a case
of AD negotiating a TKEY (successfully), then reverting back to unsigned
updates. If an update's not signed, doesn't matter what your
update-policy
gt; https://lists.isc.org/mailman/listinfo/bind-users
> _______
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/ma
I'm curious as to
> why BIND would respond with different codes. Thanks for any insights.
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/
It's surprising that more organizations don't fix this--it can be a
serious DoS vulnerability if the record is important enough. Anyone
know of tools that, given a zone or a set of labels, will test for this
behavior?
John
On 05/30/2014 11:42 AM, David A. Evans wrote:
To my questio
:)
its almost the same, as creating a local zone for something your not
authoritative for and then having to maintain those records. but, i
guess their may be cases where it may be useful i guess
On Monday, June 2, 2014 1:33 PM, John Miller wrote:
Evil? Seems a bit strong. Unusual
e authoritative NS for that zone? unless your
> changing the records
> which is all bad
>
>
>
>
> On Monday, June 2, 2014 2:18 PM, John Miller
> wrote:
>
>
>
> Not quite, Bill. You point the zone at a different name server, but
> _your_own_nameserver_ still does the
490 general: debug 1: dump_done: zone
> 250.168.192.in-addr.arpa/IN/vi_local_resolver: enter
> 24-Jul-2014 14:48:42.490 general: debug 3: zone
> 250.168.192.in-addr.arpa/IN/vi_local_resolver: dns_journal_compact: not
> found
>
> ---
i then check if
> 101.250.168.192.in-addr.arpa PTR is cached?
>
>
> On 24-07-2014 15:35, John Miller wrote:
>
> On NS #2, if you run rndc freeze/rndc thaw, what does the actual zone
> file look like? Also, what does your cache look like? Is
> 101.250.168.192.in-addr.arpa
de
> buffering. DiG (or even host) are much better than nslookup
> for diagnostic purposes.
>
> hth
>
>
> On Thursday, July 24, 2014 8:00 AM, John Miller
> wrote:
>
>
> To check your cache, just run rndc dump. It'll write a dump of the BIND
> cache to your
ntly will not be liable should its content be
> altered.
> **
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
>
r named.conf
files if you're worried about your configuration at all.
The main principle here is that you shouldn't take down the 9.3.2
server until you're _sure_ the 9.8.1 server is fully ready to roll.
Ideally you should be able to do this with zero downtime, but much
depends o
dentical) would also be helpful, as would copies of your named.conf
>> files if you're worried about your configuration at all.
>>
>> The main principle here is that you shouldn't take down the 9.3.2
>> server until you're _sure_ the 9.8.1 server is fully read
uarantine zones? Presumably you're using some sort of DDNS
publishing that gets triggered when a client does something
suspicious.
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
On Tue, Jan 6, 2015 at 5:52 PM, Anne Bennett wrote:
> I'm playing wi
n to DNS in general as well as BIND configuration. Start
there, experiment around a bit with some sandbox vms, then come back
here when you've got some more specific questions.
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
On Thu, Apr 2, 2015 at 9:25 AM, Heamna
Semicolons! You need one for the second ip range in your list, and you
need one after the zone file for your localhost zone. The error message
really does tell you what you need in this case ;-) The config you pasted
only has nine lines, so I'm assuming that the last error really is on line
8/9
For my part, I'd be curious to know what sort of problem you're trying to
solve with dig. We might be able to shed a little more light on what the
best command would be for you.
The +recurse gets overridden when you use +trace:
+[no]recurse
... Recursion is automatically disabled when
>
> It's by tracing the queries down from the root zone several
> times with "dig +trace" that it finally hit me what was going
> on, and in retrospect it's obvious. At first I had been looking
> for some kind of race condition with delegation data from the
> grandparent zone getting cached, and t
Even after flushing Google's cache (
>> https://developers.google.com/speed/public-dns/cache), I still get the
>> same response. Does anyone have insight on +showsearch, other than the
>> following ;-)
>>
>> ...
>
> "showsearch" has nothing to do with iteration or recursion. "showsearch"
> is rel
ge between the two nameservers within an hour, the second
will stop working.
This is just a guess, but network communication/failed zone transfer seems
the most likely culprit for something like this (entire zone returns
SERVFAIL).
John
--
John Miller
Systems Engineer
Brandeis University
johnm..
On Mon, Jul 13, 2015 at 2:15 PM, Lucio Crusca wrote:
>
> You have been persuasive enough, I'm definitely going to raise the expire
> value, but now the question is: are the SERVFAIL replies a consequence of
> the low expire value?
>
It doesn't help your cause _at_all_. There could be a few reas
Hi Donovan,
Your zone file(s) as well as your named.conf config would be best here. We
really need more information from you than a single fqdn.
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
On Thu, Jul 23, 2015 at 12:40 PM, lists - euca wrote:
> He
On Thu, Jul 23, 2015 at 2:22 PM, lists - euca wrote:
> Here is the file that smbind created (note that I have been making some
> changes):
> $TTL 21600
> @ IN SOA ns10.euca.us. hostmaster.euca.us. (
> 2015072342 ; Serial
> 108
ake sure your master doesn't require
it and that your slave doesn't try to use it for its AXFRs.
John
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
___
Please visit https://lists.isc.org/mailman/listinfo/bind-use
On Fri, Jul 24, 2015 at 11:52 AM, Mark Elkins wrote:
> On Fri, 2015-07-24 at 15:44 +, Managed Pvt nets wrote:
> >
> >
> > On 24/07/2015 5:05:24 PM, "Alan Clegg" wrote:
> >
> > > Possible problems:
> > >Mismatched keys.
> > >Mismatched key names.
> > >Mismatched clocks.
> >
> > Mo
interesting we did is that our recursive servers don't
depend exclusively on our local authoritative servers. In a pinch
(last master in the stub zone), they'll go out to our cloud DNS
servers and pull/follow delegation from there. So the dependence of
recursive on authoritative, due
If you check pcap, logs, etc., is the server's following delegation
for 0.centos.pool.ntp.org? Where do outbound packets stop?
John
On Tue, Sep 1, 2015 at 9:09 AM, Robert Moskowitz wrote:
> I have one nameserver running bind 9.8.2 and a new one running 9.9.4.
>
> Both can resolve www.ietf.org
>
On Tue, Sep 1, 2015 at 9:31 AM, Robert Moskowitz wrote:
>
>
> On 09/01/2015 09:20 AM, John Miller wrote:
>>
>> If you check pcap, logs, etc., is the server's following delegation
>> for 0.centos.pool.ntp.org? Where do outbound packets stop?
>
>
> I d
On Fri, Sep 4, 2015 at 3:29 PM, wrote:
>> One Firewall should be enough.
>> So, what you consider this firewall should do ?
>> In my opinion:
>> Block requests coming from a blacklist (Who will generate this list ?)
>> Block denial of service requests. It needs to measure the requests rate
>> to
On Fri, Sep 18, 2015 at 2:35 PM, Danny Sinang wrote:
> Hi,
>
> Our vendor is changing their FTP server's IP address tomorrow.
>
> 1. How can I tell how long their DNS change will propagate to us ?
Whatever TTL you have cached when the vendor makes the switch is how
long it'll take for your cachin
ing the cache
> or restarting BIND, won't BIND find an old cache of "ftp.example.com" in the
> ".com" top level DNS server ?
>
> Regards,
> Danny
>
> On Fri, Sep 18, 2015 at 2:51 PM, John Miller wrote:
>>
>> On Fri, Sep 18, 2015 at 2:35
oad-balanced sites which don't
> have fixed IP address.
>
> Any hint's what I am doing wrong?
>
> Many thanks,
> Wolfgang
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe
google.com.
>
> You'll see additional queries like this if you look up servers hosted by
> the Akamai CDN, because the CNAME points from the original domain to one
> of Akamai's domains.
Hi Barry,
I just did a double-check (stock RHEL 6 BIND, 9.8.2), and BIND indeed
does do the
On Wed, Jan 13, 2016 at 8:35 AM, Tomas Hozza wrote:
> On 12.01.2016 18:16, Tony Finch wrote:
>> Tomas Hozza wrote:
>>>
>>> Recently I was trying to find a mechanism in BIND that could prevent the
>>> server from processing a recursive query for non-existing domains.
>>
>> Have a look at https://w
Thanks for the advice, Mike. We chrooted our install because it was
"best practice" security-wise, but from an administration standpoint,
it's been a bit of a headache: for example, you have to keep straight
what goes in /etc and /var/named/chroot/etc, you end up setting a
$BIND_CHROOT environment
On Thu, Jan 14, 2016 at 4:01 PM, Reindl Harald wrote:
>
>
> Am 14.01.2016 um 21:48 schrieb John Miller:
>>
>> Thanks for the advice, Mike. We chrooted our install because it was
>> "best practice" security-wise, but from an administration standpoint,
>>
A couple of weeks ago, we experienced an outage on our external
Internet links. Ideally, this shouldn't affect queries for internal
resources - we expect those queries to continue to be answered.
That being said, we saw a bunch of messages in our logs such as:
client 192.168.1.2#56075: no more r
Thanks for the reply, Tony. With the recent glibc bug, I figured most
folks would be off putting out those fires!
On Thu, Feb 18, 2016 at 3:04 PM, Tony Finch wrote:
> John Miller wrote:
>
>> A couple of weeks ago, we experienced an outage on our external
>> Internet lin
On Thu, Feb 18, 2016 at 5:06 PM, Mark Andrews wrote:
> For some reason people are afraid to slave internal zones. Back
> when I was working for CSIRO I used to slave all the internal zones
> for all of the sites the division had. Each site administered its
> own zones but all sites slaved all of
>> I was going to respond with the same advice --
>> slave your internal zones -- but then I somehow convinced myself that "recurs
>> ive-clients" was merely the quota of concurrent RD=1 queries that named would
>> handle, thus slaving wouldn't help in a network-outage situation, since name
>> d w
On Fri, Feb 19, 2016 at 11:45 AM, David Li wrote:
> This is my first time to try master slave configuration. Here is a
> brief description:
>
> I have two Centos 7.1 VMs - each is configured for a zone. VM1 is the
> master for zone1 and slave for zone2. VM2 is master for zone2 and
>
Hi David,
Something I'm not seeing in your config is an options {} block that
lays out your defaults for allow-transfer, allow-notify, also-notify,
etc. Those are important things to know when it comes to
troubleshooting zone transfer issues. Unless you've got a specific
reason for not doing so,
0.4.1/24;
>127.0.0.1;
> };
>
> };
>
> For VM2 named.conf
>
> options {
>
> directory "/var/named";
> allow-query {
>10.4.3/24;
>127.0.0.1;
> };
>
> };
>
> On Fri, Feb 19, 2016 at 12:33 PM, John Mil
On Fri, Feb 19, 2016 at 9:26 PM, Barry Margolin wrote:
> In article ,
> John Miller wrote:
>
>> And if you actually want people to use your zone or you want NOTIFY
>> working, two NS records (and possibly glue) are really a must.
>
> He mentioned that these are intern
g
> https://lists.isc.org/mailman/listinfo/bind-users
--
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
On Thu, Mar 31, 2016 at 2:00 PM, Michael Brunnbauer wrote:
>
> hi all,
>
> On Thu, Mar 31, 2016 at 07:32:21PM +0200, Michael Brunnbauer wrote:
>> Is is possible that is this connected to rndc stats? I will stop doing
>> rndc stats for a while to test (it currently runs every minute).
>
> Not doing
On Thu, Apr 7, 2016 at 3:42 PM, Ben Wilson wrote:
> Hi,
>
> I'm not sure what is different on a new server I'm setting up, but when
> querying the port configured for statistics-channels, no rdtype records are
> included.
>
> resstat, socket, task, etc are all there, but not the number of queries.
If your domain is ourweddingaccount.com, and you're looking to have
the apex record
ourweddingaccount.com.CNAME some.other.domain.
but still host other records in the ourweddingaccount.com zone, you
can't. That's not how CNAME records work. A CNAME record is an alias
for a particular _l
> But this is getting way off topic for BIND-users, and should probably be
> moved to dns-operati...@dns-oarc.net if we want to continue.
Much obliged!
John
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this lis
>
> dig mail.protection.outlook.com. ns
> @ns1-proddns.glbdns.o365filtering.com. +noedns
> ;; ANSWER SECTION:
> mail.protection.outlook.com. 10 IN NS
> ns1-proddns.glbdns.o365filtering.com.
> mail.protection.outlook.com. 10 IN NS
> ns2-proddns.glbdns.o365filtering.com.
>
>
>
> Note the short TTL
On Wed, May 4, 2016 at 3:23 PM, Rob Heilman wrote:
> Could it be that the “adberr:2” logs entries are indicating that it
> periodically can’t find the name servers?
>
> -Rob Heilman
>
>
>
> # dig zulily-com.mail.protection.outlook.com.
> @ns1-prodeodns.glbdns.o365filtering.com.
>
> dig: couldn't
On Wed, May 4, 2016 at 3:57 PM, John Miller wrote:
> On Wed, May 4, 2016 at 3:23 PM, Rob Heilman wrote:
>> Could it be that the “adberr:2” logs entries are indicating that it
>> periodically can’t find the name servers?
>>
>> -Rob Heilman
>>
>>
>>
&g
Ok--I see what's up now! This has been one of the stranger DNS setups
I've ever seen: different NS records pointing to overlapping sets of
IP addresses, EDNS disabled, really short TTLs on both NS and A
records. Even though you're not querying at the name listed in the NS
records, it's usually th
1 - 100 of 125 matches
Mail list logo
