Are you aware that only the DSCP flags are deprecated, not all *source and
*forwardes etc options themselves?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolve
e describe the use
case
here or in the issue mention below.
well, if "just for sure no other AH tries that again" is not a reason for
you...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varov
BIND 9.18.
On 23. 3. 2023, at 17:57, Matus UHLAR - fantomas wrote:
what's the reason? Code cleanliness?
Or is it problematic to maintain?
On 23.03.23 19:11, Ondřej Surý wrote:
Those are wrong questions to ask - the right question to ask is whether this
bring any
value - and the answer is
On 28.03.23 16:04, Nyamkhand Buluukhuu wrote:
No, I have an access list that allows only our ISP zones.
zones? access lists are meant to limit clients.
how do your access limits look like?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e
your server for non-local information.
So, your server should NOT be part of Amplification attack.
(unless you run VERY OLD version of BIND)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto
On 3/28/23 6:30 AM, Matus UHLAR - fantomas wrote:
Great, this means that only clients with those IP addresses can
query your server for non-local information.
On 28.03.23 10:16, Grant Taylor via bind-users wrote:
I used to think the same thing.
Then I learned that I needed to also add
On 3/28/23 10:48 AM, Matus UHLAR - fantomas wrote:
If your server has authroritative zones for internal use, yes, in
such case allow-query is good idea.
On 28.03.23 11:02, Grant Taylor via bind-users wrote:
The server that I first set this on had a secondary copy of the root
zone for my
On 3/28/23 11:28 AM, Matus UHLAR - fantomas wrote:
Yes, this is one of the problem "authoritative zones for local use".
On 28.03.23 12:18, Grant Taylor via bind-users wrote:
Authorizing the /zone/ for local use wasn't the problem. The problem
was that the world could get some
can have separate cache.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to
engage.ticketmaster.com/NS/IN': 205.251.194.123#53
The host resolves fine on my bind-9.16.38 system using the exact same
configuration, as well as most or all public resolvers.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advert
internet, obviously the internet
sources fall into your internal view, not into this one.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
S
interface (unless you also configure SNAT for those
packets), so they are not exactly the same.
In some cases you may need both.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem
On 27.06.23 16:22, sami.ra...@sofrecom.com wrote:
Hello In DNS benchmarking which is more important latency or response
time? for a DNS server what is the difference between the two values?
I don't see any difference between those two.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ;
wise, you can set up multiple views with different versions of the same
zone, configured to provide different verision according to source IP.
This is much harder to set up.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail adverti
t value, but not when the wildcard
entry is there. But Google and other major DNS providers return the
non-wildcard value as expected.
Please provide concrete example, I can't query fun.test.test.me. nor
test.test.me.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
ones in AD, you can't
use multiple servers as the zones are often not in sync.
I would either create hidden primary that would process dynamic updates.
For DNSSEC and inline signing, hidden primary looks as best option to me.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fanto
r changed to the one I described above a long time ago.
Perhaps after BIND 9.8
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support
think this is question for webmin/virtualmin, but from what I know about
webmin it tends to edit local configuration, so I guess it will edit primary
zone file.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this
er {
IP address;
};
};
I am clueless what is going wrong. Any help is greatly appreciated
your nameserver does not update secondary(slave) zones, therefore
allow-update does not make sense.
you should remove it or replace with allow-update-forwarding so all received
updates are forwarded to
ch service are we
using - if there are multiple IP's for _anything_, return topologically
closer first.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT ak
e
authorized domain server?
I have looked onto it manually, so far found nothing.
rndc dumpdb could generate named output where you should be able to find out
the culprit.
the difference between current version of zone between ns1.gov.sk and
ns2.gov.sk could affectg this problem.
--
Matus
168.56.157;};
also-notify {192.168.56.157;};
notify explicit;"
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. On
in a doc that the < * > can only be the leftmost label in the name.
correct.
Is there an other way to simplify or does I have to add each entry individually?
no, but the question is if you really need this.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning:
or server1.example.com.
Simply, wildcarding is not for case like this.
-Message d'origine-
De : bind-users De la part de Matus UHLAR -
fantomas
Envoyé : mardi 14 mai 2024 15:58
À : bind-users@lists.isc.org
Objet : Re: SRV on multiple subdomains
On 14.05.24 13:08, DEMBLANS Mathieu w
missed?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The early bird may get the worm, but the second mouse gets the cheese.
--
Visit
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet.
--
Visit https://lists.isc.org/mailman/listinfo/bin
nd PMTUD.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
--
Visit https://lists.isc.org/m
TION:
epi.es. 259200 IN NS ns3.epi.es.
epi.es. 180 IN NS ns1.epi.es.
epi.es. 300 IN NS ns1.epi.es.
epi.es. 300 IN NS ns2.epi.es.
epi.es. 3600IN NS ns2.epi.es
key.mg-esp-prod-eu-eu.mallorcazeitung.es SOA ns1.epi.es
I therefore suspect that the delay will be even greater tomorrow again
when the newsletter arrives, so that the "communication error" will
occur again.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I
many queries.
is it possible to disable query minimisation for particular domains?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Athe
On 15 Jul 2024, at 23:27, Matus UHLAR - fantomas wrote:
I have noticed that especially DNS blocklist cause errors like:
Jul 14 01:41:28 fantomas named[1854]: success resolving
'D.C.B.A.zen.spamhaus.org/A' after disabling qname minimization due to 'ncache
nxdomain'
quot; zone, named started working,
I just needed to add
validate-except { "local"; };
guess I understand why.
From the history I remember that defining zone (example.local) with no
delegation in the parent zone (local) does not cause issues (locally).
Is "type forward" spec
have NS in the root ( or closest enclosing
authoritative zone).
Thanks, this worked.
I created ".local" zone (copied from db.empty) with dummy NS for
"example.local" and forwarding works, just as ".local" is resolved locally.
On Fri, Aug 16, 2024, 7:13 AM Matus UH
unstripped BIND with debug informations and
inspecting core file).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers giv
ingle BIND instance with two separate views and
that should not affect functionality.
I suppose you are running 64bit OS, so you can have really huge cache
(>4GB)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this
On 2/7/2012 11:17 AM, Matus UHLAR - fantomas wrote:
You can even run a single BIND instance with two separate views and that should
not affect functionality.
On 07.02.12 04:02, sasa sasa wrote:
Wouldn't this have mixed (one) caches?
No, unless you use attach-cache directive.
However
e's not much to separate there,
unless if gives you some kind of safety or other advantage, but I don't
know about any that would help in such case.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Va
.3.4..
or into
IN MX 1.2.3.4.
IN NS 1.2.3.4.
where 4. is not a valid TLD and thus they point nowhere.
Any glue? Thanks.
you probably mean a clue ;-)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Var
AFAIK 'rndc flush' will do the same.
Thanks - we're doing a nightly restart for other reasons.
what?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVA
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !
___
Ple
to provide
alternate suggestions for misspelled domain names. Note that
names that are in DNSSEC-signed domains are exempted from
this when validation is in use. [RT #23146]
just by signing? so I can spare all our domains from being misused by
such shit just by signing them?
--
Matus UHLAR - fa
R ended
Mar 2 14:33:22 ns0 named[806928]: client [ns4]#48700/key ns0-ns4
(pesky.zone): transfer of 'pesky.zone/IN': IXFR ended
Mar 2 14:33:22 ns0 named[806928]: client [ns1]#51607/key ns0-ns1
(pesky.zone): transfer of 'pesky.zone/IN': IXFR ended
--
Matus U
IPv4.
SpamHaus has some recommendations related to IPv6 in order to avoid
overhauling DNS when abusive client changes IPs to abuse servers.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na
is is just one of reasons
nslookup is not recommended for use.
you can create PTR record for your nameserver and configure the
nameserver to know the PTR, to work around this problem.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e
hange the serial number) a reload will implement the new
changes.
Well, iirc the OP's problem is that when "rndc reload" is NOT for
individual zone file, it takes very long. The question is, if/how can
it be made to run faster.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; htt
you can also use "host", as it simpler and usually gives you what you
need, unless you need to debug DNS itself.
On Fri, 16 Mar 2012, Matus UHLAR - fantomas wrote:
the main problem is nslookup itself, and this is just one of
reasons nslookup is not recommended for use.
[...]
server with a load balance method. Each
server will get 5 requests.
there are network appliances that allow to do such thing. For example,
nortel alteon, cisco ACE, or linux ipvs.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising
.52.75.53: 18071+$ [1au] A?
www.dubaiairport.com. ar: OPT UDPsize=4096 (49)
; <<>> DiG 9.9.0rc2 <<>> -b 0.0.0.0#53 www.dubaiairport.com
@svr-b003.dubaiairport.com
;; global options: +cmd
;; connection timed out; no servers could be reached
bsdi#
--
Matus UHLAR - f
On 21/03/2012 09:41, Matus UHLAR - fantomas wrote:
maybe the admin set that up to force local servers using random ports,
instead of 53, for outgoing requests. Nobody should use port 53 for
_ougtoing_ requests.
On 21.03.12 23:41, Anand Buddhdev wrote:
You're wrong. A name server can us
they
ask...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86,
google DNS server
c. Forward a third set of LAN users by default through OpenDNS
but for some domains through google DNS.
why forward those queries? Is there any reason why you can't resolve
them with your bind?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Wa
ering, should access opendns services directly,
not through other server - I guess opendns filters depending on source
IP, which will be the same for all clients using your dns server.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advert
195.168.157.82#35647:
query 'cf._dns-sd._udp.132.110.254.10.in-addr.arpa/TXT/IN' denied
these requests are denied, because we use private IPS from those ranges
and I don't want to make them available for users.
Can these requests cause resolving problems on Apple computers?
--
Matus
In message <20120405090858.ga29...@fantomas.sk>, Matus UHLAR - fantomas writes:
our customer (an ISP) reported that his clients have problems resolving
sites like facebook, youtube, aplestores and that the problems only
affect apple computers.
I notice many requests for dns service dis
for the domain or domains abovec. Check all servers in
the resolution path for the answer.
It's a quite common problem with master/slave synchronization, multiple
masters, or a missing delegation to a subdomain, where this can happen.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://ww
On 10.04.12 19:24, rams wrote:
When I get TC flag for UDP query?
when the answer is too big to fit into the UDP packet of sice 512
(default) or client-provided (when your client advises bigger buffer size)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish
misconfigured. They are returning answers as if they are configured
for ryanair.com (see the SOA record) instead of www.ryanair.com as
can be seen below.
Hmm, I've been solving their problem years ago. Haven't they still fix
that?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.
I want to limit number query done by a client. The usage of
resources in my equipments is very high specially in my firewall.
either you have misconfigured or misbehaving client, or you need
to upgrade your dns server. By limiting queries you may cause troubles
to your clients.
--
Matus
zones
16.16.172.in-addr.arpa
...
31.16.172.in-addr.arpa
and use it as 16 separate /16 zones. Better do not try to make this
easiee, you will end in making that more complicated and error-prone.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail
o things this weay and better split the /16
block to 256 od /24 blocks and simply delegate each other as you need.
Doing it simple is both nice and resistant to errors.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to
27;t there anything other that will trigger transfer attempt, or is it
useless in such case?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu
r remotely what should I do
to enable that?
your server has apparently problems with internet conectivity. Is it
behind firewall?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu c
syslog daemon is for, simply
configure it to forward logs to another machine.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a
either forwards, or resolves. If it resolves, it is
authoritative - if it does not have the answer, then the answer does
not exist. You can use lightweight DNS servers like dnsmasq that can
locally resolve some hosts and forward all the rest.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
most memory,
it currently uses 1359868 VSZ and 732852 RSS after 38 days with ~432
queries per second.
I have even increased max-ttl and max-negative-ttl to see if it affects
memory usage.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e
..
(the best is to have records in the database, so you can sort according
to anything you need)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek rekl
egation NS records for subzones.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there&
to get to
sites like facebook, youtube, apple store etc. I don't work for the company
anymore so I have no idea if they have fixed it (the only way I could think
of it was to change the company's DNS architecture
https://lists.isc.org/pipermail/bind-users/2012-April/087314.html
--
Matus
lution when your local
servers are unreachable.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential libert
g else should be
standard DNS.
isn't the client self-registration the reason why scavenging is needed?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek
data).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it re
Ignore them. They will be addressed in the next maintenance release.
But not for 9.7, since 9.7 is EOL since november 2012. Correct?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu
der)
did not help me with this.
Can anyone enlight me in this?
Thank you.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what ki
erformance.
I know. But there are cases you just have much of data in the DNS and what I
am asking is, if BIND really does skip authority section, if it helps to
avoid sending truncated packets.
If it does, the minimal-responses does NOT affect packet truncation. if it
does not, I ask why
you
better upgrade to version that has no famous assertion failures?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly,
Matus UHLAR - fantomas wrote:
I know. But there are cases you just have much of data in the DNS and what I
am asking is, if BIND really does skip authority section, if it helps to
avoid sending truncated packets.
On 28.11.12 18:38, Tony Finch wrote:
Yes it does. For example, have a look at
On Thu, Nov 29, 2012 at 7:25 PM, Matus UHLAR - fantomas
wrote:
famous assertion failures? What system do you run the BIND on? Shouldn't
you
better upgrade to version that has no famous assertion failures?
On 29.11.12 20:50, Alexander Gurvitz wrote:
Well, of course it's extremely e
m.
videolinedvd.com. 172800 IN NS ns2.videolinedvd.com.
;; ADDITIONAL SECTION:
ns1.videolinedvd.com. 172800 IN A 72.167.164.36
ns2.videolinedvd.com. 172800 IN A 72.167.164.36
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warn
, it just won't work.
at the time I have checked, the server ad given were not responding.
So I can not say if there are any records... did you get any?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address
On 28.11.12 18:38, Tony Finch wrote:
Yes it does. For example, have a look at responses to queries for
dotat.at
in mx for various buffer sizes and observe that RRsets are dropped but
the
TC bit is not set.
On 11/30/2012 01:30 PM, Matus UHLAR - fantomas wrote:
Nice to see. I'm s
...
If anyone has better info on how do microsoft AD sevrers work with DNS, just
let us know...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu
x27;s done this way just to have dumps and core files in /var/cache/bind
where named usually can write, instead of /etc where it usually can't (and
shouldn't).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to th
ou suggest me a document from which I can extract few questions?
Sorry for the OT and thanks in advance.
Sorry for not responding sooner, but I have not idea where you could find
such informations. I can only recommend you to search the net for already
existing dns knowledge tests...
--
M
clude "named.conf.options"
- named.conf.options
options {
listen-on "...";
};
I used instead:
- named.conf:
options {
// common.options
...
include "named.conf.options";
};
- named.conf.options:
// host-specific options
listen-on "...";
--
Mat
x27;s why we use /var)
On 03.12.12 21:32, Daniele Imbrogino wrote:
I edited the working directory to /etc/bind because this is the directory
where I have all the zone data files.
If I use the default /var/cache/bind do I have to move also the zone data
files
2012/12/5 Matus UHLAR - fantomas
;exceeded" messages go away.
Has anyone had a similar problem? If so, how did you resolve this?
with 100k of zones, you must increase limits. Or, use different technique
for distributing changes, e.g. NOTIFY and increase the refresh (and retry)
times to avoid useless timeouts.
-
n acl.
you can define master server via masters {} directive, and use it in
also-notify {} clause.
you will just have to define 74.81.81.82 two times - in both acl and masters
directives...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-ma
should do
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture s
onality. I advise
check with more of them, since there's none I would completely trust.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu pos
ble to use solutions
that require wildcards ;-)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential libert
Matus UHLAR - fantomas wrote:
On 16.01.13 14:57, Baird, Josh wrote:
> Is it acceptable to have a wildcard CNAME? Example:
>
> * IN CNAMEsomewhere.com.
>
> Or, would it be advised to only use wildcard 'A' records?
while it is t
getting non-authoritative responses, but with recursion
allowed. Both are unexpected so named complains.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek rek
184.142.in-addr.arpa.
Saturn works OK for most questions, and returns a PTR record if you ask
for ANY, but if you request a PTR directly it ignores you.
some kind of lame DNS "load balancers"?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish N
reason behind it that both
servers' having queries ?
there are cases where DNS resolver sorts IP addresses and thus prefersone of
them. There are also cases where DNS resolver measures response time and
uses the faster DNS server.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ;
ny of them.
when BIND (or whomever) logs nameserver it should log both name IP.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is l
.
expire 604800 change that to 4w
not needed but
and negative cache value 86400 drop that to no more than 3600,
maybe even just use 600.
I agree with this one. Value 86400 for negative cache is widely used, but
mostly from obsolete understanding of SOA field name "minimum".
--
Ma
or NS records for the
BIND to know who to ask for records.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dve
he httnets ACL?
, so nothing should be querying cache?
correct, no external hosts should query your cache.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
searching.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse
__
rticularly when we are suppose to have
different views for different clients.
So for my internal view where I:
match-clients{ httnets; };
match-destinations{ httnets; };
recursion yes;
allow-query{ httnets; };
On 02/21/2013 10:40 AM, Matus UHLAR - fantomas wrote
1 - 100 of 1052 matches
Mail list logo
