Re: SRV on multiple subdomains

On 14 May 2024, at 15:20, DEMBLANS Mathieu wrote: A part of the subdomains are managed by us, others subdomains by an other entity. So we can't configure a generic target for all subdomains as each entity has its own target for SRV entries. -Message d'origine- De : bind-users bind-us

Re: State diagram for DNSsec key lifecycle

ect I might not be alone. 8-) Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind bind-9.3.6-16.P1.el5_7.1 - socket.c:4373: unexpected error

On 27 Feb 2012, at 13:18, Rafał Radecki wrote: > Feb 27 13:44:13 dns1 named[21599]: isc_socket_create: fcntl/reserved: > Too many open files It's likely that this isn't specific to BIND, but a consequence of the (combination of) load(s) on your system. Results from Googl

Re: Master/slave configuration

On 8 Mar 2012, at 02:58, Lyle Giese wrote (on bind-users): > On linux boxes, adding > > options rotate > > to the /etc/resolv.conf helps. [cross-posted, reply-to header set] Is there a DHCP option which expresses that, and which typical fielded DHCP clients will respe

Re: Restricting access & keeping identical data across views

'm not averse to contributing some effort to such a project. ATB Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org htt

Re: Restricting access & keeping identical data across views

't be an issue. The devil is in the details, which I'll spare you! 8-) Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list b

Re: erros in logs

your request or has sent a badly-formed response. You can expect to see these all the time when you run a resolver. There are broken and misconfigured servers out there! I hope this helps. Niall O'Reilly ___ P

Re: Transfer the same zone from a split-view master

what you expected to happen, and what actually happened. People won't help unless they believe you're making a serious effort; so far, you haven't sent anything which might convince them. Best regards, Niall O'Reilly

Several (>2) different views

uot;captive" { match-clients { captive-clients; }; // view details go here ... }; // End view "captive" view "internal" { match-clients { internal-clients; }; // view details go here ... }; // standard view: 'general' view "gene

Re: Several (>2) different views [SOLVED]

On 3 Jul 2012, at 21:21, Rodrigo Renie Braga wrote: > Just giving a feedback, this method worked great, but in my case, didn't have > no negate the keys in the ACL (like the example below), I created one key for > each ACL in my configuration and used that ACL for the "match-clients" > directi

Re: Basic scope question

On 10/07/12 18:07, Bennett, Gary L. wrote: > No, have that part. Was just wondering which domain-name-servers parm, > global or in DHCP address pool, has precedence. Thanks. The more specific specific over-rides the global one. Niall O&

Re: recursive-clients recommended values

ers/2009-August/077589.html. Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: SRV query with no domain?

On 16 Aug 2012, at 15:42, Christopher Cain wrote: > Of course a dig query will fail without the domain appended. Dig takes > you query at face value and will not append domains from your search > suffix list like nslookup and ping will. You ALWAYS have to fully qualify > your requests when usin

Re: ho to filter hundeds of domains ?

Besides, if you take this approach, you will have to commit resources to chasing a moving target. Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from t

Re: question about how a particular dig works ...

On 18 Sep 2012, at 14:45, M. Meadows wrote: > dig www.careerone.com.au +short @8.8.8.8 > www.careerone.com.au.edgesuite.net. > a903.g.akamai.net. > 208.44.23.99 > 208.44.23.121 > > Why does the above dig work when If you try dig +trace www.careerone.com.au you'll find that t

RH release selection (was: Moving from "type forward" to "type static-stub")

On 21 Sep 2012, at 08:55, Adam Tkac wrote: > Because rc2 was released too late to get it into RHEL 6.3... Btw which is the > bug that bothers you? Why don't you report it to RH bugzilla? I don't understand why RH would choose to include a release candidate rather than a stable re

Re: dhcpd

to use DHCP instead of BOOTP. Jim Glassford's suggestion seems good enough to me. On 18 Oct 2012, at 14:28, Jim Glassford wrote: > We just continue to deny bootp for subnets that have no need for it and > ignore them. Best regards, Niall O'Reilly U

Re: Update view without using 2 ip for each DNS Server

The example in the last one is extracted from a live configuration which I'm responsible for. Best regards, Niall O'Reilly University College Dublin IT Services ___ Please visit https://lists.isc.org/mailman/lis

Re: what do you use for logging?

On 17 Jan 2013, at 20:58, Mike Hoskins (michoski) wrote: > Syslog as the default is perfectly fine with us. Please keep that as the default, following the principle of least astonishment. > I do also use the rotated file method a few places, so hoping that doesn't > disappear.

Re: what do you use for logging?

On 18 Jan 2013, at 06:27, Jan-Piet Mens wrote: >> Could "CLI utility" be man(1) and info(1)? :-) > > It could, yes, but `b10-msg NNN` isn't going to break BIND 10's > development budget (I hope), +1 > and I feel it to be more practical than > scrolling through a man page with 900+ err

Re: what do you use for logging?

r offers. Best regards Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND9 statistics-server: JSON?

On 15 Feb 2013, at 05:57, Jan-Piet Mens wrote: > would there be a chance of ISC adding this to stock > BIND9? Even better: would ISC take on the work of doing it? ;-) FWIW: +1 /Niall ___ Please visit https://lists.isc.org/mailman/list

Re: Blocking private addresses with a optionq

On 14 Mar 2013, at 15:57, Chris Buxton wrote: > No, I'm pretty sure the OP wants to strip records from responses if the > records are A records referring to private address space (RFC 1918). > > I've no idea how you would do this. Other than separate views, with a "trimmed" zone in the

Re: Blocking private addresses with a optionq

On 14 Mar 2013, at 16:22, Chris Buxton wrote: > Well, yes, if the server in question is authoritative for all the data in > question. But if it's just a resolver, that may be more difficult. Fair comment. I was (perhaps naïvely) being led by my aversion to open resolvers

Re: Suspecious DNS traffic

ur server. Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Some Server not Resolving certain address

dig @127.0.0.1 ... you can be sure that the server on which your shell session is running is the one to which dig sends the query. If this is not what you need, use the address of the server's network interface. ATB Niall

Re: Reverse address entries

On Fri, 28 Jun 2013 13:57:44 -0400 "Novosielski, Ryan" wrote: > The short answer is "some software once cared." Does it still now, I'm > not sure. But we do it. Some still does Niall O'Reilly __

Re: Slave not creating/updating zones

On 15 Jul 2013, at 12:49, Grace Ingabire wrote: > The issue is now resolved, my master was not configured properly! There's something else: LTD.RW seems not to be delegated. The problem seems to be masked from you because this zone and its parent are both hosted on ns{1

Re: BIND 9.8.1-P1: 'make test' fails

On 22 Nov 2011, at 11:24, Niall O'Reilly wrote: > Since quite a few years, I habitually run 'make test' after building BIND > from sources. I'me seiing a failure with 9.8.1-P1, and wonder whether > anyone else is also. [By way of putting this to bed, a

Re: BIND 9.8.1-P1: 'make test' fails

On 20 Aug 2013, at 15:08, Chris Buxton wrote: > There is a mailing list for Net::DNS. > > List-Subscribe: , > > > That said, there was a discussion last December about what ha

Re: ISO or virtual appliance

or delegate www.example.com as a tiny dynamic zone and update it directly. Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.o

Re: packet size

On 11 Sep 2013, at 17:24, Maria Iano wrote: > What does it mean when the edns0 response to a dig says the overall packet > size will be one value Not "will be one value" but "can be no more than that value". > but the message size reported is different. That's the actual size

Re: use bind 9.8 as caching server and authoritative nameserver

/6584/show/the-afnic-scientific-council-shares-its-report-on-dns-based-internet-filtering.html Best regards, Niall O'Reilly Member of AFNIC's Conseil Scientifique PS. I wan't a significant contributor to this report. Credit for that belongs to the

Re: Recursive DNS server cannot resolve the reverse zone records from my IPv6 private network

t place the corresponding record(s) in the zone file you're using. Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users

Re: missing ‘additional section’

On 18 Dec 2013, at 15:19, houguanghua wrote: > Is there any way to enable the Additional Section? Thanks. The server sends data in the additional section if either (a) these data are required, or (b) the server supports and is configured to send data which, although not

Re: bad owner name - Unable to add forward map from Nintendo Wii U ... REFUSED

figuration of this server, I expect you're in a position to determine what owner name is passed to the DNS server, and that this approach might be what you need. This thread probably belongs better on the dhcp-users list ... Niall O'Reilly ___

Re: intermittent resolving problem for some domains

r your server which is giving these messages can reach any of the root servers or even any of the external Internet. Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this

Re: How to setup a backup NameServer?

At Tue, 29 Apr 2014 10:24:58 +, houguanghua wrote: > > Yes, I had asked the same question months ago. > I'm designing how to protect DNS for an ISP. The zones are not owned > by the ISP. The ISP wants to proect the DNS query during attacking. > So it's not standard DNS solution. During the at

Re: Does bind read /etc/hosts?

he DNS. For more information, please see http://serverfault.com/questions/498500/why-does-the-host-command-not-resolve-entries-in-etc-hosts Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri

Re: Digging to the final IP

At Tue, 21 Oct 2014 22:31:28 -0500, Frank Bulk wrote: > > Dave, > > Thanks for the input, but what I was looking for was a dig command that > returns the IP(s) or a fail. It looks like the host command is the right > solution in this case, not dig. Doesn't egrep fail on no match? Niall _

Re: Digging to the final IP

At Thu, 23 Oct 2014 15:17:49 +0100, Sam Wilson wrote: > > In article , > Bob Harold wrote: > > > Anytime you see 'grep' and 'cut' used together, they can usually be > > shortened to just 'awk', which requires starting one less process. And if > > this case it splits fields the way a users sees

Re: Digging to the final IP

At Thu, 23 Oct 2014 15:17:49 +0100, Sam Wilson wrote: > > In article , > Bob Harold wrote: > > > Anytime you see 'grep' and 'cut' used together, they can usually be > > shortened to just 'awk', which requires starting one less process. And if > > this case it splits fields the way a users sees

Re: recursive-clients : recommended value for a high traffic recursive nameserver

nts list. This may be due to rogue clients, misconfigured authoritative servers, network problems, or some combination of these. Your logs will help identify which. I hope this helps. Niall O'Reilly ___ Please visit https://lists.isc.org

Re: recursive-clients : recommended value for a high traffic recursive nameserver

nts list. This may be due to rogue clients, misconfigured authoritative servers, network problems, or some combination of these. Your logs will help identify which. I hope this helps. Niall O'Reilly ___ Please visit https://lists.isc.org

Re: BIND9 Return different IP address based on subnet

At Sat, 3 Jan 2015 19:24:47 +0100, Christian Kette wrote: > > I have found a workaround. > I defined a different zone for every network A simpler solution might be to use a sortlist. From the ARM: 6.2.16.13 The sortlist Statement The response to a DNS query may consist of multiple resource

Re: BIND response time is relatively high

At Mon, 26 Jan 2015 21:50:37 +, Darcy Kevin (FCA) wrote: > > > The parameter that is glaringly missing from your list is > “recursive-clients”. Do you have that set at default value (1000) or > have you bumped it up higher? Since you say that this happens at “peak > hours”, recursive-clients

Re: lists subdomain not fully working

I sit, this problem does not appear. If you can confirm that this problem is still present, you'll need to look for help with analysing it to someone who has access to the name server(s) used by this SMTP server. Either of the users you mention may be able to help. Best regar

Re: lists subdomain not fully working [SOLVED]

On Wed, 27 May 2015 07:50:12 +0100, Lucio Crusca wrote: > > I've now fixed the MNAME and I have to wait propagation before testing > again, but I'm really confident it will solve the problem, Fammi sapere, per piacere ... Niall ___ Please visit h

Re: Issue in calling same zone in more than one VIEW

n. > This is happening because I am calling same zone file in both view. > > Please help me out what I should do for getting rid of this issue. You need to use as many copies of each zone file as you have views needing to write to it. Best regards, Niall O'Reilly

Re: Issue in calling same zone in more than one VIEW

On Fri, 29 May 2015 11:25:48 +0100, Cathy Almond wrote: > > > From 9.10.0 there is a new zone type 'in-view'. From the release notes: Neat! Thanks and best regards, Niall O'Reilly ___ Please visit https://lists.

Re: Issue in calling same zone in more than one VIEW

k you'll find that just one of your views can reference the zone file, while the other(s) will have an "in-view" option referencing the first view. I hope this helps. Best regards, Niall O'Reilly ___ Please visit https:

Re: windows client request timed out

se has an article which may be useful: https://kb.isc.org/article/AA-00269/0/What-has-changed-in-the-behavior-of-allow-recursion-and-allow-query-cache.html Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo

Re: Multiple A and PTR and the "main" ones?

On Fri, 11 Sep 2015 15:54:52 +0100, David Ford wrote: > > [...] satisfy RFC requirements for DNS [...] Would you mind citing? Thanks Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe

Re: problem using setuid ("-u" option) with BIND 9.10.3 on RedHat when listening on tun/tap interface

use the "-u" option of > "named" to lower the privileges after launch (requiring native root > privileges to launch), but I can't use both at the same time. > > Can anyone shed any light on this scenario? I'm missing some informat

Re: problem using setuid ("-u" option) with BIND 9.10.3 on RedHat when listening on tun/tap interface

x27; with the "-u incadmin" option, it > works fine -- it listens on the configured ip's and it changes the > owner of the process to 'incadmin'. This is the "traditional" way to run a reduced-privilege instance of named. I've used it, and I be

Re: dname reverse delegation

> 0/24 NS RR? It seems like because of the above DNAME RR it expects and > zone file for the 0/24. However I just want to forward this. I'm sorry. I don't understand what you think you're trying to achieve. I hope this helps. Best regards, Niall O'Reilly __

Re: subdomain/zone with DHCPD

On 15 October 2015 15:56:42 BST, lejeczek wrote: >hi everybody > >I'm trying a bind setup which could be talked to by dhcpd. >I've bind setup with virtual zones and now trying to set up >dhcpd so it would be updating DNS, but... but. > >In dhcpd.conf I'm trying: and what's in your named.conf

Re: unalbe-to-query

to run a comprehensive series of tests against the zone(s) which are giving you trouble. Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users ma

Re: BIND started replying to queries for .com with .COM

On 1 Apr 2016, at 11:08, Tony Finch wrote: > Robert Edmonds wrote: >> Tony Finch wrote: >>> Phil Mayers wrote: What is considered the source of the ownername for, say, "com."? >>> >>> It should be the root zone master file. >> >> Why not the com zone master file? > > If you are going

Re: Request for review of performance advice

On 9 Jul 2020, at 21:25, Havard Eidnes via bind-users wrote: > 2e#1) Make sure your UDP socket *receive* buffers are big enough. > If on BSD, monitor for "dropped due to full socket buffers" > count in "netstat -s" output, and tune accordingly. Note that > this may be a symptom

Re: Possible to condition a view based on the interface the query comes in on?

match-destinations ? ⁣--- >From an Android device, using BlueMail, which forces top-posting.​ On 18 Nov 2021, 20:40, at 20:40, Fred Morris wrote: >I wanted to provide enhanced recursive DNS to (internal) clients on an >"opt in" basis, which is to say that clients could choose whether or >not >to

dns_dnssec_findzonekeys2: error reading WHATEVER.private: file not found

Hello. Using BIND 9.16.1-Ubuntu (Stable Release) because that’s what’s most simply available on Ubuntu 20.04.3 LTS (Focal Fossa), I’m seeing messages reporting that private key files can’t be found, such as the one in the subject line. The files look to me to be present as expected. I shall be g

Re: dns_dnssec_findzonekeys2: error reading WHATEVER.private: file not found

On 23 Feb 2022, at 14:32, Niall O'Reilly wrote: > I shall be grateful for any helpful advice. Thanks to Josef Moeller and Ondřej Surý. Niall -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid

How to prevent gratuitous publication of CDS/CDNSKEY records

Hi. Clue needed, please. I’ve managed to migrate a number of zones from cron-driven signing using homegrown scripts to automatic management by named, while retaining the respective original KSK for each. Following migration, ZSK:s have been replaced as might be expected, since the keys were shor

Re: How to prevent gratuitous publication of CDS/CDNSKEY records

On 14 Apr 2022, at 13:22, Matthijs Mekking wrote: these records may also stay in the zone. BIND chooses to keep them in the zone Thanks, Matthijs. That fills the gap for me. Niall -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the developm

Unexpected extra care needed for building BIND 9.18.8

Building BIND 9.18.8 from source seems to need ./configure; LD_RUN_PATH=/usr/local/lib make; sudo make install instead of the traditional ./configure; make; sudo make install Using the traditional recipe, I obtained the run-time error message named: error while loading shared libraries: libis

Re: Unexpected extra care needed for building BIND 9.18.8

Thanks for replying so promptly, Ondřej. On 6 Nov 2022, at 15:34, Ondřej Surý wrote: Nope, that’s local to your system. Hard to tell what’s wrong from just a single message, but either there’s cruft somewhere in the path with more priority That was it. Rebuilding the cache cleared the proble

How to introduce automatic signing for existing signed zones?

I have a couple of zones which I want to migrate from CLI-driven signing to BIND9 automatic signing, while avoiding any change to the respective parent-zone DS RR. Status quo ante: - https://dnsviz.net/d/no8.be/dnssec/ separate KSK, ZSK; both using alg 13 - https://dnsviz.net/d/jamm.ie/dnssec/

Re: How to introduce automatic signing for existing signed zones?

Thank you for your speedy response, Matthijs. On 7 Nov 2022, at 13:10, Matthijs Mekking wrote: Ignore that, I saw too late there were attachments. Perhaps I ought to have mentioned them explicitly. Are you able to share the public key and key state files with me so I can investigate why BIN

Re: How to introduce automatic signing for existing signed zones?

On 7 Nov 2022, at 11:40, Niall O'Reilly wrote: > Preparation: > > - Set up minimal stand-alone instance of BIND9 named, > configured with a **dnssec-policy** for each algorithm, > matching properties of existing DNSSEC keys, and with > `lifetime unlimited`; > - Del

Re: How to introduce automatic signing for existing signed zones?

On 8 Nov 2022, at 7:54, Matthijs Mekking wrote: Thanks for reporting back. This is an omission in our KB article that I will fix. Thanks, Matthijs. I think that will be useful. Niall -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the devel

Documentation suggestion for Ubuntu PPA http://ppa.launchpad.net/isc/bind/ubuntu

pathnames. Do I understand correctly that this advice also applies to zones for which a dnssec-policy and inline-signing (rather than update-policy) are specified? If so, it might be well to extend the parenthesis "(such as ...)" to mention this case also. Best regards, Niall O&#

Re: [KASP] setup KASP in master / slave architecture

On 16 Dec 2022, at 15:59, adrien sipasseuth wrote: > - on the slaves: files .db > > I don't understand why there is no .db.signed file on my slave > knowing that a dig from a slave does return RRSIG. The secondary (slave) only needs one file to hold whatever zone data the primary provides when tr

Re: Zone not showing us as authority

the 'AA' flag set, indicating that is is aware of its own authority. Were you expecting something else? Best regards, Niall O'Reilly University College Dublin IT Services ___ bind-users mailing l

Re: nsupdate ACL based on a key AND ip-subnet

On Fri, 2008-11-14 at 17:35 -0800, Chris Buxton wrote: > Use a firewall (with deep packet inspection) to restrict by subnet. > Then use the TSIG key in the allow-update statement. > > Unfortunately, to my knowledge, that's the only way to do this. Wouldn't using a BIND view to restrict

Re: Is it possible to use one KSK for multiple domains?

ATA in the DNSKEY RRsets of multiple zones. I haven't read 4033/4034 thoroughly, so it's possible I may have misunderstood completely. Best regards, Niall O'Reilly ___ bind-users mailing list bind-user

Re: Is it possible to use one KSK for multiple domains?

On Thu, 2008-11-20 at 14:15 +0100, Adam Tkac wrote: > It isn't possible to validate myzone1.tld. with key from other zone, > for example myzone2.tld., is it? No, but Chris explained better than I did what I had in mind. On Thu, 2008-11-20 at 11:43 +, Chris Thompson wrote: > the DNSKEY

Re: Zone not propogating to slaves

On Wed, 2008-11-19 at 19:36 -0800, Steve Koon wrote: [ ... ] > Anyone know why I am getting this “not authoritative” message and no > zone file on .118 all of a sudden? [ ... ] > This is the log message in the 69.25.129.118 slave > > client 69.25.129.117#1304: received notify for zone > 'manzanit

Re: BIND and ENUM NAPTR...

here any references? Lots: RFC3761; Google "ENUM tutorial"; RIPE-46. I hope this helps. Best regards, Niall O'Reilly ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: 512 byte limit

On Wed, 2009-01-21 at 11:47 -0500, Todd Snyder wrote: > I was under the (likely mistaken) impression that over 512 wasn't > allowed, but there it is ... > > I could very well be completely messed up regarding the rules, so > please > forgive my ignorance. If you know my answer is in TFM, please b

Re: denied NS/IN

On Wed, 2009-01-21 at 12:44 +1100, Mark Andrews wrote: > You should talk to your ISP to chase the traffic back to > its source and get BCP 38 implemented there. BCP 38 is ~10 > years old now. There is no excuse for not filtering spoofed > traffic. Absolute

Re: denied NS/IN

On Thu, 2009-01-22 at 10:25 +1100, Mark Andrews wrote: > One way to test is to have a test box that sends spoofed traffic > to a machine you control. Thanks, Mark. That tells me pretty well what I needed to know, but hoped not to hear: I have to build my own bot-net. 8-)

Re: rndc halt -p behavior

On Wed, 2009-01-21 at 19:14 -0600, Jeremy C. Reed wrote: > Maybe we should just remove the "immediately" part. > > Any suggestions would be appreciated. If you're going to make a change, adding a little more information wouldn't hurt, would it? Perhaps: s/immediately/cle

Re: Open Ports in BIND

[ Copied to list to let other know that this question has been answered ] On Sun, 2009-02-01 at 18:08 +0330, Bind wrote: > # netstat -an |grep 53 |wc > 3911223 20656 > > is first number the total queries which asked from my server on port > 53 or > number of session

Re: Caching-only Name server does Zone Updates

On Mon, 2009-02-02 at 17:25 +0530, Ashish wrote: > Our DNS is configured as Caching-only Name server. How do you know? > However, it's still > performing Zone updates like a Slave Name Server. How many 'zone' sections are in your configuration? Why not post your configu

Re: Pruning the reverse zone tree

On Wed, 2009-02-04 at 16:57 +, Chris Thompson wrote: > I would welcome feedback on > > http://people.pwf.cam.ac.uk/cet1/prune-reverse-zones > > which describes a scheme we are experimenting with for reverse > lookup. (Executive summary: take RFC 2317 and carry the ideas > to their [possibly

Re: Microsoft Exchange Installer.

d help, I would be interested, as the experience may help me anticipate and/or forestall potential problems of a similar nature. Best regards, Niall O'Reilly University College Dublin IT Services (just a ferry-ride away!) ___

Re: How to create the TSIG?

On Thu, 2009-02-05 at 16:58 -0800, Chris Buxton wrote: > Use a different key for each slave. Definitely, if each of your slaves is under distinct administration. If some organization is managing more than one of your slaves for you, I'ld suggest using a distinct ke

adb.c:1526: INSIST(find->adbname == ((void *)0)) failed

joe(user)8: uname -a Linux marlay.no8.be 2.6.9-1.667 #1 Tue Nov 2 14:41:31 EST 2004 i586 i586 i386 GNU/Linux joe(user)9: named -v BIND 9.4.2-P1 joe(user)10: grep INSIST /var/log/messages.1 Feb 13 14:12:57 marlay named[2226]: adb.c:1526: INSIST(find->adbname == ((void *)0)) failed joe(user)11:

Re: max open files & max sockets

On Sun, 2009-02-15 at 14:34 +0700, budsz wrote: > > I need to know, how to resolve this problem. It's not clear that there is a problem. If you're sure to need more than 3405 concurrent connections to your name server, you may well need more headroom than a socke

Re: adb.c:1526: INSIST(find->adbname == ((void *)0)) failed

On Mon, 2009-02-16 at 12:17 +1100, Mark Andrews wrote: > It should be unrelated. I would however still upgrade. Thanks, Mark. If I don't see the same assertion failure with the current release, I guess that's closed. One advantage of upgrading is getting all thos

Re: adb.c:1526: INSIST(find->adbname == ((void *)0)) failed

On Tue, 2009-02-17 at 14:09 -0600, David Forrest wrote: > To get rid of all those "nice" log entries, I have this in my > named.conf: Thanks, David. For now, they're not so frequent as to be a nuisance. /Niall ___ bind-users ma

Re: Catch ALL Setup

On Wed, 2009-02-18 at 16:19 +1100, Mark Andrews wrote: > > $ORIGIN . > @ 0 SOA ... > @ 0 NS ... > * 0 A 1.2.3.4 That may be too minimal. I found I needed a few couple of extra wildcard records. $ORIGIN . @ IN SOA . bit-bucket.ucd.ie. (

Re: Question re separating caching and authoritative servers

On Fri, 2009-02-20 at 13:07 -0500, John Wobus wrote: > > Any especially good or bad practices? Things that have worked well > or poorly? Right now, I'm leaning toward having the caching server > transfer key zones. Works for me. Niall O'Reilly Uni

Re: Multiple masters and multiple TSIG keys

On 29 Sep 2010, at 09:34, Anand Buddhdev wrote: > Now, I have been given 2 keys, t1 and t2, to use for transferring z1 and > z2 respectively. [Wandering off topic, perhaps] That seems to me a back-to-front way to do things. If the organization running the master is conc

Re: Multiple masters and multiple TSIG keys

On 29 Sep 2010, at 15:53, Anand Buddhdev wrote: > Anyway, I discussed this with my colleague here, and we came up with a > solution that works. We have created 2 views of the master name servers: Nice one, and useful to have in the mailing-list archive! /Niall __

Re: DNS Redundancy

ries, and automagically ignore any that are unreachable. This allows my customers (for example) to be spared delay when you take one of your authoritative servers down. Best regards, Niall O'Reilly ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Dynamic DNS with secondary nameserver?

: received notify for zone IHTH Niall O'Reilly ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: nslookup Got recursion not available from... trying next server

;recursion not available" flag is set, and duly displays a message which appears at first sight to be disturbing. As it happens, 'dig' also makes a recursive query by default, although it's easy to tell it not to. Besides, 'dig' just

Re: bind slave not get DNS update

Whether the slave is acting on the NOTIFY. That should make it clear what's not happening without manual intervention. Best regards, Niall O'Reilly ___ bind-users mailing list bind-users@lists.isc.org https:

  1   2   >