Re: How to Setup a Name Servers visible on Internet?

On Tue, Jun 21, 2011 at 09:34:19AM +0200, Metropolitan College wrote a message of 115 lines which said: > grep named /var/log/syslog on my master: Great, a message in a normal format (I stopped reading your HTML emails). > zone metropolitanbuntu.co.za/IN: NS 'ns1.metropolitanbuntu.co.za' ha

Re: How to Setup a Name Servers visible on Internet?

On Tue, Jun 21, 2011 at 03:13:44PM +0200, Metropolitan College wrote a message of 82 lines which said: > root@ns1:/var/cache/bind# named-checkzone metropolitanbuntu.co.za > 194.134.41.in-addr.arpa This command line makes no sense. The manual says: 'named-checkzone {zonename} {filename}'. I

Re: How to Setup a Name Servers visible on Internet?

On Tue, Jun 21, 2011 at 12:26:30PM +0200, Metropolitan College wrote a message of 87 lines which said: > I'm sorry, I forgot that a terminal mail clients don't support HTMl, No, it's simply that it is much more complicated to read (for instance, there is no easy way to separate the reply fro

Re: How to Setup a Name Servers visible on Internet?

On Tue, Jun 21, 2011 at 12:26:30PM +0200, Metropolitan College wrote a message of 87 lines which said: > But since I got the internal services to resolve, if I remove the > internal resolution, I won't solve request in the case if my > internet is down? This sentence is not clear. So I prefe

Re: How to Setup a Name Servers visible on Internet?

On Tue, Jun 21, 2011 at 05:43:55PM +0200, Metropolitan College wrote a message of 38 lines which said: > clients are going to solve also the internal request in the case if > my internet connection I down? The question is not clear for me. You need: * an authoritative DNS service for the wh

Re: Logging Response Results

On Thu, Jun 23, 2011 at 10:27:31PM +0200, Stefan Certic wrote a message of 65 lines which said: > stored into database (matching the initial query from query log). This may help: > We monitor our email system and may record your emails. Don't!

Re: Logging Response Results

On Thu, Jun 23, 2011 at 02:31:22PM -0700, Ray Van Dolson wrote a message of 37 lines which said: > If you're handy with Python, pcapy[1] Quite limited. > and impacket[2] No IPv6 support. And, anyway, neither pcapy nor impacket parses the DNS (if you read French, see

Re: BIND Statistics is required

On Mon, Jun 27, 2011 at 05:29:09AM -0400, Parashar Singh wrote a message of 54 lines which said: > Due to some server performance issues, the logging facility has not > been enable within BIND. Right. > We want to have a statistics of which zone has been quaried hpw many > times? The best t

Re: a death loop with DNS query

On Wed, Jul 06, 2011 at 08:23:45AM -0500, Lyle Giese wrote a message of 56 lines which said: > That is not a loop at all. I disagree. As dig clearly says, there is an horizontal referral: the name servers are supposed to be authoritative for blogchina.org and mytest.blogchina.org but keep s

Re: authoritative server is not caching?

On Tue, Jul 19, 2011 at 11:40:02AM +0200, pa...@laposte.net wrote a message of 11 lines which said: > I want to make sure that if the authoritative server won't cache > anything even if the authoritative answer from itself? I'm sorry but this sentence seems quite difficult to parse.

Re: bind version problem

On Tue, Jul 19, 2011 at 08:30:17PM +0600, almah...@ranksitt.net wrote a message of 18 lines which said: > Is it mandatory the same version for primary and secondary DNS. It is not even mandatory for all the authoritative name servers to run BIND. They can be of different brands. That's the be

Re: BIND and DNS protocol

On Wed, Jul 20, 2011 at 03:03:13PM +0800, Feng He wrote a message of 18 lines which said: > BIND (Berkeley Internet Name Domain) is an Open Source > implementation of the Domain Name System protocols originally > developed by the University of California, Berkeley. It would not be ambiguous i

Compilation error after a local patch (Was: Help with an error

[Useless subject replaced] On Wed, Jul 20, 2011 at 11:18:16AM +0530, Vignesh Gadiyar wrote a message of 49 lines which said: > The named binary is running fine [...] > But while compiling using 'make' it gives me an error saying > "undefined reference to 'my_function' " and "Leaving directo

Re: Problem resolving one particular domain

On Wed, Jul 27, 2011 at 09:59:32AM +0200, Danilo Godec wrote a message of 247 lines which said: > Weirdness number 2 - using dig directly with their servers works: Nothing weird here: dig does not behave like the BIND resolver. It does not use EDNS at all by default, it does not use the same

Re: Problem resolving one particular domain

On Wed, Jul 27, 2011 at 10:31:30AM +0200, Stephane Bortzmeyer wrote a message of 34 lines which said: > 1) It means you are vulnerable to Kaminsky-style cache poisoning. In > 2011, 'query-source port 53;' should have disappeared a long time > ago. For the record, there

Re: Insufficient DNS Source Port Randmoization

On Thu, Jul 28, 2011 at 03:33:11PM +0800, Pete Fong wrote a message of 27 lines which said: > I have adjusted named.conf configuration file as below : > > query-source address * port * ; > query-source-v6 address * port *; BIND randomizes properly by default. I would suggest to delete all th

Re: .hu ns records incorrect?

On Thu, Jul 28, 2011 at 01:18:29PM -0700, Carl Byington wrote a message of 35 lines which said: > dig: couldn't get address for 'b.hu': not found Strange. It works for me. b.hu. 86292 IN A 193.239.149.3 ___ Please vis

Re: Problems with nic.it

On Tue, Sep 20, 2011 at 09:20:12AM +0200, Lucio Crusca wrote a message of 33 lines which said: > the new receiving nameservers are failing some automatic checks > nic.it performs before changing the NS records. My hosting provider > (the one where I transferred the domain) should tell me exact

Re: Problems with nic.it

On Tue, Sep 20, 2011 at 08:58:34AM +0100, Niall O'Reilly wrote a message of 36 lines which said: > Another good checking tool may be found at www.zonecheck.fr, > but it's less obvious (to me) how to use it for your immediate > purpose. 1) Go to

Re: A few (too) simple questions about DNS records

On Wed, Sep 21, 2011 at 02:55:08AM +0200, Yanek wrote a message of 42 lines which said: > 1/ What is the bind record format for the zone itself? Strictly speaking, it is not the BIND format but the standard format (RFC 1035, section 5). However, not all name servers follow it (standardizing t

Re: A few (too) simple questions about DNS records

On Fri, Sep 23, 2011 at 12:57:58AM +0200, Yanek wrote a message of 58 lines which said: > >> mydomain.tld. IN A 1.2.3.4 ... > BTW, is it me or > > @ IN A 1.2.3.4 > > Could handily replace that record? Yes.

Re: Basic Setting up request

On Sun, Oct 02, 2011 at 07:57:10PM +1100, Leon Moya wrote a message of 40 lines which said: > I'd now like (with help) to add resolution for an internal Apache > WebServer, used for developing and testing web pages prior to > FTP'ing to the Internet Host. The webserver is configured for a half

Re: dnssec config sanity check

On Mon, Oct 03, 2011 at 05:32:18PM -0700, Paul B. Henson wrote a message of 59 lines which said: > Our zone data is maintained in a revision control repository; when > changes are made there is a process that generates a bind format > zone file from the data, checks it for syntax errors, compi

Re: dnssec config sanity check

On Tue, Oct 04, 2011 at 03:49:25PM -0700, Paul B. Henson wrote a message of 40 lines which said: > Other than knowing a given domain had an issue, you have no idea > what caused it, or what tool they may have been using, and it is > only an assumption that the issue arose from a custom program

Re: DNS Amplification Attack and different results in bind 9.6/9.7

On Tue, Nov 15, 2011 at 03:51:52AM +0900, Euiho Kim wrote a message of 215 lines which said: > In bind-9.6 installed server, response query rcvd msg size is 600~700 byte, > > But bind-9.7, response rcvd msg size is 3100~3400 byte(large size), It > includes lots of DNSSEC RRSet. I vaguely rem

Re: Help with dig to check NS servers for DNSSEC setup

On Mon, Nov 14, 2011 at 12:38:44PM -0800, Eduardo Bonsi wrote a message of 123 lines which said: > if my ns1 and ns2 are responding ok to setup DNSSEC. ... > user:~ user1$ dig bonsi.org dig, by default, does not request DNSSEC data. If you want to test with DNSSEC, add "+dnssec" to the comman

Re: Query regarding dig output

On Tue, Nov 15, 2011 at 06:11:32PM +0530, Gaurav Kansal wrote a message of 415 lines which said: > And when I am query through dig for same nkn.in domain with +dnssec > parameter, Something that you did not post. Such a test does not appear in your original email. nkn.in is not signed and u

Re: All Bind servers crashed

On Wed, Nov 16, 2011 at 09:47:48AM +0100, Magnus Schmidt wrote a message of 49 lines which said: > Nov 16 05:30:41 xxx named[1326]: critical: query.c:1781: INSIST(! > dns_rdataset_isassociated(sigrdataset)) failed, back trace It looks like CVE-2010-3613

Re: BIND 9.7.3-P3 crash on multiple cashing servers

On Wed, Nov 16, 2011 at 12:08:59PM +0400, Samer Khattab wrote a message of 38 lines which said: > 8 of our cashing-only name servers crashed in a random sequence, and > the crash happened in a 10 minutes time. The servers are running > BIND 9.7.3-P3. Not the only report, it seems. What's in t

Re: bind-9.8.1: INSIST(! dns_rdataset _isassociated(sigrdataset)) failed

On Tue, Nov 15, 2011 at 11:30:19PM -0800, nicku wrote a message of 5 lines which said: > To my surprise, I had several DNS servers running BIND 9.8.1 all > fail at about the same time with this assertion failure in query.c, > on line 1895. >From the reports on this mailing list, it seems ther

Re: RPZ configuration examples

On Sat, Nov 19, 2011 at 03:24:14PM +0100, Issam Harrathi wrote a message of 139 lines which said: > this is an example: If the OP reads french, I suggest that is much more detailed. If, however, he prefers english, I would point

Re: RPZ configuration examples

On Sat, Nov 19, 2011 at 10:53:27AM +0530, babu dheen wrote a message of 105 lines which said: > If I use RPZ, recursive DNS will contact remote RBL database for > every DNS query? It seems you need to read about RPZ first because one critical point of RPZ is precisely that the database is ne

Re: What does this mean ? INSIST(zone->type == dns_zone_stub) failed

On Thu, Dec 08, 2011 at 04:16:40AM +0800, ??? wrote a message of 15 lines which said: > 07-Dec-2011 22:55:29.457 zone.c:9655: INSIST(zone->type == > dns_zone_stub) failed, back trace Congratulations, it means you've found the successor of CVE-2011-4313 :-} Any details on the triggering event

Re: stub zone

On Thu, Mar 05, 2009 at 02:06:18PM +0100, squid proxy wrote a message of 13 lines which said: > Howto create a stub zone instead of slave zone on BIND 9.3.4-P1.1? Read the documentation ? zone zone_name [class] { type stub; [ a

Re: Zonefiles & CIDR

On Sun, Mar 08, 2009 at 10:20:26AM +, Stephen Ward wrote a message of 11 lines which said: > Running BIND9 (someone kindly raped to get it to work on windows) > but it does not seem to support CIDR ranges. Nothing to do with BIND, it is a limitation of the DNS. > Rather than have to ente

Re: dig error

On Tue, Mar 10, 2009 at 05:57:31PM +0700, jittinan suwanrueangsri wrote a message of 254 lines which said: > Dear sir Why "sir"? There are certainly ladies here, too. > [r...@localhost ~]# dig @10.10.91.201 www.test.work +trace I believe that, when using, "+trace", the server mentioned as

Re: dnscap binaries

On Tue, Mar 10, 2009 at 09:08:18AM -0400, Josh Smith wrote a message of 21 lines which said: > Also is it possible to analyze an existing pcap file with dnscap? Yes (it was apparently broken in some old versions of dnscap) % dnscap -g -r tmp/toto.pcap ... [52] 2009-03-10 13:52:44.034673 [#37

Re: question about CNAME

On Wed, Mar 11, 2009 at 03:46:14PM +0800, tzqian wrote a message of 148 lines which said: > How can I config a zone to respose a CNAME record? > > Such as > > Email cname email.xx.xxx.com Your message is very difficult to understand but you are close. Just do not forget the dot at the end

Re: question about CNAME

On Thu, Mar 12, 2009 at 12:32:35PM +0800, tzq tang wrote a message of 132 lines which said: > > I think I should explain the question more clearly, You need first to learn about email. The "superior to" sign > is here to *quote* what you respond to. Do not use it for your own text or it will

Re: name server zone list

On Fri, Apr 03, 2009 at 08:15:16AM -0500, Sandy Mackenzie wrote a message of 23 lines which said: > I want to be able to produce a simple list of the zones on my DNS > servers. There is work going on at the IETF on that subject. The requirments document is almost done: http://www.ietf.org/i

[DNSSEC] SERVFAIL when resolving ".gov" through DLV

I get a SERVFAIL when trying to resolve ".gov": % dig +dnssec @127.0.0.1 SOA gov. ; <<>> DiG 9.5.1-P1 <<>> +dnssec @127.0.0.1 SOA gov. ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54920 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0,

Re: [DNSSEC] SERVFAIL when resolving ".gov" through DLV

On Tue, May 05, 2009 at 01:45:40PM -0500, Jeremy C. Reed wrote a message of 6 lines which said: > > This is a BIND 9.5.1-P1, Debian package. It is configured to use ISC's > > DLV: > > https://www.isc.org/node/437 I was aware of this bug, but not that it apparently has not been addressed in D

Re: [DNSSEC] SERVFAIL when resolving ".gov" through DLV

On Tue, May 05, 2009 at 11:18:05PM +0200, Benedikt Gollatz wrote a message of 15 lines which said: > It has. Well, most people do not track XXX-proposed-updates which is supposed to be a bit... untested. I just had lenny and security.debian.org/updates in my sources.list (this is Debian's de

Re: tcp versus udp

On Wed, May 06, 2009 at 12:00:12AM -0400, Danny Mayer wrote a message of 39 lines which said: > That's nonsense. That's Peter Dambier. If you try to fix every mistake he makes, you're not over soon... http://xkcd.com/386/ ___ bind-users mailing lis

Re: host unreachable

On Fri, May 08, 2009 at 11:22:59AM +0200, Kurt Petersen wrote a message of 17 lines which said: > named[6379]: client x.x.x.x#59767: error sending response: host unreachable > > I can ping x.x.x.x so I'm confused. On today's Internet, ping is a poor connectivity test because most machines a

Re: S-NAPTR and lightweight resolver

On Sat, May 09, 2009 at 09:38:25AM +1000, Mark Andrews wrote a message of 26 lines which said: > It is up to the application to sort and process the returned > records. But I suspect that this is precisely what the OP wanted (and expected BIND to do). Does anyone know a good free-

Re: glue record

On Wed, May 13, 2009 at 11:46:29AM +0800, Tech W. wrote a message of 14 lines which said: > When an upper DNS returns a domain's authorised DNS server, will it > also returns the authorised DNS server's IP address? So glue record > works as this way? Why don't you test? Computer science is an

Re: glue record

On Wed, May 13, 2009 at 03:37:19PM +0800, Tech W. wrote a message of 39 lines which said: > if I understand for it correctly, gdpu.cn is not under b.dns.cn, True, but irrelevant. > why b.dns.cn returns glues? Because the name servers of gdpu.cn are under gdpu.cn. _

Re: glue record

On Wed, May 13, 2009 at 06:08:23PM +0800, Tech W. wrote a message of 27 lines which said: > She can't remove this hostname from the windows DNS server. Once it > was removed, after some time, it will be added into the name server > automatically by windows. How can she handle this case? Remov

Re: glue record

On Wed, May 13, 2009 at 09:04:07PM +0800, Tech W. wrote a message of 13 lines which said: > > Remove the allow-update directive. > > > > But she is running the windows DNS server not Bind.. Then it is probably off-topic for this list. ___ bind-use

Re: two NS servers on a single host

On Wed, May 13, 2009 at 09:02:55PM +0800, Tech W. wrote a message of 34 lines which said: > I want to give two NS records for my domain, each NS take each of > the IP set in the host. Why? This would be completely useless. RFC 1034 and other documents call for at least two name servers, for r

Re: dig return values

On Fri, May 22, 2009 at 03:15:56PM -0700, Scott Haneda wrote a message of 32 lines which said: > Does `dig` have return codes that I can use to make some form of > automated tests? Not for everything. % dig +short SOA dummy.example && echo Success Success % dig +short @192.168.42.42 SOA du

RFC2317-style inverse resolution (Was: request for advice

On Wed, May 27, 2009 at 11:15:37AM +0800, Myo Than wrote a message of 59 lines which said: > Sirs, There are probably women on this list, also. > 129 CNAME 129.128-159.137.166.203.in-addr.arpa. It seems OK. > > set type=ns > > 128-159.137.166.203.in-addr.arpa. nslookup has always been a

Re: A question from RFC 3403

On Wed, May 27, 2009 at 10:48:49AM +0100, Niall O'Reilly wrote a message of 24 lines which said: > OT for bind-users, OK, but see later. > what other string is available? The domain name. > Let's find a better list for discussing the mysteries of DDDS. > It would be

Re: Doubts about BIND

On Wed, Jun 03, 2009 at 12:42:28AM +0200, Christoph Weber-Fahr wrote a message of 29 lines which said: > Does it even compile with current bind versions? Yes and it is even now officially included in BIND (starting from 9.4, I believe), no need to patch. __

Re: DNSDigger.com - An announcement and request for feature tips.

On Wed, Jun 17, 2009 at 02:19:22AM +0200, Jay Ess wrote a message of 19 lines which said: > DNSDigger.com - A massive reverse resolver that lets you dig deeper > into the Net. Congratulations. > 2. To ask you for feature requests. IPv6 support is certainly the first thing to add! I searched

Re: third dns server

On Tue, Jun 23, 2009 at 10:31:16AM +0300, Mohammed Ejaz wrote a message of 234 lines which said: > We have been receiving complain by our client, during the primary > DNS servers are down that is ns1.xyz and ns2.xyz is down. And as per > the configuration at saudinic.net.sa (domain Registrar C

Re: Trouble With One Domain

On Thu, Jun 25, 2009 at 11:07:06PM +0100, Andy Shellam wrote a message of 13 lines which said: > And not forgetting to change the master server in the SOA record from > oxygen, as that server doesn't appear to be accepting DNS requests, which > I believe is what's causing the Zone Check too

Re: Trouble With One Domain

On Fri, Jun 26, 2009 at 06:24:06PM +0100, Andy Shellam wrote a message of 24 lines which said: > I've used domain checking tools before that check that the master > server in the SOA record is actually valid, and judging by the error > message returned by zonecheck.fr, that's what it's doing.

Re: DNS MX timeouts

On Fri, Jun 26, 2009 at 02:40:24PM -0500, Vernon A. Fort wrote a message of 31 lines which said: > All versions of bind i have tried (in gentoo portage) have the same > problem. Well, my personal dedicated server is a Gentoo using BIND as a resolver and I can say it works. So, no real ideas,

Re: Trouble With One Domain

On Fri, Jun 26, 2009 at 01:16:32PM -0500, bsfin...@anl.gov wrote a message of 32 lines which said: > If the zonecheck code is able to determine what the reason is, then > it should give the reason. If you give only the domain name (not the name servers names and addresses), Zonecheck depends

Re: Bind9.3.5 or 6 on ubuntu

On Fri, Jun 26, 2009 at 04:40:48PM -0500, Martin McCormick wrote a message of 36 lines which said: > I read that it is best for them all to be the same > version of bind. Strange assertion. > this one needs to be like the rest rather than introducing new > unknowns in to the system. It seem

Re: domain name length

On Mon, Jun 29, 2009 at 08:28:34PM -0500, Dan Letkeman wrote a message of 11 lines which said: > Are there any issues with have domains like "location.domain.com" No. The limits are in RFC 1034, section 3.1. Each label is 63 characters maximum and the total length is 255 characters maximum.

Re: Using dig for checking domain registration

On Mon, Jun 29, 2009 at 01:14:43PM -0700, Scott Haneda wrote a message of 38 lines which said: > I have been using the below command to determine if a domain is > registered. Bad idea. A domain can be registered and not published in the DNS (for instance, in .COM, because it is on hold, i

Re: Automating a KSK rollover

On Sat, Jul 04, 2009 at 10:36:40PM -0700, Shane W wrote a message of 18 lines which said: > Is there some sort of standardized way as yet to communicate key > changes to an upstream zone or in this case a lookaside provider? There is a standard registrar2registry interface, an extension of EP

Re: Reverse Classless not working

On Thu, Jul 09, 2009 at 05:03:52PM -0700, Justin Pryzby wrote a message of 13 lines which said: > And the parent server should be a slave for the delegated zone. > > RFC 2317 section 5.1 Old advice, not often followed in practice and not very convenient for the parent server, which will have

Re: Truncated, retrying in TCP on Reverse lookup

On Thu, Jul 09, 2009 at 05:50:02AM -0700, Fr34k wrote a message of 119 lines which said: > There should be one and only one PTR for that IP. No. No good reason for such restriction. > $ host 196.7.126.38 >From a machine with a proper Internet connection (i.e. no stupid firewall blocking DNS

Re: DNSKEY Validation

On Sun, Jul 12, 2009 at 08:42:27PM +0200, Mark Elkins wrote a message of 31 lines which said: > Arg 3 should be 5 (or maybe 3) - the algorithm. No, you must bnot use a hard-wired list in your code, because the list of algorithmps registered at IANA can change. > Can I glean a domain

Re: about tcp port 53

On Mon, Jul 27, 2009 at 10:33:56AM +0800, Tech W. wrote a message of 23 lines which said: > what's the use of bind's tcp port 53? DNS requests and responses. > is it used for dns update and zone transfer or something else? Everything else. > If I have not been using dynamic update and tran

Re: Intermittent NXDOMAIN, Bind 9.2.3 config and PowerDNS problem?

On Mon, Jul 27, 2009 at 02:36:29AM -0700, Richard wrote a message of 190 lines which said: > Queries of "agences.fr.lastminute.com" against two servers of the > French ISP Free.fr, As a subscriber of Free, and a reader of the various Free users fora, let me warn you that Free DNS service has

Re: Creating a CNAME to another domain.

On Fri, Jul 24, 2009 at 02:57:24PM -0400, Ezra Taylor wrote a message of 43 lines which said: > stars.mydomain.com INCNAME stars.otherdomain.com. Yes, except the missing dot at the end of the Left-Hand Side. ___ bind-users mailing list

Re: Intermittent NXDOMAIN, Bind 9.2.3 config and PowerDNS problem?

On Tue, Jul 28, 2009 at 10:40:53AM -0400, Richard Michael wrote a message of 60 lines which said: > > Indeed, lastminute.com's name servers are severely broken. > > By this, do you mean the SOA record in the response is incorrect? Yes. > the SOA for their own domain Yes. The authority sec

Re: Dig shows wrong ip

On Tue, Jul 28, 2009 at 09:05:44PM +0100, Chris Thompson wrote a message of 24 lines which said: > This is the wretched "glue promoted to answer" bug (we can call it a > bug by now, surely?) which we are assured that the GTLD servers will > be cured of this year, next year, sometime, or ... N

Re: Correction to signatures on yesterday's BIND 9 releases

On Wed, Jul 29, 2009 at 04:25:18PM +, Evan Hunt wrote a message of 16 lines which said: > Due to a combination of circumstances, including extreme rush and > the usual signer of our releases being away at IETF, we accidentally > signed yesterday's BIND 9 patch releases (9.4.3-P3, 9.5.1-P3,

Re: dnstop

On Thu, Jul 30, 2009 at 10:15:42AM +0300, Alans wrote a message of 141 lines which said: > And in the table the first record in both Source and Destination is > the local ip of the DNS server itself, is it fine? Yes, if you use both -Q and -R. If you use -Q (the default), your name server wi

Re: idsable ipv6 in config?

On Thu, Jul 30, 2009 at 03:57:16PM +0200, JINMEI Tatuya / wrote a message of 25 lines which said: > I personally don't see a need for it (what's wrong with -4/-6?) -4 shuts down any v6 service. We would like BIND to be able to *reply* to v6 queries without *generating* them. (For the rec

Re: Disabling DNSSEC validation per zone?

On Wed, Sep 02, 2009 at 01:18:33PM +0200, Hauke Lampe wrote a message of 95 lines which said: > What we try to achieve is: > > - Validate DNSSEC signatures on resolvers close to the clients, using > dlv.isc.org > - Keep internal name resolution functioning, even if the connection to > the out

Re: NAMED.CONF.LOCAL

On Fri, Sep 04, 2009 at 11:04:41AM +0200, ric.castell...@alice.it wrote a message of 62 lines which said: > 1- difference among named.conf and vs named.conf.local named.conf.local is a Debianism: using the ability of BIND to include config files from config files, Debian includes this named.c

Re: NAMED.CONF.LOCAL

On Fri, Sep 04, 2009 at 11:50:30AM +0200, ric.castell...@alice.it wrote a message of 140 lines which said: > I'd like having more info about foe example db.0 file, if it's > necessary to change it or it's standard file... No need to change it. > Where can I find complete documentation ? htt

Re: NAMED.CONF.LOCAL

On Fri, Sep 04, 2009 at 12:11:30PM +0200, Stephane Bortzmeyer wrote a message of 16 lines which said: > > Where can I find complete documentation ? > > https://www.isc.org/software/bind/documentation/arm95 Or, offline, in the packa

Re: root and in-addr.arpa zone transfers

On Wed, Sep 09, 2009 at 08:23:23AM +0200, Michael Monnerie wrote a message of 54 lines which said: > right now I'm using scripts to download root.zone and in-addr.arpa > from internic.net. But this is a non-standard way, But a secure way since the files on internic.net are PGP-signed. > I'd

Re: root and in-addr.arpa zone transfers

On Wed, Sep 09, 2009 at 11:00:37AM -0400, Rick Dicaire wrote a message of 23 lines which said: > Interestingcan any of the root servers be used, or must it be just > these three? No root server operator (except may be ISC for F) ever promised to keep zone transfer open. It is not regarded

Re: root and in-addr.arpa zone transfers

On Thu, Sep 10, 2009 at 12:31:45PM +0200, Michael Monnerie wrote a message of 70 lines which said: > that's a clear statement, so I'll keep the ftp transfers. It would be better to drop them completely and to return to ordinary DNS resolution. What's the point of mirroring the root? What if y

Re: root and in-addr.arpa zone transfers

On Fri, Sep 11, 2009 at 07:28:56AM +0200, Michael Monnerie wrote a message of 51 lines which said: > Faster queries after a named restart. Reverse lookups faster too, > good for the spam filters. Did you measure it or is it, like most claims "X is faster", just a guess? __

Re: Dig ANY gives SERVFAIL / FORMERR

On Thu, Sep 24, 2009 at 07:16:35AM +1000, Mark Andrews wrote a message of 77 lines which said: > It's a pity registries are not required to verify correct operation > of the nameservers they are delegating to before accepting the > delegation. Some do! http://www.afnic.fr/outils/zonecheck/_e

Re: Problem on CNAME configuration.

On Mon, Oct 05, 2009 at 02:40:07PM +0200, Cyril Gaudin - Rodacom wrote a message of 139 lines which said: > Sorry in advance for my very bad english! There is a français mailing list: dns...@cru.fr > And why there's a second request without the domain name? Wild guess: the browser uses a pr

Re: Problem on CNAME configuration.

On Mon, Oct 05, 2009 at 04:41:24PM +0200, Cyril Gaudin - Rodacom wrote a message of 72 lines which said: > Maybe squid didn't append domainname in the dns request? squid.conf: # TAG: append_domain # Appends local domain name to hostnames without any dots in # them. append_domai

Re: Can I have a *.domain.com A record

On Mon, Oct 26, 2009 at 04:01:31PM +0530, ram wrote a message of 10 lines which said: > Is it possible to have a A record for *.domain.com Technically, yes. It is a very bad idea, but it works. > I know *.domain records works for MX records , not sure wether they > work for A records Wildca

Re: Can I have a *.domain.com A record

On Mon, Oct 26, 2009 at 05:47:57PM +0530, ram wrote a message of 20 lines which said: > If wildcard DNS is a bad idea, Wildcards *address* records (A and ), not all wildcards. See or

Re: ISC BIND 9.7.0b1 is now available

On Tue, Oct 20, 2009 at 08:29:20PM +, Evan Hunt wrote a message of 836 lines which said: >BIND 9.7.0b1 is now available. Apparently, support for the new algorithms RSASHA256 and RSASHA512 is not included? Is it planned for 9.7 or shall I wait 9.8? % bind/bin/dnssec/dn

Re: ISC BIND 9.7.0b1 is now available

On Wed, Oct 28, 2009 at 03:17:54PM +, Chris Thompson wrote a message of 13 lines which said: > You aren't going to wait for the RFC? It is in AUTH48 (the last step before publication, theoretically meaning that the people involved have 48 h to make remarks). After all, ldns already has

Re: ISC BIND 9.7.0b1 is now available

On Tue, Oct 20, 2009 at 08:29:20PM +, Evan Hunt wrote a message of 836 lines which said: > - Support for RFC 5011 automated trust anchor maintenance (see > README.rfc5011 for additional details). Seems to work fine, thanks. With: managed-keys { "se." initial-key

Re: ISC BIND 9.7.0b1 is now available

On Thu, Oct 29, 2009 at 09:24:48AM +0100, Stephane Bortzmeyer wrote a message of 25 lines which said: > > - Support for RFC 5011 automated trust anchor maintenance (see > > README.rfc5011 for additional details). Hmmm, it suddenly had a problem: 02-Nov-2009 10:59

Re: Bind sometimes SERVFAIL

On Wed, Nov 11, 2009 at 01:27:30PM +0200, Jukka Pakkanen wrote a message of 94 lines which said: > I just saw the same thing: There are no less than *four* CNAMEs to resolve to get to the result, while even two is discouraged. It is not suprising that it may fails with resolvers which limit t

Re: System Resolver Test App?

On Wed, Nov 11, 2009 at 05:00:03PM -0600, da...@from525.com wrote a message of 60 lines which said: > I am basically trying to uinderstand why the system resolver was > getting stuck on the third entry within the resolv.conf while it > should have tried one of the first two working DNS servers

Re: System Resolver Test App?

On Wed, Nov 11, 2009 at 07:44:05PM -0500, Barry Margolin wrote a message of 27 lines which said: > I'm not sure if there is one, but it should be pretty easy to write > a program that calls res_query(). But this calls directly the DNS. The OP wanted something which called the system resolver,

Re: System Resolver Test App?

On Wed, Nov 11, 2009 at 05:00:03PM -0600, da...@from525.com wrote a message of 60 lines which said: > I am wondering if anyone knows of an app similar to nslookup or > dig that actually uses the system resolver. C source attached. Compile, for instance, with: gcc -o resolve-name resolve-nam

Re: System Resolver Test App?

On Wed, Nov 11, 2009 at 08:14:02PM -0500, Barry Margolin wrote a message of 24 lines which said: > If you just want to do a hostname lookup, you can use practically > any network application, e.g. ping. It gives you less information than the program I posted. 1) On typical OS, ping forces yo

Re: System Resolver Test App?

On Wed, Nov 11, 2009 at 08:06:11PM -0600, da...@from525.com wrote a message of 39 lines which said: > Is there any way you could incorporate resolver errors being sent to > stdout? It does, if getaddrinfo returns an error. But getaddrinfo does not return until is has something (an answer, or

Re: System Resolver Test App?

On Thu, Nov 12, 2009 at 08:04:35AM -0600, da...@from525.com wrote a message of 76 lines which said: > I was talking about the servers mentioned in the resolv.conf. In that case, it is pefectly normal if the answer is not authoritative. You put recursive name servers in resolv.conf, not auth

<    1   2   3   4   >