Re: Clarification about DNS notify

I couldn't see any particular reason > for C choosing to notify B. > > Any explanation to this behavior or a link to any relevant guide will > be helpful. > Sharing your current configuration would help in helping you with your problem. ;)

Re: Verizon Users Can't See Site

paetec-comm.car2.chicago2.level3.net (4.71.250.34) 115.955 ms 14 gi-3-1-0.core01.chcgil01.paetec.net (66.155.191.97) 139.525 ms 15 po-4-0-0.core02.rochny01.paetec.net (64.80.253.217) 137.915 ms 16 gi-6-0-0.edge02.rochny01.paetec.net (66.155.216.183) 140.368 ms 17 * 18 * 19 *

Re: Logging SERVFAIL Errors

You have to set a debug level of at least 1 to capture SERVFAIL errors in your logfile. Ciao Torsten Am Fri, 8 Oct 2010 09:09:16 -0500 (CDT) schrieb b19...@anl.gov (Barry Finkel): > On BIND 9.7.1-P2 I have in named.conf: > > channel query-errors-log { > fi

Re: How to get easily (from a script) all CNAME of a A record?

/etc/bind && ls > > but not: > cd /etc/bind && ls * > or > cd /etc/bind && ls *.signed > > and the OSes are called Linux and BSD... WTF? > > It seems that a commandline can not have more t

Re: How to get easily (from a script) all CNAME of a A record?

Am Wed, 10 Nov 2010 01:49:08 +0100 schrieb Michelle Konzack : > Hello Torsten, > > Am 2010-11-09 15:46:05, hacktest Du folgendes herunter: > > Maybe it's easier to get a dump with rndc dumpdb -zones and then run > > the grep on the dump file. > > Ehm, but AFAIK t

Re: Could DNS help solve this?

ois server by first asking whois.internic.net. Maybe you should give it a try Ciao Torsten Am Thu, 11 Nov 2010 09:59:25 +0100 schrieb Sten Carlsen : > Hi > > Yes, I do use whois, my problem is which of the many dozens of whois > servers to ask. > > E.g. if you want to kno

Re: Rules against links or certain links?

http://www.iptools.com/ Ciao Torsten Am Thu, 11 Nov 2010 09:07:19 -0500 schrieb "Lightner, Jeff" : > I've noticed a couple of times on this list that if I post links for > certain on line sites with free tools like whois that they never seem > to make it to the list.

Re: Bind not returning A record

ER SECTION: www.yu.kwsp.gov.my. 20 IN A 202.162.21.166 ;; Query time: 361 msec ;; SERVER: 202.184.117.10#53(202.184.117.10) ;; WHEN: Wed Dec 22 15:12:20 2010 ;; MSG SIZE rcvd: 52 dig +norec @ns3.pttcdc.com.my yu.kwsp.gov.my ns ; <<>> DiG 9.7.2-P3-RedHat-9.7.2-4.P3.f

Re: strange behaviour of resolving nameserver

Am Wed, 10 Mar 2010 00:44:46 +1100 schrieb Mark Andrews : > > In message <20100309142153.016c7...@the-damian.de>, Torsten writes: > > Hi, > > > > I'm a bit clueless about what's happening here exactly. > > I have a server (9.6.1-P3) that tries re

strange behaviour of resolving nameserver

ervers responsible for verisign.com about mobilecdn.verisign.com works just fine and they all return with a proper answer. As a workaround I have set c2.nstld.net to bogus but I'm still unsure what the real cause for this problem is. Any ideas? Ciao Torsten _

Re: strange behaviour of resolving nameserver

Am Wed, 10 Mar 2010 08:36:54 +1100 schrieb Mark Andrews : > > In message <20100309154017.4801c...@the-damian.de>, Torsten writes: > > Am Wed, 10 Mar 2010 00:44:46 +1100 > > schrieb Mark Andrews : > > > > > > > > In message <201003091

Re: strange behaviour of resolving nameserver

Am Wed, 10 Mar 2010 08:34:41 +0100 schrieb Torsten : > Am Wed, 10 Mar 2010 08:36:54 +1100 > schrieb Mark Andrews : > > > > > In message <20100309154017.4801c...@the-damian.de>, Torsten writes: > > > Am Wed, 10 Mar 2010 00:44:46 +1100 > > > schr

Re: Resolving .gov w/dnssec

Am Thu, 22 Apr 2010 10:03:43 -0400 (EDT) schrieb Paul Wouters : > On Thu, 22 Apr 2010, Timothe Litt wrote: > > > I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and > > 9.6-ESV configured as valdidating resolvers. > > > > Using dig, I get a connection timeout error after a long (~10 sec

Re: one record to be redirected to a specific IP

> > like: > > www.abcd.com. soa > @ IN A1.2.3.4 > * NS > > I am not sure this could work? I am not sure how this redelegation > would be seen by the original servers of the zone? > Bind would refuse to load

Re: Misconfigured slave?

Am Thu, 29 Apr 2010 10:33:37 +0200 schrieb Claes Gyllenswärd : > Hello bind-users > > I have recently set up my first two BIND-instances, and I believe that > I have gotten things nearly right, but something is amiss. > "Internetstiftelsen", handles the TLD .se, and they have a self-test > one ca

Re: Dnssec zone signing problem

igning complete: Algorithm: RSASHA256: KSKs: 1 active, 0 stand-by, 0 revoked ZSKs: 1 active, 1 stand-by, 0 revoked example.com.signed Ciao Torsten ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

odd behaviour on caching ns with views

0.in-addr.arpa. These are refused by the caching server (denied entries in default log). Asking those queries on an identical server without views returns the usual NXDOMAIN answer. Is there something special about 0.in-addr.arpa and 127.in-addr.arpa in views I haven't seen yet? Ciao Torsten ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: odd behaviour on caching ns with views

Am Sun, 13 Jun 2010 14:45:22 -0700 schrieb JINMEI Tatuya / 神明達哉 : > At Tue, 8 Jun 2010 11:03:55 +0200, > Torsten wrote: > > > Everything works perfectly okay except queries for > > 1.0.0.127.in-addr.arpa and 0.0.0.0.in-addr.arpa. These are refused > > by the cachin

Re: Running both a cache-only and an authoritative server on the same server

ms to be "on a secondary IP" and afaik listen-on statements don't work inside of view statements. That leaves you with running two seperate instances of Bind on the same server. Ciao Torsten ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Running both a cache-only and an authoritative server on the same server

Am Thu, 17 Jun 2010 08:43:32 -0500 schrieb Peter Laws : > On 06/17/10 08:36, Torsten wrote: > > Am Thu, 17 Jun 2010 13:35:38 +0100 > > schrieb Phil Mayers: > > > >> On 17/06/10 12:39, Jørn Skjerven wrote: > > >>> Is it possible to achieve this in a

Re: problems resolving domains unser NSxx.DOMAINCONTROL.COM - this problem i have too! :(((((

8: so-0-1-0.mpr2.dca2.us.above.net (64.125.27.165) 98.858ms asymm 9 9: xe-0-3-0.cr2.dca2.us.above.net (64.125.29.25)102.567ms asymm 10 10: xe-0-1-0.er2.dca2.us.above.net (64.125.27.29) 98.730ms asymm 11 11: xe-1-1-0.er2.iad10.above.net (64.125.26.242) 99

Re: Negative Cache won't go!

n't purging it? > I'm using Bind v9.4.2 on Centos 5.2. > > Regards, > Alans > Which domain are you talking about? Ciao Torsten ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Negative Cache won't go!

ervers.net) in 348 ms ;; connection timed out; no servers could be reached The main reason it's working is because all of those nameservers share the same IP (69.64.77.15). This is okay as long as this nameserver isn't misbehaving (returning servfails or whatever else). Ciao Tor

Re: cname chain limit

me-17.test. cname-17.test. 43200 IN CNAME cname-18.test. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Jul 9 12:55:50 2010 ;; MSG SIZE rcvd: 413 Ciao Torsten ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: R: Does bind send email?

re messaggi > 187.58.17.194:25 Just being curious... where did you download your bind package? Was it directly from ISC or some other site? Ciao Torsten > > Regards. > Stefano. > > -Messaggio originale- > Da: bind-users-bounces+stefano.chiesa=wki...@lists.isc.

Re: Signed root - missing RRSIG for delegation?

wouldn't be a validatable answer as there's no delegation signer for .net in the root yet. Ciao Torsten > > $ dig @l.root-servers.net. +dnssec example.net. A > > ; <<>> DiG 9.6.0-APPLE-P2 <<>> @l.root-servers.net. +dnssec > example.net. A ; (2 serv

Re: new webserver ip

offsite? Or is it even possible for me to do this? > > ddh > It's just a wild guess but I think you've 'malformed' your serial. ;) >From the looks it should propably be 2010080503 and not 201080503 which is considerably lower than it should be. Ciao Torsten ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Protecting bind from DNS cache poisoning!!!

ziKev3PiEBLNdqrxT95TVlzVb7qgnLmlHABsap7m2uzuHFQKsFmh RGxqpiuzu9bPEIfZKout4TmzILaP1Nua4ntSXyyjS35EUszfX+F/Mqrm fcc= ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Aug 9 14:35:37 2010 ;; MSG SIZE rcvd: 217 Ciao Torsten ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: new IPs for our name servers problems

(Register.com) to do this for you (unless they provide you with an end-customer self-provisioning interface). Ciao Torsten > > > On Thu, Aug 12, 2010 at 12:50 PM, Matus UHLAR - fantomas > wrote: > > > On 12.08.10 12:40, Michael Dilworth wrote: > > > We are in the

Re: how can i start and stops bind service using named command

Am Thu, 8 Mar 2012 10:10:04 +0300 schrieb mustafa alhussona : > hi > i have bind9.9.0 installed manually now i want to start the service using > the command named i used named -fg to start it and it works, now how i can > stop it the man named page is encrypted and the options of this command are

Re: What can cause excessive amount of _dns-sd queries?

> Have any of you seen something like this before? > Hi Eivind, these seem to be DNS Service Discovery requests and yes, we see loads of them on our servers. http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt Ciao Torsten ___ Please visit

Re: RPZ and negative answers

7200; 604800 ; 1200; ) IN NS localhost. subdomain.domain.de 60 A 172.26.30.231 The above setting is rewriting NXDOMAIN answers for subdomain.domain.de to the above IP addre

rrset-order and resolvers

servers? Ciao Torsten -- Torsten Segner | Systemadministrator Internet Services | Easynet GmbH T +49 (0)40 77175 650 | F +49 (0)40 77175 569 E torsten.seg...@de.easynet.net | GPG KeyID 0xC84C7841 Harburger Schlosstrasse 1 21079 Hamburg, Germany. www.easynet.com Geschäftsführer: Diethelm

Re: rndc: 'reload' failed: not found

This usually happens when your nameserver isn't configured for the zone to be reloaded. Ciao Torsten Am Tue, 8 Mar 2011 14:47:02 +0800 schrieb "ShanyiWan" : > Cent OS+BIND 9.7.3+DLZ(BDB as backend) > > # rndc reload 2mysite.net > rndc: 'reload' fai

Re: slave AXFR bind9

My first thoughts on this: Has the slave received a notify from the master server? Does the slave accept the notify? What else is in the logs? Could you please also provide your named configuration (options and the zone statement) of both master and slave? Ciao Torsten Am Thu, 21 Apr

Re: Wild cards in zone file

e.project A 10.10.10.3 > test.project A 10.10.10.4 > > Now I want everything else to go to 10.10.10.5 > *.project A 10.10.10.5 > > Is this possible? > > Thanks, > John > Yes, just add the wildcard

Re: MX choosing

our MTA is configured). Since the TTL of mxmta.sympatico.ca is just 1800 seconds there might be a good chance that your MTA will try another server unless the next try is within 1800 seconds (where it will just reuse the already cached one) or your bad luck provides you with the not working IP addr

Re: DNS Caching Issue

gt; > > > Regards, > > --Sathyan > One of the authoritative nameservers (nameserver2.gpi-g.com / 202.182.61.51) is not responding properly. You should ask the administrator (r...@gpi-g.com) of the server to fix this. Ciao Torsten ___

Re: CVE-2011-1910 vs bind 9.6-ESV-R4-P3

se 9.6-ESV-R4-P1 is a patch for this bug. Ciao Torsten ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Problems with nic.it

rror; - all hosts in the registration must be authoritative for the domain name registered. Hopefully this will help. Ciao Torsten ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

allow-transfer not covering ixfr requests?

ed to ask anything but were able to request axfr transfers. The odd part is that both NS3 and NS4 weren't able to request ixfr transfers. Shouldn't allow-transfer cover these kind of transfer requests as well? Ciao Torsten PS: All nameservers are running on a self

Re: allow-transfer not covering ixfr requests?

do a query, how should they get the SOA? And without a SOA, you don't have > the serial number of the zone, so you can't do IXFR. > Silly me... I forgot about the SOA requests triggered by a manual ixfr. :( Ciao Torsten ___ Please visi

Re: Port number in A record in zone file

a simple answer: You can't. An A record consists of only an IPv4 address. Ciao Torsten > My config and zone files: > > 095160160157:/var/named root# cat srv1/named.conf > options { > directory "/var/named/srv1"; > version "olo-

Re: dnssec-keygen not responding

Am Wed, 30 Nov 2011 09:40:44 +0100 schrieb Adam Tkac : > On Wed, Nov 30, 2011 at 12:18:04AM -0500, Alan Clegg wrote: > > On 11/30/2011 12:15 AM, vishesh kumar wrote: > > > Hi All > > > > > > I am trying to generate keys for signing vishesh.com > > > domain using following com