Hello,
A user recently asked me to add this record for them:
bh._domainkey.edweek.org NS pdns1.ultradns.net
I've done so, however, BIND is kicking out SERVFAILS when I dig it. I'm
running 9.6.1-P1, do I need to add a setting for BIND to accept this
subdomain delegation?
Th
; ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> I get the same thing for other types too (NS, TXT).
>
> So, either it's a problem that ultradns.net needs to correct, or the user
> gave you the wrong information.
>
>
>
I don't know about best practice in this case, but I decided to put our reverse
entries into one "super netting" file as you call it.
We had the same problem that a lot of reverse entries were missing, so I wrote
a script to parse the forward file and create the reverse. Then I incorporated
that
ssage-
From: nex6 [mailto:b...@borg1911.com]
Sent: Tuesday, June 26, 2012 10:43 AM
To: Brad Bendily
Cc: bind-users@lists.isc.org
Subject: Re: Reverse zones best practices
* Brad Bendily [2012-06-25 16:35:28 -0500]:
wouldn't it be more confusing, in a big IP space with servers, deskto
Hi Ray,
Did you ever get a resolution on this?
We have had intermittent trouble getting to:
www.nws.noaa.gov sites and the fix has been a full restart
of the named service. I wasn't really sure how or where to
start troubleshooting but when I saw this email I was hopeful
there would be a fix.
As
Based on your config below.
You're allowing "192.168.0.0/24" in your acl, but your actual network is
"192.168.1.0/24".
Not sure if that was a typo, but change it if not.
bb
From: bind-users-bounces+brad.bendily=la@lists.isc.org
[bind-users-bounces+br
0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.nhc.noaa.gov. IN A
;; Query time: 320 msec
;; SERVER: 10.120.11.107#53(10.120.11.107) ;; WHEN: Thu Jan 29 11:53:59 CST
2015 ;; MSG SIZE rcvd: 45
bb
Brad Bend
8c00::2
;; Query time: 18 msec
;; SERVER: 209.112.123.30#53(209.112.123.30)
;; WHEN: Thu Jan 29 16:12:45 CST 2015
;; MSG SIZE rcvd: 483
;; connection timed out; no servers could be reached
-Original Message-
From: Mark Andrews [mailto:ma...@isc.org]
Sent: Thursday, January 29, 2015 3:38 PM
To
AL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
Thanks
bb
-Original Message-
From: Mark Andrews [mailto:ma...@isc.org]
Sent: Thursday, January 29, 2015 5:24 PM
To: Brad Bendily
Cc: bind-users@lists.isc.org
Subject: Re: sporatic, noaa.gov SERVFAIL
In message , Brad
B
download:
ftp://ftp.isc.org/isc/bind9/9.9.6-P1/bind-9.9.6-P1.tar.gz
tar -zxf bind-9.9.6-P1.tar.gz
cd bind
./configure
make
make install
done.
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Md. Mahbubul Alam Reyad
Sent:
I am pretty sure the ultimate error is this:
[\u@r2d2:/home/ex-mailer-domains/nyctelecomm.com] # dig nyctelecomm.com
+dnssec @8.8.8.8
; <<>> DiG 9.10.3 <<>> nyctelecomm.com +dnssec @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERV
When I run the
rndc loadkey domain.com
command, in my logs I appear to have a stale key from an improper deletion.
rndc reconfig
does not flush it out
error in logs:
16-Dec-2015 02:22:29.983 general: warning: dns_dnssec_keylistfromrdataset:
error reading private key file domain.
I have using the exact same rndc method to load inline signing keys as what
worked yesterday, but today the same steps are failing? a stuck key?
[\u@yoda:/usr/local/etc/namedb] # rndc flush
[\u@yoda:/usr/local/etc/namedb] # rndc reconfig
[\u@yoda:/usr/local/etc/namedb] # rndc addzone domain.com in
This is a repost from 12-19-2015 which appears stuck in the queue:
I have using the exact same rndc method to load inline signing keys as what
worked yesterday, but today the same steps are failing?
a stuck key?
# rndc flush
# rndc reconfig
# rndc addzone domain.com in external '{type
Hello, I apologize if this has been discussed before. I tried to search the
archives but couldn’t find anything.
I would like to have the behavior of the reverse lookup responses to only
include the hostname, not the hostname with the reverse zone appended. So
for example:
# nslookup 192.168.2.
I am glad to be able to answer an email on this list.
I literally did this same thing 4 days ago and had the exact same
problem.
Here is the answer you seek:
https://www.isc.org/faq/item/182
bb
> -Original Message-
> From: bind-users-bounces+brad.bendily=la@lists.isc.org
> [mailto:
When trying the DNSSEC check command from:
https://www.dns-oarc.net/oarc/services/replysizetest
behind our corporate firewall, I get:
rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
"Tested at 2011-09-27 20:32:34 UTC"
"205.172.49.177 sent EDNS buffer s
Maybe some of the links mentioned here will help you...
https://www.dnssec-deployment.org/index.php/deployment-case-studies/dnssec-why-threats/
bb
> -Original Message-
> From: bind-users-bounces+brad.bendily=la@lists.isc.org
> [mailto:bind-users-bounces+brad.bendily=la@lists.is
> On 9/28/11 5:32 AM, "Steve Arntzen" wrote:
> > Is your firewall Cisco based?
Yes. The firewall is Cisco based.
However, the main problem there is, there are several firewalls before
leaving our network and my dept doesn't manage all of them.
> > There is a known "default" setting in Cisco wi
> I would like to setup latest BIND/named [slaves] within
> VMware environment - is there any implications I should be aware of?
> Since I saw some issues running NTPd on VMware - thinking may
> be 'named' might have similar issues...
>
None for me. I have been running my secondary on VMWare
Running Centos 5.5 with bind-9.3.6-4.P1.el5_4.2 (from the Centos repo) and I'm
unable to get a slave server to retrieve the zone file from the master.
The master nameserver has a public ip address, the slave sits behind a firewall
/ NAT on a private ip address.
When I update a zone file on the
21 matches
Mail list logo
