got "BAD (HORIZONTAL) REFERRAL" error

hi all, i have setup a bind server,  host the zone faisco.com, and work fine several daysbut one of my new client said that they can't resolve my domain, meanwhile they can resolve other web site without any problem.i run 'dig' on their machine, this is the result:; <<>> DiG 9.4.0 <<>> www.fais

Re: I need to find statistics on a running server.

I’ve turned on query logging, then grepped for the count of lines logged in a particular second. Worked well enough for the job at the time. J De: bind-users em nome de "King, Harold Clyde (Hal) via bind-users" Responder A: "King, Harold Clyde (Hal)" Data: quinta-feira, 12 de jane

Re: Multiple BIND instances

于 2012-2-7 15:09, sasa sasa 写道: I got a server with 16GB memory, want to install 2 BIND on CentOS, one cache only and another authoritative. Is it better to install 2 OS virtually and run BIND in them or run 2 instances of BIND on the same OS? I mean what is the best practice to take advantage

RE: Multiple BIND instances

Virtualization doesn't reduce use of resources but DOES separate into what are perceived to be multiple "servers" so I'm not sure what you mean by "you still have one server". -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jl

about the MX and NS values

I was thinking why RFC requires the values of MX and NS must be hostname not IP. Any glue? Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https:

Re: about the MX and NS values

于 2012-2-9 15:27, Mark Andrews 写道: When you serve 10 zones do you want to update 1 address record or 10 NS record on a address change? When you serve 10 mail domains do you want to update 1 address record or 10 MX records on a address change? Yup

A question for the reference

Hello, Please see this case: $ dig funnygamesite.com @k.gtld-servers.net ; <<>> DiG 9.7.3 <<>> funnygamesite.com @k.gtld-servers.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35540 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

Re: A question for the reference

for the addresses of funnygamesite.com's authoritative name servers. It is not making any additional queries for the addresses of those name servers. Jeff. Thank you Spain for the helpful info. That make the question clear. Regards. ___ Please visit https://lists

Re: Can I set TTL served to users in bind?

于 2012-3-9 16:11, Drunkard Zhang 写道: I got some bind servers doing iteration resolution, and return the results to users. But I found that some names got too big TTLs, whose RRs can not be replaced correctly by new RRs in time. This leads to user‘s blame, we have to flush the caches by hand, and

Re: Can I set TTL served to users in bind?

于 2012-3-9 17:20, Cathy Almond 写道: Many ISP's caching DNS servers do this stuff. > AFAIK there is not such an option for that, but you can do it from > BIND's source. max-cache-ttl ? Thanks Cathy for pointing out that. From what googled: http://www.menandmice.com/knowled

Re: glub or authauthority NS is cached and used at a cache dns server?

You might want to read my this blog； http://www.nsbeta.info/archives/115 HTH 于 2012-3-21 15:07, Felix New 写道: when i dumpdb from the cache dns, some domain's ns records are glue DNS, and others are authauthority. The TTL are different. which type is used in Cache DNS? ___

RE: Name Resolution issue with one domain

I don’t think the target is blocking as I get the following: dig www.dubaiairport.com ; <<>> DiG 9.8.1 <<>> www.dubaiairport.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36668 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;

RE: Restricting access & keeping identical data across views

Is signing not done at zone file level? For our views even when the zones are identical I keep separate copies for the internal and external views so I would have thought this wouldn't be an issue. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto

RE: Split DNS and zone transfers

You can also do it by IP in views but need separate IPs for each view. You can do that with virtual IPs on the same NICs as the primary IPs. Such virtual IPs of course have to be in the same subnet as the primary and also you’d need to insure firewall (including host level if any) is opened

RE: multiple ints: views or separate records?

As far as influence it seems you could restrict the connections on virtual IPs to specific subnets so that they don’t have a choice. This can be done via ACLs in the views and/or via firewall rules (e.g. in iptables if this were a Linux host). From: bind-users-bounces+jlightner=water@lists

RE: Moving DNS out of non-cooperative provider

Just to verify - when you say "old provider" you're just talking about somewhere you had pointed your DNS records to and NOT the actual Registrar for the domain? If it is the Registrar you have to make changes at the Registrar's site to change which DNS servers to use. If they're not being coo

RE: Compiling and testing on Fedora

Turning off SELinux also requires a reboot after changing mode. From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Shawn Bakhtiar Sent: Thursday, June 21, 2012 1:19 AM To: bind-us...@isc.org Subject: RE: Compi

RE: bind dies with assertion failure

As mentioned more than once on this list. Redhat starts with an upstream version of a given package (say BIND 9.7) then backports security and bug fixes from later upstream versions into theirs and add extended versioning (say 9.7-2.3.1). One would have to check Redhat's version to see what fi

RE: bind dies with assertion failure

I disagree about this being off topic. It IS in fact a BIND question but like many BIND implementations is specific to the user's setup. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Be

RE: Loaded zone files query

That assumes its Linux and is being logged to local /var/log/messages. For other *nix the log location and name is apt to be different. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Be

RE: disabling "Any" requests

Your answer was clearly meant to be tongue in cheek but I'm not sure you understood. The OP wasn't asking how to stop all (any) lookups - it was how to stop "dig -t any" which isn't the same thing at all. Presumably they still want to allow dig -t mx, dig www... etc... Personally I don't know

RE: Can't receive emails from another machine

To check whether BIND is your problem simply run "dig -t MX " on the host that is trying to send the email to your mail host. If it returns the right IP address for your mail host then BIND isn't the problem. For iptables/postfix this isn't really the right forum. You might want to try posti

Version statement...

.e. BIND 9.9.1-P2, both from the command line and from an outside query tool. What am I missing? Jeff ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@list

Re: Version statement...

Doesn't seem to work with or without the brackets. Does it matter what order it appears in the options list? Or a limit on number of characters? Jeff On Aug 17, 2012, at 12:34 AM, David Miller wrote: > > On 8/17/2012 1:13 AM, Jeff Justice wrote: >> I am trying to mas

Re: Version statement...

Okay, here's what I know: named-checkconf says there are no errors. There is only one named process running. When I apply my edited named.conf, the log shows named stopping and restarting with no errors. How can I check to see the path where my named process thinks named.conf is located?

Re: Version statement...

Okay, I have confirmed the correct named.conf file by simply removing it then restarting bind. It throws an error until replaced. So any other ideas why the version directive won't work? Can anyone confirm with 9.9.1-P2? Jeff On Aug 17, 2012, at 9:02 PM, Michael Hoskins (michoski)

Mangled secondary records...

the same BIND version on both primary and secondary. Help! Secondary is effectively down as a result... Jeff ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users

Re: Mangled secondary records...

Hmmmokay. It makes me wonder why my primary isn't doing this as well though. They have been running the same version. Jeff On Aug 18, 2012, at 2:53 AM, Michael Hoskins (michoski) wrote: > -Original Message- > > From: Jeff Justice > Date: Saturday, August

Re: Mangled secondary records...

Nevermind. I get it now. Thanks for pointing me in the right direction. Jeff On Aug 18, 2012, at 3:21 AM, Jeff Justice wrote: > Hmmmokay. It makes me wonder why my primary isn't doing this as well > though. They have been running the same version. > > Jeff >

Re: Version statement...

rsion statement only affects specific outputs. So it depends on how it's queried. That doesn't seem clear in the documentation unless I missed it...thus my confusion. Jeff On Aug 18, 2012, at 6:10 PM, Jeremy C. Reed wrote: > How are you testing it? W

RE: 2 dns records for same server

That is to say don't put the external servers in /etc/resolv.conf on your clients - only put the internal one there. (Or the Windows equivalent setup should only see your internal DNS server.) I would correct the prior post not to say "EVER" but rather "not directly". Often in an internal/ex

RE: What can cause excessive amount of _dns-sd queries?

Maybe blocking access by that IP will force the customer's tech folks to contact you? -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of wbr...@e1b.org Sent: Thursday, August 23, 20

RE: Zone Transfer issue on BIND9

You're putting the allow transfer on each zone? I don't think that's your issue but it seems odd to me. Here we do it at the view level. Also it appears you're using the same IP for at least two of your views - for view transfers to work properly here we setup virtual IPs on the DNS servers

Dig from workstation to answer?

I know that dig +trace can be used to see the path of name resolution starting from root server down to final answer. What I’m wondering is if there is some set of options that would go from workstation to final answer? That is to say only go to the root server if that is where the DNS topolo

openldap, dlz and dynamic dns updates from isc-dhcpd

ncryption be used to dynamically update BIND's DLZs, just as it can if zone files are used? Thanks, Jeff ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org http

Re: openldap, dlz and dynamic dns updates from isc-dhcpd

dity of DNS updates coming from the DHCP server. Am I on the right track? When I wrote 'encryption' this is what I was referring to. Thanks, Jeff ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

RE: Moving BIND from Solaris to Linux

We use RHEL mainly because that's our distro of choice for most of our applications. It is the most popular "commercial" distro is the one most 3rd party commercial applications (e.g. Oracle) support. (Of course SLES has a lot of support as well but not quite a much - others will tell you Ubu

RE: Moving BIND from Solaris to Linux

The reason I did the full discussion is that many shops are moving from proprietary UNIX (Solaris, AIX, HP-UX) or Windows to Linux solutions.If they are moving much infrastructure but just starting with BIND then he needs to consider what I wrote. Also I don't really agree that Ubuntu is th

RE: Moving BIND from Solaris to Linux

sc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Barry S. Finkel Sent: Tuesday, October 02, 2012 10:47 PM To: bind-users@lists.isc.org Subject: RE: Moving BIND from Solaris to Linux On 10/2/2012 4:26 AM, "Lightner, Jeff" wrote: > The reason I did the f

RE: issues with BIND since a change of server

Have you checked the host level firewall (e.g. iptables)? -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of John Miller Sent: Thursday, October 04, 2012 12:01 PM To: bind-users@list

RE: Performance tuning

For question 1: “Loading” is a function of the web site not DNS. Your first question could have to do what the default site is in your web configuration and what kind of rewrite rules are getting you to the other. If it were me I’d probably do some timed “host” or “dig” commands for the two re

Linux issue with make test failures, 9.9.2-P1

6 PASS I: 3 SKIPPED The same "make test" worked perfectly on Solaris SPARC. I ran bin/tests/systems/ifconfig.sh up as root, then ran "make test" (tried both as me and as root) -- failure. This happened on both a vmware virtual server and a physical server. Any

Re: Linux issue with make test failures, 9.9.2-P1

o the parallel compile (-j2), the tests worked. But I did not see any failures from a parallel compile either. Weird. Jeff Earickson Colby College On Thu, Dec 6, 2012 at 10:40 AM, Evan Hunt wrote: > Jeff Earickson wrote: >> The "make test" stuff is failing miserably for me on L

RE: restart named; missing TCP socket

Why use rndc to stop then the init script to start? Is there no /etc/rc.d/rc.named restart? On RHEL5 the init script has a restart option so it will stop then start. If a socket is open then it could take a finite amount of time for it to close making it unavailable on the restart if you ha

RE: How can I migrate my Domain from ISP hosted to my own BIND server?

To expand on that. The steps Manish wrote are what you do internally. What Sten is writing is external – your domains are “registered” somewhere and the “Registrar” points to the appropriate DNS servers – you’ll need to insure that it is pointing to your internal DNS servers. You can find out

Re: open-source tool for filter out stats from dns logs

tions/183977/what-commercial-and-open-source-competitors-are-there-to-splunk. Regards, Jeff ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.is

Re: injecting a temp entry into dns cache

Interesting. Intentionally "poison" your own cache so your users aren't inconvenienced by anothers misconfiguration. Not sure how you go about doing that on box. Perhaps bigger brains on this list can say. I have had occasion to forge answers locally as an immediate fix for name resolution issues

RE: chroot/etc/named/ directory?

Haven't done it on RHEL/CentOS 6.x yet but in RHEL5 with the bind-chroot installed I've always had: /var/named/chroot as the jail for BIND. /var/named/chroot/etc = Location of global config files such as named.conf /var/named/chroot/var/named = Location of the zone files. I don't see a /var/named

RE: SOA issue

Also make sure you’ve incremented the serial number in the zone file by at least 1. From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Chris Buxton Sent: Wednesday, February 13, 2013 12:58 PM To: Paul A Cc: b

Re: ISC Security Advisory: CVE-2013-2266 (Adam Tkac)

Dear Adam, In order to minimize exploitation, we are trying to not spell out the specific nature of the flaw publicly. I will respond to you directly with a more detailed explanation. Regards, Jeff Wright ___ Please visit https://lists.isc.org/mailman

Re: Looking for info about BIND support for International Domain Names

You'll need libidn and libiconv. IDN code is in the bind-9.x tarball in contrib/idn/idnkit-1.0-src You need to include the --with-idn=yes and --with-iconv=yes options. I recall having had to configure and build idn first, and then build bind including the options in each. Jeff R. On Tue,

RE: Install DNS Server

Any reason why you’re using CentOS 5.7 given that 6.4 (and maybe later) is available? if this is a new system you really ought to think about use the 6.x stuff. 5.x is long in the tooth even though still supported it has many older upstream packages of things including BIND. CentOS does put

RE: Performance Tuning RHEL 5 and Bind

Any reason you're using RHEL5 as opposed to RHEL6 if you're building new servers? RHEL5 is very long in the tooth and will go EOL sooner than RHEL6. Since you're using a BIND package not shipped with RHEL5 there's no reason on that account not to move up to RHEL6. -Original Message-

RE: Adding DS records

FYI: web.com recently bought NetSol and at least one other Registrar that escapes me at the moment. It might be worthwhile to see if any of their companies do this as you might have an easier time transferring and avoid some of the common games Registrars play to prevent it. I heartily recom

RE: Same internal and external zone

There is nothing that precludes you from having the same zone on different DNS servers. You make each "authoritative" so that any look up that hits that DNS server gets that server's records. You can then have separate entries for some items and the same for others. We do that here with at

whois expiration limit?

Hi, I know this is the BIND list but I’m thinking folks who deal with DNS probably may be able to answer this question about whois. We recently transferred and renewed a domain by 2 years which pushed its expiration to 01/25/2025. The order confirmation shows that expiration and looking at t

RE: whois expiration limit?

, February 19, 2014 4:17 PM To: bind-users@lists.isc.org Subject: Re: whois expiration limit? On 2014-02-19 20:44, Lightner, Jeff wrote: Hi, I know this is the BIND list but I’m thinking folks who deal with DNS probably may be able to answer this question about whois. We recently transferred and

RE: Does bind read /etc/hosts?

The confusion can come in because some UNIX variants (notably HP-UX) nslookup was modified to honor /etc/nsswitch.conf so it DOES check /etc/hosts if "files" precedes "dns". However, in most things (e.g. Linux, Solaris) nslookup (and the newer host command) do not look at /etc/hosts regardless

RE: Value of memory

Also remember that "used" reported by "free" in Linux on the first line includes memory pre-allocated to cache and buffers that is readily usable on demand so isn't really allocated to specific processes like you'd see in a similarly configured UNIX system. Be sure when trying to determine "us

RE: Change in behaviour regarding ndots and searchlist

I've begun seeing this recently in nslookup on Windows workstations as well. It appears it is appending search domains even when I've specified an FQDN. That is I have two search domains such as ex1.com and ex2.net and I typed short name "ralph" for nslookup or host it would give me "ralph.

RE: Change in behaviour regarding ndots and searchlist

hlist * Barry Margolin [2014-09-15 15:18]: > In article , > Steven Carr wrote: > > > On 15 September 2014 13:29, Lightner, Jeff wrote: > > > I've begun seeing this recently in nslookup on Windows workstations as > > > well.It appears it is appending sea

Filter dns update requests?

Is there a way to setup bind to use an external filtering script to filter out requests? example1: Say I have a cisco dhcp server and some windows clients and some other clients. Further lets say I have two domains on my dhcp scope. WinCli1 is on ad.abc.org WinCli2 is on ad.xyz.org Printer1 gets

Re: Filter dns update requests?

On Thu, Jan 29, 2015 at 10:02 AM, Tony Finch wrote: > Jeff Sadowski wrote: > >> Is there a way to setup bind to use an external filtering script to >> filter out requests? > > Have you read the ARM's section on dynamic update policies? The built-in > facilities

RE: SRV records etc

SRV definitely still required for some applications. Some cloud based application providers have you add them to verify you own the domain to which they're tying their services so you don't use them to hijack other people's domains. -Original Message- From: bind-users-boun...@lists.is

RE: Getting Error || unable to convert errno to isc_result

On RHEL the kernel doesn't change within the main release (RHEL6) in this case will always be 2.6.32-xx and RHEL does the support including back porting bug and security fixes into their extended release (which isn't the same as the base kernel). They do the same thing for the BIND release

RE: Getting Error || unable to convert errno to isc_result

a. s. Křižíkova 36a/237 186 00 Praha 3, Česká Republika Tel.:+420.226204627 daniel.rysl...@dialtelecom.cz --- www.dialtelecom.cz Dial Telecom, a.s. Jednoduše se připojte --- On 02/11/2015 10:32 PM, Lightner, Jef

RE: Request to provide procedure for bind upgrade

The package is “bind” not “named”. The daemon is called “named”. You can type “rpm –qf $(which named)” to determine which package installed that daemon. (Likely it was bind.) Also if you’re running the chroot’ed version you’d want the package “bind-chroot”. I’d suggest you run “rpm –qa |

RE: Request to provide procedure for bind upgrade

Good point. Fedora isn't really a good choice for Production systems - it is bleeding edge with short life cycle (usually new version is out 6 months later and they only support the most recent 2.) Fedora is used as a test bed for what ends up in RHEL later. RHEL has much longer life cycle b

RE: Config large tuning and out of memory

CentOS 5.x does have a 64 bit version. 5.2 is quite old - they're up to 5.10 or 5.11 these days. I don't think you can just change from 32 bit to 64 bit - I think it requires a reinstall from the 64 bit installation media. If you have do a reinstall you're better off going to at least Cen

Fwd: Different answer when querying @server from different clients

P.S. I think that is an outdated method. It should break DNSSEC. Views from bind would probably be a better way. On Fri, Mar 6, 2015 at 3:52 PM, Arthur Ramsey wrote: > I had to disable DNS ALG on Juniper SRX series firewall. > > Thanks for the help, > Arthur > > > On 03/0

RE: Single slave zone definition for two view (cache file name problem)

4.x would be quite ancient. Where are you getting those version numbers? You should be using 9.x these days so I suspect the BIND version isn't what you think it is.Is it possible the version you're reporting is you OS rather than your BIND? What is reported when you run "named -v"? An

RE: Single slave zone definition for two view (cache file name problem)

It isn't really that hard to maintain two separate zone files for each domain. We've been doing it for years. It isn't really clear why you're using views if all your zone files are the same as you seem to imply. Here we do views specifically because for some domains the zone files DO need

subdomain with domain

The other day I found that my secondary name servers running bind where not dishing out _msdcs. SRV records This was causing join issues. It turned out that the Domain controller had 2 different scopes one for _msdcs. and one for so I shared the second _msdcs. scope with all my bind secondary

RE: subdomain with domain

C: 678-772-0018 F: 678-460-3603 E: jlight...@dsservices.com -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Graham Clinch Sent: Wednesday, April 01, 2015 11:56 AM To: Jeff Sadowski; bind-users@lists.isc.org Subject: Re: subd

Recall: subdomain with domain

Lightner, Jeff would like to recall the message, "subdomain with domain". CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distri

Variable in name of file for named.conf

I have a number of slave domains that I would like a naming scheme and not have to go to each and change the filename. I have the following zones zone "1.168.192.in-addr.arpa" { include "named.slave"; }; zone "2.168.192.in-addr.arpa" { include "named.slave"; }; zone "3.168.192.in-

RE: com.google how did they do that

Not all the new TLDs are company specific. Some are more generic but useful to certain industries. There are 2 or 3 TLDs that I assume will appear sooner or later and I really wish I had the capital to make them as I know as soon as they are available many companies will use them so they'd be

Re: Variable in name of file for named.conf

On Wed, Apr 1, 2015 at 8:09 PM, Barry Margolin wrote: > In article , > Jeff Sadowski wrote: > >> I have a number of slave domains that I would like a naming scheme and >> not have to go to each and change the filename. >> >> I have the following zones &

Re: Variable in name of file for named.conf

On Thu, Apr 2, 2015 at 11:09 AM, Jeff Sadowski wrote: > On Wed, Apr 1, 2015 at 8:09 PM, Barry Margolin wrote: >> In article , >> Jeff Sadowski wrote: >> >>> I have a number of slave domains that I would like a naming scheme and >>> not have to go to each

RE: stumped on sub domain addition

Did you change the sequence/serial in the SOA and reload the zone? Doing dig tests for euca.us I get it’s “A” record and for www.euca.us I get is CNAME. That suggests you didn’t setup onqsolutions record properly. Looking at your www CNAME in your zone file might let you k

RE: stumped on sub domain addition

Services of America, Inc. 2300 Windy Ridge Pkwy Suite 600 N Atlanta, GA  30339-8461   P: 678-486-3516 C: 678-772-0018 F: 678-460-3603 E: jlight...@dsservices.com -Original Message- From: lists - euca [mailto:li...@euca.us] Sent: Thursday, July 23, 2015 2:23 PM To: Lightner, Jeff Cc: Bin

RE: How to properly update chroot-bind

Since the OP says he's not in Production yet I'd strongly advise moving on to CentOS 7 for multiple reasons. I has a new base version of BIND and also has a 3.x kernel. However, there is a learning curve because it also uses systemd rather than Sys V init. The way bind-chroot runs is signifi

RE: DNS format error

http://www.vip.icann.org/DS? The http:// and /DS wouldn't be part of DNS name itself so you can't dig for that. You'd have to point a browser (or command line tool like wget or curl) to get that web page. The vip IS part of the DNS name. Did you try "dig www.vip.icann.org"? It works for m

RE: Multiple A and PTR and the "main" ones?

Actually some mail servers DO check not only that a PTR exists but also that it is not "generic". Every once in a while we get someone complaining because one of the big sites (Ebay?) refuses to accept their email due the "generic" (as defined by that site's policies) nature of our PTR. We

RE: init script

Which Linux or UNIX distribution and version are you using? As Omer suggests most of them include a bind package with prebuilt init scripts - you can download the BIND package then extract the init scripts from it. (deb is for Debian derived Linux distros, rpm for Redhat derived distros - mig

RE: Why two lookups for a CNAME?

Because the purpose of DNS primarily is to equate a name with an IP as applications talk to IPs not to names. When you have a CNAME you’re equating one name with another name. That other name then has to be looked up so the application knows what IP access. This saves time if you have multi

RE: Cloud DNS providers for secondary DNS

The OP mentioned notifying Registrars. He'll also need to notify whoever his ISP is if he has arpa zones for reverse lookups and they are delegating to his name servers. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of J

RE: Bind9 on VMWare

We chose to do BIND on physical for our externally authoritative servers. We use Windows DNS for internal. One thing you should do if you're doing virtual is be sure you don't have your guests running on the same node of a cluster. If that node fails your DNS is going down. Ideally if

RE: PCS, Corosync, Pacemaker, and Bind

You might want to try "ip a" vs ifconfig. RHEL7 uses Network Manager and in the past I've found some things don't show up in ifconfig output when doing alias/virtual interfaces. Usually even when other products (e.g. Oracle RAC/GRID) create virtual interfaces they still show up as valid int

RE: about NS server authorize

As others said this isn't really a BIND issue. EPP key is what some Registrars call the authorization code for domain registration transfers. Did you recently attempt to transfer this zone from one Registrar to another? Did you get confirmation that the transfer (not just the request for t

RE: Regarding compiling BIND 9.10.3-p4 on a SystemD Distro

Since there are BIND packages (9.9.4) for RHEL7/CentOS7 available from default repositories you could download those packages and extract the systemd files from them and examine what they've done. With systemd the methodology isn't that BIND notifies other things that it is up. It is that othe

RE: Regarding compiling BIND 9.10.3-p4 on a SystemD Distro

s here. -Original Message- From: Tony Finch [mailto:fa...@hermes.cam.ac.uk] On Behalf Of Tony Finch Sent: Wednesday, March 23, 2016 9:52 AM To: Lightner, Jeff Cc: bind-users@lists.isc.org Subject: RE: Regarding compiling BIND 9.10.3-p4 on a SystemD Distro Lightner, Jeff wrote: > > Wit

RE: Regarding compiling BIND 9.10.3-p4 on a SystemD Distro

The RedHat/CentOS version starts with an upstream version from ISC. At the time they first get it they optimize to fit within the other packages they’ve setup on the specific major release (e.g. RHEL5 had BIND 9.3.6, RHEL7 has BIND 9.9.4). After that they put their own extended versioning o

Multiple AD domains

On the samba mailing list they described setting up the DC as the NS and forward to another machine for more rules. This will work fine for one domain. Now lets say I have 2 domains. If I setup forwarders like so on 192.168.1.1 zone "domainA" IN { type forward; forward only; forwarders { 192.168.

Re: Multiple AD domains

should I setup 192.168.1.1 as slaves to these two domains would that fix it? On Wed, Jul 27, 2016 at 12:56 PM, Jeff Sadowski wrote: > On the samba mailing list they described setting up the DC as the NS and > forward to another machine for more rules. > This will work fine for one do

Re: Multiple AD domains

68.2.1 and 192.168.3.1 in options notify yes; also-notify { 192.168.1.252; }; allow-transfer { 192.168.1.252; }; On Wed, Jul 27, 2016 at 1:11 PM, wrote: > > From: Jeff Sadowski > > > On the samba mailing list they described setting up the DC as the NS > > and forward

Re: Multiple AD domains

68.2.1 and 192.168.3.1 in options notify yes; also-notify { 192.168.1.1; }; allow-transfer { 192.168.1.1; }; On Wed, Jul 27, 2016 at 1:20 PM, Jeff Sadowski wrote: > I'm going to try slaves like so > > If I setup slave zones like so on 192.168.1.1 > > zone "domainA"

Re: Multiple AD domains

> of apex NS records to the zone). Beyond a certain threshold, you’d want to > set up a multi-level slaving/NOTIFY hierarchy on the BIND side… > > > > > - Kevin > > > > > > > > > > *-

Re: 9.16 on older platforms

r packages. I haven't had the time to get it all working yet. -- Jeff Wieland, UNIX/Network Systems Administrator Purdue University IT Infrastructure Services UNIX Platforms ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to un

Problem building BIND 9.11.23 on SPARC Solaris 10 w/ isc_atomic_xadd

this same problem with BIND 9.11.14, which was fixed with a patch. -- Jeff Wieland, UNIX Systems Administrator Purdue University IT Infrastructure Services UNIX Platforms ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from t

  1   2   3   4   >