On 2/9/12 9:43 AM, "Lyle Giese" wrote:
> This is just my opinion, but this is not a bug. It's the side effect of
> a desirable feature called caching.
>
> Yea, we can brainstorm how to mitigate the effect, but in order to
> mitigate a problem, we have to know that there is a problem(revoked or
>
On 2/17/12 11:35 AM, "Anand Buddhdev" wrote:
> Gaurav,
>> I want to know how AKAMAI works
> First of all, don't use so many question marks; one is enough. And use
> it only if you're actually asking a question, not when stating something.
No one reads RFC 1855 anymore. ;-)
>> May be this is
On 2/23/12 8:48 PM, "vinny_abe...@dell.com" wrote:
> I kind of had the same thought... If ISC had a DNS outage due to expired
> signatures of a zone, what chance do I have in successfully deploying and
> maintaining DNSSEC for my zones? Sure, everyone makes mistakes, but I think it
> speaks volum
On 2/28/12 9:26 AM, "/dev/rob0" wrote:
> On Tue, Feb 28, 2012 at 01:16:16PM +0100, Marc Lampo wrote:
>> First of all : I do not deny DNSSEC adds a challenge for administrators.
>> They must understand that adding this additional SECurity aspect,
>> will generate extra work (keygeneration/re-genera
On 3/7/12 9:15 AM, "Barry Margolin" wrote:
> In article ,
> ro...@free.fr wrote:
>> I use bind on my network as DNS Server. Running bind
>> 1:9.6.ESV.R4+dfsg-0+lenny4
>> on Debian Lenny.
>>
>> The setup is quite usual : one master server with one slave server.
>>
>> The slave sync the zone from
On 3/8/12 8:15 AM, "Romgo" wrote:
> I can use a VIP for DNS server, but I though that master/slave
> configuration was made in order to avoid to use a VIP.
Master/slave was to avoid SPOF -- if the master dies, who cares with a
reasonable expire time. :-)
So go ahead, setup a VIP...even using fr
On 3/8/12 10:20 AM, "Mike Hoskins" wrote:
> On 3/8/12 8:15 AM, "Romgo" wrote:
>> I can use a VIP for DNS server, but I though that master/slave
>> configuration was made in order to avoid to use a VIP.
>
> Master/slave was to avoid SPOF -- if the master dies, who cares with a
> reasonable expir
On 3/9/12 8:39 AM, "Phil Mayers" wrote:
> On 09/03/12 16:23, Matthew Huff wrote:
>> Anyone have any suggestions/best practices/config examples for DNS load
>> balancing for internal use on CISCO ACE blades?
>>
>> I¹ve got the standard example working, but wondered about keepalive
>> frequency, t
On 3/9/12 7:58 AM, "Romgo" wrote:
> Even if I use a VIP I can reproduce the issue :
> If the first VIP (so the nameserver 1) is down, I'll have the same
> drawbacks. As the resolver will timeout before falling back to the second
> nameserver.
Sure, we don't live in a perfect world. You can estab
On 3/19/12 10:49 AM, "hugo hugoo" wrote:
> thanks for this quick answer.
> I am a liitle bit lost...
>
> What is the starting and ending SOA record?
>
> In the original zone, there is ony one SOA record...
FWIW,
When transferring it is normal to get the SOA as first and last record. Use
+on
On 3/19/12 11:58 AM, "Peter Andreev" wrote:
> 2012/3/19 hugo hugoo
>> Jay,
>>
>> - Can you give me an example of such configuration?
>>
>> As anyone else some examples of IPV6 reverse configuration used in
>> production environment?
>>
>> Thanks for sharing your experience...
>
> We use IPv6
On 4/30/12 2:56 PM, "Augie Schwer" wrote:
> I must be doing something wrong, because what I want to do doesn't
> seem that difficult.
>
> I have a range of IPs bound to a local interface:
>
> lo:1 Link encap:Local Loopback
> inet addr:10.0.0.1 Mask:255.255.255.224
This isn't a /
On 4/30/12 4:14 PM, "Augie Schwer" wrote:
> I think you've all missed the netmask there, 10.0.0.2 is in that range.
>
> augie@augnix:~$ sudo ifconfig lo:1 10.0.0.1 netmask 255.255.255.224
>
> augie@augnix:~$ ifconfig lo:1
> lo:1 Link encap:Local Loopback
> inet addr:10.0.0.1 Mask
On 4/30/12 10:17 PM, "Mark Andrews" wrote:
> The fact that you can ping them just means that you have a kernel
> bug.
Yeah, the bug is using Linux. ;-)
--
Don't worry about avoiding temptation -- as you grow older, it starts
avoiding you. -- The Old Farmer's Almanac
_
On 5/1/12 8:10 AM, "Anand Buddhdev" wrote:
> On 01/05/2012 16:36, Chris Thompson wrote:
>
>> Our regular DNS changes (via [scripted] nsupdate) always add the SOA
>> explicitly (it's going to change anyway, after all), setting the serial
>> to the Unix time(2) value. BIND may have been incrementin
On 5/1/12 2:32 PM, "Augie Schwer" wrote:
>> Contrary to what a lot of other people have suggested, it is in fact
>> possible using the socket API to bind() to IPs which aren't explicitly
>> created, due to special handling on the loopback interface. This can
>> certainly be done under Linux, for e
On 5/7/12 1:02 PM, "James Sheffer" wrote:
> We have been running name servers using QDNS (Mac) for eons but now I want to
> change that.
welcome to bind.
> I still have "NS1" (Master) set up and running with QDNS. It is also set to
> be the master for "NS2" so that shouldn't need changing (I ho
note: keeping replies on-list, so others can also chime in and help...
On 5/7/12 2:41 PM, "James Sheffer" wrote:
> On May 7, 2012, at 3:56 PM, michoski wrote:
>> On 5/7/12 1:02 PM, "James Sheffer" wrote:
>>> My first question is about my options. For
On 5/7/12 5:57 PM, "Barry Margolin" wrote:
> In article ,
> michoski wrote:
>> note: keeping replies on-list, so others can also chime in and help...
>> On 5/7/12 2:41 PM, "James Sheffer" wrote:
>>> My mistake - I thought "allow-notify"
On 8/30/11 12:08 PM, "Kevin Oberman" wrote:
> On Tue, Aug 30, 2011 at 11:33 AM, mfla wrote:
>> I use ProBIND to administrate my BIND servers.
>> I would like to know which other possibities be available for DNS central
>> management ?
> At my former employer, we used Nixu Namesurfer.
While we're
On 9/7/11 10:02 AM, "michoski" wrote:
> I'm guessing the BIND upgrade caused your startup script, named.conf location,
> or something critical to change location...
>
> Cliché I know, but there are good pointers on Google:
>
> http://is.gd/create.php
Apologies
On 9/7/11 9:39 AM, "Norman Fournier" wrote:
> I was running BIND successfully on OS X 10.4 Tiger. That webserver crashed and
> I replaced it with a new cpu and installed OS X 10.5 Leopard and have
> encountered a number of errors in my configuration. This is the latest error
> from the old config
On 9/15/11 4:14 AM, "kshitij mali" wrote:
> I repeated see domain lookup issue for the certain domain give an error
> :SERVFAIL . my server is configured for simple caching nameserver for the
> email delivery
>
> please find the error example below
> =
>
>
> dig com
On 9/15/11 12:19 PM, "Paul Romano" wrote:
> Does the lack of response indicate a lack of compelling reason or just lack of
> interest in this topic?
Not at all, folks are just busy I bet...
> Is there a way to tie an ROI into a DNSSEC deployment?
It's basically a risk analysis game. You shou
On 9/16/11 7:45 AM, "Ken Schweigert" wrote:
> Thinking maybe something happened to these devices, I listed them out
> and didn't see anything obviously wrong:
>
> [root@ns1 dev]# ls -l /dev/null
> crw-rw-rw- 1 root root 1, 3 Apr 8 14:46 /dev/null
> [root@ns1 dev]# ls -l /chroot/named/dev/null
>
On 9/17/11 2:56 AM, "babu dheen" wrote:
> I know that this forum is not meant for windows DNS environement. but if you
> can let me know some website or guide to add customer NS record in windows DNS
> environement, will be much helpful.
It's been many years since I administered AD, but I recall
On 9/26/11 12:48 AM, "Tom Schmitt" wrote:
> I just updated a couple of my DNS-servers from the rather old version 9.4.1 to
> a newer version 9.8.0-P4.
You want to get another cup of coffee, and plan an upgrade to 9.8.1 -- isn't
adminspotting fun? :-)
> After this I have problem with outages. Lo
On 9/27/11 1:15 PM, "Warren Kumari" wrote:
> On Sep 27, 2011, at 3:52 PM, Tom Schmitt wrote:
>> I tested "rndc reload" against "rndc reconfig" on five differrent servers,
>> Solaris and Linux, 9.8.0 and 9.4.1. On all servers the same result:
>> Both commands take roughly the same amount of time! S
On 9/28/11 5:32 AM, "Steve Arntzen" wrote:
> Is your firewall Cisco based?
>
> There is a known "default" setting in Cisco with respect to packet size
> for DNS. Our network guys run into this anytime they do an upgrade,
> etc. and have to go in and update the setting.
This bit me the first tim
On 9/30/11 10:12 AM, "John Wobus" wrote:
> I'm a BIND user who is clamoring to keep such a feature out of BIND.
In reality, there are plenty of you (us)... However, as usual (and
particularly for anything ruled by committee), a few (often with the most
capital) will ruin it for the many. For be
On 10/4/11 3:49 PM, "Paul B. Henson" wrote:
> dnssec is fairly complicated, and the issue of timing can be complex,
> but once the variables are determined than the actual procedures of
> implementation are pretty simple. Generate keys with appropriate
> publication, activation, inactivation, and
On 10/14/11 10:49 AM, "Walter Smith" wrote:
> I would like to setup latest BIND/named [slaves] within VMware environment -
> is there any implications I should be aware of?
> Since I saw some issues running NTPd on VMware - thinking may be 'named' might
> have similar issues...
No issues to date
Grab the BIND ARM for your version:
http://www.isc.org/software/bind/documentation
There it indirectly calls out that logging is it's own section (e.g. It
doesn't say "this is valid in options or views" like it does for many other
things)... It is it's own stanza:
options {
};
controls {
};
a
On 11/16/11 5:14 AM, "Phil Mayers" wrote:
> On 16/11/11 13:07, Warren Kumari wrote:
>> It was (very convincingly!) explained to me that INSISTS() are only
>> used for the "this should not happen" cases, and if the INSISTS()
>> were not there, many of the recent attacks may have led to much worse
>
On 11/16/11 10:55 AM, "Chris Brookes" wrote:
> Any info on whether the newly announced bug can be triggered before
> the query ACL is applied on a recursive only server? An authoritative
> only server ought to be safe?
Hmm, good question. Then folks with IDS/IPS hooks could potentially catch
who
On 11/16/11 1:20 PM, "Michael McNally" wrote:
> According to our best current understanding of the issue:
>
> + Authoritative-only nameservers should be safe and only
> recursing servers at risk.
>
> + From the security advisory we have posted on our website:
> ( http://www.isc.org/sof
On 11/16/11 2:35 PM, "Michael McNally" wrote:
> On 11/16/11 1:22 PM, michoski wrote:
>> Short time ago I grabbed the latest tarball from your download site, and
>> generated internal packages. I could have sworn that was 9.8.1-P4 (our
>> internal packages still hav
On 11/16/11 10:20 PM, "Hajducko, Steven"
wrote:
> We're actually going to move the zones to our Infoblox system, which is why we
> wanted to determine if we had enough time or if we had to bother with the
> recovery, hence the question.
Perhaps you want `dig @ soa +multiline`.
--
By nature, me
On 11/17/11 3:58 AM, "Gaurav Kansal" wrote:
> Can you please explain What is the meaning of "INVALID RECORD"?
I think doing so in overly verbose terms just helps script kiddies while
parts of the community schedule upgrades... It can be best not to rush this
type of detail.
Granted, "determ
On 11/17/11 1:45 PM, "/dev/rob0" wrote:
> What I should perhaps do: separate the authoritative named instance
> from the recursive one on the mail server. I suppose BIND 10 does
> this, by design?
Yes, that is best practice (I keep reading it in docs from people I trust,
like Cricket Liu). I've
On 1/3/12 12:46 PM, "Kevin Darcy" wrote:
> Those server folks have strange ideas about name resolution. Strange
> enough that sometimes I don't even understand what the hell they are
> trying to accomplish.
In all fairness, lots of folks have strange ideas. We should start with
standards -- soft
On 1/9/12 5:12 PM, "Bostjan Skufca" wrote:
> is binding to all interfaces at once already supported in bind9? I know named
> binds to each at-the-moment-available IP address but in HA environment with
> virtual interfaces a "rndc reload" is necessary for named to pick up a new
> interface, which l
On 1/9/12 11:38 PM, "babu dheen" wrote:
> Can anyone help me how to find bind & microsoft DNS software version using
> dig or nslookup command remotely?
There are various fingerprinting methods you can use, with widely varying
degrees of accuracy, but the most polite way is to use the SOA:
$ di
On 1/11/12 10:57 AM, "Doug Barton" wrote:
> Apples and oranges. The things listed below are actual bogons. Compare
> http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/namedb/named.conf?rev=1.36
When tracking bogons, it's certainly good to stay up to date. Another
related data point:
http://www.team
define "fake" -- if you mean rfc1918, you can block the ranges at ingress,
or with iptables or similar to avoid letting it hit bind at all.
-Original Message-
From: pangj
Date: Wednesday, June 27, 2012 6:36 PM
To: Tony Finch
Cc: "bind-users@lists.isc.org"
Subject: Re: prevent DNS attac
-Original Message-
From: Tony Finch
Date: Wednesday, July 4, 2012 7:54 AM
To: Cathy Almond
Cc: "bind-users@lists.isc.org"
Subject: Re: getting edns disabling message in logs
>Cathy Almond wrote:
>>
>>
>>https://kb.isc.org/article/AA-00708/55/Why-does-BIND-log-messages-about-d
>>isabl
-Original Message-
From: Ted Mittelstaedt
Date: Tuesday, July 10, 2012 6:24 PM
To: "bind-users@lists.isc.org"
Subject: What is the deal on missing "Authority Section" and
"additional section" from google's DNS servers?
> I can't seem to find an option to turn off additional data.
-Original Message-
From: Ted Mittelstaedt
Date: Wednesday, July 11, 2012 11:26 AM
To: "bind-users@lists.isc.org"
Subject: Survey - how many people running ISP nameservers
define "minimal-responses" - was Re: What is the deal on missing
"Authority Section" and "additional section" fr
stupid question: i spent all of five minutes looking around isc.org -- but
i did click all the top-level bind-related links, and couldn't find a
pointer to rt to search for this ticket. does it require a support
contract, is it internal-only, or am i just looking in the wrong place?
i wanted to
-Original Message-
From: Drunkard Zhang
Date: Sunday, July 15, 2012 5:29 PM
To: Eivind Olsen
Cc: ""
Subject: Re: RHEL, Centos, Fedora rpm vs ISC bind versions
>2012/7/16 Eivind Olsen :
>> Den 15. juli 2012 kl. 16:57 skrev Benny Pedersen :
>>
>>> change to gentoo/funtoo ?
>>
>> Some mig
turning a dead horse into a wet spot on the ground (in-line)...
-Original Message-
From: Oscar Ricardo Silva
Date: Tuesday, July 17, 2012 7:13 AM
To: "'bind-users@lists.isc.org'"
Subject: Re: 9.8.2 Assertion Failures
>Bailey, Morgan [BT] wrote:
>> Hi all
>>
>>
>>
>> We have recentl
-Original Message-
From: Paul Reilly
Date: Tuesday, July 24, 2012 11:06 AM
To: "bind-users@lists.isc.org"
Subject: Filtering IPv6 records?
>Is it possible using the BIND resolver to filter out record replies
>to end clients?
>
>Since Google added an IPv6 record, I'm havin
I would try using RPZ with a combination of views and match-clients.
http://jpmens.net/2011/04/26/how-to-configure-your-bind-resolvers-to-lie-us
ing-response-policy-zones-rpz/
-Original Message-
From: Emiliano Vazquez
Organization: PcCentro Informatica & CCTV
Date: Tuesday, July 24, 201
-Original Message-
From: Emiliano Vazquez
Organization: PcCentro Informatica & CCTV
Date: Thursday, July 26, 2012 7:28 PM
Cc: "bind-users@lists.isc.org"
Subject: Re: Block some users with Bind9
>I was reading about rpz zones but i understand what i need to do.
>I follow instructions but
-Original Message-
From: Peter Olsson
Date: Thursday, August 2, 2012 10:25 AM
To: Cathy Almond
Cc: "bind-users@lists.isc.org"
Subject: Re: What does "deleted from unreachable cache" mean?
>Excellent information, thanks!
Agreed. I really appreciate the effort ISC has put into the KB.
-Original Message-
From: Carsten Strotmann
Date: Saturday, August 4, 2012 8:37 AM
To: Alberto Rasillo
Cc: "bind-users@lists.isc.org"
Subject: Re: security BIND
>On Sat, 4 Aug 2012, Alberto Rasillo wrote:
>
>> Hi what are recomendations regarding security and DNS service?Thnks
>
>it is
-Original Message-
From: "dkole...@olearycomputers.com"
Organization: http://groups.google.com
Date: Tuesday, July 31, 2012 2:16 PM
To: "comp-protocols-dns-b...@isc.org"
Subject: new bind 9.9 and root NS
>I have a client who's migrating from an old bind 9.3 installation to a
>new bind 9
-Original Message-
From: Doug O'Leary
Date: Monday, August 6, 2012 9:58 AM
To: 'Doug Barton' , Mike Hoskins
Cc: "comp-protocols-dns-b...@isc.org"
Subject: RE: new bind 9.9 and root NS
>After the network admin verified there was no firewall rule differences,
>we
>powered off the old sec
You can specifically set version, authors, etc. but why not just block all
"CHAOS" queries? Do you really need it?
view "chaos" chaos {
match-clients { any; };
allow-transfer { none; };
allow-query { none; };
allow-recursion { none; };
recursion no;
-Original Message-
From: Jeff Justice
Date: Friday, August 17, 2012 6:10 PM
To: "bind-users@lists.isc.org"
Subject: Re: Version statement...
>Okay, here's what I know:
>
>named-checkconf says there are no errors.
>There is only one named process running.
>When I apply my edited named.co
-Original Message-
From: Jeff Justice
Date: Saturday, August 18, 2012 12:24 AM
To: "bind-users@lists.isc.org"
Subject: Mangled secondary records...
>I made a change in all of the master records and wanted to force the
>slave to update.
>
>I deleted all the host files on the secondary an
-Original Message-
From: Dwayne Hottinger
Date: Saturday, August 18, 2012 5:49 AM
To: "bind-users@lists.isc.org"
Subject: 2 dns records for same server
>I need to have 2 seperate dns records for the same servername.
>Essentially when inside my network (10.) I need it to resolve to a 10
-Original Message-
From: Mark Picone
Date: Thursday, August 23, 2012 10:45 PM
To: "bind-users@lists.isc.org"
Subject: Static-stub zones and forwarding
>Hi All,
>
>I am in the process of migrating all of our client facing resolver hosts
>back to BIND (from unbound) and have hit a roadblo
-Original Message-
From: Chuck Swiger
Date: Friday, October 19, 2012 5:09 PM
To: John Miller
Cc: DNS BIND
Subject: Re: transparent DNS load-balancing with a Cisco ACE
>>
>> We're on a /16, so we have plenty of public IPs (though not as many as
>>you!) to play with, too. The choice to
-Original Message-
From: Warren Kumari
Date: Friday, October 19, 2012 8:56 PM
To: Alan Clegg
Cc: "bind-us...@isc.org"
Subject: Re: Disable log message
>
>On Oct 19, 2012, at 6:13 PM, Alan Clegg wrote:
>
>>
>> On Oct 18, 2012, at 1:13 PM, Chris Thompson wrote:
>>
>>> On Oct 18 2012,
-Original Message-
From: jagan padhi
Date: Thursday, October 25, 2012 1:21 PM
To: DNS BIND
Subject: Re: transparent DNS load-balancing with a Cisco ACE
>Hi,
>
>Is it possible to configure BIND for IPV4 and IPV6 in the same server?
>
>Regards,
>Jagan
Yes, we've been doing that since w
-Original Message-
From: Martin McCormick
Date: Wednesday, November 7, 2012 1:12 PM
To: "bind-users@lists.isc.org"
Subject: Should Root Servers Always be Queried First? bind9.7.7
>If I do:
>
>dig @localhost +short +trace somehost.okstate.edu
>
>on a server authoritative for the okstate.
-Original Message-
From: Matus UHLAR - fantomas
Date: Tuesday, November 27, 2012 12:28 PM
To: "bind-users@lists.isc.org"
Subject: truncated responses vs. minimal-responses?
>Hello,
>
>last few weeks I have seen many discussions over UDP truncating and using
>"minimal-responses yes;" to
-Original Message-
From: "Jeremy C. Reed"
Date: Friday, November 30, 2012 4:18 PM
To: "Adamiec, Lawrence"
Cc: "bind-users@lists.isc.org"
Subject: Re: another performance tuning question
>On Fri, 30 Nov 2012, Adamiec, Lawrence wrote:
>
>> I got similar results when running against the m
-Original Message-
From: Phil Mayers
Date: Thursday, January 3, 2013 9:44 AM
To: "bind-users@lists.isc.org"
Subject: Re: Distribute named.conf
>On 03/01/13 14:36, Warren Kumari wrote:
>
>> Yup, have a look at Puppet.
>>
>> For the first while it will seem like way way more work than it
-Original Message-
From: Jeff Wright
Date: Thursday, January 3, 2013 8:41 AM
To: "bind-users@lists.isc.org"
Subject: Re: open-source tool for filter out stats from dns logs
>There might be some tools already out there (like Splunk) that do this
>for you. I think you can get a free Splu
-Original Message-
From: "wbr...@e1b.org"
Date: Thursday, January 3, 2013 2:29 PM
To: "bind-users@lists.isc.org"
Subject: Re: Distribute named.conf
>How does Puppet compare to Ansible? http://ansible.cc/
Thanks for sharing, first I'd heard of it...
>From a quick glance (in a rush atm
-Original Message-
From: "wbr...@e1b.org"
Date: Thursday, January 3, 2013 3:15 PM
To: Mike Hoskins
Cc: "bind-users@lists.isc.org" ,
"bind-users-bounces+wbrown=e1b@lists.isc.org"
Subject: Re: Distribute named.conf
>Mike wrote on 01/03/2013 02:45:29 PM:
>
>> Thanks for sharing, first
-Original Message-
From: Jan-Piet Mens
Date: Tuesday, January 8, 2013 4:35 PM
To: "bind-users@lists.isc.org"
Subject: Re: gitnamed, a project to manage name server by git
>> GitNamed is a project that manage name server by git. you can clone
>> the git repo to any workstation, edit zone
-Original Message-
From: Daniele
Date: Wednesday, January 9, 2013 9:17 AM
To: "bind-users@lists.isc.org"
Subject: Re: Name resolution fails if not forwarding
>This is the scenario.
>
>I installed BIND9 via `apt-get` on a newly installed UBUNTU 12.04,
>virtualized on VirtualBox.
>The net
-Original Message-
From: Gaurav Kansal
Date: Wednesday, January 9, 2013 12:34 AM
To: Sten Carlsen , "bind-users@lists.isc.org"
Subject: Re: query about EDNS UDP Packet
>Thanks for help.
>My Firewall was dropping packet size larger than 512 bytes.
>Cisco 5580 having ASA 8.3. It is by def
-Original Message-
From: Vernon Schryver
Date: Wednesday, January 16, 2013 5:05 PM
To: "bind-users@lists.isc.org"
Subject: Re: MNAME not a listed NS record
>> From: Dave Warren
>
>> Various online DNS diagnostic tools throw warnings,
>
>Speaking of so called DNS diagnostic tools, one c
-Original Message-
From: Alan Batie
Date: Thursday, January 17, 2013 1:52 PM
To: "bind-users@lists.isc.org"
Subject: Re: what do you use for logging?
>On 1/17/13 10:48 AM, Jan-Piet Mens wrote:
>
>>> By the way, all of the BIND10 logging
>>> messages are unique and we provide a paragraph
-Original Message-
From: Timothe Litt
Date: Friday, January 25, 2013 6:13 PM
To: "bind-users@lists.isc.org"
Subject: Re: BIND 9.9.3b1 is now available
>On 25-Jan-13 17:32, Michael McNally wrote:
>> BIND 9.9.3b1 is the first beta release of BIND 9.9.3.
>>
>> Makes available a new X
Note: Removing cross-post, but feel free to forward.
-Original Message-
From: Nick Urbanik
Date: Tuesday, February 12, 2013 10:00 PM
To: "keepalived-de...@lists.sourceforge.net"
, "bind-users@lists.isc.org"
Subject: Slaving from DNS masters behind LVS
>Dear Folks,
>
>We have a pair of
-Original Message-
From: Robert Moskowitz
Date: Wednesday, February 13, 2013 10:53 AM
To: "bind-users@lists.isc.org"
Subject: chroot/etc/named/ directory?
>I am upgrading my server from bind-9.3.6 via Centos 5.5 to 9.8.2 in
>Centos 6.3.
>
>I have and will run bind chrooted and on my tes
-Original Message-
From: Robert Moskowitz
Date: Wednesday, February 13, 2013 2:15 PM
To: Mike Hoskins
Cc: "bind-users@lists.isc.org"
Subject: Re: chroot/etc/named/ directory?
>>Having said all that, you might search the archives (SRPMS have been
>> provided by community members) or oth
-Original Message-
From: Jan-Piet Mens
Date: Friday, February 15, 2013 12:57 AM
To: "bind-users@lists.isc.org"
Subject: BIND9 statistics-server: JSON?
>As a fan of BIND's statistics-server I was tempted to see if I could
>reduce the size of the data (XML) named produces by adding an opt
-Original Message-
From: Robert Moskowitz
Date: Friday, February 15, 2013 1:33 PM
To: "bind-users@lists.isc.org"
Subject: Randoming ports and firewall rules
>So it is past time for me to only use port 53 and support port
>randomization. But I do run iptables (and ip6tables) and the ser
-Original Message-
From: Jsilliman
Date: Wednesday, February 20, 2013 1:57 PM
To: Alan Clegg
Cc: "bind-users@lists.isc.org"
Subject: Re: Cannot create A record issue
>Ubuntu does not use that:
>
>root@:/etc/bind# cat /etc/resolv.conf
># Dynamic resolv.conf(5) file for glibc res
-Original Message-
From: Robert Moskowitz
Date: Thursday, February 21, 2013 12:53 PM
To: Vernon Schryver
Cc: "bind-users@lists.isc.org"
Subject: Re: allow-query and views
>Whow... This is news. A hidden view? Where is this documented. I
>have no restrictions in my general options s
-Original Message-
From: Sowmya Manjanatha
Date: Thursday, February 21, 2013 1:11 PM
To: "bind-users@lists.isc.org"
Subject: Re: BIND master , Windows 2008 stub zone not transferring
>Well, I have a stub zone on Windows 2008 server set-up to use two
>different BIND server as its list of
-Original Message-
From: Shawn Bakhtiar
Date: Friday, February 22, 2013 12:06 AM
To: "bind-users@lists.isc.org"
Subject: RE: Registrar that supports self-run domains and provides
DNSSEC support
>2) We don't buy or maintain street addresses from a for profit company,
>why should domain
-Original Message-
From: Kevin Darcy
Date: Monday, April 1, 2013 2:46 PM
To: "bind-users@lists.isc.org"
Subject: Re: Forward First on Master Zone (bypass SOA)
>On 3/29/2013 12:09 AM, Doug Barton wrote:
>> On 03/28/2013 12:28 PM, Ben-Eliezer, Tal (ITS) wrote:
>>> My organization is evalu
-Original Message-
From: Chris Thompson
Date: Friday, April 5, 2013 3:10 PM
To: Bind Users Mailing List
Subject: Re: Simple question about zone and CNAME
>On Apr 5 2013, John Wobus wrote:
>
>>> DNAME?
>>
>>Or SRV records. Surely browsers are adding support
>>in the next day or two?
>
-Original Message-
From: Doug Barton
Date: Saturday, April 13, 2013 12:34 AM
To: "bind-users@lists.isc.org"
Subject: Re: ANNOUNCEMENT: New BIND versions are available.
>Michael,
>
>Thanks for this announcement, and a welcome change.
>
>Given the following:
>
>1. bind-announce is very l
-Original Message-
From: Chu Ha Khanh
Date: Tuesday, April 16, 2013 10:25 PM
To: 'Jaco Lesch'
Cc: "bind-users@lists.isc.org"
Subject: RE: Caching server - named process is limit at 500MB
>Hi,
>
>How to check 64 bit version of bind?
>
>I often download source code from isc.org and com
-Original Message-
From: Jeremy P
Date: Wednesday, May 8, 2013 1:33 PM
To: Steven Carr
Cc: bind-users
Subject: Re: architecture question
>I understand letter of the law, spirit of the law and playing it safe to
>avoid headaches.
>
>However, there are times where registering a real doma
-Original Message-
From: Jonathan Reed
Date: Wednesday, May 8, 2013 4:38 PM
To: Jeremy P
Cc: bind-users
Subject: Re: architecture question
>It would be a waste of money as their systems never leave the local
>network, except through a NAT connection.
>
>Godaddy is selling .coms for $0.
-Original Message-
From: Tony Finch
Date: Thursday, May 9, 2013 11:01 AM
To: Matus UHLAR - fantomas
Cc: "bind-users@lists.isc.org"
Subject: Re: architecture question
>Matus UHLAR - fantomas wrote:
>> On 09.05.13 10:21, Tony Finch wrote:
>> > Right. Give each student a subdomain of som
-Original Message-
From: Narcis Garcia
Date: Wednesday, June 5, 2013 12:43 PM
To: "bind-users@lists.isc.org"
Subject: This list's prefix
>It's not the only mailing list where I'm subscribed.
>Could please the administrator setup a prefix for messages' subject?
>
>For example:
>[bind-u]
-Original Message-
From: Narcis Garcia
Date: Wednesday, June 5, 2013 1:02 PM
To: "bind-users@lists.isc.org"
Subject: Re: This list's prefix
>Somebody has answered me privately and didn't realized until I've
>checked all details of each message. I've been near to respond to the
>list abo
-Original Message-
From: Warren Kumari
Date: Wednesday, June 5, 2013 1:46 PM
To: Narcis Garcia
Cc: "bind-users@lists.isc.org"
Subject: Re: This list's prefix
>--
>Curse the dark, or light a match. You decide, it's your dark.
>-- Valdis Kletnieks
Very appropriate!
-Original Message-
From: "Elmar K. Bins"
Organization: unorganized since 1789
Date: Thursday, June 6, 2013 6:18 AM
To: "bind-users@lists.isc.org"
Subject: Re: This list's prefix
>s...@resistor.net (SM) wrote:
>
>> >And the 100-dollar-question is: How do you remove them on outgoing
>>mai
-Original Message-
From: Gaurav Kansal
Date: Monday, June 17, 2013 3:27 AM
To: "bind-users@lists.isc.org"
Subject: Health Check feature in BIND ?
>Dear All,
>
>I was just thinking whether it is possible to have a some type of health
>checking of servers through BIND DNS Server and DNS
1 - 100 of 175 matches
Mail list logo