Le 1 juin 2023 Bonno Bloksma a écrit :
>> If you get an answer it's a dnssec problem with the error message in your
>> logs. If there is no answer it's another problem.
> Well, it seems I get an answer with the +cd option, and none without.
Yes. If I do :
# dig tio.nl A +dnssec +multiline
; <<
Hi,
@Tim,
If I use the dnssec-validation no; option then indeed it all works. Just tested
it again to make sure.
And as a final solution to this problem I might accept it, but I would rather
not.
@Michel,
> I reread all our mails and I miss to ask you this one (as answers via
> external dns
Le 1 juin 2023 Bonno Bloksma a écrit :
> I can do that, but ... that is only for inbound traffic TO my dns server on
> this network.
> That part is working without any problem. Changing that will not change
> anything for the clients on this network.
You are right. I simply used to fix explicit
On Thu, 1 Jun 2023, Bonno Bloksma wrote:
My bind instance can reach the company dns server buy claims the response is
false/insecure
Does that maybe mean that my bind gets a "normal" response from the company dns
whereas the external dns at toplevel .nl. (being the parent zone) tells that an
Hi,
>> linbobo:~# ss -nap | grep named
>> tcp LISTEN 0 10 [2a02:a45f:96c2:1:1e69:7aff:fe0c:65e3]:53 [::]:*
>> users:(("named",pid=554,fd=78))
>> tcp LISTEN 0 10 [fe80::1e69:7aff:fe0c:65e3]%eno1:53 [::]:*
>> users:(("named",pid=554,fd=71))
>> tcp LISTEN 0 10 [fe80::33bc:2b:d928:991d]%tun0:53 [::]:*
Le 1 juin 2023 Bonno Bloksma a écrit :
> linbobo:~# ss -nap | grep named
> tcp LISTEN 0 10 [2a02:a45f:96c2:1:1e69:7aff:fe0c:65e3]:53 [::]:*
> users:(("named",pid=554,fd=78))
> tcp LISTEN 0 10 [fe80::1e69:7aff:fe0c:65e3]%eno1:53 [::]:*
> users:(("named",pid=554,fd=71))
> tcp LISTEN 0 10 [fe80::33bc
Hi,
> resolv.conf must have only one search entry. And you don't want to resolv
> with google directly. So you should have :
Ok, I have the google dns commented. Alhough Now I remember why I had the
google dns in there. ;-)
For my machine to create the VPN it needs to know the ip number of
Le 19 mai 2023 Bonno Bloksma a écrit :
> Been a few busy week, that is why I only respond now, sory.
Same for me :/
> beheerdertio@linbobo:~$ cat /etc/resolv.conf
> domain bobo.xs4all.nl
> search bobo.xs4all.nl
> search tio.nl
> search staf.tio.nl
> search student.tio.nl
> nameserver 127.0.0.1
>
Hi,
Been a few busy week, that is why I only respond now, sory.
Also as there is a lot of sensitive info in this mail, like a complete lost
to domain controllers to be hacked, ;-) I am sending it direct. I will send a
redacted version to the list
>> What does +cd do? I was unable to find it
Le 8 mai 2023 Bonno Bloksma a écrit :
> I also do not understand this difference when querying the internal dns
> server directly.
> Why does the +trace +cd not show an answer but when I leave them out I get a
> correct answer. Is that because +trace forces it to start at the root which is
> irre
Hi,
>> linbobo:/etc/bind# cat named.conf.local
>
> You have only zone blocks in this file, right ?
Yes,
> And you don't use views ?
I have no idea what they would do, but no. The word view is not in that file.
> Why does it first go to the public dns and then run into the dnssec problem?
> Th
Le 5 mai 2023 Bonno Bloksma a écrit :
> linbobo:/etc/bind# cat named.conf.local
You have only zone blocks in this file, right ?
And you don't use views ?
> Why does it first go to the public dns and then run into the dnssec problem?
> There is a direct definition for the tio.nl zone in my confi
Hi,
> In fact you don't resolv at all. Can you provide:
> dig einsccmdp-01.tio.nl +trace +cd
-
linbobo:~# dig einsccmdp-01.tio.nl +trace +cd
; <<>> DiG 9.16.37-Debian <<>> einsccmdp-01.tio.nl +trace +cd
;; global options: +cmd
. 430791 IN
Le 2 mai 2023 Bonno Bloksma a écrit :
> linbobo:/etc/bind# cat named.conf.local
> ---
> []
> zone "tio.nl" IN {
> type forward;
> forward only;
> forwarders {172.16.128.40; 172.16.208.10;};
> };
>
> zone "staf.tio.nl" IN {
> type forward;
Hi,
Lots of info and log quotes. I hope you can find the "normal" text.
>> We use a different dns server(s) and zonefile for the external dns
>> environment from what we use internally. Company dns is Windows server 2016
>> incase that is relevant.
>
> It's better to use dig (package bind9-dns
Le 28 avril 2023 Bonno Bloksma a écrit :
> We use a different dns server(s) and zonefile for the external dns
> environment from what we use internally. Company dns is Windows server 2016
> incase that is relevant.
It's better to use dig (package bind9-dnsutils) to first eliminate
problems on o
Hello,
I have a Debian machine at my home network performing several functions. Two of
those are dns server for my network at home and a VPN server to the company
network.
To facilitate my use of the VPN to the company network I am also forwarding all
dns requests tot the company domain to the
17 matches
Mail list logo