Re: your mail
John, welcome to the list of people being moderated. Trolling and harassing other users on the lists is not welcomed here. Please pick your fights elsewhere. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 16. 1. 2022, at 4:53, John W. Blue via bind-users > wrote: > > Lol. The footer joke was just to give you something legitimate to complain > about. > > *yawn* > > -Original Message- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of > Reindl Harald > Sent: Saturday, January 15, 2022 9:50 PM > To: bind-users@lists.isc.org > Subject: Re: your mail > > > > Am 16.01.22 um 04:47 schrieb John W. Blue via bind-users: >> Lol. I am not going to do that either. Lol. > > can you do us all a favor and stop writing useless mails to lists at saturday > night? > > that footer is for morons which send messages with "unsubscribe" to mailing > lists all the time > >> -Original Message- >> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf >> Of Reindl Harald >> Sent: Saturday, January 15, 2022 9:44 PM >> To: bind-users@lists.isc.org >> Subject: Re: your mail >> >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> ___ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ for more information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: your mail
Lol. The footer joke was just to give you something legitimate to complain about. *yawn* -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Reindl Harald Sent: Saturday, January 15, 2022 9:50 PM To: bind-users@lists.isc.org Subject: Re: your mail Am 16.01.22 um 04:47 schrieb John W. Blue via bind-users: > Lol. I am not going to do that either. Lol. can you do us all a favor and stop writing useless mails to lists at saturday night? that footer is for morons which send messages with "unsubscribe" to mailing lists all the time > -Original Message- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf > Of Reindl Harald > Sent: Saturday, January 15, 2022 9:44 PM > To: bind-users@lists.isc.org > Subject: Re: your mail > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: your mail
Am 16.01.22 um 04:47 schrieb John W. Blue via bind-users: Lol. I am not going to do that either. Lol. can you do us all a favor and stop writing useless mails to lists at saturday night? that footer is for morons which send messages with "unsubscribe" to mailing lists all the time -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Reindl Harald Sent: Saturday, January 15, 2022 9:44 PM To: bind-users@lists.isc.org Subject: Re: your mail Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: your mail
Lol. I am not going to do that either. Lol. -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Reindl Harald Sent: Saturday, January 15, 2022 9:44 PM To: bind-users@lists.isc.org Subject: Re: your mail Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: your mail
Am 16.01.22 um 04:39 schrieb John W. Blue via bind-users: /diverging tangent I don't want to diminish any contribution to the good of the cause that anyone is willing to make but ... I am not going to stop top posting. Personally, commentary about top posting is so 1997. Perhaps it is also because I have reached an age where I just don't care anymore. besides the subject "Re: your mail" annoys me from the beginning (because the OP even didn't care about a useful suject which leads into the trash can): in communcation when you expect that someone reads what you have to say it's not about what *you* care ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: your mail
/diverging tangent I don't want to diminish any contribution to the good of the cause that anyone is willing to make but ... I am not going to stop top posting. Personally, commentary about top posting is so 1997. Perhaps it is also because I have reached an age where I just don't care anymore. *shrug* John -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of G.W. Haywood via bind-users Sent: Saturday, January 15, 2022 9:29 AM To: bind-users@lists.isc.org Subject: Re: your mail Please do not top post. Some of us are on the digest list, and it makes trawling through all the unnecessary garbage very tedious, as well as prone to errors and misunderstandings. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: your mail
Hi there, On Sat, 15 Jan 2022, Diego Garcia wrote: On Sat, Jan 15, 2022 at 2:14 PM G.W. Haywood via bind-users wrote: > On Sat, 15 Jan 2022, Diego Garcia wrote: > > ... > > network unreachable resolving 'play.google.com/A/IN': 216.239.36.10#53 > > ... > ... If you are getting 'network unreachable' messages then likely there's > something wrong with your network setup. ... really? Yes, really. Please do not top post. Some of us are on the digest list, and it makes trawling through all the unnecessary garbage very tedious, as well as prone to errors and misunderstandings. my first post have a tcpdump capture packet, dig trace... Nothing in your first post mentions 'network unreachable' messages. You do, however, say that things work for a time, then they break, then work again, and then... I really do think that asking BIND to use an unreliable connection to the Internet is going to cause you endless problems which will often be difficult to diagnose. Until you can be sure that there's nothing getting in BIND's way you probably aren't asking the right questions. This does not look like a problem with BIND itself. Perhaps it's time to run some stress tests on the network. -- 73, Ged. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: your mail
Not be ornery but honestly, for me, globs of text that is pasted into an email is TLDR because I cannot *do* anything with it. So I skip it out of hand. A real tcpdump packet capture is a file that can be loaded by wireshark and analyzed. tcpdump -n -i port 53 -w One from the client and one from the server is ideal. John From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Diego Garcia Sent: Saturday, January 15, 2022 7:38 AM To: bind-users@lists.isc.org Subject: Re: your mail hello. really? my first post have a tcpdump capture packet, dig trace... On Sat, Jan 15, 2022 at 2:14 PM G.W. Haywood via bind-users mailto:bind-users@lists.isc.org>> wrote: Hi there, On Sat, 15 Jan 2022, Diego Garcia wrote: > Still with problems. That setup was running fine for few years. But you changed something. > Bind Server is on DMZ and doing NAT for the local net. Test Server is > behing NAT > > Must have another problem > > I try this days a lot of things and nothing works, Generally speaking, if you set things up right, BIND Just Works. It must be a couple of decades since I last had to fiddle with anything to fix a broken BIND server. It is not helpful to us if you tell us that you have tried a lot of things. It would be much more helpful if you told us exactly what you have tried and exactly what were the results. You need to be methodical and precise. > think in try reinstall but i preferred to know what happened and solve it 'Reinstall' to me means the sort of thing that you do if you're working on a Windows box. If you're using a real computer it's usually much better to find out what's going wrong and fix it. > ... > network unreachable resolving > 'play.google.com/A/IN<http://play.google.com/A/IN>': 216.239.36.10#53 > ... If you are getting 'network unreachable' messages then likely there's something wrong with your network setup. Before doing anything else, you need to fix that. It may or may not be a problem of your making, but given that you said you are using BIND on a server in a DMZ then I suspect that it is. Using a DMZ will make things more complicated and the faults will be more difficult to diagnose - especially for people on mailing lists to whom you give little and very poor information. It *looks* like BIND is trying to make queries but failing to connect to anything to make them. You do not appear to have acted on the good advice which was given to you after your previous post. Are you able to use tools like 'ping' and 'traceroute' to diagnose network problems, also like Wireshark or tcpdump to inspect network traffic? These would be my first steps in approaching this kind of problem. You will need to know that packets from the BIND server can go where they're supposed to go and replies reach the server in good time. You might also need to be able to see exactly what BIND sends, where it sends it, exactly what it receives (if anything) in reply to what it sends, and perhaps where the replies come from. If there are no replies, or the replies go to the wrong place, you need to be able to show that and find out why. What exactly are you trying to achieve which cannot be achieved by simply using a public DNS service, or one provided by your ISP? -- 73, Ged. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: your mail
hello. really? my first post have a tcpdump capture packet, dig trace... On Sat, Jan 15, 2022 at 2:14 PM G.W. Haywood via bind-users < bind-users@lists.isc.org> wrote: > Hi there, > > On Sat, 15 Jan 2022, Diego Garcia wrote: > > > Still with problems. That setup was running fine for few years. > > But you changed something. > > > Bind Server is on DMZ and doing NAT for the local net. Test Server is > > behing NAT > > > > Must have another problem > > > > I try this days a lot of things and nothing works, > > Generally speaking, if you set things up right, BIND Just Works. It > must be a couple of decades since I last had to fiddle with anything > to fix a broken BIND server. > > It is not helpful to us if you tell us that you have tried a lot of things. > It would be much more helpful if you told us exactly what you have tried > and exactly what were the results. You need to be methodical and precise. > > > think in try reinstall but i preferred to know what happened and solve it > > 'Reinstall' to me means the sort of thing that you do if you're > working on a Windows box. If you're using a real computer it's > usually much better to find out what's going wrong and fix it. > > > ... > > network unreachable resolving 'play.google.com/A/IN': 216.239.36.10#53 > > ... > > If you are getting 'network unreachable' messages then likely there's > something wrong with your network setup. Before doing anything else, > you need to fix that. It may or may not be a problem of your making, > but given that you said you are using BIND on a server in a DMZ then I > suspect that it is. Using a DMZ will make things more complicated and > the faults will be more difficult to diagnose - especially for people > on mailing lists to whom you give little and very poor information. > > It *looks* like BIND is trying to make queries but failing to connect > to anything to make them. > > You do not appear to have acted on the good advice which was given to > you after your previous post. Are you able to use tools like 'ping' > and 'traceroute' to diagnose network problems, also like Wireshark or > tcpdump to inspect network traffic? These would be my first steps in > approaching this kind of problem. You will need to know that packets > from the BIND server can go where they're supposed to go and replies > reach the server in good time. You might also need to be able to see > exactly what BIND sends, where it sends it, exactly what it receives > (if anything) in reply to what it sends, and perhaps where the replies > come from. If there are no replies, or the replies go to the wrong > place, you need to be able to show that and find out why. > > What exactly are you trying to achieve which cannot be achieved by > simply using a public DNS service, or one provided by your ISP? > > -- > > 73, > Ged. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: your mail
Hi there, On Sat, 15 Jan 2022, Diego Garcia wrote: Still with problems. That setup was running fine for few years. But you changed something. Bind Server is on DMZ and doing NAT for the local net. Test Server is behing NAT Must have another problem I try this days a lot of things and nothing works, Generally speaking, if you set things up right, BIND Just Works. It must be a couple of decades since I last had to fiddle with anything to fix a broken BIND server. It is not helpful to us if you tell us that you have tried a lot of things. It would be much more helpful if you told us exactly what you have tried and exactly what were the results. You need to be methodical and precise. think in try reinstall but i preferred to know what happened and solve it 'Reinstall' to me means the sort of thing that you do if you're working on a Windows box. If you're using a real computer it's usually much better to find out what's going wrong and fix it. ... network unreachable resolving 'play.google.com/A/IN': 216.239.36.10#53 ... If you are getting 'network unreachable' messages then likely there's something wrong with your network setup. Before doing anything else, you need to fix that. It may or may not be a problem of your making, but given that you said you are using BIND on a server in a DMZ then I suspect that it is. Using a DMZ will make things more complicated and the faults will be more difficult to diagnose - especially for people on mailing lists to whom you give little and very poor information. It *looks* like BIND is trying to make queries but failing to connect to anything to make them. You do not appear to have acted on the good advice which was given to you after your previous post. Are you able to use tools like 'ping' and 'traceroute' to diagnose network problems, also like Wireshark or tcpdump to inspect network traffic? These would be my first steps in approaching this kind of problem. You will need to know that packets from the BIND server can go where they're supposed to go and replies reach the server in good time. You might also need to be able to see exactly what BIND sends, where it sends it, exactly what it receives (if anything) in reply to what it sends, and perhaps where the replies come from. If there are no replies, or the replies go to the wrong place, you need to be able to show that and find out why. What exactly are you trying to achieve which cannot be achieved by simply using a public DNS service, or one provided by your ISP? -- 73, Ged. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: your mail
Hello Still with problems. That setup was running fine for few years. Bind Server is on DMZ and doing NAT for the local net. Test Server is behing NAT Must have another problem I try this days a lot of things and nothing works, think in try reinstall but i preferred to know what happened and solve it I increase logging and give some additional data but i not understand if is relevant. lots of : adb reached high water mark DNS_EVENT_ADBNOMOREADDRESSE network unreachable resolving 'play.google.com/A/IN': 216.239.36.10#53 timed out resolving 'google.com/A/IN': 1.1.1.1#53 (first unreacheable then timeout) 08-Jan-2022 00:14:21.588 expire_v4 set to MIN(2147483647,1641597271) import_rdataset 08-Jan-2022 00:14:21.588 dns_adb_createfind: found A for name m.root-servers.net (0x7f901a5e53a0) in db 08-Jan-2022 00:14:21.644 delete_node(): 0x7f901a73b450 static-assets-prod.s3.amazonaws.com (bucket 17) 08-Jan-2022 00:14:21.648 dns_adb_destroyfind on find 0x7f901a5eb110 08-Jan-2022 00:14:21.648 dns_adb_destroyfind on find 0x7f901a5eef10 08-Jan-2022 00:23:40.915 dispatch 0x7f901435e1f0 response 0x7f901a355ca8 198.97.190.53#53: attached to task 0x7f901a81f5f8 08-Jan-2022 00:23:41.023 dispatch 0x7f901435e1f0 response 0x7f901a355ca8 198.97.190.53#53: detaching from task 0x7f901a81f5f8 08-Jan-2022 00:23:41.023 dispatch 0x7f901435e1f0: detach: refcount 2 08-Jan-2022 00:23:41.039 dispatchmgr 0x7f901e3451c8: destroy_mgr_ok: shuttingdown=1, listnonempty=1, depool=7, rpool=0, dpool=7 08-Jan-2022 00:23:41.039 dispatch 0x7f901435caf0: shutting down; detaching from sock (nil), task 0x7f901a626880 08-Jan-2022 00:22:31.479 view internal: validating mmx-ds.cdn.whatsapp.net/A: starting 08-Jan-2022 00:22:31.479 view internal: validating mmx-ds.cdn.whatsapp.net/A: attempting insecurity proof 08-Jan-2022 00:22:31.479 view internal: validating mmx-ds.cdn.whatsapp.net/A: checking existence of DS at 'net' 08-Jan-2022 00:22:31.479 view internal: validating mmx-ds.cdn.whatsapp.net/A: checking existence of DS at 'whatsapp.net' 08-Jan-2022 00:22:31.479 view internal: validating mmx-ds.cdn.whatsapp.net/A: marking as answer (proveunsecure (4)) 08-Jan-2022 00:22:31.479 view internal: validator @0x7f9004034a70: dns_validator_destroy Some: success/success [domain:ifconfig.me ,referral:0,restart:1,qrysent:1,timeout:0,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0] timed out resolving 'android.l.google.com/A/IN': 1.1.1.1#53 broken trust chain resolving '_.clients6.google.com/A/IN': 216.239.34.10#53 And the tiemout error: timed out/success [domain:google.com ,referral:0,restart:4,qrysent:13,timeout:12,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0] thanks ps: sorry list for wrong subject On Wed, Jan 12, 2022 at 1:15 PM Tony Finch wrote: > Diego Garcia wrote: > > > > Each 20/30 minutes and lasting about 5 minutes i got 'timeout' in bind > > querys. After that time everything works fine again. > > > > My bind server got response (from 0.1 to 2 seconds) but reply with a ICMP > > 'port unreachable'. > > > > Any idea the problem or what i can check? > > > > Firewall is off while testing. > > > > My bind server is a NAT router. > > It sounds like the NAT is interfering with BIND's resolver. In general, > NAT (as well as stateful firewalls) do not work well with the DNS, because > UDP port randomization uses a lot of (mostly useless) connection-tracking > state. So it's best to put a full service resolver outside a NAT if > possible. > > In your case, I guess there are several possible IP addresses that BIND > can use as the query source address. Try setting the query-source option > in named.conf to an IP address that's outside the NAT. You will need to > use tcpdump to verify that the right packets with the right addresses are > appearing on the wire. > > Tony. > -- > f.anthony.n.finchhttps://dotat.at/ > Portland, Plymouth: Northeast, veering east or southeast, 3 or 4. > Slight or moderate, occasionally rough at first in Plymouth. Fog > patches at first in south. Moderate or good, occasionally very poor at > first in south. > > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: your mail
Diego Garcia wrote: > > Each 20/30 minutes and lasting about 5 minutes i got 'timeout' in bind > querys. After that time everything works fine again. > > My bind server got response (from 0.1 to 2 seconds) but reply with a ICMP > 'port unreachable'. > > Any idea the problem or what i can check? > > Firewall is off while testing. > > My bind server is a NAT router. It sounds like the NAT is interfering with BIND's resolver. In general, NAT (as well as stateful firewalls) do not work well with the DNS, because UDP port randomization uses a lot of (mostly useless) connection-tracking state. So it's best to put a full service resolver outside a NAT if possible. In your case, I guess there are several possible IP addresses that BIND can use as the query source address. Try setting the query-source option in named.conf to an IP address that's outside the NAT. You will need to use tcpdump to verify that the right packets with the right addresses are appearing on the wire. Tony. -- f.anthony.n.finchhttps://dotat.at/ Portland, Plymouth: Northeast, veering east or southeast, 3 or 4. Slight or moderate, occasionally rough at first in Plymouth. Fog patches at first in south. Moderate or good, occasionally very poor at first in south. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: your mail
On 28 Jun 2020, at 09:13, Matus UHLAR - fantomas wrote: >> zone "abc.com" { >> type forward; >> forwarders {1.1.1.1;}; > > of 1.1.1.1 is IP of nameserver for abc.com, you should better configure it > as "type stub" or "type static-stub". 1.1.1.1 is a DNS resolver for Cloudflare and resolves to one.one.one.one. (I know the sis old, but since it is a DNS server that I use, I found it odd os see acclaim that it was abc.com which is 143.204.25.15, 143.204.25.61, 143.204.25.54, and 143.204.25.50. -- "Are you pondering what I'm pondering?" "I think so, Brain. But Trojans won’t arrive on the scene for another 300 years." ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: your mail
On 28.06.20 12:43, baalchina wrote: I had a bind 9.16.4 as recursive name server. I want to forward all queries to a specific dns server out of my net such as 8.8.8.8. it makes no sense to foward queries to 8.8.8.8, BIND can do the resolution itself. Unless your access to internet is blocked, but access to 8.8.8.8 (and 1.1.1.1) is not. While I have a new domain( such as abc.com) I want to forward to a new dns server such as 9.9.9.9. Here is my named.conf: options { listen-on port 53 {192.168.1.1;}; recursion yes; allow-recursion {any;}; forwarders { 8.8.8.8; }; }; zone "abc.com" { type forward; forwarders {1.1.1.1;}; of 1.1.1.1 is IP of nameserver for abc.com, you should better configure it as "type stub" or "type static-stub". Note that resolving BIND can do that itself, so it really only matters if 1.1.1.1 is not accessible from internet. }; So, in this configuration, the abc.com will be forward to 8.8.8.8 or 1.1.1.1? the latter. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harm ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users