NS validation?

2009-02-07 Thread Frank Bulk - iName.com
A business customer of ours could not change their DNS entry at Register.com
from ns1.mtcnet.net/ns1.netins.net.

After 10 failed attempts thru register.com to register 
to ns1.mtcnet.net and ns1.netins.net, I contacted Register.com
and escalated this call to their highest tech authority.  I
found out that Register.com uses 'VeriSign' as its DNS
Registered Validator.  Apparently when I transferred this domain
name from a different registrar I was supposed to use a
special DNS Registration thru VeriSign option (who knew?) then
transfer this to register.com

For some reason VeriSign doesn't have NS1.MTCNET.NET on its
list as registered DNS.  Go figure.

Ever heard of this before?

Frank

<>___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Case For Microsoft DNS v. BIND 9 - Or Best Practices ForCoexisting

2009-02-07 Thread Danny Mayer
Baird, Josh wrote:
> Actually, yes, if you have dynamic DNS registration enabled on the
client/host and server, an 'A' record will automatically be created in
the AD zone.
>  

It needs to be registered in the domain first. Otherwise any system
could mascarade as another system.

Danny
> Josh
> 
> 
> 
> From: bind-users-boun...@lists.isc.org on behalf of Danny Mayer
> Sent: Sat 2/7/2009 2:29 PM
> To: wiskbr...@hotmail.com
> Cc: bind-users@lists.isc.org
> Subject: Re: Case For Microsoft DNS v. BIND 9 - Or Best Practices 
> ForCoexisting
> 
> 
> 
> wiskbr...@hotmail.com wrote:
>> The case the windows team made was ease of adding entries, you simply
>> add into the MMC, or even easier, when you join a host into a domain, it
>> adds itself.
>>
> 
> This is not even true. To add a host to a domain you have to register it
> manually, either by going into ADS and adding it or a Domain
> Adminstrator has to enter it on the machine using his/her adminstrator
> password. There's nothing automatic about this.
> 
> Danny
> 
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> 

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


bind9-default.md5sum file

2009-02-07 Thread Declan Mullen

Hi

I'm running bind on Debian Lenny. Does anyone know what the file
"/usr/share/bind9/bind9-default.md5sum" is for ? Googling for it didn't
reveal any desciptions.

According to Debian's package installation checksums, this file has
changed. Is that to be expected ?

The bind package version is 1:9.5.0.dfsg.P2-5.1

Many thanks,
Declan


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


RE: Case For Microsoft DNS v. BIND 9 - Or Best Practices ForCoexisting

2009-02-07 Thread Baird, Josh
Actually, yes, if you have dynamic DNS registration enabled on the client/host 
and server, an 'A' record will automatically be created in the AD zone.
 
Josh



From: bind-users-boun...@lists.isc.org on behalf of Danny Mayer
Sent: Sat 2/7/2009 2:29 PM
To: wiskbr...@hotmail.com
Cc: bind-users@lists.isc.org
Subject: Re: Case For Microsoft DNS v. BIND 9 - Or Best Practices ForCoexisting



wiskbr...@hotmail.com wrote:
> The case the windows team made was ease of adding entries, you simply
> add into the MMC, or even easier, when you join a host into a domain, it
> adds itself.
>

This is not even true. To add a host to a domain you have to register it
manually, either by going into ADS and adding it or a Domain
Adminstrator has to enter it on the machine using his/her adminstrator
password. There's nothing automatic about this.

Danny

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Case For Microsoft DNS v. BIND 9 - Or Best Practices For Coexisting

2009-02-07 Thread Danny Mayer
wiskbr...@hotmail.com wrote:
> The case the windows team made was ease of adding entries, you simply
> add into the MMC, or even easier, when you join a host into a domain, it
> adds itself.
> 

This is not even true. To add a host to a domain you have to register it
manually, either by going into ADS and adding it or a Domain
Adminstrator has to enter it on the machine using his/her adminstrator
password. There's nothing automatic about this.

Danny

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: SERVFAIL from validating nameservers for advocaat.pro & advocaten.pro

2009-02-07 Thread Chris Thompson

On Feb 6 2009, Mark Andrews wrote:

In message , 
Chris Thompson writes:

[...]

More info about the "not consistently" bit. With nothing about
them in the cache ("rndc flushname advocaat.pro") looking up SOA or
NS records for them gives SERVFAIL. But looking up A records does
not, and after that SOA and NS lookups work OK as well.

Hmmm...


The TLD lies.  DNSSEC is doing exactly what it is
supposed to do and is blocking ibad answers.

Mark

; <<>> DiG 9.3.6-P1 <<>> advocaat.pro soa @c.gtld.pro +dnssec
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29667
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;advocaat.pro.  IN  SOA

;; AUTHORITY SECTION:
pro.			14400	IN	SOA	a.gtld.pro. 
hostmaster.registrypro.pro. 2009020518 28800 7200 604800 300


Ah, yes -- many thanks for the elucidation.

Indeed, looking up SOA for advocaat.pro via a non-validating nameserver
(without it having already discovered the NS records for it) believes
this crap and reports it back to the caller.

The nameservers for "pro" seem to have some very odd bugs:

* asked about the SOA for a sub-zone, they authoritatively deny its 
   existence, as above.

* asked about NS records for a sub-zone, they return the delegation
   set as the _answer_. That's also true of the *.gtld-servers.net lot,
   but these are worse, because unlike them they claim the answer is
   authoritative.
* even when they do give a referral, it is marked authoritative.

One hardly dares to ask how they achieve all this ...

--
Chris Thompson
Email: c...@cam.ac.uk

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users