rDNS for /20
I've read the relevant parts of DNS and Bind over and over again, and I'm still going crazy. I've searched this list going back about three years. I've googled. Each step confuses me more frown. I'm trying to set up a reverse delegation to two nameservers for a /20. Netmask is 255.255.240.0 (I think). Is there a cookbook somewhere? Thanks in advance for any possible help. Jeff -- Jeff Lasman, Nobaloney Internet Services P.O. Box 52200, Riverside, CA 92517 Our blists address used on lists is for list email only voice: +1 951 643-5345, or see: http://www.nobaloney.net/contactus.html; ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rDNS for /20
In message 200903122311.24920.bli...@nobaloney.net, Jeff Lasman writes: I've read the relevant parts of DNS and Bind over and over again, and I'm still going crazy. I've searched this list going back about three years. I've googled. Each step confuses me more frown. I'm trying to set up a reverse delegation to two nameservers for a /20. Netmask is 255.255.240.0 (I think). Is there a cookbook somewhere? Thanks in advance for any possible help. Just set up each of the /24's which make up the /20. Jeff -- Jeff Lasman, Nobaloney Internet Services P.O. Box 52200, Riverside, CA 92517 Our blists address used on lists is for list email only voice: +1 951 643-5345, or see: http://www.nobaloney.net/contactus.html; ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rDNS for /20
Jeff Lasman wrote: I've read the relevant parts of DNS and Bind over and over again, and I'm still going crazy. I've searched this list going back about three years. I've googled. Each step confuses me more frown. It would help if you described in more detail what you've tried, and what is confusing you. I'm trying to set up a reverse delegation to two nameservers for a /20. The easiest way to do this is to set it up as 16 /24s. Are you trying to do something different? Netmask is 255.255.240.0 (I think). I'm not sure why you're mentioning this, is there some relevance to what you're trying to do? hope this helps, Doug ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: question about CNAME
Ok, now please show us your dig command, and the output you are using to test. On Mar 12, 2009, at 8:19 PM, tzq tang wrote: thanks for your response.I do this test between two intranet machine and each of them has a local IP.10.0.0.13,additionally the both domain are in the same DNS SERVER 10.0.0.13 ,the zone file as follows: ZONE 1: $ORIGIN . $TTL 86400 ; 1 day test.comIN SOA test.com. www.test.com. ( 19970229 ; serial 10 ; refresh (10 seconds) 10 ; retry (10 seconds) 30 ; expire (30 seconds) 30 ; minimum (30 seconds) ) NS localhost. A 10.0.0.13 $ORIGIN test.com. 1 PTR localhost. email CNAME email.tzqian.com. ZONE 2: $ORIGIN . $TTL 86400 ; 1 day tzqian.com IN SOA tzqian.com. support.tzqian.com. ( 1997022706 ; serial 10 ; refresh (10 seconds) 10 ; retry (10 seconds) 30 ; expire (30 seconds) 30 ; minimum (30 seconds) ) NS localhost. A 10.0.0.13 $ORIGIN tzqian.com. 1 PTR localhost. email A 10.0.0.1 -- Scott * If you contact me off list replace talklists@ with scott@ * ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
SERVFAIL debugging
Hello, I'm having SERVFAIL problems on some domains. I'm pretty sure it's not a bind problem, because everything is working but some few domains. I'm already running 9.6.0-P1 ... is it possible to, using dig or some other bind tool, to grab informations from running BIND and debug exactly why i'm having this SERVFAILs ??? At the right moment, the only think i know is that a full stop/start will make those domains works fine but in some hours, i start having SERVFAILs and have to stop/start again . is there something i can do to track this and, at least, try to find exactly what's happening ? Thanks. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it smime.p7s Description: S/MIME Cryptographic Signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Internal and External view on same slave server?
We recently decided to create internal and external views for some zones. This worked fine on the master server. However, initiating zone transfer on slave from master it loaded all the zone names I'd created but put exactly the same information into both sets. This information was for the internal view which is the first one in both named.conf files. On doing some research I saw mention of needing to configure different slaves for internal and external view. This mentioned need for separate IPs. Since I can't just build a new slave server I instead opted to create an alias IP using the same NIC as primary IP. Of course the question there is how to force the transfer request to come from the primary IP or the alias IP dependent on which view the zone is in. Further research suggested use of the transfer-source option in the view to specify the IP to be used to request the transfer. I added this. Also I already had allow-transfer for the primary IP. I left that in the external view zone entries in named.conf. I then created a separate allow-transfer in the internal view zone entries to use the alias IP. On checking logs I'm seeing REFUSED from the master in the slave's logs but I am seeing the slave's alias IP making the request on the master. I don't see the slave's primary IP making requests on the master. Is what I'm trying to do possible? If not can someone explain why? Given that I'm restricting the IP allowed to transfer and the IP requesting the transfer it seems this should be working. At worst it seems it should only have quit working for one view but its not working for either one. If it is possible can someone let me know how they've achieved it? Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rDNS for /20
On Thursday 12 March 2009 11:23 pm, Doug Barton wrote: It would help if you described in more detail what you've tried, and what is confusing you. Haven't tried anything yet; still waiting for the assignment to us. I was hoping to get a headstart on understanding the job. I'm trying to set up a reverse delegation to two nameservers for a /20. The easiest way to do this is to set it up as 16 /24s. Are you trying to do something different? Only difference is that all I need to do is set up the nameserver assignment; I don't have to do the actual rDNS. Why are we doing it at all? Because the gent I'm doing it for wants himself in the middle. Netmask is 255.255.240.0 (I think). I'm not sure why you're mentioning this, is there some relevance to what you're trying to do? I'm not sure either; I was just covering bases smile. It does. Thanks! Jeff -- Jeff Lasman, Nobaloney Internet Services P.O. Box 52200, Riverside, CA 92517 Our blists address used on lists is for list email only voice: +1 951 643-5345, or see: http://www.nobaloney.net/contactus.html; ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rDNS for /20
On Thursday 12 March 2009 11:17 pm, Mark Andrews wrote: Just set up each of the /24's which make up the /20. That's what I thought I had to do. I don't even have to assign the rDNS; I only have to set the nameservers. Do I still need lines for each individual IP# in each /24? Or is there an easier way? Why are we doing this at all; why don't we just have it assigned to the end client? Because the guy I'm doing it for wants it this way. Thanks! Jeff -- Jeff Lasman, Nobaloney Internet Services P.O. Box 52200, Riverside, CA 92517 Our blists address used on lists is for list email only voice: +1 951 643-5345, or see: http://www.nobaloney.net/contactus.html; ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: SERVFAIL debugging
On Fri, Mar 13, 2009 at 4:59 PM, JINMEI Tatuya / 神明達哉 jinmei_tat...@isc.org wrote: Please try 9.6.1b1, which we expect to be released next week. It has a new experimental feature just for that purpose: Is this feature going to be back ported to 9.4 and 9.5 releases as well? -- aRDy Music and Rick Dicaire present: http://www.ardynet.com http://www.ardynet.com:9000/ardymusic.ogg.m3u ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: SERVFAIL debugging
At Fri, 13 Mar 2009 17:31:37 -0400, R Dicaire kri...@gmail.com wrote: Please try 9.6.1b1, which we expect to be released next week. It has a new experimental feature just for that purpose: Is this feature going to be back ported to 9.4 and 9.5 releases as well? For 9.5, yes. For 9.4, not according to the current plan. Note also that this is a new experimental feature. So far, we've only included a new feature in a .0 release, so this logging feature would only appear in 9.7.0. We're now trying to seek an intermediate path, considering the tradeoff between the plus of providing useful features for older versions and the risk of introducing instability to maintenance release. So, we may even remove this feature from the final release of 9.6.1 if we find significant regression with it through the beta cycle. On the other hand, we may include it to the next version of 9.4 if we find it very useful and can be sure that it does no harm. --- JINMEI, Tatuya Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: rDNS for /20
You can use one $GENERATE statement in each zone to generate all 256 CNAME records for that zone. Ben -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Jeff Lasman Sent: Friday, March 13, 2009 3:31 PM To: Mark Andrews Cc: bind-us...@isc.org Subject: Re: rDNS for /20 On Thursday 12 March 2009 11:17 pm, Mark Andrews wrote: Just set up each of the /24's which make up the /20. That's what I thought I had to do. I don't even have to assign the rDNS; I only have to set the nameservers. Do I still need lines for each individual IP# in each /24? Or is there an easier way? Why are we doing this at all; why don't we just have it assigned to the end client? Because the guy I'm doing it for wants it this way. Thanks! Jeff -- Jeff Lasman, Nobaloney Internet Services P.O. Box 52200, Riverside, CA 92517 Our blists address used on lists is for list email only voice: +1 951 643-5345, or see: http://www.nobaloney.net/contactus.html; ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Peaceful coexistence with Windows domain
Inferior as MS-DNS may be, it is my experience that taking dns away from AD admins is like trying to take a bone away from a pit bull. And it sounds like the AD's already are forwarding requests to the BIND servers (or performing recursive lookups, one of the two). So the only change I was suggesting was to have all internal hosts use the AD's for resolution so that they could then sanitize the zone on their BIND servers. That's not the ideal solution (and perhaps not even a particularly good one), but I didn't think installing additional BIND servers (etc.) for their non-AD internal hosts would qualify as a quick fix (which is what he asked for). Ben -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Kevin Darcy Sent: Thursday, March 12, 2009 10:45 PM To: bind-us...@isc.org Subject: Re: Peaceful coexistence with Windows domain You mean, other than the fact that MS-DNS is an inferior DNS implementation and, as pointed out in the original post, would need to forward all queries for names outside of the AD zones? - Kevin Ben Bridges wrote: If I dump the delegation and make an MX record in the master, mail will be OK, but then no one can query records in that zone because it's not actually delegated unless they point at MS-DNS. Is there a reason why you can't point all of your internal hosts (AD and non-AD) at your AD's for resolution? -- -- *From:* bind-users-boun...@lists.isc.org on behalf of Peter Laws *Sent:* Thu 3/12/2009 4:51 PM *To:* bind-us...@isc.org *Subject:* Peaceful coexistence with Windows domain Our environment includes a couple of AD servers. They serve DNS to PCs using AD (but not all PCs). They allow DDNS for clients and slave the rest of our environment's zones. For some reason, they *forward* every other query to us, but never mind that. Look it up your own damn ... well, never mind. At any rate, we don't actually delegate their zone to them. This causes problems, as you can imagine. I'm told that the reason we're doing things this way is that we don't want any of those internal addresses to be queried by the unwashed masses lurking outside our perimeter. So my thought was, well, let's delegate the zone to the AD servers. Since they are already ACLed (or whatever MS calls it), no one will be able to see their records off-campus but on-campus folks will be able to (finally) resolv addresses in that zone regardless of where they point (internally) for DNS. Except that they need an MX record for that zone. So adding the NS record to delegate the zone to them properly meant that no one could see the MX from the outside (since the MS-DNS is ACLed). If I dump the delegation and make an MX record in the master, mail will be OK, but then no one can query records in that zone because it's not actually delegated unless they point at MS-DNS. We thought of slaving that zone on the master, but then we run into security, who doesn't want any of that internal information leaked out. No problem, since we're slaving the zone, we'll pop an ACL on it. Problem solved! Hurray. Except for that MX record. Once you delegate a zone, you *delegate* the zone. The MX is invisible. So my requirements are to 1) allow that MX record to be seen outside, 2) allow any host in our environment to be able to query names in any zone regardless of which system they point at for DNS, and 3) not have any records in that zone be visible outside save for that MX. I'm assuming that switching our configuration to use views would help, but we'd like to avoid that, at least for now. Any quick fixes? I checked, and per the MS-People, MS-DNS cannot put ACLs on particular records. Neither can BIND, so no surprise there. Which rock do I need to look under? -- Peter Laws / N5UWY National Weather Center / Network Operations Center University of Oklahoma Information Technology pl...@ou.edu -- - Feedback? Contact my director, Craig Cochell, cra...@ou.edu. Thank you! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- -- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org
Re: Complete OMAPI control
Try a DHCP list perhaps? - Kevin Sam Hayes Merritt, III wrote: As I understand it, leases cannot currently be created or destroyed via OMAPI, nor can they be set to reserved. Is their a time line of when this may come available? The ability to control leases completely through Omapi without having to touch the dhcpd.conf file and reload for each one would be HUGE. Thanks, sam ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Peaceful coexistence with Windows domain
I guess you can use views in bind view external as master for outside users view internal as slave of your windows dns for internal users LD On Friday 13 March 2009 07:35:13 Jeff Lightner wrote: e internal users would see. If the internal users need to see external records then it must be added by the Windows admins to the zone on the Windows DNS servers. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Question about GENERATE
Hi, A question about $GENERATE, what I'm looking for though is if there's an option or some way that if an entry is manually made, it will be used in place of the generated entry, at present lookups will return both. I'm trying to see where we can have- $GENERATE 1-254 $.9 PTR cpe-9-$.qld.guilty_party.removed . and if a client wishes custom rDNS we can insert- 123.9PTRfoo.example.com and where foo.example.com would be the _only_ response from DNS... (I'm trying to avoid using a smaller generate range if I can) I'm assuming thats not possible, or at least not right now anyway, am I correct ? Thanks Noel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rDNS for /20
On Friday 13 March 2009 03:14 pm, Ben Bridges wrote: You can use one $GENERATE statement in each zone to generate all 256 CNAME records for that zone. I couldn't remember the name of that statement for the life of me. Thanks! Jeff -- Jeff Lasman, Nobaloney Internet Services P.O. Box 52200, Riverside, CA 92517 Our blists address used on lists is for list email only voice: +1 951 643-5345, or see: http://www.nobaloney.net/contactus.html; ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users