Re: Non English Domain names
Hi, We use bind with turkish characters. And it works perfectly. for www.b.edu.tr you must edit your zone like www.xn--b-eha.edu.tr Alans wrote: Hi, I know this is a little bit off topic but I would like to know how BIND will handle non English domain names? How this effect Bind? ICANN started working on non English domains from today as far as I know. Regards, Alans ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Non English Domain names
On Wed, Nov 18, 2009 at 04:38:22PM +0300, Alans batpowe...@yahoo.co.uk wrote a message of 141 lines which said: I know this is a little bit off topic but I would like to know how BIND will handle non English domain names? Non-English domain names? What's that? Is coca-cola.com an english domain name? I do not find Coca-Cola in the Webster. And is jeanne-d-arc.fr an english domain name? If you are talking about IDN (Internationalized Domain Names), domain names in Unicode, the way they are specified, they don't require a change in the name servers, so BIND can handle them just fine. ICANN started working on non English domains from today as far as I know. ICANN, may be, but the rest of the world is working with IDN for at least six years (the standard was issued in 2003 and the first implementations appeared immediately). ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Non English Domain names
On Wed, Nov 18, 2009 at 03:36:56PM +0100, Stephane Bortzmeyer bortzme...@nic.fr wrote a message of 25 lines which said: If you are talking about IDN (Internationalized Domain Names), domain names in Unicode, the way they are specified, they don't require a change in the name servers, so BIND can handle them just fine. BTW, the Wikipedia article seems quite comprehensive: http://en.wikipedia.org/wiki/Internationalized_domain_name And, to translate names from Unicode to the ASCII encoding used in zone files, you can use various command-line tools or a Web one: http://josefsson.org/idn.php/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Non English Domain names
Yeah, no problems with scandinavian letters either. http://en.wikipedia.org/wiki/Punycode Sener ATAS kirjoitti: Hi, We use bind with turkish characters. And it works perfectly. for *www.bü.edu.tr* you must edit your zone like *www.xn--b-eha.edu.tr *Alans wrote: Hi, I know this is a little bit off topic but I would like to know how BIND will handle non English domain names? How this effect Bind? ICANN started working on non English domains from today as far as I know. Regards, Alans ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS records visible only for LAN computers
Peter Macko wrote: Setup: I have a domain example.com that is hosted on DNS under control of my internet provider. Web server www.example.com is hosted by another company. I have setup a local DNS for computers on my LAN. I have a LDAP server on LAN. Question: I want to make LDAP visible only for computers on LAN without altering DNS (of the internet provider). The name of LDAP server should be ldap.example.com. Is it possible to do it? I can think of two solutions: 1) I could create master zone for example.com on DNS (on LAN). This way I have to create A record for www.example.com, but if internet provider changed ip address of the web-server, computers on lan would not reach www.example.com and I would have to update A record on local DNS. 2) Another solution is to create zonefile for subdomain local.example.com on LAN DNS, so ldap.local.example.com. But this is not exactly what I want. 3) Create a zone called ldap.example.com. Put the A record for your LDAP server at the apex of the zone. Obviously, this isn't really scalable -- you don't want to have to create zones and zone definitions for every resource on your LAN, but this is the price you pay for being so disjointed from your webservice/external-DNS provider that they don't even bother telling you when they change the IPs of your main website. If you want scalability, you should take control of example.com yourself and then implement something like views to control how it is presented to internal versus external clients. - Kevin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND does not listen at all when the interface is temporarily down (only with IPv6)
When I listen on one specific address: listen-on-v6 { 2001:db8::53;}; If the interface is not UP at the time BIND starts, and therefore this IP address not local, BIND does not listen: 18-Nov-2009 17:31:24.588 not listening on any interfaces and does not resume if the interface becomes UP later. (I have to rndc reload.) Very annoying. This does not occur with IPv4 and the listen-on directive. Tested with BIND 9.5.1 and 9.7b2 on Debian/Linux. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind sometimes SERVFAIL
Le mercredi 11 novembre 2009 09:15:12, Matus UHLAR - fantomas a écrit : On 11.11.09 16:05, Pawel Rutkowski wrote: Please look below, it's normal ? Sometime servfail, sometimes nxdomain. [r...@linux ~]# host 209.85.255.187 ns1.isp Using domain server: Name: ns1.isp Address: ns1.isp#53 Aliases: Host 187.255.85.209.in-addr.arpa not found: 2(SERVFAIL) [r...@linux ~]# host 209.85.255.187 ns1.isp Using domain server: Name: ns1.isp Address: ns1.isp#53 Aliases: Host 187.255.85.209.in-addr.arpa not found: 3(NXDOMAIN) [r...@linux ~]# host 209.85.255.187 ns1.isp Using domain server: Name: ns1.isp Address: ns1.isp#53 Aliases: Host 187.255.85.209.in-addr.arpa not found: 3(NXDOMAIN) Use 'dig -x 209.85.255.187 @ns1.isp' and look at NS records and TTLs. Invalid delegations and inconsistent NS records (domain is delegated from parent to different servers than those listed in the domain) often cause these kinds of problems. I think I did have same problem with 9.4.1p1, 9.5p2 and 9.6p1. Look [d...@brandmauer ~]$ host www.bbc.co.uk 127.0.0.1 Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: www.bbc.co.uk is an alias for www.bbc.net.uk. www.bbc.net.uk has address 212.58.253.68 Host www.bbc.net.uk not found: 2(SERVFAIL) [d...@brandmauer ~]$ I did sniff connecction and It seems that the query that fails is a MX request of www.bbc.net.mx. Odd thing. When I ask to a exchange dns server, query is okay. Is this a bug? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind sometimes SERVFAIL
Luis Daniel Lucio Quiroz wrote: Le mercredi 11 novembre 2009 09:15:12, Matus UHLAR - fantomas a écrit : On 11.11.09 16:05, Pawel Rutkowski wrote: Please look below, it's normal ? Sometime servfail, sometimes nxdomain. [r...@linux ~]# host 209.85.255.187 ns1.isp Using domain server: Name: ns1.isp Address: ns1.isp#53 Aliases: Host 187.255.85.209.in-addr.arpa not found: 2(SERVFAIL) [r...@linux ~]# host 209.85.255.187 ns1.isp Using domain server: Name: ns1.isp Address: ns1.isp#53 Aliases: Host 187.255.85.209.in-addr.arpa not found: 3(NXDOMAIN) [r...@linux ~]# host 209.85.255.187 ns1.isp Using domain server: Name: ns1.isp Address: ns1.isp#53 Aliases: Host 187.255.85.209.in-addr.arpa not found: 3(NXDOMAIN) Use 'dig -x 209.85.255.187 @ns1.isp' and look at NS records and TTLs. Invalid delegations and inconsistent NS records (domain is delegated from parent to different servers than those listed in the domain) often cause these kinds of problems. I think I did have same problem with 9.4.1p1, 9.5p2 and 9.6p1. Look [d...@brandmauer ~]$ host www.bbc.co.uk 127.0.0.1 Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: www.bbc.co.uk is an alias for www.bbc.net.uk. www.bbc.net.uk has address 212.58.253.68 Host www.bbc.net.uk not found: 2(SERVFAIL) [d...@brandmauer ~]$ By default, host looks up A, and MX records, in that order. I did sniff connecction and It seems that the query that fails is a MX request of www.bbc.net.mx. Odd thing. The delegated nameservers for bbc.net.uk are answering an MX query with an A record: $ dig www.bbc.net.uk mx @ns0.rbsov.bbc.co.uk +short 212.58.253.68 $ dig www.bbc.net.uk mx @ns0.thdo.bbc.co.uk +short 212.58.253.68 Really bad stuff, but this is a *persistent* condition, caused by the domain owner(s), and probably not related to the issue reported by the previous poster. - Kevin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND does not listen at all when the interface is temporarily down (only with IPv6)
On Nov 18, 2009, at 8:36 AM, Stephane Bortzmeyer wrote: When I listen on one specific address: listen-on-v6 { 2001:db8::53;}; If the interface is not UP at the time BIND starts, and therefore this IP address not local, BIND does not listen: 18-Nov-2009 17:31:24.588 not listening on any interfaces and does not resume if the interface becomes UP later. (I have to rndc reload.) Very annoying. This does not occur with IPv4 and the listen-on directive. Yes it does. If you put named built from stock source on Mac OS X, enable the stock Apple launchd job for named, and restart, named will be deaf because the ethernet interface is not up by the time named starts. You have to reload it, or wait for the statistics interval, for it to come up on the Ethernet interface. (It will be listening on the loopback interface right away, though.) If you use the any token in your listen-on-v6 list, instead of specific interfaces, it will listen on the wildcard interface. This way, it will start listening right away when the interface comes up. This is different than for the IPv4 stack. Chris Buxton Professional Services Men Mice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Using same authoritative NSes multiple times in delegation
Greetings, does the following setup violate any DNS RFCs or is it in the conflict with any best practices? -- [and...@strigidae ~]$ dig +nocmd +nocom +noque +nosta domain1.tld1. ns domain1.tld1. 86400 IN NS ns1.domain1.tld1. domain1.tld1. 86400 IN NS ns2.domain1.tld1. domain1.tld1. 86400 IN NS ns1.domain2.tld2. domain1.tld1. 86400 IN NS ns2.domain2.tld2. domain1.tld1. 86400 IN NS ns1.domain3.tld3. domain1.tld1. 86400 IN NS ns2.domain3.tld3. ns1.domain1.tld1. 86400 IN A IP.Add.ress.1 ns2.domain1.tld1. 86400 IN A IP.Add.ress.2 ^ ns1.domain2.tld2. 86400 IN A IP.Add.ress.3 ^ ns2.domain2.tld2. 86400 IN A IP.Add.ress.4 ns1.domain3.tld3. 86400 IN A IP.Add.ress.2 ^ ns2.domain3.tld3. 86400 IN A IP.Add.ress.3 ^ -- As we can see above, the ns2.domain1.tld1 / ns1.domain3.tld3 are actually the same physical host with the IP.Add.ress.2 and the ns1.domain2.tld2 / ns2.domain3.tld3 are actually the same machine with the IP.Add.ress.3. What are the benefits of this setup? Thanks in advance. -- Yours sincerely, Andrey G. Sergeev (AKA Andris) http://www.andris.name/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND Secondaries of MS AD Integrated Zones
jim.siffe...@tektronix.com wrote: Most of our internal DNS zones are mastered in Microsoft DNS (2k3 R2) as AD Integrated zones. Currently, those zones are slaved from a single MS DNS server to our BIND 9 servers that handle recursion. Is there a reliable way to use multiple masters when slaving AD Integrated zones to BIND? In the O'Reilly book DNS on Windows Server 2003 a section on p. 324 called BIND Secondaries for Active Directory-Integrated Zones says serial numbers can vary on otherwise synchronized MS DNS Servers, potentially causing a server to respond with an incorrect lower serial number. Thanks, Jim Sifferle Tektronix / Fluke Network Services I have seen the replies to this mail, and I have something else to add. See MS 282826. Assume that you have a zone that is AD-integerated, and you have the zone on two DCs, DC1 and DC2 - both are running the MS DNS Service. Assume that both copies of the zone are identical and have serial number, say, 1. Now two machines send DDNS updates for the same zone at the same time; one sends to DC1 and one sends to DC2. After each DC has processed the update, the DCs now have serial number 2, but the zones have different content. Somehow (under the covers of AD), the two zones are synchronized. I do not know the algorithm, nor do I know how much time elapses before the synchronization. With the synchronized zone, what is the proper serial number? It can not be 2, as there could be another DDNS packet for the same zone sent to DC1, and this results (before the synchronization) to DC1 having serial number 2 and DC2 having serial number 1. Article 282826 describes what the MS code does; it depends upon what MS DNS Servers are treated as masters for BIND. With my setup, I run only ONE MS DNS Server, even though I have four DCs. My Windows group wants two MS DNS Servers, and I will list only] one as the master for the zone on my BIND servers. -- Barry S. Finkel Computing and Information Systems Division Argonne National Laboratory Phone:+1 (630) 252-7277 9700 South Cass Avenue Facsimile:+1 (630) 252-4601 Building 240, Room 5.B.8 Internet: bsfin...@anl.gov Argonne, IL 60439-4828 IBMMAIL: I1004994 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users