date:20110131

DS record in child zone

2011-01-31 Thread rysl...@dialtelecom.cz

Hello, we have a DNS resolver running the latest 9.7 bind version, and 
there is a problem with several zones from these authoritative servers 
(frantovo.cz is just and example, the problem prevails in all signed 
zones from these authoritative servers):


frantovo.cz.3111IN  NS  ns.forpsi.net.
frantovo.cz.3111IN  NS  ns.forpsi.cz.
frantovo.cz.3111IN  NS  ns.forpsi.it.

Our resolver logis this:

31-Jan-2011 11:45:30.837 dnssec: debug 3: validating @0xd69c000: 
frantovo.cz NS: starting
31-Jan-2011 11:45:30.837 dnssec: debug 3: validating @0xd69c000: 
frantovo.cz NS: attempting insecurity proof
31-Jan-2011 11:45:30.837 dnssec: debug 3: validating @0xd69c000: 
frantovo.cz NS: checking existence of DS at 'cz'
31-Jan-2011 11:45:30.837 dnssec: debug 3: validating @0xd69c000: 
frantovo.cz NS: checking existence of DS at 'frantovo.cz'
31-Jan-2011 11:45:30.837 dnssec: debug 3: validating @0xd69c000: 
frantovo.cz NS: insecurity proof failed
31-Jan-2011 11:45:30.837 dnssec: info: validating @0xd69c000: 
frantovo.cz NS: got insecure response; parent indicates it should be secure



The problem arises from the fact that all these servers fail to respond 
to queries on DS record for their zones:


# dig @ns.forpsi.cz frantovo.cz ds

; <<>> DiG 9.7.2-P2 <<>> @ns.forpsi.cz frantovo.cz ds
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Which is strange, because according to RFCs, the DS record for a given 
zone is required only in the parent zone, not the child zone itself. 
Does BIND query for the existence of a DS record in the child zone, and 
if so, why? Or is the cause of the problem different?


Any advice would be welcome, thanks in advance.

Best Regards
Daniel Ryslink

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DS record in child zone

2011-01-31 Thread Mark Andrews


In message <4d4693cb.60...@dialtelecom.cz>, "rysl...@dialtelecom.cz" writes:
> Hello, we have a DNS resolver running the latest 9.7 bind version, and 
> there is a problem with several zones from these authoritative servers 
> (frantovo.cz is just and example, the problem prevails in all signed 
> zones from these authoritative servers):
> 
> frantovo.cz.3111IN  NS  ns.forpsi.net.
> frantovo.cz.3111IN  NS  ns.forpsi.cz.
> frantovo.cz.3111IN  NS  ns.forpsi.it.
> 
> Our resolver logis this:
> 
> 31-Jan-2011 11:45:30.837 dnssec: debug 3: validating @0xd69c000: 
> frantovo.cz NS: starting
> 31-Jan-2011 11:45:30.837 dnssec: debug 3: validating @0xd69c000: 
> frantovo.cz NS: attempting insecurity proof
> 31-Jan-2011 11:45:30.837 dnssec: debug 3: validating @0xd69c000: 
> frantovo.cz NS: checking existence of DS at 'cz'
> 31-Jan-2011 11:45:30.837 dnssec: debug 3: validating @0xd69c000: 
> frantovo.cz NS: checking existence of DS at 'frantovo.cz'
> 31-Jan-2011 11:45:30.837 dnssec: debug 3: validating @0xd69c000: 
> frantovo.cz NS: insecurity proof failed
> 31-Jan-2011 11:45:30.837 dnssec: info: validating @0xd69c000: 
> frantovo.cz NS: got insecure response; parent indicates it should be secure
> 
> 
> The problem arises from the fact that all these servers fail to respond 
> to queries on DS record for their zones:
> 
> # dig @ns.forpsi.cz frantovo.cz ds
> 
> ; <<>> DiG 9.7.2-P2 <<>> @ns.forpsi.cz frantovo.cz ds
> ; (1 server found)
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
> 
> Which is strange, because according to RFCs, the DS record for a given 
> zone is required only in the parent zone, not the child zone itself. 
> Does BIND query for the existence of a DS record in the child zone, and 
> if so, why? Or is the cause of the problem different?

What makes you think named asked those servers?  DS at 'frantovo.cz' will
be asked to the parent (cz) zone.
 
> Any advice would be welcome, thanks in advance.
> 
> Best Regards
> Daniel Ryslink
> 
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: what's a valid domain name?

2011-01-31 Thread Vyto Grigaliunas

Although we're moving away from it, we found it useful for naming router
interfaces, i.e. te1-2.routername.company.com, without having to create a
separate sub-domain for each router.

I thought at some point periods were allowed in hostnames, and they do work
without escaping them.

Thanks...

Vyto



> -Original Message-
> From: bind-users-bounces+vyto=fnal@lists.isc.org [mailto:bind-
> users-bounces+vyto=fnal@lists.isc.org] On Behalf Of Barry Margolin
> Sent: Sunday, January 30, 2011 4:14 PM
> To: comp-protocols-dns-b...@isc.org
> Subject: Re: what's a valid domain name?
> 
> In article ,
>  Vytautas Grigaliunas  wrote:
> 
> > What is the status of "dotted" hostnames - i.e. a period in the
> hostname
> > portion of a domain name ?
> >
> > At one point they were allowed, I believe ? What is the latest
> official RFC ?
> 
> I don't think they've every been allowed.  Why would you need to do
> this, instead of just using another level of subdomain?  To get a
> literal period into a label, you need to escape it, e.g.
> foo\.bar.company.com instead of foo.bar.company.com.  The latter is
> allowed, always has been, and is quite common.
> 
> --
> Barry Margolin, bar...@alum.mit.edu
> Arlington, MA
> *** PLEASE don't copy me on replies, I'll read them in the group ***
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: RE: what's a valid domain name?

2011-01-31 Thread Ben Croswell

In that case technically you are creating undelegated subdomains for each
router.
The dot is a delimiter and can't be part of a hostname.

-Ben Croswell
On Jan 31, 2011 11:19 AM, "Vyto Grigaliunas"  wrote:
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Recursive DNS problem

2011-01-31 Thread Kevin Darcy


On 1/28/2011 5:11 AM, Torinthiel wrote:

Dnia 2011-01-28 10:52 bangla desh napisał(a):



I believed so that com.bd is broken. It only has 1 ns server and

hsbc.com.bd, whois.com.bd and even google.com.bd they are all delegate
directly from bd and not from com.bd.

I am wondering, is there a dns rule/standard (or RFC) that explains about
delegation?

For the fact that com.bd is broken - that's just how DNS works. Zone cuts
are there for purpose. Most of this can be read from RFC 1034 and 1035,
which form the grounds for DNS standards. Also RFC 2181 clarifies:

A server for a zone should not return authoritative answers for queries
related to
names in another zone, which includes the NS, and perhaps A, records
at a zone cut, unless it also happens to be a server for the other
zone.

And a mere presence of NS records indicates a zone cut (again, RFC 2181):

The existence of a zone cut is indicated in the parent zone by the
existence of NS records specifying the origin of the child zone.


As for number of authorative servers per domain, I don't remember where, but
at leas one RFC stated that there should be at least two, and preferably 3-7
nameservers per domain. It's quite possible that one of those I've already
pointed to contains this information, but also that a different one states
this information. But it was RFC for certain.


RFC 1034, Section 4.1:

   A given zone will be available from several name servers to insure
   its availability in spite of host or communication link failure. By
   administrative fiat, we require every zone to be available on at
   least two servers, and many zones have more redundancy than that.



- Kevin


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: what's a valid domain name?

2011-01-31 Thread Kevin Darcy


Vyto,
  "Dotted hostnames" is a term coined by certain limited 
DNS-management tools that strive to split up fully-qualified DNS names 
into a "hostname" part and a "zone" (sometimes referred to as "domain") 
part. If one chooses to extend a given name for 2 or more labels below 
the closest-enclosing zone cut, then in the standard representation used 
by those tools, the "hostname" portion of the name will have a dot in 
it, hence "dotted hostnames", which are treated by such limited tools as 
somehow weird and special. At least one tool I'm familiar with, requires 
a special non-default option setting to even allow "dotted hostnames" to 
exist at all in its database.


DNS itself has never had a problem with multiple labels beneath a zone 
cut. Better tools recognize the inherent flexibility of DNS naming and 
don't try to deprecate or otherwise discourage so-called "dotted hostnames".




- Kevin


On 1/31/2011 10:50 AM, Vyto Grigaliunas wrote:

Although we're moving away from it, we found it useful for naming router
interfaces, i.e. te1-2.routername.company.com, without having to create a
separate sub-domain for each router.

I thought at some point periods were allowed in hostnames, and they do work
without escaping them.

Thanks...

Vyto




-Original Message-
From: bind-users-bounces+vyto=fnal@lists.isc.org [mailto:bind-
users-bounces+vyto=fnal@lists.isc.org] On Behalf Of Barry Margolin
Sent: Sunday, January 30, 2011 4:14 PM
To: comp-protocols-dns-b...@isc.org
Subject: Re: what's a valid domain name?

In article,
  Vytautas Grigaliunas  wrote:


What is the status of "dotted" hostnames - i.e. a period in the

hostname

portion of a domain name ?

At one point they were allowed, I believe ? What is the latest

official RFC ?

I don't think they've every been allowed.  Why would you need to do
this, instead of just using another level of subdomain?  To get a
literal period into a label, you need to escape it, e.g.
foo\.bar.company.com instead of foo.bar.company.com.  The latter is
allowed, always has been, and is quite common.

--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: what's a valid domain name?

2011-01-31 Thread pyh

Ben Croswell writes: 


In that case technically you are creating undelegated subdomains for each
router.
The dot is a delimiter and can't be part of a hostname. 



I was thinking you are wrong.
Period is somewhat permitted in a hostname. 

From RFC 952 


  A "name" (Net, Host, Gateway, or Domain name) is a text string up
  to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus
  sign (-), and period (.).  Note that periods are only allowed when
  they serve to delimit components of "domain style names". 


  No blank or space characters are permitted as part of a
  name. No distinction is made between upper and lower case.  The first
  character must be an alpha character [Relaxed in RFC 1123] .  The 
last character must not be a minus sign or period. 



regrads.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: what's a valid domain name?

2011-01-31 Thread Barry Margolin

In article ,
 Vyto Grigaliunas  wrote:

> Although we're moving away from it, we found it useful for naming router
> interfaces, i.e. te1-2.routername.company.com, without having to create a
> separate sub-domain for each router.
> 
> I thought at some point periods were allowed in hostnames, and they do work
> without escaping them.

I think you're confusing subdomain and subzone.  You can have subdomains 
without having subzones.  E.g. in the company.com zone file, you can put:

te1-2.routername IN A 1.2.3.4

-- 
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

dotted hostname is bad IMO

2011-01-31 Thread pyh



given the domain name of "126.com", and given an A RR in its zone is: 

s1.s2.s3  IN  A  11.22.33.44 

OK when a dns cache query for s1.s2.s3.126.com the first time, it will 
follow the logic: 


#1, s1.s2.s3.126.com has NS RR in cache? (no)
#2, s2.s3.126.com has NS RR in cache? (no)
#3, s3.126.com has NS RR in cache? (no)
#4, 126.com has NS RR in cache? (yes most time, since 126.com is a famous 
domain).
#5, Goto 126.com's NS fetch the result. 


The process is complicated.
But if the hostname is "s1-s2-s3.126.com", what will the dns cache do by 
the first query? it will just do: 


#1, 126.com has NS RR in cache? (yes)
#2, go there fetching the reqult. 

It's much simple and fast. 


So I dont think dotted hostname is good pratical.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: what's a valid domain name?

2011-01-31 Thread Ben Croswell

The rfc you quote clearly states when used as a delimiter of a domain as I
stated.

-Ben Croswell
On Jan 31, 2011 8:58 PM,  wrote:
> Ben Croswell writes:
>
>> In that case technically you are creating undelegated subdomains for each
>> router.
>> The dot is a delimiter and can't be part of a hostname.
>>
>
> I was thinking you are wrong.
> Period is somewhat permitted in a hostname.
>
> From RFC 952
>
> A "name" (Net, Host, Gateway, or Domain name) is a text string up
> to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus
> sign (-), and period (.). Note that periods are only allowed when
> they serve to delimit components of "domain style names".
>
> No blank or space characters are permitted as part of a
> name. No distinction is made between upper and lower case. The first
> character must be an alpha character [Relaxed in RFC 1123] . The
> last character must not be a minus sign or period.
>
>
> regrads.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

[OT] does deliveragent must have a PTR RR

2011-01-31 Thread pyh

Hi list, 


I can't setup a ptr RR for my mailserver's IP.
Here the main ISPs who are owned by this garbage state take expensive price 
for setup a reverse record for a public IP. It's about 30 USD each month 
for each IP.
But some MTAs does require the peer deliveragent has a PTR RR,like AOL's 
email systems.
Is there a special RFC for this requirement? 

Regards. 

Mail Delivery System writes: 

This is the mail system at host mail.nsbeta.info. 


I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below. 

For further assistance, please send mail to postmaster. 


If you do so, please include this problem report. You can
delete your own text from the attached returned message. 

   The mail system 


: host mx1.beth.k12.pa.us[209.96.96.11] said: 450 4.7.1
Client host rejected: cannot find your reverse hostname, [121.9.221.212]
(in reply to RCPT TO command)

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on wildcard scenario

2011-01-31 Thread rams

Hi,
I have zone as follows in bind.

$ORIGIN joshfeb1.com.
@ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (
2011013101 ; serial
10800 ; refresh
3600 ; retry
2592000 ; expire
86400 ; minimum
)
joshfeb1.com. NS udns1.ultradns.net.
joshfeb1.com. NS udns2.ultradns.net.
**.joshfeb1.com A 1.1.1.1
*.www.joshfeb1.com A 2.2.2.2*

When I queried domain "www.joshfeb1.com. A" against Bind, I am getting
NXDOMAIN.When can i get records in response. Could you please clarify me.

The following response return.

*[root@zones]# dig  abc.www.joshfeb1.com. A*

; <<>> DiG 9.6.1-P3 <<>>  abc.www.joshfeb1.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24113
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;abc.www.joshfeb1.com.  IN  A

;; AUTHORITY SECTION:
joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400

;; Query time: 2 msec
;; SERVER: 10.31.145.194#53(10.31.145.194)
;; WHEN: Tue Feb  1 03:36:56 2011
;; MSG SIZE  rcvd: 110

*[root@ zones]# dig  abc.joshfeb1.com. A*

; <<>> DiG 9.6.1-P3 <<>>  abc.joshfeb1.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26354
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;abc.joshfeb1.com.  IN  A

;; AUTHORITY SECTION:
joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400

;; Query time: 2 msec
;; SERVER: 10.31.145.194#53(10.31.145.194)
;; WHEN: Tue Feb  1 03:37:05 2011
;; MSG SIZE  rcvd: 106

*[root@ zones]# dig  www.joshfeb1.com. A*

; <<>> DiG 9.6.1-P3 <<>>  www.joshfeb1.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19448
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.joshfeb1.com.  IN  A

;; AUTHORITY SECTION:
joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400

;; Query time: 2 msec
;; SERVER: 10.31.145.194#53(10.31.145.194)
;; WHEN: Tue Feb  1 03:37:15 2011
;; MSG SIZE  rcvd: 106

[root@stulcqacustbind2 zones]#


What bind is returning is correct?

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: [OT] does deliveragent must have a PTR RR

2011-01-31 Thread Lyle Giese

p...@mail.nsbeta.info wrote:
> Hi list,
> I can't setup a ptr RR for my mailserver's IP.
> Here the main ISPs who are owned by this garbage state take expensive
> price for setup a reverse record for a public IP. It's about 30 USD
> each month for each IP.
> But some MTAs does require the peer deliveragent has a PTR RR,like
> AOL's email systems.
> Is there a special RFC for this requirement?
> Regards.
> Mail Delivery System writes:
>> This is the mail system at host mail.nsbeta.info.
>> I'm sorry to have to inform you that your message could not
>> be delivered to one or more recipients. It's attached below.
>> For further assistance, please send mail to postmaster.
>> If you do so, please include this problem report. You can
>> delete your own text from the attached returned message.
>> The mail system
>> : host mx1.beth.k12.pa.us[209.96.96.11] said:
>> 450 4.7.1
>> Client host rejected: cannot find your reverse hostname, [121.9.221.212]
>> (in reply to RCPT TO command)
I do not believe this to be fully covered in an RFC, but came about as
Best Practices as we fight SPAM. The best source for the Best Practices
for this is at http://postmaster.aol.com

Wonder through ALL of the pages that this area at AOL has to offer or
you will miss some important points, like that 12 hrs is considered the
min TTL for A and PTR records for mail servers. Less than 12 hrs TTL on
these records are considered by default indicators of dynamic IP addresses.

Lyle Giese
LCR Computer Services, Inc.

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on wildcard scenario

2011-01-31 Thread Mark Andrews


In message , rams 
w
rites:
> Hi,
> I have zone as follows in bind.
> 
> $ORIGIN joshfeb1.com.
> @ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (
> 2011013101 ; serial
> 10800 ; refresh
> 3600 ; retry
> 2592000 ; expire
> 86400 ; minimum
> )
> joshfeb1.com. NS udns1.ultradns.net.
> joshfeb1.com. NS udns2.ultradns.net.
> **.joshfeb1.com A 1.1.1.1
> *.www.joshfeb1.com A 2.2.2.2*
> 
> When I queried domain "www.joshfeb1.com. A" against Bind, I am getting
> NXDOMAIN.When can i get records in response. Could you please clarify me.
> 
> The following response return.
> 
> *[root@zones]# dig  abc.www.joshfeb1.com. A*
> 
> ; <<>> DiG 9.6.1-P3 <<>>  abc.www.joshfeb1.com. A
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24113
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;abc.www.joshfeb1.com.  IN  A
> 
> ;; AUTHORITY SECTION:
> joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> 
> ;; Query time: 2 msec
> ;; SERVER: 10.31.145.194#53(10.31.145.194)
> ;; WHEN: Tue Feb  1 03:36:56 2011
> ;; MSG SIZE  rcvd: 110
> 
> *[root@ zones]# dig  abc.joshfeb1.com. A*
> 
> ; <<>> DiG 9.6.1-P3 <<>>  abc.joshfeb1.com. A
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26354
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;abc.joshfeb1.com.  IN  A
> 
> ;; AUTHORITY SECTION:
> joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> 
> ;; Query time: 2 msec
> ;; SERVER: 10.31.145.194#53(10.31.145.194)
> ;; WHEN: Tue Feb  1 03:37:05 2011
> ;; MSG SIZE  rcvd: 106
> 
> *[root@ zones]# dig  www.joshfeb1.com. A*
> 
> ; <<>> DiG 9.6.1-P3 <<>>  www.joshfeb1.com. A
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19448
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;www.joshfeb1.com.  IN  A
> 
> ;; AUTHORITY SECTION:
> joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> 
> ;; Query time: 2 msec
> ;; SERVER: 10.31.145.194#53(10.31.145.194)
> ;; WHEN: Tue Feb  1 03:37:15 2011
> ;; MSG SIZE  rcvd: 106
> 
> [root@stulcqacustbind2 zones]#
> 
> 
> What bind is returning is correct?

Yes.  You have a mixture of relative (no period at end) and absolute names
(period at end) in the zone file above.  What you added to the zone
was "www.joshfeb1.com.joshfeb1.com." not "www.joshfeb1.com.".  You needed
a period at the end of "com" or to just use "www".

Mark

> Thanks & Regards,
> Ramesh
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on wildcard scenario

2011-01-31 Thread rams

Hi Mark,

Thank You for quick clarify. I have included trailing dot and restart bind.
Now when i queired for domain "www.joshfeb1.com" with type A, I am getting
NOERROR and NOANSWER.

[root@ zones]# dig  www.joshfeb1.com. A

; <<>> DiG 9.6.1-P3 <<>>  www.joshfeb1.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40667
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.joshfeb1.com.  IN  A

;; AUTHORITY SECTION:
joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400

;; Query time: 2 msec
;; SERVER: 10.31.145.194#53(10.31.145.194)
;; WHEN: Tue Feb  1 04:13:00 2011
;; MSG SIZE  rcvd: 106

[root@zones]#

Is it correct. Actually www.joshfeb1.com is not exist and it should look
into *.joshfeb1.com right. Could you please clarify why it is not returning
answer.

Thanks & Regards,
Ramesh


On Tue, Feb 1, 2011 at 9:41 AM, Mark Andrews  wrote:

>
> In message ,
> rams w
> rites:
> > Hi,
> > I have zone as follows in bind.
> >
> > $ORIGIN joshfeb1.com.
> > @ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (
> > 2011013101 ; serial
> > 10800 ; refresh
> > 3600 ; retry
> > 2592000 ; expire
> > 86400 ; minimum
> > )
> > joshfeb1.com. NS udns1.ultradns.net.
> > joshfeb1.com. NS udns2.ultradns.net.
> > **.joshfeb1.com A 1.1.1.1
> > *.www.joshfeb1.com A 2.2.2.2*
> >
> > When I queried domain "www.joshfeb1.com. A" against Bind, I am getting
> > NXDOMAIN.When can i get records in response. Could you please clarify me.
> >
> > The following response return.
> >
> > *[root@zones]# dig  abc.www.joshfeb1.com. A*
> >
> > ; <<>> DiG 9.6.1-P3 <<>>  abc.www.joshfeb1.com. A
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24113
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;abc.www.joshfeb1.com.  IN  A
> >
> > ;; AUTHORITY SECTION:
> > joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> > rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 10.31.145.194#53(10.31.145.194)
> > ;; WHEN: Tue Feb  1 03:36:56 2011
> > ;; MSG SIZE  rcvd: 110
> >
> > *[root@ zones]# dig  abc.joshfeb1.com. A*
> >
> > ; <<>> DiG 9.6.1-P3 <<>>  abc.joshfeb1.com. A
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26354
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;abc.joshfeb1.com.  IN  A
> >
> > ;; AUTHORITY SECTION:
> > joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> > rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 10.31.145.194#53(10.31.145.194)
> > ;; WHEN: Tue Feb  1 03:37:05 2011
> > ;; MSG SIZE  rcvd: 106
> >
> > *[root@ zones]# dig  www.joshfeb1.com. A*
> >
> > ; <<>> DiG 9.6.1-P3 <<>>  www.joshfeb1.com. A
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19448
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;www.joshfeb1.com.  IN  A
> >
> > ;; AUTHORITY SECTION:
> > joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> > rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 10.31.145.194#53(10.31.145.194)
> > ;; WHEN: Tue Feb  1 03:37:15 2011
> > ;; MSG SIZE  rcvd: 106
> >
> > [root@stulcqacustbind2 zones]#
> >
> >
> > What bind is returning is correct?
>
> Yes.  You have a mixture of relative (no period at end) and absolute names
> (period at end) in the zone file above.  What you added to the zone
> was "www.joshfeb1.com.joshfeb1.com." not "www.joshfeb1.com.".  You needed
> a period at the end of "com" or to just use "www".
>
> Mark
>
> > Thanks & Regards,
> > Ramesh
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on wildcard scenario

2011-01-31 Thread Alan Clegg

On 1/31/2011 10:42 PM, rams wrote:

> $ORIGIN joshfeb1.com .
> @ IN SOA rboddeti.yahoo.com .
> rboddeti.gmail.com . (
> 2011013101 ; serial
> 10800 ; refresh
> 3600 ; retry
> 2592000 ; expire
> 86400 ; minimum
> )
> joshfeb1.com . NS udns1.ultradns.net
> .
> joshfeb1.com . NS udns2.ultradns.net
> .
> **.joshfeb1.com  A 1.1.1.1
> *.www.joshfeb1.com  A 2.2.2.2*

Since you are posting in HTML, it's pretty messy...

You are missing a dot after the com on the wildcard lines.

AlanC



signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on wildcard scenario

2011-01-31 Thread Warren Kumari

I must admit, I'm kinda confused by what you are actually trying to achieve

?A foo.joshfeb1.com. should be getting returning 1.1.1.1

?A www.joshfeb1.com. should be returning noerror / nodata because:
1: There is a record at www.joshfeb1.com (so it's not NXDOMAIN), but
2: the record is not an A record (so there is NO DATA that matches)

I'm assuming if you query for A foo.www.joshb1.com. you get back 2.2.2.2?

W

On Jan 31, 2011, at 11:19 PM, rams wrote:

> Hi Mark,
> 
> Thank You for quick clarify. I have included trailing dot and restart bind.
> Now when i queired for domain "www.joshfeb1.com" with type A, I am getting 
> NOERROR and NOANSWER.
> 
> [root@ zones]# dig  www.joshfeb1.com. A
> 
> ; <<>> DiG 9.6.1-P3 <<>>  www.joshfeb1.com. A
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40667
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;www.joshfeb1.com.  IN  A
> 
> ;; AUTHORITY SECTION:
> joshfeb1.com.   86400   IN  SOA udns1.ultradns.net. 
> rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> 
> ;; Query time: 2 msec
> ;; SERVER: 10.31.145.194#53(10.31.145.194)
> ;; WHEN: Tue Feb  1 04:13:00 2011
> ;; MSG SIZE  rcvd: 106
> 
> [root@zones]#
> 
> Is it correct. Actually www.joshfeb1.com is not exist and it should look into 
> *.joshfeb1.com right. Could you please clarify why it is not returning answer.
> 
> Thanks & Regards,
> Ramesh
> 
> 
> On Tue, Feb 1, 2011 at 9:41 AM, Mark Andrews  wrote:
> 
> In message , 
> rams w
> rites:
> > Hi,
> > I have zone as follows in bind.
> >
> > $ORIGIN joshfeb1.com.
> > @ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (
> > 2011013101 ; serial
> > 10800 ; refresh
> > 3600 ; retry
> > 2592000 ; expire
> > 86400 ; minimum
> > )
> > joshfeb1.com. NS udns1.ultradns.net.
> > joshfeb1.com. NS udns2.ultradns.net.
> > **.joshfeb1.com A 1.1.1.1
> > *.www.joshfeb1.com A 2.2.2.2*
> >
> > When I queried domain "www.joshfeb1.com. A" against Bind, I am getting
> > NXDOMAIN.When can i get records in response. Could you please clarify me.
> >
> > The following response return.
> >
> > *[root@zones]# dig  abc.www.joshfeb1.com. A*
> >
> > ; <<>> DiG 9.6.1-P3 <<>>  abc.www.joshfeb1.com. A
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24113
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;abc.www.joshfeb1.com.  IN  A
> >
> > ;; AUTHORITY SECTION:
> > joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> > rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 10.31.145.194#53(10.31.145.194)
> > ;; WHEN: Tue Feb  1 03:36:56 2011
> > ;; MSG SIZE  rcvd: 110
> >
> > *[root@ zones]# dig  abc.joshfeb1.com. A*
> >
> > ; <<>> DiG 9.6.1-P3 <<>>  abc.joshfeb1.com. A
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26354
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;abc.joshfeb1.com.  IN  A
> >
> > ;; AUTHORITY SECTION:
> > joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> > rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 10.31.145.194#53(10.31.145.194)
> > ;; WHEN: Tue Feb  1 03:37:05 2011
> > ;; MSG SIZE  rcvd: 106
> >
> > *[root@ zones]# dig  www.joshfeb1.com. A*
> >
> > ; <<>> DiG 9.6.1-P3 <<>>  www.joshfeb1.com. A
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19448
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;www.joshfeb1.com.  IN  A
> >
> > ;; AUTHORITY SECTION:
> > joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> > rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 10.31.145.194#53(10.31.145.194)
> > ;; WHEN: Tue Feb  1 03:37:15 2011
> > ;; MSG SIZE  rcvd: 106
> >
> > [root@stulcqacustbind2 zones]#
> >
> >
> > What bind is returning is correct?
> 
> Yes.  You have a mixture of relative (no period at end) and absolute names
> (period at end) in the zone file above.  What you added to the zone
> was "www.joshfeb1.com.joshfeb1.com." not "www.joshfeb1.com.".  You

Clarification on wildcard scenario

2011-01-31 Thread rams

Hi,
I have zone as follows in bind.

$ORIGIN joshfeb1.com.
@ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (

  2011013101 ; serial
10800 ; refresh
3600 ; retry
2592000 ; expire
86400 ; minimum
)
joshfeb1.com. NS udns1.ultradns.net.
joshfeb1.com. NS udns2.ultradns.net.
**.joshfeb1.com. A 1.1.1.1
*.www.joshfeb1.com.  A 2.2.2.2*

When I queried domain "www.joshfeb1.com. A" against Bind, I am getting
NOERROR and NOANSWER.When can i get answer. Could you please clarify me.

I able to get answer with abc.joshfeb1.com and abc.www.joshfeb1.com. Why
bind is not returning answer for www.joshfeb1.com, it should map to **.
joshfeb1.com. right?

Thanks & Regards,
Ramesh
*
Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on wildcard scenario

2011-01-31 Thread Mark Andrews


In message , rams 
w
rites:
> Hi,
> I have zone as follows in bind.
> 
> $ORIGIN joshfeb1.com.
> @ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (
> 
>   2011013101 ; serial
> 10800 ; refresh
> 3600 ; retry
> 2592000 ; expire
> 86400 ; minimum
> )
> joshfeb1.com. NS udns1.ultradns.net.
> joshfeb1.com. NS udns2.ultradns.net.
> **.joshfeb1.com. A 1.1.1.1
> *.www.joshfeb1.com.  A 2.2.2.2*

It gets very hard when your email client adds to the plain text
version.  We really don't need extra * and 
added.

You want the records to be like this:

*.joshfeb1.com. A 1.1.1.1
www.joshfeb1.com. A 2.2.2.2

You has a wildcard before the www creating a empty node in the tree.
 
> When I queried domain "www.joshfeb1.com. A" against Bind, I am getting
> NOERROR and NOANSWER.When can i get answer. Could you please clarify me.
> 
> I able to get answer with abc.joshfeb1.com and abc.www.joshfeb1.com. Why
> bind is not returning answer for www.joshfeb1.com, it should map to **.
> joshfeb1.com. right?
> 
> Thanks & Regards,
> Ramesh
> *
> Thanks & Regards,
> Ramesh
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: [OT] does deliveragent must have a PTR RR

2011-01-31 Thread Mark Andrews


In message <4d4784c4.2020...@lcrcomputer.net>, Lyle Giese writes:
> p...@mail.nsbeta.info wrote:
> > Hi list,
> > I can't setup a ptr RR for my mailserver's IP.
> > Here the main ISPs who are owned by this garbage state take expensive
> > price for setup a reverse record for a public IP. It's about 30 USD
> > each month for each IP.
> > But some MTAs does require the peer deliveragent has a PTR RR,like
> > AOL's email systems.
> > Is there a special RFC for this requirement?
> > Regards.
> > Mail Delivery System writes:
> >> This is the mail system at host mail.nsbeta.info.
> >> I'm sorry to have to inform you that your message could not
> >> be delivered to one or more recipients. It's attached below.
> >> For further assistance, please send mail to postmaster.
> >> If you do so, please include this problem report. You can
> >> delete your own text from the attached returned message.
> >> The mail system
> >> : host mx1.beth.k12.pa.us[209.96.96.11] said:
> >> 450 4.7.1
> >> Client host rejected: cannot find your reverse hostname, [121.9.221.212]
> >> (in reply to RCPT TO command)
> I do not believe this to be fully covered in an RFC, but came about as
> Best Practices as we fight SPAM. The best source for the Best Practices
> for this is at http://postmaster.aol.com

And is also against RFC requirements.

> Wonder through ALL of the pages that this area at AOL has to offer or
> you will miss some important points, like that 12 hrs is considered the
> min TTL for A and PTR records for mail servers. Less than 12 hrs TTL on
> these records are considered by default indicators of dynamic IP addresses.

You can't infer diddly squat from a TTL.  There are plenty of reasons
to want a low ttl other than it was assigned dynamically.

* I'm going to renumber my whole network because I'm switchinhg
ISP's so I've reduced my TTL's to 5 minutes to reduce the impact
of the renumbering.

* I have a warm spare in a different data center and as most client
behave badly when one of the addresses is unreachable I only advertise
one address.

More stupid unrealistic hoops to jump through.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

DS record in child zone

Re: DS record in child zone

RE: what's a valid domain name?

Re: RE: what's a valid domain name?

Re: Recursive DNS problem

Re: what's a valid domain name?

Re: what's a valid domain name?

Re: what's a valid domain name?

dotted hostname is bad IMO

Re: what's a valid domain name?

[OT] does deliveragent must have a PTR RR

Clarification on wildcard scenario

Re: [OT] does deliveragent must have a PTR RR

Re: Clarification on wildcard scenario

Re: Clarification on wildcard scenario

Re: Clarification on wildcard scenario

Re: Clarification on wildcard scenario

Clarification on wildcard scenario

Re: Clarification on wildcard scenario

Re: [OT] does deliveragent must have a PTR RR

20 matches

Site Navigation

Mail list logo

Footer information