RE: dnssec question. confused.
Hello, 1) the dig command, as shown, does not ask an authoritative name server for eeoc.gov. but rather addresses a locally configured caching name server (10.120.11.107). (which may explain the difference in size - 1726 bytes - as opposed to the 3918 bytes of Doug Barton) ((some data may already have timed out of the local cache, observe the TTL values)) 2) I'd say : yes, you receive DNSSEC responses. But your caching name server is not validating them : the AD bit is not set in the answer. 3) The OPT RR, with length 4096, is in the *reply*. The server indicates that itself is willing to accept DNS over UDP packets up till that size (eg. for dynamic updates). (while EDNS0 RFC does not explicitly state replying with EDNS0 is mandatory, if a query came in with EDNS0, there is also a statement that claims this (sending EDNS0 and looking in the reply) is a way, for a (dynamic update) client, to find out what the server is willing to accept. This statement seems to imply that EDNS0 in a reply, should be there if the client sent EDNS0. Any other opinions in the list ?) In order to see the packet size in the outgoing query packet, use something like wireshark. 4) DNSSEC query is not precise enough ! For one thing, DNSSEC requires EDNS0, EDNSO announces a buffersize, which can vary. As long as (!) the buffersize is sufficient, UDP will be used, but DNS queries can also be sent over TCP (and is your firewall allowing that ?). My suggestion (from a device that is allowed to send DNS queries to the Internet), try : dig @dnssec9.datamtn.com. eeoc.gov. +dnssec dig @dnssec9.datamtn.com. eeoc.gov. +dnssec +bufsize=512 and dig @dnssec9.datamtn.com. eeoc.gov. +dnssec +vc (and don't forget to have your caching NS validate DNSSEC answers, because providing signatures that are ignored by clients makes the Internet *less* safe) Kind regards, Marc Lampo Security Officer EURid -Original Message- From: Brad Bendily [mailto:brad.bend...@la.gov] Sent: 27 September 2011 10:45 PM To: bind-users@lists.isc.org Subject: dnssec question. confused. When trying the DNSSEC check command from: https://www.dns-oarc.net/oarc/services/replysizetest behind our corporate firewall, I get: rst.x476.rs.dns-oarc.net. rst.x485.x476.rs.dns-oarc.net. rst.x490.x485.x476.rs.dns-oarc.net. Tested at 2011-09-27 20:32:34 UTC 205.172.49.177 sent EDNS buffer size 4096 205.172.49.177 DNS reply size limit is at least 490 Which, based on the website tells me our firewall is blocking or filtering EDNS/DNSSEC packets. However, what I'm confused about is when I run this command: dig +dnssec eeoc.gov I get: ; DiG 9.7.3-P1 +dnssec eeoc.gov ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 40572 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 7 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;eeoc.gov. IN A ;; ANSWER SECTION: eeoc.gov. 19499 IN A 64.94.64.52 eeoc.gov. 19499 IN RRSIG A 7 2 21600 20111208014816 20110909014816 52909 eeoc.gov. AW5Ny32xDP7+m4XxCSS7q/zuK8RBc+la70Zmg0A/Pe1+p0agkrzbxaHM GgvKldSKCzVgo7XPGR3LqcGIFDl0CPaaSTxTntlZkdh6x2qS4mM/49+B 9podxzbV3V4LcNpR4c4jyteAa5Uxaz3WSRr1T69PpJyIZZ53JmexkMPi yOjMcp1IqeSJ0P/06CuZccemo+f/fjGW8xfG/slOp2XJlmbPo1EfJnlw i07YstZVszHxsgmRUXssEUmkWi3eqAw4Ug2QiRa+zz3JpmgBnC0G7Kxd SXUJLuvfNdDrtJ9T5anNVRVxCVq499gaJQnWBXKKVVaC9w/BcPnGuSRy OZTyPg== ;; AUTHORITY SECTION: eeoc.gov. 66519 IN NS dnssec10.datamtn.com. eeoc.gov. 66519 IN NS dnssec14.datamtn.com. eeoc.gov. 66519 IN NS dnssec11.datamtn.com. eeoc.gov. 66519 IN NS dnssec12.datamtn.com. eeoc.gov. 66519 IN NS dnssec9.datamtn.com. ;; ADDITIONAL SECTION: dnssec9.datamtn.com.3114IN 2001:49f0:a02a:1000::238 dnssec11.datamtn.com. 3114IN 2001:470:1:7a::147 dnssec9.datamtn.com.3114IN RRSIG 7 3 10800 2025185428 20110827185428 21352 datamtn.com. Ngz7Bl2VWqhIY5Uh8bHJjwyAWQXcEM7qaAH8JSJ5VM5qMelfVA1pV+Y6 RltfXpACQxRpHsayiArGZulzp1XX4yW6+qsHiKLJOcRiS5kmjexBPUlK zyU3cp7BC5dprHyPBpXKbHExuGlvqrg1aqRJtAmH6Q7tkp2wWqEuO3Ku LBvvGXN46U+sYPsd98YixlLLTtj2qFo7/vhPN8ao2g6HuFBVIUTU4LuV d7Wjz+r4Xj722w6RFgZFu9qFwYsOQwTGlon4zqDvflzESSWSjFdzHCZ0 prkagjXwcZYMlQGRMgnmHlEEvvg+lKMdl4imHLx/LKLD+feCzp2d4PFj 9byoYA== dnssec9.datamtn.com.3114IN RRSIG 8 3 10800 2025185428 20110827185428 61898 datamtn.com. NtPfKvEs6DF0Bac9ZbCfi0b0QdeVMSlaNXAyDFSjo4J8uQUYllDwt101 C78VAiXplumZRM/9Vv7fg1/Ds/qCd6wC6wdTR3S8mtDOpLHVhuZTSGI1 jBVBXYjzBdqIBitydwD6vs+VaPsfd352NBqE8teFQJhbVAI98+d9BO4x /Qx+i2HJOPdQyVRq6dj2NYg1GT4ODDb6VmQUOb01XgIyX/pLt+7AdtId 1FFbA9LfO4xvYTCKAO3LbPvdU7nJ2+mCMu5CNQFNiwAbSHT3letupzpH
Re: if exists host-name for IPv6 DDNS?
'_' is an illegal character in hostnames in the DNS... Yeah, I got hosed by that one by a consultant. MCSE per chance? [Sorry; couldn't resist.] -JP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: servfail are not cached!
Thanks. 2011/9/27 Jan-Piet Mens jpmens@gmail.com On Tue Sep 27 2011 at 17:32:22 CEST, Issam Harrathi wrote: and you say here it's cached for 30 seconds?! Evan said: and we've discussed implementing it in BIND9, but haven't had time yet. In other words, they are *not* cached in BIND9. -JP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: allow-transfer not covering ixfr requests?
Am Tue, 27 Sep 2011 22:03:44 +0200 schrieb Tom Schmitt tomschm...@gmx.de: The odd part is that both NS3 and NS4 weren't able to request ixfr transfers. Shouldn't allow-transfer cover these kind of transfer requests as well? First: Do you have statements provide ixfr; and request ixfr; in your config? Second: To do a ixfr a server is first sending a query for the SOA of the zone to determine if a update is necessary. If your servers aren't allowed to do a query, how should they get the SOA? And without a SOA, you don't have the serial number of the zone, so you can't do IXFR. Silly me... I forgot about the SOA requests triggered by a manual ixfr. :( Ciao Torsten ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dnssec question. confused.
Is your firewall Cisco based? There is a known default setting in Cisco with respect to packet size for DNS. Our network guys run into this anytime they do an upgrade, etc. and have to go in and update the setting. Steve. On Tue, 2011-09-27 at 15:45 -0500, Brad Bendily wrote: When trying the DNSSEC check command from: https://www.dns-oarc.net/oarc/services/replysizetest behind our corporate firewall, I get: rst.x476.rs.dns-oarc.net. rst.x485.x476.rs.dns-oarc.net. rst.x490.x485.x476.rs.dns-oarc.net. Tested at 2011-09-27 20:32:34 UTC 205.172.49.177 sent EDNS buffer size 4096 205.172.49.177 DNS reply size limit is at least 490 Which, based on the website tells me our firewall is blocking or filtering EDNS/DNSSEC packets. However, what I'm confused about is when I run this command: dig +dnssec eeoc.gov I get: ; DiG 9.7.3-P1 +dnssec eeoc.gov ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 40572 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 7 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;eeoc.gov. IN A ;; ANSWER SECTION: eeoc.gov. 19499 IN A 64.94.64.52 eeoc.gov. 19499 IN RRSIG A 7 2 21600 20111208014816 20110909014816 52909 eeoc.gov. AW5Ny32xDP7+m4XxCSS7q/zuK8RBc+la70Zmg0A/Pe1+p0agkrzbxaHM GgvKldSKCzVgo7XPGR3LqcGIFDl0CPaaSTxTntlZkdh6x2qS4mM/49+B 9podxzbV3V4LcNpR4c4jyteAa5Uxaz3WSRr1T69PpJyIZZ53JmexkMPi yOjMcp1IqeSJ0P/06CuZccemo+f/fjGW8xfG/slOp2XJlmbPo1EfJnlw i07YstZVszHxsgmRUXssEUmkWi3eqAw4Ug2QiRa+zz3JpmgBnC0G7Kxd SXUJLuvfNdDrtJ9T5anNVRVxCVq499gaJQnWBXKKVVaC9w/BcPnGuSRy OZTyPg== ;; AUTHORITY SECTION: eeoc.gov. 66519 IN NS dnssec10.datamtn.com. eeoc.gov. 66519 IN NS dnssec14.datamtn.com. eeoc.gov. 66519 IN NS dnssec11.datamtn.com. eeoc.gov. 66519 IN NS dnssec12.datamtn.com. eeoc.gov. 66519 IN NS dnssec9.datamtn.com. ;; ADDITIONAL SECTION: dnssec9.datamtn.com.3114IN 2001:49f0:a02a:1000::238 dnssec11.datamtn.com. 3114IN 2001:470:1:7a::147 dnssec9.datamtn.com.3114IN RRSIG 7 3 10800 2025185428 20110827185428 21352 datamtn.com. Ngz7Bl2VWqhIY5Uh8bHJjwyAWQXcEM7qaAH8JSJ5VM5qMelfVA1pV+Y6 RltfXpACQxRpHsayiArGZulzp1XX4yW6+qsHiKLJOcRiS5kmjexBPUlK zyU3cp7BC5dprHyPBpXKbHExuGlvqrg1aqRJtAmH6Q7tkp2wWqEuO3Ku LBvvGXN46U+sYPsd98YixlLLTtj2qFo7/vhPN8ao2g6HuFBVIUTU4LuV d7Wjz+r4Xj722w6RFgZFu9qFwYsOQwTGlon4zqDvflzESSWSjFdzHCZ0 prkagjXwcZYMlQGRMgnmHlEEvvg+lKMdl4imHLx/LKLD+feCzp2d4PFj 9byoYA== dnssec9.datamtn.com.3114IN RRSIG 8 3 10800 2025185428 20110827185428 61898 datamtn.com. NtPfKvEs6DF0Bac9ZbCfi0b0QdeVMSlaNXAyDFSjo4J8uQUYllDwt101 C78VAiXplumZRM/9Vv7fg1/Ds/qCd6wC6wdTR3S8mtDOpLHVhuZTSGI1 jBVBXYjzBdqIBitydwD6vs+VaPsfd352NBqE8teFQJhbVAI98+d9BO4x /Qx+i2HJOPdQyVRq6dj2NYg1GT4ODDb6VmQUOb01XgIyX/pLt+7AdtId 1FFbA9LfO4xvYTCKAO3LbPvdU7nJ2+mCMu5CNQFNiwAbSHT3letupzpH yLUNrjhcO0cj/vVf1YrrIzZXF69zKGYfsCP876zKoVtlrUe1dZ0bersP 4I9klg== dnssec11.datamtn.com. 3114IN RRSIG 7 3 10800 2025185428 20110827185428 21352 datamtn.com. Lgt6Wq5JvvAF6BKUUoPSiv6lx0yqQ3HAFoClEcg11V7XhIngeaTperu7 7lytmKl53yZUxarFbQdJ/NxwwNVl/F2Os5RkNHkAjVTkku1mjoMeqEhF NDe+cvYOOo0EASc9LhmHo2qgkyhjGAt1FtbmrOG9Gwr5OdUM5l2EgcGj bRvH1Sfv5le68ST1+74sQPKmp+3n0gopfKUlcYuDDw/mUKXR8lo3MCTv xe6q6NbwHNHWBCgUw4rqX4ZdVArL4WumKvkufeieDJpMhKwHlWHyPvu9 pX1IsZRyQPo9RqnmSpG+yjR59ixbb23LyO6alrEDJTyaJZL8uHfwiTQ8 4V29tQ== dnssec11.datamtn.com. 3114IN RRSIG 8 3 10800 2025185428 20110827185428 61898 datamtn.com. vtFFEZbruIfnwSGAdlXukUn40SOEIZY9QXrHh6CfOl3WkQduSnbvgS5T +e2QN6GDcZgigGON8yHHTS8DI8ld/tCxxVkwB3ISkqkQHrjyyRD6+8IR J2BWsdMTyAhe9PygLR1FkfCt1JDaDnAbOKOniMT+6DRlnE7ZW7KfvZT/ 7j5qG+xDixCXUHyhnstbv9vmMPTxnK1ASy6nz7ErnA/DUMleO484xIgM 6Pc8uqy3Onw4Yfn4l5R66tQwC0yoSVwqmEyIWNWyx1SNQLFzUc1hySaF aQs1L/Zyu9e/wSHdZUeGiOwx5cz3yWE2NsF3tagxukkL9vNu2s/nyjzR 3igT3g== ;; Query time: 1 msec ;; SERVER: 10.120.11.107#53(10.120.11.107) ;; WHEN: Tue Sep 27 15:34:07 2011 ;; MSG SIZE rcvd: 1726 Which tells me my DNSSEC queries are working, right? I noticed in the OPT PSEUDOSECTION udp=4096. This started because, as the DNS admin, I was informed today that we could not resolve this domain, eeoc.gov. Which was true. As I started digging into it, and performing a dig from an offsite server which was working, I found that the domain eeoc.gov is running DNSSEC. So, I assumed the problem was with our firewall blocking or filtering the DNSSEC traffic. But then after researching for a few hours, I found we were able to resolve the domain, through no changes of DNS. It could be that datamtn.com, their authoritative NS are performing
CNAME or A record?
Hi all, I'm sure this has been asked trillions of times but since I couldn't find any concrete answer/reference in google I am asking you guys in this list. Sorry if anyone thinks this a dumb question or something very obvious. The thing is that i want users redirected to 'www.domain.com' even when they just type the domain name 'domain.com'. In order to do so I am not sure if its best to have one A RR for each or have an A RR for the domain and a CNAME RR pointing to 'domain.com' for 'www.domain.com'. domain.com A1.1.1.1 www.domain.com A1.1.1.1 OR domain.com A1.1.1.1 www.domain.com CNAME domain.com Any help appreciated. Thanks, Fred ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME or A record?
Thanks Jeff, But I really only wrote that as an example :) . The real question is what is best or what is recommended, two A RR (one for domain, one for www) or a single A RR for domain and a CNAME RR for www, is one way better than the other or can I choose either way? Cheers!, Fred. On Wed, Sep 28, 2011 at 4:30 PM, Lightner, Jeff jlight...@water.com wrote: If you set your SOA properly to use @ (which means this zone) your A records should be: domain.com. A 1.1.1.1 www A 1.1.1.1 The SOA should append the domain.com to every record not terminated by a dot so that www is read as www.domain.com. Similarly you put a dot at the end of domain.com A record to prevent it from being appended and read as domain.com.domain.com. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of feralert Sent: Wednesday, September 28, 2011 10:20 AM To: bind-us...@isc.org Subject: CNAME or A record? Hi all, I'm sure this has been asked trillions of times but since I couldn't find any concrete answer/reference in google I am asking you guys in this list. Sorry if anyone thinks this a dumb question or something very obvious. The thing is that i want users redirected to 'www.domain.com' even when they just type the domain name 'domain.com'. In order to do so I am not sure if its best to have one A RR for each or have an A RR for the domain and a CNAME RR pointing to 'domain.com' for 'www.domain.com'. domain.com A 1.1.1.1 www.domain.com A 1.1.1.1 OR domain.com A 1.1.1.1 www.domain.com CNAME domain.com Any help appreciated. Thanks, Fred ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena(r), Created for the Cause(tm) Making a Difference in the Fight Against Breast Cancer - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: CNAME or A record?
If you set your SOA properly to use @ (which means this zone) your A records should be: domain.com. A 1.1.1.1 www A 1.1.1.1 The SOA should append the domain.com to every record not terminated by a dot so that www is read as www.domain.com. Similarly you put a dot at the end of domain.com A record to prevent it from being appended and read as domain.com.domain.com. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of feralert Sent: Wednesday, September 28, 2011 10:20 AM To: bind-us...@isc.org Subject: CNAME or A record? Hi all, I'm sure this has been asked trillions of times but since I couldn't find any concrete answer/reference in google I am asking you guys in this list. Sorry if anyone thinks this a dumb question or something very obvious. The thing is that i want users redirected to 'www.domain.com' even when they just type the domain name 'domain.com'. In order to do so I am not sure if its best to have one A RR for each or have an A RR for the domain and a CNAME RR pointing to 'domain.com' for 'www.domain.com'. domain.com A1.1.1.1 www.domain.com A1.1.1.1 OR domain.com A1.1.1.1 www.domain.com CNAME domain.com Any help appreciated. Thanks, Fred ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena(r), Created for the Cause(tm) Making a Difference in the Fight Against Breast Cancer - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME or A record?
this is the stuff what should be done by webserver rather than by DNS. i,e, Apache rewrite will do that. 在 2011-9-28 下午10:29,feralert feral...@gmail.com写道: Hi all, I'm sure this has been asked trillions of times but since I couldn't find any concrete answer/reference in google I am asking you guys in this list. Sorry if anyone thinks this a dumb question or something very obvious. The thing is that i want users redirected to 'www.domain.com' even when they just type the domain name 'domain.com'. In order to do so I am not sure if its best to have one A RR for each or have an A RR for the domain and a CNAME RR pointing to 'domain.com' for 'www.domain.com'. domain.com A 1.1.1.1 www.domain.com A 1.1.1.1 OR domain.com A 1.1.1.1 www.domain.com CNAME domain.com Any help appreciated. Thanks, Fred ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME or A record?
Either is fine. Using the cname would require a single update if your ip changes, but prevents other records at the same level. So you couldn't attach mx for instance at example.com and www.example.com if you wanted to. Neither is wrong and both have pros and cons -Ben Croswell On Sep 28, 2011 10:43 AM, feralert feral...@gmail.com wrote: Thanks Jeff, But I really only wrote that as an example :) . The real question is what is best or what is recommended, two A RR (one for domain, one for www) or a single A RR for domain and a CNAME RR for www, is one way better than the other or can I choose either way? Cheers!, Fred. On Wed, Sep 28, 2011 at 4:30 PM, Lightner, Jeff jlight...@water.com wrote: If you set your SOA properly to use @ (which means this zone) your A records should be: domain.com. A 1.1.1.1 www A 1.1.1.1 The SOA should append the domain.com to every record not terminated by a dot so that www is read as www.domain.com. Similarly you put a dot at the end of domain.com A record to prevent it from being appended and read as domain.com.domain.com. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto: bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of feralert Sent: Wednesday, September 28, 2011 10:20 AM To: bind-us...@isc.org Subject: CNAME or A record? Hi all, I'm sure this has been asked trillions of times but since I couldn't find any concrete answer/reference in google I am asking you guys in this list. Sorry if anyone thinks this a dumb question or something very obvious. The thing is that i want users redirected to 'www.domain.com' even when they just type the domain name 'domain.com'. In order to do so I am not sure if its best to have one A RR for each or have an A RR for the domain and a CNAME RR pointing to 'domain.com' for 'www.domain.com'. domain.com A1.1.1.1 www.domain.com A1.1.1.1 OR domain.com A1.1.1.1 www.domain.com CNAME domain.com Any help appreciated. Thanks, Fred ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena(r), Created for the Cause(tm) Making a Difference in the Fight Against Breast Cancer - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME or A record?
If you use two A records, your web server needs to be setup to handle both names. If you use a CNAME, you only need to handle the single A record name in the server. On Wed, Sep 28, 2011 at 10:36 AM, feralert feral...@gmail.com wrote: Thanks Jeff, But I really only wrote that as an example :) . The real question is what is best or what is recommended, two A RR (one for domain, one for www) or a single A RR for domain and a CNAME RR for www, is one way better than the other or can I choose either way? Cheers!, Fred. On Wed, Sep 28, 2011 at 4:30 PM, Lightner, Jeff jlight...@water.com wrote: If you set your SOA properly to use @ (which means this zone) your A records should be: domain.com. A 1.1.1.1 www A 1.1.1.1 The SOA should append the domain.com to every record not terminated by a dot so that www is read as www.domain.com. Similarly you put a dot at the end of domain.com A record to prevent it from being appended and read as domain.com.domain.com. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto: bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of feralert Sent: Wednesday, September 28, 2011 10:20 AM To: bind-us...@isc.org Subject: CNAME or A record? Hi all, I'm sure this has been asked trillions of times but since I couldn't find any concrete answer/reference in google I am asking you guys in this list. Sorry if anyone thinks this a dumb question or something very obvious. The thing is that i want users redirected to 'www.domain.com' even when they just type the domain name 'domain.com'. In order to do so I am not sure if its best to have one A RR for each or have an A RR for the domain and a CNAME RR pointing to 'domain.com' for 'www.domain.com'. domain.com A1.1.1.1 www.domain.com A1.1.1.1 OR domain.com A1.1.1.1 www.domain.com CNAME domain.com Any help appreciated. Thanks, Fred ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena(r), Created for the Cause(tm) Making a Difference in the Fight Against Breast Cancer - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: CNAME or A record?
+1 All of our redirects are either done by rewrite rules in Apache or Jboss or on our load balancer. We don’t do any in DNS. From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of ?? Sent: Wednesday, September 28, 2011 10:43 AM To: feralert Cc: bind-us...@isc.org Subject: Re: CNAME or A record? this is the stuff what should be done by webserver rather than by DNS. i,e, Apache rewrite will do that. 在 2011-9-28 下午10:29,feralert feral...@gmail.commailto:feral...@gmail.com写道: Hi all, I'm sure this has been asked trillions of times but since I couldn't find any concrete answer/reference in google I am asking you guys in this list. Sorry if anyone thinks this a dumb question or something very obvious. The thing is that i want users redirected to 'www.domain.comhttp://www.domain.com' even when they just type the domain name 'domain.comhttp://domain.com'. In order to do so I am not sure if its best to have one A RR for each or have an A RR for the domain and a CNAME RR pointing to 'domain.comhttp://domain.com' for 'www.domain.comhttp://www.domain.com'. domain.comhttp://domain.com A 1.1.1.1 www.domain.comhttp://www.domain.com A 1.1.1.1 OR domain.comhttp://domain.com A 1.1.1.1 www.domain.comhttp://www.domain.com CNAME domain.comhttp://domain.com Any help appreciated. Thanks, Fred ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.orgmailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena®, Created for the Cause™ Making a Difference in the Fight Against Breast Cancer - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME or A record?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2011-09-28 9:36 AM, feralert wrote: Thanks Jeff, But I really only wrote that as an example :) . The real question is what is best or what is recommended, two A RR (one for domain, one for www) or a single A RR for domain and a CNAME RR for www, is one way better than the other or can I choose either way? Choose either way. If they are in the same domain, in general it won't matter all that much. I personally prefer the address method so each DNS request is smaller and absolute, but others prefer the CNAME method. If you cross a zone, however, remember that the address method does not require additional DNS queries to be sent, while the CNAME method would. That said, I believe most CDN type networks require a CNAME as the addresses a specific user would get varies greatly, so that lookup is not much of an impact it seems. - -- - --Michael ISC offers support on many of its products, including BIND 9. If you depend on it, depend on us! See http://www.isc.org/support/ for all the details. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6DNCQACgkQLdqv0r6eD6a83gCdEFlS+pvqQPo8UKJfJPGD+d4T xsMAnjusN2fMbBwfvXqhSD24peDH1r5D =8rLm -END PGP SIGNATURE- attachment: mgraff.vcf___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME or A record?
That makes no sense. If he didn't have a dns entry for both sites, how does the user get to site without the dns entry to be rewritten by Apache? -Ben Croswell On Sep 28, 2011 10:52 AM, 风河 short...@gmail.com wrote: this is the stuff what should be done by webserver rather than by DNS. i,e, Apache rewrite will do that. 在 2011-9-28 下午10:29,feralert feral...@gmail.com写道: Hi all, I'm sure this has been asked trillions of times but since I couldn't find any concrete answer/reference in google I am asking you guys in this list. Sorry if anyone thinks this a dumb question or something very obvious. The thing is that i want users redirected to 'www.domain.com' even when they just type the domain name 'domain.com'. In order to do so I am not sure if its best to have one A RR for each or have an A RR for the domain and a CNAME RR pointing to 'domain.com' for 'www.domain.com'. domain.com A 1.1.1.1 www.domain.com A 1.1.1.1 OR domain.com A 1.1.1.1 www.domain.com CNAME domain.com Any help appreciated. Thanks, Fred ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: CNAME or A record?
Right – for simple domains I think having separate A records is best as I wrote. Many more complex domains (do digs on www.google.comhttp://www.google.com/, www.yahoo.comhttp://www.yahoo.com/ and www.microsoft.comhttp://www.microsoft.com/) use CNAME records but often enough it is because they aren’t actually using a www.example.comhttp://www.example.com/ pointing directly to example.com but rather to other servers in their domains. From: Ben Croswell [mailto:ben.crosw...@gmail.com] Sent: Wednesday, September 28, 2011 10:48 AM To: feralert Cc: bind-us...@isc.org; bind-users@lists.isc.org; Lightner, Jeff Subject: Re: CNAME or A record? Either is fine. Using the cname would require a single update if your ip changes, but prevents other records at the same level. So you couldn't attach mx for instance at example.comhttp://example.com and www.example.comhttp://www.example.com if you wanted to. Neither is wrong and both have pros and cons -Ben Croswell On Sep 28, 2011 10:43 AM, feralert feral...@gmail.commailto:feral...@gmail.com wrote: Thanks Jeff, But I really only wrote that as an example :) . The real question is what is best or what is recommended, two A RR (one for domain, one for www) or a single A RR for domain and a CNAME RR for www, is one way better than the other or can I choose either way? Cheers!, Fred. On Wed, Sep 28, 2011 at 4:30 PM, Lightner, Jeff jlight...@water.commailto:jlight...@water.com wrote: If you set your SOA properly to use @ (which means this zone) your A records should be: domain.comhttp://domain.com. A 1.1.1.1 www A 1.1.1.1 The SOA should append the domain.comhttp://domain.com to every record not terminated by a dot so that www is read as www.domain.comhttp://www.domain.com. Similarly you put a dot at the end of domain.comhttp://domain.com A record to prevent it from being appended and read as domain.com.domain.comhttp://domain.com.domain.com. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.orgmailto:water@lists.isc.org [mailto:bind-users-bounces+jlightnermailto:bind-users-bounces%2Bjlightner=water@lists.isc.orgmailto:water@lists.isc.org] On Behalf Of feralert Sent: Wednesday, September 28, 2011 10:20 AM To: bind-us...@isc.orgmailto:bind-us...@isc.org Subject: CNAME or A record? Hi all, I'm sure this has been asked trillions of times but since I couldn't find any concrete answer/reference in google I am asking you guys in this list. Sorry if anyone thinks this a dumb question or something very obvious. The thing is that i want users redirected to 'www.domain.comhttp://www.domain.com' even when they just type the domain name 'domain.comhttp://domain.com'. In order to do so I am not sure if its best to have one A RR for each or have an A RR for the domain and a CNAME RR pointing to 'domain.comhttp://domain.com' for 'www.domain.comhttp://www.domain.com'. domain.comhttp://domain.com A1.1.1.1 www.domain.comhttp://www.domain.com A1.1.1.1 OR domain.comhttp://domain.com A1.1.1.1 www.domain.comhttp://www.domain.com CNAME domain.comhttp://domain.com Any help appreciated. Thanks, Fred ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.orgmailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena(r), Created for the Cause(tm) Making a Difference in the Fight Against Breast Cancer - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.orgmailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena®, Created for the Cause™ Making a Difference in the Fight Against Breast Cancer - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have
Re: CNAME or A record?
domain.com A1.1.1.1 www.domain.com A1.1.1.1 OR domain.com A1.1.1.1 www.domain.com CNAME domain.com On 28.09.11 10:49, Peter Pauly wrote: If you use two A records, your web server needs to be setup to handle both names. If you use a CNAME, you only need to handle the single A record name in the server. No, web server setup has nothing to do with CNAME or A record types. (Unless a web server is directed to behave differently, but I don't know why would anyone do that). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. How does cat play with mouse? cat /dev/mouse ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME or A record?
I think it's splitting hair but cname might be a bit more efficient. At least in the webserver end. In practise, I don't think there's a real difference. You can choose which ever feels better :) Jukka 28.9.2011 17:36, feralert kirjoitti: Thanks Jeff, But I really only wrote that as an example :) . The real question is what is best or what is recommended, two A RR (one for domain, one for www) or a single A RR for domain and a CNAME RR for www, is one way better than the other or can I choose either way? Cheers!, Fred. On Wed, Sep 28, 2011 at 4:30 PM, Lightner, Jeffjlight...@water.com wrote: If you set your SOA properly to use @ (which means this zone) your A records should be: domain.com. A 1.1.1.1 www A 1.1.1.1 The SOA should append the domain.com to every record not terminated by a dot so that www is read as www.domain.com. Similarly you put a dot at the end of domain.com A record to prevent it from being appended and read as domain.com.domain.com. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of feralert Sent: Wednesday, September 28, 2011 10:20 AM To: bind-us...@isc.org Subject: CNAME or A record? Hi all, I'm sure this has been asked trillions of times but since I couldn't find any concrete answer/reference in google I am asking you guys in this list. Sorry if anyone thinks this a dumb question or something very obvious. The thing is that i want users redirected to 'www.domain.com' even when they just type the domain name 'domain.com'. In order to do so I am not sure if its best to have one A RR for each or have an A RR for the domain and a CNAME RR pointing to 'domain.com' for 'www.domain.com'. domain.com A1.1.1.1 www.domain.com A1.1.1.1 OR domain.com A1.1.1.1 www.domain.com CNAME domain.com Any help appreciated. Thanks, Fred ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena(r), Created for the Cause(tm) Making a Difference in the Fight Against Breast Cancer - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME or A record?
Webserver still has to get the request, so one way or the other is required anyway :) 28.9.2011 17:43, ?? kirjoitti: this is the stuff what should be done by webserver rather than by DNS. i,e, Apache rewrite will do that. ? 2011-9-28 ??10:29,feralert feral...@gmail.com mailto:feral...@gmail.com ??: Hi all, I'm sure this has been asked trillions of times but since I couldn't find any concrete answer/reference in google I am asking you guys in this list. Sorry if anyone thinks this a dumb question or something very obvious. The thing is that i want users redirected to 'www.domain.com http://www.domain.com' even when they just type the domain name 'domain.com http://domain.com'. In order to do so I am not sure if its best to have one A RR for each or have an A RR for the domain and a CNAME RR pointing to 'domain.com http://domain.com' for 'www.domain.com http://www.domain.com'. domain.com http://domain.com A 1.1.1.1 www.domain.com http://www.domain.com A 1.1.1.1 OR domain.com http://domain.com A 1.1.1.1 www.domain.com http://www.domain.com CNAME domain.com http://domain.com Any help appreciated. Thanks, Fred ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org mailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME or A record?
On Wed Sep 28 2011 at 16:43:17 CEST, 风河 wrote: this is the stuff what should be done by webserver rather than by DNS. i,e, Apache rewrite will do that. That is incorrect. DNS is needed to find the Web server. Web server rewriting/configuration is needed to find the site. -JP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
True queries per second?
Hi, I'm looking at the output from 9.7's rndc stats, and I see both incoming and outgoing statistics. I'm trying to get a true queries per second stat from these numbers. Wouldn't this be both incoming+outgoing queries? Or, from a performance standpoint should I only be concerned about incoming queries? In this case: +++ Statistics Dump +++ (1317224125) ++ Incoming Requests ++ 43128 QUERY ++ Incoming Queries ++ 28719 A 381 NS 22 CNAME 16 SOA 811 PTR 5269 MX 629 TXT 6721 15 SRV 141 A6 2 DS 266 SPF 136 ANY The incoming requests (43128) number is the total number of requests/queries. So to get a TOTAL queries per second on all types of queries, I would perform calculations on this number, correct? Thanks, Josh ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME or A record?
On Wed, 2011-09-28 at 16:19 +0200, feralert wrote: The thing is that i want users redirected to 'www.domain.com' even when they just type the domain name 'domain.com'. In order to do so I am not sure if its best to have one A RR for each or have an A RR for the domain and a CNAME RR pointing to 'domain.com' for 'www.domain.com'. domain.com A1.1.1.1 www.domain.com A1.1.1.1 OR domain.com A1.1.1.1 www.domain.com CNAME domain.com If named.conf is correctly set up with the domain name - then you could use $TTL 3600 @ IN SOA ...the SOA info IN NS Nameserver record lines IN A 1.1.1.1 www IN A 1.1.1.1 Last line can be converted to a CNAME... www IN CNAME domain.com. When you include IPv6 addresses into the mix... using a CNAME saves you entering the same IPv6 address twice - so then there really is a saving - especially when you include other alternative labels like 'mail', 'pop', 'smtp', 'ftp' - etc - do them all as CNAMES! $TTL 3600 @ IN SOA ...the SOA info IN NS Nameserver record lines IN A 1.1.1.1 IN 2001:1:1::80 www IN CNAME domain.com What I think is your real problem Regardless of whatever which way you decide - apache will be given the original name - DNS will not re-write that.. so you have to spell out both names in your apache configuration files... So (playing with virtual hosts) NameVirtualHost 1.1.1.1 VirtualHost 1.1.1.1 ServerName domain.com ServerAlias www.domain.com ... /VirtualHost -and later for IPv6 - duplicate the above... (this line next to the other NameVirtualHost NameVirtualHost [2001:1:1::80] VirtualHost [2001:1:1::80] ServerName domain.com ServerAlias www.domain.com ... /VirtualHost -- Mark Elkins m...@posix.co.za Posix Systems ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: True queries per second?
On Sep 28 2011, Baird, Josh wrote: I'm looking at the output from 9.7's rndc stats, and I see both incoming and outgoing statistics. I'm trying to get a true queries per second stat from these numbers. Wouldn't this be both incoming+outgoing queries? That depends entirely on what you mean by a true queries per second stat. Incoming queries are those sent by clients to the nameserver. Outgoing queries are those the nameserver sent to other nameservers, in the course of resolving the client queries, or for some other reason. Or, from a performance standpoint should I only be concerned about incoming queries? In this case: +++ Statistics Dump +++ (1317224125) ++ Incoming Requests ++ 43128 QUERY ++ Incoming Queries ++ 28719 A 381 NS 22 CNAME 16 SOA 811 PTR 5269 MX 629 TXT 6721 15 SRV 141 A6 2 DS 266 SPF 136 ANY The incoming requests (43128) number is the total number of requests/queries. Just because in this case all the requests were queries. In general there might be other types of request - e.g. IQUERY, NOTIFY, UPDATE. The breakdown of queries by type is just that - the numbers in your example do add up to 43128. So to get a TOTAL queries per second on all types of queries, I would perform calculations on this number, correct? If you are interested in queries per second sent to the nameserver, yes. (This doesn't of course necessarily mean queries successfully responded to from the client's point of view.) -- Chris Thompson Email: c...@cam.ac.uk ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dnssec question. confused.
On 9/28/11 5:32 AM, Steve Arntzen i...@arntzen.us wrote: Is your firewall Cisco based? There is a known default setting in Cisco with respect to packet size for DNS. Our network guys run into this anytime they do an upgrade, etc. and have to go in and update the setting. This bit me the first time I managed a PIX years ago (though, in fairness, even then it was well documented on Cisco's site...I just had to read logs and search), and now continues on the ASA it seems... Once it's understood, it really shouldn't bite again: https://supportforums.cisco.com/thread/2013390 -- By nature, men are nearly alike; by practice, they get to be wide apart. -- Confucius ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: dnssec question. confused.
On 9/28/11 5:32 AM, Steve Arntzen i...@arntzen.us wrote: Is your firewall Cisco based? Yes. The firewall is Cisco based. However, the main problem there is, there are several firewalls before leaving our network and my dept doesn't manage all of them. There is a known default setting in Cisco with respect to packet size for DNS. Our network guys run into this anytime they do an upgrade, etc. and have to go in and update the setting. This bit me the first time I managed a PIX years ago (though, in fairness, even then it was well documented on Cisco's site...I just had to read logs and search), and now continues on the ASA it seems... Once it's understood, it really shouldn't bite again: https://supportforums.cisco.com/thread/2013390 I have read this site before and I'm told the settings are there on at least two of the firewalls, but yet we still have problems. I think the problem is a combination of the fixup or policy-map settings and ip fragmentation. I based this conclusion on details from this thread: https://lists.dns-oarc.net/pipermail/dns-operations/2011-February/006896.html I think there is some fragment IP settings on firewalls in between which are causing problems. Using Mark's test of: dig edns-v4-ok.isc.org txt I can't get a reply at all from this query. I'm waiting to discuss this with the network guy and see if we can get all the firewalls up the chain updated. I will let everyone know how it goes. Thanks for the assistance. bb ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: if exists host-name for IPv6 DDNS?
Jan-Piet wrote on 09/28/2011 02:16:53 AM: Yeah, I got hosed by that one by a consultant. MCSE per chance? [Sorry; couldn't resist.] After 15 years I don't recall. Based on that advice, I have 10 servers with names containing underscores. And Lotus Notes/Domino likes to look up the server name via DNS. So I have to add the option to my name servers to allow it. :( Additionally, I have to have a second name registered so I can send email to picky sites. Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: CNAME or A record?
All true, but if you don't have some sort of DNS record for both example.com and www.example.com, then all the rewrite rules in the world won't help. For all we know, the web server doesn't care what the URL is since it is the only site hosted on that server and answers to all GETs. Jeff wrote on 09/28/2011 10:51:08 AM: +1 All of our redirects are either done by rewrite rules in Apache or Jboss or on our load balancer. We don’t do any in DNS. From: bind-users-bounces+jlightner=water@lists.isc.org [ mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of ?? Sent: Wednesday, September 28, 2011 10:43 AM To: feralert Cc: bind-us...@isc.org Subject: Re: CNAME or A record? this is the stuff what should be done by webserver rather than by DNS. i,e, Apache rewrite will do that. 在 2011-9-28 下午10:29,feralert feral...@gmail.com写道: Hi all, I'm sure this has been asked trillions of times but since I couldn't find any concrete answer/reference in google I am asking you guys in this list. Sorry if anyone thinks this a dumb question or something very obvious. The thing is that i want users redirected to 'www.domain.com' even when they just type the domain name 'domain.com'. In order to do so I am not sure if its best to have one A RR for each or have an A RR for the domain and a CNAME RR pointing to 'domain.com' for 'www.domain.com'. domain.com A 1.1.1.1 www.domain.com A 1.1.1.1 OR domain.com A 1.1.1.1 www.domain.com CNAME domain.com Any help appreciated. Thanks, Fred ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena®, Created for the Cause™ Making a Difference in the Fight Against Breast Cancer - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- Stream: WBROWN Spam Not spam Forget previous vote___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users