Re: Reverse Name Resolution Zone File

2016-06-13 Thread Mark Andrews 

The zone is still delegated but the CNAME records that map the well
known reverse names to the actual names holding the PTR records are
not present in 233.202.162.in-addr.arpa.  This needs to be fixed
by AT&T.

P.S.  there is no point in two NS records if there is only one
machine.

80/29.233.202.162.in-addr.arpa. 7200 IN NS  ns1.archaxis.net.
;; Received 89 bytes from 65.68.49.6#53(ns3.sbcglobal.net) in 173 ms

80/29.233.202.162.in-addr.arpa. 3600 IN NS  ns1.archaxis.net.
80/29.233.202.162.in-addr.arpa. 3600 IN NS  ns2.archaxis.net.
;; Received 139 bytes from 162.202.233.81#53(ns1.archaxis.net) in 438 ms

ns1.archaxis.net.   10800   IN  A   162.202.233.81
ns2.archaxis.net.   10800   IN  A   162.202.233.81

; <<>> DiG 9.11.0a3 <<>> 81.233.202.162.in-addr.arpa ptr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47371
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: d5595f2aa86b8c558cbec2d9575f3ceb8f5edb2bf7c71406 (good)
;; QUESTION SECTION:
;81.233.202.162.in-addr.arpa.   IN  PTR

;; AUTHORITY SECTION:
233.202.162.in-addr.arpa. 3157  IN  SOA ns1.swbell.net. 
postmaster.swbell.net. 2016052200 10800 900 604800 3600

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jun 14 09:08:27 EST 2016
;; MSG SIZE  rcvd: 145

Mark

In message <4a56c99e-f59c-5fc4-8d7c-00619d9d2...@archaxis.net>, Ron Wingfield 
writes:
> Ladies and Gentlemen:
> 
> At the risk of double posting . . .yet again (sending this time in plain 
> text format), I'm reposting this question -- apparently my previous 
> membership was purged or otherwise not valid.
> 
> Regardless, after about eight months with no problems, AT&T U-verse has 
> once again quit resolving? my reverse DNS; and now I can no longer send 
> eMail to DNS-aware MTA's, such as sbcglobal.net, aol.com, comcast.net, 
> et al.  I have tried tweaking my zone file as follows but nothing seems 
> to work.  I think they (AT&T) have done something . . .yet again, to 
> block my DNS server (authority?).  Regarding my zone file configuration 
> follows.  Can someone tell me if the configuration is erred, and 
> otherwise suggest corrections, or should I expect it to work? . . .and 
> pressure AT&T to fix the problem.
> 
> Thanks!
> 
> (Comment lines represent variant tests.)
> 
> $ORIGIN 80/29.233.202.162.in-addr.arpa.
> ; $ORIGIN 233.202.162.in-addr.arpa.
> $TTL 3h
> 
> @   IN   SOA  archaxis.net.   rtwingfield.archaxis.net. (
>2016061306; Serial
>  1h  ; Refresh
>  1h  ; Retry
>  1h  ; Expire
>  1h ); Negative cashing TTL
> 
> 
>  3600IN   NS   ns1.archaxis.net.
>  3600IN   NS   ns2.archaxis.net.
> 
> ;80 3600IN   PTR  network.archaxis.net.
> ;81 3600IN   PTR  archaxis.net.
> 81  3600IN   PTR  alpha.archaxis.net.
> ;82 3600IN   PTR  bravo.archaxis.net. /; //(an
> alternate ser//ver)/
> ;87 3600IN   PTR  broadcast.archaxis.net.
> 
> 
> 
> -
> Ron Wingfield,
> CEO WaterMark Marine Industries, Inc.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reverse Name Resolution Zone File

2016-06-13 Thread Ron Wingfield 

Ladies and Gentlemen:

At the risk of double posting . . .yet again (sending this time in plain 
text format), I'm reposting this question -- apparently my previous 
membership was purged or otherwise not valid.


Regardless, after about eight months with no problems, AT&T U-verse has 
once again quit resolving? my reverse DNS; and now I can no longer send 
eMail to DNS-aware MTA's, such as sbcglobal.net, aol.com, comcast.net, 
et al.  I have tried tweaking my zone file as follows but nothing seems 
to work.  I think they (AT&T) have done something . . .yet again, to 
block my DNS server (authority?).  Regarding my zone file configuration 
follows.  Can someone tell me if the configuration is erred, and 
otherwise suggest corrections, or should I expect it to work? . . .and 
pressure AT&T to fix the problem.


Thanks!

(Comment lines represent variant tests.)

   $ORIGIN 80/29.233.202.162.in-addr.arpa.
   ; $ORIGIN 233.202.162.in-addr.arpa.
   $TTL 3h

   @   IN   SOA  archaxis.net.   rtwingfield.archaxis.net. (
  2016061306; Serial
1h  ; Refresh
1h  ; Retry
1h  ; Expire
1h ); Negative cashing TTL


3600IN   NS   ns1.archaxis.net.
3600IN   NS   ns2.archaxis.net.

   ;80 3600IN   PTR  network.archaxis.net.
   ;81 3600IN   PTR  archaxis.net.
   81  3600IN   PTR  alpha.archaxis.net.
   ;82 3600IN   PTR  bravo.archaxis.net. /; //(an
   alternate ser//ver)/
   ;87 3600IN   PTR  broadcast.archaxis.net.



-
Ron Wingfield,
CEO WaterMark Marine Industries, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reverse Name Resolution Zone File

2016-06-13 Thread Ron Wingfield 

  
  
Ladies and Gentlemen:
  
  At the risk of double posting, I'm reposting this question --
  apparently my previous membership was purged or otherwise not
  valid. 
  
  Regardless, after about eight months with no problems, AT&T
  U-verse has once again quit resolving? my reverse DNS; and now I
  can no longer send eMail to DNS-aware MTA's, such as
  sbcglobal.net, aol.com, comcast.net, et al.  I have tried tweaking
  my zone file as follows but nothing seems to work.  I think they
  (AT&T) have done something . . .yet again, to block my DNS
  server (authority?).  Regarding my zone file configuration
  follows.  Can someone tell me if the configuration is erred, and
  otherwise suggest corrections, or should I expect it to work? . .
  .and pressure AT&T to fix the problem.   

Thanks!
  
  (Comment lines represent variant tests.)

$ORIGIN
80/29.233.202.162.in-addr.arpa.
; $ORIGIN 233.202.162.in-addr.arpa.
$TTL 3h

@   IN   SOA  archaxis.net.   rtwingfield.archaxis.net.
(
  2016061306    ; Serial
    1h  ; Refresh
    1h  ; Retry
    1h  ; Expire
    1h )    ; Negative cashing TTL


    3600    IN   NS   ns1.archaxis.net.
    3600    IN   NS   ns2.archaxis.net.

;80 3600    IN   PTR  network.archaxis.net.
;81 3600    IN   PTR  archaxis.net.
81  3600    IN   PTR  alpha.archaxis.net.
;82 3600    IN   PTR  bravo.archaxis.net.    ; (an alternate server)
;87 3600    IN   PTR  broadcast.archaxis.net.


  

 
   OTTF,


  Ron Wingfield,
  CEO WaterMark Marine Industries, Inc. 
  

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ISC considering a change to the BIND open source license

2016-06-13 Thread Tim Daneliuk 
On 06/13/2016 03:52 PM, Victoria Risk wrote:
> Hello BIND users-
> 
> ISC published BIND under a very permissive open source license 
>  
> (https://www.isc.org/downloads/software-support-policy/isc-license/) nearly 
> two decades ago.  ISC is the organizational steward for BIND; in order to 
> preserve the software for the long term, we are considering a move to the 
> more restrictive Mozilla Public License (MPL 2.0) 
>  
> (https://www.mozilla.org/en-US/MPL/2.0/).
> 
> The MPL license requires that anyone redistributing the code who has changed 
> it must publish their changes (or pay for an exception to the license). It 
> doesn’t impact anyone who is using the software without redistributing it, 
> nor anyone redistributing it without changes – so most users will not see any 
> change. 
> 
> In the event we do proceed with the change in license, we will announce this 
> with the 9.11.0 beta and it will take effect with the BIND 9.11.0 release.
> 
> We welcome comments from BIND users, including statements of support or 
> concern.  Email Vicky Risk, Product Manager at vi...@isc.org if you want to 
> discuss privately, Tweet at us at @ISCdotORG , 
> or discuss on bind-users@lists.isc.org .
> 
> Regards,
> 
> Vicky Risk, 
> Product Manager
> 
> Jeff Osborn, President of ISC, announcing we are considering this change at 
> RIPE72 in Copenhagen May 26th, https://ripe72.ripe.net/archives/video/206.

+1

Long time bind user here and I heartily endorse this.



Tim Daneliuk tun...@tundraware.com
PGP Key: http://www.tundraware.com/PGP/

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ISC considering a change to the BIND open source license

2016-06-13 Thread Dennis Clarke 

On 06/13/2016 04:52 PM, Victoria Risk wrote:
> Hello BIND users-
>
> ISC published BIND under a very permissive open source license...

Not sure what inspired this change but I suspect that meetings have been 
held with legal teams for quite some time. I won't speculate on what 
reasons this legal license shift is being taken other than to say a 
clear "Thank You" to ISC for amazing work done over many many years. I 
don't think there will be much argument from the millions of users that 
enjoy code releases of BIND that keeps the entire global internet DNS 
infrastructure working.


>
> The MPL license requires that anyone redistributing the code who has
> changed it must publish their changes (or pay for an exception to the
> license). It doesn’t impact anyone who is using the software without
> redistributing it, nor anyone redistributing it without changes – so
> most users will not see any change.

Magnificent.  Also ensures that the implementations of ISC BIND that we 
see out in the wild will conform to expected behavior as documented in 
the code itself. Those that stray from the expected behavior will now be 
documented also.  This is an excellent transition for all involved and 
ensures a higher level of quality control on DNS products.


Dennis Clarke

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ISC considering a change to the BIND open source license

2016-06-13 Thread P Vixie 
This is long overdue. I'm all for it. Vixie

On June 13, 2016 10:52:15 PM GMT+02:00, Victoria Risk  wrote:
>Hello BIND users-
>
>ISC published BIND under a very permissive open source license
>
>(https://www.isc.org/downloads/software-support-policy/isc-license/
>)
>nearly two decades ago.  ISC is the organizational steward for BIND; in
>order to preserve the software for the long term, we are considering a
>move to the more restrictive Mozilla Public License (MPL 2.0)
>
>(https://www.mozilla.org/en-US/MPL/2.0/
>).
>
>The MPL license requires that anyone redistributing the code who has
>changed it must publish their changes (or pay for an exception to the
>license). It doesn’t impact anyone who is using the software without
>redistributing it, nor anyone redistributing it without changes – so
>most users will not see any change. 
>
>In the event we do proceed with the change in license, we will announce
>this with the 9.11.0 beta and it will take effect with the BIND 9.11.0
>release.
>
>We welcome comments from BIND users, including statements of support or
>concern.  Email Vicky Risk, Product Manager at vi...@isc.org
> if you want to discuss privately, Tweet at us at
>@ISCdotORG , or discuss on
>bind-users@lists.isc.org.
>
>Regards,
>
>Vicky Risk, 
>Product Manager
>
>Jeff Osborn, President of ISC, announcing we are considering this
>change at RIPE72 in Copenhagen May 26th,
>https://ripe72.ripe.net/archives/video/206
>.
>
>
>
>
>
>
>
>
>
>___
>bind-announce mailing list
>bind-annou...@lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-announce

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

ISC considering a change to the BIND open source license

2016-06-13 Thread Victoria Risk 
Hello BIND users-

ISC published BIND under a very permissive open source license 
 
(https://www.isc.org/downloads/software-support-policy/isc-license/ 
) nearly 
two decades ago.  ISC is the organizational steward for BIND; in order to 
preserve the software for the long term, we are considering a move to the more 
restrictive Mozilla Public License (MPL 2.0) 
 
(https://www.mozilla.org/en-US/MPL/2.0/ 
).

The MPL license requires that anyone redistributing the code who has changed it 
must publish their changes (or pay for an exception to the license). It doesn’t 
impact anyone who is using the software without redistributing it, nor anyone 
redistributing it without changes – so most users will not see any change. 

In the event we do proceed with the change in license, we will announce this 
with the 9.11.0 beta and it will take effect with the BIND 9.11.0 release.

We welcome comments from BIND users, including statements of support or 
concern.  Email Vicky Risk, Product Manager at vi...@isc.org 
 if you want to discuss privately, Tweet at us at 
@ISCdotORG , or discuss on 
bind-users@lists.isc.org.

Regards,

Vicky Risk, 
Product Manager

Jeff Osborn, President of ISC, announcing we are considering this change at 
RIPE72 in Copenhagen May 26th, https://ripe72.ripe.net/archives/video/206 
.





___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Questions on bind-chroot

2016-06-13 Thread Lightner, Jeffrey 
Is this RHEL5?  RHEL6?  Something else?

On RHEL5 we had bind-chroot running and did all our edits directly in 
/var/named/chroot/etc for named.cocnf and /var/named/chroot/var/named for zone 
files.

In RHEL7 (which uses systemctl rather than service) they setup special mounting 
in the named-chroot systemd file so one has to be sure to restart that rather 
than just the named system file as the named by itself ignores your chroot 
setup.In this RHEL7 setup you edit the named.conf in /etc itself (i.e. the 
non-chroot "real" path) and the "systemctl restart named-chroot" puts the mount 
of that file into /var/named/chroot/etc.


-Original Message-
From: bind-users-boun...@lists.isc.org 
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Tony Finch
Sent: Monday, June 13, 2016 11:04 AM
To: Harshith Mulky
Cc: bind-users@lists.isc.org
Subject: Re: Questions on bind-chroot

Harshith Mulky  wrote:

> Is it necessary for named.conf in the chroot path and /etc path to be 
> same

If they aren't the same, at some point in the future you or your colleagues are 
going to get very confused about which one is the right one.

> I have 2 different named.conf in both the paths and when I am running 
> the, service named restart, I see the named service starting from the 
> chroot path. Is that correct?

There isn't much standardization of BIND init scripts. Some of them try to keep 
in-chroot and out-of-chroot configuration in sync, some don't, maybe depending 
on how the script is configured. So I can't give you a direct answer; you 
should read your init script carefully.

Tony.
--
f.anthony.n.finchhttp://dotat.at/  -  I xn--zr8h punycode 
Irish Sea: Cyclonic 3 or 4, increasing 5 at times. Smooth or slight, 
occasionally moderate in far south. Thundery showers, fog patches. Moderate or 
good, occasionally very poor.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Questions on bind-chroot

2016-06-13 Thread Tony Finch 
Harshith Mulky  wrote:

> Is it necessary for named.conf in the chroot path and /etc path to be same

If they aren't the same, at some point in the future you or your
colleagues are going to get very confused about which one is the right
one.

> I have 2 different named.conf in both the paths and when I am running
> the, service named restart, I see the named service starting from the
> chroot path. Is that correct?

There isn't much standardization of BIND init scripts. Some of them try to
keep in-chroot and out-of-chroot configuration in sync, some don't, maybe
depending on how the script is configured. So I can't give you a direct
answer; you should read your init script carefully.

Tony.
-- 
f.anthony.n.finchhttp://dotat.at/  -  I xn--zr8h punycode
Irish Sea: Cyclonic 3 or 4, increasing 5 at times. Smooth or slight,
occasionally moderate in far south. Thundery showers, fog patches. Moderate or
good, occasionally very poor.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DS record update via nsupdate

2016-06-13 Thread Mark Andrews 

In message <7966c1a9-a930-b748-7e09-531304b4d...@rotld.ro>, Catalin Leanca 
writes:
> 
> Hello,
> 
> When using nsupdate command to update DS records for subdomains
> without NS delegation, no error code is returned by command and also
> no errors appear in BIND logs (and DS is not updated in the zone).
> Is this a normal behavior?

Yes.  It is consistent with other UPDATE (RFC 2136) behaviours which
maintain zone consistancy.  UPDATE is silent about lots of things
w/o explict prerequisites.

> How to make BIND to issue errors when this happen ?

Add a prerequisite that a NS rrset exists at the name.  It the
prerequiste fails you will get a error.
 
> Best regards,
> 
> -- 
> 
> *CS Catalin LEANCA*
> ICI ROTLD - Serviciul Tehnic
> Bd. Maresal Averescu 8-10,
> Sector 1, Bucuresti
> Mobil: +40 744 81
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

DS record update via nsupdate

2016-06-13 Thread Catalin Leanca 

Hello,

When using nsupdate command to update DS records for subdomains
without NS delegation, no error code is returned by command and also
no errors appear in BIND logs (and DS is not updated in the zone).
Is this a normal behavior? How to make BIND to issue errors when this 
happen ?


Best regards,

--

*CS Catalin LEANCA*
ICI ROTLD - Serviciul Tehnic
Bd. Maresal Averescu 8-10,
Sector 1, Bucuresti
Mobil: +40 744 81


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users