Re: weird transfer-source problems with one DNS node

2016-07-19 Thread Phil Mayers 
Yep, that's it. The MASQ entry will nat all outbound traffic to the primary IP 
of the interface. If you want to be playing with secondary IPs this is almost 
certainly not right.
-- 
Sent from my mobile device, please excuse brevity and typos___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: weird transfer-source problems with one DNS node

2016-07-19 Thread Ian Veach 
Thank you, Phil - that might be the answer.  I'm not super knowledgeable
about iptables, and I certainly didn't configure it this way
(specifically), but the one problematic node does seem to have a
postrouting chain.  I'll have to investigate how this came about and how to
remove, but perhaps this is it:

[root@foo:~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 155M packets, 15G bytes)
 pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 270K packets, 15M bytes)
 pkts bytes target prot opt in out source
destination
 105M   13G MASQUERADE  all  --  *  eth+0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 105M packets, 13G bytes)
 pkts bytes target prot opt in out source
destination




cheers and thanks,

Ian Veach, Senior Systems Analyst
System Computing Services, Nevada System of Higher Education


On Tue, Jul 19, 2016 at 3:10 AM, Phil Mayers 
wrote:

> On 19/07/16 00:38, Ian Veach wrote:
>
>>
>> Negative Ghostrider...:
>>
>> [root@foo:~]# iptables -t raw -nvL
>>
>
> Might want to check "-t nat" as well.
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

-- 
PUBLIC RECORDS NOTICE: In accordance with NRS Chapter 239, this email and 
responses, unless otherwise made confidential by law, may be subject to the 
Nevada Public Records laws and may be disclosed to the public upon request.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RHEL, Centos, Fedora rpm 9.10.4-P2; CVE-2016-2775

2016-07-19 Thread Carl Byington 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAleOm+EACgkQL6j7milTFsFL0gCeMmH1ZIlnYXP8GmferR/qjRNT
2EcAnj6ePxuOrQewVY+r4T4LEev3sngT
=L//D
-END PGP SIGNATURE-


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: weird transfer-source problems with one DNS node

2016-07-19 Thread Phil Mayers 

On 19/07/16 00:38, Ian Veach wrote:


Negative Ghostrider...:

[root@foo:~]# iptables -t raw -nvL


Might want to check "-t nat" as well.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Questions on how to setup Reverse DNS in bind 9

2016-07-19 Thread Matus UHLAR - fantomas 

On 18.07.16 19:44, Spork Schivago wrote:

At this time franklin.jetbbs.com ONLY RESOLVES TO 104.238.117.105

The way I wanted it was 104.238.117.105 AND 132.148.11.44to point to
jetbbs.com   but I think I setup the DNS record wrong.   I just added
another A record for jetbbs.com and added the IP address 132.148.11.44 to
it.   This part wasn't for the reverse DNS.   I got two IP addresses I'm
using.


jetbbs.com IS NOT franklin.jetbbs.com


I got an A name for franklin, and that's the 104.238.117.105.   Should I
have added another A name for franklin as well to setup the round robin
stuff?   You know, when someone connects to JetBBS.com, the first time they
connect, it takes them to 104.238.117.105.   The next time they connect, it
takes them to 132.148.11.44. 


you don't have to set up "round robin" and you can't decide who connects to
which IP.

If you set up two IP addresses for one DNS name, random servers will connect
to random addresses in rantom times.


Is this why whenever I pinged jetbbs.com, I
only got a reply from 132.148.11.44 and not from 104.238.117.105 you think?


that is because jetbbs.com only contains 104.238.117.105 now...


 Because I didn't setup another A name for franklin?   Thanks and sorry
for all the questions.   I know these probably aren't really bind related
questions anymore.   Thanks!


once more: jetbbs.com IS NOT franklin.jetbbs.com !

FYI currently they both only contain 104.238.117.105

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
   One OS to rule them all, One OS to find them, 
One OS to bring them all and into darkness bind them 
___

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users