Re: authority

[Nick Edwards]

On Tue, Oct 25, 2016 at 7:14 AM, Reindl Harald 
wrote:

>
>
>
> this is a public mailing list - so what!
>
> when someone don't yet get the connection between nameservers, webserver
> and ip-addresses he is not ready to connect public servers and that's
> completly independent of the fact you ra elike a statement or not - so get
> out of my sigt and keep your persnaol attacks for yourself, epsecially when
> you are *that* slow with your poisioning responses
>
>

Thats right, when someone calls you out for what you really are, you try
turn it around. truth hurts Reindl

you obviously did not know or understand the question, this does not mean
nobody else does, so you should shut your trolling trap and ignore the
post, and let someone who does know what they mean answer it. Its why youve
been kicked off just about every other technical/ASP lists on this planet.

and as slow for responses? I have a life, I enjoy weekends, I do not sit on
internet 20 hours a day like you try to because no one in their sane mind
could put up with you.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: authority

[Nick Edwards]

On Tue, Oct 25, 2016 at 7:11 AM, Reindl Harald 
wrote:

>
> i don't understand your question
>>
>>
>> Since you have NOTHING to do with ISC or even remotely with bind, if you
>> dont understand , LEAVE IT TO SOMEONE WHO DOES
>>
>
> and YOU have something to do with ISC?
> i doubt!
>
> since i maintain hundrets of domains and wrote admin-backends for BIDN i
> pretend to have more than remotely to do with bind for many many years
>
>


PRETEND is the key operative word here, you have  ZERO to do with ISC Bind,
you are not a member of the consortium, yes, that I know!

I'll leave it for a list moderator to cane your arse for trying to imply
you are associated with bind project.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: authority

[Reindl Harald]

Am 24.10.2016 um 22:45 schrieb Nick Edwards:



On Tue, Oct 25, 2016 at 12:42 AM, Reindl Harald > wrote:

don't get me wrong but that question shows that you are not ready to
run a public dns server - there is no "local" or


when you make statements like that to be sure you include the fact you
have NOTHING to do with ISC or bind


this is a public mailing list - so what!

when someone don't yet get the connection between nameservers, webserver 
and ip-addresses he is not ready to connect public servers and that's 
completly independent of the fact you ra elike a statement or not - so 
get out of my sigt and keep your persnaol attacks for yourself, 
epsecially when you are *that* slow with your poisioning responses

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: authority

[Reindl Harald]

Am 24.10.2016 um 22:42 schrieb Nick Edwards:

On Tue, Oct 25, 2016 at 12:11 AM, Reindl Harald > wrote:


identical like the first one

Which IP should be use?


i don't understand your question


Since you have NOTHING to do with ISC or even remotely with bind, if you
dont understand , LEAVE IT TO SOMEONE WHO DOES


and YOU have something to do with ISC?
i doubt!

since i maintain hundrets of domains and wrote admin-backends for BIDN i 
pretend to have more than remotely to do with bind for many many years



but you just cant help yourself can you, damn troll


since nobody asked you keep your personal attacks for yourself
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: authority

[Nick Edwards]

On Tue, Oct 25, 2016 at 12:42 AM, Reindl Harald 
wrote:


>
>
>
>>
> don't get me wrong but that question shows that you are not ready to run a
> public dns server - there is no "local" or
>

when you make statements like that to be sure you include the fact you have
NOTHING to do with ISC or bind.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: authority

[Nick Edwards]

On Tue, Oct 25, 2016 at 12:11 AM, Reindl Harald 
wrote:


> identical like the first one
>
> Which IP should be use?
>>
>
> i don't understand your question
>
>
Since you have NOTHING to do with ISC or even remotely with bind, if you
dont understand , LEAVE IT TO SOMEONE WHO DOES

but you just cant help yourself can you, damn troll
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: merging reverse zone data obtained from two different masters

[Darcy Kevin (FCA)]

Ideally, whatever frontend you use to maintain the "forward" records for these 
zones, should be smart enough to, in parallel, populate the corresponding 
entries in the common reverse zone.

But, failing that, it shouldn't be that hard to write a script that 
periodically pulls zone transfers of the forward zones and merges that data to 
create/update the common reverse zone. If the ranges used by these Zone1/Zone2 
hosts overlap, you'll have to decide how to handle collisions, of course.


- Kevin


-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of blrmaani
Sent: Sunday, October 23, 2016 5:56 PM
To: comp-protocols-dns-b...@isc.org
Subject: merging reverse zone data obtained from two different masters

We have hosts in two different zones but use same subnet. Zone1 is generated by 
Master1 and Zone2 is generated by Master2.

Slave1 runs BIND and would like to merge the reverses generated on Master1 and 
Master2. How do I do this?

thanks
Blr
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind-users Digest, Vol 2527, Issue 1

[Fabian Cohen]

Hi Tony the master res a your Zone and de reverse generate the consult for ip.


2016-10-24 9:00 GMT-03:00  :
> Send bind-users mailing list submissions to
> bind-users@lists.isc.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.isc.org/mailman/listinfo/bind-users
> or, via email, send a message with subject or body 'help' to
> bind-users-requ...@lists.isc.org
>
> You can reach the person managing the list at
> bind-users-ow...@lists.isc.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
>1. merging reverse zone data obtained from two different masters
>   (blrmaani)
>2. Re: merging reverse zone data obtained from two different
>   masters (blrmaani)
>3. Running current version of bind in a jail? (Tom)
>4. Re: Running current version of bind in a jail? (Reindl Harald)
>5. Re: Running current version of bind in a jail? (Tony Finch)
>6. Re: merging reverse zone data obtained from two different
>   masters (Tony Finch)
>
>
> --
>
> Message: 1
> Date: Sun, 23 Oct 2016 14:56:26 -0700 (PDT)
> From: blrmaani 
> To: comp-protocols-dns-b...@isc.org
> Subject: merging reverse zone data obtained from two different masters
> Message-ID: 
> Content-Type: text/plain; charset=UTF-8
>
> We have hosts in two different zones but use same subnet. Zone1 is generated 
> by Master1 and Zone2 is generated by Master2.
>
> Slave1 runs BIND and would like to merge the reverses generated on Master1 
> and Master2. How do I do this?
>
> thanks
> Blr
>
>
> --
>
> Message: 2
> Date: Sun, 23 Oct 2016 15:39:45 -0700 (PDT)
> From: blrmaani 
> To: comp-protocols-dns-b...@isc.org
> Subject: Re: merging reverse zone data obtained from two different
> masters
> Message-ID: <0866d16a-d52e-4097-a968-87daf3a2f...@googlegroups.com>
> Content-Type: text/plain; charset=UTF-8
>
> On Sunday, October 23, 2016 at 2:56:37 PM UTC-7, blrmaani wrote:
>> We have hosts in two different zones but use same subnet. Zone1 is generated 
>> by Master1 and Zone2 is generated by Master2.
>>
>> Slave1 runs BIND and would like to merge the reverses generated on Master1 
>> and Master2. How do I do this?
>>
>> thanks
>> Blr
>
> I know couple of hacky way to achieve this. Just curious if anyone tried it ?
>
>
> --
>
> Message: 3
> Date: Mon, 24 Oct 2016 07:27:54 +0200
> From: Tom 
> To: "bind-users@lists.isc.org" 
> Subject: Running current version of bind in a jail?
> Message-ID: <7bd34414-4737-c7cb-d640-d26f15ea3...@gmail.com>
> Content-Type: text/plain; charset=utf-8; format=flowed
>
> Hi list
>
>  From
> https://kb.isc.org/article/AA-00768/0/Getting-started-with-BIND-how-to-build-and-run-named-with-a-basic-recursive-configuration.html:
>
> "Running named in a chroot jail (many still do, but this shouldn't be
> necessary with modern versions of BIND)".:
>
> What's the reason, that it isn't necessary to run modern version of bind
> in a jail?
>
> Kind regards,
> Tom
>
>
> --
>
> Message: 4
> Date: Mon, 24 Oct 2016 08:59:23 +0200
> From: Reindl Harald 
> To: bind-users@lists.isc.org
> Subject: Re: Running current version of bind in a jail?
> Message-ID: <14080881-a967-4e2d-ed11-00f1104b8...@thelounge.net>
> Content-Type: text/plain; charset=windows-1252; format=flowed
>
>
>
> Am 24.10.2016 um 07:27 schrieb Tom:
>> From
>> https://kb.isc.org/article/AA-00768/0/Getting-started-with-BIND-how-to-build-and-run-named-with-a-basic-recursive-configuration.html:
>>
>>
>> "Running named in a chroot jail (many still do, but this shouldn't be
>> necessary with modern versions of BIND)".:
>>
>> What's the reason, that it isn't necessary to run modern version of bind
>> in a jail?
>
> that named got a complete rewrite and don't share any code with the
> times where the quality was so bad that it was highly recommended to
> chroot it?
>
>
> --
>
> Message: 5
> Date: Mon, 24 Oct 2016 11:04:43 +0100
> From: Tony Finch 
> To: Tom 
> Cc: "bind-users@lists.isc.org" 
> Subject: Re: Running current version of bind in a jail?
> Message-ID: 
> Content-Type: TEXT/PLAIN; charset=US-ASCII
>
> Tom  wrote:
>>
>> What's the reason, that it isn't necessary to run modern version of bind in a
>> jail?
>
> chroot is a defence against privilege escalation following a remote code
> execution vulnerability. It isn't a very solid defence. And BIND 9 tends
> to die of a self-check failure 

Re: Compiling on AIX-7.1

[Witold Kręcicki]

W dniu 24.10.2016 o 19:24, Davis, Donald W pisze:
> Has anyone compiled bind-9.11 on AIX version 7.1?  I have gcc
> installed.  The first make failed with “nslookup.c:39:31: fatal error:
> readline/readline.h: No such file or directory”
> 
> I installed the readline library and now is failing with the following
> errors:
> 
> ld: 0711-317 ERROR: Undefined symbol: .__cxa_finalize
> 
> ld: 0711-317 ERROR: Undefined symbol: .__udivdi3
> 
> ld: 0711-317 ERROR: Undefined symbol: .__umoddi3
> 
> collect2: error: ld returned 8 exit status
Could you paste the ./configure options you are using?
Try adding LDFLAGS="-lm" to ./configure

-- 
wpk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Compiling on AIX-7.1

[Davis, Donald W]

Has anyone compiled bind-9.11 on AIX version 7.1?  I have gcc installed.  The 
first make failed with "nslookup.c:39:31: fatal error: readline/readline.h: No 
such file or directory"
I installed the readline library and now is failing with the following errors:
ld: 0711-317 ERROR: Undefined symbol: .__cxa_finalize
ld: 0711-317 ERROR: Undefined symbol: .__udivdi3
ld: 0711-317 ERROR: Undefined symbol: .__umoddi3
collect2: error: ld returned 8 exit status
make: 1254-004 The error code from the last command is 1.
Stop.

Any help would be appreciated!
Don
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: authority

[Pol Hallen]

named virtual hosts anybody - you can run thousands of domains on a
single IP


understood Harld :)

cheers

Pol
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: authority

[Reindl Harald]

Am 24.10.2016 um 16:35 schrieb Pol Hallen:

so what are your real questions?

P.S.: you need more than one DNS server for a public domain which must
not run on the same network


I have to register some domains: example.com, example.ue, example.net,
exampe.org, etc.

on my server I've also apache web and I'd like have internet site based
on that domains

but each domain must have a unique IP (or not?) my ISP supplies only one
IP.


named virtual hosts anybody - you can run thousands of domains on a 
single IP



the question is: can I handles several internet site using local bind?


don't get me wrong but that question shows that you are not ready to run 
a public dns server - there is no "local" or "non local bind" in that 
context - bind as any other nameserver serves as much forward and 
ptr-zones as you configure

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: authority

[Pol Hallen]

so what are your real questions?

P.S.: you need more than one DNS server for a public domain which must
not run on the same network


I have to register some domains: example.com, example.ue, example.net, 
exampe.org, etc.


on my server I've also apache web and I'd like have internet site based 
on that domains


but each domain must have a unique IP (or not?) my ISP supplies only one IP.

the question is: can I handles several internet site using local bind?

thanks

Pol
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: authority

[Reindl Harald]

Am 24.10.2016 um 14:40 schrieb Pol Hallen:

Hello all, after weeks studying bind I'm here with a question:

I'd like have my own bind authority server for some domains. I just
configured my first zone (ie: www.example.org) with static IP of my DSL.
Everything works :-)

If I register another FQDN (ie: www.example.com) how can I set my second
zone?


identical like the first one


Which IP should be use?


i don't understand your question

* the registry points the glue records of the zone to your DNS
* your DNS answers for all zones which are configured
* what IP it answers is defined in your zones
* what IP your DNS has is defined by "static IP of my DSL"

so what are your real questions?

P.S.: you need more than one DNS server for a public domain which must 
not run on the same network

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

authority

[Pol Hallen]

Hello all, after weeks studying bind I'm here with a question:

I'd like have my own bind authority server for some domains. I just 
configured my first zone (ie: www.example.org) with static IP of my DSL. 
Everything works :-)


If I register another FQDN (ie: www.example.com) how can I set my second 
zone? Which IP should be use?


thanks for help

Pol
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: merging reverse zone data obtained from two different masters

[Tony Finch]

blrmaani  wrote:
> On Sunday, October 23, 2016 at 2:56:37 PM UTC-7, blrmaani wrote:
> >
> > We have hosts in two different zones but use same subnet. Zone1 is
> > generated by Master1 and Zone2 is generated by Master2.
> >
> > Slave1 runs BIND and would like to merge the reverses generated on
> > Master1 and Master2. How do I do this?
>
> I know couple of hacky way to achieve this. Just curious if anyone tried
> it ?

Probably the best way is to use RFC 2317 classless delegation. It requires
that zone1 and zone2 have different names from the normal reverse DNS
zone.

https://tools.ietf.org/html/rfc2317
https://tools.ietf.org/html/draft-fanf-dnsop-rfc2317bis

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
North Fitzroy: Northeasterly 5 to 7 in far northwest, otherwise variable 3
or 4. Rough or very rough. Showers. Good, occasionally moderate.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Running current version of bind in a jail?

[Tony Finch]

Tom  wrote:
>
> What's the reason, that it isn't necessary to run modern version of bind in a
> jail?

chroot is a defence against privilege escalation following a remote code
execution vulnerability. It isn't a very solid defence. And BIND 9 tends
to die of a self-check failure before remote code execution occurs,
judging by the last few years of vulnerability notices.

Also, on Linux, named drops most capabilities.

Stricter partitions (VMs or containers) which you can easily nuke and
rebuild from scratch mean there's much less need for chroot.

I still chroot my servers :-)

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Sole, Lundy, Fastnet: Easterly or northeasterly 5 to 7, becoming variable 3 or
4 later. Rough or very rough, becoming slight or moderate later. Rain or
showers. Moderate or good, occasionally poor.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users