Can bind works without defining root servers
Hi,
I can observe, bind can resolve host names without following entry in
named.conf. could anyone help me to understand this default behavior.
zone "." {
type hint;
file "root.servers";
};
regards
DT
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Can bind works without defining root servers
Root hints have been built in forever. (and that's "forever" in
Internet years)
On 8/15/17 10:58 AM, Duleep Thilakarathne wrote:
> Hi,
>
> I can observe, bind can resolve host names without following entry in
> named.conf. could anyone help me to understand this default behavior.
>
>
> zone "." {
> type hint;
> file "root.servers";
> };
>
> regards
> DT
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Can bind works without defining root servers
How does Bind update the root servers? Does it go out and check, or is a
release made for each change?
--
Hal King - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Systems Services
The University of Tennessee
103C5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone : 974-1599
Helpdesk 24/7 : 974-9900
On 8/15/17, 11:02, "bind-users on behalf of Alan Clegg"
wrote:
Root hints have been built in forever. (and that's "forever" in
Internet years)
On 8/15/17 10:58 AM, Duleep Thilakarathne wrote:
> Hi,
>
> I can observe, bind can resolve host names without following entry in
> named.conf. could anyone help me to understand this default behavior.
>
>
> zone "." {
> type hint;
> file "root.servers";
> };
>
> regards
> DT
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Can bind works without defining root servers
On 15 August 2017 at 11:29, King, Harold Clyde (Hal) wrote: > How does Bind update the root servers? Does it go out and check, or is a > release made for each change? > Yes. :) BIND has a compiled-in root hints list that is kept up to date at each release, which can be overridden with a zone of type 'hint'. It also does what's calling "priming queries", which is to contact one of the known root servers from the hints list, and retrieve and up-to-date authoritative NS set for the root zone from the root zone itself. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can bind works without defining root servers
On Tue, Aug 15, 2017 at 11:36 AM, Matthew Pounsett wrote: > > > On 15 August 2017 at 11:29, King, Harold Clyde (Hal) wrote: >> >> How does Bind update the root servers? Does it go out and check, or is a >> release made for each change? > > > Yes. :) > > BIND has a compiled-in root hints list that is kept up to date at each > release, which can be overridden with a zone of type 'hint'. It also does > what's calling "priming queries", which is to contact one of the known root > servers from the hints list, and retrieve and up-to-date authoritative NS > set for the root zone from the root zone itself. ... and for gory details on priming queries, see RFC8109 ( https://datatracker.ietf.org/doc/rfc8109/ ) W > > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can bind works without defining root servers
Read about it at
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=blob;f=lib/dns/rootns.c;h=d86d0172d10625050ff1938c1869ce28921a1226;hb=HEAD
On Tue, Aug 15, 2017 at 10:29 AM, King, Harold Clyde (Hal)
wrote:
> How does Bind update the root servers? Does it go out and check, or is a
> release made for each change?
>
>
> --
> Hal King - h...@utk.edu
> Systems Administrator
> Office of Information Technology
> Shared Systems Services
>
> The University of Tennessee
> 103C5 Kingston Pike Building
> 2309 Kingston Pk. Knoxville, TN 37996
> Phone : 974-1599
> Helpdesk 24/7 : 974-9900
>
> On 8/15/17, 11:02, "bind-users on behalf of Alan Clegg" <
> bind-users-boun...@lists.isc.org on behalf of a...@clegg.com> wrote:
>
> Root hints have been built in forever. (and that's "forever" in
> Internet years)
>
> On 8/15/17 10:58 AM, Duleep Thilakarathne wrote:
> > Hi,
> >
> > I can observe, bind can resolve host names without following entry
> in
> > named.conf. could anyone help me to understand this default behavior.
> >
> >
> > zone "." {
> > type hint;
> > file "root.servers";
> > };
> >
> > regards
> > DT
> >
> >
> > ___
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> >
>
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
- Andrew "lathama" Latham lath...@gmail.com http://lathama.com
-
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Fwd: BIND and Windows DNS logging and archiving
Forgot to CC the list. -- Forwarded message -- From: Mick Lee Date: Sat, Aug 12, 2017 at 6:55 PM Subject: Re: BIND and Windows DNS logging and archiving To: Phil Mayers Thanks, I checked and it doesn't look like dnscap would work with little change :( Anyway, my colleague has now implemented a similar tool called dns-activity-logger. I mention it here since it does DNS response logging, specifically for IP addresses. You get output similar to BIND query logging for responses too: # Response logging is like query logging, but you get rcode, ans-count, auth-count, add-count and a space separated list of IP's from the answer section if any Aug 12 17:47:25 dns01 dns-activity-logger[6476]: client 192.168.1.13#61835: query: www.apple.com IN A + (192.168.1.200) Aug 12 17:47:25 dns01 dns-activity-logger[6476]: client 192.168.1.200#61285: query: www.apple.com IN A + (192.168.1.1) Aug 12 17:47:25 dns01 dns-activity-logger[6476]: client 192.168.1.200#61285: response: www.apple.com IN A + (192.168.1.1) NOERROR 4 0 1: 23.198.68.189 Aug 12 17:47:25 dns01 dns-activity-logger[6476]: client 192.168.1.13#61835: response: www.apple.com IN A + (192.168.1.200) NOERROR 4 0 0: 23.198.68.189 It streams Syslog messages out in real-time over TCP, supports auto-failover in case one Syslog server goes down, and buffers in memory so doesn't require any disk I/O. My initial use case was Windows, but after seeing the response logging I think I will disable BIND query logging and just use this. He's willing to make it available to the general public if there is any interest. Cheers Mick On Sun, Jul 23, 2017 at 5:15 PM, Phil Mayers wrote: > On 23/07/2017 15:16, Mick Lee wrote: > > I have a colleague who has said he has a parts of a PCAP to BIND query log >> agent that runs on UNIX platforms, and he is happy to port that to Windows >> for me - he's actually working on it now (for a few beers :) ). >> > > dnscap basically does the same thing. No idea how easy it would be to run > under Windows. > > Absent changes to the resolving setup, I think that a capture/tap is > probably your only realistic option. > > Depending on your architecture (physical, virtual, topology) the tap could > live on another box, if all you need is to know that server A made a query > for badzone B. > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
