date:20180922

Re: how to dynamically change/update (own private) domain record

2018-09-22 Thread Mark Andrews

The update policy rules you have don’t allow the apex to be updated.  Change 
the rule types to “subdomain” and the name fields to “dom.local”. 

-- 
Mark Andrews

> On 23 Sep 2018, at 02:20, lejeczek via bind-users  
> wrote:
> 
>> On 22/09/18 17:04, Reindl Harald wrote:
>> 
>>> Am 22.09.18 um 17:53 schrieb lejeczek via bind-users:
>>> is it possible to update domain(not hosts of/in the domain) records?
>> there is nothing like "not hosts of/in the domain"
>> 
>>> Something like
>>> 
>>> domain.local A 10.1.1.100
>> which is simply an A record and not "not hosts of/in the domain"
>> 
>>> simple, right?
>>> 
>>> I'm trying nsupdate but it refuses to do above
>> what about provide informations like state of the zone file and
>> unaltered input/output of "nsupdate" given that crystal balls are out of
>> order?
>> 
>> 
> from my previous post, (different subject):
> 
> ..
> 
> I do:
> > update delete ddd.dom.local. 86400 in a 10.3.1.100
> > send
> and that works, but when I try:
> > update add dom.local. 86400 in a 10.3.1.100
> > send
> update failed: REFUSED
> 
> ..and in logs:
> client @0x7fd7a40f2e40 127.0.0.1#9489/key nsupdate_key: updating zone 
> 'dom.local/IN': update failed: rejected by secure update (REFUSED)
> 
> ..and zone:
>   zone "dom.local" IN {
> auto-dnssec maintain;
> key-directory "myZones";
> allow-query { localhost; dom.local; };
> #allow-update { key dhcpd; key nsupdate_key; };
> update-policy {
>   grant dhcpd wildcard *.dom.local. A CNAME TXT;
>   grant nsupdate_key wildcard *.dom.local. A CNAME TXT;
> };
> # below line would be for a slave/stub secondary server
> #allow-transfer { localbox; 172.25.12.203; };
> type master;
> file "myZones/dom.local.signed";
>   };
> 
> thanks, L
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: how to dynamically change/update (own private) domain record

2018-09-22 Thread lejeczek via bind-users

On 22/09/18 17:04, Reindl Harald wrote:

Am 22.09.18 um 17:53 schrieb lejeczek via bind-users:

is it possible to update domain(not hosts of/in the domain) records?

there is nothing like "not hosts of/in the domain"

Something like

domain.local A 10.1.1.100

which is simply an A record and not "not hosts of/in the domain"

simple, right?

I'm trying nsupdate but it refuses to do above

what about provide informations like state of the zone file and
unaltered input/output of "nsupdate" given that crystal balls are out of
order?

from my previous post, (different subject):

..

I do:
> update delete ddd.dom.local. 86400 in a 10.3.1.100
> send
and that works, but when I try:
> update add dom.local. 86400 in a 10.3.1.100
> send
update failed: REFUSED

..and in logs:
client @0x7fd7a40f2e40 127.0.0.1#9489/key nsupdate_key: updating zone 
'dom.local/IN': update failed: rejected by secure update (REFUSED)

..and zone:
  zone "dom.local" IN {
    auto-dnssec maintain;
    key-directory "myZones";
    allow-query { localhost; dom.local; };
    #allow-update { key dhcpd; key nsupdate_key; };
    update-policy {
  grant dhcpd wildcard *.dom.local. A CNAME TXT;
  grant nsupdate_key wildcard *.dom.local. A CNAME TXT;
    };
    # below line would be for a slave/stub secondary server
    #allow-transfer { localbox; 172.25.12.203; };
    type master;
    file "myZones/dom.local.signed";
  };

thanks, L
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: NTP through DNS?

2018-09-22 Thread Andrew Latham

chrony does today btw

   - debian/chrony-helper:
  - New helper script to make use of NTP servers obtained from DHCP and
   _ntp._udp DNS SRV records.


On Sat, Sep 22, 2018 at 8:31 AM Matus UHLAR - fantomas 
wrote:

> >>> On 9/21/2018 3:57 PM, Mauricio Tavares wrote:
>    But that is not, as Ray said, automated discovery. You are
>  asking the computer to make assumptions, i.e. "if I am in domain
>  hey.com, the ntp is ntp.hey.com." I am more on the lines of "hey
>  domain thingie. You know where a lot of your basic network resources
>  are. If you have a ntp server do you know where it is just like you
>  know where your mail, LDAP, and kerbie servers are hiding?"
>
> >> Am 21.09.18 um 22:19 schrieb Danny Mayer:
> >>> That's not what I wrote. Someone needs to maintain an SRV record. It's
> >>> not a good idea for domains to announce their NTP servers since they
> can
> >>> be abused by others not authorized to use them. We've had plenty of
> >>> abuse along those lines along with DDOS attacks. What the ntp CNAME
> >>> would do is point to a number of other servers to use and you don't
> need
> >>> to call it ntp, it's just a string.
>
> >On 9/21/2018 6:33 PM, Reindl Harald wrote:
> >> but *nobody* cares about what is a good idea when the question was
> >> simply "does ntp discovery work" where the answer is simply no
>
> On 21.09.18 21:39, Danny Mayer wrote:
> >No, that's not true. Consider what you are doing. You are substituting
> >SRV records for CNAME records. There is nothing magical here. NTP can
> >use the CNAME records. Either way the records have to be configured.
> >What do you think you are discovering? SRV records aren't magic.
>
> The OP request indicated that they wish for ntp autoconfiguration.  There
> is
> no autoconfiguration we know of, unless DHCP that was reported often not to
> work.
>
> using either CNAME or SRV records won't change the fact that ntp server
> does
> not autoconfigure itself.
>
> Neither of them also changes the fact that the NTP configuration is not
> related to domain, but to the local network.
>
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Chernobyl was an Windows 95 beta test site.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>


-- 
- Andrew "lathama" Latham -
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

how to dynamically change/update (own private) domain record

2018-09-22 Thread lejeczek via bind-users


hi guys

is it possible to update domain(not hosts of/in the domain) records?

Something like

domain.local A 10.1.1.100

simple, right?

I'm trying nsupdate but it refuses to do above.

many thanks, L.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: NTP through DNS?

2018-09-22 Thread Matus UHLAR - fantomas


On 9/21/2018 3:57 PM, Mauricio Tavares wrote:

  But that is not, as Ray said, automated discovery. You are
asking the computer to make assumptions, i.e. "if I am in domain
hey.com, the ntp is ntp.hey.com." I am more on the lines of "hey
domain thingie. You know where a lot of your basic network resources
are. If you have a ntp server do you know where it is just like you
know where your mail, LDAP, and kerbie servers are hiding?"



Am 21.09.18 um 22:19 schrieb Danny Mayer:

That's not what I wrote. Someone needs to maintain an SRV record. It's
not a good idea for domains to announce their NTP servers since they can
be abused by others not authorized to use them. We've had plenty of
abuse along those lines along with DDOS attacks. What the ntp CNAME
would do is point to a number of other servers to use and you don't need
to call it ntp, it's just a string.



On 9/21/2018 6:33 PM, Reindl Harald wrote:

but *nobody* cares about what is a good idea when the question was
simply "does ntp discovery work" where the answer is simply no


On 21.09.18 21:39, Danny Mayer wrote:

No, that's not true. Consider what you are doing. You are substituting
SRV records for CNAME records. There is nothing magical here. NTP can
use the CNAME records. Either way the records have to be configured.
What do you think you are discovering? SRV records aren't magic.


The OP request indicated that they wish for ntp autoconfiguration.  There is
no autoconfiguration we know of, unless DHCP that was reported often not to
work.

using either CNAME or SRV records won't change the fact that ntp server does
not autoconfigure itself.

Neither of them also changes the fact that the NTP configuration is not
related to domain, but to the local network.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: how to dynamically change/update (own private) domain record

Re: how to dynamically change/update (own private) domain record

Re: NTP through DNS?

how to dynamically change/update (own private) domain record

Re: NTP through DNS?

5 matches

Site Navigation

Mail list logo

Footer information