Re: CNAME as an alias to a TXT record
Hi, Thank you very much for your response, much appreciated. Still not working on the servers it needs to be working on, but have reproduced your results in a test environment. On 2019-11-04 12:42 p.m., m3047 wrote: I would expect so. HECATE:~ m3047$ dig points-to-m3047.net.m3047. ; <<>> DiG 9.8.3-P1 <<>> points-to-m3047.net.m3047. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50873 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;points-to-m3047.net.m3047. IN A ;; ANSWER SECTION: POINTS-TO-M3047.NET.m3047. 600 IN CNAME M3047.NET. m3047.net. 7200 IN A 209.221.140.128 ;; AUTHORITY SECTION: m3047.net. 6334 IN NS dns1.encirca.net. m3047.net. 6334 IN NS dns2.encirca.net. ;; ADDITIONAL SECTION: dns1.encirca.net. 157334 IN A 108.166.170.106 dns2.encirca.net. 157334 IN A 64.62.200.132 ;; Query time: 69 msec ;; SERVER: 10.0.0.220#53(10.0.0.220) ;; WHEN: Mon Nov 4 12:40:17 2019 ;; MSG SIZE rcvd: 197 HECATE:~ m3047$ dig points-to-m3047.net.m3047. txt ; <<>> DiG 9.8.3-P1 <<>> points-to-m3047.net.m3047. txt ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46861 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;points-to-m3047.net.m3047. IN TXT ;; ANSWER SECTION: POINTS-TO-M3047.NET.m3047. 600 IN CNAME M3047.NET. m3047.net. 7200 IN TXT "v=spf1 ip4:209.221.140.128/31 +mx -all" ;; AUTHORITY SECTION: m3047.net. 6329 IN NS dns1.encirca.net. m3047.net. 6329 IN NS dns2.encirca.net. ;; ADDITIONAL SECTION: dns1.encirca.net. 157329 IN A 108.166.170.106 dns2.encirca.net. 157329 IN A 64.62.200.132 ;; Query time: 108 msec ;; SERVER: 10.0.0.220#53(10.0.0.220) ;; WHEN: Mon Nov 4 12:40:22 2019 ;; MSG SIZE rcvd: 232 On Mon, 4 Nov 2019, Computerisms Corporation wrote: Hi, I am wondering if it is possible to create a CNAME in one zone to resolve as a TXT record in another zone. Can't find anything that says it will work, but can't find any thing that says it won't, either. For example, I have added in the zone file for dom1: _acme-challenge CNAME _acme-challenge.dom2.com. and then in zone file for dom2: _acme-challenge TXT "thisismytextvalue" Then, and more or less as expected, the following dig command fails to return a record. dig -t TXT _acme-challenge.dom1.com Is there a way to get the dig command to return the TXT value for dom2? Or is that something that can pretty much only happen with A records? -- Bob Miller ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME as an alias to a TXT record
Am 04.11.19 um 21:38 schrieb Computerisms Corporation: > Thanks for your response. > >> no matter which record type a CNAME will match and that is the simple >> reason that you can't have A/MX records with the same name >> >> MX mail.example-com >> CNAME mail.example.com >> >> TXT whatever.example.com >> CNAME whatever.example.com > > yes, I understand that I can't have them in the same zone (ie in the > same domain name). but not trying that here. I want the CNAME for > firstdomain.com to point to a TXT record at seconddomain.com i understand that and that's what i explained you unless you don't have any conflicting stuff in one of both zones it just resolves *anything* with the name on the left side with exists on the right side, no matter what record type if it don't you have something conflicting called "_acme-challenge" in one of both zones ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can i remove @0x in my log query message, bind 9.11
Hi there, On Mon, 4 Nov 2019, Nguyen Huy Bac wrote: ... bind 9.11, have @0x in log query message. But, my statistical system dont support two log message structure at the same. So, my question is: Can and How to remove @0x in my log query message. You could do this for example by piping the log messages to a 'sed' one-liner with syslog-ng, which would avoid the need to patch every time you install a new version of bind. -- 73, Ged. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME as an alias to a TXT record
Computerisms Corporation wrote: > > yes, I understand that I can't have them in the same zone (ie in the same > domain name). but not trying that here. I want the CNAME for > firstdomain.com to point to a TXT record at seconddomain.com There aren't any gotchas here, what you are trying to do just works. There was some discussion about it on another list last month https://lists.dns-oarc.net/pipermail/dns-operations/2019-October/019272.html Tony. -- f.anthony.n.finchhttp://dotat.at/ Trafalgar: Westerly or northwesterly 4 to 6, occasionally 7 in north, perhaps gale 8 later in north. Moderate or rough in southeast, rough or very rough in northwest, occasionally high later in far northwest. Showers. Mainly good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME as an alias to a TXT record
_acme-challenge CNAME whatever.name.you.want.here. will work provided there is no other records, including other CNAMEs, at _acme-challenge. If you want more help post *actual* response unmodified. There are lots of different ways to configure servers and what may look like a error when checking isn’t anything more than a misunderstanding of how the DNS works. Mark > On 5 Nov 2019, at 07:38, Computerisms Corporation > wrote: > > Hi Reindl, > > Thanks for your response. > >> no matter which record type a CNAME will match and that is the simple >> reason that you can't have A/MX records with the same name >> MX mail.example-com >> CNAME mail.example.com >> TXT whatever.example.com >> CNAME whatever.example.com > > yes, I understand that I can't have them in the same zone (ie in the same > domain name). but not trying that here. I want the CNAME for > firstdomain.com to point to a TXT record at seconddomain.com > > > > >> in both cases you need to chose because a CNAME with the same NAME is a >> conflicting configuration which is not possible or redundant which don't >> make sense >> ___ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME as an alias to a TXT record
I would expect so. HECATE:~ m3047$ dig points-to-m3047.net.m3047. ; <<>> DiG 9.8.3-P1 <<>> points-to-m3047.net.m3047. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50873 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;points-to-m3047.net.m3047. IN A ;; ANSWER SECTION: POINTS-TO-M3047.NET.m3047. 600 IN CNAME M3047.NET. m3047.net. 7200IN A 209.221.140.128 ;; AUTHORITY SECTION: m3047.net. 6334IN NS dns1.encirca.net. m3047.net. 6334IN NS dns2.encirca.net. ;; ADDITIONAL SECTION: dns1.encirca.net. 157334 IN A 108.166.170.106 dns2.encirca.net. 157334 IN A 64.62.200.132 ;; Query time: 69 msec ;; SERVER: 10.0.0.220#53(10.0.0.220) ;; WHEN: Mon Nov 4 12:40:17 2019 ;; MSG SIZE rcvd: 197 HECATE:~ m3047$ dig points-to-m3047.net.m3047. txt ; <<>> DiG 9.8.3-P1 <<>> points-to-m3047.net.m3047. txt ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46861 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;points-to-m3047.net.m3047. IN TXT ;; ANSWER SECTION: POINTS-TO-M3047.NET.m3047. 600 IN CNAME M3047.NET. m3047.net. 7200 IN TXT "v=spf1 ip4:209.221.140.128/31 +mx -all" ;; AUTHORITY SECTION: m3047.net. 6329IN NS dns1.encirca.net. m3047.net. 6329IN NS dns2.encirca.net. ;; ADDITIONAL SECTION: dns1.encirca.net. 157329 IN A 108.166.170.106 dns2.encirca.net. 157329 IN A 64.62.200.132 ;; Query time: 108 msec ;; SERVER: 10.0.0.220#53(10.0.0.220) ;; WHEN: Mon Nov 4 12:40:22 2019 ;; MSG SIZE rcvd: 232 On Mon, 4 Nov 2019, Computerisms Corporation wrote: Hi, I am wondering if it is possible to create a CNAME in one zone to resolve as a TXT record in another zone. Can't find anything that says it will work, but can't find any thing that says it won't, either. For example, I have added in the zone file for dom1: _acme-challenge CNAME _acme-challenge.dom2.com. and then in zone file for dom2: _acme-challenge TXT "thisismytextvalue" Then, and more or less as expected, the following dig command fails to return a record. dig -t TXT _acme-challenge.dom1.com Is there a way to get the dig command to return the TXT value for dom2? Or is that something that can pretty much only happen with A records? -- Bob Miller ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME as an alias to a TXT record
Hi Reindl, Thanks for your response. no matter which record type a CNAME will match and that is the simple reason that you can't have A/MX records with the same name MX mail.example-com CNAME mail.example.com TXT whatever.example.com CNAME whatever.example.com yes, I understand that I can't have them in the same zone (ie in the same domain name). but not trying that here. I want the CNAME for firstdomain.com to point to a TXT record at seconddomain.com in both cases you need to chose because a CNAME with the same NAME is a conflicting configuration which is not possible or redundant which don't make sense ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: CNAME as an alias to a TXT record
Am 04.11.19 um 21:30 schrieb Computerisms Corporation: > I am wondering if it is possible to create a CNAME in one zone to > resolve as a TXT record in another zone. Can't find anything that says > it will work, but can't find any thing that says it won't, either. that's not how CNAMES are working no matter which record type a CNAME will match and that is the simple reason that you can't have A/MX records with the same name MX mail.example-com CNAME mail.example.com TXT whatever.example.com CNAME whatever.example.com in both cases you need to chose because a CNAME with the same NAME is a conflicting configuration which is not possible or redundant which don't make sense ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
CNAME as an alias to a TXT record
Hi, I am wondering if it is possible to create a CNAME in one zone to resolve as a TXT record in another zone. Can't find anything that says it will work, but can't find any thing that says it won't, either. For example, I have added in the zone file for dom1: _acme-challenge CNAME _acme-challenge.dom2.com. and then in zone file for dom2: _acme-challenge TXT "thisismytextvalue" Then, and more or less as expected, the following dig command fails to return a record. dig -t TXT _acme-challenge.dom1.com Is there a way to get the dig command to return the TXT value for dom2? Or is that something that can pretty much only happen with A records? -- Bob Miller Cell: 867-334-7117 Office: 867-633-3760 Office: 867-322-0362 www.computerisms.ca ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Inquiry re: DNS over HTTPS
John W. Blue wrote: > Additionally, Tony Finch back on July 11th of this year suggested: It's so nice when people do the dirty work for me :-) Tony. -- f.anthony.n.finchhttp://dotat.at/ Cromarty, Forth: Northeast 6 to gale 8, occasionally severe gale 9 at first in Forth, backing north 4 to 6. Rough or very rough becoming moderate or rough. Showers. Good, occasionally poor at first. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Inquiry re: DNS over HTTPS
Additionally, Tony Finch back on July 11th of this year suggested: To give DoH access to clients you need a proxy such as dnsdist or doh101. https://dotat.at/cgi/git/doh101.git https://dnsprivacy.org/wiki/display/DP/Using+dnsdist+for+DoT+and+DoH John From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Victoria Risk Sent: Monday, November 04, 2019 12:45 PM To: LeBlanc, Daniel James; ML BIND Users (bind-users@lists.isc.org) Subject: Re: Inquiry re: DNS over HTTPS On Nov 4, 2019, at 10:38 AM, LeBlanc, Daniel James mailto:daniel.lebl...@bellaliant.ca>> wrote: Hello All. I am interested in whether ISC BIND intends to directly support DNS over HTTPS in the near future, or whether it is expected that users will create an environment to accept the HTTPS request and convert it into a DNS query. Daniel, We do plan to develop support for both DoH and DoT (DNS over TLS) natively in BIND. Both will appear in development releases in 2020. We have a kb article that explains one way to do DoT today with stunnel https://kb.isc.org/docs/aa-01386. Vicky Risk Product Manager ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Inquiry re: DNS over HTTPS
> On Nov 4, 2019, at 10:38 AM, LeBlanc, Daniel James > wrote: > > Hello All. > > I am interested in whether ISC BIND intends to directly support DNS over > HTTPS in the near future, or whether it is expected that users will create an > environment to accept the HTTPS request and convert it into a DNS query. Daniel, We do plan to develop support for both DoH and DoT (DNS over TLS) natively in BIND. Both will appear in development releases in 2020. We have a kb article that explains one way to do DoT today with stunnel https://kb.isc.org/docs/aa-01386. Vicky Risk Product Manager ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Inquiry re: DNS over HTTPS
Hello All. I am interested in whether ISC BIND intends to directly support DNS over HTTPS in the near future, or whether it is expected that users will create an environment to accept the HTTPS request and convert it into a DNS query. Thanks! Daniel J. LeBlanc, P.Eng., MBA, DTME | Senior Network Architect | Bell Canada ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can i remove @0x in my log query message, bind 9.11
Or patch the old version instead. -- Ondřej Surý — ISC > On 4 Nov 2019, at 15:14, Alan Clegg wrote: > > On 11/4/2019 5:57 AM, Tony Finch wrote: >> Nguyen Huy Bac wrote: >>> So, my question is: Can and How to remove @0x in my >>> log query message. >> There is no convenient way. You have to apply this patch: >> diff --git a/lib/ns/client.c b/lib/ns/client.c >> index f16ece8c49..7861f12084 100644 >> --- a/lib/ns/client.c >> +++ b/lib/ns/client.c >> @@ -4066,8 +4066,8 @@ ns_client_logv(ns_client_t *client, isc_logcategory_t >> *category, >> } >> isc_log_write(ns_lctx, category, module, level, >> - "client @%p %s%s%s%s%s%s%s%s: %s", >> - client, peerbuf, sep1, signer, sep2, qname, sep3, >> + "client %s%s%s%s%s%s%s%s: %s", >> + peerbuf, sep1, signer, sep2, qname, sep3, >>sep4, viewname, msgbuf); >> } > > While this patch does what it says, it doesn't mention the fact that all > versions of BIND for the foreseeable future are going to have this additional > field (it's in all currently supported versions of BIND), so you will be MUCH > better off fixing the software that is ingesting the log file than to patch > BIND every time you upgrade. > > AlanC > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can i remove @0x in my log query message, bind 9.11
On 11/4/2019 5:57 AM, Tony Finch wrote: Nguyen Huy Bac wrote: So, my question is: Can and How to remove @0x in my log query message. There is no convenient way. You have to apply this patch: diff --git a/lib/ns/client.c b/lib/ns/client.c index f16ece8c49..7861f12084 100644 --- a/lib/ns/client.c +++ b/lib/ns/client.c @@ -4066,8 +4066,8 @@ ns_client_logv(ns_client_t *client, isc_logcategory_t *category, } isc_log_write(ns_lctx, category, module, level, - "client @%p %s%s%s%s%s%s%s%s: %s", - client, peerbuf, sep1, signer, sep2, qname, sep3, + "client %s%s%s%s%s%s%s%s: %s", + peerbuf, sep1, signer, sep2, qname, sep3, sep4, viewname, msgbuf); } While this patch does what it says, it doesn't mention the fact that all versions of BIND for the foreseeable future are going to have this additional field (it's in all currently supported versions of BIND), so you will be MUCH better off fixing the software that is ingesting the log file than to patch BIND every time you upgrade. AlanC ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can i remove @0x in my log query message, bind 9.11
Nguyen Huy Bac wrote: > So, my question is: Can and How to remove @0x in my > log query message. There is no convenient way. You have to apply this patch: diff --git a/lib/ns/client.c b/lib/ns/client.c index f16ece8c49..7861f12084 100644 --- a/lib/ns/client.c +++ b/lib/ns/client.c @@ -4066,8 +4066,8 @@ ns_client_logv(ns_client_t *client, isc_logcategory_t *category, } isc_log_write(ns_lctx, category, module, level, - "client @%p %s%s%s%s%s%s%s%s: %s", - client, peerbuf, sep1, signer, sep2, qname, sep3, + "client %s%s%s%s%s%s%s%s: %s", + peerbuf, sep1, signer, sep2, qname, sep3, sep4, viewname, msgbuf); } Tony. -- f.anthony.n.finchhttp://dotat.at/ West Forties, Cromarty, Forth: Northeasterly 6 to gale 8, occasionally 5 later. Rough or very rough. Rain or showers. Good, occasionally poor. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users