Re: Recursive Client Rate limiting in BIND applicable in forward mode
On 19.06.20 13:53, 249558254 wrote: Is the function of Recursive Client Rate limiting in BIND applicable in forward mode? yes, since forwarding is recursion. My concern is that the client request is too large, resulting in a forward in the global limit my request, such as 8.8.8.8 1. do you mean client request _rate_ is too large? 2. why forward to 8.8.8.8 ? BIND can resolve by itself, it does not to forward to 8.8.8.8 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Zone with DNAME has no NS records
Choose nameserver names that don’t end in .local. -- Mark Andrews > On 19 Jun 2020, at 21:29, Dev Op wrote: > > > Hi all! > > I have a zone, say it's "mynet.local": > > $TTL 3h ; 3 hours > $ORIGIN pluto.local. > @ IN SOA dns1 hostmaster.pluto.local. ( > 2020061901 ; serial > 1h ; refresh > 30m ; retry > 7d ; expiration > 1h ); minimum > > NS dns1 > NS dns2 > dns1 A 192.168.1.1 > dns2 A 192.168.1.2 > host1 A 192.168.1.3 > ... > > It's a big zone. Now I want to have a DNAME for that zone to make it shorten. > Say, I want every host in the local domain to be an alias of the same host in > pluto.local domain. If I want to resolve hostname host1.local DNS server must > give me an IP address of host1.pluto.local. > How to do it? > > I tried make a zone: > $TTL 3h ; 3 hours > $ORIGIN local. > @ IN SOA ns.local. root.localhost. ( > 2020061901 ; serial > 1h ; refresh > 30m ; retry > 7d ; expiration > 1h ); minimum > @ DNAME 8m.local. > > But when I start bind, I got error: > > Jun 19 09:13:38 dns1.local bash[28971]: zone local/IN: has no NS records > Jun 19 09:13:38 dns1.local bash[28971]: zone local/IN: not loaded due to > errors. > Jun 19 09:13:38 dns1.local bash[28971]: internal-view/local/IN: bad zone > > # named-checkzone local ./local.zone > zone local/IN: has no NS records > zone local/IN: not loaded due to errors. > > If I add NS servers to local zone I got this error: > > # named-checkzone local ./local.zone > zone local/IN: NS 'dns1.local' is below a DNAME 'local' (illegal) > zone local/IN: NS 'dns2.local' is below a DNAME 'local' (illegal) > zone local/IN: not loaded due to errors. > > I don't know how to solve this task. :( Help me. > > Regards, > n345v > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Zone with DNAME has no NS records
Hi all! I have a zone, say it's "mynet.local": $TTL 3h ; 3 hours $ORIGIN pluto.local. @ IN SOA dns1 hostmaster.pluto.local. ( 2020061901 ; serial 1h ; refresh 30m ; retry 7d ; expiration 1h ); minimum NS dns1 NS dns2 dns1 A 192.168.1.1 dns2 A 192.168.1.2 host1 A 192.168.1.3 ... It's a big zone. Now I want to have a DNAME for that zone to make it shorten. Say, I want every host in the local domain to be an alias of the same host in pluto.local domain. If I want to resolve hostname host1.local DNS server must give me an IP address of host1.pluto.local. How to do it? I tried make a zone: $TTL 3h ; 3 hours $ORIGIN local. @ IN SOA ns.local. root.localhost. ( 2020061901 ; serial 1h ; refresh 30m ; retry 7d ; expiration 1h ); minimum @ DNAME 8m.local. But when I start bind, I got error: Jun 19 09:13:38 dns1.local bash[28971]: zone local/IN: has no NS records Jun 19 09:13:38 dns1.local bash[28971]: zone local/IN: not loaded due to errors. Jun 19 09:13:38 dns1.local bash[28971]: internal-view/local/IN: bad zone # named-checkzone local ./local.zone zone local/IN: has no NS records zone local/IN: not loaded due to errors. If I add NS servers to local zone I got this error: # named-checkzone local ./local.zone zone local/IN: NS 'dns1.local' is below a DNAME 'local' (illegal) zone local/IN: NS 'dns2.local' is below a DNAME 'local' (illegal) zone local/IN: not loaded due to errors. I don't know how to solve this task. :( Help me. Regards, n345v ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
unexpected behaviour of rndc dnstap -roll
Hi everyone, I am generating dnstap files using bind and regularly roll them using 'rndc dnstap -roll [number]'. The way I understand the documentation is that there should be max [number] old dnstap files after executing this command but what actually happens is that all files are being kept so that I have to remove the old ones myself. This is what the documentation says: dnstap ( -reopen | -roll [number] ) ... If number is specified, then the number of backup log files is limited to that number. Am I missing something here? Is the behaviour that I'm observing the expected one? The logs don't tell me much and I couldn't find any hints about this on the Internet. Thanks for any help! Kind regards, Jakob -- SWITCH Jakob Dhondt, Security Engineer, SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 15, direct +41 44 268 16 23 jakob.dho...@switch.ch, www.switch.ch Security-News: securityblog.switch.ch ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users