Re: UAE punycode in zone
On 09/05/2010 19:31, Warren Kumari wrote: > I am *so* not an IDN person (although I did follow the IDNA WG for a > while), but I *believe* that the process is just to convert the native > UTF8 representation (تامايدوجان.سى) to punycode > (xn--mgbaajmr6mmaps.xn--ygb8b). There are a bunch of tools that will do > this for you, I suspect that just using something like: > http://mct.verisign-grs.com/conversiontool/convertServlet?input=تامايدوجان.سى&type=UTF8 > is easiest. > > Now that you have the punycode representation, you just treat it like > any other domain (create a zone file called > xn--mgbaajmr6mmaps.xn--ygb8b, set $ORIGIN xn--mgbaajmr6mmaps.xn--ygb8b., > etc). I sent a requests to isc for a new option in dig, enabled by default:- +[no]idn automatically convert input to IDN So entering:- dig تامايدوجان.سى would give you the result as if you had entered:- dig xn--mgbaajmr6mmaps.xn--ygb8b ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how to read and answer to this mailing list
On 30/03/2010 23:43, Markus Feldmann wrote: > normally i am using the gmane mailing list server to post and read mails > from mailing lists, but this mailing list doesn't appear in gmane. The group you are looking for is gmane.network.dns.bind.user. Posted through gmane. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISC website down
It is back now. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
ISC website down
It is sod's law that just when I need to look up the email address to report a bug, currently the website is showing:- Unable to connect to database server [..] The MySQL error was: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2). [..] ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Forwarding updates between views
On 23/11/09 18:05, Chris Buxton wrote: > The internal-in view should have some log entry of the forwarded update. I'm > not sure what category or severity level that would be, though. I could not find it in either the query log or the update log. Bug? > Of course, if you were to start using signed updates (either TSIG or > GSS-TSIG), you would know what key was used. The purpose is to provide a free ipv6-only playground that anyone may use. Normal updates from external clients are logged as intended. Feel free to add, modify or remove records under dyn.ipv6.chaz6.com. When security is required I do of course use keys! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: nsupdate.exe and IPv6
On 23/11/09 11:15, Cathy Almond wrote: > Chris - thanks for this - we've picked it up and made a bug report > ourselves. But for future reference, our BIND mailing addresses are > summarised here: > > https://www.isc.org/software/bind/news > > Cathy Thanks Cathy! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
nsupdate.exe and IPv6
Hi It seems nsupdate.exe in 9.6.1-P1 does not properly locate IPv6 nameservers. C:\Temp\bind-9.6.1-P1>dig +short ns-v6-1.chaz6.com. in 2001:16d8:dd22:38::2 2001:16d8:ee0f:38::2 C:\Temp\bind-9.6.1-P1>nsupdate > server 2001:16d8:dd22:38::2 > update add localhost.dyn.ipv6.chaz6.com. 7200 IN :: > > quit C:\Temp\bind-9.6.1-P1>nsupdate > update delete localhost.dyn.ipv6.chaz6.com. > couldn't get address for 'ns-v6-1.chaz6.com': not found The same works fine from Linux:- $ rpmquery --whatprovides `which nsupdate` bind-utils-9.6.1P1-4.1.i586 $ nsupdate > update add localhost.dyn.ipv6.chaz6.com. 7200 IN ::1 > > update delete localhost.dyn.ipv6.chaz6.com. > > quit Regards, Chris P.S. Is there a proper bug reporting address? I could not find it on the website. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Forwarding updates between views
On 22/11/09 21:01, Chris Buxton wrote: Change the zone from type forward to type slave, and add allow-update-forwarding. zone "dyn.example.com." { type slave; masters { ::1; }; allow-update-forwarding { local-networks; }; }; Then in the external-in view, change allow-update to: allow-update { ::1; }; Great, works like a charm... but... the update log only records ::1 as the source and not the original address. Is it possible to keep that? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Forwarding updates between views
Hi I have a zone "example.com" configured in two views, internal-in and external-in. I have a dynamic zone "dyn.example.com" configured only as an external zone. Internal clients can lookup hosts in dyn.example.com, but cannot update ("not authorised") as the updates are matched by the zone internal-in and not forwarded. Is it possible for bind to forward the updates from the internal-in zone to the external-in zone? I want to avoid having to have 2 dynamic zones (faq node/291) for simplicity of configuration. The configuration is like so (note local-networks does /not/ include ::1 to allow recursive queries from internal-in to external-in):- view "internal-in" IN { match-clients { local-networks; }; allow-recursion { local-networks; }; forwarders { ::1; }; zone "example.com." { type master; file "master/example.com.internal.zone"; }; zone "dyn.example.com." { type forward; forward only; forwarders { ::1; }; }; }; view "external-in" IN { match-clients { any; }; zone "example.com." { type master; file "master/example.com.zone"; }; zone "dyn.example.com." { type master; file "master/dyn.example.com.zone"; allow-update { local-networks; }; }; }; Regards, Chris ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse DNS Dig returning PTR results only with trace option
On 10/11/09 18:25, Raj Adhikari wrote: Now I can do a dig for an hour or so. But again I run into same problem. It wont return PTR record unless I explicitly do dig on ns1.cyzap.net. Also, the last did showing ns1.cyzap.net as Authority NS for this IP. But trace showing ns1.moneytreesystems.com as final sender. Could someone shed a light on this? 254.63.in-addr.arpa.86400 IN NS NS3.MCLEODUSA.NET. 254.63.in-addr.arpa.86400 IN NS NS1.MCLEODUSA.NET. 254.63.in-addr.arpa.86400 IN NS NS2.MCLEODUSA.NET. ;; Received 112 bytes from 192.42.93.32#53(y.arin.net) in 173 ms 228.134.254.63.in-addr.arpa. 7200 INNS ns1.cyzap.net. 228.134.254.63.in-addr.arpa. 7200 INNS ns2.cyzap.net. ;; Received 90 bytes from 209.253.113.19#53(NS3.MCLEODUSA.NET) in 159 ms 228.134.254.63.in-addr.arpa. 3600 INNS ns2.moneytreesystems.com. 228.134.254.63.in-addr.arpa. 3600 INNS ns1.moneytreesystems.com. ;; BAD (HORIZONTAL) REFERRAL ;; Received 160 bytes from 64.253.181.53#53(ns2.cyzap.net) in 167 ms You should not chain a delegation in this manner. Either make the servers ns1.cyzap.net. and ns2.cyzap.net. authoritative for 228.134.254.63.in-addr.arpa. or have your ISP change the NS records to point directly to ns1.moneytreesystems.com. and ns2.moneytreesystems.com. The cyzap servers do not respond with the authority bit set ("aa" in dig). Regards, Chris ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to upgrade
On 23/08/09 08:23, sasa sasa wrote: Hi List, I want to know how to upgrade from BIND 9.4.2 to latest version? Thanks. Blue Blue Please see the following url for obtaining BIND:- https://www.isc.org/software/bind/getting You should have the least trouble upgrading to 9.4.3-P3 however the latest version is 9.6.1-P1. If you rely on a package mechanism you will need to contact the repository maintainer. Regards, Chris ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: FW: Delegating reverse DNS to a customer
On 18/08/09 20:32, Kevin Darcy wrote: No, you can't do a "sideways" delegation like that. The correct solution, as stated elsewhere, is to get 251.250.63.in-addr.arpa delegated directly from ARIN to the customer. Strictly speaking it is legal to use DNAME at the apex of a zone since DNAME only redirects descendant domains. For example:- 251.250.63.in-addr.arpa. IN DNAME rev.cust.example.com. And in the customer's zone:- 1.rev.cust.example.com. IN PTR ip63-250-251-1.cust.example.com. ip63-250-251-1.cust.example.com. IN A 63.250.251.1 I do not disagree that in arin region swip is the way to go. Just showing that there is MTOWTDI! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Delegating reverse DNS to a customer
On 18/08/09 15:55, Ben Bridges wrote: Since the CIDR block you have been allocated containing 63.250.251.0/24 is smaller than a /16, ARIN is delegating authority for the IN-ADDR.ARPA zones for each of your /24's directly to your dns servers. In order for your customer's dns servers to be authoritative for 251.250.63.IN-ADDR.ARPA, you're going to have to have ARIN delegate the zone to your customer's servers. If you have not already SWIP'ed the /24 to your customer, then you'll want to do so using the detailed reassignment template (https://www.arin.net/resources/templates/reassign-detailed.txt, I think). If you have already SWIP'ed the space to them, then you'll need to submit the net-mod template (https://www.arin.net/resources/templates/netmod.txt, I think) for the /24. (Note: I'm not the person who submits SWIP templates in our organization, so I might be wrong about the particular templates to use. But the principle is still valid. It's the SWIP information filed with ARIN that determines what dns servers are authoritative for the in-addr.arpa zones for your /24's.) Ben Alternatively it is possible to delegate it using the CNAME trick used for sub-/24 allocations, which will require 256 dns records that can be made using $GENERATE. For example:- $TTL 86400 $GENERATE 0-255 $ IN CNAME $.0-255.251.250.63.in-addr.arpa. 0-255.251.250.63.in-addr.arpa. IN NS ns1.emns.com. 0-255.251.250.63.in-addr.arpa. IN NS ns2.emns.com. 0-255.251.250.63.in-addr.arpa. IN NS ns3.emns.com. 0-255.251.250.63.in-addr.arpa. IN NS ns4.emns.com. Then the customer will need to configure the zone 0-255.251.250.63.in-addr.arpa. as if it were 251.250.63.in-addr.arpa. Regards, Chris ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: PTR not working...
Here I get a bad referral: 25.70.in-addr.arpa. 86400 IN NS TOROON63NSZP05.SRVR.BELL.CA. 25.70.in-addr.arpa. 86400 IN NS TOROONDCNSZS05.SRVR.BELL.CA. ;; Received 113 bytes from 192.35.51.32#53(dill.arin.net) in 173 ms . 360 IN NS D.ROOT-SERVERS.NET. . 360 IN NS E.ROOT-SERVERS.NET. . 360 IN NS F.ROOT-SERVERS.NET. . 360 IN NS G.ROOT-SERVERS.NET. . 360 IN NS H.ROOT-SERVERS.NET. . 360 IN NS I.ROOT-SERVERS.NET. . 360 IN NS J.ROOT-SERVERS.NET. . 360 IN NS K.ROOT-SERVERS.NET. . 360 IN NS L.ROOT-SERVERS.NET. . 360 IN NS M.ROOT-SERVERS.NET. . 360 IN NS A.ROOT-SERVERS.NET. . 360 IN NS B.ROOT-SERVERS.NET. . 360 IN NS C.ROOT-SERVERS.NET. ;; BAD REFERRAL ;; Received 498 bytes from 207.236.176.21#53(TOROONDCNSZS05.SRVR.BELL.CA) in 147 ms ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Binding on addresses
Hi After changing configuration from "listen-on-v6 { any; };" to using specific addresses, I observed the following in the log after issuing `rndc reload` (times are CEST):- 29-Jul-2009 04:44:22.893 network: error: binding TCP socket: address in use 29-Jul-2009 04:44:22.893 network: error: binding TCP socket: address in use 29-Jul-2009 04:44:22.893 network: info: no longer listening on ::#53 29-Jul-2009 04:44:22.965 general: info: reloading configuration succeeded 29-Jul-2009 04:44:23.031 general: info: reloading zones succeeded 29-Jul-2009 05:19:10.179 general: info: received control channel command 'reload' 29-Jul-2009 05:19:10.180 general: info: loading configuration from '/usr/local/bind/9.6.1-P1/etc/named.conf' 29-Jul-2009 05:19:10.182 general: info: using default UDP/IPv4 port range: [1024, 65535] 29-Jul-2009 05:19:10.182 general: info: using default UDP/IPv6 port range: [1024, 65535] 29-Jul-2009 05:19:10.194 general: info: reloading configuration succeeded 29-Jul-2009 05:19:10.194 general: info: reloading zones succeeded After the reload, BIND no longer listened on tcp sockets, but udp sockets worked ok. After restarting named, it was listening on tcp sockets once more. Based on the log it looks like it is trying to bind to the address-specific tcp sockets before releasing tcp [::]:53. BIND is 9.6.1-P1 on Linux x86. Regards, Chris ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: IPv6 hostname resolution not working
On 16/07/09 09:13, Karl Auer wrote: Windows XP cannot resolve over IPv6. It can use IPv6 addresses, but must make its DNS queries and receive its DNS responses via IPv4 transport. Sad but true. XP boxes must resolve via IPv4. As a stop-gap you can install a dns resolver (BIND, Unbound, GbDns, etc) locally and configure the dns server as 127.0.0.1. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Classless not working
On 09/07/09 14:13, Ivan Dallaserra wrote: Thanks a lot. So this zone don't work because of missing delegation. My ISP is inserting the delegation. How can I check it? Simple nslookup 193.206.22.134 on my DNS server and it has to work or I can do furthemore check? Regards, Ivan Hi Ivan It is working now, so the delegation has been completed. You can check using `dig +trace 134.22.206.193.in-addr.arpa. in ptr` Regards, Chris ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Classless not working
On 09/07/09 11:59, Ivan Dallaserra wrote: Hi, I have a problem with my DNS server configured as RFC2317 stated. The reverse of the zone "128/28.22.206.193.IN-ADDR.ARPA" is not working, when I try to resolve it doesn't work: Hi Ivan It appears that the parent zone has not yet been updated to include the delegation. If it is not done within 48 hours you need to contact your provider. Regards, Chris ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS Maintenance
On 08/07/09 15:46, Alans wrote: Hi, Can someone tell me how webhosting providers or ISPs do maintenance on their DNSs? I mean, can they take it offline? What is the procedure usually? Hi You can use a load balancer in front of your DNS servers, and remove the host from the pool when maintenance is needed. Another approach is to run your servers as virtual machines. With a platform like VMware you can move the guest from host to host without disruption using vmotion, which allows maintenance to be performed on the host. However, this will not help if you need to do a software or kernel upgrade on the guest. Regards, Chris Hills ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuration for "hostname.bind."
On 15/06/09 11:29, Andrey G. Sergeev (AKA Andris) wrote: There is no need for _any_ patch to use the built-in functionality. The patch makes queries for "id.server. ch txt" report the value set by the version option /by default/ without any additional configuration. Regards, Chris ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuration for "hostname.bind."
On 13/06/09 16:23, Andrey G. Sergeev (AKA Andris) wrote: Also, is it possible to configure BIND to respond on version.server. chaos txt and id.server. chaos txt in the same manner as version.bind. and hostname.bind. (i.e. automatically without requiring a separate zone file)? options { server-id "any_text"; }; This worked for id.server. but not version.server. The attached patch fixes this. Regards, Chris --- bind-9.6.1/bin/named/config.c.old 2009-06-14 11:18:18.514211338 +0200 +++ bind-9.6.1/bin/named/config.c 2009-06-14 11:41:48.984072797 +0200 @@ -217,6 +217,10 @@ type master;\n\ database \"_builtin id\";\n\ };\n\ + zone \"version.server\" chaos {\n\ + type master;\n\ + database \"_builtin version\";\n\ + };\n\ };\n\ "; ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuration for "hostname.bind."
On 13/06/09 16:23, Andrey G. Sergeev (AKA Andris) wrote: Greetings, Sat, 13 Jun 2009 11:08:53 +0200 Chris Hills wrote: One can change the response to "version.bind. chaos txt" using the configuration directive "version". Is there an equivalent configuration directive for "hostname.bind. chaos txt"? Sure: options { hostname "any_text"; }; Also, is it possible to configure BIND to respond on version.server. chaos txt and id.server. chaos txt in the same manner as version.bind. and hostname.bind. (i.e. automatically without requiring a separate zone file)? options { server-id "any_text"; }; Thanks for the tips! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuration for "hostname.bind."
On 13/06/09 11:39, Chris Hills wrote: /etc/named.conf:160: zone 'bind': class 'CHAOS' does not match view/default class /etc/named.conf:165: zone 'server': class 'CHAOS' does not match view/default class I resolved this by switching to a view configuration, i.e.:- view "external-chaos" chaos { match-clients { any; }; zone "bind."{ type master; file "master/bind.zone"; }; zone "server."{ type master; file "master/server.zone"; }; }; view "external-in" in { match-clients { any; }; [zones] }; ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuration for "hostname.bind."
On 13/06/09 11:08, Chris Hills wrote: Hi One can change the response to "version.bind. chaos txt" using the configuration directive "version". Is there an equivalent configuration directive for "hostname.bind. chaos txt"? Also, is it possible to configure BIND to respond on version.server. chaos txt and id.server. chaos txt in the same manner as version.bind. and hostname.bind. (i.e. automatically without requiring a separate zone file)? Regards, Chris Hills To satisfy my curiosity I tried to specify the zones manually, using the following in named.conf:- zone "bind" CHAOS { type master; file "master/bind.zone"; }; zone "server" CHAOS { type master; file "master/server.zone"; }; However, named-checkconf said:- /etc/named.conf:160: zone 'bind': class 'CHAOS' does not match view/default class /etc/named.conf:165: zone 'server': class 'CHAOS' does not match view/default class I could not find any reference to this message. As far as I can tell from the documentation, this should work! I am running 9.6.1 if that helps. Regards, Chris ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Configuration for "hostname.bind."
Hi One can change the response to "version.bind. chaos txt" using the configuration directive "version". Is there an equivalent configuration directive for "hostname.bind. chaos txt"? Also, is it possible to configure BIND to respond on version.server. chaos txt and id.server. chaos txt in the same manner as version.bind. and hostname.bind. (i.e. automatically without requiring a separate zone file)? Regards, Chris Hills ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISC libbind 6.0rc1 is now available
Evan Hunt wrote: ISC libbind 6.0rc1 can be downloaded from ftp://ftp.isc.org/isc/bind9/9.5.0-P1/bind-9.5.0-P1.tar.gz ftp://ftp.isc.org/isc/libbind/6.0rc1/libbind-6.0rc1.tar.gz The PGP signature of the distribution is at ftp://ftp.isc.org/isc/bind9/9.5.0-P1/bind-9.5.0-P1.tar.gz.asc ftp://ftp.isc.org/isc/bind9/9.5.0-P1/bind-9.5.0-P1.tar.gz.sha256.asc ftp://ftp.isc.org/isc/bind9/9.5.0-P1/bind-9.5.0-P1.tar.gz.sha512.asc ftp://ftp.isc.org/isc/libbind/6.0rc1/libbind-6.0rc1.tar.gz.asc ftp://ftp.isc.org/isc/libbind/6.0rc1/libbind-6.0rc1.tar.gz.sha256.asc ftp://ftp.isc.org/isc/libbind/6.0rc1/libbind-6.0rc1.tar.gz.sha512.asc FTFY :-) Regards, Chris Hills ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Pruning the reverse zone tree
Chris Thompson wrote: I would welcome feedback on http://people.pwf.cam.ac.uk/cet1/prune-reverse-zones which describes a scheme we are experimenting with for reverse lookup. (Executive summary: take RFC 2317 and carry the ideas to their [possibly] logical conclusion.) It's not BIND-specific, so I'll leave it at that for the moment. I use DNAMES to do this with zones in ip6.arpa. Personally I would like to see the upstream support it directly as it would make delegation a lot simpler. I am glad I am not the only one who likes this idea. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: where is libbind???
Mark Andrews wrote: The release announcement for libbind-6.0b1 should be out shortly. The whole process took a bit longer than we were expecting. We were trying to get libbind out before BIND 9.6.0 got out. Mark Mark I would like to request that libbind install a pkg-config file (perhaps $prefix/lib/pkgconfig/libbind.pc). Regards, Chris Hills ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"
Perhaps one day MX records can be deprecated entirely in favor of SRV. Jabber got it right, and it would solve the e-mail server autodiscovery problem for clients in a generic non-proprietary manner. For example:- _smtp-server._tcp for servers, _smtp-client._tcp for clients. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users