Re: About query response on a view
On Thu, Dec 10, 2015 at 08:53:52AM +, Okan Bostan wrote: > Also we will consider to separate the recursive and authoritative > servers, but separating them with views isn't a good solution? Not really, no. They serve different purposes and hence require different settings. You can munge it for a while but shouldn't for any serious use. Since you are setting up a new infrastructure, do the right thing and make them seperate. For further info try searching the archives. Unbound is also a populer choice for a resolver. -- Eray Aslan ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: About query response on a view
On Wed, Dec 09, 2015 at 09:11:28AM +, Okan Bostan wrote: > As internal view, recursion is on and we have our internal zones & > forwarders. I have no problem with internal view. Do try and separate authoritative and recursive servers in your environment. > But in our existing DNS enviroment, I get status: SERVFAIL to same > query. I am assuming status: REFUSED is the desired output. > Is this a normal behaviour ? How can I disable this Authority section > with root server NS records? Check additional-from-cache and additional-from-auth settings and consider upgrading if you are using an old version. -- Eray Aslan ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dnssec validation issue
On Thu, Jun 18, 2015 at 07:26:28PM -0700, Carl Byington wrote: > On Fri, 2015-06-19 at 11:10 +1000, Mark Andrews wrote: > > To use the keys in "/etc/named.iscdlv.key" set "dnssec-validation > > auto;" > New centos rpms at http://www.five-ten-sg.com/mapper/bind with a default > named.conf that should actually work. With the root zone and most TLDs signed, I do not think it makes sense to use DLV anymore. While a typical DNSSEC resolver configuration has DLV enabled, I personally make the effort to disable it. -- Eray ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
