Re: Query Refused problem
On Freitag 02 Oktober 2009 Mark Andrews wrote: if (set(allow-query-cache)) use allow-query-cache; else if (set(allow-recursion)) use allow-recursion; else if (set(allow-query)) use allow-query; else if (set(recursion no;)) use { none; }; else use { localnets; localhost; }; Ah, it's always an elseif. That wasn't clear to me. Easier to read C than english, am I a nerd? ;-) Maybe it's because I'm not native English, but the paragraph is very confusing. A simpler wording would surely help others as well. Thank you Mark! mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS server works but keep getting host unreachable resolving error
On Montag 21 September 2009 Shi Jin wrote: However, it looks to me like the ISP provided DNS server (216.171.238.66) was not able to resolve any of the names and all the resolving is done at the top level servers. Is my understanding correct? Try dig @216.171.238.66 hp.com to see if the .66 host answers to your queries. Maybe you got a wrong IP there? Try the same for .67, the other DNS. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: root and in-addr.arpa zone transfers
On Freitag 11 September 2009 Matus UHLAR - fantomas wrote: - it's quite useless to cache the .arpa and .in-addr.arpa since unlike other TLD's they are hierarchically organised so there won't be any valuable benefit from slaving them, only risks (see above). Every other point is OK, but I don't understand this one. They are all hierarchical, what's the difference with .in-addr.arpa? mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: root and in-addr.arpa zone transfers
On Freitag 11 September 2009 Joseph S D Yao wrote: However, as M. Bortzmeyer has said, why do this? Faster queries after a named restart. Reverse lookups faster too, good for the spam filters. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4 signature.asc Description: This is a digitally signed message part. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse delegation - refused on my DNS
Mark Andrews ma...@isc.org schrieb: You do however have a delegation mismatch. 48-28.164.69.212.in-addr.arpa. 86400 IN NS dns1.zmi.at. 48-28.164.69.212.in-addr.arpa. 86400 IN NS dns2.zmi.at. ;; Received 91 bytes from 82.98.222.6#53(dns2.serico.de) in 717 ms 48-28.164.69.212.in-addr.arpa. 3600 IN NS power4u.zmi.at. 48-28.164.69.212.in-addr.arpa. 3600 IN NS dns2.zmi.at. 48-28.164.69.212.in-addr.arpa. 3600 IN NS dns1.zmi.at. ;; Received 161 bytes from 212.69.162.197#53(dns1.zmi.at) in 999 ms Yes, the registered dns are dns[12], power4u is our old DNS which will be replaced soon, but we still have it in the config until them. Shouldn't be harmful, I hope. Thanks for checking! mfg zmi (and sorry, again sending from webmail) ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
forwarders question
We are having 2 sites at different locations now with a DNS resolver on each site. Internet speed between those two different ISPs is very fast, and the hosts to resolve will be about the same because of similar services. My idea is to use forward X; on site Y and forward Y; on site X, but, as I couldn't find it in the documents, I believe this could lead to a resolver loop between X and Y and therefore even slower resolution. Or is BIND clever enough to only ask the other server once? My tests seem to indicate it's working well, but maybe someone knows of any issues? There are 2 reasons for this: 1) performance. Having the caches hot on both sides and with a high chance one caches knows entries the other can use, it should be quick. 2) reliability. Asking only internal servers which I can control is more secure than using any ISPs DNS. They start to do the DNS mangling here in Austria also (instead NXDOMAIN they deliver their web sites A record to point to their search engine). mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4 signature.asc Description: This is a digitally signed message part. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users