Re: Query Refused problem

2009-10-02 Thread Michael Monnerie 
On Freitag 02 Oktober 2009 Mark Andrews wrote:
 if (set(allow-query-cache))
 use allow-query-cache;
 else if (set(allow-recursion))
 use allow-recursion;
 else if (set(allow-query))
 use allow-query;
 else if (set(recursion no;))
 use { none; };
 else
 use { localnets; localhost; };

Ah, it's always an elseif. That wasn't clear to me. Easier to read C 
than english, am I a nerd? ;-)
Maybe it's because I'm not native English, but the paragraph is very 
confusing. A simpler wording would surely help others as well.

Thank you Mark!

mfg zmi
-- 
// Michael Monnerie, Ing.BSc-  http://it-management.at
// Tel: 0660 / 415 65 31  .network.your.ideas.
// PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import
// Fingerprint: AC19 F9D5 36ED CD8A EF38  500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net  Key-ID: 1C1209B4

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS server works but keep getting host unreachable resolving error

2009-09-21 Thread Michael Monnerie 
On Montag 21 September 2009 Shi Jin wrote:
 However, it looks to me like the ISP provided DNS server
 (216.171.238.66) was not able to resolve any of the names and all the
 resolving is done at the top level servers. Is my understanding
 correct?

Try
dig @216.171.238.66 hp.com
to see if the .66 host answers to your queries. Maybe you got a wrong IP 
there? Try the same for .67, the other DNS.

mfg zmi
-- 
// Michael Monnerie, Ing.BSc-  http://it-management.at
// Tel: 0660 / 415 65 31  .network.your.ideas.
// PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import
// Fingerprint: AC19 F9D5 36ED CD8A EF38  500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net  Key-ID: 1C1209B4

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: root and in-addr.arpa zone transfers

2009-09-12 Thread Michael Monnerie 
On Freitag 11 September 2009 Matus UHLAR - fantomas wrote:
 - it's quite useless to cache the .arpa and .in-addr.arpa since
 unlike other TLD's they are hierarchically organised so there won't
 be any valuable benefit from slaving them, only risks (see above).

Every other point is OK, but I don't understand this one. They are all 
hierarchical, what's the difference with .in-addr.arpa?

mfg zmi
-- 
// Michael Monnerie, Ing.BSc-  http://it-management.at
// Tel: 0660 / 415 65 31  .network.your.ideas.
// PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import
// Fingerprint: AC19 F9D5 36ED CD8A EF38  500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net  Key-ID: 1C1209B4

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: root and in-addr.arpa zone transfers

2009-09-10 Thread Michael Monnerie 
On Freitag 11 September 2009 Joseph S D Yao wrote:
 However, as M. Bortzmeyer has said, why do this?

Faster queries after a named restart. Reverse lookups faster too, good 
for the spam filters.

mfg zmi
-- 
// Michael Monnerie, Ing.BSc-  http://it-management.at
// Tel: 0660 / 415 65 31  .network.your.ideas.
// PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import
// Fingerprint: AC19 F9D5 36ED CD8A EF38  500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net  Key-ID: 1C1209B4



signature.asc
Description: This is a digitally signed message part.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Reverse delegation - refused on my DNS

2009-08-22 Thread Michael Monnerie 
Mark Andrews ma...@isc.org schrieb:
 You do however have a delegation mismatch.
 
 48-28.164.69.212.in-addr.arpa. 86400 IN NS  dns1.zmi.at.
 48-28.164.69.212.in-addr.arpa. 86400 IN NS  dns2.zmi.at.
 ;; Received 91 bytes from 82.98.222.6#53(dns2.serico.de) in 717 ms
 
 48-28.164.69.212.in-addr.arpa. 3600 IN  NS  power4u.zmi.at.
 48-28.164.69.212.in-addr.arpa. 3600 IN  NS  dns2.zmi.at.
 48-28.164.69.212.in-addr.arpa. 3600 IN  NS  dns1.zmi.at.
 ;; Received 161 bytes from 212.69.162.197#53(dns1.zmi.at) in 999 ms

Yes, the registered dns are dns[12], power4u is our old DNS which will be
replaced soon, but we still have it in the config until them. Shouldn't be
harmful, I hope.

Thanks for checking!

mfg zmi

(and sorry, again sending from webmail)


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

forwarders question

2009-08-10 Thread Michael Monnerie 
We are having 2 sites at different locations now with a DNS resolver on 
each site. Internet speed between those two different ISPs is very fast, 
and the hosts to resolve will be about the same because of similar 
services.

My idea is to use 
forward X; 
on site Y and 
forward Y;
on site X, but, as I couldn't find it in the documents, I believe this 
could lead to a resolver loop between X and Y and therefore even slower 
resolution. Or is BIND clever enough to only ask the other server once?

My tests seem to indicate it's working well, but maybe someone knows of 
any issues?

There are 2 reasons for this:
1) performance. Having the caches hot on both sides and with a high 
chance one caches knows entries the other can use, it should be quick.
2) reliability. Asking only internal servers which I can control is more 
secure than using any ISPs DNS. They start to do the DNS mangling here 
in Austria also (instead NXDOMAIN they deliver their web sites A record 
to point to their search engine).

mfg zmi
-- 
// Michael Monnerie, Ing.BSc-  http://it-management.at
// Tel: 0660 / 415 65 31  .network.your.ideas.
// PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import
// Fingerprint: AC19 F9D5 36ED CD8A EF38  500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net  Key-ID: 1C1209B4




signature.asc
Description: This is a digitally signed message part.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users