Re: A simple question, please help

[Kevin Darcy]

Ken Lai wrote:

Scott Haneda wrote:
99% of the time openDNS works by just pointing some agent to their ip 
space.


That 1% of the time, openDNS tries to make DNS responses that are 
modified in a way to try to help you.


Maybe this is your issue?

Googl.com being common enough they elect to return the google.com's 
answer istead.


By default openDNS does not know how to return NXDOMAIN.

This is fine for end users. This is bad for developed and servers.

OpenDNS also does phishing URL blocking, stats, and a lot more.

If you plan on using them as a resolver you want to be accurate, you 
must disable these features. Simply create an account with open DNS, 
login, add your IP, and disable all respond modification settings.


Make sure someone elses IP has not been inherited by you with 
settings you will not want.


I used to reccomend openDNS to everone. I found a problem in their 
system many many months back. Despite a small effort to resolve it, 
they have seemingly forgot about the problem.


Maybe someone else here has recommendationd to huge robust recursive 
resolvers that do not focus on any response modification.



thanks for your replays.

but the forwarders in the zone entry seems not work for me, which has 
mentioned in the manual.


the opendns return a A: 119.167.247.147

but the other return 121.199.253.147, which i want to use

if i remove the forwarders in option, the answer is right.
Well, you haven't told us the name you're looking up, so troubleshooting 
is going to be limited to mainly speculation.


I tried doing reverse lookups on both of those addresses, but it gave me 
no insight into what you're actually trying to look up as a forward name.


Note that if you want named to use forwarders *exclusively* then you 
should specify forward only along with each forwarders definition. 
Otherwise, if the forwarders are unavailable, even if only temporarily, 
named may fall back to using iterative resolution, i.e. following the 
delegation hierarchy to get the answer, all of the way down from the 
root zone, if necessary. This may give inconsistent answers and, if 
you're relying on seeing the cooked responses from OpenDNS, 
potentially undesirable lookup results.


- Kevin

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: A simple question, please help

[Scott Haneda]

99% of the time openDNS works by just pointing some agent to their ip  
space.


That 1% of the time, openDNS tries to make DNS responses that are  
modified in a way to try to help you.


Maybe this is your issue?

Googl.com being common enough they elect to return the google.com's  
answer istead.


By default openDNS does not know how to return NXDOMAIN.

This is fine for end users. This is bad for developed and servers.

OpenDNS also does phishing URL blocking, stats, and a lot more.

If you plan on using them as a resolver  you want to be accurate, you  
must disable these features. Simply create an account with open DNS,  
login, add your IP, and disable all respond modification settings.


Make sure someone elses IP has not been inherited by you with settings  
you will not want.


I used to reccomend openDNS to everone. I found a problem in their  
system many many months back. Despite a small effort to resolve it,  
they have seemingly forgot about the problem.


Maybe someone else here has recommendationd to huge robust recursive  
resolvers that do not focus on any response modification.


--
Scott
Iphone says hello.

On Jul 18, 2009, at 11:52 PM, Ken Lai soulhacker...@gmail.com wrote:


my bind server have a default option

forwarders { 208.67.222.222; 208.67.220.220; };

to send all query to OpenDNS.

but some answer could not access, while a answer can which solved by  
another server


i put these in the config:

zone x.com {
type forward;
forwarders { x.x.x.x; };
};

but this not work.

how can i make this happen.
THANKS.

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users