subject:"Clarification"

Re: CAA iodef clarification

2020-05-14 Thread Tony Finch

rams  wrote:
>
> On the CAA record iodef filed, do we force this to be unique or can it
> match a CNAME?

The specification says the iodef field contains a URL so normal URL
resolution applies.

https://tools.ietf.org/html/rfc8659#section-4.4

Questions about CNAMEs are at the wrong layer. HTTP URLs can refer to
CNAMEs; email addresses only use CNAMEs if you like tackling
interoperability problems dating from the 1980s.

Tony.
-- 
f.anthony.n.finchhttp://dotat.at/
South Utsire, Forties, Cromarty: Westerly 4 to 6, increasing 7 at times in
north Forties and South Utsire. Slight or moderate in west Cromarty, otherwise
moderate occasionally rough. Showers. Mainly good.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software through paid support subscriptions. 
Please consider subscribing.

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

CAA iodef clarification

2020-05-12 Thread rams

Hi

On the CAA record iodef filed, do we force this to be unique or can it
match a CNAME?


Thanks,

Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Release Strategy Clarification

2018-04-28 Thread Matthew Pounsett

On 26 April 2018 at 13:42, Victoria Risk  wrote:

>
>
> You have correctly interpreted the chart in the blog post, but you don’t
> have to update in January, just when there is a bug you need a fix for.  If
> that bug is a security bug, the red block means, we will issue a security
> patch even though we are no longer issuing regular maintenance on that
> branch. So, effectively there is a quarter, 3 months, of overlap.
>
> Thanks for the clarification, Vicky.   It sounds like ISC and I have
different definitions of "no longer supported." :)Perhaps I could
suggest that the descriptive text for that stage be updated to indicate
that there is limited support (for security related bugs) during that stage.

Matt
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Release Strategy Clarification

2018-04-26 Thread Victoria Risk

> On Apr 26, 2018, at 5:53 AM, Matthew Pounsett  wrote:
> 
> This is a question for ISC about the new BIND release plan which I thought 
> might be a useful clarification for others as well.
> 
> I didn't notice this when the new plan was first presented in March, but the 
> key text in the legend of the Example Release Plan[0] for the red blocks is 
> "a release that is no longer supported."  This implies that 9.12 will go from 
> being the most recent supported stable version of BIND to unsupported 
> literally overnight.  It doesn't appear there is a period where 9.12 and 9.14 
> are both supported, as 9.12 approaches end of life.
> 
> Is this an oversight, where the legend text needs updating to "a release that 
> is approaching end of life," or do we really all have to plan to do our 
> upgrades on January 1st every year?

Hi Matt,

You have correctly interpreted the chart in the blog post, but you don’t have 
to update in January, just when there is a bug you need a fix for.  If that bug 
is a security bug, the red block means, we will issue a security patch even 
though we are no longer issuing regular maintenance on that branch. So, 
effectively there is a quarter, 3 months, of overlap.

We want to do much more frequent releases, with new branches every year. We 
can’t create more branches AND support all of them for years like we used to. 
We believe that if the delta from one version to another is smaller, because 
the releases are closer together, then if you are say, running 9.12.3, and you 
want a bug fix, and we put that bug fix into 9.14.0, that will not be a big 
leap to upgrade to that.

Not everyone wants to update every year though, and that is why we also have 
the Extended Support Version. We are committed to supporting 9.11.x through the 
end of 2021. That will allow people to stay on that branch for something like 5 
years, which seems like plenty.  

It is true that you have to make a choice about whether to hang out with the 
ESV or follow the annual stable releases.

Vicky

> 
> Thanks,
>Matt
> 
> 
> [0]: <https://www.isc.org/blogs/bind-release-strategy-updated/ 
> <https://www.isc.org/blogs/bind-release-strategy-updated/>>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

Victoria Risk
Product Manager
Internet Systems Consortium
vi...@isc.org

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Release Strategy Clarification

2018-04-26 Thread Matthew Pounsett

This is a question for ISC about the new BIND release plan which I thought
might be a useful clarification for others as well.

I didn't notice this when the new plan was first presented in March, but
the key text in the legend of the Example Release Plan[0] for the red
blocks is "a release that is no longer supported."  This implies that 9.12
will go from being the most recent supported stable version of BIND to
unsupported literally overnight.  It doesn't appear there is a period where
9.12 and 9.14 are both supported, as 9.12 approaches end of life.

Is this an oversight, where the legend text needs updating to "a release
that is approaching end of life," or do we really all have to plan to do
our upgrades on January 1st every year?

Thanks,
   Matt


[0]: <https://www.isc.org/blogs/bind-release-strategy-updated/>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: GSS-TSIG update-policy clarification

2018-03-23 Thread Darcy Kevin (FCA)

Why are you letting the clients register their own addresses in DNS in the 
first place? If you want a higher level of control, move the DDNS 
responsibility to the DHCP server.


- Kevin


-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of 
Nicholas Miller
Sent: Friday, March 23, 2018 4:16 PM
To: bind-users@lists.isc.org
Subject: Re: GSS-TSIG update-policy clarification

Thats well and good for an organization that controls ALL of the end points. In 
a university that isn’t possible. 
_
Nicholas Miller, OIT, University of Colorado at Boulder

> On Mar 23, 2018, at 2:04 PM, Mark Andrews  wrote:
> 
> If you don’t want 6to4 addresses stop the machine configuring them. 
> 
> Not everything should be done at the DNS level.
> --
> Mark Andrews
> 
>> On 24 Mar 2018, at 01:07, Nicholas Miller  
>> wrote:
>> 
>> As a followup, is there a way to stop Windows systems from adding their 
>> 6-to-4  record? I see little point in adding these records to a domain.
>> _
>> Nicholas Miller, OIT, University of Colorado at Boulder
>> 
>>> On Mar 22, 2018, at 12:13 PM, Mark Andrews  wrote:
>>> 
>>> This was noted in the release notes and in CHANGES.
>>> 
>>> 4885.   [security]  update-policy rules that otherwise ignore the name
>>>  field now require that it be set to "." to ensure
>>>  that any type list present is properly interpreted.
>>>  [RT #47126]
>>> 
>>> krb5-subdomain gets the permitted names from the Kerberos credential 
>>> name (host/machine@REALM).
>>> 
>>>> On 23 Mar 2018, at 2:50 am, Nicholas Miller  
>>>> wrote:
>>>> 
>>>> With the latest update to bind our named.conf started reporting errors. I 
>>>> have figured it out but wanted to get clarification about the syntax.
>>>> 
>>>> We had been using:
>>>> 
>>>>   deny DOMAIN.EDU krb5-subdomain DOMAIN.EDU CNAME MX SRV TXT;
>>>> 
>>>> We are now using:
>>>> 
>>>>   deny DOMAIN.EDU krb5-subdomain . CNAME MX SRV TXT;
>>>> 
>>>> Am I to assume that the ‘.’ in the config statement behaves similarly to 
>>>> the ‘.’ in a zone file? It refers back to the zone the update-policy is 
>>>> defining?
>>>> 
>>>> Also, what is the difference between using a ‘.’ and a ‘*’? They both 
>>>> refer to all records within the zone.:
>>>> 
>>>>   deny DOMAIN.EDU krb5-subdomain * MX SRV TXT;
>>>> 
>>>> _
>>>> Nicholas Miller, OIT, University of Colorado at Boulder
>>>> 
>>>> ___
>>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
>>>> unsubscribe from this list
>>>> 
>>>> bind-users mailing list
>>>> bind-users@lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/bind-users
>>> 
>>> --
>>> Mark Andrews, ISC
>>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>>> PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org
>>> 
>> 
> 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: GSS-TSIG update-policy clarification

2018-03-23 Thread Nicholas Miller

Thats well and good for an organization that controls ALL of the end points. In 
a university that isn’t possible. 
_
Nicholas Miller, OIT, University of Colorado at Boulder

> On Mar 23, 2018, at 2:04 PM, Mark Andrews  wrote:
> 
> If you don’t want 6to4 addresses stop the machine configuring them. 
> 
> Not everything should be done at the DNS level.
> -- 
> Mark Andrews
> 
>> On 24 Mar 2018, at 01:07, Nicholas Miller  
>> wrote:
>> 
>> As a followup, is there a way to stop Windows systems from adding their 
>> 6-to-4  record? I see little point in adding these records to a domain.
>> _
>> Nicholas Miller, OIT, University of Colorado at Boulder
>> 
>>> On Mar 22, 2018, at 12:13 PM, Mark Andrews  wrote:
>>> 
>>> This was noted in the release notes and in CHANGES.
>>> 
>>> 4885.   [security]  update-policy rules that otherwise ignore the name
>>>  field now require that it be set to "." to ensure
>>>  that any type list present is properly interpreted.
>>>  [RT #47126]
>>> 
>>> krb5-subdomain gets the permitted names from the Kerberos credential name
>>> (host/machine@REALM).
>>> 
>>>> On 23 Mar 2018, at 2:50 am, Nicholas Miller  
>>>> wrote:
>>>> 
>>>> With the latest update to bind our named.conf started reporting errors. I 
>>>> have figured it out but wanted to get clarification about the syntax.
>>>> 
>>>> We had been using:
>>>> 
>>>>   deny DOMAIN.EDU krb5-subdomain DOMAIN.EDU CNAME MX SRV TXT;
>>>> 
>>>> We are now using:
>>>> 
>>>>   deny DOMAIN.EDU krb5-subdomain . CNAME MX SRV TXT;
>>>> 
>>>> Am I to assume that the ‘.’ in the config statement behaves similarly to 
>>>> the ‘.’ in a zone file? It refers back to the zone the update-policy is 
>>>> defining?
>>>> 
>>>> Also, what is the difference between using a ‘.’ and a ‘*’? They both 
>>>> refer to all records within the zone.:
>>>> 
>>>>   deny DOMAIN.EDU krb5-subdomain * MX SRV TXT;
>>>> 
>>>> _
>>>> Nicholas Miller, OIT, University of Colorado at Boulder
>>>> 
>>>> ___
>>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
>>>> unsubscribe from this list
>>>> 
>>>> bind-users mailing list
>>>> bind-users@lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/bind-users
>>> 
>>> -- 
>>> Mark Andrews, ISC
>>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>>> PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org
>>> 
>> 
> 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: GSS-TSIG update-policy clarification

2018-03-23 Thread Mark Andrews

If you don’t want 6to4 addresses stop the machine configuring them. 

Not everything should be done at the DNS level.
-- 
Mark Andrews

> On 24 Mar 2018, at 01:07, Nicholas Miller  
> wrote:
> 
> As a followup, is there a way to stop Windows systems from adding their 
> 6-to-4  record? I see little point in adding these records to a domain.
> _
> Nicholas Miller, OIT, University of Colorado at Boulder
> 
>> On Mar 22, 2018, at 12:13 PM, Mark Andrews  wrote:
>> 
>> This was noted in the release notes and in CHANGES.
>> 
>> 4885.   [security]  update-policy rules that otherwise ignore the name
>>   field now require that it be set to "." to ensure
>>   that any type list present is properly interpreted.
>>   [RT #47126]
>> 
>> krb5-subdomain gets the permitted names from the Kerberos credential name
>> (host/machine@REALM).
>> 
>>> On 23 Mar 2018, at 2:50 am, Nicholas Miller  
>>> wrote:
>>> 
>>> With the latest update to bind our named.conf started reporting errors. I 
>>> have figured it out but wanted to get clarification about the syntax.
>>> 
>>> We had been using:
>>> 
>>>deny DOMAIN.EDU krb5-subdomain DOMAIN.EDU CNAME MX SRV TXT;
>>> 
>>> We are now using:
>>> 
>>>deny DOMAIN.EDU krb5-subdomain . CNAME MX SRV TXT;
>>> 
>>> Am I to assume that the ‘.’ in the config statement behaves similarly to 
>>> the ‘.’ in a zone file? It refers back to the zone the update-policy is 
>>> defining?
>>> 
>>> Also, what is the difference between using a ‘.’ and a ‘*’? They both refer 
>>> to all records within the zone.:
>>> 
>>>deny DOMAIN.EDU krb5-subdomain * MX SRV TXT;
>>> 
>>> _
>>> Nicholas Miller, OIT, University of Colorado at Boulder
>>> 
>>> ___
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
>>> unsubscribe from this list
>>> 
>>> bind-users mailing list
>>> bind-users@lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>> 
>> -- 
>> Mark Andrews, ISC
>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org
>> 
> 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: GSS-TSIG update-policy clarification

2018-03-23 Thread Nicholas Miller

As a followup, is there a way to stop Windows systems from adding their 6-to-4 
 record? I see little point in adding these records to a domain.
_
Nicholas Miller, OIT, University of Colorado at Boulder

> On Mar 22, 2018, at 12:13 PM, Mark Andrews  wrote:
> 
> This was noted in the release notes and in CHANGES.
> 
> 4885.   [security]  update-policy rules that otherwise ignore the name
>field now require that it be set to "." to ensure
>that any type list present is properly interpreted.
>[RT #47126]
> 
> krb5-subdomain gets the permitted names from the Kerberos credential name
> (host/machine@REALM).
> 
>> On 23 Mar 2018, at 2:50 am, Nicholas Miller  
>> wrote:
>> 
>> With the latest update to bind our named.conf started reporting errors. I 
>> have figured it out but wanted to get clarification about the syntax.
>> 
>> We had been using:
>> 
>>  deny DOMAIN.EDU krb5-subdomain DOMAIN.EDU CNAME MX SRV TXT;
>> 
>> We are now using:
>> 
>>  deny DOMAIN.EDU krb5-subdomain . CNAME MX SRV TXT;
>> 
>> Am I to assume that the ‘.’ in the config statement behaves similarly to the 
>> ‘.’ in a zone file? It refers back to the zone the update-policy is defining?
>> 
>> Also, what is the difference between using a ‘.’ and a ‘*’? They both refer 
>> to all records within the zone.:
>> 
>>  deny DOMAIN.EDU krb5-subdomain * MX SRV TXT;
>> 
>> _
>> Nicholas Miller, OIT, University of Colorado at Boulder
>> 
>> ___
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
>> unsubscribe from this list
>> 
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
> 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org
> 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: GSS-TSIG update-policy clarification

2018-03-22 Thread Mark Andrews

This was noted in the release notes and in CHANGES.

4885.   [security]  update-policy rules that otherwise ignore the name
field now require that it be set to "." to ensure
that any type list present is properly interpreted.
[RT #47126]

krb5-subdomain gets the permitted names from the Kerberos credential name
(host/machine@REALM).

> On 23 Mar 2018, at 2:50 am, Nicholas Miller  
> wrote:
> 
> With the latest update to bind our named.conf started reporting errors. I 
> have figured it out but wanted to get clarification about the syntax.
> 
> We had been using:
> 
>   deny DOMAIN.EDU krb5-subdomain DOMAIN.EDU CNAME MX SRV TXT;
> 
> We are now using:
> 
>   deny DOMAIN.EDU krb5-subdomain . CNAME MX SRV TXT;
> 
> Am I to assume that the ‘.’ in the config statement behaves similarly to the 
> ‘.’ in a zone file? It refers back to the zone the update-policy is defining?
> 
> Also, what is the difference between using a ‘.’ and a ‘*’? They both refer 
> to all records within the zone.:
> 
>   deny DOMAIN.EDU krb5-subdomain * MX SRV TXT;
> 
> _
> Nicholas Miller, OIT, University of Colorado at Boulder
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

GSS-TSIG update-policy clarification

2018-03-22 Thread Nicholas Miller

With the latest update to bind our named.conf started reporting errors. I have 
figured it out but wanted to get clarification about the syntax.

We had been using:

deny DOMAIN.EDU krb5-subdomain DOMAIN.EDU CNAME MX SRV TXT;

We are now using:

deny DOMAIN.EDU krb5-subdomain . CNAME MX SRV TXT;

Am I to assume that the ‘.’ in the config statement behaves similarly to the 
‘.’ in a zone file? It refers back to the zone the update-policy is defining?

Also, what is the difference between using a ‘.’ and a ‘*’? They both refer to 
all records within the zone.:

deny DOMAIN.EDU krb5-subdomain * MX SRV TXT;

_
Nicholas Miller, OIT, University of Colorado at Boulder

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: need clarification on "forward" behavior

2016-10-07 Thread Tony Finch

Veaceslav Revutchi  wrote:

> I see the server forwarding the query and it gets the answer below:
>
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
> ;;
> ;; ANSWER SECTION:
> aaa.example.org. 200 IN CNAME bbb.example.net.
> bbb.example.net. 60 IN A 10.64.64.64
>
> I would expect the server to return "10.64.64.64" to the client.
> Instead it recurses over "bbb.example.net" which comes back with a
> different "A" record from an external server and returns that IP to
> the client unless I add a forward for "example.net" also. Is this how
> it's supposed to work?

Interesting edge case.

I think this is to do with RFC 2181 section 5.4.1 trustworthiness ranking
of DNS data. (I seem to be referring to this spec a lot recently!) In
particular,

   Note that the answer section of an authoritative answer normally
   contains only authoritative data.  However when the name sought is an
   alias (see section 10.1.1) only the record describing that alias is
   necessarily authoritative.  Clients should assume that other records
   may have come from the server's cache.  Where authoritative answers
   are required, the client should query again, using the canonical name
   associated with the alias.

Tony.
-- 
f.anthony.n.finchhttp://dotat.at/  -  I xn--zr8h punycode
Fastnet: Southeast 4 or 5, occasionally 6 at first. Moderate, occasionally
rough at first in southwest. Occasional rain. Good, occasionally moderate.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

need clarification on "forward" behavior

2016-10-06 Thread Veaceslav Revutchi

Hi, I have a statement in my recursive resolver (rr-server) similar to this:

zone "example.org" { type forward; forward only; forwarders {
10.64.1.1; 10.64.1.2; } ; };

When clients ask for "aaa.example.org" I would expect it to send the
same query to one of the IPs above and return the answer to the
client. I see the server forwarding the query and it gets the answer
below:

rr-server:~$ dig @10.64.1.1 aaa.example.org

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;;
;; ANSWER SECTION:
aaa.example.org. 200 IN CNAME bbb.example.net.
bbb.example.net. 60 IN A 10.64.64.64

I would expect the server to return "10.64.64.64" to the client.
Instead it recurses over "bbb.example.net" which comes back with a
different "A" record from an external server and returns that IP to
the client unless I add a forward for "example.net" also. Is this how
it's supposed to work?

I'm running: BIND 9.9.4-RedHat-9.9.4-29.el7_2.3

Thank you,
Slava
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind 9.9.2 Clarification

2012-11-01 Thread Doug Barton

You can install 9.9.2 directly.

Doug


On 11/01/2012 01:30 PM, Manson, John wrote:
> Should I install bind 9.9.0 first and then update to bind 9.9.1 then
> update to bind 9.9.2?
> This excerpt from the README file is a little confusing:
>  
> BIND 9.9.2
>  
> BIND 9.9.2 is a maintenance release and patches the security
> flaw described in CVE-2012-4244.
>  
> BIND 9.9.1
>  
> BIND 9.9.1 is a maintenance release.
>  
> BIND 9.9.0
>  
> BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier
> releases. 
>  
> Thanks
>  
> John Manson
> CAO/HIR/NAF Data-Communications | U.S. House of Representatives |
> Washington, DC 20515
> Desk: 202-226-4244 | TCC: 202-226-6430 | john.man...@mail.house.gov
>  
>  
>  
>  
> 
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Bind 9.9.2 Clarification

2012-11-01 Thread Manson, John

Should I install bind 9.9.0 first and then update to bind 9.9.1 then update to 
bind 9.9.2?
This excerpt from the README file is a little confusing:

BIND 9.9.2

BIND 9.9.2 is a maintenance release and patches the security
flaw described in CVE-2012-4244.

BIND 9.9.1

BIND 9.9.1 is a maintenance release.

BIND 9.9.0

BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier
releases.

Thanks

John Manson
CAO/HIR/NAF Data-Communications | U.S. House of Representatives | Washington, 
DC 20515
Desk: 202-226-4244 | TCC: 202-226-6430 | john.man...@mail.house.gov




___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

rndc/controls block clarification needed?

2012-05-31 Thread Jon A.

Just spent a bit of time on missing a subtle rndc issue with Bind 9.9.1's
control block -- either I'm missing a better way to do this, or perhaps
bind should more appropriately issue a warning or fail to load instead of
silently accepted my bad control block.

I did RTFM, and until I'd spent a bunch of time playing with permutations,
I missed the subtle hints in the documentation.  Perhaps I still am, in
which case, I welcome a cleaner way to do this.

Ultimately I believe the issues to be that 1) you can't use the same
control port (993) for more than one inet statement and 2) using more than
one key isn't going to work.

I initially wanted the following, but had issues with getting rndc status
to work from both places:
controls {
   inet * port 953 allow { localhost;  authorized-controllers; } keys {
rndc-key;  masterkey;  };
};


Also tried:
controls {
   inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
   inet * port 953 allow { authorized-controllers; } keys { masterkey;
};
 };

Ultimately it had to be set up as:

controls {
   inet 127.0.0.1 port 953 allow { localhost; } keys { rndc-key; };
   inet * port 9953 allow { authorized-controllers; } keys { masterkey;
};
};

Is there a cleaner way (that works!) to set this up?  If not, could it be
made to work, or documentation/warnings be created to pound such ideas out
of my head in the future?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on wildcard falls into glue records

2012-05-15 Thread SM


At 07:08 15-05-2012, Alexander Gurvitz wrote:

From wikipedia:
To quote RFC 1912, "A common mistake is thinking that a wildcard


Using Wikipedia to quote RFC 1912 is odd ...

Regards,
-sm 


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on wildcard falls into glue records

2012-05-15 Thread Tony Finch

Sam Wilson  wrote:
>
> Not I - another poster.

Sorry!

Tony.
-- 
f.anthony.n.finchhttp://dotat.at/
Forties, Cromarty, Forth, Tyne, Dogger: Northwest 5 to 7, occasionally 4 in
Forth and Tyne. Moderate or rough, occasionally very rough in Forties and
Dogger. Showers. Good, occasionally moderate.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on wildcard falls into glue records

2012-05-15 Thread Sam Wilson

In article ,
 Tony Finch  wrote:

> Sam Wilson  wrote:
> >
> > Is a name on the RHS of an RR regarded as existing enough to prevent
> > wildcard lookup?
> 
> No, only RR owner names.
> 
> > In this I would have expected the NS lookup to be followed by an A
> > lookup for abc.a.example.com which would match the wildcard, assuming no
> > other records match that name on the LHS.
> 
> Yes that should work. The latter answer might appear to be missing because
> additional section processing is a bit special. In your original question
> you mentioned glue, ...

Not I - another poster.

Sam

-- 
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on wildcard falls into glue records

2012-05-15 Thread Tony Finch

Sam Wilson  wrote:
>
> Is a name on the RHS of an RR regarded as existing enough to prevent
> wildcard lookup?

No, only RR owner names.

> In this I would have expected the NS lookup to be followed by an A
> lookup for abc.a.example.com which would match the wildcard, assuming no
> other records match that name on the LHS.

Yes that should work. The latter answer might appear to be missing because
additional section processing is a bit special. In your original question
you mentioned glue, which is only necessary for delegations above the zone
cut, and probably should not rely on wildcards. If this is a zone apex NS
RRset then the server doesn't have to fill in the additional section. See
the example below, from a nameserver that has minimal-responses turned on.

; <<>> DiG 9.8.1-P1 <<>> ns dotat.at
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41609
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dotat.at.  IN  NS

;; ANSWER SECTION:
dotat.at.   3600IN  NS  ns1.gratisdns.dk.
dotat.at.   3600IN  NS  black.dotat.at.
dotat.at.   3600IN  NS  puck.nether.net.
dotat.at.   3600IN  NS  ns3.gratisdns.dk.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 15 15:52:19 2012
;; MSG SIZE  rcvd: 123

Tony.
-- 
f.anthony.n.finchhttp://dotat.at/
Forties, Cromarty, Forth, Tyne, Dogger: Northwest 5 to 7, occasionally 4 in
Forth and Tyne. Moderate or rough, occasionally very rough in Forties and
Dogger. Showers. Good, occasionally moderate.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on wildcard falls into glue records

2012-05-15 Thread Sam Wilson

In article ,
 Alexander Gurvitz  wrote:

> You should NOT get A records. Wildcard works only for hostnames
> that have NO records of ANY type.

Excuse me while I delirk, but this is interesting.  Is a name on the RHS 
of an RR regarded as existing enough to prevent wildcard lookup?  In 
this I would have expected the NS lookup to be followed by an A lookup 
for abc.a.example.com which would match the wildcard, assuming no other 
records match that name on the LHS.

Sam

> >From wikipedia:
> To quote RFC 1912, "A common mistake is thinking that a wildcard
>  MX for a zone will apply to all hosts in the zone. A wildcard MX will
>  apply only to names in the zone which aren't listed in the DNS at all.
> " That is, if there is a wild card MX for *.example.com, and an
> A record (but no MX record) for www.example.com, the correct
> response (as per RFC 1034) to an MX request for www.example.com
>  is "no error, but no data"; this is in contrast to the possibly expected
>  response of the MX record attached to *.example.com.
> 
> Regards,
> Alexander,
> net-me.net
> 
> On Tue, May 15, 2012 at 9:34 AM, rams  wrote:
> > Hi,
> > I have NS record points a record [A/] which is falls into wildcard . But
> > when I query for NS record against bind, we are not getting these records as
> > glue records.
> >
> > ex:
> > *.a.example.com A 1.1.1.1
> > example.com. NS abc.a.example.com.
> >
> > Querying example.com with any or ns.
> > don't we get glue records for this scenario? please confirm.

-- 
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on wildcard falls into glue records

2012-05-15 Thread Alexander Gurvitz

You should NOT get A records. Wildcard works only for hostnames
that have NO records of ANY type.

>From wikipedia:
To quote RFC 1912, "A common mistake is thinking that a wildcard
 MX for a zone will apply to all hosts in the zone. A wildcard MX will
 apply only to names in the zone which aren't listed in the DNS at all.
" That is, if there is a wild card MX for *.example.com, and an
A record (but no MX record) for www.example.com, the correct
response (as per RFC 1034) to an MX request for www.example.com
 is "no error, but no data"; this is in contrast to the possibly expected
 response of the MX record attached to *.example.com.

Regards,
Alexander,
net-me.net

On Tue, May 15, 2012 at 9:34 AM, rams  wrote:
> Hi,
> I have NS record points a record [A/] which is falls into wildcard . But
> when I query for NS record against bind, we are not getting these records as
> glue records.
>
> ex:
> *.a.example.com A 1.1.1.1
> example.com. NS abc.a.example.com.
>
> Querying example.com with any or ns.
> don't we get glue records for this scenario? please confirm.
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on TTL Value

2012-05-15 Thread Jan-Piet Mens

> rd1.ramesh40finalround.com. 98400 INA   11.11.11.11
> rd1.ramesh40finalround.com. 96400 INA   12.12.12.12
> rd1.ramesh40finalround.com. 99  IN  A   13.13.13.13
> rd1.ramesh40finalround.com. 1 INA   14.14.14.14

RFC 2181, section 5.2 specifies:

"the use of differing TTLs in an RRSet is hereby deprecated, the
TTLs of all RRs in an RRSet must be the same."

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on TTL Value

2012-05-15 Thread Ashok Agarwal

Hi Ramesh,

When you query for rd1.ramesh40finalround.com. then you will get answer for
all  records but it  will show minimum TTL value.

-Ashok

On Tue, May 15, 2012 at 3:00 PM, rams  wrote:

> Hi ,
> I have a setup as follows:
>
> rd1.ramesh40finalround.com. 98400 INA   11.11.11.11
> rd1.ramesh40finalround.com. 96400 INA   12.12.12.12
> rd1.ramesh40finalround.com. 99  IN  A   13.13.13.13
> rd1.ramesh40finalround.com. 1 INA   14.14.14.14
>
>
> If i query "rd1.ramesh40finalround.com." against bind, Will I get all
> records with different TTL values or all records with same TTL value. Which
> TTL value will display for all records. could you please confirm.
>
> Thanks,
> Ramesh
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on wildcard falls into glue records

2012-05-14 Thread rams

Hi,
I have NS record points a record [A/] which is falls into wildcard .
But when I query for NS record against bind, we are not getting these
records as glue records.

ex:
*.a.example.com A 1.1.1.1
example.com. NS abc.a.example.com.

Querying example.com with any or ns.
don't we get glue records for this scenario? please confirm.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on question and the answer section uppercase lower case mis match

2012-04-10 Thread Kevin Oberman

On Tue, Apr 10, 2012 at 2:56 AM, rams  wrote:
> Hi,
> When i queried domain with capital letters , In answer section domain name
> is displaying small letters. Is it expected? any RFC for this?
>
> dig @localhost D.ashwintrail.com
>
>
> ; <<>> DiG 9.2.4 <<>> @localhost D.ashwintrail.com
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23469
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;D.ashwintrail.com. IN A
>
> ;; ANSWER SECTION:
> d.ashwintrail.com. 86400 IN A 2.3.4.5
>
> ;; AUTHORITY SECTION:
> ashwintrail.com. 86400 IN NS ramesh.com.
> ashwintrail.com. 86400 IN NS ramesh1.com.
>
> ;; Query time: 0 msec
> ;; SERVER: #53
> ;; WHEN: Tue Apr 10 02:19:00 2012
> ;; MSG SIZE rcvd: 105
>
> Thanks & Regards,
> Ramesh

Since the very first DNS RFCs, DNS is case preserving but not case
sensitive. That means that a query with differences in case will
return a match with the appropriate data, just the same as when case
matches, but will return the case of the authoritative record.

See RFC1034 3.1 for a general description or RFC1035, section 2.3.3 for detail.
-- 
R. Kevin Oberman, Network Engineer
E-mail: kob6...@gmail.com
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on question and the answer section uppercase lower case mis match

2012-04-10 Thread Warren Kumari

http://www.ietf.org/rfc/rfc4343.txt

Some resolvers use 0x20 tricks to encode additional entropy into queries.

This works by randomly adding 0x20 to characters in the qname and then making 
sure they are the same when they come back (e.g: example.com -> eXAmpLe.coM)...

W


On Apr 10, 2012, at 5:56 AM, rams wrote:

> Hi,
> When i queried domain with capital letters , In answer section domain name is 
> displaying small letters. Is it expected? any RFC for this?
> 
> dig @localhost D.ashwintrail.com 
> 
> 
> ; <<>> DiG 9.2.4 <<>> @localhost D.ashwintrail.com
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23469
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;D.ashwintrail.com. IN A
> 
> ;; ANSWER SECTION:
> d.ashwintrail.com. 86400 IN A 2.3.4.5
> 
> ;; AUTHORITY SECTION:
> ashwintrail.com. 86400 IN NS ramesh.com.
> ashwintrail.com. 86400 IN NS ramesh1.com.
> 
> ;; Query time: 0 msec
> ;; SERVER: #53
> ;; WHEN: Tue Apr 10 02:19:00 2012
> ;; MSG SIZE rcvd: 105
> 
> Thanks & Regards,
> Ramesh
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on DNSKEY query

2012-02-21 Thread Mark Andrews

In message 
, rams writes:
> Hi,
> When I queried a domain with type DNSKEY, I am getting only ANSWER section
> and not returned Authority section. Is it expected?

Yes.

> It would be helpful if you give the RFC number for reference .

Adding NS records to a answer is optional they are only required
for a referral (RFC 1035).

Signed DNSKEY responses tend to be large and by the time a DNSKEY
query is made a recursive server will almost always have the NS
RRset.  Similarly for DS queries then recursive server will almost
always have the NS RRset, infact it may have had to make a explict
NS query to find the correct set of nameservers to ask.  Adding NS
records and associated glue can push answers over various thresholds
increasing the likelyhood of triggering recovery strategies to work
around mis-configured firewall which often involve falling back to
TCP.  To reduce this named turns on minimal-response for DNSKEY and
DS queries.

response > 512
response requires fragmentation
response to big to fit in advertised UDP buffer

Named also turns on minimal-response for EDNS responses where the
UDP buffer size is 512.  This again reduces the probability of TCP
fallback being required.

Mark

> Thanks & Regards,
> Ramesh
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: RFC 1918 error clarification

2011-08-18 Thread Matus UHLAR - fantomas


On 17.08.11 14:31, Morgan Toal wrote:
I would like to clarify something. I have 14 locations each using a 
private class c address, and a single dns server which I have just 
moved from bind8 to bind9.


I am getting a lot of these:

Aug 17 13:33:13 mail2 named[18610]: client 192.168.16.3#55546: RFC 
1918 response from Internet for 108.21.168.192.in-addr.arpa
Aug 17 13:33:35 mail2 named[18610]: client 192.168.16.3#38729: RFC 
1918 response from Internet for 171.1.168.192.in-addr.arpa


where: 192.168.16.3 is the dns server
and: 192.168.21.108 and 192.168.1.171 are clients on my network

So what I need to do, then, is create a reverse zone file for each of 
my 14 internal subnets and reference these in /etc/named.conf, is 
that correct?


Is there no way I could somehow tell bind to combine all these into a 
single reverse zone file?


you can of course define 168.192.in-addr.arpa and put everything there.

the problem above looks like client with IP 192.168.16.3 asked the 
named on server mail2 for 108.21.168.192.in-addr.arpa and 
171.1.168.192.in-addr.arpa and got the responses from the internet.

You should serve those zones locally...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
A day without sunshine is like, night.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RFC 1918 error clarification

2011-08-17 Thread Morgan Toal


Hi bind-users,

I would like to clarify something. I have 14 locations each using a 
private class c address, and a single dns server which I have just moved 
from bind8 to bind9.


I am getting a lot of these:

Aug 17 13:33:13 mail2 named[18610]: client 192.168.16.3#55546: RFC 1918 
response from Internet for 108.21.168.192.in-addr.arpa
Aug 17 13:33:35 mail2 named[18610]: client 192.168.16.3#38729: RFC 1918 
response from Internet for 171.1.168.192.in-addr.arpa


where: 192.168.16.3 is the dns server
and: 192.168.21.108 and 192.168.1.171 are clients on my network

So what I need to do, then, is create a reverse zone file for each of my 
14 internal subnets and reference these in /etc/named.conf, is that correct?


Is there no way I could somehow tell bind to combine all these into a 
single reverse zone file?


(on the old bind8 server, it would add ddns records to a single reverse 
zone file, this must be a bind8 vs. bind9 difference? But I am having 
trouble with ddns updates too and that's a separate question.)


Thanks!

mtoal

--
Morgan Toal, RHCE, CFCE, CEH, MCP
Network Manager
City of Burlington, Iowa
319-759-8882
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on wildcard scenario

2011-01-31 Thread Mark Andrews


In message , rams 
w
rites:
> Hi,
> I have zone as follows in bind.
> 
> $ORIGIN joshfeb1.com.
> @ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (
> 
>   2011013101 ; serial
> 10800 ; refresh
> 3600 ; retry
> 2592000 ; expire
> 86400 ; minimum
> )
> joshfeb1.com. NS udns1.ultradns.net.
> joshfeb1.com. NS udns2.ultradns.net.
> **.joshfeb1.com. A 1.1.1.1
> *.www.joshfeb1.com.  A 2.2.2.2*

It gets very hard when your email client adds to the plain text
version.  We really don't need extra * and 
added.

You want the records to be like this:

*.joshfeb1.com. A 1.1.1.1
www.joshfeb1.com. A 2.2.2.2

You has a wildcard before the www creating a empty node in the tree.
 
> When I queried domain "www.joshfeb1.com. A" against Bind, I am getting
> NOERROR and NOANSWER.When can i get answer. Could you please clarify me.
> 
> I able to get answer with abc.joshfeb1.com and abc.www.joshfeb1.com. Why
> bind is not returning answer for www.joshfeb1.com, it should map to **.
> joshfeb1.com. right?
> 
> Thanks & Regards,
> Ramesh
> *
> Thanks & Regards,
> Ramesh
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on wildcard scenario

2011-01-31 Thread rams

Hi,
I have zone as follows in bind.

$ORIGIN joshfeb1.com.
@ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (

  2011013101 ; serial
10800 ; refresh
3600 ; retry
2592000 ; expire
86400 ; minimum
)
joshfeb1.com. NS udns1.ultradns.net.
joshfeb1.com. NS udns2.ultradns.net.
**.joshfeb1.com. A 1.1.1.1
*.www.joshfeb1.com.  A 2.2.2.2*

When I queried domain "www.joshfeb1.com. A" against Bind, I am getting
NOERROR and NOANSWER.When can i get answer. Could you please clarify me.

I able to get answer with abc.joshfeb1.com and abc.www.joshfeb1.com. Why
bind is not returning answer for www.joshfeb1.com, it should map to **.
joshfeb1.com. right?

Thanks & Regards,
Ramesh
*
Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on wildcard scenario

2011-01-31 Thread Warren Kumari

I must admit, I'm kinda confused by what you are actually trying to achieve

?A foo.joshfeb1.com. should be getting returning 1.1.1.1

?A www.joshfeb1.com. should be returning noerror / nodata because:
1: There is a record at www.joshfeb1.com (so it's not NXDOMAIN), but
2: the record is not an A record (so there is NO DATA that matches)

I'm assuming if you query for A foo.www.joshb1.com. you get back 2.2.2.2?

W

On Jan 31, 2011, at 11:19 PM, rams wrote:

> Hi Mark,
> 
> Thank You for quick clarify. I have included trailing dot and restart bind.
> Now when i queired for domain "www.joshfeb1.com" with type A, I am getting 
> NOERROR and NOANSWER.
> 
> [root@ zones]# dig  www.joshfeb1.com. A
> 
> ; <<>> DiG 9.6.1-P3 <<>>  www.joshfeb1.com. A
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40667
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;www.joshfeb1.com.  IN  A
> 
> ;; AUTHORITY SECTION:
> joshfeb1.com.   86400   IN  SOA udns1.ultradns.net. 
> rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> 
> ;; Query time: 2 msec
> ;; SERVER: 10.31.145.194#53(10.31.145.194)
> ;; WHEN: Tue Feb  1 04:13:00 2011
> ;; MSG SIZE  rcvd: 106
> 
> [root@zones]#
> 
> Is it correct. Actually www.joshfeb1.com is not exist and it should look into 
> *.joshfeb1.com right. Could you please clarify why it is not returning answer.
> 
> Thanks & Regards,
> Ramesh
> 
> 
> On Tue, Feb 1, 2011 at 9:41 AM, Mark Andrews  wrote:
> 
> In message , 
> rams w
> rites:
> > Hi,
> > I have zone as follows in bind.
> >
> > $ORIGIN joshfeb1.com.
> > @ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (
> > 2011013101 ; serial
> > 10800 ; refresh
> > 3600 ; retry
> > 2592000 ; expire
> > 86400 ; minimum
> > )
> > joshfeb1.com. NS udns1.ultradns.net.
> > joshfeb1.com. NS udns2.ultradns.net.
> > **.joshfeb1.com A 1.1.1.1
> > *.www.joshfeb1.com A 2.2.2.2*
> >
> > When I queried domain "www.joshfeb1.com. A" against Bind, I am getting
> > NXDOMAIN.When can i get records in response. Could you please clarify me.
> >
> > The following response return.
> >
> > *[root@zones]# dig  abc.www.joshfeb1.com. A*
> >
> > ; <<>> DiG 9.6.1-P3 <<>>  abc.www.joshfeb1.com. A
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24113
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;abc.www.joshfeb1.com.  IN  A
> >
> > ;; AUTHORITY SECTION:
> > joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> > rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 10.31.145.194#53(10.31.145.194)
> > ;; WHEN: Tue Feb  1 03:36:56 2011
> > ;; MSG SIZE  rcvd: 110
> >
> > *[root@ zones]# dig  abc.joshfeb1.com. A*
> >
> > ; <<>> DiG 9.6.1-P3 <<>>  abc.joshfeb1.com. A
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26354
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;abc.joshfeb1.com.  IN  A
> >
> > ;; AUTHORITY SECTION:
> > joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> > rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 10.31.145.194#53(10.31.145.194)
> > ;; WHEN: Tue Feb  1 03:37:05 2011
> > ;; MSG SIZE  rcvd: 106
> >
> > *[root@ zones]# dig  www.joshfeb1.com. A*
> >
> > ; <<>> DiG 9.6.1-P3 <<>>  www.joshfeb1.com. A
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19448
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;www.joshfeb1.com.  IN  A
> >
> > ;; AUTHORITY SECTION:
> > joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> > rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 10.31.145.194#53(10.31.145.194)
> > ;; WHEN: Tue Feb  1 03:37:15 2011
> > ;; MSG SIZE  rcvd: 106
> >
> > [root@stulcqacustbind2 zones]#
> >
> >
> > What bind is returning is correct?
> 
> Yes.  You have a mixture of relative (no period at end) and absolute names
> (period at end) in the zone file above.  What you added to the zone
> was "www.joshfeb1.com.joshfeb1.com." not "www.joshfeb1.com.".  You

Re: Clarification on wildcard scenario

2011-01-31 Thread Alan Clegg

On 1/31/2011 10:42 PM, rams wrote:

> $ORIGIN joshfeb1.com .
> @ IN SOA rboddeti.yahoo.com .
> rboddeti.gmail.com . (
> 2011013101 ; serial
> 10800 ; refresh
> 3600 ; retry
> 2592000 ; expire
> 86400 ; minimum
> )
> joshfeb1.com . NS udns1.ultradns.net
> .
> joshfeb1.com . NS udns2.ultradns.net
> .
> **.joshfeb1.com  A 1.1.1.1
> *.www.joshfeb1.com  A 2.2.2.2*

Since you are posting in HTML, it's pretty messy...

You are missing a dot after the com on the wildcard lines.

AlanC



signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on wildcard scenario

2011-01-31 Thread rams

Hi Mark,

Thank You for quick clarify. I have included trailing dot and restart bind.
Now when i queired for domain "www.joshfeb1.com" with type A, I am getting
NOERROR and NOANSWER.

[root@ zones]# dig  www.joshfeb1.com. A

; <<>> DiG 9.6.1-P3 <<>>  www.joshfeb1.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40667
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.joshfeb1.com.  IN  A

;; AUTHORITY SECTION:
joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400

;; Query time: 2 msec
;; SERVER: 10.31.145.194#53(10.31.145.194)
;; WHEN: Tue Feb  1 04:13:00 2011
;; MSG SIZE  rcvd: 106

[root@zones]#

Is it correct. Actually www.joshfeb1.com is not exist and it should look
into *.joshfeb1.com right. Could you please clarify why it is not returning
answer.

Thanks & Regards,
Ramesh


On Tue, Feb 1, 2011 at 9:41 AM, Mark Andrews  wrote:

>
> In message ,
> rams w
> rites:
> > Hi,
> > I have zone as follows in bind.
> >
> > $ORIGIN joshfeb1.com.
> > @ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (
> > 2011013101 ; serial
> > 10800 ; refresh
> > 3600 ; retry
> > 2592000 ; expire
> > 86400 ; minimum
> > )
> > joshfeb1.com. NS udns1.ultradns.net.
> > joshfeb1.com. NS udns2.ultradns.net.
> > **.joshfeb1.com A 1.1.1.1
> > *.www.joshfeb1.com A 2.2.2.2*
> >
> > When I queried domain "www.joshfeb1.com. A" against Bind, I am getting
> > NXDOMAIN.When can i get records in response. Could you please clarify me.
> >
> > The following response return.
> >
> > *[root@zones]# dig  abc.www.joshfeb1.com. A*
> >
> > ; <<>> DiG 9.6.1-P3 <<>>  abc.www.joshfeb1.com. A
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24113
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;abc.www.joshfeb1.com.  IN  A
> >
> > ;; AUTHORITY SECTION:
> > joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> > rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 10.31.145.194#53(10.31.145.194)
> > ;; WHEN: Tue Feb  1 03:36:56 2011
> > ;; MSG SIZE  rcvd: 110
> >
> > *[root@ zones]# dig  abc.joshfeb1.com. A*
> >
> > ; <<>> DiG 9.6.1-P3 <<>>  abc.joshfeb1.com. A
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26354
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;abc.joshfeb1.com.  IN  A
> >
> > ;; AUTHORITY SECTION:
> > joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> > rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 10.31.145.194#53(10.31.145.194)
> > ;; WHEN: Tue Feb  1 03:37:05 2011
> > ;; MSG SIZE  rcvd: 106
> >
> > *[root@ zones]# dig  www.joshfeb1.com. A*
> >
> > ; <<>> DiG 9.6.1-P3 <<>>  www.joshfeb1.com. A
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19448
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;www.joshfeb1.com.  IN  A
> >
> > ;; AUTHORITY SECTION:
> > joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> > rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 10.31.145.194#53(10.31.145.194)
> > ;; WHEN: Tue Feb  1 03:37:15 2011
> > ;; MSG SIZE  rcvd: 106
> >
> > [root@stulcqacustbind2 zones]#
> >
> >
> > What bind is returning is correct?
>
> Yes.  You have a mixture of relative (no period at end) and absolute names
> (period at end) in the zone file above.  What you added to the zone
> was "www.joshfeb1.com.joshfeb1.com." not "www.joshfeb1.com.".  You needed
> a period at the end of "com" or to just use "www".
>
> Mark
>
> > Thanks & Regards,
> > Ramesh
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on wildcard scenario

2011-01-31 Thread Mark Andrews


In message , rams 
w
rites:
> Hi,
> I have zone as follows in bind.
> 
> $ORIGIN joshfeb1.com.
> @ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (
> 2011013101 ; serial
> 10800 ; refresh
> 3600 ; retry
> 2592000 ; expire
> 86400 ; minimum
> )
> joshfeb1.com. NS udns1.ultradns.net.
> joshfeb1.com. NS udns2.ultradns.net.
> **.joshfeb1.com A 1.1.1.1
> *.www.joshfeb1.com A 2.2.2.2*
> 
> When I queried domain "www.joshfeb1.com. A" against Bind, I am getting
> NXDOMAIN.When can i get records in response. Could you please clarify me.
> 
> The following response return.
> 
> *[root@zones]# dig  abc.www.joshfeb1.com. A*
> 
> ; <<>> DiG 9.6.1-P3 <<>>  abc.www.joshfeb1.com. A
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24113
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;abc.www.joshfeb1.com.  IN  A
> 
> ;; AUTHORITY SECTION:
> joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> 
> ;; Query time: 2 msec
> ;; SERVER: 10.31.145.194#53(10.31.145.194)
> ;; WHEN: Tue Feb  1 03:36:56 2011
> ;; MSG SIZE  rcvd: 110
> 
> *[root@ zones]# dig  abc.joshfeb1.com. A*
> 
> ; <<>> DiG 9.6.1-P3 <<>>  abc.joshfeb1.com. A
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26354
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;abc.joshfeb1.com.  IN  A
> 
> ;; AUTHORITY SECTION:
> joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> 
> ;; Query time: 2 msec
> ;; SERVER: 10.31.145.194#53(10.31.145.194)
> ;; WHEN: Tue Feb  1 03:37:05 2011
> ;; MSG SIZE  rcvd: 106
> 
> *[root@ zones]# dig  www.joshfeb1.com. A*
> 
> ; <<>> DiG 9.6.1-P3 <<>>  www.joshfeb1.com. A
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19448
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;www.joshfeb1.com.  IN  A
> 
> ;; AUTHORITY SECTION:
> joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
> rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400
> 
> ;; Query time: 2 msec
> ;; SERVER: 10.31.145.194#53(10.31.145.194)
> ;; WHEN: Tue Feb  1 03:37:15 2011
> ;; MSG SIZE  rcvd: 106
> 
> [root@stulcqacustbind2 zones]#
> 
> 
> What bind is returning is correct?

Yes.  You have a mixture of relative (no period at end) and absolute names
(period at end) in the zone file above.  What you added to the zone
was "www.joshfeb1.com.joshfeb1.com." not "www.joshfeb1.com.".  You needed
a period at the end of "com" or to just use "www".

Mark

> Thanks & Regards,
> Ramesh
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on wildcard scenario

2011-01-31 Thread rams

Hi,
I have zone as follows in bind.

$ORIGIN joshfeb1.com.
@ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (
2011013101 ; serial
10800 ; refresh
3600 ; retry
2592000 ; expire
86400 ; minimum
)
joshfeb1.com. NS udns1.ultradns.net.
joshfeb1.com. NS udns2.ultradns.net.
**.joshfeb1.com A 1.1.1.1
*.www.joshfeb1.com A 2.2.2.2*

When I queried domain "www.joshfeb1.com. A" against Bind, I am getting
NXDOMAIN.When can i get records in response. Could you please clarify me.

The following response return.

*[root@zones]# dig  abc.www.joshfeb1.com. A*

; <<>> DiG 9.6.1-P3 <<>>  abc.www.joshfeb1.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24113
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;abc.www.joshfeb1.com.  IN  A

;; AUTHORITY SECTION:
joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400

;; Query time: 2 msec
;; SERVER: 10.31.145.194#53(10.31.145.194)
;; WHEN: Tue Feb  1 03:36:56 2011
;; MSG SIZE  rcvd: 110

*[root@ zones]# dig  abc.joshfeb1.com. A*

; <<>> DiG 9.6.1-P3 <<>>  abc.joshfeb1.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26354
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;abc.joshfeb1.com.  IN  A

;; AUTHORITY SECTION:
joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400

;; Query time: 2 msec
;; SERVER: 10.31.145.194#53(10.31.145.194)
;; WHEN: Tue Feb  1 03:37:05 2011
;; MSG SIZE  rcvd: 106

*[root@ zones]# dig  www.joshfeb1.com. A*

; <<>> DiG 9.6.1-P3 <<>>  www.joshfeb1.com. A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19448
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.joshfeb1.com.  IN  A

;; AUTHORITY SECTION:
joshfeb1.com.   86400   IN  SOA udns1.ultradns.net.
rboddeti.infinite.com. 2011013101 10800 3600 2592000 86400

;; Query time: 2 msec
;; SERVER: 10.31.145.194#53(10.31.145.194)
;; WHEN: Tue Feb  1 03:37:15 2011
;; MSG SIZE  rcvd: 106

[root@stulcqacustbind2 zones]#


What bind is returning is correct?

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on CNAME

2011-01-26 Thread Sam Wilson

In article ,
 Matus UHLAR - fantomas  wrote:

> On 24.01.11 17:13, rams wrote:
> > y resolver is returning multiple CNAMEs for same hostname. But I believe
> > CNAME should not return same hostname with multiple values.
> 
> correct.
> 
> > Is this behavior is correct. Could you please clarify me.
> 
> it's not. CNAME may be the only record type for a domain, only its signature
> may appear on it...
> the server that returns multiple cnames is broken.

Even more so if the name that the original poster quoted (ramesh.com) is 
the one for which the CNAMEs are returned.  The real ramesh.com has SOA 
and  NS because it's delegated from .com (it also has A and MX records) 
and therefore can't have a CNAME anyway.

Sam
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on CNAME

2011-01-24 Thread Matus UHLAR - fantomas

On 24.01.11 17:13, rams wrote:
> y resolver is returning multiple CNAMEs for same hostname. But I believe
> CNAME should not return same hostname with multiple values.

correct.

> Is this behavior is correct. Could you please clarify me.

it's not. CNAME may be the only record type for a domain, only its signature
may appear on it...
the server that returns multiple cnames is broken.
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its friends are...
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on CNAME

2011-01-24 Thread rams

y resolver is returning multiple CNAMEs for same hostname. But I believe
CNAME should not return same hostname with multiple values.

Ex: Configured GEOIP records as follows:

ramesh.com CNAME a.ramesh.com.
ramesh.com CNAME az.ramesh.com.  Arizone configured

ramesh.com CNAME va.ramesh.com.  Virginia configured

ramesh.com CNAME others.ramesh.com.  Others configured

Queried “ramesh.com” from AZ,VA and OTHERS regions against my resolver.

My resolver is returning same hostname with mutliple CNAME's.

>From AZ i am getting:

ramesh.com CNAME a.ramesh.com.
ramesh.com CNAME az.ramesh.com.

>From VA i am getting:

ramesh.com CNAME a.ramesh.com.
ramesh.com CNAME va.ramesh.com.

Is this behavior is correct. Could you please clarify me.


Thanks & regards,

Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: clarification on SOA

2010-12-01 Thread Emanuele (aka Skull)

On 12/1/10 2:35 PM, rams wrote:
> Hi,
> 
> I have one SOA record as follows in zone.
> 
> qa.com .   86400   IN SOA ramesh.com .
> qa.com . (
> 2009111903 ; serial
> 10800  ; refresh (3 hours)
> 3600   ; retry (1 hour)
> 2592000; expire (4 weeks 2 days)
> 300  ; minimum (1 day)
> )
> 
> I queried for non exist domain against bind. Bind is returning SOA
> record with 300 as TTL value. Is it correct? Because in my zone , SOA
> has 86400 TTL.
> 
> Please clarify me.

See RFC 2308.

-- 
Paranoia is a disease unto itself. And may I add: the person standing
next to you may not be who they appear to be, so take precaution.
-
http://bofhskull.wordpress.com/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: clarification on SOA

2010-12-01 Thread Matus UHLAR - fantomas

On 01.12.10 19:05, rams wrote:
> I have one SOA record as follows in zone.
> 
> qa.com.   86400   IN SOA ramesh.com. qa.com. (
> 2009111903 ; serial
> 10800  ; refresh (3 hours)
> 3600   ; retry (1 hour)
> 2592000; expire (4 weeks 2 days)
> 300  ; minimum (1 day)
> )
> 
> I queried for non exist domain against bind. Bind is returning SOA record
> with 300 as TTL value. Is it correct? Because in my zone , SOA has 86400
> TTL.

it's correct, in case of NXDOMAIN responses, the TTL is set to value of SOA
minimum, which is 300 in this case.

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: clarification on SOA

2010-12-01 Thread Karl Auer

On Wed, 2010-12-01 at 19:05 +0530, rams wrote:
> I have one SOA record as follows in zone.
> 
> qa.com.   86400   IN SOA ramesh.com. qa.com. (
> 2009111903 ; serial
> 10800  ; refresh (3 hours)
> 3600   ; retry (1 hour)
> 2592000; expire (4 weeks 2 days)
> 300  ; minimum (1 day)
> )
> 
> I queried for non exist domain against bind. Bind is returning SOA
> record with 300 as TTL value. Is it correct? Because in my zone , SOA
> has 86400 TTL.
> 
For NXDOMAIN, the TTL returned will be the lower value of the SOA TTL
and NCACHE/MINIMUM. So in this case, 300 seconds.

See RFC mumblemumble. I know this through being comprehensively
ejumacated on this very list because I thought the SOA TTL had to be
zero...

Regards, K.

-- 
~~~
Karl Auer (ka...@biplane.com.au)   +61-2-64957160 (h)
http://www.biplane.com.au/kauer/   +61-428-957160 (mob)

GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF


signature.asc
Description: This is a digitally signed message part
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

clarification on SOA

2010-12-01 Thread rams

Hi,

I have one SOA record as follows in zone.

qa.com.   86400   IN SOA ramesh.com. qa.com. (
2009111903 ; serial
10800  ; refresh (3 hours)
3600   ; retry (1 hour)
2592000; expire (4 weeks 2 days)
300  ; minimum (1 day)
)

I queried for non exist domain against bind. Bind is returning SOA record
with 300 as TTL value. Is it correct? Because in my zone , SOA has 86400
TTL.

Please clarify me.

Thanks & Regards,
ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on delegated NS

2010-10-22 Thread Mark Andrews

In message , rams
 writes:
> Hi ,
> 
> When I created delegated NS record. Bind 9.7.1 p3 is giving SERVFAIL , when
> i queried for NS delegated record with NS.
> 
> Could you please clarify me or is it bug in 9.7?

To see the delegation you need to make a non recursive query (+norec).

dig +norec ns zone @parent

You are supposed to set up the child zone *FIRST* then add the delegation
that way you don't have a lame delegation.  When removing a zone you remove
the delegating NS records then once the NS records have cleared the cache
you remove the zone from the nameservers.  Similarly when changing the
nameservers, you configure the new nameservers, you change the NS records,
you wait for the NS records to clear caches, then remove the zone from the
old servers.

Mark

> Thanks & Regards,
> Ramesh
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: clarification

2010-10-22 Thread John Wobus


On Oct 22, 2010, at 8:31 AM, rams wrote:

I have a record in BIND as follows:

mxdomain.com. 86400 IN MX 65536 gmail.com.

When I query "mxdomain.com." with type MX. What is the bind  
response. Is there any RFC mentioned about this .


On the wire, the MX preference is carried in a 16-bit field,
which cannot store 65536: the field simply isn't big enough.  If you  
query

an MX record and get a preference of 65536, the software with which
you are doing the query has a bug in it and is displaying something
that did not come from the server.

If a zone file has a preference of 65536, dns server software (such
as bind) that attempts to load the zone file should reject it as
impossible to use.  If you have dns server software that doesn't reject
it, you will have to experiment to find out what it does with the input,
which should be easy to do.  It could conceivably use a legal number
instead, or it simply leave out that record.  RFCs merely say 65535
is the maximum allowed.  Specifying what to do when reading a
zone file that exceeds this maximum is one of an infinite
number of possible input errors that RFCs have nothing specific
about.

John Wobus
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Loading MX record with illegal preference (Lame subject replaced: clarification

2010-10-22 Thread Stephane Bortzmeyer

On Fri, Oct 22, 2010 at 09:02:49AM -0500,
 Jeremy C. Reed  wrote 
 a message of 8 lines which said:

> Because subject was replaced I didn't find it before my response :)

You should really used a threaded mail client software (which
understands the In-Reply-To: header) :-)
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: clarification

2010-10-22 Thread Jeremy C. Reed

On Fri, 22 Oct 2010, rams wrote:

> I have a record in BIND as follows:
>  
> mxdomain.com. 86400 IN MX 65536 gmail.com.

How did you get named to load this?

If your named does load it, what version of BIND are you using?

You should get "out of range". (See named-checkzone too.)

> When I query "mxdomain.com." with type MX. What is the bind response. Is
> there any RFC mentioned about this .

I didn't test with BIND 9 (because can't load it), but with BIND 10 
(using a SQL database) returns SERVFAIL.___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Loading MX record with illegal preference (Lame subject replaced: clarification

2010-10-22 Thread Jeremy C. Reed

> Subject: Loading MX record with illegal preference (Lame subject replaced:
> clarification

Because subject was replaced I didn't find it before my response :)
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Loading MX record with illegal preference (Lame subject replaced: clarification

2010-10-22 Thread John Wingenbach



https://www.isc.org/files/arm96.html#types_of_resource_records_and_when_to_use_them

Scroll down to the data type MX and it says:

Identifies a mail exchange for the domain with a 16-bit preference value 
(lower is better) followed by the host name of the mail exchange. 
Described in RFC 974, RFC 1035.


-- John

On 10/22/2010 8:39 AM, Stephane Bortzmeyer wrote:

On Fri, Oct 22, 2010 at 06:01:22PM +0530,
  rams  wrote
  a message of 42 lines which said:


I have a record in BIND as follows:

mxdomain.com. 86400 IN MX 65536 gmail.com.

I don't think you tell us the truth. Because BIND refuses to load it:

% named-checkzone example large-mx.zone
dns_rdata_fromtext: large-mx.zone:15: near '65536': out of range
zone example/IN: loading from master file large-mx.zone failed: out of range
zone example/IN: not loaded due to errors.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Loading MX record with illegal preference (Lame subject replaced: clarification

2010-10-22 Thread Stephane Bortzmeyer

On Fri, Oct 22, 2010 at 06:01:22PM +0530,
 rams  wrote 
 a message of 42 lines which said:

> I have a record in BIND as follows:
> 
> mxdomain.com. 86400 IN MX 65536 gmail.com.

I don't think you tell us the truth. Because BIND refuses to load it:

% named-checkzone example large-mx.zone 
dns_rdata_fromtext: large-mx.zone:15: near '65536': out of range
zone example/IN: loading from master file large-mx.zone failed: out of range
zone example/IN: not loaded due to errors.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

clarification

2010-10-22 Thread rams

Hi,

I have a record in BIND as follows:

mxdomain.com. 86400 IN MX 65536 gmail.com.

When I query "mxdomain.com." with type MX. What is the bind response. Is
there any RFC mentioned about this .

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification

2010-10-22 Thread Stephane Bortzmeyer

On Fri, Oct 22, 2010 at 05:05:06PM +0530,
 rams  wrote 
 a message of 38 lines which said:

> What is the bind response when queried MX record. 

% dig @ns3.nic.fr MX nic.fr

; <<>> DiG 9.7.1-P2 <<>> @ns3.nic.fr MX nic.fr
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20106
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 6, ADDITIONAL: 16
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;nic.fr.IN  MX

;; ANSWER SECTION:
nic.fr. 172800  IN  MX  30 mx3.nic.fr.
nic.fr. 172800  IN  MX  10 mx1.nic.fr.
nic.fr. 172800  IN  MX  20 mx2.nic.fr.

;; AUTHORITY SECTION:
nic.fr. 172800  IN  NS  ns1.nic.fr.
nic.fr. 172800  IN  NS  ns5.ext.nic.fr.
nic.fr. 172800  IN  NS  ns4.ext.nic.fr.
nic.fr. 172800  IN  NS  ns2.nic.fr.
nic.fr. 172800  IN  NS  ns3.nic.fr.
nic.fr. 172800  IN  NS  ns1.ext.nic.fr.

;; ADDITIONAL SECTION:
mx1.nic.fr. 172800  IN  A   192.134.4.10
mx1.nic.fr. 172800  IN  2001:660:3003:2::4:10
mx2.nic.fr. 172800  IN  A   192.134.4.11
mx2.nic.fr. 172800  IN  2001:660:3003:2::4:11
mx3.nic.fr. 172800  IN  A   192.134.4.11
ns1.ext.nic.fr. 172800  IN  A   193.51.208.13
ns1.nic.fr. 172800  IN  A   192.134.4.1
ns1.nic.fr. 172800  IN  2001:660:3003:2::4:1
ns2.nic.fr. 172800  IN  A   192.93.0.4
ns2.nic.fr. 172800  IN  2001:660:3005:1::1:2
ns3.nic.fr. 172800  IN  A   192.134.0.49
ns3.nic.fr. 172800  IN  2001:660:3006:1::1:1
ns4.ext.nic.fr. 172800  IN  A   193.0.9.4
ns4.ext.nic.fr. 172800  IN  2001:67c:e0::4
ns5.ext.nic.fr. 172800  IN  A   206.167.244.5

;; Query time: 2 msec
;; SERVER: 2001:660:3006:1::1:1#53(2001:660:3006:1::1:1)
;; WHEN: Fri Oct 22 13:55:21 2010
;; MSG SIZE  rcvd: 519

> The MX record is having prefernce value is greater than maximum of
> preference value [ex: 65536].

Cannot parse sentence. Can you provide an actual domain name showing
the issue?


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification

2010-10-22 Thread rams

Hi,
What is the bind response when queried MX record. The MX record is having
prefernce value is greater than maximum of preference value [ex: 65536].

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on delegated NS

2010-09-30 Thread Mark Andrews


In message , rams
 writes:
> Hi ,
> 
> When I created delegated NS record. Bind 9.7.1 p3 is giving SERVFAIL , when
> i queried for NS delegated record with NS.
> 
> Could you please clarify me or is it bug in 9.7?

To see a delegation you need to do:

dig +norec ns zone @parent


> Thanks & Regards,
> Ramesh
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on delegated NS

2010-09-29 Thread rams

Hi ,

When I created delegated NS record. Bind 9.7.1 p3 is giving SERVFAIL , when
i queried for NS delegated record with NS.

Could you please clarify me or is it bug in 9.7?

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification about DNS notify

2010-09-10 Thread Sherin George

Hello Torsten,

Thanks for looking into this.

Basically, my previous question came from my ignorance. But, I learned
more and I think found the answer.

"The SOA MNAME field is used by NOTIFY and by dynamic update.
Authoritative name servers send NOTIFY messages to all name servers in
NS records that aren't in the MNAME field, and dynamic updaters try to
send updates to the name server listed in the MNAME field first, if
it's also listed in the NS records for the zone."

I could confirm that most of the zones are configured such that
serverB will receive NOTIFY as per above statement. So, if above
statement is correct, I am with my answer :)

Thank you so much for your help :)


P.S:

>> A wild guess would be that you're missing a "notify no" or "notify
master-only" option on your slave servers.

I have verified that  "notify no" or "notify master-only" are not used
in my named.conf file.

--
Best Regards,
Sherin



On Fri, Sep 10, 2010 at 1:26 PM, Torsten  wrote:
> Am Fri, 10 Sep 2010 12:51:11 +0530
> schrieb Sherin George :
>
>> Hey Guys,
>>
>> I have an issue which need some help.
>>
>> I have two master DNS servers, say A & B.
>>
>> A is running freebsd & B is running centos. B is running BIND 9 also.
>> Now, I want to add one more to this cluster say C.
>>
>> I have installed centos in C with BIND 9. Now, I have copied
>> /etc/named.conf & /var/name from B to C. Now I restarted named in C.
>> Everything worked.
>>
>> Now, I have a question which may be quite simple, but I couldn't find
>> an answer even after lot of googling. So, I would be extremely
>> grateful for any advice you could offer.
>>
>> When I restarted named in C, I could see that C is sending DNS
>> notifications and B is receiving it
>>
>> from /var/log/messages in C:
>>
>> "Sep  9 23:53:44 serverC named[11844]: zone example.com/IN: sending
>> notifies (serial 20050        30401)"
>>
>> from /var/log/messages in B:
>>
>> Sep 9  23:53:44 serverB named[30375]: client XX.XX.XX.XX#54546:
>> received notify for zone 'example.com'
>>
>> I checked  /etc/named.conf and I couldn't see any particular reason
>> for C choosing to notify B.
>>
>> Any explanation to this behavior or a link to any relevant guide will
>> be helpful.
>>
>
> Sharing your current configuration would help in helping you with your
> problem. ;)
>
> A wild guess would be that you're missing a "notify no" or "notify
> master-only" option on your slave servers.
>
>
> Ciao
> Torsten
>
>> --
>> Regards,
>> Sherin
>> ___
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification about DNS notify

2010-09-10 Thread Torsten

Am Fri, 10 Sep 2010 12:51:11 +0530
schrieb Sherin George :

> Hey Guys,
> 
> I have an issue which need some help.
> 
> I have two master DNS servers, say A & B.
> 
> A is running freebsd & B is running centos. B is running BIND 9 also.
> Now, I want to add one more to this cluster say C.
> 
> I have installed centos in C with BIND 9. Now, I have copied
> /etc/named.conf & /var/name from B to C. Now I restarted named in C.
> Everything worked.
> 
> Now, I have a question which may be quite simple, but I couldn't find
> an answer even after lot of googling. So, I would be extremely
> grateful for any advice you could offer.
> 
> When I restarted named in C, I could see that C is sending DNS
> notifications and B is receiving it
> 
> from /var/log/messages in C:
> 
> "Sep  9 23:53:44 serverC named[11844]: zone example.com/IN: sending
> notifies (serial 2005030401)"
> 
> from /var/log/messages in B:
> 
> Sep 9  23:53:44 serverB named[30375]: client XX.XX.XX.XX#54546:
> received notify for zone 'example.com'
> 
> I checked  /etc/named.conf and I couldn't see any particular reason
> for C choosing to notify B.
> 
> Any explanation to this behavior or a link to any relevant guide will
> be helpful.
> 

Sharing your current configuration would help in helping you with your
problem. ;)

A wild guess would be that you're missing a "notify no" or "notify
master-only" option on your slave servers.


Ciao
Torsten

> --
> Regards,
> Sherin
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification about DNS notify

2010-09-10 Thread Sherin George

Hey Guys,

I have an issue which need some help.

I have two master DNS servers, say A & B.

A is running freebsd & B is running centos. B is running BIND 9 also.
Now, I want to add one more to this cluster say C.

I have installed centos in C with BIND 9. Now, I have copied
/etc/named.conf & /var/name from B to C. Now I restarted named in C.
Everything worked.

Now, I have a question which may be quite simple, but I couldn't find
an answer even after lot of googling. So, I would be extremely
grateful for any advice you could offer.

When I restarted named in C, I could see that C is sending DNS
notifications and B is receiving it

from /var/log/messages in C:

"Sep  9 23:53:44 serverC named[11844]: zone example.com/IN: sending
notifies (serial 2005030401)"

from /var/log/messages in B:

Sep 9  23:53:44 serverB named[30375]: client XX.XX.XX.XX#54546:
received notify for zone 'example.com'

I checked  /etc/named.conf and I couldn't see any particular reason
for C choosing to notify B.

Any explanation to this behavior or a link to any relevant guide will
be helpful.

--
Regards,
Sherin
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on bind response

2010-08-24 Thread Kevin Darcy


On 8/24/2010 8:18 AM, rams wrote:


Hi
When we have data as follows queried domain 
"maint.rameshops5526old.com ." 
against bind and my own resolver. Bind and my resolver response are 
same but only mismatching with flags. bind is returning AA flag but my 
resolver is not returning AA flag. in this case wihcih is correct bind 
or my resolver?

Zone: rameshops5526old.com 

maint.rameshops5526old.com . 300 
IN  CNAME
maint.global.rameshops5526old.com 
.
rameshops5526old.com .   21600   IN 
 NS dns5.rameshops5526old.com .
rameshops5526old.com .   21600   IN 
 NS dns2.rameshops5526old.com .
rameshops5526old.com .   21600   IN 
 NS dns1.rameshops5526old.com .
rameshops5526old.com .   21600   IN 
 NS dns6.rameshops5526old.com .
rameshops5526old.com .   21600   IN 
 NS dns4.rameshops5526old.com .
rameshops5526old.com .   21600   IN 
 NS dns3.rameshops5526old.com .
global.rameshops5526old.com . 300 
IN NS j.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS a.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS l.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS d.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS b.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS e.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS c.ns.nsatc.net .



AA is set on BIND's response because the CNAME is coming directly from 
authoritative data.


AA is not set on your resolver's response because the answer *isn't* 
coming directly from authoritative data.


Why is this an issue? A stub resolver or an application generally 
doesn't -- and shouldn't -- care -- or usually doesn't even *know* -- 
about the setting of the AA flag.



- Kevin




___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on bind response

2010-08-24 Thread Kevin Darcy


On 8/24/2010 2:25 AM, rams wrote:

Hi,
I have set up data as follows in bind.
Zone: rameshops5526old.com 
maint.rameshops5526old.com . 300 
IN  CNAME maint.global.rameshops5526old.com 
.
rameshops5526old.com .   21600   IN  
NS dns5.rameshops5526old.com .
rameshops5526old.com .   21600   IN  
NS dns2.rameshops5526old.com .
rameshops5526old.com .   21600   IN  
NS dns1.rameshops5526old.com .
rameshops5526old.com .   21600   IN  
NS dns6.rameshops5526old.com .
rameshops5526old.com .   21600   IN  
NS dns4.rameshops5526old.com .
rameshops5526old.com .   21600   IN  
NS dns3.rameshops5526old.com .
global.rameshops5526old.com . 300 
IN NS j.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS a.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS l.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS d.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS b.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS e.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS c.ns.nsatc.net .

Queried against bind and get the reposne as follows
[r...@stulcqacustbind2 recursive_enabled]# dig @10.31.145.194 
 maint.rameshops5526old.com 
.
; <<>> DiG 9.6.1-P3 <<>> @10.31.145.194  
maint.rameshops5526old.com .

; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16855
;; flags: qr *aa* rd; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;maint.rameshops5526old.com .
IN  A

;; ANSWER SECTION:
maint.rameshops5526old.com . 300 
IN  CNAME maint.global.rameshops5526old.com 
.

;; AUTHORITY SECTION:
global.rameshops5526old.com . 300 
IN NS e.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS l.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS a.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS j.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS c.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS d.ns.nsatc.net .
global.rameshops5526old.com . 300 
IN NS b.ns.nsatc.net .

;; Query time: 2 msec
;; SERVER: 10.31.145.194#53(10.31.145.194)
;; WHEN: Tue Aug 24 06:26:31 2010
;; MSG SIZE  rcvd: 195
Here AA flag is returning is it correct? because domain 
"global.rameshops5526old.com . " 
delegated so we should not return AA flag right? Please clarify me.


You're authoritative for the CNAME record that is contained in the 
Answer Section.



- Kevin


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on bind response

2010-08-24 Thread Matus UHLAR - fantomas

On 24.08.10 17:48, rams wrote:
> When we have data as follows queried domain "maint.rameshops5526old.com."
> against bind and my own resolver. Bind and my resolver response are same but
> only mismatching with flags. bind is returning AA flag but my resolver is
> not returning AA flag. in this case wihcih is correct bind or my resolver?

yes.
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
He who laughs last thinks slowest. 
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on bind response

2010-08-24 Thread rams

 Hi

When we have data as follows queried domain "maint.rameshops5526old.com."
against bind and my own resolver. Bind and my resolver response are same but
only mismatching with flags. bind is returning AA flag but my resolver is
not returning AA flag. in this case wihcih is correct bind or my resolver?

Zone: rameshops5526old.com

maint.rameshops5526old.com. 300 IN  CNAME
maint.global.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns5.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns2.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns1.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns6.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns4.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns3.rameshops5526old.com.
global.rameshops5526old.com. 300 IN NS  j.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  a.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  l.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  d.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  b.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  e.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  c.ns.nsatc.net.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on bind response

2010-08-24 Thread Matus UHLAR - fantomas

On 24.08.10 12:48, rams wrote:
> Please tell me the correct answer for the below set up:

this is not set up, this is the answer.

> *Zone: rameshops5526old.com
> *
> maint.rameshops5526old.com. 300 IN  CNAME
> maint.global.rameshops5526old.com.
> rameshops5526old.com.   21600   IN  NS  dns5.rameshops5526old.com.
> rameshops5526old.com.   21600   IN  NS  dns2.rameshops5526old.com.
> rameshops5526old.com.   21600   IN  NS  dns1.rameshops5526old.com.
> rameshops5526old.com.   21600   IN  NS  dns6.rameshops5526old.com.
> rameshops5526old.com.   21600   IN  NS  dns4.rameshops5526old.com.
> rameshops5526old.com.   21600   IN  NS  dns3.rameshops5526old.com.
> global.rameshops5526old.com. 300 IN NS  j.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  a.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  l.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  d.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  b.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  e.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  c.ns.nsatc.net.
> 
> dig @localhost *maint.rameshops5526old.com A*

what do you want? What problem do you have?
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool. 
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on bind response

2010-08-24 Thread rams

Hi ,
Please tell me the correct answer for the below set up:

*Zone: rameshops5526old.com
*
maint.rameshops5526old.com. 300 IN  CNAME
maint.global.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns5.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns2.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns1.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns6.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns4.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns3.rameshops5526old.com.
global.rameshops5526old.com. 300 IN NS  j.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  a.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  l.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  d.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  b.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  e.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  c.ns.nsatc.net.

dig @localhost *maint.rameshops5526old.com A*

**
Thanks & Regards,
Ramesh
*
*
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on bind response

2010-08-23 Thread Mark Andrews


In message , rams 
writes:
> Hi,
> 
> I have set up data as follows in bind.
> Zone: rameshops5526old.com
> 
> maint.rameshops5526old.com. 300 IN  CNAME
> maint.global.rameshops5526old.com.
> rameshops5526old.com.   21600   IN  NS  dns5.rameshops5526old.com.
> rameshops5526old.com.   21600   IN  NS  dns2.rameshops5526old.com.
> rameshops5526old.com.   21600   IN  NS  dns1.rameshops5526old.com.
> rameshops5526old.com.   21600   IN  NS  dns6.rameshops5526old.com.
> rameshops5526old.com.   21600   IN  NS  dns4.rameshops5526old.com.
> rameshops5526old.com.   21600   IN  NS  dns3.rameshops5526old.com.
> global.rameshops5526old.com. 300 IN NS  j.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  a.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  l.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  d.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  b.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  e.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  c.ns.nsatc.net.
> 
> Queried against bind and get the reposne as follows
> 
> [r...@stulcqacustbind2 recursive_enabled]# dig @10.31.145.194
> maint.rameshops5526old.com.
> ; <<>> DiG 9.6.1-P3 <<>> @10.31.145.194 maint.rameshops5526old.com.
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16855
> ;; flags: qr *aa* rd; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> ;; QUESTION SECTION:
> ;maint.rameshops5526old.com.IN  A
> ;; ANSWER SECTION:
> maint.rameshops5526old.com. 300 IN  CNAME
> maint.global.rameshops5526old.com.
> ;; AUTHORITY SECTION:
> global.rameshops5526old.com. 300 IN NS  e.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  l.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  a.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  j.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  c.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  d.ns.nsatc.net.
> global.rameshops5526old.com. 300 IN NS  b.ns.nsatc.net.
> ;; Query time: 2 msec
> ;; SERVER: 10.31.145.194#53(10.31.145.194)
> ;; WHEN: Tue Aug 24 06:26:31 2010
> ;; MSG SIZE  rcvd: 195
> Here AA flag is returning is it correct? because domain "
> global.rameshops5526old.com. " delegated so we should not return AA flag
> right? Please clarify me.
> 
> Thanks & Regards,
> Ramesh

"aa" indicates that the server is authoritative for the CNAME record.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on bind response

2010-08-23 Thread rams

Hi,

I have set up data as follows in bind.
Zone: rameshops5526old.com

maint.rameshops5526old.com. 300 IN  CNAME
maint.global.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns5.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns2.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns1.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns6.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns4.rameshops5526old.com.
rameshops5526old.com.   21600   IN  NS  dns3.rameshops5526old.com.
global.rameshops5526old.com. 300 IN NS  j.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  a.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  l.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  d.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  b.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  e.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  c.ns.nsatc.net.

Queried against bind and get the reposne as follows

[r...@stulcqacustbind2 recursive_enabled]# dig @10.31.145.194
maint.rameshops5526old.com.
; <<>> DiG 9.6.1-P3 <<>> @10.31.145.194 maint.rameshops5526old.com.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16855
;; flags: qr *aa* rd; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;maint.rameshops5526old.com.IN  A
;; ANSWER SECTION:
maint.rameshops5526old.com. 300 IN  CNAME
maint.global.rameshops5526old.com.
;; AUTHORITY SECTION:
global.rameshops5526old.com. 300 IN NS  e.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  l.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  a.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  j.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  c.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  d.ns.nsatc.net.
global.rameshops5526old.com. 300 IN NS  b.ns.nsatc.net.
;; Query time: 2 msec
;; SERVER: 10.31.145.194#53(10.31.145.194)
;; WHEN: Tue Aug 24 06:26:31 2010
;; MSG SIZE  rcvd: 195
Here AA flag is returning is it correct? because domain "
global.rameshops5526old.com. " delegated so we should not return AA flag
right? Please clarify me.

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on ANY query

2010-08-03 Thread Kevin Darcy


It might be worth pointing out
a) that you're trying to recursively query a non-recursive nameserver
b) that the MX record is technically superfluous, since its target is 
the same as the owner name, and all mail clients will fail over to doing 
an A query of the same name if no MX record is present. I understand, 
however, that if your negative-caching parameter for the zone needs to 
be low for some reason (relative to your positive-caching 1-day TTL), 
then the presence of the MX record might save you a certain amount of 
query traffic, and therefore serve a practical purpose even if "redundant".



- Kevin


On 8/3/2010 12:08 AM, rams wrote:

Hi ,
I have data as follows
a.rameshops5446.com . 86400 IN A 1.2.3.1
a.rameshops5446.com . 86400 IN MX 10 
a.rameshops5446.com .
I queried domain "a.rameshops5446.com " 
with type ANY against bind9.6 .

Actual Result:
Bind is returning above two records in answer section and also 
returning A record in additional section as follows.

# dig @localhost a.rameshops5446.com . any
; <<>> DiG 9.6.1-P3 <<>> @localhost a.rameshops5446.com 
. any

; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33411
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;a.rameshops5446.com .   IN  ANY
;; ANSWER SECTION:
a.rameshops5446.com .86400   IN  
MX  10 a.rameshops5446.com .
a.rameshops5446.com .86400   IN  
A   1.2.3.1

;; AUTHORITY SECTION:
rameshops5446.com .  86400   IN  NS 
udns2.ultradns.net .
rameshops5446.com .  86400   IN  NS 
udns1.ultradns.net .

;; ADDITIONAL SECTION:
a.rameshops5446.com .86400   IN  
A   1.2.3.1

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Aug  3 04:06:45 2010
;; MSG SIZE  rcvd: 137
Here my doubt is A record already returned in answer section why the 
same A record is returning in additional section. I know if MX pointed 
record have any A/ records will return in additional section. but 
in above case already the same A record returned in answer section. Is 
bind result correct? could you please clarify me.

Thanks & Regards,
Ramesh


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on ANY query

2010-08-02 Thread Evan Hunt

> Here my doubt is A record already returned in answer section why the same A
> record is returning in additional section. I know if MX pointed record have
> any A/ records will return in additional section. but in above case
> already the same A record returned in answer section. Is bind result
> correct? could you please clarify me.

It's "correct" in the sense that it isn't a protocol violation.  But it's
"incorrect" in the sense that duplicate data is inefficient, so maybe
it's a bug that BIND did that.  Send it to bind9-b...@isc.org, we'll look
into it.

-- 
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on ANY query

2010-08-02 Thread rams

Hi ,

I have data as follows

a.rameshops5446.com. 86400 IN A 1.2.3.1
a.rameshops5446.com. 86400 IN MX 10 a.rameshops5446.com.
I queried domain "a.rameshops5446.com" with type ANY against bind9.6 .

Actual Result:
Bind is returning above two records in answer section and also returning A
record in additional section as follows.

# dig @localhost a.rameshops5446.com. any
; <<>> DiG 9.6.1-P3 <<>> @localhost a.rameshops5446.com. any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33411
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;a.rameshops5446.com.   IN  ANY
;; ANSWER SECTION:
a.rameshops5446.com.86400   IN  MX  10 a.rameshops5446.com.
a.rameshops5446.com.86400   IN  A   1.2.3.1
;; AUTHORITY SECTION:
rameshops5446.com.  86400   IN  NS  udns2.ultradns.net.
rameshops5446.com.  86400   IN  NS  udns1.ultradns.net.
;; ADDITIONAL SECTION:
a.rameshops5446.com.86400   IN  A   1.2.3.1
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Aug  3 04:06:45 2010
;; MSG SIZE  rcvd: 137
Here my doubt is A record already returned in answer section why the same A
record is returning in additional section. I know if MX pointed record have
any A/ records will return in additional section. but in above case
already the same A record returned in answer section. Is bind result
correct? could you please clarify me.

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: clarification on AXFR

2010-06-03 Thread JINMEI Tatuya / 神明達哉

At Thu, 3 Jun 2010 11:39:30 +0530,
rams  wrote:

> During AXFR of a zone, the zone.dbfile is not created till the AXFR
> completes. Till AXFR completes, the file name will be some value as
> 456eefwfc. Is it correct behavior?

Yes, that's the intended behavior.

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

clarification on AXFR

2010-06-02 Thread rams

Hi,
During AXFR of a zone, the zone.dbfile is not created till the AXFR
completes. Till AXFR completes, the file name will be some value as
456eefwfc. Is it correct behavior?

Thanks & Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on bind result

2010-06-02 Thread Kevin Darcy

What exactly are you expecting to see there? NS records for the root 
zone? Is this *non-recursive* nameserver obligated to give out NS and/or 
SOA records for the root zone in the Authority Section? I think not.



- Kevin


On 6/1/2010 4:45 AM, rams wrote:

Is there any update on the following issue.

On Mon, May 31, 2010 at 2:16 PM, rams > wrote:


Hi ,
I have the following zone file:

$ORIGIN td3497.com .

@ IN SOA udns1.ultradns.net .
ppk.yahoo.com . (

2010052610 ; serial

10800 ; refresh

3600 ; retry

2592000 ; expire

86400 ; minimum

)

cname.chain.td3497.com . 86400 IN
CNAME mx.chain.td3497.com .

mx.chain.td3497.com . 86400 IN MX 34
mx1.chain.td3497.com .

mx1.chain.td3497.com . 86400 IN MX
34 mx2.chain.td3497.com .

mx2.chain.td3497.com . 86400 IN MX
34 mx3.chain.td3497.com .

mx3.chain.td3497.com . 86400 IN A
1.2.3.4

ramesh.td3497.com . 86400 MX 20 .

ramesh.td3497.com . 86400 MX 20 mx1.

*cname.td3497.com . 86400 CNAME .*

td3497.com . 86400 IN NS udns2.ultradns.net
.

td3497.com . 86400 IN NS udns1.ultradns.net
.

;End

I queried for cname domain against bind 9.6.X and got the
following response

C:\Documents and Settings\rameshb>dig @localhost cname.td3497.com
 mx

; <<>> DiG 9.6.1-P1 <<>> @localhost cname.td3497.com
 mx
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 681
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;cname.td3497.com .  IN  MX

;; ANSWER SECTION:
cname.td3497.com .   86400   IN 
CNAME   .


;; Query time: 15 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 31 14:10:32 2010
;; MSG SIZE  rcvd: 47

Here why authority section is not returned? Actually authority
section should be returned with SOA right?

Thanks & Regards,

Ramesh



___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on bind result

2010-06-01 Thread Matus UHLAR - fantomas

On 31.05.10 14:16, rams wrote:
> I have the following zone file:
> 
> $ORIGIN td3497.com.
> 
> @ IN SOA udns1.ultradns.net. ppk.yahoo.com. (
> 2010052610 ; serial
> 10800 ; refresh
> 3600 ; retry
> 2592000 ; expire
> 86400 ; minimum
> )
> 
> cname.chain.td3497.com. 86400 IN CNAME mx.chain.td3497.com.
> mx.chain.td3497.com. 86400 IN MX 34 mx1.chain.td3497.com.
> mx1.chain.td3497.com. 86400 IN MX 34 mx2.chain.td3497.com.
> mx2.chain.td3497.com. 86400 IN MX 34 mx3.chain.td3497.com.
> mx3.chain.td3497.com. 86400 IN A 1.2.3.4

I have already told that this "chain" is not going to work as you expect.

Since none of mx1.chain.td3497.com and mx2.chain.td3497.com. have A records,
the MX records for mx.chain.td3497.com and mx1.chain.td3497.com point to
nonexistent name and they won't work.

> ramesh.td3497.com. 86400 MX 20 .
> ramesh.td3497.com. 86400 MX 20 mx1.

These are broken. While the first is sometimes used to indicate
"ramesh.td3497.com does not receive mail", the latter points to non-existing
"mx1." toplevel domain.

> *cname.td3497.com. 86400 CNAME .*

This is broken, read RF4592 for wildcard definition and usage.

>  td3497.com. 86400 IN NS udns2.ultradns.net.
> 
> td3497.com. 86400 IN NS udns1.ultradns.net.

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Clarification on bind result

2010-06-01 Thread rams

Is there any update on the following issue.

On Mon, May 31, 2010 at 2:16 PM, rams  wrote:

> Hi ,
>
> I have the following zone file:
>
> $ORIGIN td3497.com.
>
> @ IN SOA udns1.ultradns.net. ppk.yahoo.com. (
>
> 2010052610 ; serial
>
> 10800 ; refresh
>
> 3600 ; retry
>
> 2592000 ; expire
>
> 86400 ; minimum
>
> )
>
> cname.chain.td3497.com. 86400 IN CNAME mx.chain.td3497.com.
>
> mx.chain.td3497.com. 86400 IN MX 34 mx1.chain.td3497.com.
>
> mx1.chain.td3497.com. 86400 IN MX 34 mx2.chain.td3497.com.
>
> mx2.chain.td3497.com. 86400 IN MX 34 mx3.chain.td3497.com.
>
> mx3.chain.td3497.com. 86400 IN A 1.2.3.4
>
> ramesh.td3497.com. 86400 MX 20 .
>
> ramesh.td3497.com. 86400 MX 20 mx1.
>
> *cname.td3497.com. 86400 CNAME .*
>
>  td3497.com. 86400 IN NS udns2.ultradns.net.
>
> td3497.com. 86400 IN NS udns1.ultradns.net.
>
> ;End
>
>
>
> I queried for cname domain against bind 9.6.X and got the following
> response
>
> C:\Documents and Settings\rameshb>dig @localhost cname.td3497.com mx
>
> ; <<>> DiG 9.6.1-P1 <<>> @localhost cname.td3497.com mx
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 681
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;cname.td3497.com.  IN  MX
>
> ;; ANSWER SECTION:
> cname.td3497.com.   86400   IN  CNAME   .
>
> ;; Query time: 15 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon May 31 14:10:32 2010
> ;; MSG SIZE  rcvd: 47
>
>
>
> Here why authority section is not returned? Actually authority section
> should be returned with SOA right?
>
> Thanks & Regards,
>
> Ramesh
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification on bind result

2010-05-31 Thread rams

Hi ,

I have the following zone file:

$ORIGIN td3497.com.

@ IN SOA udns1.ultradns.net. ppk.yahoo.com. (

2010052610 ; serial

10800 ; refresh

3600 ; retry

2592000 ; expire

86400 ; minimum

)

cname.chain.td3497.com. 86400 IN CNAME mx.chain.td3497.com.

mx.chain.td3497.com. 86400 IN MX 34 mx1.chain.td3497.com.

mx1.chain.td3497.com. 86400 IN MX 34 mx2.chain.td3497.com.

mx2.chain.td3497.com. 86400 IN MX 34 mx3.chain.td3497.com.

mx3.chain.td3497.com. 86400 IN A 1.2.3.4

ramesh.td3497.com. 86400 MX 20 .

ramesh.td3497.com. 86400 MX 20 mx1.

*cname.td3497.com. 86400 CNAME .*

 td3497.com. 86400 IN NS udns2.ultradns.net.

td3497.com. 86400 IN NS udns1.ultradns.net.

;End



I queried for cname domain against bind 9.6.X and got the following response

C:\Documents and Settings\rameshb>dig @localhost cname.td3497.com mx

; <<>> DiG 9.6.1-P1 <<>> @localhost cname.td3497.com mx
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 681
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;cname.td3497.com.  IN  MX

;; ANSWER SECTION:
cname.td3497.com.   86400   IN  CNAME   .

;; Query time: 15 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon May 31 14:10:32 2010
;; MSG SIZE  rcvd: 47



Here why authority section is not returned? Actually authority section
should be returned with SOA right?

Thanks & Regards,

Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Clarification of statistics

2010-02-22 Thread Stian Øvrevåge

Hi list,

In an attempt to wrap my head around the statistics gathered and
presented by the "statistics-channel" I created the following visio
drawing:

http://bildr.no/image/593944.jpeg

I would be happy if someone with more knowledge of both DNS protocols
and BIND in specific could verify what I have already placed and maybe
give a few pointers on where to put the rest of the boxes.

Cheers and TIA,
Stian Øvrevåge
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

77 matches

Mail list logo