Re: Help with DKIM record
Maybe try dig: dig -t txt google.com On 04/14/2014 10:23 AM, Felix Rubio Dalmau wrote: Hi everybody, I have set up a bind9 server, and everything works fine except when I try to request some fields (e.g., TXT) for any server. If I do host -t txt I get has no TXT record whereas if I do host -t txt I got the correct answer from that other server. Does anybody have any idea on how to fix this? Thank you, Felix ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Help with DKIM record
Maybe try dig: dig -t txt google.com On 04/14/2014 10:23 AM, Felix Rubio Dalmau wrote: Hi everybody, I have set up a bind9 server, and everything works fine except when I try to request some fields (e.g., TXT) for any server. If I do host -t txt I get has no TXT record whereas if I do host -t txt I got the correct answer from that other server. Does anybody have any idea on how to fix this? Thank you, Felix ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Help with DKIM record
What isn't clear so far is whether the TXT record you're looking up is in the "myserver.org" zone or some other zone. If you're authoritative for myserver.org, you're authoritative for *all* of myserver.org. named isn't going to do "failover forwarding" just because you neglected to add a TXT record to your zone file. It'll give a negative response to the query. forward first/forward only has no effect whatsoever on that behavior. - Kevin On 4/14/2014 12:02 PM, Felix Rubio Dalmau wrote: Maybe this is my problem: I have not created any zone file :s. The only files I've created/modified are: ### named.conf.local include "/etc/bind/rndc.key"; zone "myserver.org" { type master; file "/etc/bind/db.myserver.local"; allow-update { key rndc-key; }; }; zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192"; allow-update { key rndc-key; }; }; ### named.conf.options options { directory "/var/cache/bind"; forwarders { 91.126.224.5; 91.126.224.6; }; allow-query { 192.168.1.0/24; 127.0.0.1; }; allow-transfer { 192.168.1.0/24; 127.0.0.1; }; dnssec-validation auto; auth-nxdomain no;# conform to RFC1035 listen-on-v6 { any; }; empty-zones-enable no; }; ### I thought that when requesting fields that are not available in the local dns server, such requests would be forwarded to the forwarders and its answers cached :S. What should I do? Felix On Monday 14 April 2014 16:35:10 Steven Carr wrote: On 14 April 2014 15:59, Felix Rubio Dalmau wrote: What files, exactly? Named.conf.local and named.conf.options is enough? Yep, and the zone files that you have created that contain the TXT records you want to query for. Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Help with DKIM record
On 4/14/2014 2:58 PM, Steven Carr wrote: On 14 April 2014 18:53, Felix Rubio Dalmau wrote: it is not actually a pure caching server (at least I didn't wanted it to be :S). I have server at home, and the DNS is properly configured at the internet. The problem is that my router is not capable to redirect my requests to my server when they come from the LAN. So, I have had to configure a dhcp+dns server to give the IPs to the machines in the LAN, and to use the dns server to resolve the local server using db.server.local and db.192 files. db.server.local wasn't in your config and your query is for www.server.org, myserver.org was listed in your config file. I understand that "forward only;" will not hurt but, right? After setting it, I do the dig and I get: Setting it to forward only means that anything that the server is not authoritative for it will forward to the specified servers. Actually -- small correction -- it's the "forwarders" statement that triggers _that_ behavior. Forward only/forward first is just a refinement of what happens if the forwarders are unresponsive (as implied in the remainder of your paragraph). Some additional semantic nitpicking... If you do not have that set then there are occasions where your DNS server will go to the Internet root and start to search for the requested record recursively, I think you mean "iteratively" here. if you're fine with that then is there a reason why you are forwarding requests to other DNS servers? I think you mean "iterating" rather than "forwarding" here. End semantic nitpicking :-) why not just allow your local DNS server to handle the whole resolution process? Totally agreed. Forwarding should not be added to a named.conf unless it is well considered and justified. "Will not hurt"? It very well *might* hurt. It often *does* hurt. - Kevin ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Help with DKIM record
On 14 April 2014 18:53, Felix Rubio Dalmau wrote: > it is not actually a pure caching server (at least I didn't wanted it > to be :S). I have server at home, and the DNS is properly configured at the > internet. The problem is that my router is not capable to redirect my > requests to my server when they come from the LAN. So, I have had to > configure a dhcp+dns server to give the IPs to the machines in the LAN, and > to use the dns server to resolve the local server using db.server.local and > db.192 files. db.server.local wasn't in your config and your query is for www.server.org, myserver.org was listed in your config file. > I understand that "forward only;" will not hurt but, right? After > setting it, I do the dig and I get: Setting it to forward only means that anything that the server is not authoritative for it will forward to the specified servers. If you do not have that set then there are occasions where your DNS server will go to the Internet root and start to search for the requested record recursively, if you're fine with that then is there a reason why you are forwarding requests to other DNS servers? why not just allow your local DNS server to handle the whole resolution process? Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Help with DKIM record
Hi Steve, it is not actually a pure caching server (at least I didn't wanted it to be :S). I have server at home, and the DNS is properly configured at the internet. The problem is that my router is not capable to redirect my requests to my server when they come from the LAN. So, I have had to configure a dhcp+dns server to give the IPs to the machines in the LAN, and to use the dns server to resolve the local server using db.server.local and db.192 files. I understand that "forward only;" will not hurt but, right? After setting it, I do the dig and I get: ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.server.org txt ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52796 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.server.org. IN TXT ;; AUTHORITY SECTION: server.org. 604800 IN SOA server.org. root.server.org. 10420141 604800 86400 2419200 604800 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Apr 14 19:53:01 2014 ;; MSG SIZE rcvd: 72 Felix On Monday 14 April 2014 17:36:36 Steven Carr wrote: > On 14 April 2014 17:02, Felix Rubio Dalmau wrote: > > Maybe this is my problem: I have not created any zone file :s. The only > > files I've created/modified are: > > I thought that when requesting fields that are not available in the local > > dns server, such requests would be forwarded to the forwarders and its > > answers cached :S. What should I do? > > OK, so you're implementing a caching server, you didn't state that in > your original email. > > So check your /etc/resolv.conf file and see where it is pointing to > for DNS, this is what the `host` command will use when querying for > DNS, it should be your new server that you have setup. You probably > also want to add the statement "forward only;" into your options > section as well, otherwise your caching server might still try to > query the Internet root if it didn't get a response from the servers > you are forwarding to. > > Then use the `dig` command to look for the txt record e.g. dig host > txt - post back the full command and the response. > > Steve signature.asc Description: This is a digitally signed message part. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Help with DKIM record
On 14 April 2014 17:02, Felix Rubio Dalmau wrote: > Maybe this is my problem: I have not created any zone file :s. The only files > I've created/modified are: > I thought that when requesting fields that are not available in the local dns > server, such requests would be forwarded to the forwarders and its answers > cached :S. What should I do? OK, so you're implementing a caching server, you didn't state that in your original email. So check your /etc/resolv.conf file and see where it is pointing to for DNS, this is what the `host` command will use when querying for DNS, it should be your new server that you have setup. You probably also want to add the statement "forward only;" into your options section as well, otherwise your caching server might still try to query the Internet root if it didn't get a response from the servers you are forwarding to. Then use the `dig` command to look for the txt record e.g. dig host txt - post back the full command and the response. Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Help with DKIM record
Maybe this is my problem: I have not created any zone file :s. The only files I've created/modified are: ### named.conf.local include "/etc/bind/rndc.key"; zone "myserver.org" { type master; file "/etc/bind/db.myserver.local"; allow-update { key rndc-key; }; }; zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192"; allow-update { key rndc-key; }; }; ### named.conf.options options { directory "/var/cache/bind"; forwarders { 91.126.224.5; 91.126.224.6; }; allow-query { 192.168.1.0/24; 127.0.0.1; }; allow-transfer { 192.168.1.0/24; 127.0.0.1; }; dnssec-validation auto; auth-nxdomain no;# conform to RFC1035 listen-on-v6 { any; }; empty-zones-enable no; }; ### I thought that when requesting fields that are not available in the local dns server, such requests would be forwarded to the forwarders and its answers cached :S. What should I do? Felix On Monday 14 April 2014 16:35:10 Steven Carr wrote: > On 14 April 2014 15:59, Felix Rubio Dalmau wrote: > > What files, exactly? Named.conf.local and named.conf.options is enough? > > Yep, and the zone files that you have created that contain the TXT > records you want to query for. > > Steve signature.asc Description: This is a digitally signed message part. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Help with DKIM record
On 14 April 2014 15:59, Felix Rubio Dalmau wrote: > What files, exactly? Named.conf.local and named.conf.options is enough? Yep, and the zone files that you have created that contain the TXT records you want to query for. Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Help with DKIM record
What files, exactly? Named.conf.local and named.conf.options is enough? Felix On Monday 14 April 2014 14:25:53 Steven Carr wrote: > On 14 April 2014 14:21, Felix Rubio Dalmau wrote: > > yes, it is the server I've set up in my local LAN. How can I set it > > to have these TXT records? > > Post your current config and zone files (use pastebin if they are > larger than a few lines). > > Then copy/paste the full host command and it's output, or even better > use the dig command and post those commands/output. > > Steve signature.asc Description: This is a digitally signed message part. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Help with DKIM record
On 14 April 2014 14:21, Felix Rubio Dalmau wrote: > yes, it is the server I've set up in my local LAN. How can I set it > to have these TXT records? Post your current config and zone files (use pastebin if they are larger than a few lines). Then copy/paste the full host command and it's output, or even better use the dig command and post those commands/output. Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Help with DKIM record
Hi Barry, yes, it is the server I've set up in my local LAN. How can I set it to have these TXT records? Thank you, Felix On Monday 14 April 2014 08:18:12 Barry S. Finkel wrote: > Felix Rubio Dalmau wrote: > > Hi everybody, > > > >I have set up a bind9 server, and everything works fine except when I > > try to request some fields (e.g., TXT) for any server. If I do > > host -t txt > >I get > > has no TXT record > > > >whereas if I do > > host -t txt > >I got the correct answer from that other server. > > > >Does anybody have any idea on how to fix this? > > > >Thank you, > >Felix > > Do you know what default NS server you are querying when do do not > specify the server in your command line? Does that server have the TXT > record? > > --Barry Finkel > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users signature.asc Description: This is a digitally signed message part. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Help with DKIM record
Felix Rubio Dalmau wrote: Hi everybody, I have set up a bind9 server, and everything works fine except when I try to request some fields (e.g., TXT) for any server. If I do host -t txt I get has no TXT record whereas if I do host -t txt I got the correct answer from that other server. Does anybody have any idea on how to fix this? Thank you, Felix Do you know what default NS server you are querying when do do not specify the server in your command line? Does that server have the TXT record? --Barry Finkel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Help with DKIM record
Hi everybody, I have set up a bind9 server, and everything works fine except when I try to request some fields (e.g., TXT) for any server. If I do host -t txt I get has no TXT record whereas if I do host -t txt I got the correct answer from that other server. Does anybody have any idea on how to fix this? Thank you, Felix signature.asc Description: This is a digitally signed message part. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users