re: .prod issues
> I have a subdomain prod.mydomain.com today all of our internal > resources that use this prod subdomain stopped being able to reach > eachother. I believe the issue is related to the release of .prod as > a TLD. Is there a way I can block this TLD or point it back to my > environment? > > Currently, I have added mdots:2 to resolv.conf as a workaround. i think you probably mean ndots not mdots. that's a fine workaround as long as you control all your stub resolvers (which is where the ndots logic runs) and they are all running the BIND stub resolver (for which ndots is a unique feature; see RFC 1535 for the history). a likely better workaround is to use DNS RPZ (so, you'll need BIND 9.9 or later on your recursive servers) and put in a local rule like "*.PROD CNAME ." to cause all of the search-path logic of all your stub resolvers (whether they have ndots logic, or not) to never see the PROD TLD, and thus, fall through to your local PROD.EXAMPLE.COM names. sadly, i think a lot of people in a lot of places are going to do this to a lot of the new GTLD's. but the new GTLD's have been on greased rails since inception, and no amount of warnings about this kind of damage did more than slow things down briefly. so, the hounds of DNS hell are now loose. good thing we have RPZ i guess. vixie ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: .prod issues
In message , Reade Taylor writes: > I have a subdomain prod.mydomain.com today all of our internal resources > that use this prod subdomain stopped being able to reach eachother. I > believe the issue is related to the release of .prod as a TLD. Is there a > way I can block this TLD or point it back to my environment? > > Currently, I have added mdots:2 to resolv.conf as a workaround. > > Reade You need to stop using partially qualified names to refer to local machines, e.g. host.prod. The DNS was not designed to be used that way even if resolvers let you get away with it until the introduction of prod. Your machine names are host.prod.mydomain.com not host.prod. Stick to unqualified + search list and fully qualified. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: .prod issues
On 5 Sep 2014, at 14:04, Reade Taylor wrote: > I have a subdomain prod.mydomain.com today all of our internal resources that > use this prod subdomain stopped being able to reach eachother. I believe the > issue is related to the release of .prod as a TLD. Is there a way I can > block this TLD or point it back to my environment? > > Currently, I have added mdots:2 to resolv.conf as a workaround. https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf signature.asc Description: Message signed with OpenPGP using GPGMail ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: .prod issues
On Fri, Sep 05, 2014 at 08:04:05AM -0500, Reade Taylor wrote: > I have a subdomain prod.mydomain.com today all of our internal resources > that use this prod subdomain stopped being able to reach eachother. I > believe the issue is related to the release of .prod as a TLD. Is there a > way I can block this TLD or point it back to my environment? > > Currently, I have added mdots:2 to resolv.conf as a workaround. > > Reade Are you using FQDNs everywhere? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
