-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-07-28 at 12:13 -0400, Paul A wrote:
> Now what is everyone using to make sure the zones in named.conf are
> still pointing to your NS servers? I have a lot of stale DNS zones I
> want to remove.
script a loop to "dig $zone ns @8.8.8.8
Correct on the gist. All answers where extremely helpful. I am curious
on Vinícius
Ferrão query I would like it to be more secure. I'll have to read more on
using GSS-TSIG with Kerberos. I seem to recall this is setup by the samba
install of AD but I'll have to look at it more closely as now I
Absolutely agreed.
Regards,
Chris
Sent from my iPhone
> On Jul 28, 2016, at 12:40 PM, Darcy Kevin (FCA)
> wrote:
>
> Yes, I did misread the original post; thanks for clarifying.
>
> But, the gist of the question seemed to be about mitigating the effects of
>
Yes, I did misread the original post; thanks for clarifying.
But, the gist of the question seemed to be about mitigating the effects of
caching, for dynamically-changing data. At a high level, whether the zones are
AD zones or not, whether the “master” is BIND or Microsoft DNS, doesn’t have a
Please add TCPWave to your list of commercial vendors that provide GUI
and API for managing DNS.
Thanks
TCPWave Customer Care
http://www.tcpwave.com
On 7/28/16 2:56 PM, Gary Wallis wrote:
On 7/28/2016 14:00, Chris Buxton wrote:
Kirk,
Have a look at the commercial offerings. All of them
On 7/28/2016 14:00, Chris Buxton wrote:
Kirk,
Have a look at the commercial offerings. All of them offer a GUI and an API for
managing BIND servers, including managing zones and records. Some of them are
limited to managing their own appliances. Some of them do offer the ability to
overlay
Kirk,
Have a look at the commercial offerings. All of them offer a GUI and an API for
managing BIND servers, including managing zones and records. Some of them are
limited to managing their own appliances. Some of them do offer the ability to
overlay on existing BIND servers, too, though.
The OP's question was about setting up BIND, not MS DNS, related to using
Samba, not Windows, as the domain controller.
Regards,
Chris
Sent from my iPhone
> On Jul 27, 2016, at 12:36 PM, Darcy Kevin (FCA)
> wrote:
>
> My preference? Have all your clients use BIND
Tony,
the zones that are giving me the not auth error are indeed off cache, as I
see the RA flag and the AA is missing. I never really thought this was
happening because I have all zones configure the same way and some are not
getting the not auth error and have the aa flag present. I was
Yes there is.
p
From: Casey Deccio [mailto:ca...@deccio.net]
Sent: Thursday, July 28, 2016 10:39 AM
To: Paul A
Cc: Tony Finch ; bind-us...@isc.org
Subject: Re: getting not authoritative with some notifies
On Thu, Jul 28, 2016 at 10:34 AM, Paul A
On Thu, Jul 28, 2016 at 10:34 AM, Paul A wrote:
> Yes on both server and the slave and primary are listed on the NS RR. I'm
> really at a loss here, the zone updates on the slave but I keep getting
> that
> message.
>
There's a difference between a server being listed in the
Yes on both server and the slave and primary are listed on the NS RR. I'm
really at a loss here, the zone updates on the slave but I keep getting that
message.
Paul
-Original Message-
From: Tony Finch [mailto:d...@dotat.at]
Sent: Thursday, July 28, 2016 6:20 AM
To: Paul A
I agree with using BIND as the default DNS server even on Active Directory
environments. Windows DNS on 2012 R2 is still very bad and lacks basic features
like disabling external recursion. This should change on Server 2016 but I will
stay with BIND.
Another thing that I would like to add to
Paul A wrote:
>
> named[7062]: client xx.xx.64.2#51056: received notify for zone 'xxx: not
> authoritative
>
> However some zones I don't get the message above some I do, I'm not using
> views so I'm lost as to why this is happening.
Are you sure the zone is actually
Dear Sir,
For checking the source port randomness of your DNS please refer to below
website tool.
https://www.dns-oarc.net/oarc/services/dnsentropy
Regards
Manager(Internet-Systems)
MTNL Delhi
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf
15 matches
Mail list logo