RE: refused rcode is not working RPZ?

2016-11-16 Thread LEE SUKMOON
> On 17/11/2016 10:20, LEE SUKMOON wrote: > > > I want to response NXDOMAIN. > > Is it a solution this case? > > You'd usually get SERVFAIL from the recursor because the domain is > misconfigured with a lame delegation, and either way the client won't > get an answer. > > Is there a particular

refused rcode is not working RPZ?

2016-11-16 Thread LEE SUKMOON
Hi all. I am using RPZ zone. Below line is rpz zone file. But jifr.net is not working. jifr.netCNAME . *.jifr.net CNAME . Unusual, this domain is responding with refused rcode. (from authority name server) $ dig @173.245.58.51 jifr.net

Re: bind 9.11, cookes by default

2016-11-16 Thread Mark Andrews
In message <1479332234.30976.34.ca...@ns.five-ten-sg.com>, Carl Byington writes : > On Thu, 2016-11-17 at 07:47 +1100, Mark Andrews wrote: > > I know you think doing this collectively is a service but having > > individuals discover and complain to the site operators that their > > DNS is broken

Re: bind 9.11, cookes by default

2016-11-16 Thread Carl Byington
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2016-11-17 at 07:47 +1100, Mark Andrews wrote: > I know you think doing this collectively is a service but having > individuals discover and complain to the site operators that their > DNS is broken is the only way there will be enough

Re: rndc addzone type forward

2016-11-16 Thread Evan Hunt
> I'm trying to add zone of type "forward" with rndc addzone, but it fails with: Unfortunately that's not currently possible. The configuration syntax is misleading here. You configure forwarding in a view by putting a "zone" statement in named.conf, but it doesn't actually build a zone *object*,

Re: bind 9.11, cookes by default

2016-11-16 Thread Mark Andrews
I know you think doing this collectively is a service but having individuals discover and complain to the site operators that their DNS is broken is the only way there will be enough presure brought to bear for some of these companies to fix their server configurations. It requires noise for

bind 9.11, cookes by default

2016-11-16 Thread Carl Byington
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Now that bind is sending cookies by default, there are some broken servers out there that we need to configure with send-cookie no;. Unless I am missing something, 9.11.0-P1 will (by default) fail to resolve names like airdownload.wip4.adobe.com.

Re: rndc addzone type forward

2016-11-16 Thread Tony Finch
Emil Natan wrote: > > I also compiled BIND 9.11.0rc3, but nothing changed, no more verbosity, > only the name of the .nzf file created changed from hash to plain text. Try 9.11.0-P1 which has a few changes since rc3. > Another finding is that the failure .nzf file is created,

Re: rndc addzone type forward

2016-11-16 Thread Emil Natan
Original Message Subject: Re: rndc addzone type forward Local Time: November 16, 2016 5:50 PM UTC Time: November 16, 2016 3:50 PM From: e...@foowatch.com To: bind-users@lists.isc.org Original Message Subject: Re: rndc addzone

Re: rndc addzone type forward

2016-11-16 Thread Emil Natan
Original Message Subject: Re: rndc addzone type forward Local Time: November 16, 2016 5:12 PM UTC Time: November 16, 2016 3:12 PM From: d...@dotat.at To: Emil Natan bind-users@lists.isc.org Emil Natan wrote: > >

Re: rndc addzone type forward

2016-11-16 Thread Tony Finch
Emil Natan wrote: > > I'm trying to add zone of type "forward" with rndc addzone, but it fails with: > > rndc addzone zone.org '{type forward; forward only; forwarders { > 192.168.20.115; }; };' > rndc: 'addzone' failed: not found I think this happens if you are using a

rndc addzone type forward

2016-11-16 Thread Emil Natan
Hello, I'm trying to add zone of type "forward" with rndc addzone, but it fails with: rndc addzone zone.org '{type forward; forward only; forwarders { 192.168.20.115; }; };' rndc: 'addzone' failed: not found I have allow-new-zones set to yes in named.conf. Loading zones of type master works

Re: BIND statistics?

2016-11-16 Thread Bob Harold
On Wed, Nov 16, 2016 at 8:45 AM, Voigt, Thomas wrote: > Hi all, > > I need to create some statistics for our BIND resolvers here. One of the > measures is the number of unique ip addresses per day which are querying > our resolvers. > > I've already checked "rndc stats"

BIND statistics?

2016-11-16 Thread Voigt, Thomas
Hi all, I need to create some statistics for our BIND resolvers here. One of the measures is the number of unique ip addresses per day which are querying our resolvers. I've already checked "rndc stats" output as well as BIND's XML statistics channels. But I didn't found any value that