Re: clean up an ddns zone

2018-03-23 Thread Alberto Colosi
radius is only an AAA and transmit Auth OK/KO to VPN terminator and IP allow/deny rules to VPN terminator (ip filtering like iptable) So radius only Auth termination of VPN tunnel and transmit per user linked policy deny and allow rules (like iptable as said). I think VPN terminator can be

RE: GSS-TSIG update-policy clarification

2018-03-23 Thread Darcy Kevin (FCA)
Why are you letting the clients register their own addresses in DNS in the first place? If you want a higher level of control, move the DDNS responsibility to the DHCP server.

Re: GSS-TSIG update-policy clarification

2018-03-23 Thread Nicholas Miller
Thats well and good for an organization that controls ALL of the end points. In a university that isn’t possible. _ Nicholas Miller, OIT, University of Colorado at Boulder > On Mar 23, 2018, at 2:04 PM, Mark Andrews wrote:

Re: GSS-TSIG update-policy clarification

2018-03-23 Thread Mark Andrews
If you don’t want 6to4 addresses stop the machine configuring them. Not everything should be done at the DNS level. -- Mark Andrews > On 24 Mar 2018, at 01:07, Nicholas Miller > wrote: > > As a followup, is there a way to stop Windows systems from adding their

Re: clean up an ddns zone

2018-03-23 Thread Matthew Pounsett
On 23 March 2018 at 13:32, Meike Stone via bind-users < bind-users@lists.isc.org> wrote: > Hello, > > at the moment, I use ISC dhcpd to register all client names in the DNS > (Bind) via isc's ddns api. Every thing is working well. > But now, some notebook clients should get company access via

Re: baby steps...

2018-03-23 Thread Alberto Colosi
In the years I had bad issue with ISC bind and Fedora box. Possible was my box but moving to NIC IP all was fine. yes inside resolv.conf NIC IP instead of localhost eg 127.0.0.1 in all case IP socket have to open on layer 3 and shouldn't go on layer2 as socket know that IP as REACHED. it

Re: baby steps...

2018-03-23 Thread Hika van den Hoven
Hoi Adam, If you're running Linux and I do not know if it works on all distros, add a text file in /etc named "resolv.conf.head" and put in there: nameserver 127.0.0.1 It should put the lines in there at the start of your resolv.conf after getting the info through dhcp.

clean up an ddns zone

2018-03-23 Thread Meike Stone via bind-users
Hello, at the moment, I use ISC dhcpd to register all client names in the DNS (Bind) via isc's ddns api. Every thing is working well. But now, some notebook clients should get company access via UMTS or VPN. In this case, a radius server is controlling the IP addresses, not the ISC dhcpd. So no

RE: baby steps...

2018-03-23 Thread Darcy Kevin (FCA)
We're getting a little afar of DNS and BIND here, since this is OS networking configuration stuff, made slightly more complicated by the fact that (as far as I can see) you didn't specific what OS and/or distro you're running. So let's get generic. Google'ing "pppd override resolvers". First

Re: GSS-TSIG update-policy clarification

2018-03-23 Thread Nicholas Miller
As a followup, is there a way to stop Windows systems from adding their 6-to-4 record? I see little point in adding these records to a domain. _ Nicholas Miller, OIT, University of Colorado at Boulder > On Mar 22, 2018, at 12:13 PM,