Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Grant Taylor via bind-users
On 7/9/20 6:43 AM, Anand Buddhdev wrote: If you don't have an A record at the zone apex, the browser will not get back any address and display an error message for the user. There was a point in time when the big web browsers would try connecting to www.. if connecting to . failed. I don't k

Re: root.hints access errors with Ubuntu BIND 9.16.4 16.04 PPA

2020-07-09 Thread Brett Delmage
On Fri, 10 Jul 2020, Mark Andrews wrote: The file names in named.conf. "/etc/bind/dns” is a directory. Directories are not zone files. Telling named to read a directory as a zone file is not useful. Search for ‘"/etc/bind/dns”’ and the correct the file name. Thanks Mark. Sometimes one can

Re: root.hints access errors with Ubuntu BIND 9.16.4 16.04 PPA

2020-07-09 Thread Mark Andrews
> On 10 Jul 2020, at 05:58, Brett Delmage wrote: > > I installed > > BIND 9.16.4-Ubuntu (Stable Release) > from the Ubuntu stable PPA linked to on the ISC site. > https://launchpad.net/~isc/+archive/ubuntu/bind > > After restart, BIND failed with this status: > > service bind9 status > ● bi

Re: Request for review of performance advice

2020-07-09 Thread Havard Eidnes via bind-users
> OS settings and the system environment ... > 2e) Make sure your socket send buffers are big enough. (not > sure if this is obsolete advice, do we need to tell people how > to tell if their buffers are causing delays?) 2e#1) Make sure your UDP socket *receive* buffers are big enough.

root.hints access errors with Ubuntu BIND 9.16.4 16.04 PPA

2020-07-09 Thread Brett Delmage
I installed BIND 9.16.4-Ubuntu (Stable Release) from the Ubuntu stable PPA linked to on the ISC site. https://launchpad.net/~isc/+archive/ubuntu/bind After restart, BIND failed with this status: service bind9 status ● bind9.service - BIND Domain Name Server Loaded: loaded (/etc/systemd/syst

Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Mark Andrews
Very soon you will be able to specify HTTPS records. BIND has a implementation that is just waiting for the draft to go to the RFC editor. The type codes are already allocated. This still requires clients to lookup the records but the browser vendors are on board. -- Mark Andrews > On 10 J

Re: DNS_RRL_MAX_RATE defines 1000

2020-07-09 Thread Tony Finch
Zhiyong Cheng wrote: > > We are using named cluster in our internal network as the authoritative > DNS. So there are no cache servers between clients and named cluster. > Maybe we should add one but it is just another story. Sorry, I wasn't completely clear: I was not saying that your authoritati

Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Matthew Richardson
My question is raised because of such "poor decisions" by certain web hosting providers (naming no names!) whose provisioning systems require records for both www and the domain root pointing to their systems, and where those systems DO LISTEN on port 25. In these modern days, should one be concer

RE: [Non-DoD Source] Re: [DoD Source -- ssshhhh Top Secret] Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread DeCaro, James John (Jim) CIV DISA FE (USA) via bind-users
We have an application that queries reverse lookups on clients trying to access it in order to verify the client and its IP are legit and a part of the correct domain/acl.. So if the pointer record does not match, the client is rejected. I don't know if that is relevant in this case, but it prov

Re: [DoD Source -- ssshhhh Top Secret] Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Michael De Roover
On 7/9/20 5:03 PM, Reindl Harald wrote: but it still has nothing to do with your domain by definition, the PTR could be anything Of course it can be, they're completely separate name spaces. However would it make any sense in practice to point it somewhere else entirely? You'd probably be bette

Re: [DoD Source -- ssshhhh Top Secret] Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Reindl Harald
Am 09.07.20 um 16:57 schrieb Michael De Roover: > You do have control over that.. i have, but not everybody has > kind of. As far as I'm aware hosting > providers generally offer control over PTR records in their admin > panels. but it still has nothing to do with your domain by definition,

Re: VS: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Reindl Harald
Am 09.07.20 um 16:38 schrieb Jukka Pakkanen: > Many spammers send in addition to MX to A records, if available. Still, it > is a good practice to not to publish an A record for the mail zone, if not > specifically needed for something else. Of course if it points to somewhere > else than the

Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Anand Buddhdev
On 09/07/2020 16:06, Matthew Richardson wrote: On a related issues there were (perhaps long ago) issues if the A record for a domain had an SMTP server on it, where email could sometimes be delivered to that A record rather than the MX. I had (again long ago: 10-15 years) actually seen this occ

Re: [DoD Source -- ssshhhh Top Secret] Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Michael De Roover
You do have control over that.. kind of. As far as I'm aware hosting providers generally offer control over PTR records in their admin panels. However delegation of them to your own authoritative name servers is.. complicated. A lot more so than delegation of forward lookups would be anyway (A,

VS: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Jukka Pakkanen
Many spammers send in addition to MX to A records, if available. Still, it is a good practice to not to publish an A record for the mail zone, if not specifically needed for something else. Of course if it points to somewhere else than the receiving SMTP server, not much harm done mail-traffic

Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Matus UHLAR - fantomas
On 09.07.20 15:06, Matthew Richardson wrote: On a related issues there were (perhaps long ago) issues if the A record for a domain had an SMTP server on it, where email could sometimes be delivered to that A record rather than the MX. I had (again long ago: 10-15 years) actually seen this occur.

Re: [DoD Source -- ssshhhh Top Secret] Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Reindl Harald
Am 09.07.20 um 15:31 schrieb John W. Blue: >>From a BIND point of view "in-addr.arpa" is a unique zone with no >>dependencies. and typically you have no control over PTR records at all given that they have nothing to do with your domain while it's smart (at least when you want to send mails)

Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Ondřej Surý
Missing MX, there’s actually syntax accepted by major SMTP servers to disable SMTP for domain: example.com. MX 0 . Ondrej -- Ondřej Surý — ISC > On 9 Jul 2020, at 16:06, Matthew Richardson wrote: > > On a related issues there were (perhaps long ago) issues if the A record > for a domain had

Re: Bind IPV6 issue

2020-07-09 Thread Hrant Dadivanyan
Hi Duleep, Any process running as non-root user can't bind to a port lower than 1024 (53 in your case), so if you change process uid on start (named -u) then stop the named process and start anew. Thank you, Hrant On 2020-07-09 14:56, Duleep Thilakarathne wrote: > Hi Anand, > > Yes netstat -up

Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Matthew Richardson
On a related issues there were (perhaps long ago) issues if the A record for a domain had an SMTP server on it, where email could sometimes be delivered to that A record rather than the MX. I had (again long ago: 10-15 years) actually seen this occur. Do people think that this problem could still

Re: [Non-DoD Source] Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Matus UHLAR - fantomas
On 09.07.20 13:16, DeCaro, James John (Jim) CIV DISA FE (USA) via bind-users wrote: Would the lack of A records affect pointer records? Seems like it would. pointer records are independent on A/CNAME records and irelevant in thie case. -Original Message- From: bind-users On Behalf

RE: [DoD Source -- ssshhhh Top Secret] Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread John W. Blue
>From a BIND point of view "in-addr.arpa" is a unique zone with no dependencies. John -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of DeCaro, James John (Jim) CIV DISA FE (USA) via bind-users Sent: Thursday, July 09, 2020 8:16 AM To: Mark Andrew

VS: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Jukka Pakkanen
Only CNAME is perfectly fine, except if you want the site work without the www-prefix like someone already pointed out. Of course there must be A record for that name where the cname points to somewhere, but I read the question that this is not your concern. Jukka -Alkuperäinen viesti

RE: [Non-DoD Source] Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread DeCaro, James John (Jim) CIV DISA FE (USA) via bind-users
Would the lack of A records affect pointer records? Seems like it would. Jim "If you always do what you always did you will always get what you always got." -Original Message- From: bind-users On Behalf Of Mark Andrews Sent: Thursday, July 9, 2020 8:56 AM To: @lbutlr Cc: bind-users

Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Mark Andrews
At this stage one still needs A records to be reachable by everyone. One should also ensure you are reachable over IPv6 as lots of the world behind IPv6 only links as their ISPs don’t have enough IPv4 addresses for every one. Instead they have to use some form of IPv4 as a service which is sig

Re: Dumb Question is an A or AAAA record required?

2020-07-09 Thread Anand Buddhdev
On 09/07/2020 14:21, @lbutlr wrote: Given a domain that is hosted and used for email and web, is an A record for that domain actually required? It's not *required*. But see below. That is, if bob.tld is hosted by example.com can you simply have NS ns1.example.com NS ns2.exam

Dumb Question is an A or AAAA record required?

2020-07-09 Thread @lbutlr
Given a domain that is hosted and used for email and web, is an A record for that domain actually required? That is, if bob.tld is hosted by example.com can you simply have NS ns1.example.com NS ns2.example.com MX mx.example.com www CNAME www.example.com Without spe

Re: Bind IPV6 issue

2020-07-09 Thread Anand Buddhdev
On 09/07/2020 12:56, Duleep Thilakarathne wrote: Hi Duleep, After starting BIND, can you examine its log entries? It should print all the addresses it is binding to, eg: 09-Jul-2020 13:50:57.674 listening on IPv4 interface lo0, 127.0.0.1#53 09-Jul-2020 13:50:57.676 IPv6 socket API is incomple

Re: AW: How to prepublish additional DNSKEY

2020-07-09 Thread Shumon Huque
On Thu, Jul 9, 2020 at 6:44 AM Daniel Stirnimann < daniel.stirnim...@switch.ch> wrote: > > On 09.07.20 11:51, Klaus Darilion wrote: > >>> So, how is the correct process to add an additional DNSKEY (only the > public > >> key is known). > >> > >> I think you are looking for `dnssec-importkey`. > >

Re: Bind IPV6 issue

2020-07-09 Thread Duleep Thilakarathne
Hi Anand, Yes netstat -upan only shows only ipv4 address listen :53. But sever listens for ipv6 SSH port. So i can confirm IPV6 working fine in server. But not for udp port 53. Regards DT On Thu, 9 Jul 2020, 14:58 Anand Buddhdev, wrote: > On 09/07/2020 11:01, Duleep Thilakarathne wrote: > > Hi

Re: AW: How to prepublish additional DNSKEY

2020-07-09 Thread Daniel Stirnimann
On 09.07.20 11:51, Klaus Darilion wrote: >>> So, how is the correct process to add an additional DNSKEY (only the public >> key is known). >> >> I think you are looking for `dnssec-importkey`. > > Indeed. I imported the key and got a .key and .private file. I put those > files in the same direc

Re: Starting bind 9.16.x with systemctl fails

2020-07-09 Thread Reindl Harald
Am 09.07.20 um 12:08 schrieb Adrian van Bloois: > When I start bind 9.16.x with systemctl I get: > > Failed to start named.service: Unit is not loaded properly: Bad message. > See system logs and 'systemctl status named.service' for details. > > > I get no messages in the logs. > Systemctl st

Re: Starting bind 9.16.x with systemctl fails

2020-07-09 Thread Nyamkhand Buluukhuu
Hi, You can see what is happening in debug mode. Start your named with -g option ex: /usr/sbin/named -g Have a nice day :) BR, NYAMKHAND Buluukhuu From: bind-users on behalf of Adrian van Bloois Sent: Thursday, July 9, 2020 6:08 PM To: BIND 9 mailinglist

Re: Starting bind 9.16.x with systemctl fails

2020-07-09 Thread Anand Buddhdev
On 09/07/2020 12:08, Adrian van Bloois wrote: Hi Adrian, Run "journalctl -u named" to see any systemd logs for this unit. Also look in /var/log/messages to see what (if anything) BIND has logged to syslog. Finally, you would help yourself and everyone else to help you better if you show your

Starting bind 9.16.x with systemctl fails

2020-07-09 Thread Adrian van Bloois
Hi, When I start bind 9.16.x with systemctl I get: Failed to start named.service: Unit is not loaded properly: Bad message. See system logs and 'systemctl status named.service' for details. I get no messages in the logs. Systemctl status named.service says: * named.service - Berkeley Internet Na

AW: How to prepublish additional DNSKEY

2020-07-09 Thread Klaus Darilion
> > So, how is the correct process to add an additional DNSKEY (only the public > key is known). > > I think you are looking for `dnssec-importkey`. Indeed. I imported the key and got a .key and .private file. I put those files in the same directory as the other keys, gave read permissions to bi

Re: Bind IPV6 issue

2020-07-09 Thread Nyamkhand Buluukhuu
Hello, listen-on-v6 port 53 {}; You can try like above. then after restarting named, check result from 'netstart -ltnp' command to see if v6 address is listening. Have a nice day :) BR, NYAMKHAND Buluukhuu From: bind-users on behalf of Duleep Thilakarathne

Re: Bind IPV6 issue

2020-07-09 Thread Anand Buddhdev
On 09/07/2020 11:01, Duleep Thilakarathne wrote: Hi Duleep, I have configured bind with IPV6 support enabled. However bind does not listen to IPV6 address. Any particular reason.is there any place to enable IPV6 support other than named.conf. Version : BIND 9.11.4-P1 (Extended Support Version)

Bind IPV6 issue

2020-07-09 Thread Duleep Thilakarathne
Hi, I have configured bind with IPV6 support enabled. However bind does not listen to IPV6 address. Any particular reason.is there any place to enable IPV6 support other than named.conf. Version : BIND 9.11.4-P1 (Extended Support Version) in named.conf file listen-on-v6 { any; }; regards DT