On 7/9/20 6:43 AM, Anand Buddhdev wrote:
If you don't have an A record at the zone apex, the browser will not
get back any address and display an error message for the user.
There was a point in time when the big web browsers would try connecting
to www.. if connecting to . failed.
I don't k
On Fri, 10 Jul 2020, Mark Andrews wrote:
The file names in named.conf. "/etc/bind/dns” is a directory. Directories are not
zone files. Telling named to read a directory as a zone file is not useful. Search for
‘"/etc/bind/dns”’ and the correct the file name.
Thanks Mark. Sometimes one can
> On 10 Jul 2020, at 05:58, Brett Delmage wrote:
>
> I installed
>
> BIND 9.16.4-Ubuntu (Stable Release)
> from the Ubuntu stable PPA linked to on the ISC site.
> https://launchpad.net/~isc/+archive/ubuntu/bind
>
> After restart, BIND failed with this status:
>
> service bind9 status
> ● bi
> OS settings and the system environment
...
> 2e) Make sure your socket send buffers are big enough. (not
> sure if this is obsolete advice, do we need to tell people how
> to tell if their buffers are causing delays?)
2e#1) Make sure your UDP socket *receive* buffers are big enough.
I installed
BIND 9.16.4-Ubuntu (Stable Release)
from the Ubuntu stable PPA linked to on the ISC site.
https://launchpad.net/~isc/+archive/ubuntu/bind
After restart, BIND failed with this status:
service bind9 status
● bind9.service - BIND Domain Name Server
Loaded: loaded (/etc/systemd/syst
Very soon you will be able to specify HTTPS records. BIND has a implementation
that is just waiting for the draft to go to the RFC editor. The type codes are
already allocated.
This still requires clients to lookup the records but the browser vendors are
on board.
--
Mark Andrews
> On 10 J
Zhiyong Cheng wrote:
>
> We are using named cluster in our internal network as the authoritative
> DNS. So there are no cache servers between clients and named cluster.
> Maybe we should add one but it is just another story.
Sorry, I wasn't completely clear: I was not saying that your authoritati
My question is raised because of such "poor decisions" by certain web
hosting providers (naming no names!) whose provisioning systems require
records for both www and the domain root pointing to their systems, and
where those systems DO LISTEN on port 25.
In these modern days, should one be concer
We have an application that queries reverse lookups on clients trying to access
it in order to verify the client and its IP are legit and a part of the correct
domain/acl.. So if the pointer record does not match, the client is rejected. I
don't know if that is relevant in this case, but it prov
On 7/9/20 5:03 PM, Reindl Harald wrote:
but it still has nothing to do with your domain by definition, the PTR
could be anything
Of course it can be, they're completely separate name spaces. However
would it make any sense in practice to point it somewhere else entirely?
You'd probably be bette
Am 09.07.20 um 16:57 schrieb Michael De Roover:
> You do have control over that..
i have, but not everybody has
> kind of. As far as I'm aware hosting
> providers generally offer control over PTR records in their admin
> panels.
but it still has nothing to do with your domain by definition,
Am 09.07.20 um 16:38 schrieb Jukka Pakkanen:
> Many spammers send in addition to MX to A records, if available. Still, it
> is a good practice to not to publish an A record for the mail zone, if not
> specifically needed for something else. Of course if it points to somewhere
> else than the
On 09/07/2020 16:06, Matthew Richardson wrote:
On a related issues there were (perhaps long ago) issues if the A record
for a domain had an SMTP server on it, where email could sometimes be
delivered to that A record rather than the MX. I had (again long ago:
10-15 years) actually seen this occ
You do have control over that.. kind of. As far as I'm aware hosting
providers generally offer control over PTR records in their admin
panels. However delegation of them to your own authoritative name
servers is.. complicated. A lot more so than delegation of forward
lookups would be anyway (A,
Many spammers send in addition to MX to A records, if available. Still, it is
a good practice to not to publish an A record for the mail zone, if not
specifically needed for something else. Of course if it points to somewhere
else than the receiving SMTP server, not much harm done mail-traffic
On 09.07.20 15:06, Matthew Richardson wrote:
On a related issues there were (perhaps long ago) issues if the A record
for a domain had an SMTP server on it, where email could sometimes be
delivered to that A record rather than the MX. I had (again long ago:
10-15 years) actually seen this occur.
Am 09.07.20 um 15:31 schrieb John W. Blue:
>>From a BIND point of view "in-addr.arpa" is a unique zone with no
>>dependencies.
and typically you have no control over PTR records at all given that
they have nothing to do with your domain
while it's smart (at least when you want to send mails)
Missing MX, there’s actually syntax accepted by major SMTP servers to disable
SMTP for domain:
example.com. MX 0 .
Ondrej
--
Ondřej Surý — ISC
> On 9 Jul 2020, at 16:06, Matthew Richardson wrote:
>
> On a related issues there were (perhaps long ago) issues if the A record
> for a domain had
Hi Duleep,
Any process running as non-root user can't bind to a port lower than
1024 (53 in your case), so if you change process uid on start (named -u)
then stop the named process and start anew.
Thank you,
Hrant
On 2020-07-09 14:56, Duleep Thilakarathne wrote:
> Hi Anand,
>
> Yes netstat -up
On a related issues there were (perhaps long ago) issues if the A record
for a domain had an SMTP server on it, where email could sometimes be
delivered to that A record rather than the MX. I had (again long ago:
10-15 years) actually seen this occur.
Do people think that this problem could still
On 09.07.20 13:16, DeCaro, James John (Jim) CIV DISA FE (USA) via bind-users
wrote:
Would the lack of A records affect pointer records? Seems like it would.
pointer records are independent on A/CNAME records and irelevant in thie
case.
-Original Message-
From: bind-users On Behalf
>From a BIND point of view "in-addr.arpa" is a unique zone with no dependencies.
John
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of DeCaro,
James John (Jim) CIV DISA FE (USA) via bind-users
Sent: Thursday, July 09, 2020 8:16 AM
To: Mark Andrew
Only CNAME is perfectly fine, except if you want the site work without the
www-prefix like someone already pointed out. Of course there must be A record
for that name where the cname points to somewhere, but I read the question that
this is not your concern.
Jukka
-Alkuperäinen viesti
Would the lack of A records affect pointer records? Seems like it would.
Jim
"If you always do what you always did you will always get what you always got."
-Original Message-
From: bind-users On Behalf Of Mark Andrews
Sent: Thursday, July 9, 2020 8:56 AM
To: @lbutlr
Cc: bind-users
At this stage one still needs A records to be reachable by everyone. One
should also ensure you are reachable over IPv6 as lots of the world behind IPv6
only links as their ISPs don’t have enough IPv4 addresses for every one.
Instead they have to use some form of IPv4 as a service which is sig
On 09/07/2020 14:21, @lbutlr wrote:
Given a domain that is hosted and used for email and web, is an A
record for that domain actually required?
It's not *required*. But see below.
That is, if bob.tld is hosted by example.com can you simply have
NS ns1.example.com
NS ns2.exam
Given a domain that is hosted and used for email and web, is an A record for
that domain actually required?
That is, if bob.tld is hosted by example.com can you simply have
NS ns1.example.com
NS ns2.example.com
MX mx.example.com
www CNAME www.example.com
Without spe
On 09/07/2020 12:56, Duleep Thilakarathne wrote:
Hi Duleep,
After starting BIND, can you examine its log entries? It should print
all the addresses it is binding to, eg:
09-Jul-2020 13:50:57.674 listening on IPv4 interface lo0, 127.0.0.1#53
09-Jul-2020 13:50:57.676 IPv6 socket API is incomple
On Thu, Jul 9, 2020 at 6:44 AM Daniel Stirnimann <
daniel.stirnim...@switch.ch> wrote:
>
> On 09.07.20 11:51, Klaus Darilion wrote:
> >>> So, how is the correct process to add an additional DNSKEY (only the
> public
> >> key is known).
> >>
> >> I think you are looking for `dnssec-importkey`.
> >
Hi Anand,
Yes netstat -upan only shows only ipv4 address listen :53. But sever
listens for ipv6 SSH port. So i can confirm IPV6 working fine in server.
But not for udp port 53.
Regards
DT
On Thu, 9 Jul 2020, 14:58 Anand Buddhdev, wrote:
> On 09/07/2020 11:01, Duleep Thilakarathne wrote:
>
> Hi
On 09.07.20 11:51, Klaus Darilion wrote:
>>> So, how is the correct process to add an additional DNSKEY (only the public
>> key is known).
>>
>> I think you are looking for `dnssec-importkey`.
>
> Indeed. I imported the key and got a .key and .private file. I put those
> files in the same direc
Am 09.07.20 um 12:08 schrieb Adrian van Bloois:
> When I start bind 9.16.x with systemctl I get:
>
> Failed to start named.service: Unit is not loaded properly: Bad message.
> See system logs and 'systemctl status named.service' for details.
>
>
> I get no messages in the logs.
> Systemctl st
Hi,
You can see what is happening in debug mode.
Start your named with -g option
ex: /usr/sbin/named -g
Have a nice day :)
BR, NYAMKHAND Buluukhuu
From: bind-users on behalf of Adrian van
Bloois
Sent: Thursday, July 9, 2020 6:08 PM
To: BIND 9 mailinglist
On 09/07/2020 12:08, Adrian van Bloois wrote:
Hi Adrian,
Run "journalctl -u named" to see any systemd logs for this unit. Also
look in /var/log/messages to see what (if anything) BIND has logged to
syslog. Finally, you would help yourself and everyone else to help you
better if you show your
Hi,
When I start bind 9.16.x with systemctl I get:
Failed to start named.service: Unit is not loaded properly: Bad message.
See system logs and 'systemctl status named.service' for details.
I get no messages in the logs.
Systemctl status named.service says:
* named.service - Berkeley Internet Na
> > So, how is the correct process to add an additional DNSKEY (only the public
> key is known).
>
> I think you are looking for `dnssec-importkey`.
Indeed. I imported the key and got a .key and .private file. I put those files
in the same directory as the other keys, gave read permissions to bi
Hello,
listen-on-v6 port 53 {};
You can try like above.
then after restarting named, check result from 'netstart -ltnp' command to see
if v6 address is listening.
Have a nice day :)
BR, NYAMKHAND Buluukhuu
From: bind-users on behalf of Duleep
Thilakarathne
On 09/07/2020 11:01, Duleep Thilakarathne wrote:
Hi Duleep,
I have configured bind with IPV6 support enabled. However bind does not
listen to IPV6 address. Any particular reason.is there any place to enable
IPV6 support other than named.conf.
Version : BIND 9.11.4-P1 (Extended Support Version)
Hi,
I have configured bind with IPV6 support enabled. However bind does not
listen to IPV6 address. Any particular reason.is there any place to enable
IPV6 support other than named.conf.
Version : BIND 9.11.4-P1 (Extended Support Version)
in named.conf file
listen-on-v6 { any; };
regards
DT
39 matches
Mail list logo