Re: expired SSL certificate

2018-04-10 Thread Frank Pikelner
Cert looks fixed now. Nice to see you're using Letsencrypt certs... just have to fix the cron job for the renew ;-) Frank >Forwarded to our operations people >> On 11 Apr 2018, at 10:12 am, /dev/rob0 wrote: >> >> The certificate for lists.isc.org expired today, and

Re: Load balancer for Bind

2016-09-14 Thread Frank Pikelner
Hello Bert, This is the first I've heard of DNSDIST. I'll need to read more about it, but wanted to ask whether upon receiving the query, does DNSDIST act as a bridge for the complete request/response, or simply redirects the traffic with the response bypassing DNSDIST? THanks, Frank -

Re: Load balancer for Bind

2016-09-14 Thread Frank Pikelner
Francesco, You may want to look at relayd from OpenBSD project. The last time I looked it was able to load-balance DNS. If you are looking for an appliance solution, the pfSense project (firewall) had ported relayd and gave it a GUI - though the DNS LB may not be in the GUI. Best is it is

Re: how to log client MAC address?

2016-08-06 Thread Frank Pikelner
- From: "Dennis Clarke" <dcla...@blastwave.org> To: bind-users@lists.isc.org Sent: Saturday, 6 August, 2016 19:39:21 Subject: Re: how to log client MAC address? On 08/06/2016 10:01 PM, Frank Pikelner wrote: > MAC addresses are layer 2 and you only see those on your subnet,

Re: how to log client MAC address?

2016-08-06 Thread Frank Pikelner
MAC addresses are layer 2 and you only see those on your subnet, i.e. most likely your default gateway, etc. So the answer is no. Frank From: "Fima Leshinsky" To: bind-users@lists.isc.org Sent: Saturday, 6 August, 2016 17:42:59 Subject: how to log client MAC

Re: Is there any reverse proxy software for dns or udp?

2015-01-30 Thread Frank Pikelner
Have a look at relayd from OpenBSD, the last time I checked it had the capability you are looking for. Another option might be pfSense, as I recall they ported relayd and include the functionality in their firewall. Frank Pikelner - Original Message - From: WXR 474745...@qq.com

Re: forwarding zone to another DNS server problem

2014-11-02 Thread Frank Pikelner
houguanghua houguang...@hotmail.com wrote: Can bind support forwarding zone to another DNS server? In my testing, for loacl name servers, it can. But for authority name servers, it can't. Use stub or static-stub to forward to an authoritative server. What is the advantage of using a stub or

Some hosts not resolving from No-IP by our DNS servers

2011-03-09 Thread Frank Pikelner
Hello, I'm having a problem resolving several hosts from NO-IP. When I attempt to resolve them from our DNS servers I get no reply (we can resolve other hosts). I'm not certain why the resolution stops. If I force a resolution using external DNS servers using dig (i.e. Google 8.8.8.8) the

RE: Some hosts not resolving from No-IP by our DNS servers

2011-03-09 Thread Frank Pikelner
Yes, thank you. The user entered the domain incorrectly. The oa.no-ip.info +trace resolves correctly. -Original Message- From: Dan Durrer [mailto:d...@vitalwerks.com] Sent: Wed 3/9/2011 1:46 PM To: Chuck Swiger Cc: Frank Pikelner; bind-users@lists.isc.org Subject: Re: Some hosts

slave transfer troubleshooting issue

2009-10-06 Thread Frank Pikelner
I have two Debian servers running BIND 9.5.1-p3 (master and slave). I have taken the configs from a production environment that work, just changed IP addresses. I am having problems sorting out why the slave fails to tranfer files from the master. The /var/log/bind/named.log on the master shows

RE: Windows AD, Windows DHCP, BIND, and DDNS

2009-06-15 Thread Frank Pikelner
Joe, On your Windows DHCP server, use DHCP MMC, right click on DHCP server name, and select options. In Options, select DNS tab and uncheck the required DNS registration options. Best, Frank -Original Message- From: bind-users-boun...@lists.isc.org on behalf of Borgia, Joe A CTR

RE: Windows AD, Windows DHCP, BIND, and DDNS

2009-06-15 Thread Frank Pikelner
from the DHCP side (preferred) - consider a commercial product such as Bluecat Networks Best, Frank -Original Message- From: bind-users-boun...@lists.isc.org on behalf of Borgia, Joe A CTR USAF AFMC AFRL/RIOS Sent: Mon 6/15/2009 1:07 PM To: Frank Pikelner; bind-users@lists.isc.org

Re: Assistance with reverse lookup zone

2009-06-12 Thread Frank Pikelner
On Fri, 2009-06-12 at 11:42 +1000, Mark Andrews wrote: In message b86f8bceeed5184ca225e0cc10ff61163ec...@bdc03srv04.bdc.int, Frank Pikelner writes: Every now and then we get a bounce on emails that are sent through one = of our mails servers located on 64.187.3.170. The bounce messages

Re: DNS Appliance

2009-03-25 Thread Frank Pikelner
For a commercial appliance Bluecat Networks makes a good product. If commercial is not a requirement and djbdbs is enough, have a look at pfSense who make an excellent open source firewall appliance and now have a DNS appliance that is available. Best, Frank Pikelner On 25-Mar-09, at 11

Re: stealth master DNS Security

2009-03-25 Thread Frank Pikelner
want to start at the network. Frank Pikelner On 25-Mar-09, at 9:22 AM, Ram Akuka ramak...@gmail.com wrote: Alan, Is there's any way I can encrypt the zone transfer date (without using any third-party encryption tool)? Thanks, -- Ram 2009/3/25 Alan Clegg alan_cl...@isc.org: Ram Akuka wrote