round?
______
Jay Ford , Network Engineering, University of Iowa
On Sat, 13 Jul 2019, Mark Andrews wrote:
I suspect this will be negative response synthesis. The cache has learnt that
d.f.ip6.arpa doesn’t exist in ip6.arpa and when the name in question is looked
up the covering NS
On Fri, 12 Jul 2019, Mark Andrews wrote:
On 12 Jul 2019, at 1:00 pm, Mark Andrews wrote:
On 12 Jul 2019, at 11:12 am, Jay Ford wrote:
I have a similar problem with zones for IPv6 ULA space. I'm running BIND
9.14.3. I had hoped that validate-except would do the trick, such as:
val
ll resolve most of the time, but then fail (NXDOMAIN) for a while.
In the ULA space it doesn't seem trivial to own the top zone (ip6.arpa)
without breaking stuff. Any suggestions for that case?
__________
Jay Ford ,
or anycast servers;
that's broken in 9.11 but seems to work correctly in 9.12
Jay Ford, Network Engineering, University of Iowa
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
s a bug... And
a perfect thing to find in rc1. 8-)
AlanC
On 1/2/18 3:00 PM, Jay Ford wrote:
I'm having some odd trouble with DNSTAP output file rolling in BIND
9.12.0rc1.
I have named built like:
BIND 9.12.0rc1
running on Linux x86_64 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-1
(201
em,
but it's a little early to tell, & it's not a desirable fix.
I'd appreciate it if somebody who knows the code would comment on the threads
vs DNSTAP possibility or point me in some other direction to figure this out.
I have a named core file & can provide more config..
On Sun, 10 Sep 2017, Mark Andrews wrote:
I suspect that you are forwarding your queries and that your forwarder is
returning out-of-date addresses.
No forwarding here.
Jay Ford, Network Engineering Group, Information
.
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-___
Please visit https://lists.isc.org/mailman/listinfo/bind
On Wed, 19 Oct 2016, Mark Andrews wrote:
In message , Jay Ford
writes:
Right. "in-view" can be useful for this, as long as you only need to refer
to previously defined views (i.e., it unfortunatley doesn't allow forward
references).
So put the zone in the first view. Update
y defined views (i.e., it unfortunatley doesn't allow forward
references).
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu,
ies? If not, then RRL is probably
not your trouble. Other things like insufficient UDP buffering, lacking CPU
horsepower, or overwhelmed iptables connection tracking can also cause
time-outs.
____
Jay Ford, Network Engin
llent as always & crazy fast,
too!
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-
___
Please visit https
oken.
dnsviz.net reports a couple of warnings, including a non-AA answer from
authoritative servers, but it doesn't say it's bogus.
If anybody can spot something broken for www.hrsa.gov, I'd be very glad to
hear about it.
ve some fun,
purposefully break some part of your test zone & see how the above tools show
it.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 5224
ight or
might not be a problem.
If you do split-view games, things get even more interesting.
____
Jay Ford, Network Engineering Group, Information Technology Services
University
some sparse subnets delegated at /56 & such to avoid
having a bunch of zones with almost nothing in them.
____
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
emai
On Thu, 6 Feb 2014, Chuck Anderson wrote:
Neat. Is there any problem with using the exact same zone file in
both views? I worry that one view might fight with the file from the
other view...
Oh yeah, sorry, I left that bit out. The slave files do need to be unique or
they will over-write ea
om" {
type slave;
file "/var/named/slaves/example.com.zone";
masters { 10.0.0.1; };
also-notify { ::1; }; // internal->external trickery
};
};
The relatively new ability to specify a key in a "masters" statement can
als
On Thu, 5 Dec 2013, Shumon Huque wrote:
On 12/5/13 11:49 AM, Jay Ford wrote:
I'm testing BIND 9.9.4-P1 on a RHEL6 system & am getting this log message:
/etc/named.conf:56: couldn't add command channel 127.0.0.1#953:
address in use
I'm going to take a guess: you mig
bxml2 version: 2.7.6
RHEL6 has kernel variable net.ipv6.bindv6only set to 0, which might or might
not be related. BIND 9.8.5-P2 works correctly on a RHEL5 system which also
has it set to 0. There are some comments in some of the 9.9 release notes
about bindv6only, but I couldn't find anything specific to this situation.
Is this a configuration problem or somethi
problem.
If the traffic is spoofed as being from your clients, stop accepting traffic
from elsewhere sourced from your client address space.
____
Jay Ford, Network Engineering Group, Information Technology Services
University
at's about?
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
Ple
truncated.
It can cause more subsequent queries, to get the information which would have
been in the first response, but they'll probably all be UDP which might be
better than fallback to TCP.
________
Jay Ford, Network Engineering Gro
o change the name in the PTR record I edit 1 file instead
of every zone file.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-33
dcard stuff is
helpful or not.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
Please visit https://
0.c.0.0.3.9.1.1.0.0.2.ip6.arpa
in which the PTR RR would be:
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR www.example.com
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa Ci
. That is, have 3 files:
1. internal view file: SOA, NS..., internal-only data, & an $INCLUDE of
file #3
2. external view file: SOA, NS..., external-only data, & an $INCLUDE of
file #3
3. common view file: common data (no SOA...)
If the
serial number. See if that works.
____
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
b
On Thu, 17 Mar 2011, Mark Bergsma wrote:
On Mar 17, 2011, at 6:48 AM, Jay Ford wrote:
On Thu, 17 Mar 2011, Mark Andrews wrote:
The nameservers for wikipedia.org are broken. They put the wrong
SOA record in the negative response, wikipedia.org != wikimedia.org.
The adminstrators of
uses this broken behavior?
____
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
bind-user
to get them & others to fix it. Further, if it's a systemic F5...
problem, then a different approach is probably in order.
Jay Ford, Network Engineering Group, Information Technology Services
University o
obably handle it, but only after
dealing with the fact that 2 of the 5 servers don't work. You'll see delays
& possibly failures.
________
Jay Ford, Network Engineering Group, Information Technology Services
Univer
with routine DNS tasks related to
multiple views & DNSSEC. The "check-keys" script might be close to what
you're after.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of I
er DNSSEC-related scripts here (at least for now):
http://seatpost.its.uiowa.edu/bind_stuff
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.
e on the slaves. I am running 9.7.2-P3. Thanks.
Does the "-b" option not suffice?
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiow
On Mon, 6 Dec 2010, Barry Margolin wrote:
In article ,
Jay Ford wrote:
On Mon, 6 Dec 2010, Martin McCormick wrote:
the config for this private zone is:
zone "r.ds" {
type master;
file "/etc/namedb/master/r.ds.zone";
allow-update {
key updsrv;
}
subject line includes "private". What is it that's private about this
situation?
____
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa
above the delegation cut,
instead of the NS records as known by the child below the delegation cut.
Differences in those sets can sometimes be, shall we say, interesting.
____
Jay Ford, Network Engineering Group, Information Technolo
rt signing
the zones for DNSSEC, but you might be able to play symlink games with the
unsigned file names to deal with that.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, I
st code ever written & I
didn't increment any of the version headers, but it might be useful to some
anyway.
ISC folk:
Please consider incorporating this or something similar into the stock
dnssec-signzone.
____
Ja
dr.arpa & define records like
"d.c.b PTR name." for address a.b.c.d.
Note the order of the address components in the zone file, with least
significant furthest left.
________
Jay Ford, Network Engineering Group, Information
though.
Right.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
___
bind-users mailing list
bind-users@list
don't see anything that will help?
Assuming zone transfers are allowed:
dig -t axfr zone_name @127.0.0.1 >rescued_zone_file
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Io
ust split-view, such is if you want the same
data in multiple IPv6 prefixes because they're laid onto the same net.)
The backup files on the slaves are written by named, so each (zone,view)
instance has to have its own file.
_
pertinent.
________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951
__
45 matches
Mail list logo
