explained the reason for the 9000ms so that Oracle and its many processes
all come together to resolve the DNS name and they *keep hitting* the first
resolver - and "timeout" can't kick in due to parallel requests from different
processes, hence the high overall response time.
--
Matus UHLAR
ost2.foo.lan if entry not present in /etc/bind/db.foo.lan
"file" is used in master and slave zones.
"forwarders" is used in "type forward" zones.
those are mutually-exclusice, so forwarders aren't used for master and
slave zones, while "file" is not used for &q
.
(there are measures if it's to be wrapped around zero).
what is your real problem?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter
useless here, since you posted this to public mailing list.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Remember half the peo
ote sites.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its frie
El lun, 25 ene 2021 a las 14:33, Matus UHLAR - fantomas ()
escribió:
On 25.01.21 14:05, Bernardo wrote:
>Yes. This causes serious problems.
>
>The problem is that these perfectly valid configuration lines in
>/etc/named.conf file (provided that 192.168.10.100 is the IPv4 address of
>
t; (except loopback, if
course), or if that is the primary address of your interface, those
defitions are useless, otherwise you should keep them there.
El lun, 25 ene 2021 a las 11:13, Matus UHLAR - fantomas ()
escribió:
On 23.01.21 12:44, Bernardo wrote:
>Finally I've found the solution
-source 192.168.10.100 port 53;
this should not cause a problem and may cause troubles when 192.168.10.100
is not the primary address.
the "port 53" is usually useless (unless you have stateless firewall) and
may be what caused your problem.
--
Matus UHLAR - fantomas, uh...@fantomas
for BIND nor for DNS.
Due to DNS caching it won't work properly and if you shorten the TTLs, at
first DNS issue it will fail globally.
Install some load balancers in front of those servers.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail
ery time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jan 13 11:01:08 CET 2021
;; MSG SIZE rcvd: 2272
this way, server will respond with >2KB packet which may flood the
destination IP.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to rec
cks on it.
However, if you go deep into a far more complicated, custom use of
BIND, you could set up a process that monitors the availability and
changes the SRV record accordingly.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertis
can filter DNS
requests from the internet.
I can't figure it out from reading the source code; I haven't so far been
able to trace back from where the messages are logged to where (if any) a
response packet would be transmitted.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
(The one I previously
indicated was mx.pao1.isc.org, which is the one and only MX for
lists.isc.org.)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu po
as long:
List-Post: <mailto:bind-users@lists.isc.org>
in this case, this seems to be OP's fault, when first reply went to
bind-us...@isc.org
together with bind-users@lists.isc.org and people who replied continued
sending to multiple addresses.
--
Matus UHLAR - fantomas, uh...@fantomas.sk
> cache hit (com/DS)
> lame-servers.log:21-Nov-2020 15:11:18.008 broken trust chain resolving '
> www.facebook.com/A/IN':<http://www.facebook.com/A/IN':> 129.134.31.12#53
it seems to be an error in dnssec. So I suppose that "dig +nodnssec
" works.
May be &quo
on is thus used only when it has to resolve under ucsf.edu
something that is not in cache.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
closest to the
other side of VPN tunnel. Usually it's the IP with the default route set.
you can often override it in the VPN configuration.
Note this is not bind issue.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising
cond query is
asking for a non-existent domain, and so maybe that is the proximate
source of the NXDOMAIN.
this could be controlled by option "ndots:1" in resolv.conf, so search list
ignored for every hostname with one or more dots
... this is not BIND issue but the stub resolver issue.
--
Ma
On 12.11.20 15:32, Matus UHLAR - fantomas wrote:
is it possible to nest $GENERATE directives?
I have to create DNS for /16 subnet...
so I assume it's not possible.
just wanted to be sure...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e
Hello,
is it possible to nest $GENERATE directives?
I have to create DNS for /16 subnet...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu
rimary on on machine and a secondary server on a separate
machine. Errors are on the primary server.)
what's the primary server? maybe broken DNS implementation
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Var
selected based on an RTT(round-trip-time)-based algorithm"
So which is correct?
both are. The ARM does not say they are queried in defined order.
The order is defined by RTT
And did it change at some point?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I w
verlooked something ?
it's just a file name. You can use "myrevzone" as long, but using
db.192.168.42 is much more explanatory.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adres
means it's not there. This is not just
documented standard - doing it differently would make DNS unreliable.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek rekl
in one email. Let the reader
focus on one subject.
I am using Thunderbird to read the emails. Should I use something else
to read it? Any suggestions are welcome.
This is my feeling. But, maybe you are happy with it.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
DOMAIN
note that nslookup is very bad program for tracking DNS errors.
use "host" or "dig" for that case.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chc
tware with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish N
ried to query directly to the hosting that managed it to
determine the cause.
your query of course makes sense under there curcumstances.
But delegating /24 subnet using RFC2317 delegation is useless, because in
fact you can delegate whole /24 directly
>> On Wed, Aug 19, 2020 at 7:42 AM Mat
On 20 Aug 2020, at 00:41, Matus UHLAR - fantomas wrote:
On Wed, Aug 19, 2020 at 7:42 AM Matus UHLAR - fantomas
wrote:
again, why you query for 250.0-24.199.212.125.in-addr.arpa
under normal circumstances there's no point of querying that name.
On 19.08.20 10:05, tale via bind-users wrote
On Wed, Aug 19, 2020 at 7:42 AM Matus UHLAR - fantomas
wrote:
again, why you query for 250.0-24.199.212.125.in-addr.arpa
under normal circumstances there's no point of querying that name.
On 19.08.20 10:05, tale via bind-users wrote:
Well yes and no. While an individual user would
ey should not block it.
again, why you query for 250.0-24.199.212.125.in-addr.arpa ?
under normal circumstances there's no point of querying that name.
there
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this addre
*.datavoiceint.com will cover .datavoiceint.com but not
anything under it.
you will have to strip the part or get other certificate.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem
:
https://lists.isc.org/pipermail/bind-users/2020-July/103389.html
I find it more readable.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R
was whether the A record is needed at zone apex.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners
y returned NODATA for MX record (effectively saying
there's no MX).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)
pretty sure this is *technically* allowed, but is it really OK to do or
are there reasons not to do this?)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek
elf, so it really only matters if
1.1.1.1 is not accessible from internet.
};
So, in this configuration, the abc.com will be forward to 8.8.8.8 or
1.1.1.1?
the latter.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this addr
that xml statistics are better than rndc stads, I admin
that they are kind fo better solution, however, I haven't found anything
better for cacti, that could process those than what we currently have:
https://docs.cacti.net/usertemplate:host:bind9.7
snmp support would be great.
--
Matus UHLAR
you mean client request _rate_ is too large?
2. why forward to 8.8.8.8 ? BIND can resolve by itself, it does not to
forward to 8.8.8.8
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu
can be used without checking with an authoritative
server for other RR types.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for p
hreaded>*
*Find attached POC Video. *
*Dear Team Waiting for your response and I want bounty(money) with an
Appreciation letter for my work and effort which I have given for *
*Thanks in advance *
*Ejaz *
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NO
-forgery-resilience-05
I guess source port 53 was meant long ago to avoid DNS from being
firewalled. However nowadays it's long time obsolete and unsecure.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie
to
themselves, so why the different names?
it's common when registrar is not the same as DNS master.
better contact either to fix that
While it may work, it can also cause unexpected problems.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail
On 03.04.20 14:20, David Alexandre M. de Carvalho wrote:
Where can I find about alternatives to point 2?
I have a windows subdomain configured in that way, never realized there was a
better way.
On 03.04.20 16:35, Matus UHLAR - fantomas wrote:
if you want to have subdomain with different set
s a valid option and it
worked in small scale on the testsystem, so we decieded to go this way.
If this needs to be changed, I need a reason besides of 'that is this way more
easy',
because these zones get generated from an automated system and I need an
argument to get a permission for a change request.
an automated system and I need an
argument to get a permission for a change request.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu
list, but this sounds like an almost
>perfect example of PowerDNS's LUA record type (or something with
>CoreDNS)
>Other than that, the only thing I can think of is BIND with DLZ and a
>database that returns a random subset from a DB query, but that sounds
>awful...
On Fri, Mar 20, 2
.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully
install from tar file, you must maintain it yourself (fix security
bugs etc).
I recommend installing from distro.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
< shubhamgo...@cdac.in
<mailto:shubhamgo...@cdac.in> > wrote:
Dear sir,
how can we improve my DNS Recursive resolver
speed.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to
authoritative server, or you have not.
What is the point of your request?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Where do you want
Matus UHLAR - fantomas wrote:
If you use cisco routers, ask network admins to disable any DNS "fixup"
functionality, because that usually causes problems.
On 14.02.20 12:47, Tony Finch wrote:
In my experience all Cisco PIX/ASA fuxup options are horribly broken and
should be turne
internet?
one bind is superflous there, isdn't it?
The error above occurred on the forwarding bind in the proxy dmz.
so the problem firewall is between "forwarding bind" and
"internet bind"
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wi
empty
domain payis.prod.app.pcp.cn.prod, and since it exists (although empty), the
*.prod.app.pcp.cn.prod does not apply to payis.prod.app.pcp.cn.prod nor to
any subdomain under it.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail
nd to send different IPs for different clients,
often just the one that is tropologically closest to the client.
Unfortunately, such CDNs don't provide all possible addresses so I guess you
are unlucky here.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to
s.isc.org/mailman/listinfo/bind-users
--
End of bind-users Digest, Vol 3356, Issue 1
***
"
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.o
fix it.
knowing their DNS when they are at home and use mobile data, plus a few
requests to google DNS could change their "it works when..."
I don't know how google DNS works, some reported it not following standard
much.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fa
On 12/30/19 12:07 PM, Matus UHLAR - fantomas wrote:
of course.
On 30.12.19 14:30, Grant Taylor via bind-users wrote:
The idea of an ISP telling me how to configure my DNS server causes
indigestion, possibly severe.
My registrar, the parent domain owner / operator, doesn't get to tell
me
.
Initial configuration is another story. That will likely involve
configuration at both ends. I.e. ISP delegating to customer and
customer configuring their name server appropriately.
On 12/27/19 10:48 AM, Matus UHLAR - fantomas wrote:
the ISP should the client what zone to configure
The only thing that I saw was a slip in that there is something
outside the local DNS server that needs to be configured for reverse DNS.
Am 27.12.19 um 18:48 schrieb Matus UHLAR - fantomas:
I think that it should be either change local DNS or call ISP to change it,
not both at once. Having
On 12/27/19 7:04 AM, Matus UHLAR - fantomas wrote:
there's obviously something broken in this setup. You don't have
to call the ISP if the reverse DNS changes.
On 27.12.19 08:58, Grant Taylor via bind-users wrote:
Why do you say that?
What do you see that's broken in the OP's configuration
.in-addr.arpa
30.246.2.186.in-addr.arpa
rfc 2317 describes how reverse DNS should be set up and it should work
automatically.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem
at the same time.
maybe modified version of the "host" command?
What can be the problem ? Because I expect only DNS traffic going to DNS1
because it is before DNS2 in /etc/resolv.conf.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to rece
not apply for packages outside of centos.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete
On 04.11.19 12:30, Computerisms Corporation wrote:
I am wondering if it is possible to create a CNAME in one zone to
resolve as a TXT record in another zone.
On 06.11.19 09:48, Matus UHLAR - fantomas wrote:
CNAME will not resolve as a TXT.
CNAME will make ALL types queries for original query
re or less as expected, the following dig command fails to
return a record.
dig -t TXT _acme-challenge.dom1.com
is is supposed to work this way. If it doesn't, you have an error somewhere.
Are you sure that there's no other _acme-challenge.dom1.com record than the
CNAME?
--
Matus UHLAR - fa
OMAIN)
[root@ns1 named]# named-checkzone crm365app crm365app.cyberia.net.sa.hosts
zone crm365app/IN: loaded serial 2015034459
OK
is your server in resolv.conf?
What does log say when you reload named?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish N
(which I can't clearly extract from your message)?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough fo
points to those
addresses).
To avoid this, you can point the MX for the domain to ".", some MTAs
understand this as "this domain doesn't provide mail service".
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail adverti
ote that BIND can do the same that google servers
(8.8.8.8) can do, and you'll avoid one hop.
simply don't forward but let BIND to resolve.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adr
or their
nameservers are unreachable.
If not, you can try using stub or static-stub zone and named masters list.
yes, this is case where it would be greas to use masters for forward zones.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receiv
DNSSEC enough to assure integrity?
and, how shall we resolve names of those HTTPS servers?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu
signing globally?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter any 12-digit prime number to continue
immediately.
Unless, there's too many zone transfers in which case BIND delays the
transfer. Also, there may be too many transfers on the master and it may
refuse the zone transfer temporarily. See the transfers-in and transfers-out
BIND options.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
; monitors the main Internet link and in
case it is DOWN automatically order to modify the FQDN records in DNS3 ???
can't your provider set you up a routing failover?
While it's doable in DNS, it has some drawbacks (requires short TTL) and
mainly: DNS is not designed to do this kind of stuff.
--
M
rset="UTF-8"
I would guess that lbutlr's complaint goes to HTML generated. Holy sh*t, it
looks as ugly as html mail generated in MS-Word from some 15 years ago
generallym, plaintext is better for use in mailing lists
... and sorry for OT, I shut up now
--
Matus UHLAR - fantomas
On 08/04/2019 13:05, Matus UHLAR - fantomas wrote:
> I believe there should be reserved gTLD for such usage.
On Mon, 8 Apr 2019 at 10:35, Xavier Humbert
wrote:
Is this not what the TLD /.invalid/ is supposed to be ?
On 08.04.19 13:18, Matthew Pounsett wrote:
RFC2606 reserves test, exam
users/organizations use private TLDsm, just like they often use private
IP ranges instead of public.
I believe there should be reserved gTLD for such usage.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address
will retrieve all of the required information (SOA, NS, and supporting
A/ records) to successfully insert the zone apex into the cache.
isn't SOA response limited in an ongoing RFC draft?
that would bereak stub zones too...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
gone, but it still has a leftover "recursion yes"
>> clause. Am I correct is assuming that this is now useless and can
>> be removed?
On 04.03.19 16:33, Niall O'Reilly wrote:
>If you want "general caching DNS service" to continue to work,
>you'll need to keep &
: QUERY, status: SERVFAIL, id: 57790
Op 05-03-19 om 16:32 schreef Matus UHLAR - fantomas:
SERVFAIL here.
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION
l localhost
;; Got SERVFAIL reply from ::1, trying next server
Server: localhost
Address:127.0.0.1#53
** server can't find extensus.nl: SERVFAIL
root@ns1:/usr/local/sbin#
--
this is in fact the same result, using the obsolete "nslookup" command
see the SERVFAIL in dig outpu
have forwarding set
to a server which does know the domain.
can you use "dig" instead of "host" to see what does your BIND know?
dig any extensus.nl.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to
the default, so if you remove it, it stays set
to yes (unless it's set to "no" somewhere).
recursion is the feature that allows BIND to resolve domains not configured
locally, you surely need it enabled.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NO
On 03.03.19 07:36, vivek wrote:
thanks, that means for Bind service to work we have to have the "recursion
yes" else the forwarder will also not work.
Actually I m bit confused between Recursive vs Iterative query mode , so
does this mean Bind will only work in Recursive query mode & this
ng the zone
configuration for resolving internal machines ,whether it make sense to use
"recursion yes" or not
"recursion yes" is required when you need to resolve outside zones. That
means, for most cases it's required for BIND to work.
--
Matus UHLAR - fantomas, uh...@fantomas.sk
mail named[4833]: all zones loaded
Feb 20 21:40:16 mail named[4833]: running
do you actually have the "my.domain" in your nameserver configuration?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address
8.8.8.8;};
On 20.02.19 16:08, Kevin Darcy wrote:
Delegate needs.example.com from example.com and you should be set.
if this is not clear enough, it means that the "example.com" zone stored in
"static/antiphish.db" file must contain NS record for "needs":
nee
.default-zones";
>
> named.conf.default-zones:
> recursion yes;
> zone "teamviewer.com" {
> type forward;
> forwarders { 8.8.8.8; };
> };
>
> named.conf.local:
>
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT
Roberto Carna wrote:
Can you confirm thgis is true in 100% of clients???
On 20.02.19 14:11, Tony Finch wrote:
It's true of clients that follow the spec.
I would like to add that the spec mentions there mey be clients that use
only TCP.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
I
suggested?
There was some subsequent discussion about not relying on DNS resolution
as one's *only* control over what sites one's clients can or cannot access.
While I agree with that, my position is that there's nothing wrong with
controlling DNS resolution, in addition to other controls.
--
M
warders to 8.8.8.8. However, BIND can
do resolution well without forwarding. Also, this seems to be just the
opposite wht you describe above.
El sáb., 9 feb. 2019 a las 12:28, Matus UHLAR - fantomas ()
escribió:
On 07.02.19 16:30, Roberto Carna wrote:
>Desktops I mentioned can only access to web a
(and this is not what I want, it's what I'm trying to prevent))
So can you help me please???
you still have not answered my question:
what is the point of running DNS server with only two hostnames allowed to
resolve?
However, you can define empty type master "." zone, and bind wi
m resolve just teamviewer.com.
How can I do to forward only teamviewer.com zone queries to my resolvers???
what is the point of running DNS server with only two hostnames allowed to
resolve?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail a
Classless delegation is useful only for delegations less than /24
simply delegate 192.199.in-addr.arpa to 199.199.in-addr.arpa etc.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu
nts.
Garbage in, garbage out.
I see no bug.
well, either BIND should reject those records as invalid and not to send
them, or dig (from bind package) should not complain about malformed
responses.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-m
On 28.01.19 13:28, Umut Arus wrote:
Don't forget check your IPS. Some IPS rules and tcp ACL can block the
requests. For example, our Checkpoint IPS stopped the requests.
were they requests from you as client or to you as server?
On Mon, Jan 28, 2019 at 1:14 PM Matus UHLAR - fantomas via bind
from sending EDNS queries.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
t does not support
"fixed" ordering by default. Fixed ordering can be enabled at compile time
by specifying "--enable-fixed-rrset" on the "configure" command line.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail ad
lapps.com.172800 IN NS ns-33.awsdns-04.com.
c.b.jilapps.com.172800 IN NS ns-540.awsdns-03.net.
servers for c.b.jilapps.com send this, servers for jilapps.com send
referrals to c.b.jilapps.com servers
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
W
101 - 200 of 924 matches
Mail list logo