com.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her frie
On 15.10.13 22:53, babu dheen wrote:
To: Matus UHLAR - fantomas , "bind-users@lists.isc.org"
Hi Matus,
you don't need to send me private copies - we are using a mailing list for
a purpose... thank you.
If I change the TTL value on the particular zone after modifying a
to sane standard value (e.g. 43200).
You may ask for access to win2003 servers to manipulate their caches, or
configure your zone as slave on them and send notifies to them, so they
notice as soon as possible.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish
makes me wonder:
-Is this addressed by a standard? E.g.,
the nameserver's A record have the same
TTL as NS records pointing at it.
It should be the same, when the server is in the domain. I met exactly
those issues when NS record had longer ttl then the A record in the same
domain.
includes (I recommend you
not goind more than one level of inclusion) were are the view definitions.
you said Check their match-* directives, post them here if possible.
check all used files and view definitions for "match-" directives.
--
Matus UHLAR - fantomas, uh...@fantomas
should NOT mention both IPs in any view.
hosts from internal view should get internal IP and hosts from external view
should get external IP.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto ad
issue.
you apparently have not configured views properly. only clients that are
supposed to get internal private addresses should be in internal view.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address
ws machines (I still feel it's better to install bind9 with "tools
only" on windows than using nslookup). using ping is not a good idea for DNS
testing.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this addres
simply provides you the remaining TTL. If you do it again, you will see
TTL has either decreased in the time difference, or the records were fetched
again.
the discussion a few days ago has revealed that BIND does not recursively
fetch records when you send ANY query.
--
Matus UHLAR - fantomas, uh..
?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them you
to forward 7.7.7.in-addr.arpa, 7.7.in-addr.arpa or
7.in-addr.arpa, depending on what is configured on 10.212.24.11.
BTW, are you aware that 7.7.7.7 is used by DoD and 9.9.9.9 by IBM?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail adverti
do dig -x 7.7.7.7, which is in the configured zone for DNS
10.212.24.11, i am not able to get the responses cached.
what is the TTL of those NXDOMAIN answers?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
t blocks DNS?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamili
On 17.08.13 10:36, Mimiko wrote:
I created a zone with the following:
[...]
But the answer is always un-authoritative. Why is this?
did you also configure the server to be master forthe zone?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to
On 8/10/13 3:37 AM, Matus UHLAR - fantomas wrote:
however, reverse DNS records must not be zero-filled (those won't be taken
into account)
On 10.08.13 10:26, Eduardo Bonsi wrote:
I put zeros just as an example.
it can be 111.111.111.111 where 1= (any ipv4 number) or
000.000.000.000. wh
nd charge you for it.
... and please, do not tell me that is to keep the spammers out
because that so far has not proven to be true. The bad guys have an
unlimited number of domains to do their dirt work everyday.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish N
In article ,
Matus UHLAR - fantomas wrote:
No, it does not. If a mail gets delivered to address, which is sending it
further ("forwarding it"), the envelope sender has to be changed, because
it's not the original sender who sends the another mail. Forwarding without
changing e
-addr.arpa
maintained by the client.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BS
g without
changing envelope address is already broken, it's just people don't care
without SPF.
I have a case I am researching right now
where forwarded mail is undeliverable due to SPF checking at the
new destination.
Rewrite the sender's address. You have more choices,
ragraph 6.2; and Appendix A point 4.
This was discussed here already, and imho this is anti-spf bullshit like
all those "spf breaks forwarding" FUD. The SPF RR is already here and is
preferred over TXT that is generik RR type, unlike SPF.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ;
; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ns1.alfransi.com.sa. IN ANY
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT aku
ts.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Matus
changed to
zone "110.252.173.in-addr.arpa" IN {
All the requests for
173.252.110.0-173.252.110.255 is forwarded to 10.10.96.1.
Use 110.252.173.in-addr.arpa then. You should be aware that the IP range
belongs to facebook, as already noted.
--
Matus UHLAR - fantoma
o.za.
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +norec any rbcaa.co.za.
; @babylon.mitsol.co.za.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 52980
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
--
M
UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's
/ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html#id2576269
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu pos
tware should get NXDOMAIN answer. in such
case there's nothing to wait for any longer.
Are you sure that was not a case of unreachable servers?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovani
to implement packet rate limiting - a patch was
discussed here a few days/weeks ago.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etr
>In article ,
> Charles Swiger wrote:
>> Certainly. Various software performs what's called a double-reverse
>> lookup
>> to confirm that the A and PTR records match.
In article ,
Matus UHLAR - fantomas wrote:
He apparently meant exactly the same. Also calle
pen. I don't know of anything to be gained by
requiring a reverse lookup after a forward lookup.
He apparently meant exactly the same. Also calles FcRDNS - "forward
confirmed" or "full circle" reverse DNS.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantoma
.
If they are accessible from us, of course. We could check it ourselves and
see how it behaves from the net.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
ssues and overall my DNS was just erratic. I have now moved all of my
secondary to BuddyNS with much better redundancy, and I figured out what
was causing my ns1 to be glitchy.
Can you tell us what, just for evidence?
Thank you.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantom
alling software from scratch.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective
f DNS load
balancers...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windo
mail/bind-users/2013-June/090970.html or pcap
format at http://test.fantomas.sk/74.87.108.83.dns.pcap
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu
r the zone, the given NS records prevail over delegation
from parent zone.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, wh
On 24.06.13 07:41, Frank Bulk wrote:
Interesting to note that querying for ANY does return an SOA. I can't
explain that behavior.
On 24.06.13 14:54, Matus UHLAR - fantomas wrote:
I can guess a kind of DNS filter/firewall. Some l3 switches or load
balancers tend to produce strange result
you have
no SOA set for for ns1.starionhost.net:
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only
ional records being
sent from a selected list of zone in our configuration..
You still have not answered my question, so I repeat it:
> What is the point of your question?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising
as it is. However if you want to have clean
shield, there's one thing abovbe to fix (PTR to nonexistent name).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
message, it can mean anything. Which MX server started
bouncing meil? Is ns1.starionhost.net reachable from that server?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
I would be interested to hear about any red flags you may see.
I don't see any ... since the problems reported were not true, we may assume
there was no problem causer by one of your servers' outage.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I w
On 21.06.13 02:00, blrmaani wrote:
The additional-from-auth yes_or_no ; option is a global option. I would
like to know if there is a per-zone configuration to do the same in BIND9
configuration? I couldn't find it in BIND9 ARM.
What is the point of your question?
--
Matus UHLAR - fan
above, authoritative and glue NS records should
be the same). But don't tell me that you use TTL so small that someone
would notice.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto ad
.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watson. --
resubmitting a query after NXDOMAIN is received is an ugly hack and
violates the DNS principles. The problem must be solved by DNS tools.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tu
ers { stealthMasters; };
notify explicit;
also-notify { publicSlaves; };
allow-transfer { localhost; transferees; };
};
Have you looked carefuly enough, and to the correct file if there is no
missed character that makes the configuration invalid?
Have you run named-checkconf w
ould a loop not occur if the forwarder
matches this view?
local domains are served locally. Only recursive queries are being
forwarded.
To ask the question another way, does the zone statement take precedence on
matching queries over any forwarding?
yes.
--
Matus UHLAR - fantomas, uh...@fanto
;t do that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a tal
logical to ask again if
someone replies THERE IS NO SUCH RECORD. You need to fix your DNS
infrastructure, not try to circumvent it's issues.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie:
m which are specific authoritative
DNS servers to mycompany.com But administrator does not know which one has
it
So, is that mytestdomain101.com or mycompany.com or mygeo1.mycompany.com?
It would be easier to look at the problem if you provided us correct data.
--
Matus UHLAR - fantomas, uh..
On 21.05.13 11:03, Mark Andrews wrote:
>The simplest solution is to slave the root zone and
>turn off notify to so you don't spam the official
>root servers. 192.5.5.241 is f.root-servers.net.
In message <20130521072352.ga17...@fantomas.sk>, Matus UHLAR -
oot";
masters { 192.5.5.241; };
notify no;
};
I thought this is not oficially recommended for ordinary users to prevent
root servers from being overloaded (transfers use much more resources than
ordinary lookups). Has this changed?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http:/
e services broken like this of
any ISP. I'd even recommend not to use ANY services of such ISPs.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu pos
On 09.05.13 10:21, Tony Finch wrote:
> Right. Give each student a subdomain of some existing domain, even if the
> subdomains aren't publicly delegated.
Matus UHLAR - fantomas wrote:
yes, so they will start using it in their job and home.
On 09.05.13 16:01, Tony Finch w
heir job and home.
...I still think it would be better to have reserved private TLD for
intranets as we have IP's in rfc1918 (plus rfc6598 for ISPs)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Va
don't like to see. The filtering or
diferentiating messages can be done on better way than modifying subject.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
t way.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite?
accessible and their RTT. It tends to prefer
theone with shoertet RTT but ocasionally re-tries (RTT can change over
time. If notice comes, BIND tends to prefer server that has sent it.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising
bind 9.4 has also "check-names response";
Ok, I'm reading up on that now. Should I be able to suppress the logging
using: "check-names response ignore;" ?
This should be the default. Also, current version could have better handling
of this issue...
--
Matus UH
13 00:45:37.447 general: warning: zone
/IN: gc._msdcs./A: bad owner name (check-names)
default.log:12-Apr-2013 00:45:37.447 general: warning: zone
/IN: gc._msdcs./A: bad owner name (check-names)
Hmm, aren't those supposed to be SRV reco
also complain if the service does not work
properly
if you want to be really a bitch, you can set up recursive view with "."
domain providing * records.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this
52538: view
external: query (cache) 'hao.360.cn/A/IN' denied
Aren't thosedomains pointing their NS onto your nameserver? What's your IP,
if it's not secret?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-ma
why securedns is the only way to avoid this
attack.
Once the spoofed answer with guessed ID and containing NS records of
attacker's servers is accepted, the attacker owns the domain at least within
your nameserver.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
s to three servers, of which one
returns positive answer and two reply NXDOMAIN (no such host).
seems someone configured invalid serial to reverse zone and now slaves don't
fetch updates...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-m
ND servers, although you may want to have
at least two of them, to have backup if one fails.
imho you should first answer my first question and then you see if you need
to increase clients-per-query or not.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT
ames that don't start with www. is the common case now. Can we
save our energy for something more productive?
Why did you post this then?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie:
lid record?
because while delegation NS records are OK, the NS records in domain itself
are broken. With the first lookup you may get the answer from the parent
servers, but later lookups will use broken NS records and thus they will
fail.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.f
root dns populate issue or
something else? Is there a way to force DNS server to update from root?
dopmain positivebrain.asia has invalid NS records. maybe a web DNS checker
could provide correct answer, although you must try more of them...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
firewall level.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept
like this:
On 28.03.13 17:00, Ben-Eliezer, Tal (ITS) wrote:
Hi Chris, this looks interesting, I'll do some testing and report back!
Note that this way you won't maintain two copies of the same file, but three
different files and with each change you'll have to choose where to
ame result as Chris. Please show us how you do the "dig".
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up
answer the
authoritative data.
You have said you do not have recursion allowed, why do you expect it to be
allowed now?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
l
incoming traffic to your DNS server where source port is 53.
all the "security" is useless if blocks your service. Luckily, most of
firewalls can track the "connection" state.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to rece
ve DNS that are declared as
a forwarder in the named.conf.options settings.
Why do you define such forwarders in named.conf at all?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu c
. Are there other limitations I should be aware of while developing my script?
Yes, you should not abuse any service, whether you monitor it or not.
For example, you should not send extensive queries to foreign servers.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warni
from TCP+UDP port 53 coming to any >=1024 port on
your nameserver.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for g
27;t see anything in the release notes for 9.8.4/9.8.5 - any ideas?
This is with the Spamhaus DBL, in case it matters.
do you have local copy of spamhaus DBL?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address
l.com :
; <<>> DiG 9.8.1-P1 <<>> mail.com
[...]
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
this is clearly a cached answer (aa flag is missing). How did you come to
the conclusion that caching does not work?
--
Matus UHLAR - fanto
ed AS number for this, provider-independent IP Addresses are
quite enough (at least here in Europe)
I just did not want to explain this more deeply - that is question for the
OP and their ISP.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e
ssibly detect the link outage sooner
and switch to another link, maybe with NATting to other IP. However, your
DNS problem chould be solved by BIND configuration.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this addre
On 28.02.13 08:41, Abdul Khader wrote:
Is there a way to flush MX records from the cache of a caching DNS server ?
No. You only can flush whole cache (rndc flush) or flush records for given
domain (rndc flushname).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
re people just can not put their own domain anywhere in
the DNS tree, because they simply do not have any domain seen in the public
available (no company's domain, using multiple ISPs etc)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-m
said: ANYONE, DO NOT ALLOW RECURSION FOR OUTSIDE CLIENTS. EVER.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's sp
file.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
-stub;
server-addresses { 192.168.1.23; 192.168.1.24; };
};
so a "type static-stub" works, while "type forward" does not?
Is this another difference between those two types?
("type forward" has one advantage: it allows standard resolving to
is really allowed.
Then what is the basic recursion option for now? Is it just a
hold-over from more trusting days?
it's kind of general switch to allow/deny recursion.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertisi
rticularly when we are suppose to have
different views for different clients.
So for my internal view where I:
match-clients{ httnets; };
match-destinations{ httnets; };
recursion yes;
allow-query{ httnets; };
On 02/21/2013 10:40 AM, Matus UHLAR - fantomas wrote
searching.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse
__
he httnets ACL?
, so nothing should be querying cache?
correct, no external hosts should query your cache.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
or NS records for the
BIND to know who to ask for records.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dve
.
expire 604800 change that to 4w
not needed but
and negative cache value 86400 drop that to no more than 3600,
maybe even just use 600.
I agree with this one. Value 86400 for negative cache is widely used, but
mostly from obsolete understanding of SOA field name "minimum".
--
Ma
ny of them.
when BIND (or whomever) logs nameserver it should log both name IP.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is l
reason behind it that both
servers' having queries ?
there are cases where DNS resolver sorts IP addresses and thus prefersone of
them. There are also cases where DNS resolver measures response time and
uses the faster DNS server.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ;
184.142.in-addr.arpa.
Saturn works OK for most questions, and returns a PTR record if you ask
for ANY, but if you request a PTR directly it ignores you.
some kind of lame DNS "load balancers"?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish N
getting non-authoritative responses, but with recursion
allowed. Both are unexpected so named complains.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek rek
Matus UHLAR - fantomas wrote:
On 16.01.13 14:57, Baird, Josh wrote:
> Is it acceptable to have a wildcard CNAME? Example:
>
> * IN CNAMEsomewhere.com.
>
> Or, would it be advised to only use wildcard 'A' records?
while it is t
ble to use solutions
that require wildcards ;-)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential libert
onality. I advise
check with more of them, since there's none I would completely trust.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu pos
should do
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture s
501 - 600 of 1050 matches
Mail list logo
