On Tue, Apr 24, 2018 at 07:21:34PM -0700, Mukund Sivaraman wrote:
> On Tue, Apr 24, 2018 at 06:03:43PM +0530, Blason R wrote:
> > I am building DNS RPZ on named BIND 9.9.4-RedHat-9.9.4-51.el7_4.2
> > (Extended Support Version).
>
> RPZ in BIND 9.9 is experimental and unsupported (except for the
>
So I have domain.com, controlled by AD, but want to delegate
subdomain.domain.com to an external DNS server on the Internet (Amazon
Route53).
This is easy to do for my external version of domain.com as I can just
add
subdomain.domain.comNS amazonserver.com.
However, our AD servers a
ernal' caching
> servers to slave your AD zones as well.
>
> Cheers,
>
> Josh
>
> -----Original Message-
> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Ray
> Van Dolson
> Sent: Tuesday, November 8, 2016 7:10 PM
> To: bind-users@lists.i
Greetings;
Am reviewing our DNS setup which has organically evolved over the years
and most certainly is due for an update:
- We have AD servers responsible for our primary domain (internally).
- We have other sets of AD servers responsible for other domains in
DMZ's and such.
- We have a BIN
Have a resolver at a branch office with a view containing a stub zone
as follows:
zone "domain.com." IN {
type stub;
masters { 10.216.11.6; 10.58.4.1; 10.50.4.32; };
file "stub/domain.com";
forwarders {};
};
Other notes:
- "domain.com" is an Active Directo
We have a Lync 2013 environment with all of its DNS records living
within our primary domain (esri.com). I have a need to override all of
the Lync related DNS records so that they resolve differently for a set
of client IP's (clients which connect via VPN).
Unfortunately, the only solution I'm re
Not BIND-related specifically... (though the server below could be
running BIND I suppose).
This seems weird. Why is this authoritative server returning *some*
answers with decrementing TTL's?
$ dig @ns1.dtra.mil dtra.mil NS
; <<>> DiG 9.7.4-P1-RedHat-9.7.4-2.P1.fc14 <<>> @ns1.dtra.mil dtra.mil
On Mon, Apr 28, 2014 at 04:31:28PM +, Baird, Josh wrote:
> Hi,
>
> We currently use the Men & Mice DNS/IPAM/DHCP suite which is
> essentially a front-end "wrapper" for BIND. We deploy our own BIND
> boxes and simply install the Men & Mice agent on them which allows us
> to centrally manage th
On Mon, Jul 29, 2013 at 10:25:21AM -0500, Brad Bendily wrote:
> Hi Ray,
> Did you ever get a resolution on this?
> We have had intermittent trouble getting to:
> www.nws.noaa.gov sites and the fix has been a full restart
> of the named service. I wasn't really sure how or where to
> start troubles
On Wed, Jul 17, 2013 at 02:55:49PM -0700, Michael Sinatra wrote:
> >> Try contacting dotgov.gov
> >>
> >> regist...@dotgov.gov or 877-734-4688 or 703-948-0723
> >>
> >> They'll have phone numbers for the people they need to contact for fbi.gov
> >> to
> >> get things fixed.
> >
> > Which would
On Wed, Jul 17, 2013 at 01:58:25PM -0400, Bill Owens wrote:
> On Wed, Jul 17, 2013 at 09:49:18AM -0700, Ray Van Dolson wrote:
> > Hello;
> >
> > Running BIND 9.8.2 in RHEL6 (at the latest vendor provided version --
> > bind-9.8.2-0.17.rc1) and trying to trou
Hello;
Running BIND 9.8.2 in RHEL6 (at the latest vendor provided version --
bind-9.8.2-0.17.rc1) and trying to troubleshoot an issue resolving
ic.fbi.gov that seems to be DNSSEC related.
Am fairly certain of this because if I set dnssec-enable and
dnssec-validation to no (have them at 'yes' norm
On Mon, Dec 17, 2012 at 11:09:57AM -0500, wbr...@e1b.org wrote:
> Ray wrote on 12/17/2012 11:04:19 AM:
>
> >
> > zone "selfservice" {
> > type forward;
> > forwarders { adserver; };
> > };
>
> Does this work?
>
> zone "selfservice." {
>
Nope -- had tried that as well with no luck.
I'm not sure quite how to properly describe this, and as a result my
searches aren't turning up much
To support a legacy app, I need to have a domain defined called
"selfservice" so I can support resolution of "www.selfservice". Yes,
no trailing .com, .net, etc ugly, but I need it for now
On Tue, Dec 04, 2012 at 09:45:07AM +, Phil Mayers wrote:
> On 12/04/2012 02:44 AM, John Hascall wrote:
> >
> >We have found that RPZ works quite well for us.
> >We have 366825 names in our RPZ zone at present
> >and scaling thus far has been a non-issue.ot (
>
> Likewise. We have 675k entries
On Thu, Jun 23, 2011 at 01:58:37PM -0700, Phil Mayers wrote:
> On 06/23/2011 09:27 PM, Stefan Certic wrote:
> > Thanks Chuck
> >
> > Yes, that would be a solution, but i need logs processed through syslog and
> > stored into database (matching the initial query from query log).
> >
> > Pharsing tcp
On Tue, May 31, 2011 at 11:38:13AM -0700, Supersonic wrote:
> I have a BIND 9.8.0-P2 server instance running on a production server. My
> firewall is showing repeated attempts by named.exe to connect to IP addresses
> in foreign countries on ports , 6667 and 6669 - common IRC ports used by
> wo
On Mon, May 03, 2010 at 04:54:38PM -0700, Doug Barton wrote:
> On 05/03/10 16:46, Ray Van Dolson wrote:
> > On Mon, May 03, 2010 at 04:20:30PM -0700, Doug Barton wrote:
> >> On 05/03/10 09:34, Ray Van Dolson wrote:
> >>>
> >>> I believe having
On Mon, May 03, 2010 at 04:20:30PM -0700, Doug Barton wrote:
> On 05/03/10 09:34, Ray Van Dolson wrote:
> >
> > I believe having edns-udp-size set at 512 gives us maximum
> > compatibility with anything out there behind a broken firewall, etc,
> > though we should lo
On Mon, May 03, 2010 at 01:16:53PM -0700, David Miller wrote:
> All,
>
> There has been quite a bit of FUD bouncing around the net regarding the
> May 5th signing of the root zone and the sky falling (or at least
> massive failures across the internet). I have been asked multiple times
> about
anation for what you're
> observing.
>
> Cathy
Thanks Cathy, that makes sense.
I believe having edns-udp-size set at 512 gives us maximum
compatibility with anything out there behind a broken firewall, etc,
though we should look at removing the limit at some point in the future
when p
Have been doing some testing[1] of our firewalls and DNS servers for
the upcoming signing of the last root server and ran into something I'm
not completely sure about.
The tests in the ISC post[1] from earlier this year run fine when
pointed directly at the L server (IOW, our firewalls do handle t
On Fri, Jul 31, 2009 at 06:25:50AM -0700, Jeff Lightner wrote:
> For those of you using the canned RHEL BIND packages they sent out
> errata information for RHEL3, RHEL4 and RHEL5 overnight. They’ve
> backported the fix into the BIND 9 versions used.
>
> As noted in Q&A here the dynamic update i
equirement on this /dev/poll file.
Regardless all seems to be working OK now.
Ray
>
> -Original Message-
> From: bind-users-boun...@lists.isc.org
> [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Ray Van Dolson
> Sent: Wednesday, February 11, 2009 14:35
> To: bin
On Wed, Feb 11, 2009 at 12:30:19PM -0800, Worrell, James J Mr CIV US DISA GS4T1
wrote:
>
> Greeting!
>
> I am trying to load bind patch 119783-10 on a Solaris 10 system running
> DNS 9.35-p2 and ran into several problems. I suspect that the root
> cause is due to the security posture that we ha
On Tue, Jan 13, 2009 at 05:00:38PM -0800, Ray Van Dolson wrote:
> On Tue, Jan 13, 2009 at 04:35:46PM -0800, Mark Andrews wrote:
> > The number of nameservers that fail to respond to EDNS
> > queries is miniscule. The majority of nameservers on the
> > n
On Tue, Jan 13, 2009 at 04:35:46PM -0800, Mark Andrews wrote:
> The number of nameservers that fail to respond to EDNS
> queries is miniscule. The majority of nameservers on the
> net actually talk EDNS.
>
> I suggest that you re-analyse the failures to determine
> t
I know what ISC will say on this -- that we should be tracking down
people whose DNS servers or network infrastructure blocks or impedes
EDNS... this is fine and well, and we do make such efforts, but often
times networ owners are unresponsive and our own customer demands
compel us to disable EDNS
28 matches
Mail list logo
