Re: Question About Recursion In A Split Horizon Setup

On 4/17/20 9:50 AM, Bob Harold wrote: > > Agree, that's odd, and not what the man page says.  Any chance that there is > some other DNS helper running, like resolved, nscd, dnsmasq, etc? Nope. This is vanilla FreeBSD with vanilla bind running. > 'dig' should tell you what address it used, at

Re: Question About Recursion In A Split Horizon Setup

On Fri, Apr 17, 2020 at 10:34 AM Tim Daneliuk wrote: > On 4/17/20 7:26 AM, Bob Harold wrote: > > > > On Thu, Apr 16, 2020 at 7:17 PM Tim Daneliuk > wrote: > > > > We have split horizon setup and enable our internal and trusted hosts > > to do things as

Re: Question About Recursion In A Split Horizon Setup

On 4/17/20 7:26 AM, Bob Harold wrote: > > On Thu, Apr 16, 2020 at 7:17 PM Tim Daneliuk > wrote: > > We have split horizon setup and enable our internal and trusted hosts > to do things as follows: > >     allow-recursion { trustedhosts; }; >    

Re: Question About Recursion In A Split Horizon Setup

On Thu, Apr 16, 2020 at 7:17 PM Tim Daneliuk wrote: > We have split horizon setup and enable our internal and trusted hosts > to do things as follows: > > allow-recursion { trustedhosts; }; > allow-transfer { trustedhosts; }; > > 'trustedhosts' includes a number of public facing IPs as

Re: Question about CVE-2019-6477: TCP-pipelined queries can bypass tcp-clients limit

Hi Veronique, What is being logged is individual queries (or rather, query responses in actual fact, as those queries are responded to). It doesn't make any difference to the logging how they arrived - each query is logged independently, whether it was pipelined over TCP, arrived non-pipelined,

RE: Question about CVE-2019-6477: TCP-pipelined queries can bypass tcp-clients limit

Many thanks for your reply. It answers the second part of my question. But what about the first part of the question: " If a client is using TCP-pipelining, and if querylog channel is enabled, what will appear in the query log file for that client ? Shall we see one line per DNS query, i.e. N

Re: Question about CVE-2019-6477: TCP-pipelined queries can bypass tcp-clients limit

On 21/11/2019 14:40, Veronique Lefebure wrote: > Hi, > > I have a question regarding the vulnerability described in the mail below. > > If a client is using TCP-pipelining, and if querylog channel is enabled, what > will appear in the query log file for that client ? > Shall we see one line per

Re: Question about at zone transfer behaviour on slave

On Wed, Jun 5, 2019, 10:09 PM Techs-yama wrote: Have a question about at zone transfer behaviour on slave server. In case of slave zone configure and restarting named on slave server, After the named restart, It looks like starting polling to the master server for zone transfer by slave

Re: Question about at zone transfer behaviour on slave

Thanks for reply. Sorry I'm write wrong, It is about when configure the slave at the first time. What do trigger on polling at the timing? Because I think slave server do not have soa date at first time. Also, assuming that have not received notify from the master. Thanks and regards.

Re: Question about at zone transfer behaviour on slave

You are looking for the refresh timer in the SOA if you mean the timer for a slave to check the serial with the master. On Wed, Jun 5, 2019, 10:09 PM Techs-yama wrote: > Hi all, > > Have a question about at zone transfer behaviour on slave server. > > In case of slave zone configure and

Re: Question about Delegation/forwarder

In article , Gawan Re wrote: > Hello, > > I have a bind server with recursion disabled. So this should be an authoritative-only nameserver, not a resolving nameserver. > One of the subzone is delegated to external name servers for which we are > not authoritative. The records inside this

Re: Question about Delegation/forwarder

On 4/26/19 1:14 PM, Gawan Re wrote: Any help will be appreciated. It's my understanding that recursion is required to answer any queries not contained within local authoritative data. Can you slave the delegated zone off of the server it's delegated to? That would make your server have an

Re: question about "Assertion Failure" in BIND

> On 7 Mar 2019, at 9:36 pm, 徐明杰 wrote: > > Hello all, I have some questions about "Assertion Failure" in BIND. > Most of the security advisories report that the security bugs can result in a > assertion failure. I'm not familiar with event-driven programming paradigm, > so I' not sure if

Re: question about "Assertion Failure" in BIND

On Thu, Mar 07, 2019 at 06:36:09PM +0800, 徐明杰 wrote: > Hello all, I have some questions about "Assertion Failure" in BIND. Most > of the security advisories report that the security bugs can result in a > assertion failure. I'm not familiar with event-driven programming > paradigm, so I' not sure

Re: Question about visibility

Hi there, On Thu, 25 Oct 2018, Grant Taylor wrote: On 10/24/2018 06:15 AM, G.W. Haywood via bind-users wrote: A server on a non-standard port is often neglected.? Its security may be less well maintained than one that is intentionally public. Why and how do you make that correlation?

Re: Question about visibility

On 2018-10-24 07:24, Timothy Metzinger wrote: There's no security in obscurity.  Automated port scanners will sweep your system in a couple of seconds. There is *limited* security in obscurity but it's a valid layer. Obviously insufficient as an only layer... As a trivial example, I get

Re: Question about visibility

On 10/24/2018 07:24 AM, Timothy Metzinger wrote: There's no security in obscurity. Obscurity by itself is not security. Obscurity can be one many layers of security. Automated port scanners will sweep your system in a couple of seconds. Yes, automated scanners can scan all the ports on a

Re: Question about visibility

On 10/24/2018 06:15 AM, G.W. Haywood via bind-users wrote: A server on a non-standard port is often neglected.  Its security may be less well maintained than one that is intentionally public. Why and how do you make that correlation? Are you implying that some people think that because

RE: Question about visibility

ush global) Will only allow 2 connections within two minutes before the host is blacklisted. John -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Paul Kosinski Sent: Wednesday, October 24, 2018 11:24 AM To: bind-users@lists.isc.org Subject: Re: Ques

Re: Question about visibility

zinger > > From: bind-users on behalf of G.W. > Haywood via bind-users Sent: Wednesday, > October 24, 2018 12:15:10 PM To: bind-users@lists.isc.org > Subject: Re: Question about visibility > > Hi there, > > On Wed, 24 Oct 2018, Hardy, Andrew wrote: > > > F

Re: Question about visibility

There's no security in obscurity. Automated port scanners will sweep your system in a couple of seconds. Tim Metzinger From: bind-users on behalf of G.W. Haywood via bind-users Sent: Wednesday, October 24, 2018 12:15:10 PM To: bind-users@lists.isc.org Subject: Re: Question about visibility

Re: Question about visibility

Hi there, On Wed, 24 Oct 2018, Hardy, Andrew wrote: Further to the original post, as well as not creating a DNS record and "possibly" adding robot.txt with appropriate content, as discussed, I presume that if I run the http server on a personally selected unprivileged port then it is very

Re: Question about visibility

Further to the original post, as well as not creating a DNS record and "possibly" adding robot.txt with appropriate content, as discussed, I presume that if I run the http server on a personally selected unprivileged port then it is very "unlikely" the site pages will be indexed/discovered/etc

Re: Question about visibility

On Thu, 11 Oct 2018 15:39:55 -0400 Barry Margolin wrote: > In article , > Dennis Clarke wrote: > > > On 10/11/2018 03:21 PM, Leonardo Rodrigues wrote: > > > Em 11/10/18 16:13, Barry Margolin escreveu: > > >> > > >> If you accidentally, or someone else intentionally, create a > > >> link

RE: Question about forwarder zones

, 2018 1:56 PM To: bind-users@lists.isc.org Subject: RE: Question about forwarder zones ATTENTION: This email came from an external source. Do not open attachments or click on links from unknown senders or unexpected emails. Based upon everything that I am reading it is name specific. To wit

RE: Question about forwarder zones

Based upon everything that I am reading it is name specific. To wit: ".. forwarding rules apply to queries for all domain names that end in the domain name of the zone." So it would follow that "example.com" would not get queries for "reallycool.example.com" if zone forwarding is configured

Re: Question about visibility

In article , Dennis Clarke wrote: > On 10/11/2018 03:21 PM, Leonardo Rodrigues wrote: > > Em 11/10/18 16:13, Barry Margolin escreveu: > >> > >> If you accidentally, or someone else intentionally, create a link to the > >> site that uses the IP and put it on a web page that Google can get to, >

Re: Question about visibility

On 10/11/2018 03:21 PM, Leonardo Rodrigues wrote: Em 11/10/18 16:13, Barry Margolin escreveu: If you accidentally, or someone else intentionally, create a link to the site that uses the IP and put it on a web page that Google can get to, it will probably find the page.     robots.txt, on

Re: Question about visibility

Em 11/10/18 16:13, Barry Margolin escreveu: If you accidentally, or someone else intentionally, create a link to the site that uses the IP and put it on a web page that Google can get to, it will probably find the page.     robots.txt, on your website root, is your friend. Simply deny web

Re: Question about visibility

In article , Admin Hardy wrote: > I realise this is not specifically a BIND/DNS question and a bit off > topic so please ignore if need be I realise people are often very busy. > > If you you have a website but the host IP you do not list with any > domain name in DNS, is it definite that

Re: Question about visibility

Please see below. On 11/10/2018 18.13, Hardy, Andrew wrote: > Ok I'm a bit confused.  I have some questions re last post, copied below: > > I have done this some time ago, I made sure that there was no link > from any pages to the new site,  > ** So the new site (in development) would have no

Re: Question about visibility

Ok I'm a bit confused. I have some questions re last post, copied below: I have done this some time ago, I made sure that there was no link from any pages to the new site, ** So the new site (in development) would have no domain name mapped in DNS, so it seems unlikely that other sites and pages

Re: Question about visibility

I have done this some time ago, I made sure that there was no link from any pages to the new site, Google stayed away until somebody typed the address into the search field, then it was known. This is no guarantee of course as mentioned in other place but it worked for about 6 months. On

Re: Question about visibility

On Thu, Oct 11, 2018 at 1:26 PM Admin Hardy wrote: > > I realise this is not specifically a BIND/DNS question and a bit off > topic so please ignore if need be I realise people are often very busy. > > If you you have a website but the host IP you do not list with any > domain name in DNS, is it

Re: Question regarding different responses that I am getting for a lookup.

On 8/6/18, Bhangui, Sandeep - BLS CTR wrote: > Hello > > Not sure why I am getting different responses when I perform a dig on > sso.dol.gov. > > Dig is performed from a server which is capable of querying the root > servers….what could be the issue. Probably because the bls.gov server gets a

Re: Question regarding different responses that I am getting for a lookup.

They are probably using a load balancer of some sort that is choosing between multiple systems and directing you to the one closest or no under load at the moment. The low TTL is usually a sign of this as well. On Mon, Aug 6, 2018 at 2:12 PM, Bhangui, Sandeep - BLS CTR <

Re: Question about BIND and RPZ

Well I was working on the same but you really need to have good RPZ feeds. I subscribed to third party feeds and have worked on my RPZ but later you need to have good reporting engine. Hence better to have a dedicated RPZ server instead and that's what I could suggest. This is not marketing talk

Re: Question about BIND and RPZ

Sorry for confusion. I thought that you have access to the RPZ feeds. You can not trigger an RPZ rule by the recursion bit. You should contact to your DNS provider and ask them instead of NXDOMAIN provide you a different response which you can be used to trigger RPZ on your Bind (e.g. unused

Re: Question about BIND and RPZ

Hi Vadim, Thanks for the response, How will that zone policy differentiate between responses with the 'recursion available' bit set and unset? I do not have the list of malware sites, the DNS provider does not share it. Also I'm no expert with BIND so pardon any outside question. On Sat, Aug

Re: Question about BIND and RPZ

Hi Felipe, You do need to do that. You may configure redirect action on a zone level. Just add "policy cname domain" [ response-policy { zone zone_name [ policy ( given | disabled | passthru | drop | tcp-only | nxdomain | nodata | cname domain ) ] [

Re: Question abut reserv zone

Good morning, Am 2018-02-13 hackte Mark Andrews in die Tasten: > ISP’s are only scared of it because people may add “.sucks” as > the name in the > PTR record. ROTFL! > Mark Have a nice day -- Michelle KonzackMiila ITSystems @ TDnet GNU/Linux Developer 00372-54541400

Re: Question abut reserv zone

ing master/slave/stub/forward). But at least it > can be implemented using only BIND and its tools. > > > - Kevin > > > > > -Original Message- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Mark > Andrews > Sent: Monday, Febru

RE: Question abut reserv zone

using only BIND and its tools. - Kevin -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Mark Andrews Sent: Monday, February 12, 2018 6:19 PM To: Julie Xu <j...@westernsydney.edu.au> Cc: bind-users@lists.isc.org Subject: Re: Question abu

Re: Question abut reserv zone

In this example since the address is the same I would just pick one name (the name the machine knows itself as) and use that name for the PTR record. I would also use DNS UPDATE to update the reverse zones rather than editing master files. You can delegate update authority down to the

Re: Question about: "rate-limit: stop limiting responses to 1.1.1.0/24 for www.example.com"

Tom wrote: > Why does this logentry only appears about 60-65 seconds later, after > I've stopped the "test"-attack (confirmed multiple times..)? There's a hardcoded cleanup timeout of 60 seconds. The extra is (I think) due to the time needed to make the token bucket

RE: [Question] zone transfer issue with multiple views

2017 12:00 PM To: Matthew Pounsett <m...@conundrum.com> Cc: bind-users@lists.isc.org Subject: Re: [Question] zone transfer issue with multiple views Thanks guys. Let me play a bit and see how it goes. Cheers. Eoin From: Matthew Pounsett <m...@conu

Re: [Question] zone transfer issue with multiple views

Thanks guys. Let me play a bit and see how it goes. Cheers. Eoin From: Matthew Pounsett <m...@conundrum.com> Sent: Saturday, 9 December 2017 9:29 AM To: Eoin Kim Cc: Lightner, Jeffrey; bind-users@lists.isc.org Subject: Re: [Question] zone transfer

Re: [Question] zone transfer issue with multiple views

On 8 December 2017 at 17:37, Eoin Kim wrote: > Hi, > > > Thanks for your help. But is it possible to do it without additional IP > address? I thought that I am not really bad with BIND but as soon as I > started using views, I'm going nowhere [image: ] > > > In order for

Re: [Question] zone transfer issue with multiple views

From: Lightner, Jeffrey <jlight...@dsservices.com> Sent: Friday, 8 December 2017 11:38 PM To: Lightner, Jeffrey; Eoin Kim; bind-users@lists.isc.org Subject: RE: [Question] zone transfer issue with multiple views Sorry that 10.0.9.9 should be 10.9.9.9 – i.e. notify-

RE: [Question] zone transfer issue with multiple views

When we did it here we setup separate notify-source and transfer-source within the views on both the master and the slave. view "internal" { match-clients { internaldns; }; notify-source 10.9.9.8.; transfer-source 10.9.9.8; allow-transfer { dnsservers; }; ...then our zones for internal view

RE: question

Are you asking about the search algorithm in *DNS* (hierarchical, labelwise exact match, with aliasing and wildcarding special cases), or the algorithm by which *BIND* -- as one *implementation* of DNS -- accesses data in its internal structures (modified red-black tree, IIRC)?

Re: question about reverse zones and nsupdate

In message

Re: question about reverse zones and nsupdate

On 06/07/2017 02:18 PM, kevin martin wrote: I have tried to setup a reverse zone as 10.10.in-addr.arpa and perform 'update add' commands sending addresses like 22.22.10.10.in-addr.arpa and 2.5.10.10.in-addr.arpa and, in all cases, the update fails with NOTZONE. bind complains "update failed:

Re: Question on Bind validating resolver

Volker Janzen wrote: > > when my Bind resolver tries to get the A record for info.nominet.uk the > syslog gets lots of messages like this: > > Jan 25 21:15:52 box named[25097]: DNS format error from 173.245.58.93#53 > resolving info.nominet.uk/DS:

Re: Question about forwarders option access

Hi, Steve Thanks for comments! I was mistaken, recheck packet capture results, it was query to all server access in configuration. I thought single server access on first capture results But, I think better to more hight cache hit rate by sequential access(e.g. first access is static).

Re: Question about forwarders option access

On 14 November 2016 at 02:54, Techs-yama wrote: > Does not this configuration parameter [server address] is sequential access? No, it will use both, it will calculate the RTT for both servers and work out which one is responding faster and use that one for the majority of the

Re: Question on prod.msocdn.com

Just fyi, Found my problem here, our Tipping Point IPS was misbehaving for msocdn.com, all well now. The contributors on the ISC lists are a wealth of information and appreciated. best! jim On 11/9/2016 2:50 PM, Jim Glassford wrote: On 11/9/2016 2:42 PM, Jim Glassford wrote: On 11/9/2016

Re: Question on prod.msocdn.com

On 11/9/2016 2:42 PM, Jim Glassford wrote: On 11/9/2016 4:55 AM, Tony Finch wrote: Jim Glassford wrote: Doing dig +cd on prod.msocnd.com will get the CNAME, without +cd either timeout or SERVFAIL depending on version of bind. It works for me with BIND 9.11 and 9.10.4-P4.

Re: [Ext] Re: Question on prod.msocdn.com

On 11/9/2016 4:55 AM, Tony Finch wrote: Jim Glassford wrote: Doing dig +cd on prod.msocnd.com will get the CNAME, without +cd either timeout or SERVFAIL depending on version of bind. It works for me with BIND 9.11 and 9.10.4-P4. There are some EDNS-related changes in 9.10

Re: Question on prod.msocdn.com

Jim Glassford wrote: > > Doing dig +cd on prod.msocnd.com will get the CNAME, without +cd either > timeout or SERVFAIL depending on version of bind. It works for me with BIND 9.11 and 9.10.4-P4. There are some EDNS-related changes in 9.10 which might be why these versions are

Re: [Question] zone transfer not happening

Eoin Kim wrote: > > So, all zone data files were created and when I restarted BIND the zone > transfer happens except for one zone - reverse zone for external view. I > checked the log file and it shows the following message. > > general: info: zone

RE: Question about dynamic IPv6-PTR-Generation

Apologies for the double post, I was not finished with edits in my previous post: > John Levine wrote: > > >It is true at first glance the regex-esque syntax in our I-D may seem > > >a bit complex but I don't believe anywhere near the complexity of > > >NAPTR > > > > None of the complexity of

RE: Question about dynamic IPv6-PTR-Generation

> John Levine wrote: > > >It is true at first glance the regex-esque syntax in our I-D may seem > > >a bit complex but I don't believe anywhere near the complexity of > > >NAPTR > > > > None of the complexity of NAPTR is in the DNS or the DNS servers; it's > > all in the applications that use

Re: Question about dynamic IPv6-PTR-Generation

John Levine wrote: > >It is true at first glance the regex-esque syntax in our I-D may seem a > >bit complex but I don't believe anywhere near the complexity of NAPTR > > None of the complexity of NAPTR is in the DNS or the DNS servers; it's > all in the applications that use NAPTR. For DNS

Re: Question about dynamic IPv6-PTR-Generation

>It is true at first glance the regex-esque syntax in our I-D may seem a >bit complex but I don't believe anywhere near the complexity of NAPTR None of the complexity of NAPTR is in the DNS or the DNS servers; it's all in the applications that use NAPTR. For DNS servers, NAPTR is just a record

Re: Question about dynamic IPv6-PTR-Generation

Woodworth, John R wrote: > I respectfully disagree. I, although naturally biased, feel > strongly our I-D is something which should have existed since the > beginning of DNS. It allows address space to be "tagged" and > organized in a manner that just makes sense. > > Imagine if you will a

RE: Question about dynamic IPv6-PTR-Generation

> John R. Levine wrote: > > > Just curious, is there a fundamental reason you have to oppose this > > > beyond simply the scale? > > > > It's a cargo cult style extension of a not particularly useful IPv4 > > convention to IPv6. A much more useful convention that happens to be > > easier to

Re: Question about dynamic IPv6-PTR-Generation

PS: >I understand rwhois exists but it is much more complicated to manage >than DNS and for the most part is only used at the RIR level for >reverse IP namespace. This would probably be a good time to read up on RDAP. R's, John ___ Please visit

Re: Question about dynamic IPv6-PTR-Generation

>beginning of DNS. It allows address space to be "tagged" and >organized in a manner that just makes sense. We'll have to agree to violently disagree at this point. R's, John ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to

Re: Question about dynamic IPv6-PTR-Generation

>Though, if you want to participate in the cargo cult of generic PTRs, >you don't need the complexity of draft-woodworth-bulk-rr's regex-driven >templates in your nameserver. Knot DNS's "minimal viable product" >implementation is ~300 SLOC and uses a hardcoded template. Having looked at the

RE: Question about dynamic IPv6-PTR-Generation

> > Just curious, is there a fundamental reason you have to oppose this > > beyond simply the scale? > > It's a cargo cult style extension of a not particularly useful IPv4 > convention to IPv6. A much more useful convention that happens to > be easier to implement is that hosts with static

Re: Question about dynamic IPv6-PTR-Generation

John R. Levine wrote: > > Just curious, is there a fundamental reason you have to oppose this > > beyond simply the scale? > > It's a cargo cult style extension of a not particularly useful IPv4 > convention to IPv6. A much more useful convention that happens to be easier > to implement is that

RE: Question about dynamic IPv6-PTR-Generation

Just curious, is there a fundamental reason you have to oppose this beyond simply the scale? It's a cargo cult style extension of a not particularly useful IPv4 convention to IPv6. A much more useful convention that happens to be easier to implement is that hosts with static addresses have

RE: Question about dynamic IPv6-PTR-Generation

> I'll let the market decide. For now, such a requirement isn't even > a blip on the horizon as far as I can see. Understood. I guess we all have our own perspective and priorities. There are, however, several popular commercial DNS vendors I know first hand which are offering their own

Re: Question about dynamic IPv6-PTR-Generation

> > We're still in the early phases of IPv6. If sufficient ISPs drop PTR > > for dynamic IPv6 addresses, email providers and others who base some > > sort of "reputation" on IPv4 PTRs today will simply have to adapt. > > > Steinar, > > I think this is bigger than anti-spam logic. Simply put:

RE: Question about dynamic IPv6-PTR-Generation

> > Simply pretending a shark doesn't exist offers very little in shark > > protection. While I understand this school of thought I don't believe > > it will solve the problem or remove the need. > > We're still in the early phases of IPv6. If sufficient ISPs drop PTR > for dynamic IPv6

Re: Question about dynamic IPv6-PTR-Generation

> > >A very popular option is to only create or delegate IPv6 PTR entries > > >for hosts with static address assignments, and to return NXDOMAIN for > > >address space used for dynamic address assignments. > > > > I talk to a lot of large providers at M3AAWG and that's the consensus > > about what

RE: Question about dynamic IPv6-PTR-Generation

> > >A very popular option is to only create or delegate IPv6 PTR entries > >for hosts with static address assignments, and to return NXDOMAIN for > >address space used for dynamic address assignments. > > I talk to a lot of large providers at M3AAWG and that's the consensus > about what to do.

Re: Question about dynamic IPv6-PTR-Generation

>A very popular option is to only create or delegate IPv6 PTR entries for >hosts with static address assignments, and to return NXDOMAIN for >address space used for dynamic address assignments. I talk to a lot of large providers at M3AAWG and that's the consensus about what to do. If it doesn't

Re: Question about dynamic IPv6-PTR-Generation

Tom wrote: > This is the configuration-option, where I'm searching for. But probably this > will take some time, until it's accepted, tested, implemented...etc. What do > you propose in the meantime instead of using wildcards or allow the clients > to register themselves or making static

Re: Question about dynamic IPv6-PTR-Generation

On 26 August 2016 at 15:41, Matus UHLAR - fantomas wrote: > >>> On 26.08.16 14:01, Matthew Pounsett wrote: > >> That's not necessarily true for IPv6, where even a modest network could >> have trillions of addresses that may need PTR records. >> > > that's exactly why using

Re: Question about dynamic IPv6-PTR-Generation

On 26 August 2016 at 13:45, Matus UHLAR - fantomas wrote: > On 26.08.16 07:34, Tom Tom wrote: > >> I'm searching a way to respond to IPv6-PTR-Queries like the >> "$GENERATE"-mechanism for IPv4 has done it. >> > > why? configuring single IP addresses or taking them from DHCP is

Re: Question about dynamic IPv6-PTR-Generation

On 26.08.16 07:34, Tom Tom wrote: I'm searching a way to respond to IPv6-PTR-Queries like the "$GENERATE"-mechanism for IPv4 has done it. why? configuring single IP addresses or taking them from DHCP is easier than creating new useless mechanism. -- Matus UHLAR - fantomas, uh...@fantomas.sk ;

Re: Question about dynamic IPv6-PTR-Generation

Hello Tom I only know of Knot having a feature available for this use case: https://www.knot-dns.cz/docs/2.x/html/configuration.html#synth-record-automatic-forward-reverse-records Daniel On 26.08.16 11:51, Tom wrote: > Many thanks for your quick feedback. > > This is the configuration-option,

Re: Question about dynamic IPv6-PTR-Generation

Many thanks for your quick feedback. This is the configuration-option, where I'm searching for. But probably this will take some time, until it's accepted, tested, implemented...etc. What do you propose in the meantime instead of using wildcards or allow the clients to register themselves or

RE: Question about dynamic IPv6-PTR-Generation

> Hi list > > I'm searching a way to respond to IPv6-PTR-Queries like the "$GENERATE" > -mechanism for IPv4 has done it. > > I read about Delegation, self-registration with "tcp-self" or using > Wildcards with the disadvantage, that every query has the same response. > Is there a (planned) way, to

Re: Question about managed-keys-zone

amed-querylog"; }; > category edns-disabled { null; }; > /* category "delegation-only" { "named-querylog"; }; */ > }; > > > And yes the directory "/usr/local/named-jail9.10.3P4/var/adm/" exists and the > files are thereown

RE: Question about managed-keys-zone

On Fri, 8 Apr 2016, Bhangui, Sandeep - BLS CTR wrote: > Thanks Jeremy > > > Logging section from named.conf > > logging { > channel "named-log" { > file "/usr/local/named-jail9.10.3P4/var/adm/named.log" > versions 3 size 30m; ... > category "general" {

RE: Question about managed-keys-zone

On Fri, 8 Apr 2016, Bhangui, Sandeep - BLS CTR wrote: > I know it using rndc is a good practice but is there an option to > specify in named.conf to disable it? It is disabled by default because there is no complete command channel configuration in the first place, but this will make it so it

RE: Question about managed-keys-zone

g"; }; */ }; And yes the directory "/usr/local/named-jail9.10.3P4/var/adm/" exists and the files are thereowned by named:named. I know it using rndc is a good practice but is there an option to specify in named.conf to disable it? -Original Message- From: Jeremy C. Re

Re: Question about managed-keys-zone

On Fri, 8 Apr 2016, Bhangui, Sandeep - BLS CTR wrote: > '--enable-newstats' '--with-libxml2' '--enable-fullreport' 'CFLAGS=-O2 Unrelated to your problem, but the --enable-newstats configure switch is not used for BIND 9.10. > 1. Cannot seem to start named and it seems that it is looking for

Re: question regards to dynamic dns update

On 11/11/2015 02:55 AM, Julie Xu wrote: After I read some bind information, it looks like most configure example is use dhcp/ddns together. DHCP and Dynamic DNS are quite often used together, but it is not a requirement. You can easily have Dynamic DNS enabled on a (sub)domain (zone) that

Re: question regards to dynamic dns update

Am 11.11.2015 um 11:50 schrieb Julie Xu: Thanks for the reply. But, my subnet do not use dhcp. Can they still get dynamic DNS? no On 11 Nov 2015, at 9:01 pm, Reindl Harald wrote: Am 11.11.2015 um 10:55 schrieb Julie Xu: Could I ask a question? I have a subnet,

Re: question regards to dynamic dns update

Thanks for the reply. But, my subnet do not use dhcp. Can they still get dynamic DNS? Julie > On 11 Nov 2015, at 9:01 pm, Reindl Harald wrote: > > >> Am 11.11.2015 um 10:55 schrieb Julie Xu: >> Could I ask a question? I have a subnet, which all the equipment has

Re: question regards to dynamic dns update

Am 11.11.2015 um 10:55 schrieb Julie Xu: Could I ask a question? I have a subnet, which all the equipment has static ip address recorded to machine. For the purpose of getting these subnet controlled, I would like to use dynamic dns update. After I read some bind information, it looks like

Re: question regards to dynamic dns update

On 11/11/2015 02:50 AM, Julie Xu wrote: > > Thanks for the reply. But, my subnet do not use dhcp. Can they still get > dynamic DNS? If you write the code to detect whether or not a given host is up, and then do something like shell out to nsupdate when a host's state changes, then yes, you can

RE: Question about name resolution.

...@lists.isc.org] On Behalf Of John W. Blue Sent: Tuesday, October 27, 2015 1:20 AM To: bind-users@lists.isc.org; dns-t...@adobe.com Subject: RE: Question about name resolution. "Life is tough, but it's tougher if you're stupid." - John Wayne -Original Message- Adobe's admins

RE: Question about name resolution.

"Life is tough, but it's tougher if you're stupid." - John Wayne -Original Message- Adobe's admins have been repeatedly told that their nameservers are broken yet refuse / don't know how to fix them. They are Cc'd here again. ___ Please

Re: Question about name resolution.

Adobe's admins have been repeatedly told that their nameservers are broken yet refuse / don't know how to fix them. They are Cc'd here again. The nameservers return bad answers when there is a EDNS option present in the query. e.g. dig +nsid airdownload.wip4.adobe.com

Re: Question about name resolution.

On 26/10/15 13:50, Bhangui, Sandeep - BLS CTR wrote: Hi Sandeep, > At this point I am not clear whether this is an issue with our > Internal Network or something beyond our control. First question: have you looked at the BIND logs on your internal resolvers? > A. The following link works fine

<    1   2   3   4   >