On Mon, Nov 20, 2023 at 03:30:13PM +1300, Nick Tait via bind-users wrote:
! On 20/11/2023 1:00 pm, Peter wrote:
! > It's tricky. One problem is these are slave zones, they are
! > authoritative and do not work well with DNSSEC.
!
! I'm curious... What issues did you have with these zones and DNSSE
Hi Cathy :-)
cat...@isc.org (Cathy Almond) wrote:
> Have you looked at mirror zones for root?
No... post-1990, what do I know about them ;-)
I did read up in the docs; it does not mention access control, which I would
like to behave just like "hint" zones (only respond to requests coming from a
Have you looked at mirror zones for root?
Zone type "mirror" = it's appropriate for "." but not for other zones.
(Oh - and don't forget to disable ixfr for this zone when you do that -
it's more efficient for the validation step)
Details in the BIND ARM.
Cathy
On 19/11/2023 21:10, Elmar K.
On 20/11/2023 1:00 pm, Peter wrote:
It's tricky. One problem is these are slave zones, they are
authoritative and do not work well with DNSSEC.
I'm curious... What issues did you have with these zones and DNSSEC? I
would have expected that the signed zones should just work?
Nick.
--
Visit h
On Sun, Nov 19, 2023 at 09:10:13PM +, Elmar K. Bins wrote:
! my freshly recrafted DNS servers got the latest BIND 9.18 pkg from FreeBSD.
! They're all supposed to only respond for a certain set of zones to the
outside,
! but should be able to be used as a resolver from localhost.
!
! The pkg
On 06.06.14 11:50, Cathy Almond wrote:
And not forgetting that with recent versions of BIND, you have 'stub'
and you have 'static-stub'.
The difference is that with static-stub, if the NS/A/ records
returned by the authoritative server you've pointed your resolver at
don't match the addresse
On 02/06/2014 23:38, John Miller wrote:
> So... without stub zones, you know the drill: your local resolver
> follows delegation, starting from the root nameservers. Delegation
> happens, and life is good. If you're running views, then things work
> fine as well: your view just needs to be config
So... without stub zones, you know the drill: your local resolver follows
delegation, starting from the root nameservers. Delegation happens, and
life is good. If you're running views, then things work fine as well: your
view just needs to be configured to allow queries from your local resolvers.
In message <1401739377.33916.yahoomail...@web163502.mail.gq1.yahoo.com>, Nex6|B
ill writes:
>
> recently, a question came up about "stub" zones came up and what they are
> and are they part of the DNS standards or are they a good idea. i said,
> they are evil and should not be used if you can avoi
The typical use case for a stub zone is where the delegation chain is
broken, or incorrect, but you don't want to incur the overhead of
slaving the zone (or some other sort of bureaucratic snafu like the
owner/admin of the zone not letting you do zone transfers).
As a general rule, stub zones
I guess, i am having issues with this(maybe i am not fully getting it), and yea
I know large environments sometimes have multiple sets of name servers.
sometimes department level (i have this issue in my shop its a damn mess)
if all the zones are delegated properly the local resolver will query
Not quite, Bill. You point the zone at a different name server, but
_your_own_nameserver_ still does the iterative queries to make things
happen. It just queries a different set of nameservers than would
happen through normal delegation.
The only recursive query going on is from the client t
On Jun 12, 2013, at 5:23 AM, Tony Finch wrote:
> Chris Buxton wrote:
>>
>> If an authoritative server is configured to send minimal responses, will
>> a stub zone get all the necessary data from that server? What I'm seeing
>> is, the recursive server sends an SOA query; the response contains on
Chris Buxton wrote:
>
> If an authoritative server is configured to send minimal responses, will
> a stub zone get all the necessary data from that server? What I'm seeing
> is, the recursive server sends an SOA query; the response contains only
> the SOA record, and no NS or A records. The recurs
It's perfectly valid to list any or all of the zone's authoritative
servers, whether they are primary master or slave.
Chris Buxton
Professional Services
Men & Mice
On Jan 19, 2009, at 1:40 PM, Kyle McDonald wrote:
Hi,
I have what I hope is an easy question:
When settingup a 'stub' zone, i
15 matches
Mail list logo
