> On 13 Apr 2023, at 06:44, Mark Andrews wrote:
>
>
>
>> On 13 Apr 2023, at 03:19, Fred Morris wrote:
>>
>> TLDR: NS records occur above and below zone cuts.
>>
>> On Wed, 12 Apr 2023, John Thurston wrote:
>>>
>>> We have autho
On 13/04/2023 5:58 am, Havard Eidnes via bind-users wrote:
I suspect you don't need the NS records in challenge.state.ak.us and
if you remove them then the records in challenge.state.ak.us are
simply part of the state.ak.us zone since they're served off of the
same server.
Unfortunately "not qui
> On 13 Apr 2023, at 03:19, Fred Morris wrote:
>
> TLDR: NS records occur above and below zone cuts.
>
> On Wed, 12 Apr 2023, John Thurston wrote:
>>
>> We have authority over state.ak.us, which we publish as a public zone. We
>> also publish chall
> I suspect you don't need the NS records in challenge.state.ak.us and
> if you remove them then the records in challenge.state.ak.us are
> simply part of the state.ak.us zone since they're served off of the
> same server.
Unfortunately "not quite".
While a publishing name server will respond wit
it'll matter when you decide to add DNSSEC to the zone, and it's also
good hygiene in the absence of DNSSEC so that any future maintainer
can be reminded that there is a subdomain at that name when looking at
the parent.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe fro
TLDR: NS records occur above and below zone cuts.
On Wed, 12 Apr 2023, John Thurston wrote:
We have authority over state.ak.us, which we publish as a public zone. We
also publish challenge.state.ak.us as a public zone.
The public NS records for state.ak.us are: ns4.state.ak.us and
ns3
I uncovered an oddity in my zone definitions, which I'm trying to wrap
my head around.
We have authority over state.ak.us, which we publish as a public zone.
We also publish challenge.state.ak.us as a public zone.
The public NS records for state.ak.us are: ns4.state.ak.us and
Hammers and nails...
On Tue, 16 Mar 2021, Marki wrote:
On 3/13/2021 12:11 AM, Tony Finch wrote:
Marki wrote:
But if you need granular filtering, that could become a lot of views...
Yes, I think RPZ is really designed to be a ban hammer [...]
Standard DNS server software (not only Bind)
On 3/13/2021 12:11 AM, Tony Finch wrote:
Marki wrote:
But if you need granular filtering, that could become a lot of views...
Yes, I think RPZ is really designed to be a ban hammer for dealing with
abuse, rather than a general-purpose access control mechanism. If you need
to get really fancy t
Marki wrote:
>
> But if you need granular filtering, that could become a lot of views...
Yes, I think RPZ is really designed to be a ban hammer for dealing with
abuse, rather than a general-purpose access control mechanism. If you need
to get really fancy then you should look at dnsdist which can
On 3/9/2021 10:21 PM, Tony Finch wrote:
Marki wrote:
I'm not sure about the flexibility of RPZ; it doesn't seem that I can
have rules like "client 1.2.3.4 is allowed to look up example.com but
client 1.2.3.5 is not".
You can have multiple response-policy zones, which are matched in the
order t
Marki wrote:
>
> Concerning static-stub: Using a (bogus) forwarder together with "forward
> first" (default) seems to work (Note: using "forward only" gives SERVFAIL).
> All outside requests get a SERVFAIL even with "forward first" but that's an
> esthetic problem.
Yes, SERVFAIL is ugly - I shoul
On 3/9/2021 6:03 PM, Tony Finch wrote:
Marki wrote:
I am seeking a combination of either a combined configuration on one, or a
config of several different DNS servers together to achieve the following:
* Some clients should be able to resolve authoritative local zones as well as
some forwarded
Marki wrote:
>
> I am seeking a combination of either a combined configuration on one, or a
> config of several different DNS servers together to achieve the following:
>
> * Some clients should be able to resolve authoritative local zones as well as
> some forwarded zones.
>
> * Other clients sho
e to specify a fake global forwarder which looks
> like a hack.
>
>
> On March 7, 2021 10:09:49 AM GMT+01:00, Crist Clark <
> cjc+bind-us...@pumpky.net> wrote:
>>
>> Two views. The view that does not do internet DNS claims authority for
>> the root and
rote:
>Two views. The view that does not do internet DNS claims authority for
>the
>root and does not global forward. The entire DNS is just the zones
>defined
>in the view, which can be authoritative or forwarded. The other view
>has
>the global forward-only to upstream resolve
Two views. The view that does not do internet DNS claims authority for the
root and does not global forward. The entire DNS is just the zones defined
in the view, which can be authoritative or forwarded. The other view has
the global forward-only to upstream resolvers.
On Sat, Mar 6, 2021 at 3:34
urn off recursion I can't prevent it to go and
try to
resolve from root DNS.
How do I do one (local authority and forwarders) but not the other
(iterative lookups on the Internet)?
Thanks,
Marki
___
Please visit ht
her be configurable on the server.
>
> Now the problems are the following:
> * Since I need forwarders I can't turn off recursion.
> * Since I can't turn off recursion I can't prevent it to go and try to
> resolve from root DNS.
>
> How do I do one (local au
x27;t turn off recursion.
* Since I can't turn off recursion I can't prevent it to go and try to
resolve from root DNS.
How do I do one (local authority and forwarders) but not the other
(iterative lookups on the Internet)?
Thanks,
Marki
_
Irwin Tillman wrote:
>
> When my server is running BIND 9.9.11, it returns an answer with the
> authority section populated.
>
> But when I upgrade my server to BIND 9.11.2, the same lookup
> performed immediately after I start my server returns no authority records,
> whic
I'm preparing to upgrade from BIND 9.9.11 to 9.11.2.
I notice a difference in how named populates the authority section in some
responses,
and am trying to understand if it's OK.
My server is a caching-only server, and provides recursive service.
For some zones, my server is con
Am 25.10.2016 um 06:16 schrieb Nick Edwards:
On Tue, Oct 25, 2016 at 7:11 AM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote:
i don't understand your question
Since you have NOTHING to do with ISC or even remotely with
bind, if you
dont understand ,
On Tue, Oct 25, 2016 at 7:14 AM, Reindl Harald
wrote:
>
>
>
> this is a public mailing list - so what!
>
> when someone don't yet get the connection between nameservers, webserver
> and ip-addresses he is not ready to connect public servers and that's
> completly independent of the fact you ra el
On Tue, Oct 25, 2016 at 7:11 AM, Reindl Harald
wrote:
>
> i don't understand your question
>>
>>
>> Since you have NOTHING to do with ISC or even remotely with bind, if you
>> dont understand , LEAVE IT TO SOMEONE WHO DOES
>>
>
> and YOU have something to do with ISC?
> i doubt!
>
> since i m
Am 24.10.2016 um 22:45 schrieb Nick Edwards:
On Tue, Oct 25, 2016 at 12:42 AM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote:
don't get me wrong but that question shows that you are not ready to
run a public dns server - there is no "local" or
when you make statements like th
Am 24.10.2016 um 22:42 schrieb Nick Edwards:
On Tue, Oct 25, 2016 at 12:11 AM, Reindl Harald mailto:h.rei...@thelounge.net>> wrote:
identical like the first one
Which IP should be use?
i don't understand your question
Since you have NOTHING to do with ISC or even remotely
On Tue, Oct 25, 2016 at 12:42 AM, Reindl Harald
wrote:
>
>
>
>>
> don't get me wrong but that question shows that you are not ready to run a
> public dns server - there is no "local" or
>
when you make statements like that to be sure you include the fact you have
NOTHING to do with ISC or bind.
On Tue, Oct 25, 2016 at 12:11 AM, Reindl Harald
wrote:
> identical like the first one
>
> Which IP should be use?
>>
>
> i don't understand your question
>
>
Since you have NOTHING to do with ISC or even remotely with bind, if you
dont understand , LEAVE IT TO SOMEONE WHO DOES
but you just cant
named virtual hosts anybody - you can run thousands of domains on a
single IP
understood Harld :)
cheers
Pol
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.i
Am 24.10.2016 um 16:35 schrieb Pol Hallen:
so what are your real questions?
P.S.: you need more than one DNS server for a public domain which must
not run on the same network
I have to register some domains: example.com, example.ue, example.net,
exampe.org, etc.
on my server I've also apach
so what are your real questions?
P.S.: you need more than one DNS server for a public domain which must
not run on the same network
I have to register some domains: example.com, example.ue, example.net,
exampe.org, etc.
on my server I've also apache web and I'd like have internet site based
Am 24.10.2016 um 14:40 schrieb Pol Hallen:
Hello all, after weeks studying bind I'm here with a question:
I'd like have my own bind authority server for some domains. I just
configured my first zone (ie: www.example.org) with static IP of my DSL.
Everything works :-)
If I regist
Hello all, after weeks studying bind I'm here with a question:
I'd like have my own bind authority server for some domains. I just
configured my first zone (ie: www.example.org) with static IP of my DSL.
Everything works :-)
If I register another FQDN (ie: www.example.com) how ca
On Tue, 2013-06-25 at 17:20 +0100, Phil Mayers wrote:
> On 25/06/13 16:53, John Horne wrote:
>
> > servers. However, there is a whole load of muttering that Microsoft and
> > AD won't like that; it's all integrated with each other; running the DNS
> > zone on Linux servers will be a problem with t
(you get a timeout).
then, you must configure proper NS records for the 163.141.in-addr.arpa zone
So I think my question is what is the resolver doing? Does it use cached
NS records seen in the AUTHORITY section
yes, that is the definition of AUTHORITATIVE data. if your servers are
authoritative fo
one of those using:
>
> dig +norecurse 163.141.in-addr.arpa ns @tinnie.arin.net
>
> (using 'tinnie' in this example) then I get our 4 NS records relating to
> our local and remote name servers:
>
> ==
> ;; AUTHORITY SECTION:
> 163.141.in-addr.arpa.
sing Google's
> > name server, shouldn't it at some point have received the authoritative
> > answer with the AUTHORITY section NS records and so be using those
> > (internal) name servers for subsequent lookups?
>
> Using Google you will get unexpected results, not s
On 25/06/13 16:53, John Horne wrote:
servers. However, there is a whole load of muttering that Microsoft and
AD won't like that; it's all integrated with each other; running the DNS
zone on Linux servers will be a problem with the MS servers etc etc.
I'm sure you know this, but just in case -
-authoritative answer. If I repeat this for addresses
> 141.163.99.17, 18, 20 and so on I get answers. In all these cases
> shouldn't the first lookup work and subsequent ones fail? Using Google's
> name server, shouldn't it at some point have received the authoritative
>
On Tue, 2013-06-25 at 10:46 -0400, Barry Margolin wrote:
>
> In addition, the authoritative answer may contain an Authority section.
> These nameservers take precedence over the NS records from the
> delegation -- the assumption is that the authoritative server knows its
> domai
In article ,
John Horne wrote:
> So I think my question is what is the resolver doing? Does it use cached
> NS records seen in the AUTHORITY section, or does it use NS records seen
> in an ANSWER section? Or is it working its way down until it receives an
> authoritative answer (&
then I get our 4 NS records relating to
our local and remote name servers:
==
;; AUTHORITY SECTION:
163.141.in-addr.arpa. 172800 IN NS dns2.cis.strath.ac.uk.
163.141.in-addr.arpa. 172800 IN NS dns1.cis.strath.ac.uk.
163.141.in-addr.arpa. 172800 IN NS
In article ,
Mark Andrews wrote:
> In message , Barry
> Margolin writes:
> > In article ,
> > "Michael Hoskins (michoski)" wrote:
> >
> > > while it's largely personal preference -- i generally like to "be
> > > conservative in what i send, and liberal in what i accept":
> > >
> > > http://
In message , Barry
Margolin writes:
> In article ,
> "Michael Hoskins (michoski)" wrote:
>
> > while it's largely personal preference -- i generally like to "be
> > conservative in what i send, and liberal in what i accept":
> >
> > http://en.wikipedia.org/wiki/Robustness_principle
>
> This
In article ,
"Michael Hoskins (michoski)" wrote:
> while it's largely personal preference -- i generally like to "be
> conservative in what i send, and liberal in what i accept":
>
> http://en.wikipedia.org/wiki/Robustness_principle
This doesn't refer to quantity, but to how strictly you shoul
-Original Message-
From: Ted Mittelstaedt
Date: Wednesday, July 11, 2012 11:26 AM
To: "bind-users@lists.isc.org"
Subject: Survey - how many people running ISP nameservers
define "minimal-responses" - was Re: What is the deal on missing
"Authority Section
On 7/10/2012 6:37 PM, Michael Hoskins (michoski) wrote:
-Original Message-
From: Ted Mittelstaedt
Date: Tuesday, July 10, 2012 6:24 PM
To: "bind-users@lists.isc.org"
Subject: What is the deal on missing "Authority Section" and
"additionalsection" from
t;
>> Subject: What is the deal on missing "Authority Section" and
>> "additional section" from google's DNS servers?
>>
>>> I can't seem to find an option to turn off additional data. How
>>> does Google and OpenDNS do it? WHY do th
On 7/10/2012 6:37 PM, Michael Hoskins (michoski) wrote:
-Original Message-
From: Ted Mittelstaedt
Date: Tuesday, July 10, 2012 6:24 PM
To: "bind-users@lists.isc.org"
Subject: What is the deal on missing "Authority Section" and
"additionalsection&q
-Original Message-
From: Ted Mittelstaedt
Date: Tuesday, July 10, 2012 6:24 PM
To: "bind-users@lists.isc.org"
Subject: What is the deal on missing "Authority Section" and
"additional section" from google's DNS servers?
> I can't seem to
r not sending mail to comcast.com users. When she switched to
using Google's open DNS servers or opendns's servers, the problem went
away.
No other customer reported this and I see no problem with our own
mailservers.
In looking at the output of my own servers, I see data in
authority
At 00:04 08-07-2011, Chris Buxton wrote:
As for Kevin's assertion that the SOA record in the authority
section is required for a negative response, this is also incorrect.
RFC 2308 is a proposed standard, not a standard. Further, section 8
of this RFC does not say explicitly that an SOA
On Jul 8, 2011, at 9:05 AM, Kevin Darcy wrote:
> On 7/8/2011 3:04 AM, Chris Buxton wrote:
>> As for Kevin's assertion that the SOA record in the authority section is
>> required for a negative response, this is also incorrect. RFC 2308 is a
>> proposed standard, not a
On 7/8/2011 3:04 AM, Chris Buxton wrote:
On Jul 7, 2011, at 6:32 PM, Feng He wrote:
2011/7/8 Kevin Darcy:
I think it's worth emphasizing that in the first case, the contents of the
Authority Section were *mandatory* (see RFC 2308, Negative Caching), whereas
in the second case the authorit
On Jul 7, 2011, at 6:32 PM, Feng He wrote:
> 2011/7/8 Kevin Darcy :
>> I think it's worth emphasizing that in the first case, the contents of the
>> Authority Section were *mandatory* (see RFC 2308, Negative Caching), whereas
>> in the second case the authoritative
2011/7/8 Kevin Darcy :
>
> I think it's worth emphasizing that in the first case, the contents of the
> Authority Section were *mandatory* (see RFC 2308, Negative Caching), whereas
> in the second case the authoritative nameserver was *optionally* providing
> NS records in t
On 7/7/2011 1:50 AM, Torinthiel wrote:
On 07/07/11 04:56, pa...@laposte.net wrote:
Hello,
I got two different forms of AUTHORITY SECTION from the dig, for example,
$ dig mydots.net @ns7.dnsbed.com
;<<>> DiG 9.4.2-P2.1<<>> mydots.net @ns7.dnsbed.com
;; global options
On 07/07/11 04:56, pa...@laposte.net wrote:
>
> Hello,
>
> I got two different forms of AUTHORITY SECTION from the dig, for example,
>
> $ dig mydots.net @ns7.dnsbed.com
>
> ; <<>> DiG 9.4.2-P2.1 <<>> mydots.net @ns7.dnsbed.com
> ;; globa
Hello,
I got two different forms of AUTHORITY SECTION from the dig, for example,
$ dig mydots.net @ns7.dnsbed.com
; <<>> DiG 9.4.2-P2.1 <<>> mydots.net @ns7.dnsbed.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: N
2011/5/6 Matus UHLAR - fantomas :
>
> BIND will search for def.com only for recursive queries, not for iterative,
> and only when the client has recursion allowed on it.
>
you are totally mis-unstanding me.
--
Jeff Pang
www.DNSbed.com
___
bind-users m
> 2011/5/2 Torinthiel :
> > Authority named never sends queries on it's own, only responds to
> > submitted queries.
On 02.05.11 20:17, Jeff Pang wrote:
> Doesn't it execute iterative query from the root server?
root servers do not send queries.
> For example, gi
kups based on its root hints (compiled in or otherwise), not
by using the OS resolver.
Hi Chris,
That's what the real question I want to know.
For example, my DNS Servers have lots of domains hosting, all the
zones have the same NS RRs:
ns1.dnsbed.com
ns2.dnsbed.com
But dnsbed.com is not
>> lookups based on its root hints (compiled in or otherwise), not
>> by using the OS resolver.
>>
>
> Hi Chris,
>
> That's what the real question I want to know.
> For example, my DNS Servers have lots of domains hosting, all the
> zones have the same NS
or otherwise), not
> by using the OS resolver.
>
Hi Chris,
That's what the real question I want to know.
For example, my DNS Servers have lots of domains hosting, all the
zones have the same NS RRs:
ns1.dnsbed.com
ns2.dnsbed.com
But dnsbed.com is not authority resolved by my own name
On May 2 2011, Torinthiel wrote:
On 05/02/11 14:20, Jeff Pang wrote:
2011/5/2 Jeff Pang :
2011/5/2 Torinthiel :
Authority named never sends queries on it's own, only responds to
submitted queries.
Doesn't it execute iterative query from the root server?
For example, given the
On 05/02/11 14:20, Jeff Pang wrote:
> 2011/5/2 Jeff Pang :
>> 2011/5/2 Torinthiel :
>>
>>> Authority named never sends queries on it's own, only responds to
>>> submitted queries.
>> Doesn't it execute iterative query from the root server?
>>
2011/5/2 Jeff Pang :
> 2011/5/2 Torinthiel :
>
>>
>> Authority named never sends queries on it's own, only responds to
>> submitted queries.
>
> Doesn't it execute iterative query from the root server?
>
> For example, given the nameserver is autho
2011/5/2 Torinthiel :
>
> Authority named never sends queries on it's own, only responds to
> submitted queries.
Doesn't it execute iterative query from the root server?
For example, given the nameserver is authority for abc.com.
And abc.com has two NS RRs:
abc.com.IN
On 05/02/11 09:16, Jeff Pang wrote:
> When I run the authority named on a linux/unix like system, but don't
> put the reachable public nameservers on /etc/resolv.conf.
> What will happen to the authority named? Will it work right?
Authority named never sends queries on it's ow
When I run the authority named on a linux/unix like system, but don't
put the reachable public nameservers on /etc/resolv.conf.
What will happen to the authority named? Will it work right?
Thanks.
___
bind-users mailing list
bind-users@lists.is
2011/3/5 Mark Andrews :
>> So why does ns33.domaincontrol.com answer with ANSWER SECTION rather
>> than AUTHORITY SECTION?
>
> If you ask with rd=0 (+norec), which is what nameservers do, you
> get the referral. Presumably ns33.domaincontrol.com is running
> BIND 8 which
;> DiG 9.4.2-P2.1 <<>> test.nsbeta.info ns @ns33.domaincontrol.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13538
> ;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
> ;; W
tcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13538
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;test.nsbeta.info. IN NS
;; ANSWER SECTION:
test.nsbet
>
>Please see this for details:
>
>$ dig nsbeta.info ns @ns34.domaincontrol.com
>
>; <<>> DiG 9.4.2-P2.1 <<>> nsbeta.info ns @ns34.domaincontrol.com
>;; global options: printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR
3600 IN NS ns2.another.com.
>>
>> Then I dig to the auth-server of the example zone:
>>
>> dig test.example.com ns @ns1.example.com
>>
>> I found some servers return the ANSWER SECTION, but some servers
>> return the AUTHORITY SECTION.
>>
>&
-server of the example zone:
>
> dig test.example.com ns @ns1.example.com
>
> I found some servers return the ANSWER SECTION, but some servers
> return the AUTHORITY SECTION.
>
> For example:
>
> ;; ANSWER SECTION:
> test.example.com. 3600IN NS ns2.
some servers return the ANSWER SECTION, but some servers
return the AUTHORITY SECTION.
For example:
;; ANSWER SECTION:
test.example.com. 3600IN NS ns2.another.com.
test.example.com. 3600IN NS ns1.another.com.
And:
;; AUTHORITY SECTION:
test.example.com
> Quoting from Chris Buxton's mail on Thu, Dec 23, 2010:
> > > Is there any option to add workarounds for specific domains /
> > > nameservers like the ones listed above?
> >
> > Possibly. You can try setting up conditional forwarding for the problem
> > domain, setting the authoritative name ser
=
>>> $ dig +norecurse @a.iana-servers.net. example.org.
>>> ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
>>>
>>> ;; QUESTION SECTION:
>>> ;example.org. IN A
>>>
>>> ;; ANSWER SECTION:
>>&
->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31949
>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;dev.game.yy.com. IN A
>
>;; ANSWER SECTION:
>dev.game.yy.com.1800IN
, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;example.org. IN A
;; ANSWER SECTION:
example.org.172800 IN A 192.0.32.10
;; AUTHORITY SECTION:
example.org.172800 IN NS ns1.example.org.
example.org.172800 IN NS ns2.example.org
has authorative
data), but in authority section is not listed in nameservers, which states
it does not have authorative data.
Thanks a lot.
Please see this dig:
$ dig +norec dev.game.yy.com @202.96.128.166
; <<>> DiG 9.4.2-P2 <<>> +norec dev.game.yy.com @202.96.128.
Dnia 2010-12-30 18:03 p...@mail.nsbeta.info napisał(a):
>Sunil Shetye writes:
>
>>
>> Case 2: Lame Server Reply
>>
>> ===
>> $ dig +norecurse @a.iana-servers.net. example.org.
>> ;; fl
Quoting from p...@mail.nsbeta.info's mail on Thu, Dec 30, 2010:
> Where is the document for these flags?
> I google'd but got no correct result :)
http://www.tcpipguide.com/free/t_DNSMessageHeaderandQuestionSectionFormat.htm
--
Sunil Shetye.
___
bind-u
Sunil Shetye writes:
Case 2: Lame Server Reply
===
$ dig +norecurse @a.iana-servers.net. example.org.
;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;example.org. IN A
;; ANSWER
Sunil Shetye writes:
Quoting from p...@mail.nsbeta.info's mail on Thu, Dec 30, 2010:
What's the difference between these two flags in the response of
dig?
< ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
ra : recursion available
The nameserver is ready
Quoting from p...@mail.nsbeta.info's mail on Thu, Dec 30, 2010:
> What's the difference between these two flags in the response of
> dig?
>
> < ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
ra : recursion available
The nameserver is ready to ask
What's the difference between these two flags in the response of dig?
< ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
---
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
Thanks in advance.
Sunil Shetye writes:
Quoting from David Sparro&#
als, refused replies, and other errors):
Case 1: Authoritative Server Reply
===
$ dig +norecurse @a.iana-servers.net. example.org.
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;example.org. IN A
;; ANSWER SECTION:
example.org.172800 IN A 1
On 12/24/2010 2:51 AM, Sunil Shetye wrote:
Here, I can see that the nameserver is giving the right replies to all
queries except the NS queries.
How can an authoritative server give "wrong" answers?
I was hoping that either bind should catch such cases automatically or
allow some workaround
Quoting from Chris Buxton's mail on Thu, Dec 23, 2010:
> > Is there any option to add workarounds for specific domains /
> > nameservers like the ones listed above?
>
> Possibly. You can try setting up conditional forwarding for the problem
> domain, setting the authoritative name servers as the
On Dec 22, 2010, at 4:55 AM, Sunil Shetye wrote:
> Is there any option to add workarounds for specific domains /
> nameservers like the ones listed above?
Possibly. You can try setting up conditional forwarding for the problem domain,
setting the authoritative name servers as the 'forwarders' li
On ons 22 dec 2010 10:09:10 CET, Matus UHLAR - fantomas wrote
Well, first find which is the real problem - domain delegated to invalisd
servers, server providing invalid data, and than you have to fix what is
broken.
Give us a real example if we have to provider real solution.
zone "rfc-ignor
not practical for me to start
communicating with those admininstrators and find out who is to blamed
for that. It is easier for me if:
- named caches the authority section from the reply of the parent
nameserver only, or
- named does not cache the authority section at all.
> > Case 2:
> Quoting from Matus UHLAR - fantomas's mail on Wed, Dec 22, 2010:
> > > Is there any solution to this problem without contacting the DNS
> > > administrator of that domain? I have seen this problem for many
> > > domains on the internet.
> >
> > Well, first find which is the real problem - domain
com.
Fake Nameservers: ns5.zenexpress.com. ns6.zenexpress.com.
==
$ dig +norecurse @a.gtld-servers.net. e-nxt.com.
;; QUESTION SECTION:
;e-nxt.com. IN A
;; AUTHORITY SECTION:
e-nxt.com. 172800 IN NS ns1.webpresenceworld
On 22.12.10 14:01, Sunil Shetye wrote:
> Some authoritative nameservers add incorrect nameservers in the
> authority section of their replies.
Which authority and which domain?
Most of authorities add nameservers domain was registered on.
> Due to caching of the incorrect
> re
Hi,
Some authoritative nameservers add incorrect nameservers in the
authority section of their replies. Due to caching of the incorrect
reply, further queries for that domain go to those incorrect
nameservers. Is there a way to ignore / not cache such replies?
For example, if ns1.realserver.com
RedHat-9.6.1-7.P2.fc11 <<>> @192.168.0.82 test24.com any;
(1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode:
QUERY, status: NOERROR, id: 23242;; flags: qr aa rd; QUERY: 1, ANSWER: 4,
AUTHORITY: 0, ADDITIONAL: 0;; WARNING: recursion requested but
1 - 100 of 107 matches
Mail list logo
