s to three servers, of which one
returns positive answer and two reply NXDOMAIN (no such host).
seems someone configured invalid serial to reverse zone and now slaves don't
fetch updates...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-m
why securedns is the only way to avoid this
attack.
Once the spoofed answer with guessed ID and containing NS records of
attacker's servers is accepted, the attacker owns the domain at least within
your nameserver.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
52538: view
external: query (cache) 'hao.360.cn/A/IN' denied
Aren't thosedomains pointing their NS onto your nameserver? What's your IP,
if it's not secret?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-ma
also complain if the service does not work
properly
if you want to be really a bitch, you can set up recursive view with "."
domain providing * records.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this
13 00:45:37.447 general: warning: zone
/IN: gc._msdcs./A: bad owner name (check-names)
default.log:12-Apr-2013 00:45:37.447 general: warning: zone
/IN: gc._msdcs./A: bad owner name (check-names)
Hmm, aren't those supposed to be SRV reco
bind 9.4 has also "check-names response";
Ok, I'm reading up on that now. Should I be able to suppress the logging
using: "check-names response ignore;" ?
This should be the default. Also, current version could have better handling
of this issue...
--
Matus UH
accessible and their RTT. It tends to prefer
theone with shoertet RTT but ocasionally re-tries (RTT can change over
time. If notice comes, BIND tends to prefer server that has sent it.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising
t way.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite?
don't like to see. The filtering or
diferentiating messages can be done on better way than modifying subject.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
heir job and home.
...I still think it would be better to have reserved private TLD for
intranets as we have IP's in rfc1918 (plus rfc6598 for ISPs)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Va
On 09.05.13 10:21, Tony Finch wrote:
> Right. Give each student a subdomain of some existing domain, even if the
> subdomains aren't publicly delegated.
Matus UHLAR - fantomas wrote:
yes, so they will start using it in their job and home.
On 09.05.13 16:01, Tony Finch w
e services broken like this of
any ISP. I'd even recommend not to use ANY services of such ISPs.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu pos
oot";
masters { 192.5.5.241; };
notify no;
};
I thought this is not oficially recommended for ordinary users to prevent
root servers from being overloaded (transfers use much more resources than
ordinary lookups). Has this changed?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http:/
On 21.05.13 11:03, Mark Andrews wrote:
>The simplest solution is to slave the root zone and
>turn off notify to so you don't spam the official
>root servers. 192.5.5.241 is f.root-servers.net.
In message <20130521072352.ga17...@fantomas.sk>, Matus UHLAR -
m which are specific authoritative
DNS servers to mycompany.com But administrator does not know which one has
it
So, is that mytestdomain101.com or mycompany.com or mygeo1.mycompany.com?
It would be easier to look at the problem if you provided us correct data.
--
Matus UHLAR - fantomas, uh..
logical to ask again if
someone replies THERE IS NO SUCH RECORD. You need to fix your DNS
infrastructure, not try to circumvent it's issues.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie:
;t do that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a tal
ould a loop not occur if the forwarder
matches this view?
local domains are served locally. Only recursive queries are being
forwarded.
To ask the question another way, does the zone statement take precedence on
matching queries over any forwarding?
yes.
--
Matus UHLAR - fantomas, uh...@fanto
ers { stealthMasters; };
notify explicit;
also-notify { publicSlaves; };
allow-transfer { localhost; transferees; };
};
Have you looked carefuly enough, and to the correct file if there is no
missed character that makes the configuration invalid?
Have you run named-checkconf w
resubmitting a query after NXDOMAIN is received is an ugly hack and
violates the DNS principles. The problem must be solved by DNS tools.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tu
.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watson. --
above, authoritative and glue NS records should
be the same). But don't tell me that you use TTL so small that someone
would notice.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto ad
On 21.06.13 02:00, blrmaani wrote:
The additional-from-auth yes_or_no ; option is a global option. I would
like to know if there is a per-zone configuration to do the same in BIND9
configuration? I couldn't find it in BIND9 ARM.
What is the point of your question?
--
Matus UHLAR - fan
I would be interested to hear about any red flags you may see.
I don't see any ... since the problems reported were not true, we may assume
there was no problem causer by one of your servers' outage.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I w
message, it can mean anything. Which MX server started
bouncing meil? Is ns1.starionhost.net reachable from that server?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
as it is. However if you want to have clean
shield, there's one thing abovbe to fix (PTR to nonexistent name).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
ional records being
sent from a selected list of zone in our configuration..
You still have not answered my question, so I repeat it:
> What is the point of your question?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising
you have
no SOA set for for ns1.starionhost.net:
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only
On 24.06.13 07:41, Frank Bulk wrote:
Interesting to note that querying for ANY does return an SOA. I can't
explain that behavior.
On 24.06.13 14:54, Matus UHLAR - fantomas wrote:
I can guess a kind of DNS filter/firewall. Some l3 switches or load
balancers tend to produce strange result
r the zone, the given NS records prevail over delegation
from parent zone.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, wh
mail/bind-users/2013-June/090970.html or pcap
format at http://test.fantomas.sk/74.87.108.83.dns.pcap
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu
f DNS load
balancers...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windo
alling software from scratch.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective
ssues and overall my DNS was just erratic. I have now moved all of my
secondary to BuddyNS with much better redundancy, and I figured out what
was causing my ns1 to be glitchy.
Can you tell us what, just for evidence?
Thank you.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantom
.
If they are accessible from us, of course. We could check it ourselves and
see how it behaves from the net.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
pen. I don't know of anything to be gained by
requiring a reverse lookup after a forward lookup.
He apparently meant exactly the same. Also calles FcRDNS - "forward
confirmed" or "full circle" reverse DNS.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantoma
>In article ,
> Charles Swiger wrote:
>> Certainly. Various software performs what's called a double-reverse
>> lookup
>> to confirm that the A and PTR records match.
In article ,
Matus UHLAR - fantomas wrote:
He apparently meant exactly the same. Also calle
to implement packet rate limiting - a patch was
discussed here a few days/weeks ago.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etr
tware should get NXDOMAIN answer. in such
case there's nothing to wait for any longer.
Are you sure that was not a case of unreachable servers?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovani
/ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html#id2576269
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu pos
UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's
o.za.
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +norec any rbcaa.co.za.
; @babylon.mitsol.co.za.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 52980
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
--
M
changed to
zone "110.252.173.in-addr.arpa" IN {
All the requests for
173.252.110.0-173.252.110.255 is forwarded to 10.10.96.1.
Use 110.252.173.in-addr.arpa then. You should be aware that the IP range
belongs to facebook, as already noted.
--
Matus UHLAR - fantoma
ts.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Matus
; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ns1.alfransi.com.sa. IN ANY
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT aku
ragraph 6.2; and Appendix A point 4.
This was discussed here already, and imho this is anti-spf bullshit like
all those "spf breaks forwarding" FUD. The SPF RR is already here and is
preferred over TXT that is generik RR type, unlike SPF.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ;
g without
changing envelope address is already broken, it's just people don't care
without SPF.
I have a case I am researching right now
where forwarded mail is undeliverable due to SPF checking at the
new destination.
Rewrite the sender's address. You have more choices,
-addr.arpa
maintained by the client.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BS
In article ,
Matus UHLAR - fantomas wrote:
No, it does not. If a mail gets delivered to address, which is sending it
further ("forwarding it"), the envelope sender has to be changed, because
it's not the original sender who sends the another mail. Forwarding without
changing e
nd charge you for it.
... and please, do not tell me that is to keep the spammers out
because that so far has not proven to be true. The bad guys have an
unlimited number of domains to do their dirt work everyday.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish N
On 8/10/13 3:37 AM, Matus UHLAR - fantomas wrote:
however, reverse DNS records must not be zero-filled (those won't be taken
into account)
On 10.08.13 10:26, Eduardo Bonsi wrote:
I put zeros just as an example.
it can be 111.111.111.111 where 1= (any ipv4 number) or
000.000.000.000. wh
On 17.08.13 10:36, Mimiko wrote:
I created a zone with the following:
[...]
But the answer is always un-authoritative. Why is this?
did you also configure the server to be master forthe zone?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to
t blocks DNS?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamili
do dig -x 7.7.7.7, which is in the configured zone for DNS
10.212.24.11, i am not able to get the responses cached.
what is the TTL of those NXDOMAIN answers?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
to forward 7.7.7.in-addr.arpa, 7.7.in-addr.arpa or
7.in-addr.arpa, depending on what is configured on 10.212.24.11.
BTW, are you aware that 7.7.7.7 is used by DoD and 9.9.9.9 by IBM?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail adverti
?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them you
simply provides you the remaining TTL. If you do it again, you will see
TTL has either decreased in the time difference, or the records were fetched
again.
the discussion a few days ago has revealed that BIND does not recursively
fetch records when you send ANY query.
--
Matus UHLAR - fantomas, uh..
CNAME can be used without checking with an authoritative
server for other RR types.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting
you mean client request _rate_ is too large?
2. why forward to 8.8.8.8 ? BIND can resolve by itself, it does not to
forward to 8.8.8.8
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu
o say that xml statistics are better than rndc stads, I admin
that they are kind fo better solution, however, I haven't found anything
better for cacti, that could process those than what we currently have:
https://docs.cacti.net/usertemplate:host:bind9.7
snmp support would be great.
--
M
, so it really only matters if
1.1.1.1 is not accessible from internet.
};
So, in this configuration, the abc.com will be forward to 8.8.8.8 or
1.1.1.1?
the latter.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this addr
pretty sure this is *technically* allowed, but is it really OK to do or
are there reasons not to do this?)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek
rectly returned NODATA for MX record (effectively saying
there's no MX).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)e
l question was whether the A record is needed at zone apex.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good
:
https://lists.isc.org/pipermail/bind-users/2020-July/103389.html
I find it more readable.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R
s, so
*.datavoiceint.com will cover .datavoiceint.com but not
anything under it.
you will have to strip the part or get other certificate.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu
ired for working DNS - they should not block it.
again, why you query for 250.0-24.199.212.125.in-addr.arpa ?
under normal circumstances there's no point of querying that name.
there
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-
On Wed, Aug 19, 2020 at 7:42 AM Matus UHLAR - fantomas
wrote:
again, why you query for 250.0-24.199.212.125.in-addr.arpa
under normal circumstances there's no point of querying that name.
On 19.08.20 10:05, tale via bind-users wrote:
Well yes and no. While an individual user
On 20 Aug 2020, at 00:41, Matus UHLAR - fantomas wrote:
On Wed, Aug 19, 2020 at 7:42 AM Matus UHLAR - fantomas
wrote:
again, why you query for 250.0-24.199.212.125.in-addr.arpa
under normal circumstances there's no point of querying that name.
On 19.08.20 10:05, tale via bind-users
ried to query directly to the hosting that managed it to
determine the cause.
your query of course makes sense under there curcumstances.
But delegating /24 subnet using RFC2317 delegation is useless, because in
fact you can delegate whole /24 directly
>> On Wed, Aug 19, 2020 at 7:42 AM Mat
tware with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish N
le.com: NXDOMAIN
note that nslookup is very bad program for tracking DNS errors.
use "host" or "dig" for that case.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adr
bject in one email. Let the reader
focus on one subject.
I am using Thunderbird to read the emails. Should I use something else
to read it? Any suggestions are welcome.
This is my feeling. But, maybe you are happy with it.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Wa
it's not there. This is not just
documented standard - doing it differently would make DNS unreliable.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akuk
I overlooked something ?
it's just a file name. You can use "myrevzone" as long, but using
db.192.168.42 is much more explanatory.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na
lected based on an RTT(round-trip-time)-based algorithm"
So which is correct?
both are. The ARM does not say they are queried in defined order.
The order is defined by RTT
And did it change at some point?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I w
on on machine and a secondary server on a separate
machine. Errors are on the primary server.)
what's the primary server? maybe broken DNS implementation
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address
Hello,
is it possible to nest $GENERATE directives?
I have to create DNS for /16 subnet...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu
On 12.11.20 15:32, Matus UHLAR - fantomas wrote:
is it possible to nest $GENERATE directives?
I have to create DNS for /16 subnet...
so I assume it's not possible.
just wanted to be sure...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to rece
edu if the first query fails. The second query is
asking for a non-existent domain, and so maybe that is the proximate
source of the NXDOMAIN.
this could be controlled by option "ndots:1" in resolv.conf, so search list
ignored for every hostname with one or more dots
... this is not BIND i
closest to the
other side of VPN tunnel. Usually it's the IP with the default route set.
you can often override it in the VPN configuration.
Note this is not bind issue.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to
l
valid.
This section is thus used only when it has to resolve under ucsf.edu
something that is not in cache.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek
bad
> cache hit (com/DS)
> lame-servers.log:21-Nov-2020 15:11:18.008 broken trust chain resolving '
> www.facebook.com/A/IN':<http://www.facebook.com/A/IN':> 129.134.31.12#53
it seems to be an error in dnssec. So I suppose that "dig +nodnssec
"
ther
address as long:
List-Post: <mailto:bind-users@lists.isc.org>
in this case, this seems to be OP's fault, when first reply went to
bind-us...@isc.org
together with bind-users@lists.isc.org and people who replied continued
sending to multiple addresses.
--
Matus UHLAR - fantomas
(The one I previously
indicated was mx.pao1.isc.org, which is the one and only MX for
lists.isc.org.)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu po
rvce (domain) to a public, you can filter DNS
requests from the internet.
I can't figure it out from reading the source code; I haven't so far been
able to trace back from where the messages are logged to where (if any) a
response packet would be transmitted.
--
Matus UH
ailability checks on it.
However, if you go deep into a far more complicated, custom use of
BIND, you could set up a process that monitors the availability and
changes the SRV record accordingly.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-m
-t any . @localhost
;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jan 13 11:01:08 CET 2021
;; MSG SIZE rcvd: 2272
this way, server will respond with >2KB packet which may flood the
destination IP.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
W
This is not problem for BIND nor for DNS.
Due to DNS caching it won't work properly and if you shorten the TTLs, at
first DNS issue it will fail globally.
Install some load balancers in front of those servers.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
nsfer-source 192.168.10.100 port 53;
this should not cause a problem and may cause troubles when 192.168.10.100
is not the primary address.
the "port 53" is usually useless (unless you have stateless firewall) and
may be what caused your problem.
--
Matus UHLAR - fantomas, uh...@fan
t; (except loopback, if
course), or if that is the primary address of your interface, those
defitions are useless, otherwise you should keep them there.
El lun, 25 ene 2021 a las 11:13, Matus UHLAR - fantomas ()
escribió:
On 23.01.21 12:44, Bernardo wrote:
>Finally I've found the sol
l lun, 25 ene 2021 a las 14:33, Matus UHLAR - fantomas ()
escribió:
On 25.01.21 14:05, Bernardo wrote:
>Yes. This causes serious problems.
>
>The problem is that these perfectly valid configuration lines in
>/etc/named.conf file (provided that 192.168.10.100 is the IPv4 address of
>
er problems with remote sites.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just s
really useless here, since you posted this to public mailing list.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Rememb
d one.
(there are measures if it's to be wrapped around zero).
what is your real problem?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu po
or:
host2.foo.lan if entry not present in /etc/bind/db.foo.lan
"file" is used in master and slave zones.
"forwarders" is used in "type forward" zones.
those are mutually-exclusice, so forwarders aren't used for master and
slave zones, while "file" is not u
lained the reason for the 9000ms so that Oracle and its many processes
all come together to resolve the DNS name and they *keep hitting* the first
resolver - and "timeout" can't kick in due to parallel requests from different
processes, hence the high overall response time.
--
M
es, simply define zone
zone "www.google.com" {
type master;
file "...";
};
note that for this kind setup, using dnsmasq with two forwarders and
www.google.com
overriden through /etc/hosts would be easier solution.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fanto
ell "if foo.google.com is not present in the google.com
private zone, you have to forward the query to another server (public
forwarder) in order to be publicly resolved" ???
that above will cover www.google.com and *.www.google.com
El mié, 31 mar 2021 a las 12:56, Matus UHLAR - fantom
;s no point in forwarding from BIND to public nameservers.
El mié, 31 mar 2021 a las 13:48, Matus UHLAR - fantomas
() escribió:
On 31.03.21 13:07, Roberto Carna wrote:
>Dear Matus, maybe I have not understood very well...
>
>I can setup a master zone as you said:
>
>zone "www
501 - 600 of 1048 matches
Mail list logo
