Re: dname reverse delegation

ave yourself trouble by doing so? If not, you should probably reconsider. [...] Don't be distracted by RFC2317. It describes the trickery you need when you're dealing with a longer prefix (fewer addresses) than a /24. If you have "a few /24", you can deal with them withou

Re: How does a Client Verify if the DNS server is Alive or down

es it periodically send any messages to the server. What Kind of messages are required by the client to be sent towards server to determine if the DNS IP is reachable or not? what is your problem? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e

Re: Why two lookups for a CNAME?

ar.example too... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Depression is merely anger with

Re: Why two lookups for a CNAME?

Am 22.10.2015 um 14:01 schrieb Matus UHLAR - fantomas: I wonder if it's not enough to verify that the first response was received from proper server. Since play.l.google.com is a subdomain of play.google.com, the lookup would go throuth google.com nameservers again... when server

Re: Multiple logs

On 26.12.15 20:30, kev wrote: I am using bind9 with ubuntu 14.04. I was wondering how to log by indivudual IP. Ive googled it but didnt find what i was looking for.Thanks,  I'd choose logging at kernel level in iptables firewall. ULOG and ulogd can log to libpcap format. -- Matus

Re: Multiple logs

On 26.12.15 20:30, kev wrote: I am using bind9 with ubuntu 14.04. I was wondering how to log by indivudual IP. Ive googled it but didnt find what i was looking for.Thanks, Am 27.12.2015 um 18:07 schrieb Matus UHLAR - fantomas: I'd choose logging at kernel level in iptables firewall.

Re: Multiple logs

On 26.12.15 20:30, kev wrote: I am using bind9 with ubuntu 14.04. I was wondering how to log by indivudual IP. Ive googled it but didnt find what i was looking for.Thanks, Am 27.12.2015 um 18:07 schrieb Matus UHLAR - fantomas: I'd choose logging at kernel level in iptables firewall.

Re: Multiple logs

Hello, On 26.12.15 20:30, kev wrote: I am using bind9 with ubuntu 14.04. I was wondering how to log by indivudual IP. Ive googled it but didnt find what i was looking for.Thanks,  On 27.12.15 18:07, Matus UHLAR - fantomas wrote: I'd choose logging at kernel level in iptables firewall.

Re: Allow-Query=any

so, instead of providing type "ANY" you want people to flood your server with multiple queries for type? if you have problems, response rate limiting should be better solution. ...I received spam from comnpany with NS hosted at cloudflare that refuses ANY query. I am considering ignoring such

Re: has no address records (A or AAAA)

uot;cts.org" in file "192.168.99.zone" that contains the reverse zone, not zone cts.org. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukol

Re: Intermittent NXDOMAIN for a name we are forwarding

"Unassociated entries" when the problem happens. anything more isble in the cache? last time I have encountered this error, it was problematic Cisco DNS load balancer, responding NXDOMAIN to a PTR (and possibly other) type queries, while standard types returned proper answer. -- M

Re: Intermittent NXDOMAIN for a name we are forwarding

now.. doesn't the log also contain info where did that message come from? Our current work around is to restart named (which cache) or we could do a 'rndc flush'. "rndc flushname myname.mydomain.com" should be enough - not needed to flush whole cache. -- M

Re: what does "max-ncache-ttl 0;" mean?

effect it would disable negative cacheing. which means, DON'T DO THAT. anyone searching for nonexisting DNS names (e.g. because of a misconfiguration) could easily DoS your server. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail

Re: Multiple A records and reverse DNS

yahoo, aol, without any valid reason. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The early bird may get the worm, but the second mous

Re: about NS server authorize

el, saying nameserver not authorized. contact your registrar about this issue. thisa is not a bind problem. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolve

Re: multi zone forward ?

e view where clients belong and forward everything... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. LSD will make your ECS screen display

Re: i have a question ?

cursion no ), i found forwarding required recursion. You must turn recursion on (and allos it for your IPs) to do the forwarding. Note that in most cases it's useless to do forwarding if your bind server has connectivity and can do the lookups itself. -- Matus UHLAR - fantomas, uh..

Re: Logging question about message 'update-security: error: client update denied'

ey "xcat_key"; }; notify yes; also-notify {10.20.0.100; 10.20.0.101;}; }; apparently the client who asks for update does not know the "xcat_key". ...many windows machines tend to register their name in DNS (it's on by default in netowr

Re: resolution problem

.121#53(dns1.colostate.edu) in 36 ms often a problem of invalid NS delegation, or bad TTL (A record for a server expires before NS record). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto

Re: resolution problem

a.colostate.edu. >dpc.cira.colostate.edu. 3600IN A 129.82.109.62 >;; Received 83 bytes from 129.82.103.121#53(dns1.colostate.edu) in 36 ms In article , Matus UHLAR - fantomas wrote: often a problem of invalid NS delegation, or bad TTL (A record for a server expires before NS record)

Re: Forward zone not working

ea how will ordinary DNS in ipv6 look like, but I doubt it will look like this... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Despite the

Re: Forward zone not working

S protocol just to provide generic DNS records for each leaf (home) network... yes, we need something new for IPv6. But not for creating bulks of useless generic records. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising

Re: resolution problem

In article , Matus UHLAR - fantomas wrote: often a problem of invalid NS delegation, or bad TTL (A record for a server expires before NS record). On 19.05.16 15:31, Sam Wilson wrote: Glue A records for the nameservers have 172800 TTL, authoritative A records have 1200. that'

Re: Strange intermittent resolution

.com. amlinuxmedia.com. 86400 IN NS ns2.host-for.com. got it? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. One OS to rule

Re: Ability to limit memory usage for zones on an authoritative server.

ot an issue) and didn't want to do the work of changing some standard zone lists and data we use. what kind of zones are they? why do you load them if you don't want to use them? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail adve

Re: Append a Hard-coded Text Tuple into Additional Section of "dig" Feature

ome information that I want to include" 1. there's no point in adding TXT rrs to additional section, they do not belong there 2. why at all do you want to put them there? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail ad

Re: Unable to understand why a different A record response being sent by bind

instead of test1.com for examples... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I drive way too fast t

Re: Resolving issue on specific domain

means, 194.126.10.18 does not know the "domainname" you must add localhost to resolv.conf as first nameserver to get answers from it by default. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Var

Re: Sending extra info in bind dns query packet

packet? Is there other way I can send this extra info through the bind dns query packet? it's highly dependent on what exactly you want to achieve. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. V

Re: Resolving issue on specific domain

On 15.07.16 12:05, Daniel Dawalibi wrote: To: 'Matus UHLAR - fantomas' , bind-users@lists.isc.org please avoid personal replies. use list-reply whenever possible. I already did it as per below output of resolv.conf but problem persists. do you want to say, even if you run "

Re: Resolving issue on specific domain

ed Dig domainame localhost -> Resolving properly and, please remove the parts that are not important, don't sent useless crap to mailing list. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varo

Re: Resolving issue on specific domain

On 15.07.16 14:05, Daniel Dawalibi wrote: Dig domainname -> Server failed On Jul 15, 2016, at 8:48 AM, Matus UHLAR - fantomas wrote: please show us output of it. when 127.0.0.1 is first in /etc/resolv.conf, dig should contact localhost first, and the result should be the same as

Re: Query on the Order in which RR are answered by Bind of Order/preference are Same

for your bind instance - any other nameserver can change the order. why don't you use higher order if you want to have them in order? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tut

Re: Questions on how to setup Reverse DNS in bind 9

05 now... Because I didn't setup another A name for franklin? Thanks and sorry for all the questions. I know these probably aren't really bind related questions anymore. Thanks! once more: jetbbs.com IS NOT franklin.jetbbs.com ! FYI currently they both only contain 104.238.117.105

Re: Questions on how to setup Reverse DNS in bind 9

gain but when we get into the new house, I'll change it so the IP address for the second A record points to my server at the house. That way, if one server goes down, people can still connect. It'd be a great opportunity to learn this stuff a bit more I think. good idea. -- Matus UHLAR

Re: Questions on how to setup Reverse DNS in bind 9

ally edited the httpd.conf file and regenerated the SSL certs, things might have started working. this is your problem. don't generate ssl keys when adding IPs. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this

Re: Overriding TTL per resource-record on slave

My Idea is to run a dynamic update (nsupdate) wrapper script to update TTL entries for desired resource-records on our slave. Is there a better way to achieve this? your slave will only forward the update to master. Your description does not make sense, what exactly do you want to achieve?

Re: Overriding TTL per resource-record on slave

DNS master? since all resource records have their own TTL, you can simply give those you want lover TTL than the others. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT

Re: outgoing-traffic

or it and the traffic has already hit your system before ANY queries would be denied. however, if no responses will come from his server, it's more likely that the queries will stop. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail a

Re: outgoing-traffic

On 27 July 2016 at 15:10, Matus UHLAR - fantomas wrote: however, if no responses will come from his server, it's more likely that the queries will stop. On 27.07.16 15:19, S Carr wrote: If you look at the capture there doesn't appear to be any responses being sent for the ANY

Re: getting not authoritative with some notifies - Solved

complain and tell them they should tell you when tthey migrated their zones off. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. (R)etry, (A

Re: getting not authoritative with some notifies - Solved

On 2016-07-29 08:21, Matus UHLAR - fantomas wrote: On 28.07.16 12:13, Paul A wrote: Now what is everyone using to make sure the zones in named.conf are still pointing to your NS servers? I have a lot of stale DNS zones I want to remove. separate authoritative and recursive servers. bill for

Re: getting not authoritative with some notifies - Solved

On Sat, 2016-07-30 at 21:40 +0200, Matus UHLAR - fantomas wrote: or simply wait till customers complain and tell them they should tell you when tthey migrated their zones off. On 31.07.16 18:00, Carl Byington wrote: Which customers will complain? funny that you have answered below

Re: getting not authoritative with some notifies - Solved

n't happen often that someone migrates domain off your server. However you can avoid this issue by running either multiple dns servers, bind instances or views, recursive-only on 127.0.0.1 and authoritative on public IP. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning

Re: Slaves or Forwarders?

ameserver instances (e.g. IPSEC tunnels). On 24.08.16 08:00, Mark Andrews wrote: named only accepts IXFR over TCP. While the protocol supports sending deltas with IXFR/UDP named does not use that part of the protocol. just IXFRs or AXFRs too? Isn't edns over UDP enough in many

Re: Question about dynamic IPv6-PTR-Generation

On 26.08.16 07:34, Tom Tom wrote: I'm searching a way to respond to IPv6-PTR-Queries like the "$GENERATE"-mechanism for IPv4 has done it. why? configuring single IP addresses or taking them from DHCP is easier than creating new useless mechanism. -- Matus UHLAR - fantomas, uh

Re: Question about dynamic IPv6-PTR-Generation

On 26.08.16 07:34, Tom Tom wrote: I'm searching a way to respond to IPv6-PTR-Queries like the "$GENERATE"-mechanism for IPv4 has done it. On 26 August 2016 at 13:45, Matus UHLAR - fantomas wrote: why? configuring single IP addresses or taking them from DHCP is easier th

Re: DNS views and zone transfers

{ match clients - external { zone example.org { }; zone example.com { }; }; -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu

Re: replicate a whole master

means? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fighting for peace is like fucking for virginity

Re: forwarder (YES/NO)

forwarders) for some time? BIND should cache frequently used data and provide them quickly. when you use google forwarder, the main difference is that most of those data are probably already cached. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to rece

Re: forwarder (YES/NO)

main difference is that most of those data are probably already cached. How can I replicate same thing? just leave bind running for some time. with 9.10, leave prefetch on and see... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertisi

Re: forwarder (YES/NO)

with 9.10, leave prefetch on and see... On 20.09.16 15:12, Pol Hallen wrote: I've 9.9.5 version on debian stable :-/ so simply leave BIND running and see if it's better tomorrow... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to rece

Re: adding zone forwards without restart

u have problems with forwarding zones or master zones? Did you run named-checkconf as Benny advised? Did you run named-checkzone for the newly added zones? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varov

Re: Querying locally on a nameserver - odd behavior

{any;} in BIND config and the above is local on the host (obtained via slaving). The listen-on is set to 'any' on port-53 What am I missing? Why this odd behavior? a firewall probably? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to rece

Re: forwarder (YES/NO)

commented: // forwarders { // 8.8.8.8; 8.8.4.4; //} but testing 127.0.0.1, bind keep also 4000/5000ms to resolve a query forwarders { 127.0.0.1; } do you forward to yourself??? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertisi

Re: adding zone forwards without restart

On 21.09.16 14:49, philippe.simo...@swisscom.com wrote: and after a forward add a rndc flush can help too .. not needed unless old forwarders provide invalid data. -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Matus UHLAR - fantomas Sent

Re: Minimal responses and speeding up queries

mal responses often results into additional queries needed, by definition. If you want to avoid additional queries, turn minimal_responses off. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto a

Re: adding zone forwards without restart

mains when issued. You can use it if needed. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. How does ca

Re: Fwd: Re: adding second zone

n: failure 1.168.192.in-addr.arpa is on primary zone, if I add second zone I've this error you apparently have 1.168.192.in-addr.arpa defined two times what are you trying to do? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail adve

Re: R: Minimal responses and speeding up queries

query. If you turn mimimal-responses on, the required data may not be in the answer. That will result into another query send, which means number of queries increases. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this

Re: Fwd: Re: adding second zone

erent networks with the same IP addresses and you want to answer them from different zones, you can use two different views. Note that the requests must either come from different clients or with different TSIG keys, otherwise you can't know which view to provide. -- Matus UHLAR - fa

Re: root.hind or named.hint file update

han having outdated hints file. But if someone does care about hints file, it's better to have current version, when the builtin one is older. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie:

Re: Unable to Load the Zone file

nis.net/IN: bad zone What is the problem here? is there something you don't understand on error message? "NS record '72.31.4.5.' appears to be an address" IP Address can only appear at right side of A record ( for ipv6 addresses). NS records needs domain names

Re: adding zone forwards without restart

vice (typically "service named restart" on EL6 and "service named-chroot restart" on EL7) works. apparently there's something like that (copying files) in startup scripts or related to puppet installation. tried running without chroot for a while, if it helps? -- Matus UHLA

Re: Multiple A Records - Followup Question

can't correctly emit the right EHLO for outbound email should remain in the 1990s. I found it problematic, not helpful. It's much safer and easier to have one PTR record with correct fcrdns when sending mail than having multiple DNS records (even with valid fcrdns). -- Matus UHLAR - fa

Re: Unspecified error DNS query

in the dig output since other queries do not show TCP mode in their output? responses that are over 512 bytes (maximum packet size without EDNS) must be truncated in UDP mode and thus must be responded in TCP mode. try running: dig +bufsize=4096 outlook.live.com. that shoud avoid TCP...

Re: How to request ixfr updates against public ip directly instead of unicast ip in bind

p and we have port opened slave to master with public ip. Do we have any option checking for SOA value directly with public ip of master instead of unicast ip. I don't get it. What do you mean by "unicast" and "public" IP? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; h

Re: R: Reloading match-clients

dns update for the RPZ zone). On 14/10/16 11:48, Job wrote: is there a way to update/change this section without reloading or with a very-soft reload? Yes. Use "rndc reconfig" instead of "rndc reload". Regards, Anand -- Matus UHLAR - fantomas, uh...@fantomas.sk ; ht

Re: forward only recursive server doesn't forward

96/28 97 IN CNAME 97/28 ... 111 IN CNAME 111/28 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. If Barbie

Re: Enterprise DNS Architecture - AD and BIND

o you, better slave them and send notifies... that will give you better performance and faster propagation of changes. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDO

Re: Enterprise DNS Architecture - AD and BIND

ntract with... shorter path should make better results and forwarding makes the path longer... if you are going the multi-AD way, simply forward from requests from AD to a few BIND caching servers (slaving your internal zones) that will have access to outside. -- Matus UHLAR - fantomas, uh...@f

Re: Error while building BIND 9.11 on linux host

penssl make make install just a side note: it's quite funny that some people set system that has 10-years support and start installing things they won't get support for... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail adv

Re: Blocking reverse lookup queries for private ips

d only dns server or will there be any problems related caching etc with this conf. no, the good configuration is if you do the recursion yourself, without forwarding to google. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail adverti

Re: Blocking reverse lookup queries for private ips

d only dns server or will there be any problems related caching etc with this conf. On Thu, Nov 24, 2016 at 3:06 PM, Matus UHLAR - fantomas wrote: no, the good configuration is if you do the recursion yourself, without forwarding to google. On 24.11.16 17:10, Sachin Patil wrote: I need to

Re: Blocking reverse lookup queries for private ips

r dns servers as forwarders - without any real need. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Quantum mechanics: The dreams stuff is

Re: bind does not resolved all domains (SERVFAIL)

dig +trace any phdcomics.com that should help more than comparing to other nameservers if they can query that domain. Note that the domain has mismatched delegation, according to some DNS checkers. also, the servers have very short TTLs. -- Matus UHLAR - fantomas, uh...@fantomas.sk ;

Re: bind does not resolved all domains (SERVFAIL)

/2017 10:06 AM, Matus UHLAR - fantomas wrote: try: dig +trace any phdcomics.com On 13.01.17 10:26, Clément Fevrier wrote: here the result: % dig +trace any phdcomics.com phdcomics.com. 172800 IN NS ns2.speakeasy.net. phdcomics.com. 172800 IN NS

Re: rDNS

  3600    IN   PTR  network.archaxis.net. 81  3600    IN   PTR  alpha.archaxis.net. 82  3600    IN   PTR  bravo.archaxis.net. 87  3600    IN   PTR  broadcast.archaxis.net. What is wrong?  Is this my problem, or with AT&T? -- Matus UHLAR - fantomas, uh

Re: Enforce EDNS

servers that don't answer EDNS + DNS COOKIE queries. Currently we fall back to plain DNS which works except when there is a signed zone involved and the server is validating. fall back for how long? maybe for the same random time as RTT measurements are done - remember for a while, but retry

Re: Recognizing remote IP in shared connections

s purpose. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I feel like I'm diagonally park

Re: Unable to build BIND 9.11.0-P3 on RHEL 6.0 64-bit

at to avoid this. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fucking windows! Bring Bill Gates! (Southpark the

Re: Unable to slave root zones

or root zone. did you check on more of them? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows foun

Re: Overwrite A record from DNSSEC protected domain if I am the owner of the domain

like 192.168.0.1, that is only reachable from the LAN this can be done using small resolver in the LAN that resolves the name to internal IP. Should be no problem unless your end-resolvers check DNSSEC -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to

Re: inline-signing a zone that exists in two views

ers are non-recursive. They use the same DNS resolvers that any other server uses, and not themselves. this configuration will make your recursive servers provide correct data when your customers move their domains out without telling you so (which happend quite often)... -- Matus UHLAR - f

Re: are you using lwres?

t re-sorted IPs) so I disabled it. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Saving Private Ryan... Private Ryan exists.

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

fine. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Support bacteria - they're the only culture some people

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

;-) there are cases when having two reverse records is misleading. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam = (S)tupid (P)eople

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 18.06.17 16:26, Mark Elkins wrote: Put two reverse records in both the IPv4 and IPv6 reverse zones in the "125.124.123.in-addr.arpa" zone: 126 IN PTR mail.xxx.com. 126 IN PTR ns.xxx.com. Am 18.06.2017 um 17:38 schrieb Matus UHLAR - fantomas: there are cases w

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

il.xxx.com, the reverse address will not point on ns.xxx.com, and if put ns.xxx.com, the reverse dns will not point on mail.xxx.com, and I shall have mail problem. you will not have problem. who told you that? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I w

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 06/19/2017 08:51 AM, Matus UHLAR - fantomas wrote: long story short: in the "125.124.123.in-addr.arpa" zone: 126 IN PTR mail.xxx.com. quoting your original message: What should I put for IPV4 reverse address : if I put mail.xxx.com, the reverse address will not point on

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

apparently yes, because this thread exists. There's OP confused about a problem that does not exists. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

rrect. * smtp_helo_name of your MTA matches the same name this one is incorrect and my next comment applies only to this one: Am 19.06.2017 um 08:49 schrieb Matus UHLAR - fantomas: Even this is not required. In fact, requiring this breaks SMTP RFC. The only requirement on helo name is that host must exist a

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

one PTR of this format would cause rejections. in all of these cases just remove the old useless generic PTR would have solved the problem from the start so please inform yourself and do tests. go reread the OP's question. He asked about "ns" and "mail" records. t

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Am 19.06.2017 um 15:25 schrieb Matus UHLAR - fantomas: those rejections were NOT caused by having two different PTRs. They were caused by something different that is not a subject of this thread - even one PTR of this format would cause rejections. On 19.06.17 15:32, Reindl Harald wrote: not

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Am 19.06.2017 um 16:56 schrieb Matus UHLAR - fantomas: since DNS don't care about the PTR but mail does what is your problem that you need stupid dicussions instead just agree that it can't do harm and in doubt is beneficial to have just one hostname, use that one hostname in hel

Re: wildcard not working after record deleted

one data, and I do understand that prevents you from helping. I was hoping someone else had come across this at some point. note that existande of "something.sample" subdomain also means that "sample" exists and is empty. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http

Re: restarting bind fixes some resolution issues

mirl.cloudfront.net - maybe you should look up that one next time problem appears. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I intend to li

Re: designing the DNS from the scratch

he path, so the 3ms can only be achieved on short distances. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The only substitute for good

Re: delegation NS records

rvers in your owndomain (and thus glue recods in parent zone), search for nameservers that do have glue records in parent zone. This will lower a risk of breaking the delegation path. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advert

Re: DNS traffic accounting

generate WAN traffic. well, caching makes your benefit, doesn't it? Any suggestion how to approach this problem? ...don't? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto ad

<    4   5   6   7   8   9   10   11   >