On Sun, 21 Jul 2024, Adam Weremczuk wrote:
This is in a way a continuation of my recently "purely local DNS" thread.
To recap: my objective is to send emails to a single domain with both DNS and
any other email traffic being disabled.
A simple working solution that I've found f
Thanks for pointing that out.
I've noticed that installing sendmail package was removing postfix and
vice versa.
That made me think these two were mutually exclusive.
After reinstalling postfix, logwatch suddenly started sending emails so
everything is now working as expected.
---
Adam
>
> Please forgive me, as that is what I am about to do.
>
> I have had, what seems to me to be similar issue, my solution was to
> set up an authoritative BIND9 server on the email/web server in
> question, and have the server first use its own BIND9 server's DNS
> service first
t;
> to make logwatch use postfix (already working without DNS) instead of
> sendmail?
Blimey. You are COMPLETELY confused, aren't you.
If postfix (the package named "postfix") is installed, and if sendmail
(the package named "sendmail") is NOT installed, then you
Adam Weremczuk writes:
> Let me rephrase my question, which should be easier to answer.
>
> What exactly shall I substitute:
>
> mailer = "/usr/sbin/sendmail -t"
>
> with in /usr/share/logwatch/default.conf/logwatch.conf
>
> to make logwatch use postfix
on the email/web server in question, and have the
server first use its own BIND9 server's DNS service first.
Admittedly I did not care if my authoritative BIND9 server went out the the
Internet for any queries for which it was not authoritative.
It did allow me to run the server isolated either
Adam Weremczuk writes:
> Let me rephrase my question, which should be easier to answer.
>
> What exactly shall I substitute:
>
> mailer = "/usr/sbin/sendmail -t"
>
Eee. Nothing?
--8<---cut here---start->8---
dpkg -L postfix|grep send
/usr/sbin/sendmail
Let me rephrase my question, which should be easier to answer.
What exactly shall I substitute:
mailer = "/usr/sbin/sendmail -t"
with in /usr/share/logwatch/default.conf/logwatch.conf
to make logwatch use postfix (already working without DNS) instead of
sendmail?
On 21/07/2024 0
Sendmail is too old to be supported.
You may use postfix and exim instead. They are main stream MTA software
today.
On 2024-07-21 14:58, Adam Weremczuk wrote:
This is in a way a continuation of my recently "purely local DNS"
thread.
To recap: my objective is to send emails t
This is in a way a continuation of my recently "purely local DNS" thread.
To recap: my objective is to send emails to a single domain with both
DNS and any other email traffic being disabled.
A simple working solution that I've found for Postfix is:
/etc/hosts
1.2.3.4example
says:
As of Postfix 2.11, this parameter is deprecated; use
smtp_dns_support_level instead.
(Debian 12 has postfix-3.7.11; well past postfix-2.11.)
I don't know if `smtp_dns_support_level` is needed at all
with `smtp_host_lookup = native`. I've never run an MTA
where I wanted DNS
01:33, Max Nikulin wrote:
I assume that you are not trying to achieve "smart host" configuration
for sending mail.
Perhaps you can run a dedicated dnsmasq instance with no upstream DNS
servers. Option that might help: --dns-rr, --mx-host, --mx-target.
On 15/07/2024 20:00, Adam Weremczuk wrote:
- ability to fetch a single MX record for a single domain
I assume that you are not trying to achieve "smart host" configuration
for sending mail.
Perhaps you can run a dedicated dnsmasq instance with no upstream DNS
servers. Option
again)
>
> Any SMTP client which does not fall back to the A record when no MX records
> exists is fundamentally broken.
I think a confusion here is that the /etc/hosts file is not DNS. Not
all applications on a system will ask the NSS for host lookups; some
do go straight to DNS (as
never run an MTA
where I wanted DNS lookups disabled, so I don't have any
direct experience.
If it is needed, you'd surely be better off avoiding the
long-deprecated `disable_dns_lookups` parameter which will
just set you up for failure with some future update.
--
Todd
signature.asc
Description: PGP signature
I'm using Postfix and this all that was needed:
/etc/hosts
1.2.3.4 example.com
/etc/postfix/main.cf
disable_dns_lookups = yes
smtp_host_lookup = native
nctioning DNS is going to
require configuration of your MTA.
So, the next question is *which* MTA you're using. I'm most familiar
with qmail. I'm guessing you're not using qmail (just based on the odds),
but in qmail, this would be done by creating an smtproutes file in the
control directory.
If
I get:
0A032940922 657 Mon Jul 15 14:40:01 user1@mymachine
(Host or domain name not found. Name service error for name=example.com
type=MX: Host not found, try again)
Any SMTP client which does not fall back to the A record when no MX
records exists is fundamentally broken.
--
Debian 12 VM:
- no public or LAN DNS whatsoever
- ability to fetch a single MX record for a single domain
I don't think I can add MX to /etc/hosts which only works for A
records.
I'm after a similarly simple, "one liner" solution.
---
Adam
--
Jeff Pang
jeffp...@aol.com
to configure for my Debian 12 VM:
- no public or LAN DNS whatsoever
- ability to fetch a single MX record for a single domain
I don't think I can add MX to /etc/hosts which only works for A records.
I'm after a similarly simple, "one liner" solution.
I'm *so* confused by this ques
for sending mail.
Regards
On 2024-07-15 21:00, Adam Weremczuk wrote:
What I need to configure for my Debian 12 VM:
- no public or LAN DNS whatsoever
- ability to fetch a single MX record for a single domain
I don't think I can add MX to /etc/hosts which only works for A records.
I'm after
On Mon, Jul 15, 2024 at 14:00:03 +0100, Adam Weremczuk wrote:
> What I need to configure for my Debian 12 VM:
> - no public or LAN DNS whatsoever
> - ability to fetch a single MX record for a single domain
>
> I don't think I can add MX to /etc/hosts which only works for A records.
:
- no public or LAN DNS whatsoever
- ability to fetch a single MX record for a single domain
I don't think I can add MX to /etc/hosts which only works for A
records.
I'm after a similarly simple, "one liner" solution.
---
Adam
--
Jeff Pang
jeffp...@aol.com
What I need to configure for my Debian 12 VM:
- no public or LAN DNS whatsoever
- ability to fetch a single MX record for a single domain
I don't think I can add MX to /etc/hosts which only works for A records.
I'm after a similarly simple, "one liner" solution.
---
Adam
; > But, the same query wouldn't success in another VPS as follows.
> >
> > $ dig 235.84.36.104.zen.spamhaus.org
> > ;; QUESTION SECTION:
> > ;235.84.36.104.zen.spamhaus.org.IN A
> >
> > ;; Query time: 1 msec
> > ;; SERVER: 127.0.0.53#53(
Am 12.06.2024 um 10:51:45 Uhr schrieb Jeff Peng:
> Do you know what's the reason behind this?
Spamhaus restricts queries from public resolvers.
us.org.IN A
;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Wed Jun 12 10:45:41 HKT 2024
;; MSG SIZE rcvd: 59
The returned result is "NXDOMAIN".
Both nodes use systemd-resolve as DNS subresolver.
Do you know what's the reason behind this?
Thanks.
Le 19848ième jour après Epoch,
BERTRAND Joël écrivait:
> François TOURDE a écrit :
[...]
>>
>> Il y a des chances que ton registrar te propose son propre DNS. Pourquoi
>> ne pas l'utiliser ?
>
> Parce que pour certaines configurations spéciales, ça ne
réaliser ce que tu veux faire j'utilise BIND
>>> avec sa vue local
>>>
>>> Perso, je connecterai tous les postes en VPN et ne ferait écouter le
>>> serveur DNS que sur l'IP privée du VPN. Pas ou prou problème de
>>> sécurité
>> Sauf que là, l'OP parle
en VPN et ne ferait écouter le
serveur DNS que sur l'IP privée du VPN. Pas ou prou problème de
sécurité
Sauf que là, l'OP parle de "téléphones IP", donc difficile de faire le
tri. En plus, opérer un VPN "ouvert aux 4 vents", ou un DNS "ouvert
pareil", je choisirais
François TOURDE a écrit :
> Le 19846ième jour après Epoch,
> Olivier écrivait:
>
>> Bonjour,
>>
>> J'envisage de mettre en place un serveur DNS dont le rôle serait de
>> résoudre des requêtes sur un de mes domaines.
>
> Il y a des chances que ton regist
Le 4 mai 2024 François TOURDE a écrit :
>> Au minimum fermer le serveur par un firewall et autres. Et configurer le
>> serveur dns en prenant les options les plus sécurisées, là ça dépend du
>> serveur retenu. Mais au minimum bloquer les transferts et la
>> récursion.
&g
Le 19846ième jour après Epoch,
NoSpam écrivait:
> Ouvert aux 4 vents, surement pas. Plein de problèmes si le logiciel
> est mal configuré. Pour réaliser ce que tu veux faire j'utilise BIND
> avec sa vue local
>
> Perso, je connecterai tous les postes en VPN et ne ferait écouter l
prestataire qui loue des machine
et qui ne peut pas supporter des floppées de requêtes DNS, j'en vois
pas.
>> 3. Quel retour d'expérience sur l'exploitation d'un serveur DNS
>> "ouvert aux 4 vents" ? Quels problèmes de sécurité rencontre-t-on ?
>
> Ouvert pour fournir
Le 19846ième jour après Epoch,
Olivier écrivait:
> Bonjour,
>
> J'envisage de mettre en place un serveur DNS dont le rôle serait de
> résoudre des requêtes sur un de mes domaines.
Il y a des chances que ton registrar te propose son propre DNS. Pourquoi
ne pas l'utiliser ?
> I
> 3. Quel retour d'expérience sur l'exploitation d'un serveur DNS
> "ouvert aux 4 vents" ? Quels problèmes de sécurité rencontre-t-on ?
Ouvert pour fournir le dns à des personnes que tu ne connais pas ?
Au minimum fermer le serveur par un firewall et autres. Et configurer le
serveur d
Bonjour
Le 03/05/2024 à 17:37, Olivier a écrit :
Bonjour,
J'envisage de mettre en place un serveur DNS dont le rôle serait de
résoudre des requêtes sur un de mes domaines.
Imaginons que je possède le domaine masociete.com
Le serveur recevra des requètes d'Internet sur des sous-domaines comme
Bonjour,
J'envisage de mettre en place un serveur DNS dont le rôle serait de
résoudre des requêtes sur un de mes domaines.
Imaginons que je possède le domaine masociete.com
Le serveur recevra des requètes d'Internet sur des sous-domaines comme
client12345.masociete.com en provenance d'appareils
Muhammad Yousuf Khan wrote:
> Need your experience advice, We have a BIND9 DNS server that operates both
> privately and publicly for the domain example xyz.com. I use the private
> DNS for certain secure nodes on our local network. I want all VPN users to
> be able to resolve these
On 12/03/2024 12:48, Muhammad Yousuf Khan wrote:
Dear All,
Need your experience advice, We have a BIND9 DNS server that operates
both privately and publicly for the domain example xyz.com
<http://xyz.com/>. I use the private DNS for certain secure nodes on our
local network. I want a
Dear All,
Need your experience advice, We have a BIND9 DNS server that operates both
privately and publicly for the domain example xyz.com. I use the private
DNS for certain secure nodes on our local network. I want all VPN users to
be able to resolve these secure nodes using our local DNS
On 31/10/23 16:27, Max Nikulin wrote:
On 30/10/2023 14:03, Richard Hector wrote:
On 24/10/23 06:01, Max Nikulin wrote:
getent -s dns hosts zircon
Ah, thanks. But I don't feel too bad about not finding that ...
'service' is not defined in that file, 'dns' doesn't occur, and
searching
nameservers.
# The nameservers listed below may not be recognized.
nameserver 2001:4860:4860::
nameserver 2001:4860:4860::8844
nameserver 2600:380:bc53:b864::b3
I did not want the DNS name servers to be populated but I can live with it.
Do you mean that you prefer to avoid 192.168.104.233
2600:380
not be recognized.
nameserver 2001:4860:4860::
nameserver 2001:4860:4860::8844
nameserver 2600:380:bc53:b864::b3
I did not want the DNS name servers to be populated but I can live with it.
thank again for your help
Tim
--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https
On 30/10/2023 20:04, Timothy M Butterworth wrote:
sudo less /etc/NetworkManager/system-connections/Pixel5.nmconnection
[...]
[ipv6]
addr-gen-mode=stable-privacy
dns=2001:4860:4860::,2001:4860:4860::8844;
dns-search=home.arpa;
ignore-auto-dns=true #I tried with this on, commented out
On 30/10/2023 14:03, Richard Hector wrote:
On 24/10/23 06:01, Max Nikulin wrote:
getent -s dns hosts zircon
Ah, thanks. But I don't feel too bad about not finding that ...
'service' is not defined in that file, 'dns' doesn't occur, and
searching for 'hosts' doesn't give anything useful
On 31/10/2023 04:02, Pocket wrote:
On 10/30/23 15:50, Timothy M Butterworth wrote:
I know it is using dhclient because I typod the domain name supersede
domain-name "home.apra"; and it populated .apra in resolv.conf.
Sorry, it is not clear for me what did you do and what result you got.
thing I am
missing is the population of IPv6 DNS addresses.
sudo less /etc/dhcp/dhclient.conf
supersede domain-name "home.arpa";
supersede dhcp6.domain-search "home.arpa";
supersede dhcp6.name-servers 2001:4860:4860::,
2001:4860:4860::8844;
supersede
On Mon, Oct 30, 2023 at 1:18 PM Pocket wrote:
>
> On 10/30/23 09:04, Timothy M Butterworth wrote:
>
> Hello All,
>
> I have been following the recent emails regarding resolv.conf. I almost
> have my system running perfectly. The only thing I am missing is the
> populati
correct in thinking that this setting enables the
internal DHCP client.
# iwd-config-path=
plugins=ifupdown,keyfile
configure-and-quit=no
[global-dns]
searches=home.arpa
[ifupdown]
managed=false
[logging]
# backend=journal
# audit=true
[device]
# wifi.backend=wpa_supplicant
[device-31-mac-ad
On 10/30/23 09:04, Timothy M Butterworth wrote:
Hello All,
I have been following the recent emails regarding resolv.conf. I
almost have my system running perfectly. The only thing I am missing
is the population of IPv6 DNS addresses.
sudo less /etc/dhcp/dhclient.conf
supersede domain-name
Am 30.10.2023 um 22:08:46 Uhr schrieb Max Nikulin:
> On 30/10/2023 20:04, Timothy M Butterworth wrote:
> > sudo less /etc/resolv.conf
> > domain home.arpa
> > search home.arpa
> > nameserver 8.8.8.8
> > nameserver 8.8.4.4
>
> I do not see "# Generated by NetworkManager" here.
That is because
On 30/10/2023 20:04, Timothy M Butterworth wrote:
sudo less /etc/resolv.conf
domain home.arpa
search home.arpa
nameserver 8.8.8.8
nameserver 8.8.4.4
I do not see "# Generated by NetworkManager" here.
nmcli connection
nmcli device
NetworkManager --print-config
ls -l
Hello All,
I have been following the recent emails regarding resolv.conf. I almost
have my system running perfectly. The only thing I am missing is the
population of IPv6 DNS addresses.
sudo less /etc/dhcp/dhclient.conf
supersede domain-name "home.arpa";
supersede dhcp6.domain-search
On 24/10/23 06:01, Max Nikulin wrote:
On 22/10/2023 18:39, Richard Hector wrote:
But not strictly a DNS lookup tool:
richard@zircon:~$ getent hosts zircon
127.0.1.1 zircon.lan.walnut.gen.nz zircon
That's from my /etc/hosts file, and overrides DNS. I didn't see an
option in the manpage
On 22/10/2023 18:39, Richard Hector wrote:
But not strictly a DNS lookup tool:
richard@zircon:~$ getent hosts zircon
127.0.1.1 zircon.lan.walnut.gen.nz zircon
That's from my /etc/hosts file, and overrides DNS. I didn't see an
option in the manpage to ignore /etc/hosts.
getent -s dns
On 23/10/2023 20:52, David Wright wrote:
AFAICT, if you don't have busybox installed, then I think it's likely
that you removed it yourself.
Or it is a LXC container installed using the "download" template. It
uses systemd-networkd and systemd-resolved. I have never tried qemu with
kernel
On Sun 22 Oct 2023 at 11:07:05 (+0700), Max Nikulin wrote:
> On 21/10/2023 22:58, David Wright wrote:
> > On Sat 21 Oct 2023 at 17:35:21 (+0200), Reiner Buehl wrote:
> > > is there a DNS lookup command that is installed by default on any
> > > Debian Bullseye or Bookworm
On 22/10/23 04:56, Greg Wooledge wrote:
On Sat, Oct 21, 2023 at 05:35:21PM +0200, Reiner Buehl wrote:
is there a DNS lookup command that is installed by default on any Debian
getent hosts NAME
getent ahostsv4 NAME
That said, you get much finer control from dedicated tools
On 21/10/2023 22:58, David Wright wrote:
On Sat 21 Oct 2023 at 17:35:21 (+0200), Reiner Buehl wrote:
is there a DNS lookup command that is installed by default on any
Debian Bullseye or Bookworm install?
nslookup is in busybox.
busybox is an optional package, so it may be absent. "g
Perfect! Then I just need to add an alias to my profile and can use nslookup :-)
On 21.10.23 17:58, David Wright wrote:
On Sat 21 Oct 2023 at 17:35:21 (+0200), Reiner Buehl wrote:
> is there a DNS lookup command that is installed by default on any
> Debian Bullseye or Bookworm i
Hello,
it's not really answer to your question, but for simple things like
IP-Addresses you can use getent ahosts, getent hosts or ping directly.
Best Regards,
Juri Grabowski
On Sat 21 Oct 2023 at 17:35:21 (+0200), Reiner Buehl wrote:
> is there a DNS lookup command that is installed by default on any
> Debian Bullseye or Bookworm install? Something that doesn't require as
> much dependencies as bind9-utils (which provides dig and nslookup) or
> bind9-hos
On Sat, Oct 21, 2023 at 05:35:21PM +0200, Reiner Buehl wrote:
> is there a DNS lookup command that is installed by default on any Debian
getent hosts NAME
getent ahostsv4 NAME
That said, you get much finer control from dedicated tools.
Hi all,
is there a DNS lookup command that is installed by default on any Debian
Bullseye or Bookworm install? Something that doesn't require as much
dependencies as bind9-utils (which provides dig and nslookup) or bind9-host?
Best regards,
Reiner
On Fri, Sep 22, 2023 at 05:19:08PM +0200,
Stephane Bortzmeyer wrote
a message of 13 lines which said:
> Oui. Cloudflare 1.1.1.1 ne fait pas autrement, il n'a pas de
> privilège particulier, il parle aux serveurs faisant autorité, comme
> le fait le résolveur public de FDN, ou comme le fait le
On Fri, Sep 22, 2023 at 04:49:07PM +0200,
Olivier wrote
a message of 10 lines which said:
> Quand on installe sur sa machine, un logiciel comme Unbound, celui-ci
> sait-il directement interroger les serveurs DNS centraux qui gèrent
> les .com, .fr et autres (ie sans passer par les
On Fri, Sep 22, 2023 at 04:55:05PM +0200,
Olivier wrote
a message of 11 lines which said:
> > Et pas besoin de passer par quad9 ou cloudflare bind peut forwarder en
> > direct.
> >
> Je n'avais pas compris que c'était possible !
Tout le monde peut installer un vrai résolveur (qui parle
Le ven. 22 sept. 2023 à 15:20, Michel Verdier a écrit :
>
> Et pas besoin de passer par quad9 ou cloudflare bind peut forwarder en
> direct.
>
Je n'avais pas compris que c'était possible !
Merci à Michel et Stéphane pour leur réponse qui change pas mal de choses.
rveurs DNS centraux qui gèrent
les .com, .fr et autres (ie sans passer par les serveurs comme
1.1.1.1 ou autres ) ?
ieusement compliquer les choses (et le déboguage !). À
part avec les vues, je ne vois pas comment faire.
> Vis à vis du DNS amont, j'utilise un fichier /etc/resolv.conf dont le
> contenu est:
> options rotate timeout:1 retries:1
> search monsuperdomain.lan
> nameserver 1.1.1.1
> namese
On Fri, Sep 22, 2023 at 02:02:36PM +0200,
Michel Verdier wrote
a message of 31 lines which said:
> > 4. Conseillez-vous unbound ? Si non, quelle alternative ?
>
> bind9 est quand même LE serveur DNS.
En 2023, c'est une affirmation très bizarre. Cela fait de nombreuses
années qu'
Le 22 septembre 2023 Olivier a écrit :
> 3. Quand on sert des utilisateurs qui consomment du Netflix, TikTok ou
> youtube, faut-il attendre des bénéfices avec du cache DNS (par rapport
> à une configuration où les utilisateurs interrogent directement des
> DNS publics) ?
un ca
Bonjour,
J'ai besoin d'implémenter un serveur (sous Bullseye pour l'instant)
qui va faire office de cache DNS pour les machines de réseaux locaux
(une centaine de machines réparties dans plusieurs VLAN).
Une précision importante: je ne maîtrise pas ces machines réparties
dans plusieurs VLAN: il
Sorry for the double post but I did not see the first answer any where.
Thank you. It was a lot easier than I thought it would be. Again Thank
you.
On 6/5/23 3:45 AM, Brad Rogers wrote:
On Mon, 05 Jun 2023 08:49:11 +0200
Michel Verdier wrote:
Hello Michel,
I already answered to your
On Mon, 05 Jun 2023 08:49:11 +0200
Michel Verdier wrote:
Hello Michel,
>I already answered to your problem :
I suspect OP is of the belief that we will respond to them directly and,
as a consequence, they are not reading the list.
--
Regards _ "Valid sig separator is
Le 5 juin 2023 Maureen L. Thomas a écrit :
> Forwarded Message
> Subject: problem with local DNS
>
> I am using a Lonova all in one computer with the latest debian on it.
> Bullseye is working fine except for the warning I get as follows: your
> current
Forwarded Message
Subject:problem with local DNS
Date: Fri, 2 Jun 2023 18:53:47 -0400
From: Maureen L Thomas
To: debian-user@lists.debian.org
I am using a Lonova all in one computer with the latest debian on it.
Bullseye is working fine except
Le 3 juin 2023 Maureen L. Thomas a écrit :
> I am using a Lonova all in one computer with the latest debian on it.
> Bullseye is working fine except for the warning I get as follows: your
> current proxy settings do not allow local DNS req
> (network.proxy.socks_remote)dns)
I am using a Lonova all in one computer with the latest debian on it.
Bullseye is working fine except for the warning I get as follows: your
current proxy settings do not allow local DNS req
(network.proxy.socks_remote)dns).
I have the nordvpn installed and I wonder if that is part
JwXePu0f1XgCxoAg
P5/6ZnnXpo4gidVtxfUB68Ed5T6yxo23o0eI5gE= )
I get external dns answer with a nice dnssec. Can you do :
dig @172.16.208.10 tio.nl A +dnssec +multiline
to see if your internal dns answer the same rrsig
Hi,
@Tim,
If I use the dnssec-validation no; option then indeed it all works. Just tested
it again to make sure.
And as a final solution to this problem I might accept it, but I would rather
not.
@Michel,
> I reread all our mails and I miss to ask you this one (as answers via
> extern
Le 1 juin 2023 Bonno Bloksma a écrit :
> I can do that, but ... that is only for inbound traffic TO my dns server on
> this network.
> That part is working without any problem. Changing that will not change
> anything for the clients on this network.
You are right. I simply
On Thu, 1 Jun 2023, Bonno Bloksma wrote:
My bind instance can reach the company dns server buy claims the response is
false/insecure
Does that maybe mean that my bind gets a "normal" response from the company dns
whereas the external dns at toplevel .nl. (being the parent z
und traffic as far as I know, that has nothing to do
with what ip number bind itself uses to get info from other (company) dns
servers.
> But you don't have real ipv6 on tun0. fe80:: is only assigned when there is
> no adress assigned for an interface.
Correct, the VPN tunnel is IPv4 only
Le 1 juin 2023 Bonno Bloksma a écrit :
> linbobo:~# ss -nap | grep named
> tcp LISTEN 0 10 [2a02:a45f:96c2:1:1e69:7aff:fe0c:65e3]:53 [::]:*
> users:(("named",pid=554,fd=78))
> tcp LISTEN 0 10 [fe80::1e69:7aff:fe0c:65e3]%eno1:53 [::]:*
> users:(("named",pid=554,fd=71))
> tcp LISTEN 0 10
Hi,
> resolv.conf must have only one search entry. And you don't want to resolv
> with google directly. So you should have :
Ok, I have the google dns commented. Alhough Now I remember why I had the
google dns in there. ;-)
For my machine to create the VPN it needs to know the ip
nal bind is not up and running yet some services
> might need a resolver so I have 8.8.8.8 in there as well as a second dns
> entry.
Ensure this in services ordering (systemd or initd). It's better and
safer. And I think it's better to get an error than a false result from
bind.
> linbobo:
lv.conf
domain bobo.xs4all.nl
search bobo.xs4all.nl
search tio.nl
search staf.tio.nl
search student.tio.nl
nameserver 127.0.0.1
nameserver 8.8.8.8
When booting if the internal bind is not up and running yet some services might
need a resolver so I have 8.8.8.8 in there as well
Le 8 mai 2023 Bonno Bloksma a écrit :
> I also do not understand this difference when querying the internal dns
> server directly.
> Why does the +trace +cd not show an answer but when I leave them out I get a
> correct answer. Is that because +trace forces it to start at th
Hi,
>> linbobo:/etc/bind# cat named.conf.local
>
> You have only zone blocks in this file, right ?
Yes,
> And you don't use views ?
I have no idea what they would do, but no. The word view is not in that file.
> Why does it first go to the public dns and then run into
Le 5 mai 2023 Bonno Bloksma a écrit :
> linbobo:/etc/bind# cat named.conf.local
You have only zone blocks in this file, right ?
And you don't use views ?
> Why does it first go to the public dns and then run into the dnssec problem?
> There is a direct definition for the tio.nl z
:0:1c00:eff:fe00:ce#53(ns1.argewebhosting.eu) in 12 ms
---------
And Argeweb is the provider for my public dns, so it seems it is indeed trying
my public dns with dnssec and then failing my private dns from the company
inside dns.
dig @172.16.208.10 einsccmdp-01.t
quot;staf.tio.nl" IN {
> type forward;
> forward only;
> forwarders {172.16.128.40; 172.16.208.10;};
> };
>
> zone "student.tio.nl" IN {
> type forward;
> forward only;
> forwarders {172.16.128.40; 17
Hi,
Lots of info and log quotes. I hope you can find the "normal" text.
>> We use a different dns server(s) and zonefile for the external dns
>> environment from what we use internally. Company dns is Windows server 2016
>> incase that is relevant.
>
> It'
Le 28 avril 2023 Bonno Bloksma a écrit :
> We use a different dns server(s) and zonefile for the external dns
> environment from what we use internally. Company dns is Windows server 2016
> incase that is relevant.
It's better to use dig (package bind9-dnsutils) to first eliminate
Hello,
I have a Debian machine at my home network performing several functions. Two of
those are dns server for my network at home and a VPN server to the company
network.
To facilitate my use of the VPN to the company network I am also forwarding all
dns requests tot the company domain
Hi,
On Sat, Mar 11, 2023 at 05:56:00PM +0800, cor...@free.fr wrote:
> Now I have three debian nodes in different DCs.
> Can I deploy a distributed DNS service for fault tolerance?
I assume you mean to run an authoritative DNS service, that provides
answers to queries against the DNS
cor...@free.fr wrote:
> Now I have three debian nodes in different DCs.
> Can I deploy a distributed DNS service for fault tolerance?
You need to say what you want more specifically.
Do you want to provide the same services (web servers, usually)
on all three nodes with the ability to re
On 11/3/23 17:56, cor...@free.fr wrote:
Now I have three debian nodes in different DCs.
Can I deploy a distributed DNS service for fault tolerance?
Assuming you don't mean a Windows DC, you can use bind (bind9) in an
architecture that has a master for a DNS zone and multiple slaves
1 - 100 of 6814 matches
Mail list logo
