Re: [dns-operations] Enom's name server broken?

On 16 jan 2013, at 02:58, "Michele Neylon :: Blacknight" wrote: > The only time I've seen DNS being pulled or domains pointed at holding pages > as described is with resellers of registrars It is my view that what a reseller do (or not) is under the responsibility of the registrar. So wheth

Re: [dns-operations] DNS continuity during registrar transfers (was Re: Enom's name server broken?)

On 15 jan 2013, at 23:40, Mark Jeftovic wrote: > What I'm talking about happens when you are changing RARs and the losing RAR > is also your DNS provider My experience from operation of both in the .SE domain since DNSSEC started here many years ago is that the only way of be able to move forw

Re: [dns-operations] Can you force your IPv4/v6 DNS server to return v4 responses only on recursive lookups

> From: "Patrick, Robert (CONTR)" > We need an option like this `break-dnssec` feature to use RPZ for > stopping user access to DNSSEC-signed domains that are on a block list. How should it differ from the "break-dnssec yes/no" modifier for the response-policy{} statement mentioned in the ARM fo

Re: [dns-operations] Enom's name server broken?

The only time I've seen DNS being pulled or domains pointed at holding pages as described is with resellers of registrars Not saying that registrars don't do it ever, but I've never seen any do it Mr. Michele Neylon Blacknight http://Blacknight.tel Via iPhone so excuse typos and brevity On 1

Re: [dns-operations] Enom's name server broken?

On 15 January 2013 22:19, Matthew Ghali wrote: > TBH I've never even thought to have that expectation from a registrar; and in > fact I'd never assume they do the "right" thing. My first domain registrar > was the Internic, which probably explains the low bar. Many years later, > working at a r

Re: [dns-operations] are we adding value?

yes, we are adding value. George Michaelson wrote: > ... > > I think sending a stronger message about uRPF type defences, and asking other > people to look at spoof source is better. i thought this in 2002. that's why i wrote . been the

[dns-operations] are we adding value?

maybe its just me, but I think most of the 'add complexity' being discussed here is fruitless, and devalues DNS. Its retrofit on a simple protocol to try and cover for situations not forseen, which I believe is very often counter-productive. We don't continue to use telnet in the wide any more

Re: [dns-operations] Can you force your IPv4/v6 DNS server to return v4 responses only on recursive lookups

We need an option like this `break-dnssec` feature to use RPZ for stopping user access to DNSSEC-signed domains that are on a block list. -Original Message- From: dns-operations-boun...@lists.dns-oarc.net [mailto:dns-operations-boun...@lists.dns-oarc.net] On Behalf Of Phil Pennock Sent:

Re: [dns-operations] Can you force your IPv4/v6 DNS server to return v4 responses only on recursive lookups

On 2013-01-15 at 15:11 -0500, McGhee, Karen (Evolver) wrote: > I should have said, the name server is BIND 9.8 running on RHEL5.5. There's a configure-time option to bind9, `--enable-filter-`. _If_ it was given, then: options { filter--on-v4 yes; }; That won't filter if DNSSEC re

Re: [dns-operations] DNS continuity during registrar transfers (was Re: Enom's name server broken?)

> > Are we talking about change of DNS operator or registrar transfer? > > I am confused as the subject talks about registrar transfer but people seems > to talk about change of DNS provider. > What I'm talking about happens when you are changing RARs and the losing RAR is also your DNS p

Re: [dns-operations] Can you force your IPv4/v6 DNS server to return v4 responses only on recursive lookups

The option in BIND is "filter--on-v4" and has been available since 9.7, search for the option in http://ftp.isc.org/isc/bind9/cur/9.8/doc/arm/Bv9ARM.ch06.html for the full syntax of the option. Steve On 15 January 2013 21:55, Stephan Lagerholm wrote: > I believe they have a similar option b

Re: [dns-operations] DNS continuity during registrar transfers (was Re: Enom's name server broken?)

Technically an AUTH DNS provider change. Practically though, both, as many, many domain holders use their registrar for both domain registration and DNS provisioning services (not to mention hosting, but that's another can of worms). The original context was such an instance where the registra

Re: [dns-operations] Enom's name server broken?

TBH I've never even thought to have that expectation from a registrar; and in fact I'd never assume they do the "right" thing. My first domain registrar was the Internic, which probably explains the low bar. Many years later, working at a registrar (on a hosted DNS product!) only reinforced my b

Re: [dns-operations] DNS continuity during registrar transfers (was Re: Enom's name server broken?)

On 15 jan 2013, at 20:16, Mark Jeftovic wrote: > But if they throw the switch on the RAR transfer *before* they update > the nameserver delegation (a common error), they may find themselves > without any functional DNS before they planned, as the losing RAR and > DNS provider drops the DNS right

Re: [dns-operations] Can you force your IPv4/v6 DNS server to return v4 responses only on recursive lookups

I believe they have a similar option but you will have to ask the Bind mailing list. Thanks, S From: McGhee, Karen (Evolver) [mailto:karen.mcg...@uspto.gov] Sent: Wednesday, January 16, 2013 1:42 AM To: Stephan Lagerholm; dns-operations@lists.dns-oarc.net Subject: RE: [dns-operations] Can

Re: [dns-operations] Enom's name server broken?

* Fan Of Network: > I'd expect Enom to keep replying to queries as they used to before list of > authoritative name servers for my domain was changed. In ideal world they > should do that for TTL on parent server (here .com so 2 days) In an ideal world, they would serve the new zone contents, wit

Re: [dns-operations] Enom's name server broken?

In message <20130115144843.ga2...@nic.fr>, Stephane Bortzmeyer writes: > On Wed, Jan 16, 2013 at 12:46:30AM +1100, > Mark Andrews wrote > a message of 126 lines which said: > > > For clean transfers of zones from one provider to the next the > > losing provide should slave the zones from the

Re: [dns-operations] Can you force your IPv4/v6 DNS server to return v4 responses only on recursive lookups

I should have said, the name server is BIND 9.8 running on RHEL5.5. Thanks, k From: Stephan Lagerholm [mailto:stephan.lagerh...@secure64.com] Sent: Tuesday, January 15, 2013 3:09 PM To: McGhee, Karen (Evolver); dns-operations@lists.dns-oarc.net Subject: RE: [dns-operations] Can you force your IPv

Re: [dns-operations] Can you force your IPv4/v6 DNS server to return v4 responses only on recursive lookups

Hi Karen, There are a few vendors (disclaimer I work for one of them) that has implemented a "disable--on-v4-transport" feature that might be able to do what you are looking for. You can google for 'yahoo dns hack' to get more info. /Stephan From: dns-operations-boun...@lists.dn

[dns-operations] Can you force your IPv4/v6 DNS server to return v4 responses only on recursive lookups

Hi, Is it possible to configure my IPv4/IPv6 DNS server to return v4 queries only when doing recursive lookups? Thanks, k ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jo

Re: [dns-operations] DNS continuity during registrar transfers (was Re: Enom's name server broken?)

On 13-01-15 11:07 AM, Matthew Pounsett wrote: >> >> I think this almost never happens in the real world when domains move >> from one set of auth nameservers to another. What the losing servers can >> do is continue to serve the data they have, especially in the case of a >> registrar transfer b

Re: [dns-operations] Enom's name server broken?

On Jan 15, 2013, at 10:41 AM, Warren Kumari wrote: >> >> since the ttl isn't ticking down on repeated queries, i think it's not >> recursive, it's got a wildcard of some kind. try this: >> >> dig @dns1.name-services.com lihdsiuhswluswf.com soa > > Every time I see an email like this I'm tempt

Re: [dns-operations] Enom's name server broken?

On Jan 15, 2013, at 11:45 AM, Paul Vixie wrote: > > > Stephane Bortzmeyer wrote: >> ... >> dns1.name-services.com is not supposed to be recursive (it does not >> set the RA bit) but it is: >> >> % dig @dns1.name-services.com >> www.dns-oarc.net >> >> >> ... >> ;; ANSWER SECTION: >> >> www

Re: [dns-operations] Enom's name server broken?

Stephane Bortzmeyer wrote: > ... > dns1.name-services.com is not supposed to be recursive (it does not > set the RA bit) but it is: > > % dig @dns1.name-services.com www.dns-oarc.net > > ... > ;; ANSWER SECTION: > www.dns-oarc.net. 3600IN A 69.64.147.243 > > ;; Query time: 158

Re: [dns-operations] Enom's name server broken?

On Tue, Jan 15, 2013 at 4:43 PM, David C Lawrence wrote: > Michele Neylon :: Blacknight writes: > > Surely that's an issue with your resolver and not with enom? > > I'm a little surprised I haven't seen someone comment on this issue > with their servers (but maybe I missed it in my quick skim; if

Re: [dns-operations] DNS continuity during registrar transfers (was Re: Enom's name server broken?)

On 2013/01/15, at 09:41, Mark Jeftovic wrote: > > > On 13-01-15 8:46 AM, Mark Andrews wrote: >> >> For clean transfers of zones from one provider to the next the >> losing provide should slave the zones from the new provider. This >> ensures that caches only see current content regardless of

Re: [dns-operations] Enom's name server broken?

On Tue, Jan 15, 2013 at 12:10 PM, Michele Neylon :: Blacknight < mich...@blacknight.com> wrote: > Or are you expecting eNom to purge DNS records for domains for which they > aren't currently authoritative? > I'd expect Enom to keep replying to queries as they used to before list of authoritative

Re: [dns-operations] Enom's name server broken?

Michele Neylon :: Blacknight writes: > Surely that's an issue with your resolver and not with enom? I'm a little surprised I haven't seen someone comment on this issue with their servers (but maybe I missed it in my quick skim; if so, apologies for redundancy): > On 14 Jan 2013, at 17:53, Fan Of

Re: [dns-operations] Enom's name server broken?

On 15 Jan 2013, at 14:48, Stephane Bortzmeyer wrote: > On Wed, Jan 16, 2013 at 12:46:30AM +1100, > Mark Andrews wrote > a message of 126 lines which said: > >> For clean transfers of zones from one provider to the next the >> losing provide should slave the zones from the new provider. This

Re: [dns-operations] Enom's name server broken?

On Wed, Jan 16, 2013 at 12:46:30AM +1100, Mark Andrews wrote a message of 126 lines which said: > For clean transfers of zones from one provider to the next the > losing provide should slave the zones from the new provider. This > ensures that caches only see current content regardless of whe

[dns-operations] DNS continuity during registrar transfers (was Re: Enom's name server broken?)

On 13-01-15 8:46 AM, Mark Andrews wrote: > > In message > al>, "Michele Neylon :: Blacknight" writes: >> Surely that's an issue with your resolver and not with enom? Or am I >> misunderstanding the question .. > > No. Caches work like that. There will be a period where the losing > server

Re: [dns-operations] Enom's name server broken?

In message , "Michele Neylon :: Blacknight" writes: > Surely that's an issue with your resolver and not with enom? Or am I > misunderstanding the question .. No. Caches work like that. There will be a period where the losing servers continue to get queries after the delegation has been change

Re: [dns-operations] Enom's name server broken?

On Tue, Jan 15, 2013 at 2:05 PM, Stephane Bortzmeyer wrote: > On Tue, Jan 15, 2013 at 11:10:51AM +, > Michele Neylon :: Blacknight wrote > a message of 62 lines which said: > > > (or maybe I need more coffee) > > I think it is the case. > > > Or are you expecting eNom to purge DNS records f

Re: [dns-operations] Enom's name server broken?

On Tue, Jan 15, 2013 at 11:10:51AM +, Michele Neylon :: Blacknight wrote a message of 62 lines which said: > (or maybe I need more coffee) I think it is the case. > Or are you expecting eNom to purge DNS records for domains for which > they aren't currently authoritative? dns1.name-serv

Re: [dns-operations] Enom's name server broken?

Surely that's an issue with your resolver and not with enom? Or am I misunderstanding the question .. (or maybe I need more coffee) Or are you expecting eNom to purge DNS records for domains for which they aren't currently authoritative? On 14 Jan 2013, at 17:53, Fan Of Network wrote: > Hel