External queries fail on BIND 8.3.1
Six Wayz
sixwayz at hotmail.com
Fri Jun 14 21:58:25 UTC 2002
>From: BIND Users Mailing List <bind-users at isc.org>
>To: bind-users digest users <ecartis at isc.org>
>Subject: bind-users Digest V4 #160
>Date: Thu, 13 Jun 2002 23:50:00 -0700 (PDT)
>Received: from isrv4.isc.org ([204.152.184.27]) by hotmail.com with
>Microsoft SMTPSVC(5.0.2195.4905); Thu, 13 Jun 2002 23:52:06 -0700
>Received: from rc.isc.org (rc.isc.org [204.152.187.2])by isrv4.isc.org
>(Postfix) with ESMTPid 8BEA011CC; Thu, 13 Jun 2002 23:50:01 -0700
>(PDT)(envelope-from bind-users-bounce at isc.org)
>Received: with ECARTIS (v1.0.0; list bind-users); Thu, 13 Jun 2002 23:50:00
>-0700 (PDT)
>Precedence: bulk
>List-unsubscribe: <mailto:bind-users-request at isc.org?Subject=unsubscribe>
>List-ID: <bind-users.isc.org>
>X-List-ID: <bind-users.isc.org>
>Message-Id: <20020614065001.8BEA011CC at isrv4.isc.org>
>Return-Path: bind-users-bounce at isc.org
>X-OriginalArrivalTime: 14 Jun 2002 06:52:07.0510 (UTC)
>FILETIME=[FFE21760:01C2136F]
>
>bind-users Digest Thu, 13 Jun 2002 Volume: 04 Issue: 160
>
>In This Issue:
> Re: Secondary domain question
> Re: dynamic updates category
> Using Multiple CNAMES
> Change from bind8 to bind9
> Internal and External DNS???
> Re: DNS PTR reverse lookups not working for 209.101.124.136
> Can I force a selective cache update?
> Re: Eliminating Authoritative Resource Records and Aditional
> Error when configuring minimal-responses to yes in the named
> Re: Error when configuring minimal-responses to yes in the n
> Re: DNS PTR reverse lookups not working for 209.101.124.136
> Lots of Failures in named.stats
> Re: Lots of Failures in named.stats
> Re: Using Multiple CNAMES
> Re: No MX record drops mail
> DNS resolving issue
> DIG won't work
> Re: DNS PTR reverse lookups not working for 209.101.124.136
> rndc reload on 9.2.1
> Most Stable DNS now
> Re: alternative to NIC 2 (DynDNS, etc) services?
> Re: nameserver analysis
> Re: Internal and External DNS???
> Re: Change from bind8 to bind9
> Re: Error when configuring minimal-responses to yes in the n
> RE: Error when configuring minimal-responses to yes in the n
> Re: DNS resolving issue
> Re: DIG won't work
> Re: Can I force a selective cache update?
> Re: DIG won't work
> Re: looking for a working program to import zone files into
> Re: rndc reload on 9.2.1
> Re: refresh_callback or rndc: connect: connection refused
> Can Primary & Secondary NS use different version of BIND?
> Re: Can Primary & Secondary NS use different version of BIND
>
>----------------------------------------------------------------------
>
>Date: Thu, 13 Jun 2002 09:01:38 +0100
>From: Ceri Davies <setantae at submonkey.net>
>Subject: Re: Secondary domain question
>
>
>On Wed, Jun 12, 2002 at 06:44:29PM +0000, Ian B wrote:
> >
> > name IN A 1.2.3.4
> >
> > and then in the subdomain
> >
> > www IN CNAME name.parent.com.
>
>Why isn't the A record for name.parent.com in the zonefile for
>name.parent.com?
>
> > @ IN SOA ns.parent.com. mail.parent.com. (
> > 2002061208 ; Serial yyyymmdd##
> > (## rev)
> > 36000 ; 10hr Refresh
> > 3600 ; 1hr Retry
> > 691200 ; 8days Expiration
> > 86400 ) ; 24hr Min Time to
> > Live
> >
> >
> > IN NS ns3.parent.com.
> > IN NS ns5.parent.com.
> > IN NS ns6.parent.com.
>; Why not just put it here ?
> IN A 1.2.3.4
> >
> >
> > www IN CNAME name.parent.com.
>
>Ceri
>
>--
>you can't see when light's so strong
>you can't see when light is gone
>
>------------------------------
>
>Date: Thu, 13 Jun 2002 04:16:17 -0700
>From: Pete Ehlke <pde at ehlke.net>
>Subject: Re: dynamic updates category
>
>
>On Thu, Jun 13, 2002 at 01:49:17PM +1000, Mark_Andrews at isc.org wrote:
> >
> > BIND 9.3 will have a "update-security" category.
> >
>That will clarify things for a lot of people. Thank you.
>
> > That being said all this will do is hide the problem not
> > fix it. The fix is to disable the updates in the clients
> > which will not only silence the logs but stop all the other
> > wastage caused by the unwanted update requests.
>
>We are in violent agreement on this point.
>
>-Pete
>--
>"religious fanatics are not part of my desired user base."
>- djb at cr.yp.to
>
>------------------------------
>
>From: "Gary Gladney" <gladney at stsci.edu>
>Subject: Using Multiple CNAMES
>Date: Thu, 13 Jun 2002 10:47:48 -0400
>
>
>Does anyone know what the potential problems might be using multiple
>CNAMES.
>We are using Bind 8.2.3 or Solaris, and I have a requested to do this.
>After reading the book, all the has is it "violates the CNAME and other
>data
>rules".
>
>thanks
>gary gladney
>
>--
>------------ Computing and Information Services Division -------------
>
> Gary Gladney http://cisd.stsci.edu/support
> gladney at stsci.edu cisdsupport at stsci.edu
> voice: 410-338-4912 x4400
> pager: 410-681-2928 or gladney.pager at stsci.edu
> Public Key ldap://certserver.pgp.com
>
>----- CISD: Your partner for computing and information solutions -----
>
>
>
>------------------------------
>
>From: Alexander Bruns <a.bruns at sauerland.de>
>Subject: Change from bind8 to bind9
>Date: Thu, 13 Jun 2002 08:22:21 +0200
>
>Hi,
>
>I am aintaining a nameserver for several de-domains in our company.
>
>it is a hidden primary nameserver because the nameserver, who are
>asked for the domains
>and who are named in the zone-files are others that that I am
>maintaining.
>Due to to this, our nameserver itselfs is only asked from the
>secondary-nameservers.
>
>Whe I now want to cahnge from bind 8 to bind 9, what Do I have to
>change in the conf-file?
>
>Is the /etc/named.conf compatible with bind9?
>
>Where do I get informations about how to upgrade? I dont want
>Informations about compiling
>bind, because i will change from bind8 on redhat 6.2 rpm-installed to
>bind9 on redhat 7.3 rpm
>installed and rpm-updated.
>
>Is it possible, without using any further new possibilities on bind9,
>to run bind 9 with
>the conf-file of bind8 and to get the same things running.
>
>Bind9 has to notify the bind8-name-servers. it has to be secondary for
>some other zones.
>it has to be master for some zones.
>
>
>Greetings from Germany
>
>Alexander Bruns
>
>
>
>------------------------------
>
>From: unki at gmx.at (unki)
>Subject: Internal and External DNS???
>Date: 12 Jun 2002 23:19:38 -0700
>
>
>
>Hello... I've a little probleme....
>
>I have a normal domain ex. www.123.com. But I need a sub-domain
>ex subdomain.123.com for the internal network (behind firewall, this
>should
>not be a registered domain by my provider)...
>
>so i setup a name server (named) and configure and make a zone 123.com
>where I add my subdomain (subdomain.123.com), this is now reachable,
>put my parent domain, 123.com, is no longer avaible??? (only from
>internal network)
>
>anyone has an idea?
>
>unki
>
>------------------------------
>
>Subject: Re: Using Multiple CNAMES
>From: dbotham at edeltacom.com
>Date: Thu, 13 Jun 2002 11:07:07 -0400
>
>
>
>Gary,
>
>Here is the jist of it:
>
>Whatever is on the left side of a CNAME record cannot be on the left side
>of any other records in the zone.
>
>e.g.
>
>OK:
>whatever-here IN CNAME www.somedomain.com.
>
>BOTH Of These are BAD because "whatever-here" is on the left side of the
>CNAME record above.
>whatever-here IN CNAME www.some-otherdomain.com.
>whatever-here IN A 192.168.1.5
>
>Hope this helps.
>
>Dave...
>
>
>
>
>|---------+---------------------------->
>| | "Gary Gladney" |
>| | <gladney at stsci.ed|
>| | u> |
>| | Sent by: |
>| | bind-users-bounce|
>| | @isc.org |
>| | |
>| | |
>| | 06/13/2002 10:47 |
>| | AM |
>| | |
>|---------+---------------------------->
>
> >------------------------------------------------------------------------------------------------------------------------------|
> |
> |
> | To: comp-protocols-dns-bind at isc.org
> |
> | cc:
> |
> | Subject: Using Multiple CNAMES
> |
>
> >------------------------------------------------------------------------------------------------------------------------------|
>
>
>
>
>
>Does anyone know what the potential problems might be using multiple
>CNAMES.
>We are using Bind 8.2.3 or Solaris, and I have a requested to do this.
>After reading the book, all the has is it "violates the CNAME and other
>data
>rules".
>
>thanks
>gary gladney
>
>--
>------------ Computing and Information Services Division -------------
>
> Gary Gladney http://cisd.stsci.edu/support
> gladney at stsci.edu cisdsupport at stsci.edu
> voice: 410-338-4912 x4400
> pager: 410-681-2928 or gladney.pager at stsci.edu
> Public Key ldap://certserver.pgp.com
>
>----- CISD: Your partner for computing and information solutions -----
>
>
>
>
>
>
>
>
>
>------------------------------
>
>From: Torsten Mueller <torsten at archesoft.de>
>Subject: Re: DNS PTR reverse lookups not working for 209.101.124.136
>Date: Thu, 13 Jun 2002 08:15:12 +0200
>
>
>
>
>
>George Richman schrieb:
> >
> > Recently our ISP delegated authority for 124.101.209.in-addr.arpa to
> > our nameservers.
> >
> > Network Solutions lists our nameservers as:
> >
> > DNS3.MEDIA.NET
> > DNS4.MEDIA.NET
> >
> > Our ISP gives PTR authority to our nameservers for
> > 124.101.209.in-addr.arpa to our nameservers:
> >
> > NS1.MEDIA.NET
> > NS2.MEDIA.NET
>
>I wouldn't agree here:
>
>host -a 124.101.209.in-addr.arpa AUTH1.NS.ENI.NET
>
>124.101.209.in-addr.arpa 14400 IN NS beagle.media.net
>124.101.209.in-addr.arpa 14400 IN NS pug.media.net
>
>The host records at NSI if i recall it correctly not necessary for
>reverse
>resolution.
>
> >
> > However, BEAGLE.MEDIA.NET and PUG.MEDIA.NET are the actual host names
> > of our real nameservers. Both are using CNAMES of our nameservers.
> >
> > Do CNAMES cause problems with PTR records authority records? Or is
> > there a problem with our config?
> >
> > Here is our named.conf snippet:
> >
> > -----------------------------------------------
> > zone "124.101.209.in-addr.arpa" in {
> > type master;
> > file "Primary/255-0.124.101.209.in-addr.arpa";
> > allow-transfer { 127.0.0.1; 10.0.0.0/8; 205.214.X.X;
> > 205.214.X.X; 209.101.X.X/27; };
> > };
> >
> > Here is our ZONE file:
> > -----------------------------------------------
> > $TTL 36000
> > @ IN SOA media.net. root.media.net. (
> > 2002061203 ;serial
> > 10800 ;refresh
> > 3600 ;retry
> > 3600000 ;expire
> > 86400 ) ;minimum
>
>I would set the mname field to the master of both nameservers, not
>media.net
>
>Torsten
>
> >
> > $ORIGIN 124.101.209.in-addr.arpa.
> >
> > IN NS beagle.media.net.
> > IN NS pug.media.net.
> >
> > 0 IN PTR net1.media.net.
> > 1 IN PTR mn-gw1.media.net.
> > 2 IN PTR rs-gw1.media.net.
> > 3 IN PTR brd1.media.net.
> > 4 IN PTR net2.media.net.
> > 5 IN PTR mn-gw2.media.net.
> > 6 IN PTR cs-gw2.media.net.
> > 7 IN PTR brd2.media.net.
> > 8 IN PTR net3.media.net.
> > 9 IN PTR mn-gw3.media.net.
> > ... etc...
> > -----------------------------------------
> >
> > I do not know why this is not working. Am I losing my mind???
> >
> > Thanks,
> >
> > George
>
>------------------------------
>
>From: joan.creus at lacaixa.es (Joan Creus)
>Subject: Can I force a selective cache update?
>Date: 13 Jun 2002 00:37:04 -0700
>
>
>
>Hi there,
>
>I have a scenario in which a host gets an IP address; someone queries
>for it in BIND; the query gets cached; the host immediately changes
>its IP address; BIND (which is non-authoritative) keeps answering the
>now obsolete IP address.
>
>I wouldn't like to flush the whole cache just for one hostname. Can I
>force the update of just this record somehow?
>
>Any help will be appreciated.
>
> Joan
>
>------------------------------
>
>Subject: Re: Internal and External DNS???
>From: dbotham at edeltacom.com
>Date: Thu, 13 Jun 2002 11:13:24 -0400
>
>
>
>Unki,
>
>I suggest not using a subdomain for the inside. Rather, run the same
>domain both internally and externally. In the external zone, populate it
>with external information for Internet consumption (translated IP's of mail
>server, web server, etc...). On the internal name server, populate the
>zone with the actual IP addresses of your systems. Then, configure all of
>you internal systems' resolvers to use the internal name server.
>
>Also, if you are running BIND 9.2.1 (latest secure version), you can use
>"views" to run both your internal and external dns on the same server.
>
>
>Thanks,
>
>Dave...
>
>
>|---------+---------------------------->
>| | unki at gmx.at |
>| | (unki) |
>| | Sent by: |
>| | bind-users-bounce|
>| | @isc.org |
>| | |
>| | |
>| | 06/13/2002 02:19 |
>| | AM |
>| | |
>|---------+---------------------------->
>
> >------------------------------------------------------------------------------------------------------------------------------|
> |
> |
> | To: comp-protocols-dns-bind at isc.org
> |
> | cc:
> |
> | Subject: Internal and External DNS???
> |
>
> >------------------------------------------------------------------------------------------------------------------------------|
>
>
>
>
>
>Hello... I've a little probleme....
>
>I have a normal domain ex. www.123.com. But I need a sub-domain
>ex subdomain.123.com for the internal network (behind firewall, this
>should
>not be a registered domain by my provider)...
>
>so i setup a name server (named) and configure and make a zone 123.com
>where I add my subdomain (subdomain.123.com), this is now reachable,
>put my parent domain, 123.com, is no longer avaible??? (only from
>internal network)
>
>anyone has an idea?
>
>unki
>
>
>
>
>
>
>
>------------------------------
>
>From: miguel.paramio at bt.es (Miguel Paramio)
>Subject: Re: Eliminating Authoritative Resource Records and Aditional
>Resource
>Date: 13 Jun 2002 01:16:53 -0700
>
>
>
>Mark_Andrews at isc.org wrote in message news:<ae8rgh$dmoi$1 at isrv4.isc.org>...
> > > Hello everybody,
> > >
> > > Some days ago I posted a message about "truncated dns packets" and the
> > > way Novell Clients understands these kind of messages.
> > >
> > > The problem comes from the Authoritative Resource Records and the
> > > Aditional Resource Records, this information about the authorized DNS
> > > servers make the DNS packet too large.
> >
> > Well the answer can also be too large to fit. You have a
> > broken client. You should request that they fix the client
> > or refund your money.
> >
> > > If the DNS packet exceeds 512 Bytes, then the TC (Truncated) Bit is
> > > marked, and the client retry in TCP Mode and the server send the
> > > message in a set of truncated packets.
> > >
> > >
> > > The problem will be close if we eliminate the Authoritative Resource
> > > Records and Aditional Resource Records.
> > >
> > > Is there any way to eliminate this type of records in DNS responses ??
> > >
> > >
> > > We are using Bind 9.1.2 and Bind 9.2.1
> > >
> > > Thanks in advance
>
>
>
>
>Thank you for the responses.
>It really helps us.
>
>------------------------------
>
>From: miguel.paramio at bt.es (Miguel Paramio)
>Subject: Error when configuring minimal-responses to yes in the named.conf
>Date: 13 Jun 2002 02:39:54 -0700
>
>
>
>I am configuring minimal-options in the named.conf and I am getting
>the following error when I do a rndc reload
>
>general: info: loading configuration from '/etc/named.conf'
>config: error: /etc/named.conf:16. parse error near
>'minimal-responses'
>general: error: reloading configuration failed: failure
>
>Could anybody help me out ??
>
>Thanks a lot
>
>------------------------------
>
>From: Andris Kalnozols <andris at hpl.hp.com>
>Subject: Re: Error when configuring minimal-responses to yes in the
>named.conf
>Date: Thu, 13 Jun 2002 8:50:59 PDT
>
> > miguel.paramio at bt.es (Miguel Paramio) wrote:
> >
> > I am configuring minimal-options in the named.conf and I am getting
> > the following error when I do a rndc reload
> >
> > general: info: loading configuration from '/etc/named.conf'
> > config: error: /etc/named.conf:16. parse error near
> > 'minimal-responses'
> > general: error: reloading configuration failed: failure
> >
> > Could anybody help me out ??
> >
> > Thanks a lot
>
>In your prior posts, you indicated that one or more of your
>name servers were running BIND 9.1.2 or 9.1.3. I'm not sure
>when the `minimal-responses' feature was implemented but these
>older BIND versions are suspect in this regard. As Mark likes
>to say, these are well past the "use by" date anyway and should
>be upgraded to the current release, 9.2.1.
>
>Andris
>
>
>------------------------------
>
>Date: Thu, 13 Jun 2002 12:24:02 -0400
>From: Kevin Darcy <kcd at daimlerchrysler.com>
>Subject: Re: DNS PTR reverse lookups not working for 209.101.124.136
>
>
>george.richman at media.net wrote:
>
> > Recently our ISP delegated authority for 124.101.209.in-addr.arpa to
> > our nameservers.
> >
> > Network Solutions lists our nameservers as:
> >
> > DNS3.MEDIA.NET
> > DNS4.MEDIA.NET
> >
> > Our ISP gives PTR authority to our nameservers for
> > 124.101.209.in-addr.arpa to our nameservers:
> >
> > NS1.MEDIA.NET
> > NS2.MEDIA.NET
> >
> > However, BEAGLE.MEDIA.NET and PUG.MEDIA.NET are the actual host names
> > of our real nameservers. Both are using CNAMES of our nameservers.
> >
> > Do CNAMES cause problems with PTR records authority records? Or is
> > there a problem with our config?
> >
> > Here is our named.conf snippet:
> >
> > -----------------------------------------------
> > zone "124.101.209.in-addr.arpa" in {
> > type master;
> > file "Primary/255-0.124.101.209.in-addr.arpa";
> > allow-transfer { 127.0.0.1; 10.0.0.0/8; 205.214.X.X;
> > 205.214.X.X; 209.101.X.X/27; };
> > };
> >
> > Here is our ZONE file:
> > -----------------------------------------------
> > $TTL 36000
> > @ IN SOA media.net. root.media.net. (
> > 2002061203 ;serial
> > 10800 ;refresh
> > 3600 ;retry
> > 3600000 ;expire
> > 86400 ) ;minimum
> >
> > $ORIGIN 124.101.209.in-addr.arpa.
> >
> > IN NS beagle.media.net.
> > IN NS pug.media.net.
> >
> > 0 IN PTR net1.media.net.
> > 1 IN PTR mn-gw1.media.net.
> > 2 IN PTR rs-gw1.media.net.
> > 3 IN PTR brd1.media.net.
> > 4 IN PTR net2.media.net.
> > 5 IN PTR mn-gw2.media.net.
> > 6 IN PTR cs-gw2.media.net.
> > 7 IN PTR brd2.media.net.
> > 8 IN PTR net3.media.net.
> > 9 IN PTR mn-gw3.media.net.
> > .... etc...
> > -----------------------------------------
> >
> > I do not know why this is not working. Am I losing my mind???
>
>Perhaps :-)
>
>Pointing NS records at CNAMEs is illegal and problematic, but it appears
>that you don't have this problem:
>
>% dig -x 209.101.124 @AUTH1.NS.ENI.NET.
>
>; <<>> DiG 8.3 <<>> -x @AUTH1.NS.ENI.NET.
>; (1 server found)
>;; res options: init recurs defnam dnsrch
>;; got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
>;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
>;; QUERY SECTION:
>;; 124.101.209.in-addr.arpa, type = ANY, class = IN
>
>;; ANSWER SECTION:
>124.101.209.in-addr.arpa. 4H IN NS beagle.media.net.
>124.101.209.in-addr.arpa. 4H IN NS pug.media.net.
>
>;; AUTHORITY SECTION:
>124.101.209.in-addr.arpa. 4H IN NS beagle.media.net.
>124.101.209.in-addr.arpa. 4H IN NS pug.media.net.
>
>;; ADDITIONAL SECTION:
>beagle.media.net. 2h52m55s IN A 209.101.124.134
>pug.media.net. 1d6h31s IN A 209.101.124.135
>
>;; Total query time: 28 msec
>;; FROM: fxiod01.is.chrysler.com to SERVER: AUTH1.NS.ENI.NET.
>205.214.45.6
>;; WHEN: Thu Jun 13 12:22:51 2002
>;; MSG SIZE sent: 42 rcvd: 150
>
>%
>
>I can even resolve your PTRs...
>
>
>- Kevin
>
>
>
>------------------------------
>
>From: Vinson Armstead - PA <Vinson_Armstead at GMACM.COM>
>Subject: Lots of Failures in named.stats
>Date: Thu, 13 Jun 2002 13:33:46 -0400
>
>Hello,
>
>Can anyone provide some assistance in determining why we see so many
>failures in our named.stats file.
>
>We are running BIND 9.2.1 on Solaris 8
>
>We have setup logging but are receiving lots on "data" in the in the logs
>files, but it is difficult to determine the source of the problem with so
>much data.
>
>+++ Statistics Dump +++ (1023989044)
>success 152877
>referral 181
>nxrrset 186
>nxdomain 64110
>recursion 47314
>failure 7977
>--- Statistics Dump --- (102398904)
>
>thanks
>
> > Vinson Armstead
> > EDS
> > Sr. Network Engineer at our GMAC Residential Account
> > 4 Walnut Grove Drive
> > Horsham, PA 19044
> > W-ork: (215) 682-3481
> > Pager: (888) 786-9644
> > E-mail: Vinson_Armstead at gmacm.com
> >
> > To learn more about EDS, visit us at http://www.eds.com
> > For all your home buying, selling and financing needs, visit our client
>at
> > http://www.gmacmortgage.com
> > If you're a member of the GM Family, please visit
> > http://www.gmfamilyfirst.com/
> >
> >
>
>
>
>------------------------------
>
>Date: Thu, 13 Jun 2002 11:03:31 -0700
>From: Nate Campi <nate at campin.net>
>Subject: Re: Lots of Failures in named.stats
>
>On Thu, Jun 13, 2002 at 01:33:46PM -0400, Vinson Armstead - PA wrote:
> >
> > Can anyone provide some assistance in determining why we see so many
> > failures in our named.stats file.
> >
> > We are running BIND 9.2.1 on Solaris 8
> >
> > We have setup logging but are receiving lots on "data" in the in the
>logs
> > files, but it is difficult to determine the source of the problem with
>so
> > much data.
> >
> > +++ Statistics Dump +++ (1023989044)
> > success 152877
> > referral 181
> > nxrrset 186
> > nxdomain 64110
> > recursion 47314
> > failure 7977
> > --- Statistics Dump --- (102398904)
>
>Without data ourselves we cannot guess accurately. Of course we can
>still guess: maybe you use private networks but didn't setup the private
>zones, generating lots of failures when trying to contact the blackhole
>nameservers?
>
>Wild guessing aside, we need more to go on. You can put the query logs
>somewhere on the web and post *only* the URL to it here. People who want
>to help can go examine the logs.
>--
>"Junk mail is war. RFCs do not apply."
> -- Wietse Venema
>
>
>-- Attached file included as plaintext by Ecartis --
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.0.6 (GNU/Linux)
>Comment: For info see http://www.gnupg.org
>
>iD8DBQE9CN5zWpDEZMF673kRAjPLAJ4ljkLnEEfHYXGBZBoz/9dhxe20IACeLvD+
>wsG8YIKuBZzyc7vN6EYXWZM=
>=fVts
>-----END PGP SIGNATURE-----
>
>
>
>------------------------------
>
>From: "Mark Damrose" <mdamrose at elgin.cc.il.us>
>Subject: Re: Using Multiple CNAMES
>Date: Thu, 13 Jun 2002 13:17:27 -0500
>
>"Gary Gladney" <gladney at stsci.edu> wrote in message
>news:aeabrp$eb0j$1 at isrv4.isc.org...
> >
> > Does anyone know what the potential problems might be using multiple
>CNAMES.
> > We are using Bind 8.2.3 or Solaris, and I have a requested to do this.
> > After reading the book, all the has is it "violates the CNAME and other
>data
> > rules".
>
>That should be all that you need to know. This combination or records is
>expressly prohibited by RFC. IIRC, BIND 8 can be configured to allow this
>behavior as part of a BIND 4 compatability, but that doesn't mean it is a
>good idea.
>
>As for what could happen. Anything from a few annoying messages in your
>log
>files to other places not being able to connect to you because *their* name
>server enforces the rules.
>
>A better idea would be to ask what the requester is trying to accomplish
>and
>find a standards comformant way to do it.
>
>Even if you can make this work for you, it's a good idea to get out of the
>habbit now. When you find a need to upgrade to BIND 9, you will find that
>this zone will not load. Better to solve this now rather than be forced to
>make multiple changes to get back live when you are in a crunch.
>
>
> >
> > thanks
> > gary gladney
> >
> > --
> > ------------ Computing and Information Services Division -------------
> >
> > Gary Gladney http://cisd.stsci.edu/support
> > gladney at stsci.edu cisdsupport at stsci.edu
> > voice: 410-338-4912 x4400
> > pager: 410-681-2928 or gladney.pager at stsci.edu
> > Public Key ldap://certserver.pgp.com
> >
> > ----- CISD: Your partner for computing and information solutions -----
> >
> >
> >
>
>
>
>------------------------------
>
>Date: Thu, 13 Jun 2002 14:59:01 -0400
>From: Danny Mayer <mayer at gis.net>
>Subject: Re: No MX record drops mail
>
>
>At 12:58 AM 6/10/02, Nanaya Dam Byznis wrote:
>
> >Danny Mayer <mayer at gis.net> wrote in message
> >news:<adt9e4$853i$1 at isrv4.isc.org>...
> >
> > > >
> > > >Our server is the one that drops mail to domains without an MX record
> > >
> > > An MX record is NOT required for SMTP to deliver mail provided that
>the
> > given
> > > FQDN has a valid A or AAAA record and is able to receive mail.
> > > Your server is misconfigured. Please read the appropriate mail RFC's.
> >
> >Which one in particular has relevance to the sendmail.mc ruleset i
> >described below?
> >
> >
> > > >dnl # define(`_RELAY_MX_SERVED_', 1)dnl
> > > >from the mc file, but i still get returned mail
> > > >
> > > ><<< 450 4.7.1 <wang_wz at gdvnet.com>... Can not check MX records for
> > > >recipient host gdvnet.com
> > > ><user at gdvnet.com>... Deferred: 450 4.7.1 <user at gdvnet.com>... Can not
> > > >check MX records for recipient host gdvnet.com
> > > >
> > > >if an MX record truly exists for this domain why can't my DNS find
>it?
> > > > is it my problem or his?
> > >
> > > An MX record is not required to exist. <snip>
> > > you have a misconfigured mail server.
> > >
> > > Danny
> >
> >so the problem cannot be solved via DNS?
>
>There is no requirement that there be an MX record defined for an SMTP
>Server.
>If there is no MX record, the MTA should attempt to deliver it directly to
>the
>given address. This is not an DNS problem. You need to fix your sendmail
>rule requiring an MX record.
>
> Danny
>
>
>------------------------------
>
>From: ssites at air-tech.com (Stephen)
>Subject: DNS resolving issue
>Date: 13 Jun 2002 08:41:27 -0700
>
>
>
>We have a program that runs on WIN 98 clients. All it is is a shortcut
>on the users desktop that points to and exe on a network drive. All
>the sudden today. it times out when trying to connect. If I remove the
>users DNS settings, it connects fine. Put them back in and it times
>out.
>
>Any idea why???
>
>------------------------------
>
>From: John Cesta <lists at lookwww.com>
>Subject: DIG won't work
>Date: Thu, 13 Jun 2002 11:33:03 -0400
>
>
>
>
>
>I have dig installed on my win2k server. When I run dig it replies
>with:
>
>res options: init recurs defnam dnsrch
>res_send to server default -- 0.0.0.0: connection refused
>
>I have configured my resolv.conf file to contain my dns server and IP
>number
>
>I can access my dns server from my remote computer. I can use sam
>spade to run nslookup, dig and all the other utilities.
>
>Any ideas why I can't run dig on this server? Any other dig programs
>out there that I can look at and try?
>
>Thanks,
>
>John Cesta
>
>
>------------------------------
>
>From: "Kwang Moon" <kwang.moon at o2.co.uk>
>Subject: Re: DNS PTR reverse lookups not working for 209.101.124.136
>Date: Thu, 13 Jun 2002 16:52:20 +0100
>
>"George Richman" <george.richman at media.net> wrote in message
>news:ae83uf$d809$1 at isrv4.isc.org...
> >
> > Recently our ISP delegated authority for 124.101.209.in-addr.arpa to
> > our nameservers.
> >
> > Network Solutions lists our nameservers as:
> >
> > DNS3.MEDIA.NET
> > DNS4.MEDIA.NET
> >
> > Our ISP gives PTR authority to our nameservers for
> > 124.101.209.in-addr.arpa to our nameservers:
> >
> > NS1.MEDIA.NET
> > NS2.MEDIA.NET
> >
> > However, BEAGLE.MEDIA.NET and PUG.MEDIA.NET are the actual host names
> > of our real nameservers. Both are using CNAMES of our nameservers.
> >
> > Do CNAMES cause problems with PTR records authority records? Or is
> > there a problem with our config?
> >
> > Here is our named.conf snippet:
> >
> > -----------------------------------------------
> > zone "124.101.209.in-addr.arpa" in {
> > type master;
> > file "Primary/255-0.124.101.209.in-addr.arpa";
> > allow-transfer { 127.0.0.1; 10.0.0.0/8; 205.214.X.X;
> > 205.214.X.X; 209.101.X.X/27; };
> > };
> >
> > Here is our ZONE file:
> > -----------------------------------------------
> > $TTL 36000
> > @ IN SOA media.net. root.media.net. (
> > 2002061203 ;serial
> > 10800 ;refresh
> > 3600 ;retry
> > 3600000 ;expire
> > 86400 ) ;minimum
> >
> > $ORIGIN 124.101.209.in-addr.arpa.
> >
> > IN NS beagle.media.net.
> > IN NS pug.media.net.
> >
> >
> > 0 IN PTR net1.media.net.
> > 1 IN PTR mn-gw1.media.net.
> > 2 IN PTR rs-gw1.media.net.
> > 3 IN PTR brd1.media.net.
> > 4 IN PTR net2.media.net.
> > 5 IN PTR mn-gw2.media.net.
> > 6 IN PTR cs-gw2.media.net.
> > 7 IN PTR brd2.media.net.
> > 8 IN PTR net3.media.net.
> > 9 IN PTR mn-gw3.media.net.
> > ... etc...
> > -----------------------------------------
> >
> > I do not know why this is not working. Am I losing my mind???
> >
> > Thanks,
> >
> > George
> >
>
>Looks like it's working to me...
>
>bash-2.03$ dig 2.124.101.209.in-addr.arpa ANY
>
>; <<>> DiG 9.2.1rc2 <<>> 2.124.101.209.in-addr.arpa ANY
>;; global options: printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9224
>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>
>;; QUESTION SECTION:
>;2.124.101.209.in-addr.arpa. IN ANY
>
>;; ANSWER SECTION:
>2.124.101.209.in-addr.arpa. 3600 IN PTR rs-gw1.media.net.
>
>;; AUTHORITY SECTION:
>124.101.209.in-addr.arpa. 3600 IN NS pug.media.net.
>124.101.209.in-addr.arpa. 3600 IN NS beagle.media.net.
>
>;; ADDITIONAL SECTION:
>pug.media.net. 86294 IN A 209.101.124.135
>beagle.media.net. 86285 IN A 209.101.124.134
>
>;; Query time: 159 msec
>;; SERVER: 10.44.6.2#53(10.44.6.2)
>;; WHEN: Thu Jun 13 16:52:15 2002
>;; MSG SIZE rcvd: 145
>bash-2.03$
>bash-2.03$
>bash-2.03$
>bash-2.03$ nslookup 209.101.124.2
>Server: borg.genieinternet.com
>Address: 10.44.6.2
>
>Name: rs-gw1.media.net
>Address: 209.101.124.2
>
>
>
>
>------------------------------
>
>From: "Kwang Moon" <kwang.moon at o2.co.uk>
>Subject: rndc reload on 9.2.1
>Date: Thu, 13 Jun 2002 17:44:43 +0100
>
>Does rndc reload work in bind 9.2.1?
>
>If executed nothing happens - no zone reload, no messages in
>/var/adm/messages
>
>Cheers,
>Kwang
>
>
>
>------------------------------
>
>From: John Cesta <lists at lookwww.com>
>Subject: Most Stable DNS now
>Date: Thu, 13 Jun 2002 15:18:06 -0400
>
>
>
>
>
>I am looking to create a new DNS server on WIN2k. I am going to use it
>as a third DNS server.
>
>What is the most stable DNS version available for Windows these days?
>
>Thank,
>
>John Cesta
>
>------------------------------
>
>From: phn at icke-reklam.ipsec.nu
>Subject: Re: alternative to NIC 2 (DynDNS, etc) services?
>Date: 13 Jun 2002 20:12:57 GMT
>
>
>Kevin Darcy <kcd at daimlerchrysler.com> wrote:
>
> > "Brian C. Hill" wrote:
>
> >> Ah, yes, but what if you are behind a linksys gateway and you
> >> don't know what your external IP address is? I will have to cook up
> >> something, I guess, to be able to fill in the IP_ADDRESS part of your
> >> example.
>
> > I'm pretty sure you can extract the WAN address from a Linksys using
>SNMP or something like
> > that.
>
> > Worse come to worst, you could make a connection to some external box
>and have it tell you
> > what it thinks your source IP address is (know anyone who would be
>willing to put up a
> > low-usage, low-impact CGI for you on their website?)
>
> > An even kludgier way would be to have a script connect to the HTTP-based
>admin interface and
> > parse the HTML (yuck!).
>
> > But, we're getting somewhat off the topic of DNS and BIND now...
>
>Yes.
>I have made a small example aplication that sends a UDP packet to a
>receiver that does the updating. Interesting point is that the receiver
>uses the source-ip as sorce for the 'A' record. Whats left is to
>create some kind of security, i am thinking in terms of a tsig-like
>signature on the packet contents.
>
>See ftp://ftp.manet.nu/pub/dynupdate.tar
>
>Any suggestions to securing this thing is welcome ! ( and feel free to
>send updates to the "dyn.manet.nu" zone )
>
>
> >> Does your example just create a one-off glue record? That would
> >> be fine, but I don't want my hand-maintained zone file being converted
> >> to a half-hand/half-dynamic-managed file for just one dynamically
> >> updated entry. Do I need to set up one-host zone?
>
> > Yeah, I guess you would. Have you considered migrating to Dynamic Update
>for *all* zone
> > updates?
>
>
> > - Kevin
>
>
>
>
>--
>Peter Håkanson
> IPSec Sverige ( At Gothenburg Riverside )
> Sorry about my e-mail address, but i'm trying to keep spam out,
> remove "icke-reklam" if you feel for mailing me. Thanx.
>
>------------------------------
>
>From: phn at icke-reklam.ipsec.nu
>Subject: Re: nameserver analysis
>Date: 13 Jun 2002 20:20:19 GMT
>
>
>Andrew Flagg <andyf at the-onramp.net> wrote:
> > I was looking for the website that does an analysis and web page report
>of a
> > nameserver.
> > It highlights warnings in yellow, and others in red.
>
> > What was that site? Anyone?
> > I lost the link.
>
>Could it be "http://www.dnsreport.com" ?
>
>
> > Thanks,
> > Andy
>
>
>
>
>
>--
>Peter Håkanson
> IPSec Sverige ( At Gothenburg Riverside )
> Sorry about my e-mail address, but i'm trying to keep spam out,
> remove "icke-reklam" if you feel for mailing me. Thanx.
>
>------------------------------
>
>From: phn at icke-reklam.ipsec.nu
>Subject: Re: Internal and External DNS???
>Date: 13 Jun 2002 20:24:24 GMT
>
>
>unki <unki at gmx.at> wrote:
>
> > Hello... I've a little probleme....
>
> > I have a normal domain ex. www.123.com. But I need a sub-domain
> > ex subdomain.123.com for the internal network (behind firewall, this
> > should
> > not be a registered domain by my provider)...
>
> > so i setup a name server (named) and configure and make a zone
>123.comГ[?�›[?�
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
More information about the bind-users
mailing list