<div>Hello friends,</div>
<div>Please find my response below in highlighted text.</div>
<div> </div>
<div>Regards</div>
<div>Parashar<br><br></div>
<div class="gmail_quote">On Tue, Apr 12, 2011 at 5:21 AM, <span dir="ltr"><<a href="mailto:bind-users-request@lists.isc.org">bind-users-request@lists.isc.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Send bind-users mailing list submissions to<br> <a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<br>To subscribe or unsubscribe via the World Wide Web, visit<br> <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:bind-users-request@lists.isc.org">bind-users-request@lists.isc.org</a><br><br>You can reach the person managing the list at<br> <a href="mailto:bind-users-owner@lists.isc.org">bind-users-owner@lists.isc.org</a><br>
<br>When replying, please edit your Subject line so it is more specific<br>than "Re: Contents of bind-users digest..."<br><br><br>Today's Topics:<br><br> 1. dns record delegation (Parashar Singh)<br> 2. Re: dns record delegation (terry)<br>
3. Re: dns record delegation (Matus UHLAR - fantomas)<br> 4. Re: BIND9 fails resolving after connecting to VPN (kapetr)<br> 5. NS record, nameserver down. (fddi)<br> 6. Re: NS record, nameserver down. (terry)<br> 7. AW: ipv6 PTR in zone file (<a href="mailto:Walter.Jontofsohn@t-systems.com">Walter.Jontofsohn@t-systems.com</a>)<br>
8. Re: AW: ipv6 PTR in zone file (Marco Davids (SIDN))<br><br><br>----------------------------------------------------------------------<br><br>Message: 1<br>Date: Tue, 12 Apr 2011 09:25:15 +0530<br>From: Parashar Singh <<a href="mailto:parashar.singh2003@gmail.com">parashar.singh2003@gmail.com</a>><br>
Subject: dns record delegation<br>To: <a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>Message-ID: <BANLkTikjyGeSsobQ7OHms-fOK2R=<a href="mailto:rUwxNw@mail.gmail.com">rUwxNw@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br><br>Hi Friends,<br>I'm using bind 9.7.I want to delegate all wild card (*) request to another<br>name server. Hence whenever any request, say <a href="http://a.example.com/" target="_blank">a.example.com</a> or b.example.comor<br>
<a href="http://c.example.com/" target="_blank">c.example.com</a> comes to Authoritative name server for <a href="http://example.com/" target="_blank">example.com</a>, it should<br>be delegated (redirected) to another name server GLB. This GLB name server<br>
will be containing database for those records in <a href="http://example.com/" target="_blank">example.com</a>, and it should<br>be doing resolution for <a href="http://example.com/" target="_blank">example.com</a>.<br>For this, when I'm trying to configure the zone file for <a href="http://example.com/" target="_blank">example.com</a> with<br>
following:<br><br>* IN NS <a href="http://ns1.glb.com/" target="_blank">ns1.GLB.com</a><br>but it's not working. Can anyone suggest, how to configure this in bind?<br><br>Regards<br>Parashar<br>-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>URL: <<a href="https://lists.isc.org/pipermail/bind-users/attachments/20110412/a8ca5e46/attachment-0001.html" target="_blank">https://lists.isc.org/pipermail/bind-users/attachments/20110412/a8ca5e46/attachment-0001.html</a>><br>
<br>------------------------------<br><br>Message: 2<br>Date: Tue, 12 Apr 2011 12:15:50 +0800<br>From: terry <<a href="mailto:terry@geekmail.de">terry@geekmail.de</a>><br>Subject: Re: dns record delegation<br>To: <a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
Message-ID: <<a href="mailto:4DA3D1F6.9080905@geekmail.de">4DA3D1F6.9080905@geekmail.de</a>><br>Content-Type: text/plain; charset=UTF-8; format=flowed<br><br>? 2011-4-12 11:55, Parashar Singh ??:<br>> * IN NS <a href="http://ns1.glb.com/" target="_blank">ns1.GLB.com</a> <<a href="http://ns1.glb.com/" target="_blank">http://ns1.GLB.com</a>><br>
> but it's not working. Can anyone suggest, how to configure this in bind?<br><br>I was thinking you need a forward zone rather than the wild.<br><br></blockquote>
<div>Hi Terry,</div>
<div><font style="BACKGROUND-COLOR: #ffff66">The zone file <a href="http://example.com">example.com</a>, already containing 10-20 A records. For rest of records only it should forward request to <a href="http://ns1.GLB.com">ns1.GLB.com</a>.</font></div>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">--<br>terry - <a href="mailto:terry@geekmail.de">terry@geekmail.de</a><br><br><br>------------------------------<br>
<br>Message: 3<br>Date: Tue, 12 Apr 2011 08:50:06 +0200<br>From: Matus UHLAR - fantomas <<a href="mailto:uhlar@fantomas.sk">uhlar@fantomas.sk</a>><br>Subject: Re: dns record delegation<br>To: <a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
Message-ID: <<a href="mailto:20110412065006.GA27266@fantomas.sk">20110412065006.GA27266@fantomas.sk</a>><br>Content-Type: text/plain; charset=us-ascii<br><br>On 12.04.11 09:25, Parashar Singh wrote:<br>> I'm using bind 9.7.I want to delegate all wild card (*) request to another<br>
> name server.<br><br>what _exactly_ do you mean by "wildcard requests"?<br></blockquote>
<div> </div>
<div><font style="BACKGROUND-COLOR: #ffff66">Here wild card * means all RRs, which are not explicitely defined within zone file <a href="http://example.com">example.com</a>. Re-iterating my requirement: All RRs already defined within zone file <a href="http://example.com">example.com</a> shall be resolved locally, for all othere requests, the requests should be delegated to another name server <a href="http://ns1.glb.com">ns1.glb.com</a>.</font></div>
<div> </div>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><br>> Hence whenever any request, say <a href="http://a.example.com/" target="_blank">a.example.com</a> or b.example.comor<br>
> <a href="http://c.example.com/" target="_blank">c.example.com</a> comes to Authoritative name server for <a href="http://example.com/" target="_blank">example.com</a>, it should<br>> be delegated (redirected) to another name server GLB. This GLB name server<br>
> will be containing database for those records in <a href="http://example.com/" target="_blank">example.com</a>, and it should<br>> be doing resolution for <a href="http://example.com/" target="_blank">example.com</a>.<br>
<br>You can delegate <a href="http://example.com/" target="_blank">example.com</a> to another server, all requests for <a href="http://example.com/" target="_blank">example.com</a><br>and anything under <a href="http://example.com/" target="_blank">example.com</a> will be directed to it.<br>
<br>> For this, when I'm trying to configure the zone file for <a href="http://example.com/" target="_blank">example.com</a> with<br>> following:<br>><br>> * IN NS <a href="http://ns1.glb.com/" target="_blank">ns1.GLB.com</a><br>
> but it's not working. Can anyone suggest, how to configure this in bind?<br><br>you don't need to create wildcard delegation.<br>--<br>Matus UHLAR - fantomas, <a href="mailto:uhlar@fantomas.sk">uhlar@fantomas.sk</a> ; <a href="http://www.fantomas.sk/" target="_blank">http://www.fantomas.sk/</a><br>
Warning: I wish NOT to receive e-mail advertising to this address.<br>Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.<br>"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist<br>
"So does syphillis. Good thing we have penicillin." - Matthew Alton<br><br><br>------------------------------<br><br>Message: 4<br>Date: Tue, 12 Apr 2011 10:33:57 +0200 (CEST)<br>From: "kapetr" <<a href="mailto:kapetr@mizera.cz">kapetr@mizera.cz</a>><br>
Subject: Re: BIND9 fails resolving after connecting to VPN<br>To: <a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>Message-ID: <<a href="mailto:694540cee07f53909e24c78390734c1d@mail3.volny.cz">694540cee07f53909e24c78390734c1d@mail3.volny.cz</a>><br>
Content-Type: text/plain; charset="us-ascii"<br><br>Hello,<br><br>Kevin Darcy <<a href="mailto:kcd@chrysler.com">kcd@chrysler.com</a>> WROTE:<br><br>> > Do You thing, that this VPN provider<br>> > - blocks direct (not recursive) DNS questions<br>
> > and<br>> > > - manipulates recursive queries ? [catch them,<br>> > make query itself and<br>> > > answers with manipulated server IP]<br>> ><br>> > ???<br>> None of your queries were non-recursive (you'd<br>
> need "+norec" on your dig<br>> command line for that), so I wouldn't jump to the<br>> conclusion that<br>> non-recursive queries are being blocked.<br><br>I did mean queries from my local BIND, not from dig command.<br>
<br>><br>> What's more likely happening is that *all* of your<br>> queries are being<br>> transparently redirected to a recursive resolver.<br>> Although, I'd be<br>> curious to see what responses you get if you<br>
> actually generate<br>> non-recursive queries (with the "+norec").<br>><br><br>I have try it. Unfortunately ...<br><br>I have get normal answers (from DNS server in Internet, which was<br>accessed over the new default route == over VPN) even with<br>
+norecurse or +trace. These non-recurse queries have go over the VPN<br> and I have get normal answers. :-(<br><br>I have hope/thing, we are on the right way to solve the problem ...<br><br>But the only who get crazy is still only the local BIND.<br>
Recurse and non-recurse queries goes over the VPN without problems.<br>I have follow that in wireshark and routing and source addresses<br>seems to be OK.<br><br><br>> If it's redirecting non-recursive queries to some<br>
> caching nameserver,<br>> then that probably explains why named goes stupid<br>> when the VPN is up,<br>> since it won't be able to use the<br>> non-authoritative answers it sees.<br><br><br>As I wrote in previous post, there must be something ..., while the<br>
root server has give recursive answer while VPN and not while normal<br>direct connection to Internet.<br><br>But about the non-recurse queries ... see above.<br><br><br>><br>> - Kevin<br><br>Any other Ideas ?<br><br>
Thanks<br><br>--kapetr<br><br><br><br>------------------------------<br><br>Message: 5<br>Date: Tue, 12 Apr 2011 10:34:30 +0200<br>From: fddi <<a href="mailto:fddi@gmx.it">fddi@gmx.it</a>><br>Subject: NS record, nameserver down.<br>
To: Bind Users Mailing List <<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>><br>Message-ID: <<a href="mailto:4DA40E96.5040903@gmx.it">4DA40E96.5040903@gmx.it</a>><br>Content-Type: text/plain; charset=ISO-8859-1; format=flowed<br>
<br>Hello,<br>I have a <a href="http://domain.com/" target="_blank">domain.com</a><br><br>with w nameservers defined, for example<br><br>;; ANSWER SECTION:<br><a href="http://domain.com/" target="_blank">domain.com</a>. 86400 IN NS <a href="http://ns1.domain.com/" target="_blank">ns1.domain.com</a>.<br>
<a href="http://domain.com/" target="_blank">domain.com</a>. 86400 IN NS <a href="http://ns2.domain.com/" target="_blank">ns2.domain.com</a>.<br><br>;; ANSWER SECTION:<br><a href="http://ns1.domain.com/" target="_blank">ns1.domain.com</a>. 86400 IN A 172.16.16.1<br>
<a href="http://ns2.domain.com/" target="_blank">ns2.domain.com</a>. 86400 IN A 172.16.16.2<br><br>;; ANSWER SECTION:<br><a href="http://www.domain.com/" target="_blank">www.domain.com</a>. 86400 IN A 172.16.16.80<br>
<br><br>ns1 and ns2 are two nameservers with DLZ backend on mysql so the<br>architecture is multi-master.<br><br>I wanted to ask what happens if one of the nameservers is down and a<br>remote host wants to resolve<br>a hostname on my domain.<br>
<br>let's say <a href="http://ns1.domain.com/" target="_blank">ns1.domain.com</a>. is down<br><br>if a remote host does a query for <a href="http://www.domain.com/" target="_blank">www.domain.com</a> will the query always<br>
be succesful even if ns1 is down ?<br>or the NS records are just round-robin so that if the query arrives to<br>the one which is down, the query will fail ?<br><br>thank you<br><br>Rick<br><br><br><br><br><br><br>------------------------------<br>
<br>Message: 6<br>Date: Tue, 12 Apr 2011 16:50:52 +0800<br>From: terry <<a href="mailto:terry@geekmail.de">terry@geekmail.de</a>><br>Subject: Re: NS record, nameserver down.<br>To: <a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
Message-ID: <<a href="mailto:4DA4126C.3020902@geekmail.de">4DA4126C.3020902@geekmail.de</a>><br>Content-Type: text/plain; charset=UTF-8; format=flowed<br><br>? 2011-4-12 16:34, fddi ??:<br>> if a remote host does a query for <a href="http://www.domain.com/" target="_blank">www.domain.com</a> will the query always<br>
> be succesful even if ns1 is down ?<br>> or the NS records are just round-robin so that if the query arrives to<br>> the one which is down, the query will fail ?<br><br><br>The clients will always try the second alive nameserver so your doman<br>
names will be resolved without much problem.<br><br>--<br>terry - <a href="mailto:terry@geekmail.de">terry@geekmail.de</a><br><br><br>------------------------------<br><br>Message: 7<br>Date: Tue, 12 Apr 2011 10:50:16 +0200<br>
From: <<a href="mailto:Walter.Jontofsohn@t-systems.com">Walter.Jontofsohn@t-systems.com</a>><br>Subject: AW: ipv6 PTR in zone file<br>To: <<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>><br>
Message-ID:<br> <<a href="mailto:901586CA8F92D543BFFFD6E1122F5A36026BBE19A351@HE101453.emea1.cds.t-internal.com">901586CA8F92D543BFFFD6E1122F5A36026BBE19A351@HE101453.emea1.cds.t-internal.com</a>><br><br>Content-Type: text/plain; charset="us-ascii"<br>
<br><br>Hello,<br><br>you could use ipv6calc (<a href="ftp://ftp.bieringer.de/pub/linux/ipv6/ipv6calc" target="_blank">ftp://ftp.bieringer.de/pub/linux/ipv6/ipv6calc</a>) to calculate the reverse strings.<br>Then you can put them into the zone file.<br>
<br>With Best regards,<br><br>Walter<br><br><br>Im Auftrag von Michel de Nostredame<br>>Gesendet: Montag, 11. April 2011 20:44<br>>An: bind-users<br>>Betreff: ipv6 PTR in zone file<br>><br>>Hi BIND Users,<br>
><br>>I am not sure if my post here is proper or not. If not please<br>>kindly guide me to a correct list.<br>><br>>I have lot of "static" IPv6 address needs to add into DNS PTR record.<br>>Most of them are server IP addresses and addresses on router<br>
>interfaces.<br>>Compose proper PTR records, without human errors, is highly<br>>difficult (compares to IPv4 PTR records), as we encode some<br>>customer information into the address.<br>><br>>I tried to look into bit-string and soon realized it is<br>
>already removed from recent BIND versions. Then tried to<br>>search "$REVERSE" and "$INVERSE" on Google but got no much<br>>luck; seems not much development / discussion recently.<br>><br>
>For example, today we probably do PTR list this,<br>><br>>$ORIGIN 0.0.0.0.0.0.d.4.1.a.1.0.1.0.0.2.ip6.arpa.<br>>1.0.1.a.0.0.0.5.6.0.c.1.0.0.5.6 PTR<br>><a href="http://xe-3-0-3-101.ar.par1.fr.netname.net/" target="_blank">xe-3-0-3-101.ar.par1.fr.netname.net</a>.<br>
><br>><br>>What I am think about is if there is any potential possibility<br>>to compose IPv6 PTR records in ZONE files in a little easier method?<br>>something like<br>><br>>$ORIGIN $REVERSE(2001:01a1:4d00:0000).ip6.arpa.<br>
>$REVERSE(6500:1c06:5000:a101) PTR<br>><a href="http://xe-3-0-3-101.ar.par1.fr.netname.net/" target="_blank">xe-3-0-3-101.ar.par1.fr.netname.net</a>.<br>><br><br><br>------------------------------<br><br>
Message: 8<br>Date: Tue, 12 Apr 2011 11:21:14 +0200<br>From: "Marco Davids (SIDN)" <<a href="mailto:marco.davids@sidn.nl">marco.davids@sidn.nl</a>><br>Subject: Re: AW: ipv6 PTR in zone file<br>To: <<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>><br>
Message-ID: <<a href="mailto:4DA4198A.6010600@sidn.nl">4DA4198A.6010600@sidn.nl</a>><br>Content-Type: text/plain; charset="ISO-8859-1"<br><br>On 04/12/11 10:50, <a href="mailto:Walter.Jontofsohn@t-systems.com">Walter.Jontofsohn@t-systems.com</a> wrote:<br>
<br>> you could use ipv6calc (<a href="ftp://ftp.bieringer.de/pub/linux/ipv6/ipv6calc" target="_blank">ftp://ftp.bieringer.de/pub/linux/ipv6/ipv6calc</a>) to calculate the reverse strings.<br><br>Yes.<br><br>Or do it 'the BIND way':<br>
<br> dig -x 2001:7b8:c05::80:1 | grep ip6.arpa | tail -1 | awk '{print $1}'<br><br>--<br>Marco<br><br>> Im Auftrag von Michel de Nostredame<br>>> Gesendet: Montag, 11. April 2011 20:44<br>>> An: bind-users<br>
>> Betreff: ipv6 PTR in zone file<br>>><br>>> Hi BIND Users,<br>>><br>>> I am not sure if my post here is proper or not. If not please<br>>> kindly guide me to a correct list.<br>>><br>
>> I have lot of "static" IPv6 address needs to add into DNS PTR record.<br>>> Most of them are server IP addresses and addresses on router<br>>> interfaces.<br>>> Compose proper PTR records, without human errors, is highly<br>
>> difficult (compares to IPv4 PTR records), as we encode some<br>>> customer information into the address.<br>>><br>>> I tried to look into bit-string and soon realized it is<br>>> already removed from recent BIND versions. Then tried to<br>
>> search "$REVERSE" and "$INVERSE" on Google but got no much<br>>> luck; seems not much development / discussion recently.<br>>><br>>> For example, today we probably do PTR list this,<br>
>><br>>> $ORIGIN 0.0.0.0.0.0.d.4.1.a.1.0.1.0.0.2.ip6.arpa.<br>>> 1.0.1.a.0.0.0.5.6.0.c.1.0.0.5.6 PTR<br>>> <a href="http://xe-3-0-3-101.ar.par1.fr.netname.net/" target="_blank">xe-3-0-3-101.ar.par1.fr.netname.net</a>.<br>
>><br>>><br>>> What I am think about is if there is any potential possibility<br>>> to compose IPv6 PTR records in ZONE files in a little easier method?<br>>> something like<br>>><br>>> $ORIGIN $REVERSE(2001:01a1:4d00:0000).ip6.arpa.<br>
>> $REVERSE(6500:1c06:5000:a101) PTR<br>>> <a href="http://xe-3-0-3-101.ar.par1.fr.netname.net/" target="_blank">xe-3-0-3-101.ar.par1.fr.netname.net</a>.<br><br><br>------------------------------<br><br>
_______________________________________________<br>bind-users mailing list<br><a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br><a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
<br>End of bind-users Digest, Vol 829, Issue 1<br>******************************************<br></blockquote></div><br>