bind-users Digest, Vol 2527, Issue 1

Fabian Cohen cohen.fabian2 at gmail.com
Mon Oct 24 20:13:46 UTC 2016 

Hi Tony the master res a your Zone and de reverse generate the consult for ip.


2016-10-24 9:00 GMT-03:00  <bind-users-request at lists.isc.org>:
> Send bind-users mailing list submissions to
>         bind-users at lists.isc.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.isc.org/mailman/listinfo/bind-users
> or, via email, send a message with subject or body 'help' to
>         bind-users-request at lists.isc.org
>
> You can reach the person managing the list at
>         bind-users-owner at lists.isc.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
>    1. merging reverse zone data obtained from two different masters
>       (blrmaani)
>    2. Re: merging reverse zone data obtained from two different
>       masters (blrmaani)
>    3. Running current version of bind in a jail? (Tom)
>    4. Re: Running current version of bind in a jail? (Reindl Harald)
>    5. Re: Running current version of bind in a jail? (Tony Finch)
>    6. Re: merging reverse zone data obtained from two different
>       masters (Tony Finch)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 23 Oct 2016 14:56:26 -0700 (PDT)
> From: blrmaani <blrmaani at gmail.com>
> To: comp-protocols-dns-bind at isc.org
> Subject: merging reverse zone data obtained from two different masters
> Message-ID: <c0284b9c-83e3-40ee-b677-2cc636748172 at googlegroups.com>
> Content-Type: text/plain; charset=UTF-8
>
> We have hosts in two different zones but use same subnet. Zone1 is generated by Master1 and Zone2 is generated by Master2.
>
> Slave1 runs BIND and would like to merge the reverses generated on Master1 and Master2. How do I do this?
>
> thanks
> Blr
>
>
> ------------------------------
>
> Message: 2
> Date: Sun, 23 Oct 2016 15:39:45 -0700 (PDT)
> From: blrmaani <blrmaani at gmail.com>
> To: comp-protocols-dns-bind at isc.org
> Subject: Re: merging reverse zone data obtained from two different
>         masters
> Message-ID: <0866d16a-d52e-4097-a968-87daf3a2fc86 at googlegroups.com>
> Content-Type: text/plain; charset=UTF-8
>
> On Sunday, October 23, 2016 at 2:56:37 PM UTC-7, blrmaani wrote:
>> We have hosts in two different zones but use same subnet. Zone1 is generated by Master1 and Zone2 is generated by Master2.
>>
>> Slave1 runs BIND and would like to merge the reverses generated on Master1 and Master2. How do I do this?
>>
>> thanks
>> Blr
>
> I know couple of hacky way to achieve this. Just curious if anyone tried it ?
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 24 Oct 2016 07:27:54 +0200
> From: Tom <tomtux007 at gmail.com>
> To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
> Subject: Running current version of bind in a jail?
> Message-ID: <7bd34414-4737-c7cb-d640-d26f15ea3e12 at gmail.com>
> Content-Type: text/plain; charset=utf-8; format=flowed
>
> Hi list
>
>  From
> https://kb.isc.org/article/AA-00768/0/Getting-started-with-BIND-how-to-build-and-run-named-with-a-basic-recursive-configuration.html:
>
> "Running named in a chroot jail (many still do, but this shouldn't be
> necessary with modern versions of BIND)".....:
>
> What's the reason, that it isn't necessary to run modern version of bind
> in a jail?
>
> Kind regards,
> Tom
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 24 Oct 2016 08:59:23 +0200
> From: Reindl Harald <h.reindl at thelounge.net>
> To: bind-users at lists.isc.org
> Subject: Re: Running current version of bind in a jail?
> Message-ID: <14080881-a967-4e2d-ed11-00f1104b8166 at thelounge.net>
> Content-Type: text/plain; charset=windows-1252; format=flowed
>
>
>
> Am 24.10.2016 um 07:27 schrieb Tom:
>> From
>> https://kb.isc.org/article/AA-00768/0/Getting-started-with-BIND-how-to-build-and-run-named-with-a-basic-recursive-configuration.html:
>>
>>
>> "Running named in a chroot jail (many still do, but this shouldn't be
>> necessary with modern versions of BIND)".....:
>>
>> What's the reason, that it isn't necessary to run modern version of bind
>> in a jail?
>
> that named got a complete rewrite and don't share any code with the
> times where the quality was so bad that it was highly recommended to
> chroot it?
>
>
> ------------------------------
>
> Message: 5
> Date: Mon, 24 Oct 2016 11:04:43 +0100
> From: Tony Finch <dot at dotat.at>
> To: Tom <tomtux007 at gmail.com>
> Cc: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
> Subject: Re: Running current version of bind in a jail?
> Message-ID: <alpine.DEB.2.11.1610241048260.6836 at grey.csi.cam.ac.uk>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
>
> Tom <tomtux007 at gmail.com> wrote:
>>
>> What's the reason, that it isn't necessary to run modern version of bind in a
>> jail?
>
> chroot is a defence against privilege escalation following a remote code
> execution vulnerability. It isn't a very solid defence. And BIND 9 tends
> to die of a self-check failure before remote code execution occurs,
> judging by the last few years of vulnerability notices.
>
> Also, on Linux, named drops most capabilities.
>
> Stricter partitions (VMs or containers) which you can easily nuke and
> rebuild from scratch mean there's much less need for chroot.
>
> I still chroot my servers :-)
>
> Tony.
> --
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
> Sole, Lundy, Fastnet: Easterly or northeasterly 5 to 7, becoming variable 3 or
> 4 later. Rough or very rough, becoming slight or moderate later. Rain or
> showers. Moderate or good, occasionally poor.
>
>
> ------------------------------
>
> Message: 6
> Date: Mon, 24 Oct 2016 11:11:15 +0100
> From: Tony Finch <dot at dotat.at>
> To: blrmaani <blrmaani at gmail.com>
> Cc: comp-protocols-dns-bind at isc.org
> Subject: Re: merging reverse zone data obtained from two different
>         masters
> Message-ID: <alpine.DEB.2.11.1610241104550.6836 at grey.csi.cam.ac.uk>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
>
> blrmaani <blrmaani at gmail.com> wrote:
>> On Sunday, October 23, 2016 at 2:56:37 PM UTC-7, blrmaani wrote:
>> >
>> > We have hosts in two different zones but use same subnet. Zone1 is
>> > generated by Master1 and Zone2 is generated by Master2.
>> >
>> > Slave1 runs BIND and would like to merge the reverses generated on
>> > Master1 and Master2. How do I do this?
>>
>> I know couple of hacky way to achieve this. Just curious if anyone tried
>> it ?
>
> Probably the best way is to use RFC 2317 classless delegation. It requires
> that zone1 and zone2 have different names from the normal reverse DNS
> zone.
>
> https://tools.ietf.org/html/rfc2317
> https://tools.ietf.org/html/draft-fanf-dnsop-rfc2317bis
>
> Tony.
> --
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
> North Fitzroy: Northeasterly 5 to 7 in far northwest, otherwise variable 3
> or 4. Rough or very rough. Showers. Good, occasionally moderate.
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
> ------------------------------
>
> End of bind-users Digest, Vol 2527, Issue 1
> *******************************************

More information about the bind-users mailing list