Search Results

Search found 185 results on 8 pages for 'delegation'.

Page 1/8 | 1 2 3 4 5 6 7 8  | Next Page >

  • Automate setup of constrained kerberos delegation in AD

    - by Grhm
    I have a web app that uses some backend servers (UNC, HTTP and SQL). To get this working I need to configure ServicePrincipalNames for the account running the IIS AppPool and then allow kerberos delegation to the backend services. I know how to configure this through the "Delegation" tab of the AD Users and Computers tool. However, the application is going to be deployed to a number of Active Directory environments. Configuring delegation manually has proved to be error prone and debugging the issues misconfiguration causes is time consuming. I'd like to create an installation script or program that can do this for me. Does anyone know how to script or programmatically set constrained delegation within AD? Failing that how can I script reading the allowed services for a user to validate that it has been setup correctly?

    Read the article

  • DNS delegation on same server with DDNS and second slave server

    - by Austin
    I have two servers running BIND, the first is setup as the master of two zones and the second as a slave for those zones. The zones are example.com and ddns.example.com. I have DDNS running and thousands of device entries are dynamically created in ddns.example.com. I wanted to keep DDNS separate from the main example.com, so I created a separate zone that the DHCP servers update. Considering these zones are hosted on the same server, is it possible to have delegation working from example.com to ddns.example.com? For example if my workstation's search domain is example.com and pointed towards 10.1.10.1 for its DNS provider, I would like to be able to resolve hostname.ddns. As it is, I can resolve hostname.ddns.example.com, but would like to be able to resolve just hostname.ddns. Alternatively, if the workstation's search domain is ddns.example.com, what settings do I need to be able to change to be able to resolve web, ftp, etc, which are all hosts in the parent, example.com zone? Does the ddns.example.com zone need to forward to the example.com zone? Again, all the zones are setup on the same server with a second server setup as a slave. named.conf: zone "example.com" IN { type master; file "example.com"; allow-update { none; }; } zone "ddns.example.com" IN { type master; file "ddns.example.com"; allow-update { key dhcp-update; }; } example.com zone file: $ORIGIN . $TTL 86400 example.com IN SOA ns1.example.com. hostmaster.example.com. ( serial, refresh, retry, etc. ) NS ns1.example.com. NS ns2.example.com. $ORIGIN example.com. ns1 A 10.1.10.1 ns2 A 10.1.10.2 web A 10.1.15.30 ftp A 10.1.15.31 host3 A 10.1.15.32 $ORIGIN ddns.example.com NS ns1 NS ns2 ns1 A 10.1.10.1 ns2 A 10.1.10.2

    Read the article

  • Delegation Permissions to admins in Active Directory/Taskpads

    - by user1569537
    I am trying to provide taskpads to few admins to operate on few tasks delegated to them at OU level.I ran into the following problem; lets say i delegated access to the admin on OU X and which is ability to modify groups such as sample group X1 , he must be able to add any users from OU X to the group X1. The issue here is while testing i found out the admin can do the above but also can add a user Y1 from the OU Y(which he doesnt have delegated permissions) to the group X1.What am i missing? how to restrict admin from adding users out of OU to the groups he has modify access to? Please ask me if any more details/clarification required.

    Read the article

  • Double hop SQL delegation not working

    - by eKoz
    I've been trying to diagnose this for some time, and unfortunately Im still getting the dreaded anonymous logon issue when trying to connect to a sql db as a domain user. Steps taken: App Pool created with delegation service acct Site / Virtual dir running with Integrated Windows auth only Made sure site itself can use kerberos KB 215383 Service acct added to IIS_WPG group Service acct added to "act as part of operating system" under Local Security settings Service acct added to Log on as service under Local Security Settings HTTP SPN set for web address + service account (and FQDN) MSSQLSvc SPN set for sql box and domain acct sql is running as Trust for delegation turned on service acct, specified services, and sql service acct After all this, Im still getting the exact same error from when I started. Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. This has advanced my balding by at least 5 years so far. I would greatly appreciate any additional tips on diagnosing or setting up.

    Read the article

  • MooTools - Programmatically fired events not working with event delegation

    - by Anurag
    Would really appreciate if anyone can help me figure out why I am unable to fire events programmatically when using event delegation in MooTools (from the Element.Delegation class). There is a parent <div> that has a change listener on some child <input> elements. When the change event is triggered by user actions, the handler on the parent div gets triggered, but when I fire it programmatically with fireEvent on any child input, nothing happens. The basic setup is: html <div id="listener"> <input type="text" id="color" class="color" /> ????????????????????????????????????????????????????????????????</div>??????????? js $("listener").addEvent("change:relay(.color)", function() { alert("changed!!"); }); $("color").fireEvent("change"); // nothing happens The event handler on the parent div does not get called. Any help is appreciated. Cheers!

    Read the article

  • MooTools Event Delegation using HTML5 data attributes.

    - by Anurag
    Is it possible to have event delegation using the HTML5 data attributes in MooTools? The HTML structure I have is: ?<div id="parent"> <div>not selectable</div> <div data-selectable="true">selectable</div> <div>not selectable either.</div> <div data-selectable="true">also selectable</div> </div>???????????????????????????????????????????????????????????????????????? And I want to setup <div id="parent"> to listen to all clicks only on child elements that have the data-selected attribute. Please let me know if I'm doing something wrong: The events are being setup as: $("parent").addEvent("click:relay([data-selectable])", function(event, el) { alert(this.get('text')); }); but the click callback is fired on clicking all div's, not just the ones with a data-selectable attribute defined. You can see this example on http://jsfiddle.net/NUGD4/ A workaround is to adding this as a CSS class, which works with delegation but I would prefer to be able to use data-attributes as it's used throughout the application.

    Read the article

  • innerHTML and event delegation

    - by Mark Gerrard
    Hello, I have a containing div that has multiple divs within which is updated every 25ms using innerHTML (for performance reasons). I have tried using event delegation to capture events but nothing I seem to do captures the click event. I think this may be due to the speed that the contents are getting updated. Any ideas would be very welcome. Thanks Mark

    Read the article

  • Impersonation and Delegation

    - by Samuel Kim
    I am using impersonation is used to access file on UNC share as below. var ctx = ((WindowsIdentity)HttpContext.Current.User.Identity).Impersonate(); string level = WindowsIdentity.GetCurrent().ImpersonationLevel); On two Windows 2003 servers using IIS6, I am getting different impersonation levels: Delegation on one server and Impersonation on the other server. This causes issues where I am unable to access the UNC share on the server with 'Impersonation' level. What could be causing this difference? I searched through machine.config and IIS settings for the app pool, site and virtual directories - but aren't able to find the cause of this problem.

    Read the article

  • WCF Custom Delegation/Authentication without Kerberos

    - by MichaelGG
    I'm building a simple WCF service, probably exposed via HTTPS, using NTLM security. Since not all users are going to be capable of using the service directly, we're writing a simple web front-end for the service. Users will auth with HTML to the web front-end. What we want is a way to delegate the user of the web site all the way to the WCF service. I understand Kerberos delegation can do this, but that's not available to us. What I want to do is make the web front-end account a specially trusted account, so that if a request hits the WCF service authenticated as "DOMAIN\WebApp", we read a WCF message header containing the real identity, then switch the principal to that and continue as normal. Is there any "simple" way of achieving this? Should I give up entirely on this idea, and instead make users "sign-in" to the WCF app and then do complete custom auth? The WCF extensibility and security options seem so vast, I'd like to get a heads up on which path to start heading down.

    Read the article

  • Requesting Delegation (ActAs) Tokens using WSTrustChannel (as opposed to Configuration Madness)

    - by Your DisplayName here!
    Delegation using the ActAs approach has some interesting security features A security token service can make authorization and validation checks before issuing the ActAs token. Combined with proof keys you get non-repudiation features. The ultimate receiver sees the original caller as direct caller and can optionally traverse the delegation chain. Encryption and audience restriction can be tied down Most samples out there (including the SDK sample) use the CreateChannelActingAs extension method from WIF to request ActAs tokens. This method builds on top of the WCF binding configuration which may not always be suitable for your situation. You can also use the WSTrustChannel to request ActAs tokens. This allows direct and programmatic control over bindings and configuration and is my preferred approach. The below method requests an ActAs token based on a bootstrap token. The returned token can then directly be used with the CreateChannelWithIssued token extension method. private SecurityToken GetActAsToken(SecurityToken bootstrapToken) {     var factory = new WSTrustChannelFactory(         new UserNameWSTrustBinding(SecurityMode.TransportWithMessageCredential),         new EndpointAddress(_stsAddress));     factory.TrustVersion = TrustVersion.WSTrust13;     factory.Credentials.UserName.UserName = "middletier";     factory.Credentials.UserName.Password = "abc!123";     var rst = new RequestSecurityToken     {         AppliesTo = new EndpointAddress(_serviceAddress),         RequestType = RequestTypes.Issue,         KeyType = KeyTypes.Symmetric,         ActAs = new SecurityTokenElement(bootstrapToken)     };     var channel = factory.CreateChannel();     var delegationToken = channel.Issue(rst);     return delegationToken; }   HTH

    Read the article

  • Delegation of Solaris Zone Administration

    - by darrenm
    In Solaris 11 'Zone Delegation' is a built in feature. The Zones system now uses finegrained RBAC authorisations to allow delegation of management of distinct zones, rather than all zones which is what the 'Zone Management' RBAC profile did in Solaris 10.The data for this can be stored with the Zone or you could also create RBAC profiles (that can even be stored in NIS or LDAP) for granting access to specific lists of Zones to administrators.For example lets say we have zones named zoneA through zoneF and we have three admins alice, bob, carl.  We want to grant a subset of the zone management to each of them.We could do that either by adding the admin resource to the appropriate zones via zonecfg(1M) or we could do something like this with RBAC data directly: First lets look at an example of storing the data with the zone. # zonecfg -z zoneA zonecfg:zoneA> add admin zonecfg:zoneA> set user=alice zonecfg:zoneA> set auths=manage zonecfg:zoneA> end zonecfg:zoneA> commit zonecfg:zoneA> exit Now lets look at the alternate method of storing this directly in the RBAC database, but we will show all our admins and zones for this example: # usermod -P +Zone Management -A +solaris.zone.manage/zoneA alice # usermod -A +solaris.zone.login/zoneB alice # usermod -P +Zone Management-A +solaris.zone.manage/zoneB bob # usermod -A +solaris.zone.manage/zoneC bob # usermod -P +Zone Management-A +solaris.zone.manage/zoneC carl # usermod -A +solaris.zone.manage/zoneD carl # usermod -A +solaris.zone.manage/zoneE carl # usermod -A +solaris.zone.manage/zoneF carl In the above alice can only manage zoneA, bob can manage zoneB and zoneC and carl can manage zoneC through zoneF.  The user alice can also login on the console to zoneB but she can't do the operations that require the solaris.zone.manage authorisation on it.Or if you have a large number of zones and/or admins or you just want to provide a layer of abstraction you can collect the authorisation lists into an RBAC profile and grant that to the admins, for example lets great an RBAC profile for the things that alice and carl can do. # profiles -p 'Zone Group 1' profiles:Zone Group 1> set desc="Zone Group 1" profiles:Zone Group 1> add profile="Zone Management" profiles:Zone Group 1> add auths=solaris.zone.manage/zoneA profiles:Zone Group 1> add auths=solaris.zone.login/zoneB profiles:Zone Group 1> commit profiles:Zone Group 1> exit # profiles -p 'Zone Group 3' profiles:Zone Group 1> set desc="Zone Group 3" profiles:Zone Group 1> add profile="Zone Management" profiles:Zone Group 1> add auths=solaris.zone.manage/zoneD profiles:Zone Group 1> add auths=solaris.zone.manage/zoneE profiles:Zone Group 1> add auths=solaris.zone.manage/zoneF profiles:Zone Group 1> commit profiles:Zone Group 1> exit Now instead of granting carl  and aliace the 'Zone Management' profile and the authorisations directly we can just give them the appropriate profile. # usermod -P +'Zone Group 3' carl # usermod -P +'Zone Group 1' alice If we wanted to store the profile data and the profiles granted to the users in LDAP just add '-S ldap' to the profiles and usermod commands. For a documentation overview see the description of the "admin" resource in zonecfg(1M), profiles(1) and usermod(1M)

    Read the article

  • MVC and delegation

    - by timjver
    I am a beginning iOS programmer and use the Model-View-Controller model as a design pattern: my model doesn't know anything about my view (in order to make it compatible with any view), my view doesn't know anything about my model so they interact via my controller. A very usual way for a view to interact with the controller is through delegation: when the user interacts with the app, my view will notify my controller, which can call some methods of my model and update my view, if necessary. However, would it make sense to also make my controller the delegate of my model? I'm not convinced this is the way to go. It could be handy for my model to notify my controller of some process being finished, for example, or to ask for extra input of the user if it doesn't have enough information to complete the task. The downside of this, though, is that my controller would be the delegate for both my controller and my model, so there wouldn't be really a proper way to notify my model of changes in my view, and vice versa. (correct me if I'm wrong.) Conclusion: I don't really think it's a good idea to to have my controller to be the delegate of my model, but just being the delegate of my view would be fine. Is this the way most MVC models handle? Or is there a way to have the controller be the delegate of both the controller and the model, with proper communication between them? Like I said, I'm a beginner, so I want to do such stuff the right way immediately, rather than spending loads of hours on models that won't work anyway. :)

    Read the article

  • Confusion about Kerberos, delegation and SPNs.

    - by Vilx-
    I already posted this question on SO, but the nature of it is between programming and server configuration, so I'll re-post it here as well. I'm trying to write a proof-of-concept application that performs Kerberos delegation. I've written all the code, and it seems to working (I'm authenticating fine), but the resulting security context doesn't have the ISC_REQ_DELEGATE flag set. So I'm thinking that maybe one of the endpoints (client or server) is forbidden to delegate. However I'm not authenticating against an SPN. Just one domain user against another domain user. As the SPN for InitializeSecurityContext() I'm passing "[email protected]" (which is the user account under which the server application is running). As I understand, domain users have delegation enabled by default. Anyway, I asked the admin to check, and the "account is sensitive and cannot be delegated" checkbox is off. I know that if my server was running as a NETWORK SERVICE and I used an SPN to connect to it, then I'd need the computer account in AD to have the "Trust computer for delegation" checkbox checked (off by default), but... this is not the case, right? Or is it? Also - when the checkbox in the computer account is set, do the changes take place immediately, or must I reboot the server PC or wait for a while?

    Read the article

  • The sign of a true manager is delegation (C# style)

    - by MarkPearl
    Today I thought I would write a bit about delegates in C#. Up till recently I have managed to side step any real understanding of what delegates do and why they are useful – I mean, I know roughly what they do and have used them a lot, but I have never really got down dirty with them and mucked about. Recently however with my renewed interest in Silverlight delegates came up again as a possible solution to a particular problem, and suddenly I found myself opening a bland little console application to just see exactly how far I could take delegates with my limited knowledge. So, let’s first look at the MSDN definition of delegates… A delegate declaration defines a reference type that can be used to encapsulate a method with a specific signature. A delegate instance encapsulates a static or an instance method. Delegates are roughly similar to function pointers in C++; however, delegates are type-safe and secure. Well, don’t you love MSDN for such a useful definition. I must give it credit though… later on it really explains it a bit better by saying “A delegate lets you pass a function as a parameter. The type safety of delegates requires the function you pass as a delegate to have the same signature as the delegate declaration.” A little more reading up on delegates mentions that delegates are similar to interfaces in that they enable the separation of specification and implementation. A delegate declares a single method, while an interface declares a group of methods. So enough reading - lets look at some code and see a basic example of a delegate… Let’s assume we have a console application with a simple delegate declared called AdjustValue like below… class Program { private delegate int AdjustValue(int val); static void Main(string[] args) { } } In a sense, all we have said is that we will be creating one or more methods that follow the same pattern as AdjustValue – i.e. they will take one input value of type int and return an integer. We could then expand our code to have various methods that match the structure of our delegate AdjustValue (remember the structure is int xxx (int xxx)) class Program { private delegate int AdjustValue(int val); private static int Dbl(int val) { return val * 2; } private static int AlwaysOne(int val) { return 1; } static void Main(string[] args) { } }  Above I have expanded my project to have two methods, one called Dbl and the other AlwaysOne. Dbl always returns double the input val and AlwaysOne always returns 1. I could now declare a variable and assign it to be one of those functions, like the following… class Program { private delegate int AdjustValue(int val); private static int Dbl(int val) { return val * 2; } private static int AlwaysOne(int val) { return 1; } static void Main(string[] args) { AdjustValue myDelegate; myDelegate = Dbl; Console.WriteLine(myDelegate(1).ToString()); Console.ReadLine(); } } In this instance I have declared an instance of the AdjustValue delegate called myDelegate; I have then told myDelegate to point to the method Dbl, and then called myDelegate(1). What would the result be? Yes, in this instance it would be exactly the same as me calling the following code… static void Main(string[] args) { Console.WriteLine(Dbl(1).ToString()); Console.ReadLine(); }   So why all the extra work for delegates when we could just do what we did above and call the method directly? Well… that separation of specification to implementation comes to mind. So, this all seems pretty simple. Let’s take a slightly more complicated variation to the console application. Assume that my project is the same as the one previously except that my main method is adjusted as follows… static void Main(string[] args) { AdjustValue myDelegate; myDelegate = Dbl; myDelegate = AlwaysOne; Console.WriteLine(myDelegate(1).ToString()); Console.ReadLine(); } What would happen in this scenario? Quite simply “1” would be written to the console, the reason being that myDelegate was last pointing to the AlwaysOne method before it was called. Make sense? In a way, the myDelegate is a variable method that can be swapped and changed when needed. Let’s make the code a little more confusing by using a delegate in the declaration of another delegate as shown below… class Program { private delegate int AdjustValue(InputValue val); private delegate int InputValue(); private static int Dbl(InputValue val) { return val()*2; } private static int GetInputVal() { Console.WriteLine("Enter a whole number : "); return Convert.ToInt32(Console.ReadLine()); } static void Main(string[] args) { AdjustValue myDelegate; myDelegate = Dbl; Console.WriteLine(myDelegate(GetInputVal).ToString()); Console.ReadLine(); } }   Now it gets really interesting because it looks like we have passed a method into a function in the main method by declaring… Console.WriteLine(myDelegate(GetInputVal).ToString()); So, what it the output? Well, try take a guess on what will happen – then copy the code and see if you got it right. Well that brings me to the end of this short explanation of Delegates. Hopefully it made sense!

    Read the article

  • Kerberos: connection from win app running from IIS to SQL failed

    - by Mikhail Kislitsyn
    I have an IIS web-application with Windows authentication and impersonation. This application connects to SQL server. In this case Kerberos works fine. But there is a problem. Web-application runs windows application (not .NET), which also connects to the SQL server. Windows application runs with IIS app user credentials and impersonates current site user to connect to SQL server. scheme: http://i.stack.imgur.com/2cgv7.png When delegation for IIS user is set to "Trust this computer for delegation to any service" everything works fine. But I can't use this type of delegation according to security requirements. When I set delegation to "Specific services" and choose MSSQLSvc SPN, connection from windows application fails with "ANONIMOUS" fault. WireShark shows "KRB5KDC_ERR_BADOPTION" packet. What I'm doing wrong?

    Read the article

  • Mootools 1.2.4 delegation not working in IE8...?

    - by michael
    Hey there everybody-- So I have a listbox next to a form. When the user clicks an option in the select box, I make a request for the related data, returned in a JSON object, which gets put into the form elements. When the form is saved, the request goes thru and the listbox is rebuilt with the updated data. Since it's being rebuilt I'm trying to use delegation on the listbox's parent div for the onchange code. The trouble I'm having is with IE8 (big shock) not firing the delegated event. I have the following HTML: <div id="listwrapper" class="span-10 append-1 last"> <select id="list" name="list" size="20"> <option value="86">Adrian Franklin</option> <option value="16">Adrian McCorvey</option> <option value="196">Virginia Thomas</option> </select> </div> and the following script to go with it: window.addEvent('domready', function() { var jsonreq = new Request.JSON(); $('listwrapper').addEvent('change:relay(select)', function(e) { alert('this doesn't fire in IE8'); e.stop(); var status= $('statuswrapper').empty().addClass('ajax-loading'); jsonreq.options.url = 'de_getformdata.php'; jsonreq.options.method = 'post'; jsonreq.options.data = {'getlist':'<?php echo $getlist ?>','pkey':$('list').value}; jsonreq.onSuccess = function(rObj, rTxt) { status.removeClass('ajax-loading'); for (key in rObj) { status.set('html','You are currently editing '+rObj['cname']); if ($chk($(key))) $(key).value = rObj[key]; } $('lalsoaccomp-yes').set('checked',(($('naccompkey').value > 0)?'true':'false')); $('lalsoaccomp-no').set('checked',(($('naccompkey').value > 0)?'false':'true')); } jsonreq.send(); }); }); (I took out a bit of unrelated stuff). So this all works as expected in firefox, but IE8 refuses to fire the delegated change event on the select element. If I attach the change function directly to the select, then it works just fine. Am I missing something? Does IE8 just not like the :relay? Sidenote: I'm very new to mootools and javascripting, etc, so if there's something that can be improved code-wise, please let me know too.. Thanks!

    Read the article

  • Confusion about Kerberos, delegation and SPNs.

    - by Vilx-
    I'm trying to write a proof-of-concept application that performs Kerberos delegation. I've written all the code, and it seems to working (I'm authenticating fine), but the resulting security context doesn't have the ISC_REQ_DELEGATE flag set. So I'm thinking that maybe one of the endpoints (client or server) is forbidden to delegate. However I'm not authenticating against an SPN. Just one domain user against another domain user. As the SPN for InitializeSecurityContext() I'm passing "[email protected]" (which is the user account under which the server application is running). As I understand, domain users have delegation enabled by default. Anyway, I asked the admin to check, and the "account is sensitive and cannot be delegated" checkbox is off. I know that if my server was running as a NETWORK SERVICE and I used an SPN to connect to it, then I'd need the computer account in AD to have the "Trust computer for delegation" checkbox checked (off by default), but... this is not the case, right? Or is it? Also - when the checkbox in the computer account is set, do the changes take place immediately, or must I reboot the server PC or wait for a while?

    Read the article

  • Delegation, is this just opinionated or is there a common pattern?

    - by user1446714
    If I have a java class containing substantial code and I wish to add extra features, am I right in thinking the delegate class would have the additional features added as methods. Then my original class would create the delegate object and just call the extra functionality via the delegate instance? I am being told by somebody else that my original class should become the delegate and that the class containing the new functionality should contain an instance of the original class, to use as a delegate? This seemed a little backward to me, because there would be far more delegate calls because most of the code is now in the delegate.... I was always under the impression the delegate object would contain the additional new behaviour and an instance of it would be in the original class to inboke the new behaviour from?

    Read the article

  • Rejoignez la délégation Française à San Francisco pour l'Oracle OpenWorld !

    - by Valérie De Montvallon
    Vous connaissez l'Oracle OpenWorld, un de nos plus gros événements ? Regroupant plus de 40 000 clients et partenaires, il permet à chacun de partager ses expériences au travers de 1 800 sessions. Participer à OpenWorld, c'est aussi s'informer sur la vision stratégique d'Oracle et découvrir les dernières innovations technologiques. En venant avec la délégation française, votre expérience sera largement simplifiée : rencontre avec la Direction d'Oracle France, personnalisation et optimisation de votre agenda sur place et, bien sûr, échanges qualitatifs au sein de la communauté française. Alors n'attendez plus et rejoignez-nous à l'Oracle OpenWorld du 30 septembre au 4 octobre 2012 à San Francisco. Pour plus d'informations, vous pouvez vous rendre sur la page dédiée à la délégation française d'Oracle Openworld. Et si vous avez des questions ou commentaires, vous pouvez toujours envoyer un email à la délégation française [email protected]

    Read the article

  • C# to Javascript: Custom Event Delegation?

    - by James Simpson
    I'm working on a project in Unity3D with Javascript, and I'm trying to implement the SmartFoxServer API (http://smartfoxserver.com) in Javascript instead of their example C# code. I've gotten most of it converted correctly, but I am still getting an error at runtime with the following line involving delegation to a C# file that is in the API (SFSEvent.cs). C# original: SFSEvent.onConnection += HandleConnection; Javascript (or whatever I've turned it into): SFSEvent.onConnection = Delegate.Combine(HandleConnection); Error: InvalidCastException: Cannot cast from source type to destination type.

    Read the article

  • Problem with Domain delegation...

    - by Lockhead
    Okey I have the subdomain news.247dist.com, if i dig any this domain i get: ; <<>> DiG 9.4.3-P3 <<>> news.247dist.com any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36179 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;news.247dist.com. IN ANY ;; ANSWER SECTION: news.247dist.com. 259018 IN NS b.ns.broadmail.de. news.247dist.com. 259018 IN NS a.ns.broadmail.de. news.247dist.com. 2382 IN SOA a.ns.broadmail.de. hostmaster.news.247dist.com. 1274182332 16384 2048 1048576 2560 ;; ADDITIONAL SECTION: a.ns.broadmail.de. 718 IN A 193.169.180.254 b.ns.broadmail.de. 718 IN A 193.169.181.254 ;; Query time: 0 msec ;; SERVER: 80.67.16.6#53(80.67.16.6) ;; WHEN: Wed May 19 17:21:16 2010 ;; MSG SIZE rcvd: 160 The Problem is, if I dig any this subdomain and ask one of these NS Servers in the above dig i get: ; <<>> DiG 9.4.3-P3 <<>> any @a.ns.broadmail.de news.247dist.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3887 ;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;news.247dist.com. IN ANY ;; ANSWER SECTION: news.247dist.com. 2560 IN SOA a.ns.broadmail.de. hostmaster.news.247dist.com. 1274182332 16384 2048 1048576 2560 news.247dist.com. 900 IN NS a.ns.broadmail.de. news.247dist.com. 900 IN NS b.ns.broadmail.de. news.247dist.com. 900 IN MX 0 mail.srv2.de. news.247dist.com. 900 IN TXT "v=spf1 ip4:213.61.69.122/32 ip4:193.169.180.0/23 -all" news.247dist.com. 900 IN A 193.169.180.252 ;; ADDITIONAL SECTION: a.ns.broadmail.de. 900 IN A 193.169.180.254 b.ns.broadmail.de. 900 IN A 193.169.181.254 mail.srv2.de. 900 IN A 193.169.180.201 ;; Query time: 23 msec ;; SERVER: 193.169.180.254#53(193.169.180.254) ;; WHEN: Wed May 19 17:26:33 2010 ;; MSG SIZE rcvd: 284 So why I don't get the second result if i simple dig any news.247dist.com?

    Read the article

  • ipv6 reverse DNS delegation

    - by user1709492
    I currently have 2001:1973:2303::/48 assigned to me and i'll be assigning /64's to customer's I'd like to have 1 zonefile for the /48 where i can essentially point / redirect query to different nameservers. Example ( Desired effect ) 2001:1973:2303:1234::/64 -> ns1.example.com, ns2.example.com 2001:1973:2303:2345::/64 -> ns99.example2.com, ns100.example2.com 2001:1973:2303:4321::/64 -> ns1.cust1.com, ns2.cust1.com Current /48 zonefile $TTL 3h $ORIGIN 3.0.3.2.3.7.9.1.1.0.0.2.ip6.arpa. @ IN SOA ns3.example.ca. ns4.example.ca. ( 2011071030 ; serial 3h ; refresh after 3 hours 1h ; retry after 1 hour 1w ; expire after 1 week 1h ) ; negative caching TTL of 1 hour IN NS ns3.example.ca. IN NS ns4.example.ca. 1234 IN NS ns1.example.com. NS ns2.example.com. 2345 IN NS ns99.example2.com. NS ns100.example2.com. 4321 IN NS ns1.cust1.com. NS ns2.cust1.com. Where am i going wrong ? My request seems simple to me atleast. To put it in terms of firewalling i want to redirect traffic client queries 2001:1973:2303:4321::1 - ns3.example.ca sees the request and redirects the query to ns1.cust1.com - ns1.cust1.com answers the query with omg.itworks.ca ( provided ns1.cust1.com is properly configured.

    Read the article

1 2 3 4 5 6 7 8  | Next Page >