Hi,
As per the ARM document for bind9.7, ISC has provided support for new
RR(resource record) types including SPF. Comparison of code of Bind9.3
and Bind9.7 suggests that new libraries (at src\lib\dns) have been
provided for SPF identification. However, either the function
definitions are absent
kalpesh varyani wrote:
Does ISC implement SPF for server or client side currently?
If yes, then where to get the libraries; if not then what is the
scheduled date/release for implementation?
I'm not ISC, and anything I say may be completely wrong. Ok, that's the
disclaimer done with...
BIND
On Jul 10 2011, Emil Natan wrote:
Hi,
I have few boxes running BIND 9.7.3-P3. I do not use DNSSEC (for now) and
dynamic updates (at all) and I have them explicitly disabled in named.conf
(dnssec-enable no; dnssec-validation no; allow-update{ none; };) but I
see named still searching for
Daniel McDonald dan.mcdon...@austinenergy.com wrote:
; DiG 9.8.0-P4 @localhost ips.backscatterer.local ds
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 26308
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL:
On 7/11/11 12:15 PM, Tony Finch d...@dotat.at wrote:
Daniel McDonald dan.mcdon...@austinenergy.com wrote:
; DiG 9.8.0-P4 @localhost ips.backscatterer.local ds
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 26308
;; flags:
The number of DNS queries required for each address lookup requested by
a client has gone up considerably because of IPV6. The problem is being
exacerbated by the fact that many DNS servers on the net don't yet
support IPV6 queries. The result is that address lookups are frequently
taking so
Jonathan Kamens j...@kamens.us wrote:
I said above that the problem is exacerbated by the fact that many DNS servers
don't yet support IPV6 queries. This is because the queries don't get
NXDOMAIN responses, which would be cached, but rather FORMERR responses, which
are not cached. As a
Jonathan Kamens wrote:
I said above that the problem is exacerbated by the fact that many DNS
servers don't yet support IPV6 queries. This is because the queries
don't get NXDOMAIN responses, which would be cached, but rather FORMERR
responses, which are not cached. As a result, the
On 7/8/2011 12:11 PM, Joseph S D Yao wrote:
It should be possible to set up an authoritative-only name server so
that it does not recurse for anyone [except perhaps itself], but still
allow someone to get a full resolution of a name whose canonical name is
elsewhere. IMHBUCO.
I started with
On 7/11/2011 3:10 PM, Tony Finch wrote:
Jonathan Kamensj...@kamens.us wrote:
I said above that the problem is exacerbated by the fact that many DNS servers
don't yet support IPV6 queries. This is because the queries don't get
NXDOMAIN responses, which would be cached, but rather FORMERR
On 7/11/2011 3:26 PM, Eivind Olsen wrote:
I think the main issue here is - why is your nameserver thinking it has
IPv6 connectivity?
No, this isn't the issue.
I see the FORMERR errors in syslog and the timeouts resolving host names
even when I start named with -4.
Named is querying for
On Mon, Jul 11, 2011 at 02:11:57PM -0400, Jonathan Kamens wrote:
The number of DNS queries required for each address lookup requested by
a client has gone up considerably because of IPV6. The problem is being
exacerbated by the fact that many DNS servers on the net don't yet
support IPV6
On 07/11/2011 07:11 PM, Jonathan Kamens wrote:
The number of DNS queries required for each address lookup requested
by a client has gone up considerably because of IPV6. The problem is
being exacerbated by the fact that many DNS servers on the net don't yet
support IPV6 queries. The result is
On 7/11/2011 4:06 PM, Bill Owens wrote:
https://lists.isc.org/pipermail/bind-users/2011-March/083109.html
in which the first sentence says it all: The nameservers for wikipedia.org are
broken.
It's not just wikipedia.org that's broken, obviously. I see this error
in my logs for 19 domains
On 7/11/2011 2:11 PM, Jonathan Kamens wrote:
The number of DNS queries required for each address lookup requested
by a client has gone up considerably because of IPV6. The problem is
being exacerbated by the fact that many DNS servers on the net don't
yet support IPV6 queries. The result is
I'm unclear how BIND could be modified to fix this. The querying
client machines are asking BIND for records. BIND goes out to
the authoritative nameservers to attempt to resolve said records.
The broken nameservers (PowerDNS 3.0 etc) timeout or otherwise hand
out bad responses
On Jul 11, 2011, at 1:25 PM, Jonathan Kamens wrote:
Even if PowerDNS is the only source of this issue, and even if the new
version of PowerDNS is released tomorrow, I'm sure there will still be sites
running the old version a year from now. So just relying on a PowerDNS
release to fix this
On 7/7/2011 12:37 PM, Evan Hunt wrote:
less than $dnskey_ttl seconds in the future. If the activation time
were further away, it would not warn you. If it were in the past, it
would use the key to sign the zone, and again it would not warn you.
There's only a window of $dnskey_ttl seconds in
On Mon, Jul 11, 2011 at 04:25:59PM -0400, Jonathan Kamens wrote:
On 7/11/2011 4:06 PM, Bill Owens wrote:
https://lists.isc.org/pipermail/bind-users/2011-March/083109.html
in which the first sentence says it all: The nameservers for
wikipedia.org are broken.
It's not just wikipedia.org
In message 4e1b562b.2070...@kamens.us, Jonathan Kamens writes:
On 7/11/2011 3:26 PM, Eivind Olsen wrote:
I think the main issue here is - why is your nameserver thinking it has=
IPv6 connectivity?
No, this isn't the issue.
I see the FORMERR errors in syslog and the timeouts resolving
In message 4e1b5c57.8090...@kamens.us, Jonathan Kamens writes:
On 7/11/2011 4:06 PM, Bill Owens wrote:
https://lists.isc.org/pipermail/bind-users/2011-March/083109.html
in which the first sentence says it all: The nameservers for wikiped=
ia.org are broken.
It's not just wikipedia.org
On 07/11/2011 11:11, Jonathan Kamens wrote:
The number of DNS queries required for each address lookup requested by
a client has gone up considerably because of IPV6. The problem is being
exacerbated by the fact that many DNS servers on the net don't yet
support IPV6 queries.
I have to
Users are experiencing this problem now in the field, and more users
will
be experiencing it as BIND is upgraded in more and more places. Every
single user relying on a Fedora 15 DNS server, for example, is going to
see occasional unnecessary DNS timeouts when trying to resolve host
Wikipedia have been told multiple times that their nameservers are
broken, that they fail to add the CNAME records, as required by RFC
1034, which results in garbage answers being returned. Those garbage
answers result in the FORMERR log messages.
Both of the answers below should have CNAME
24 matches
Mail list logo