Hi,
>
> Really I don’t want to be writing code to just deal with SpamHaus’s
> mis-implementation. They should fix their broken servers.
>
I have to add that their support absolutely sucks. They have no interest in
supporting their customers on any issue, including this one.
--
Visit
ange line like this:
18-Sep-2023 12:13:31.606 lame-servers: success resolving
'um27qfow2knpuwx56o4otvovib2zbomydtlkuo4sktbo34cmjqvq._
file.mykey.hbl.dq.spamhaus.net/A' after disabling qname minimization due to
'failure'
btw, their support really sucks.
Thanks,
Alex
--
Visit https://lists
Hi,
I have a fedora38 server with bind-9.18.17 and receiving the following log
entries for virtually every query (where "mykey" is my registered spamhaus
DQS key):
07-Sep-2023 14:30:13.608 lame-servers: FORMERR resolving '
mykey.hbl.dq.spamhaus.net/NS/IN': 66.42.94.100#53
07-Sep-2023 14:30:13.625
rrors? How can I
determine this, or better identify the reason for the timeouts?
Thanks,
Alex
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/c
ind tuning problem? Neither server where I ran these tests
are having resource issues that I know of.
Any ideas on how to troubleshoot these to confirm it's not a problem with
my own server would be greatly appreciated.
Thanks,
Alex
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to u
on how I should proceed?
Thanks,
Alex
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind
Hi,
I have a bind-9.18.7 system on fedora37 and having some strange errors with
some queries.
$ host info.apr.gov.rs
Host info.apr.gov.rs not found: 2(SERVFAIL)
in my bind logs I have the following:
16-May-2023 10:37:49.800 resolver: DNS format error from 195.178.56.17#53
resolving
On Sat, Nov 26, 2022 at 11:05 PM Anders Löwinger wrote:
> 26-Nov-2022 09:19:13.969 lame-servers: SERVFAIL unexpected RCODE resolving
> 'lists.opensuse.org/NS/IN': 195.135.221.195#53
>
> Lots of errors in the zone:
>
> https://zonemaster.net/result/ff3dacdfc1e41199
>
That's very helpful
searching
for this error.
Any ideas greatly appreciated.
Thanks,
Alex
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information
that I'd like to determine the cause.
Is it possible to log the name server that was used when the timeout
occurred, that the domain owner could then use to correlate these entries
with a specific nameserver for their domain?
Thanks,
Alex
--
Visit https://lists.isc.org/mailman/listinfo/bind-users
On Mon, May 9, 2022 at 7:27 PM Fred Morris wrote:
> On Mon, 9 May 2022, Alex K wrote:
> > [...]
> > The problem now is that I see sometime 700MB of DNS traffic for 2GB of
> > Internet browsing within one month.
>
> That's an eyebrow raiser. Tunneling, antivirus (or
On Mon, May 9, 2022 at 2:46 PM Bjørn Mork wrote:
> Alex K writes:
> > On Mon, May 9, 2022 at 1:51 PM Matus UHLAR - fantomas >
> > wrote:
> >
> >> maybe someone uses VPN over DNS...
> >> in such case, rate limiting of client comes to mind...
> >&g
On Mon, May 9, 2022 at 1:51 PM Matus UHLAR - fantomas
wrote:
> >On 09. 05. 22 10:34, Alex K wrote:
> >>The initial and current approach is to provide DNS free of charge,
> >>which simplified things for me. Though the traffic in question is
> >>satellite traffic w
Hi Greg,
On Mon, May 9, 2022 at 11:17 AM Greg Choules <
gregchoules+bindus...@googlemail.com> wrote:
> Hi Alex.
> Your use case may be very different to the one I faced in my previous job.
> But there we did not and could not charge for DNS. It was seen as a
> necessary
On Mon, May 9, 2022 at 11:48 AM Petr Špaček wrote:
> On 09. 05. 22 10:34, Alex K wrote:
> > Hi Petr,
> >
> > On Mon, May 9, 2022 at 10:26 AM Petr Špaček > <mailto:pspa...@isc.org>> wrote:
> >
> > On 06. 05. 22 17:02, Alex K wrote:
&g
Hi Petr,
On Mon, May 9, 2022 at 10:26 AM Petr Špaček wrote:
> On 06. 05. 22 17:02, Alex K wrote:
> > Hi all,
> >
> > I have the following problem: I run a caching dns server using bind9
> > v9.10.3 in a gateway device which it serves several internal LAN IP
> >
as an additional note on this, I had in the past the same issue with
the proxy traffic that this same gateway was generating and found a
solution by using TPROXY feature of the squid proxy, which exposes the real
internal client IP address at the WAN traffic which can later be NATed.
Thanx for any ideas,
Alex
Hi,
On Sun, Jan 24, 2021 at 4:44 PM Mark Andrews wrote:
>
> Use the correct zone name.
>
> 1.168.192.IN-ADDR.ARPA
>
> You have the full /24 so you don’t need to use RFC2317 techniques.
Thanks so much. That worked great.
___
Please visit
rnet and the top-level name servers.
# dig +trace any 150.1.168.192.in-addr.arpa.
Thanks,
Alex
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support
Hi Daniel,
Thank you very much!
It was exactly what I was looking for.
On Tue, Feb 12, 2019 at 4:03 PM Daniel Stirnimann <
daniel.stirnim...@switch.ch> wrote:
>
> Hello Alex,
>
> > Is this expected behaviour? Is there any way to make the server avoid
> > proceedin
ient correctly
received "domain does not exist".
Is this expected behaviour? Is there any way to make the server avoid
proceeding with the resolution, when the initial client requests is
blocked?
Thanx,
Alex
___
Please visit https://lists.isc.org/mailman/list
Hi,
On Mon, Oct 1, 2018 at 9:58 AM Blake Hudson wrote:
>
> Alex wrote on 9/30/2018 7:27 PM:
> > Hi,
> >
> > On Sun, Sep 30, 2018 at 1:19 PM @lbutlr wrote:
> >> On 30 Sep 2018, at 09:59, Alex wrote:
> >>> It also tends to happen in bulk - there may
Hi,
> > It also tends to happen in bulk - there may be 25 SERVFAILs within
> > the same second, then nothing for another few minutes.
>
> Hmmm. If it isn't the modem and it isn't the BLs then it more or less
> has to be the service, no?
Yes, most likely, but I was looking for more definitive
Hi,
On Sun, Sep 30, 2018 at 1:19 PM @lbutlr wrote:
>
> On 30 Sep 2018, at 09:59, Alex wrote:
> > It also tends to happen in bulk - there may be 25 SERVFAILs within the
> > same second, then nothing for another few minutes.
>
> That really makes it seem like eit
Hi,
> > Sep 29 14:33:54 mail03 postfix/dnsblog[3290]: warning:
> > dnsblog_query: lookup error for DNS query
> > 123.139.28.66.dnsbl.sorbs.net: Host or domain name not found. Name
> > service error for name=123.139.28.66.dnsbl.sorbs.net type=A: Host
> > not found, try again
> >
> > I'd really be
sblog_query:
lookup error for DNS query 123.139.28.66.dnsbl.sorbs.net: Host or
domain name not found. Name service error for
name=123.139.28.66.dnsbl.sorbs.net type=A: Host not found, try again
I'd really be interested in people's input here.
Thanks,
Alex
_
Hi,
On Fri, Sep 28, 2018 at 12:18 AM Lee wrote:
>
> On 9/27/18, Alex wrote:
> > Hi,
> >
> >> Just a wild thought:
> >> It works with a lower speed line (at least I read it that way) but has
> >> problems with higher speeds.
> >> Could it be
Hi,
> Hi Alex,
>
> Have you tried on a separate physical server? To rule out the actual hardware
> as being the problem?
>
> Is this some user grade PC with either onboard or external ethernet
> interface, or a proper server grade equipment? Age of equipment? What else
&
n the packets for processing.
No, I actually upgraded from a 65/20mbit to a 165/35mbit recently,
thinking it was too slow because it was happening at the slower speeds
as well. I've also implemented some basic QoS to throttle outgoing
smtp and prioritize DNS but it made
en assured by both
the cable tech that was here and the dimwits on the other end that
it's operating normally. I really wish it were that easy.
Thanks,
Alex
>
> --
>
> 73,
> Ged.
> ___
> Please visit https://lists.isc.org/mailman/listinf
Hi,
> On Thu, Sep 27, 2018 at 10:53:25AM -0400, Alex wrote:
> > Many of these values I've already tweaked and have had no effect on my
> > SERVFAIL issues :-(
>
> If you are getting SERVFAILs from a BIND resolver you administer, then
> it has responded to your query. If y
ring size settings (look at ethtool -K,
> ethtool -A, ethtool -C and ethtool -G), but sadly have lost the specific
> commands.
I've also tried configuring the NIC with ethtool according to the
variables defined in the RH document listed above and have had no
success.
This really is jus
Hi,
I reported a few weeks ago that I was experiencing a really high
number of "SERVFAIL" messages in my bind-9.11.4-P1 system running on
fedora28, and I haven't yet found a solution. This is all now running
on a 165/35 cable system.
I found a program named dropwatch which is showing a
Hi,
On Tue, Sep 11, 2018 at 2:47 PM John W. Blue wrote:
>
> If you use wireshark to slice n dice the pcap .. "dns.flags.rcode == 2" shows
> all of your SERVFAIL happens on localhost.
>
> If you switch to "dns.qry.name == storage.pardot.com" every single query is
> localhost.
>
> Unless you
for
ac949d5d947f8f5cad13e98c68bac6f284c367fd.ebl.msbl.org/A in 30.84:
timed out/success
[domain:ebl.msbl.org,referral:0,restart:6,qrysent:11,timeout:10,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
Thanks,
Alex
On Mon, Sep 10, 2018 at 12:11 PM Alex wrote:
>
> Hi,
>
>
Hi,
> >> tcpdump -s0 -n -i eth0 port domain -w /tmp/domaincapture.pcap
> >>
> >> You don't need all of the extra stuff because -s0 captures the full packet.
>
> On 06.09.18 18:42, Alex wrote:
> >This is the command I ran to produce the pcap file I sent:
errupt 16 memory 0xdf20-df22
Thanks,
Alex
>
> John
>
> -Original Message-
> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Alex
> Sent: Thursday, September 06, 2018 2:54 PM
> To: bind-users@lists.isc.org
> Subject: Re: Frequent t
On Thu, Sep 6, 2018 at 3:05 PM John W. Blue wrote:
>
> Alex,
>
> Have you uploaded this pcap with the SERVFAIL's? I didn't have time to look
> at your first upload but can review this one.
Thanks very much. I've uploaded the pcap file here. It's about ~100MB
compressed, and r
Hi,
On Mon, Sep 3, 2018 at 12:45 PM Carl Byington wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On Sun, 2018-09-02 at 21:54 -0400, Alex wrote:
> > Do you have any other ideas on how I can isolate this problem?
>
> Run tcpdump on the external ether
Hi,
> > When trying to resolve any of these manually, it just returns
> > NXDOMAIN.
>
> What does
>dig -4 71.161.85.209.hostkarma.junkemailfilter.com +trace +nodnssec
> show, and it is consistently NXDOMAIN? That ends here with:
>
> 71.161.85.209.hostkarma.junkemailfilter.com. 2100 IN A
Hi,
It was reported there was a permissions problem with my Google Drive
link to the pcap file only allowing access to Google users. This
should now be public:
https://drive.google.com/file/d/1Ui893Lg61psZCR8I_9SJtNqs-Sil_br5/view?usp=sharing
Thanks,
Alex
On Sat, Sep 1, 2018 at 11:45 PM Alex
On Sat, Sep 1, 2018 at 11:25 PM Carl Byington wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On Fri, 2018-08-31 at 17:18 -0400, Alex wrote:
> > ../../../lib/dns/resolver.c:3927 for support.coxbusiness.com/A in
>
> After 4 seconds, I get SERVFAIL on tha
blevision/Optonline has told me there are no
problems, but their tests aren't very thorough - if ping works and
doesn't drop packets at that particular time, the link must be fine.
Thanks,
Alex
>
>
>
to troubleshoot this?
Is it possible that even though the link otherwise seems to be
operating okay that there could still be some problem that would
affect DNS traffic?
I've also clear all firewall rules, and it's not even all queries which fail.
Thanks,
Alex
Hi, I'm still having a problem and haven't received any replies. Is
there anyone with any ideas on how to troubleshoot this?
What other information can I provide to help troubleshoot this?
On Thu, Jul 26, 2018 at 5:49 PM, Alex wrote:
> Hi, here is some further debugging on what I beli
: timed
out/success
[domain:dnsbl-3.uceprotect.net,referral:2,restart:1,qrysent:2,timeout:1,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
There appears to be a few timeout errors. Is this an indication there
is a performance problem with the cable modem or connection?
Thanks,
Alex
DP/IPv4 recv errors
7 UDP/IPv4 sockets active
3 TCP/IPv4 sockets active
1 Raw sockets active
++ Per Zone Query Statistics ++
--- Statistics Dump --- (1532634389)
On Thu, Jul 26, 2018 at 2:51 PM, Alex wrote:
> Hi,
>
> On Thu, Jul 26, 2018 at
Hi,
On Thu, Jul 26, 2018 at 1:57 PM, John Miller wrote:
> Hi Alex,
>
> What does your query volume look like on this server? Depending on
> volume, the BIND defaults for:
>
> - clients-per-query
> - max-clients-per-query
> - recursive-clients
> - tcp-clients
>
&g
Hi,
I have a bind-9.11.4 server on a fedora28 system and are frequently
seeing SERVFAIL errors like this:
26-Jul-2018 12:54:04.255 query-errors: info: client @0x7f764314a5c0
127.0.0.1#50719 (223.178.102.199.cidr.bl.mcafee.com): query failed
(SERVFAIL) for 223.178.102.199.cidr.bl.mcafee.com/IN/A
Hi,
We had a former customer who parked about 300 domains with his
registry on our server but is no longer a customer and hasn't moved
his domains. There aren't any hosts behind the domains.
Is there anything more I can do to block/prevent them from continually
querying my system outside of just
Hi,
I have a few fedora25 systems with bind-9.11 set up for a few domains.
One system is master with the other two configured as slaves. The
master and one of the slaves are on one network while the other slave
is on a totally different network.
Last week the network with the master and one of
> for policies purpuose, we need to know which remote site is resolving a Bind
> 9.x public DNS Server.
> The problem occurs when some carriers "share" the same IP address between
> more customers and they surf behind a shared NAT.
>
> Is there a way?
You could use DNS Cookies
ing completely correct is the result from a host command:
# host 66.104.104.100
100.104.104.66.in-addr.arpa is an alias for 100.96/28.104.104.66.in-addr.arpa.
100.96/28.104.104.66.in-addr.arpa domain name pointer email.example.com.
It just doesn't look right.
Thanks,
Alex
_
Hi,
>> >> I have a bind-9.10.3 server on fedora22 that is authoritative for a
>> >> few domains and their corresponding IP ranges. I'd like to set up
>> >> another domain server (rbldnsd) on a host in one of those domains as a
>> >> forward-only server.
>> >>
>> >> The problem appears to be that
Hi Mark,
On Wed, Oct 19, 2016 at 9:48 PM, Mark Andrews <ma...@isc.org> wrote:
>
> In message
> <CAB1R3sjkUOzWeEbyhSF-s+J=Wfu2La2kQ513uRQu9YFi=jc...@mail.gmail.com>, Alex
> writes:
>> Hi,
>>
>> I have a bind-9.10.3 server on fedora22
809
(abc.com.scann.example.com): query: abc.com.scann.example.com IN A +
(127.0.0.1)
I set up the reverse zone a long time ago, and I don't think the "zone
96/28.104.104.66.in-addr.arpa" is completely correct, but it appears
to work. I'm not sure if that's related to the problem, but woul
};
zone "." IN {
type hint;
file "/var/named/named.ca";
};
zone "sbl.example.com" {
type slave;
file "slaves/db.sbl.example.com";
masters { 64.11.16.5; };
allow-query { trusted; };
allow-transfer { trusted; };
};
inclu
.[4..7]*6
bl.mailspike.net*4
bl.spamcop.net*4
bl.spameatingmonkey.net*4
mykey.zen.dq.spamhaus.net=127.0.0.3*4
list.dnswl.org=127.[0..255].[0..255].0*-2
list.dnswl.org=127.[0..255].[0..255].1*-3
list.dnswl.org=127.[0..255].[0..
HI,
I have a fedora22 system with bind-9.10.2 that is configured to be
authoritative for its domain and also provides recursive query
services for a number of trusted hosts.
I'm seeing a situation where multiple queries for the same host are
occurring in the logs, and I don't understand why. In
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Kanogin Alex
not use +trace here.
--
Kanogin Alex
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
cat /dev/shm/named-checkconf.out | grep -v loaded serial
fi
--
Alex
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
ideas greatly appreciated.
Thanks,
Alex
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
IN TXT v=spf1 a -all
ns1 IN TXT v=spf1 a -all
ns2 IN TXT v=spf1 a -all
smtpIN TXT v=spf1 a -all
smtp1 IN TXT v=spf1 a -all
Thanks,
Alex
___
Please visit https
logs?
Thanks,
Alex
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
no; };
Thank you all. This is perfect.
Thanks,
Alex
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
;
include /etc/named.root.key;
include /etc/rndc.key;
Thanks,
Alex
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind
-name-dot1x.hull.ac.uk.
MAC auth for devices such as printers use DDNS to put device in
printers.hull.ac.uk.
Non network auth buildings use our old SQL database system with dns and dhcp
config file builds /reloads etc
Rgds
Alex
On 6 Oct 2011, at 10:16, Phil Mayers wrote:
On 10/06/2011 09:44
to extend what
statistics we're getting, although I'm not sure on that count either. Any
thoughts?
Thanks, everyone
-Alex
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
Hi,
It is in the ARM.
http://ftp.isc.org/isc/bind9/cur/9.8/doc/arm/Bv9ARM.ch06.html#id2575842
Thanks everyone for the information. Sure appreciate it.
Alex
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo
with whether it was found in the cache?
Thanks,
Alex
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
at some documentation, I'd appreciate it --
I've been looking for a few days, and everything I've found assumes a
/24 subnet.
Thanks,
Alex McKenzie
a...@chem.umass.edu
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
settings changed. If there's a way to change all the settings
by host in a single file, that would at least make that easier.
For larger subnets we can use multiple zones, but I'd hoped to avoid it
if possible. It sounds from this like there isn't a way, though.
Thanks,
Alex
Matt Baxter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Miller wrote:
On 10/6/2010 3:21 PM, Jay Ford wrote:
On Wed, 6 Oct 2010, Alex McKenzie wrote:
Unfortunately, we do have need -- or at least a use -- to have smaller
subnets in multiple files, but without delegating authority. The
problem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jay Ford wrote:
On Wed, 6 Oct 2010, Alex McKenzie wrote:
Out of curiosity: what if it's a /16 or /8 network? Do those also get
built as 24 bit files, or can they be built differently? I seem to
recall seeing an option for a reverse lookup
entering as it relates to routing and networking in
general, but I also thought it somehow related to SMTP, and that's
what I'd like to make sure.
Thanks so much.
Best regards,
Alex
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
if an upper-bound may be being hit?
Thanks,
Alex
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
using the hypen, and learned the hard way I had to switch to the
slash. Where is this change documented?
Does anyone know if this format is documented well in O'Reilly's
DNSBIND v5? Do you know up to what specific version it's applicable,
or perhaps even it's current?
Thanks,
Alex
On Mar 23, 2010, at 12:05 PM, David W. Hankins wrote:
On Mon, Mar 22, 2010 at 02:33:01PM -0500, Alex Moen wrote:
So, I can do it manually, but why can't the DHCP server request the
same
thing to be done automagically? Where is the provision for this
type of
process?
What you
maintenance period, but before doing that I would like to
know if it will help...
TIA, and if anything else is needed, please let me know My
configs are available if needed, don't wanna create such a long post
if it's not needed.
Alex
,
successfully. This fixes the DNS problem for this client.
So, I can do it manually, but why can't the DHCP server request the
same thing to be done automagically? Where is the provision for this
type of process?
Thanks...
Alex
On Mar 22, 2010, at 1:43 PM, Alex Moen wrote:
First of all, forgive
might persuade bind to correctly resolve
hostnames in a list of specified domains?
TIA
Alex
smime.p7s
Description: S/MIME cryptographic signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
82 matches
Mail list logo
