On Tue, 2021-06-15 at 14:27 +1000, Mark Andrews wrote:
> https://downloads.isc.org/isc/bind9/9.16.16/doc/arm/Bv9ARM.pdf
The modern-day RTFM :-)
-Jim P.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
On Thu, 2021-04-22 at 10:59 +0100, Greg Donohoe wrote:
> Hello,
> I have created a CI/CD pipeline in order to amend zone files using
> nsupdate based on a front end user request. This portion of the
> pipeline is working as expected so now I want to be able to connect
> from my pipeline runner to
On Wed, 2021-04-14 at 08:07 +, Richard T.A. Neal wrote:
>
> Just out of interest, because I run some services on OVH, I know what
> that term means. When you rent a dedicated server from OVH you are
> assigned a single IPv4 address. Let's assume that you then want to use
> VMware or Hyper-V
t very clear.
> Eventually I hope to improve this once our resolvers support RFC8914
> extended dns errors which we could pass on to the frontend.
+1 Thanks!!
> On 4/9/21 9:11 PM, Jim Popovitch via bind-users wrote:
> > > > What I can't figure out is how/when does .ch query the CDS/
On April 9, 2021 8:21:33 PM UTC, "John W. Blue via bind-users"
wrote:
>Sorry .. clicked send too soon.
>
>Found this via google:
>
>https://docs.gandi.net/en/domain_names/advanced_users/dnssec.html
>
>"You can not add DS keys as we compute it for you with the KSK or ZSK, then we
>send it to the
NS query returned: "Server failed to complete the DNS request".
>"
>
>You should check the requirements. You'd need to answer for three
>consecutive days, be consistent in all NS IP addresses, etc.
>
>Hugo
>
>On 15:11 09/04, Jim Popovitch via bind-users wrote:
On Fri, 2021-04-09 at 19:05 +, John W. Blue via bind-users wrote:
> So the issue here is that the DS record that sit in .ch has an ID of 22048
> but the domainmail.ch servers are telling the world that the correct ID is
> 17870.
>
> Thus the DNSSEC breakage.
Of course, however there is no
Hello!
I've read the "Schacher 20200622 Support for and adoption of CDS in .ch
and .li", and studied
https://kb.isc.org/docs/dnssec-key-and-signing-policy, however I've hita brick
wall:
https://dnsviz.net/d/domainmail.ch/dnssec/
What am I missing?
I'm using the following policy and zone
On Tue, 2020-11-24 at 22:22 -0500, Paul Kosinski wrote:
> My reading of the headers (below) does *not* suggest "Reply All".
>
> Rather, they show that mx.pao1.isc.org sent/forwarded the email once,
> and it was received by lists.isc.org once with ESMTP ID 026B967ED73.
> But then lists.isc.org
On Mon, 2020-11-23 at 08:13 +0100, Reindl Harald wrote:
>
> Am 23.11.20 um 04:58 schrieb Jim Popovitch via bind-users:
> > On Sun, 2020-11-22 at 21:56 -0500, Paul Kosinski via bind-users wrote:
> > > I've been getting two identical copies of recent posts to this list...
>
On Sun, 2020-11-22 at 21:56 -0500, Paul Kosinski via bind-users wrote:
> I've been getting two identical copies of recent posts to this list...
Me too, but it's because of people hitting reply-all thinking that they
are replying to the list and the poster. People really need to verify
who they
On November 9, 2020 7:18:03 AM UTC, Rob McEwen wrote:
>Several weeks ago, Mark Andrews gave me an excellent suggestion about a
>particular BIND feature, but it is a somewhat recent feature that
>started to exist on a version of BIND that isn't yet distributed in the
>default/main BIND
On Thu, 2020-09-10 at 13:50 -0400, Jim Popovitch via bind-users wrote:
> On Thu, 2020-09-10 at 11:56 -0400, Rob McEwen wrote:
> > I manage an anti-spam DNSBL and I've been running into an issue in recent
> > years - that I'm FINALLY getting around to asking about. I just joined
On Thu, 2020-09-10 at 11:56 -0400, Rob McEwen wrote:
> I manage an anti-spam DNSBL and I've been running into an issue in recent
> years - that I'm FINALLY getting around to asking about. I just joined this
> list to ask this question. Also, I checked the archives, but couldn't find an
> answer
On Wed, 2020-04-15 at 14:21 +0200, Reindl Harald wrote:
>
> Am 15.04.20 um 14:17 schrieb Jim Popovitch via bind-users:
> > On Wed, 2020-04-15 at 10:35 +0200, Klaus Darilion wrote:
> > > Thanks for answer!
> > >
> > > So actually it is just a cosmet
On Wed, 2020-04-15 at 10:35 +0200, Klaus Darilion wrote:
> Thanks for answer!
>
> So actually it is just a cosmetic change not addressing a real problem.
>
> I will miss the bind9 service :-(
Wait until you find out about Predicatable Network Interface Names and
iptables rules. :)
-Jim P.
On Thu, 2020-04-02 at 09:27 +1100, Mark Andrews wrote:
> > On 2 Apr 2020, at 06:53, Jim Popovitch via bind-users <
> > bind-users@lists.isc.org> wrote:
> >
> > Hello!
> >
> > I started on #bind, moved on to the ARM, and now I am here.
> >
> >
Hello!
I started on #bind, moved on to the ARM, and now I am here.
Here is what I want:
update-policy {grant webserver-tsig-key wildcard _acme-challenge.* TXT;};
This is what I get:
~$ named-checkconf
/etc/bind/named.conf:73: '_acme-challenge.*' is not a wildcard
What am I doing
First, I love it that ISC does these informative sessions.
However, why send out iCal/Calendar instructions AND then send me emails
1 day and 1 hour before each session?
I don't want to cancel my registration, but I do want to cancel the
constant email reminders. Help!
-Jim P.
On 11/12/19 4:42 AM, Alessandro Vesely wrote:
Hi,
I have a signed domain, with inline-signing yes and auto-dnssec maintain.
Although the domain is static, the .signed and .signed.jnl files are being
rewritten without apparent reason. They are about a month newer than the
corresponding .jbk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, 2019-10-10 at 10:39 -0400, Jim Popovitch via bind-users wrote:
> Hello!
>
> Is this a language/translation issue, or is named telling me that it
> would but didn't limit?
>
>
> Oct 10 00:57:21 ns2 named[623]: woul
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
Is this a language/translation issue, or is named telling me that it
would but didn't limit?
Oct 10 00:57:21 ns2 named[623]: would limit REFUSED error responses to
2404:6800:4003:c00::/56
Oct 10 00:58:35 ns2 named[623]: would stop limiting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sun, 2019-07-28 at 02:14 +1000, Mark Andrews wrote:
> > On 28 Jul 2019, at 2:03 am, Jim Popovitch via bind-users
> > wrote:
> >
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > On Su
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sun, 2019-07-28 at 01:36 +1000, Mark Andrews wrote:
> Authoritative servers lookup addresses of nameservers to send notify messages.
> If the names are not in the authoritative data it will iterate to find the
> address.
Thanks Mark. BTW, this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sat, 2019-07-27 at 11:04 -0400, Jim Popovitch via bind-users wrote:
> Hello!
>
> Why would an auto-only server (in this case the master) report this:
>
> Jul 27 13:07:58 ns1 named[624]: resolver priming query complete
&
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello!
Why would an auto-only server (in this case the master) report this:
Jul 27 13:07:58 ns1 named[624]: resolver priming query complete
tia,
- -Jim P.
-BEGIN PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sun, 2019-07-14 at 18:30 -0400, Paul Kosinski via bind-users wrote:
> Testing how lists.isc.org handles DMARC "Quarantine" (and "Reject")
> policy. The enterpr...@mozilla.org mailing list forwards such email in a
> way that some recipients choke
On Thu, 2019-01-31 at 21:12 +0530, Mukund Sivaraman wrote:
> On Thu, Jan 31, 2019 at 10:30:30AM -0500, Jim Popovitch via bind-
> users wrote:
> > On Thu, 2019-01-31 at 19:14 +0530, rams wrote:
> > > Hi,
> > > I have setup sshfp records as follows in bind zone f
On Thu, 2019-01-31 at 19:14 +0530, rams wrote:
> Hi,
> I have setup sshfp records as follows in bind zone file:
>
> test1.ramesh-sshfp.com. 86400 IN SSHFP 1 1 aa
> test2.ramesh-sshfp.com. 86400 IN SSHFP 1 1 00
>
> Successfully started bind but when queried for domain test1 and test2
> ,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
What is the definitive steps for purging (rm -f) old DNSSEC key files
that expired months ago?
tia,
- -Jim P.
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlvHefsACgkQJxVetMRa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2018-08-10 at 09:47 +1000, Mark Andrews wrote:
> > On 10 Aug 2018, at 5:46 am, Jim Popovitch via bind-users > s...@lists.isc.org> wrote:
> >
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Is it possible to...
1) use text only zone files, and
2) keep serials identical between those zone files and what is
published in DNS, and
3) automatically handle signatures when adding new RRs, and
4) not have any journal files.
Is all of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sat, 2018-05-19 at 01:03 +, Evan Hunt wrote:
> On Fri, May 18, 2018 at 04:28:24PM -0400, Jim Popovitch via bind-
> users wrote:
> > Honest question Why are there so many sourcecode
> > modifications/additions/deletio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Honest question Why are there so many sourcecode
modifications/additions/deletions between v9.12.1 and v9.12.1-P2? Some
files should obviously change between minor versions, but ~1300 ?
Bin9 v9.12.1-P2 changed files:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello,
Is there a roadmap for DNSSEC signing capabilities? I'm specifically
wondering if any features are planned to fully automate signing, such
as being able to specify simple zone options like "dnssec-cycle=90d;"
and having bind9 fully manage
On Mon, Sep 05, 2016 at 05:12:47PM +0100, Tony Finch wrote:
> Jim Popovitch via bind-users <bind-users@lists.isc.org> wrote:
> >
> > Thanks. Now I'm seeing something slighly different. I have 3 NS
> > servers, ns{1-3}.domainmail.org.
> >
> > When I first
On Mon, Sep 05, 2016 at 09:51:25AM +0100, Tony Finch wrote:
> Jim Popovitch via bind-users <bind-users@lists.isc.org> wrote:
> >
> > Should minimal-all (v9.11.0-rc1) work on a master? My testing shows
> > that it only works on the slave DNS servers.
>
On Fri, Sep 02, 2016 at 06:59:35PM +, Jim Popovitch via bind-users wrote:
> Hello,
>
> Should minimal-all (v9.11.0-rc1) work on a master? My testing shows that it
> only works on the slave DNS servers.
>
And by minimal-all I mean minimal-any (i keep typo'ing that for som
Hello,
Should minimal-all (v9.11.0-rc1) work on a master? My testing shows that it
only works on the slave DNS servers.
relevant named.conf: http://paste.debian.net/plainh/62ee2440
-Jim P.
signature.asc
Description: Digital signature
___
Please
39 matches
Mail list logo