It doesn't answer your original question, but I suggest looking at the
'algorithm' of that key.
Might it be a hmac-md5 ?
If you 'named-conf -px' does it appear in the list of keys?
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs
Assurance you are actually trying to compile current code.
A statement of what your operating system is.
Actual output of your compile steps.
Actual logged output of your attempt to launch.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs
be hammered into our RPZ ?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds
things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 5/5/2024 8:15 AM, Luca vom Bruch via bind-users wrote:
Hello,
I use bind (stock from alma 9.3) as a nameserver for a webhosting
server
atalog-zones?
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the develo
. Is there a way to narrow it down?
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 4/17/2024 9:21 AM, Ondřej Surý wrote:
Let me guess - you are running on RHEL (without SHA-1 support
08:40:40.323 validating www.dnssec-failed.org/A: no
supported algorithm/digest (dnssec-failed.org/DS)
17-Apr-2024 08:40:40.323 validating www.dnssec-failed.org/A: marking
as answer (proveunsecure (2))
17-Apr-2024 08:40:40.323 validator @0x7fb8722b8e00: dns_validator_destroy
--
Do thing
;; ANSWER SECTION:
www.dnssec-failed.org. 7198 IN A 68.87.109.242
www.dnssec-failed.org. 7198 IN A 69.252.193.191
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(localhost) (UDP)
;; WHEN: Tue Apr 16 15:21:46 AKDT 2024
;; MSG SIZE rcvd: 110
--
--
Do things
. We found what we wanted in the cache of bad
entries)
Can anyone confirm my hypothesis?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman
I can use dig to request a zone transfer:
dig AXFR foo.com
I am unable to find a simple way to craft a NOTIFY message. Can anyone
help me out?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 2/26/2024 7:35 AM, Victoria Risk wrote:
The BIND 9.16 release branch is approaching EOL as of April, 2024. We
encourage users running 9.16
why should my clients be trusting *me* to validate them?
Can someone make a good case to me for continuing to perform DNSSEC
validation on my central resolvers?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
e best way to correct
this?
Or maybe add the un-used RFC 1918 zones to our RPZ?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman/listinfo/
hours were of diminishing value, as
my caffeine wore off and my frustration grew. After a night's sleep, and
a pot of fresh tea I figured it out.
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administra
s from all of the
possible DNS services in the environment. But this is achievable, and
will address the problem (of our own making) which is causing pain.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administra
an NXDOMAIN with
confidence.
And since writing my earlier note, I have re-located the code I think I
stumbled across earlier
Tony Finch's "nsdiff"
https://dotat.at/prog/nsdiff/
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@
, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions
Welp, there I have it. I thought I had until April 2028 :(
Sorry for the noise.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 6/23/2023 12:04 PM, Ondřej Surý wrote
amd64 Packages
500 http://security.ubuntu.com/ubuntu bionic-security/main
amd64 Packages
1:9.11.3+dfsg-1ubuntu1 500
500 http://azure.archive.ubuntu.com/ubuntu bionic/main amd64
Packages
--
Do things because you should, not just because you can.
John Thurston907-465
/+archive/ubuntu/bind I think
it is telling me that 1:9.18.16-1+ubuntu22.04.1+isc+1 should be available.
Has anyone successfully updated to 9.18.16 from this PPA? Can you
suggest what I'm doing wrong today?
--
--
Do things because you should, not just because you can.
John Thurston907-465
Were you able to do it with your RPZ?
*
https://learn.microsoft.com/en-us/azure/app-service/environment/create-ilb-ase
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://l
hese tests.
Arguments against:
* Maybe I misunderstand, and such NS records aren't actually benign
Unknown:
* Does the answer change if we want to start signing either zone?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.go
+XHeB8O8GTLqk7HgfdM8=
) ; KSK; alg = RSASHA256 ; key
id = 46144
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org
s because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid supp
ld, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 2/17/2023 10:46 AM, Ondřej Surý wrote:
Well, the serial number arithmetics is there for a reason - you
usually don’t want to rollback to previous version of the
the other views, would be
uninterrupted.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 2/17/2023 10:23 AM, Ondřej Surý wrote:
*CAUTION:* This email originated fr
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software w
al
number, and waiting patiently for the refresh interval to expire before
checking again.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 1/27/2023 1:53 AM, Ondřej Surý wrote:
FTR I am
imilar behavior?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the develop
s because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 1/25/2023 8:36 AM, John Thurston wrote:
Off-list, it was suggested to me that I _could_ handle this in my RPZ,
by enumerating all 255 illegal TLDs (
and ignore the
rest. I think this will get me what I want, at a level of complexity I
can accept.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 1/24/2023 10:26 PM, Greg Cho
urns a SERVFAIL to the customer.
I haven't yet tried, but I don't expect I can define an RPZ to trap such
illegal names. Can I? If I could, it would reduce the traffic to Akamai,
and the number of validations I'm trying to do.
--
--
Do things because you should, not just bec
have my suspicions of what's happening, but not enough information to
form a solid hypothesis or perform tests. I want higher confidence that
I'm recognizing the important lines in the logs before I start casting
stones.
--
Do things because you should, not just because you can.
John Thurston
gning information for wunderkind.co and found
none. That's cool, we didn't expect them to be."
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman
on of BIND?
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 12/7/2022 10:32 AM, Ben Bridges wrote:
The BIND version is 9.16.1 running on a fully patched Ubuntu 20.04.5
server.--
V
s.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 9/6/2022 2:31 PM, Greg Choules via bind-users wrote:
Hi Michael.
Have you tried without the "allow-transfer" state
, and bind-dev
Is it reasonable to expect these changes will occur in about the middle
of the month?
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org
r compiled in), then named-checkconf isn't
going to help. To learn those, I think you'll need to query the
operating system for information about the specif process. I'd be
looking at pgrep and ps, but there's probably better ways to do it.
--
Do things because you should, not just because you
On 2/9/2022 2:36 AM, Tony Finch wrote:
John Thurston wrote:
Are we not able to use catalog zones to propagate zone-configuration for
anything other than 'master' zones?
>
It is only for configuring authoritative secondary zones.
That's unfortunate, but thanks for the confirmation
gov' is defined on the primary like so:
zone "ak.gov" {type forward;forward only;forwarders
{ 10..11.12.13; };
};
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of
Check the list archives beginning April 2021 for the thread:
Deprecating BIND 9.18+ on Windows (or making it community improved and
supported)
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
' and 'user' mailing lists. I need to find
and plug this communication hole.)
B) What are the plans for the 'bind-esv' COPR? (Will it soon start
serving 9.16? Do I need to manually switch from 'bind-esv' to 'bind'? Is
COPR dead?)
--
--
Do things because you should, not just because you can.
stupid domains; there must be an explicit 'forward' zone
defined.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
___
Please visit https
Define an explicit forward-zone on the recursive server for
private.dns.com In the zone definition, put the addresses of the
servers which can answer for private.dns.com.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
If you update your resolver to 9.16, I think you can do exactly what you
want with the "validate-execpt" option.
{rolls eyes} been there. done that. for exactly the same reason :/
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
On 11/16/2021 2:41 AM, Tony Finch wrote:
John Thurston wrote:
If I have a Reverse Policy Zone (RPZ) defined, I can define a specific answer
to be sent for a specific record-type for a specific name:
foo.bar.com IN A 10.11.12.13
foo.bar.com IN TXT "Hello World"
But I
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this
On 11/10/2021 6:25 AM, Giddings, Bret wrote:
Is there any other facility for including effectively the same grant
statements within multiple zones?
I am not aware of any
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
some validity checks
into your edit/deploy process.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
___
Please visit https://lists.isc.org
ld, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the developm
TXT
records, while letting the current key continue to work.
Is there a way to get the configuration I want? or must I make a
wholesale swap of each md5 key for something newer?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thur
urn
BIND 9.16.17 (Stable Release)
BIND 9.16.18-Ubuntu (Stable Release)
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
___
Please v
ask for "status" without also letting it ask
for "reload" or "flushname".
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
__
arning: When started for the first time, imfile will read the existing
file and start forwarding. If the query log already contains 800MB of
lines, those will all be read in and passed through the parser and
output modules.
--
Do things because you should, not just because you can.
John Thurston907
to madness.
The only thing I can come up with is to activate dnstap, and have some
other process absorbing the data and spewing it directly to the central
syslogd.
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department
.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 12/11/2020 11:13 AM, John Thurston wrote:
Running BIND 9.16.9 on CentOS 8
I have the following in my .conf
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "
transfers?
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds
to offer up other linux distributions on which
they have had unqualified success with these same packages?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
for something?
If so, for what? and how high?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
___
Please visit https://lists.isc.o
ut/ having to download and compile the source
code?
Please take a look at the ISC "Software Collection":
https://copr.fedorainfracloud.org/coprs/isc/
We use those packages with CentOS 7 and 8 to deliver ISC BIND 9.11 and 9.16.
--
Do things because you should, not just because you can.
If so, which properties?
(FWIW, BIND version 9.11.24 on the primary and 9.16.8 on the secondary.)
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
_
t;yum
install"? Is it simpler than that?
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
___
Please visit https://lists.isc.org/mailm
you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
Can those of you who care about performance, who have worked to improve
your performance, share some of your suggestions that have the most
impact? Please also comment if you think any
On 11/19/2019 8:34 AM, Reindl Harald wrote:
Am 19.11.19 um 18:23 schrieb John Thurston:
A) Should I expect these file permissions be altered by a minor update?
I know I started at 9.11.8 and have updated to 9.11.9 and 9.11.10
without seeing this behavior.
yes, every by a package owned
path in my named.conf is currently set to a relative path
"../../log/query.log", but I could easily change it to an absolute path
"/var/log/named/query.log"
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Depa
ooked over the BIND release notes and don't see anything about a
change to the logging behavior. Did I miss something?
Or maybe some kernel (or other package) patch broke some dependency?
I'm looking for ideas here.
--
Do things because you should, not just because you can.
John Thurston90
n" concept meet our needs, and I'd dearly like to be able to
consider it stable.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
___
Ple
stabilize it?
Are there outstanding feature requests to be addressed?
Is there a timeline somewhere?
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State
to the servers which are already answering for them?
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
___
Please visit https://lists.isc.org/mailman
addressed?
Is there a timeline somewhere?
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
___
Please visit https://lists.isc.org/mailman/lis
.
Is there some way to do this?
alias { 10.10.1.2; 10.10.3.4; 10.10.5.6; }
zone "foo" {type forward; forwarders ( alias;}; };
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State
On a server with both static and dynamic zones, is there any reason to
perform an:
rndc sync
prior to issuing an:
rndc reload
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
want my automated processes to stop working because
something will be going away at some point in the near future.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
ermissions on /var/opt/isc/isc-bind/log?
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
___
Please visit https://lists.isc.org/mailman/lis
-bind/log/
Since I'm new the "Software Collection" paradigm, I don't know if this
is an acceptable location for my operational logs. Is that location
going to get trashed when I install the next update?
--
Do things because you should, not just because you can.
John Thurston90
76 matches
Mail list logo