side your normal working hours.
>
> On 20. 4. 2022, at 8:04, rams wrote:
>
>
> Seeing only these two line in log:
> Apr 20 05:54:20 perf-bind named[74314]: client @0x7fb844005288
> 127.0.0.1#13522 (25million.com): transfer of '25million.com/IN': AXFR
> started (serial 160561
at 11:17 AM Crist Clark
wrote:
> Probably.
>
> Maybe check for any log messages from BIND. Do packet capture to see
> exactly what's happening to the TCP.
>
> On Tue, Apr 19, 2022 at 10:12 PM rams wrote:
>
>> Hi,
>> We are getting the following error when
Hi,
We are getting the following error when we query for the 25M zone with axfr
.
]# dig @localhost 25million.com axfr |tail
a8157794.25million.com. 86400 IN A 1.1.1.1
a8157795.25million.com. 86400 IN A 1.1.1.1
a8157796.25million.com. 86400 IN A 1.1.1.1
Hi,
Greetings ...
Could someone please share all supported DNS RRs and examples of each RR.
Regards,
Ramesh
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at
Hi,
I am using bind 9.16.21 on ubuntu. When I am running dnsperf against that,
always load is going one CPU core, because of this issue, I am seeing less
QPS. Has anyone faced the same issue? Could you please someone look into
this and help me with this?
Regards,
Ramesh
Hi,
I am using bind 9.16.21 on ubuntu. When I am running dnsperf against that,
always load is going one CPU core, because of this issue, I am seeing less
QPS. Has anyone faced the same issue? Could you please someone look into
this and help me with this?
Regards,
Ramesh
Hi,
I am using bind 9.16.21 on ubuntu. When I am running dnsperf against that,
always load is going one CPU core, because of this issue, I am seeing less
QPS. Has anyone faced the same issue? Could you please someone look into
this and help me with this?
Regards,
Ramesh
:19:39 named[1354]: zone
5.0.0.0.0.0.0.0.8.1.6.0.1.0.a.2.ip6.arpa/IN: ref...led
Hint: Some lines were ellipsized, use -l to show in full.
[dev][root@xtld2.usiad42 log]#
On Fri, Apr 9, 2021 at 11:16 AM Stuart@registry.godaddy
wrote:
>
>
> > From: bind-users on behalf of ram
Hi
We are using bind 9.11.28.1 on centos7.8. We have large number of zones on
disk. When we stop/start , we are not getting successful message and seeing
below error. But in log we see named is running and doing axfr/ixfr. Do we
need to add any configuration paameter to avoid below error.
Hi,
auto-dnssec option is mandatory for inline signing along with
"inline-signing yes" option? Kindly confirm.
Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development
Hi,
Can anyone help me how to generate ZSK key with one year validity?
When I am trying , it is default 30 days validity but i want to make ZSK
key validity 1 year. Is it possible in bind?
Regards,
Ramesh
___
Please visit
Hi,
What is the latest bind version for Centos 7?
Where we can download it?
Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support
Hi,
Do we need to set any option in named.conf for auto RRSIG generation in
bind?
Can anyone help me on this.
Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of
Hi,
Can anyone share the steps and commands for key rollover for inline signing
zones in bind by manual/auto.
Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of
Hi
On the CAA record iodef filed, do we force this to be unique or can it
match a CNAME?
Thanks,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
Hi,
Greetings !
How to configure "minimal-responses" option at zone level?
At global level it is working fine. but looking help for zone level to
configure. Can someone help me on this
Regards,
Ramesh
___
Please visit
Greetings.!
how does recursive resolver get the information for a zone example.com in
below setup when
example.com has DS records in .com
.com is tld zone
example.com is sld zone
Regards,
Ramesh
___
Please visit
ist .
Regards,
Ramesh
On Thu, 31 Jan 2019, 7:14 pm rams Hi,
> I have setup sshfp records as follows in bind zone file:
>
> test1.ramesh-sshfp.com. 86400 IN SSHFP 1 1 aa
> test2.ramesh-sshfp.com. 86400 IN SSHFP 1 1 00
>
> Successfully started bind but when queried for d
Hi,
I have setup sshfp records as follows in bind zone file:
test1.ramesh-sshfp.com. 86400 IN SSHFP 1 1 aa
test2.ramesh-sshfp.com. 86400 IN SSHFP 1 1 00
Successfully started bind but when queried for domain test1 and test2 ,
returning malformed error and no answer. If fingerprint value
Greetings!!
Does Bind has a database option to read zones [if zones are in database]
instead of zone files? if yes , how to setup? can someone help me.
Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
Greetings,
Is anyone knows unbound 1.9 release date?
Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
Hi,
Greetings
Is there any QPS improvement bind 9.10.6 vs 9.10.6.1? because we are seeing
47K QPS on 9.10.6 and 95K QPS on 10.9.6.1 on the same zone.
Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
Hi
Greetings!!
We have 1Million signed zone records in bind. My zone is going to
auto-resign after 3 days. If we change RRSIG expire date to greater than
two months from now then if restart bind, Can we avoid auto-resign in this
week? is there any impact on resolution or is my zone is valid?
Hi,
Greetings
Currently in bind we are doing auto full sign when RRSIG expires . Is there
any chance to generate only RRSIGS instead of full sign.
the reason I am asking is when we have large zone and when it happens auto
RRSIG expire and full sign, the complete zone is going to full sign
Greetings!!
When we change any resource record like A or , then SOA serial number
gets incremented. But If we update only SOA record ,Is serial number of SOA
remain same as before or serial number of SOA will increment?.
Do we have any RFC for this?
Regards,
Ramesh
Greetings!!!
We are getting two RRSIGs and 3 DNSKEY [ 1-256 and 2-257] when we do KSK
rollover. Is it correct we are returning two RRSIGs for DNSKEY?
Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
Hi,
Greetings.
I want to test bulk updates master to slave in Bind. Is there any way to
pause to send updates to slave from master?
Thanks & Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this
Hi,
Greetings!!!
Do we have email notification feature in Bind when zone update fails.
Thanks & Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
Hi,
we have two scenarios as follows. Is there any chance to copy DS records
through AXFR or any another method to copy child DS records into parent
zone.
Scenario 1:
Customer has domain2.com on Bind1 signed with DS records for domain2.com at
place with registrar. Customer delegates a zone
Hi,
Greetings!!!
I have master and slave servers. When we have updates in master, slave is
getting updating after 20 or 30 minutes.
When I look into tcpdump pcakets, Slave is trying with master unicast ip to
get updates. We don't have port opened slave to master with unicast ip and
we have port
Greetings...!
Is any one explain how to break trusted chain in dnssec with example how to
create zone or data with trusted chain break.
Thanks & Regards,
ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this
Hi,
Greetings
Is anyone can help me to verify the NSEC3 record in response is correct or
not.
Do we have any tool or command to check closet encloser NSEC3 record or
Correct NSEC3 record returned in response.
Thanks & Regards,
Ramesh
___
Please
Is there any rfc that a tld zone should have atleast two ns records when we
create the tld zone
Thanks & regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
Hi
I have own resolver as authoritative and configured to chase the domain in
recursive bind as configured in my resolver.
ex:
example.com CNAME bind.com
I have bind.com A record in bind.
When I queried example.com against my auth resolver, for couple of queries
giving A record from bind and
Hi.
I have zone file as follows
$ORIGIN rameshtest-caa.com.
$TTL 86400 ; 1 day
@ IN SOA ns1.rameshtest-caa.com.
root.rameshtest-caa.com. (
2009040114 ; serial
3600 ; refresh (1 hour)
Hi I have configured my bind as forwader but when I query it is not
forwarding and looking into local only.
recursion yes;
zone com. {
type forward;
forwarders {ip; };
};
;; QUESTION SECTION:
;soap-e2e-signzone.com. IN A
;; AUTHORITY SECTION:
.
Hi ,
I have 9.7 bind installed and configured recursive. When i query against
forwader i am not getting AD flag but remaining answer is correct for
signed query. Could you please guide me how to get AD flag. Already i have
enabled dnssec-validation and dnssec-enabled.
Thanks Regards,
Ramesh
, 2013 at 11:11 AM, David Newman dnew...@networktest.comwrote:
On 8/1/13 10:19 PM, rams wrote:
I have 9.7 bind installed and configured recursive. When i query
against forwader i am not getting AD flag but remaining answer is
correct for signed query. Could you please guide me how to get AD
Hi ,
Can I disable cache without disabling recursion?
Thanks Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
Hi,
I have NS record points a record [A/] which is falls into wildcard .
But when I query for NS record against bind, we are not getting these
records as glue records.
ex:
*.a.example.com A 1.1.1.1
example.com. NS abc.a.example.com.
Querying example.com with any or ns.
don't we get glue
Hi ,
I have signed zone and already i have resigned two times. Now again i am
resigning zone but after resign zone , RRSIG values are not changed. the
same old values displaying. Any wrong in me. Could you please guide me how
to change RRSIG values.
___
Hi ,
Can we resign a signed zone with out key files? Please clarify me.
Thanks,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
Hi,
How to declare multiple signed key paths in key-directory. When i declare as
follows, named not starting.
key-directory {/var/named/zones;/root/ramesh/Largezone;}
Please clarify me.
Thanks Regards,
Ramesh
___
bind-users mailing list
Hi,
When i do a dynamic update using nsupdate, i am unable to add record into
signed zone.
steps followed:
[root@stulcqacustbind2 muktha]# nsupdate
server server ip
update add net.rameshnu.sun. 86400 IN A 1.2.3.4
send
update failed: SERVFAIL
Bind log:
25-Apr-2011 12:43:22.166 update: info:
Hi,
Could you please tell me how to set up for recursive server for NS
delegation records.
It would be great if you give named.conf
Thanks Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
I have configuered recursion yes in named.conf and i queried for NS
delegated records against bind. Actually that domain is not exist in my
system. Here how bind will work.
On Wed, Feb 23, 2011 at 6:20 PM, rams brames...@gmail.com wrote:
I have configuered recursion yes in named.conf and i
Hi,
I have zone as follows in bind.
$ORIGIN joshfeb1.com.
@ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (
2011013101 ; serial
10800 ; refresh
3600 ; retry
2592000 ;
and it should look
into *.joshfeb1.com right. Could you please clarify why it is not returning
answer.
Thanks Regards,
Ramesh
On Tue, Feb 1, 2011 at 9:41 AM, Mark Andrews ma...@isc.org wrote:
In message AANLkTi=mms6aghguqyt1pmllyqfz2zp0su6yqwqmx...@mail.gmail.com,
rams w
rites:
Hi,
I
Hi,
I have zone as follows in bind.
$ORIGIN joshfeb1.com.
@ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. (
2011013101 ; serial
10800 ; refresh
3600 ; retry
2592000 ; expire
y resolver is returning multiple CNAMEs for same hostname. But I believe
CNAME should not return same hostname with multiple values.
Ex: Configured GEOIP records as follows:
ramesh.com CNAME a.ramesh.com.
ramesh.com CNAME az.ramesh.com. Arizone configured
ramesh.com CNAME va.ramesh.com.
I have trouble resolving the host name dnssecnsec3qatestdomain.com. which is
NSEC3 signed. This is the parent and child zone. If I run dig ( dnssec
query) with the +cd option I which is a proper response:
[r...@stulcqanusbind1 ~]# dig dnssecnsec3qatestdomain.com. any +dnssec *+cd
*
; DiG
Hi,
What is the bind response when queried MX record. The MX record is having
prefernce value is greater than maximum of preference value [ex: 65536].
Thanks Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
Hi,
I have a record in BIND as follows:
mxdomain.com. 86400 IN MX 65536 gmail.com.
When I query mxdomain.com. with type MX. What is the bind response. Is
there any RFC mentioned about this .
Thanks Regards,
Ramesh
___
bind-users mailing list
An observation in nsupdate:
Suppose we have two A records as ,
*addforixfr.bind9712.com. 3456 IN A 10.32.21.30*
*addforixfr.bind9712.com. 3456 IN A 10.32.21.20*
When we update TTL value as below for one of the records , the TTL value
changes for both the
Hi ,
When I created delegated NS record. Bind 9.7.1 p3 is giving SERVFAIL , when
i queried for NS delegated record with NS.
Could you please clarify me or is it bug in 9.7?
Thanks Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
Hi,
I have configured records as follows in bind. When we start the bind 9.7,
bind is not starting.
But bind is started successfully when commented below ns domains which are
marked as RED. Could you please clarify me.
*Note: Bind 9.6 is started successfully with the same below zone. *
Error:
Hi,
I have set up data as follows in bind.
Zone: rameshops5526old.com
maint.rameshops5526old.com. 300 IN CNAME
maint.global.rameshops5526old.com.
rameshops5526old.com. 21600 IN NS dns5.rameshops5526old.com.
rameshops5526old.com. 21600 IN NS
Hi ,
Please tell me the correct answer for the below set up:
*Zone: rameshops5526old.com
*
maint.rameshops5526old.com. 300 IN CNAME
maint.global.rameshops5526old.com.
rameshops5526old.com. 21600 IN NS dns5.rameshops5526old.com.
rameshops5526old.com. 21600 IN NS
Hi
When we have data as follows queried domain maint.rameshops5526old.com.
against bind and my own resolver. Bind and my resolver response are same but
only mismatching with flags. bind is returning AA flag but my resolver is
not returning AA flag. in this case wihcih is correct bind or my
Hi ,
I have delegated NS records and those records pointed to A records in signed
zone. When I queired for my delgated domain against bind 9.6-p3.
Bind is returning NS records and RRSIG for NS in authority section
correctly. Glue records are returned correctly in additional section but
RRSIG
Hi ,
I have data as follows
a.rameshops5446.com. 86400 IN A 1.2.3.1
a.rameshops5446.com. 86400 IN MX 10 a.rameshops5446.com.
I queried domain a.rameshops5446.com with type ANY against bind9.6 .
Actual Result:
Bind is returning above two records in answer section and also returning A
record in
Hi ,
What is the cname chains limit ?
Thanks Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
(itservices88)
2. Re: .org registrars allowing DS records (Kevin Oberman)
3. Re: .org registrars allowing DS records (Doug Barton)
4. Re: .org registrars allowing DS records (Mark Andrews)
5. Re: .org registrars allowing DS records (itservices88)
6. how to resign a zone (rams)
7. Re: how
Hi,
How to resign a zone?
Thanks Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Hi,
During AXFR of a zone, the zone.dbfile is not created till the AXFR
completes. Till AXFR completes, the file name will be some value as
456eefwfc. Is it correct behavior?
Thanks Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
Is there any update on the following issue.
On Mon, May 31, 2010 at 2:16 PM, rams brames...@gmail.com wrote:
Hi ,
I have the following zone file:
$ORIGIN td3497.com.
@ IN SOA udns1.ultradns.net. ppk.yahoo.com. (
2010052610 ; serial
10800 ; refresh
3600 ; retry
2592000 ; expire
Hi ,
I have the following zone file:
$ORIGIN td3497.com.
@ IN SOA udns1.ultradns.net. ppk.yahoo.com. (
2010052610 ; serial
10800 ; refresh
3600 ; retry
2592000 ; expire
86400 ; minimum
)
cname.chain.td3497.com. 86400 IN CNAME mx.chain.td3497.com.
mx.chain.td3497.com. 86400 IN MX 34
Hi ,
I have the following zone file:
$ORIGIN td3497.com.
@ IN SOA udns1.ultradns.net. ppk.yahoo.com. (
2010052610 ; serial
10800 ; refresh
3600 ; retry
2592000 ; expire
86400 ; minimum
)
cname.chain.td3497.com. 86400 IN CNAME mx.chain.td3497.com.
mx.chain.td3497.com. 86400 IN MX 34
Hi,
I have mx records with chaining as follows.
mx.chain.td3497.com.86400INMX34 mx1.chain.td3497.com.
mx1.chain.td3497.com.86400INMX34 mx2.chain.td3497.com.
mx2.chain.td3497.com.86400INMX34 mx3.chain.td3497.com.
mx3.chain.td3497.com.86400IN
Hi,
How do we resign the signed zone? What is the command to do the RESIGNING ?
Thanks Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
...@mail.gmail.com,
rams
writes:
Hi,
How to add a record into signed zone using nsupdate. Is there any
additional
arguments need to be passed for getting RRSIG of addition record or
automatically bind will take care?
Thanks Regards,
Ramesh
Named will take care of it.
Mark
--
Mark
Hi,
How to add a record into signed zone using nsupdate. Is there any additional
arguments need to be passed for getting RRSIG of addition record or
automatically bind will take care?
Thanks Regards,
Ramesh
___
bind-users mailing list
Hi,
I have delegation of NS records in my zone and i signed zone using RSASHA1
algorithm. It is signed successfully. When I checked the the zone i am not
seeing RRSIG for delegated NS records. When I query for delegated NS record
with dnssec, it is returning NS records, NSEC and RRSIG for NSEC
Hi Peter,
In the out put of your dig result , you can see the following section. This
section is counted as RR and count will be updated in additional section.
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
Thanks,
ramesh
On Sun, May 9, 2010 at 11:02 PM,
HI ,
How to sign a zone for getting NSEC3, NSEC3PARAM RR's in a signed zone.
Thanks Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Hi,
could you please explain me, how to create DS and DLV records into my zone.
Thanks Regards,
Ramesh
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
76 matches
Mail list logo