Valid base64 includes spaces and new lines. Poorly written record parsers reject valid records. -- Mark AndrewsOn 30 Dec 2022, at 10:38, Eric Germann via bind-users wrote:
On Dec 29, 2022, at 16:34, Timothe Litt wrote:Yup, Eric's case was a classic example. He tried to do the right
thing,
Just a reason to not use them for your email. Not everybody is in a position
to repair stuff on a 7/24/365 basis. Notify that the mail is delayed by don’t
bounce.
--
Mark Andrews
> On 7 Jan 2023, at 06:11, Brown, William wrote:
>
> Last I saw, both M365 and Google only retry for
appropriate
and you support it Yes you can sign a FORMERR.
--
Mark Andrews
> On 7 Jan 2023, at 06:50, Justin Krejci wrote:
>
>
> DNS Servers that do not properly support or properly ignore DNS cookies and
> instead return FORMERR is annoying. This is not new. However I have been
--
> Regards / Med vänlig hälsning
> Anders Löwinger, CEO, Abundo AB, +46 72 206 0322
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
>
Please don’t hijack an existing thread by replying to an existing message for a
unrelated subject. It is bad form. Just create a new message and send it to
bind-us...@isc.org.
--
Mark Andrews
> On 8 Jan 2023, at 09:07, Michael Muller via bind-users
> wrote:
>
>
>
org/mailman/listinfo/bind-users
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
act us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTER
The consistency checks are not new. The message indicates that the IXFR
contained a delete request for a record that doesn’t exist or an add for a
record that exists. Named recovers be performing an AXFR of the zone.
--
Mark Andrews
> On 22 Jan 2023, at 04:31, Havard Eidnes via bind-us
In-line signing is the concept you are looking for and yes named supports it.
--
Mark Andrews
> On 22 Jan 2023, at 07:42, Randy Bush wrote:
>
> hidden primary can not sign. can the public primary which fetches from
> it, and happens to be primary for the parent zone, do
oing their own
inline-signing can produce this (RRSIGs will differ between servers
as the RRsets are changed at different times and zone serial numbers
may also differ).
There are a whole heap of reasons for IXFR to fail, this being one
of them, and named will fall back to AXFR on any of them.
I would be looking for packet loss and / or a bad firewall that is dropping
fragmented packets which is triggering fallback to non EDNS requests If you
are forwarding ensure that the entire forwarding chain is validating.
--
Mark Andrews
> On 25 Jan 2023, at 04:53, John Thurston wr
Named-checkzone and named-compilezone are the same executable. Named-checkzone
looks up remote records to more completely detect configuration errors. See
the man page for details.
--
Mark Andrews
> On 30 Jan 2023, at 19:33, Havard Eidnes via bind-users
> wrote:
>
> Hi,
>
Regards,
> Thomas
>
>
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more informatio
> On 1 Feb 2023, at 05:52, Thomas Schäfer wrote:
>
> Am Montag, 30. Januar 2023, 23:12:53 CET schrieb Mark Andrews:
>> Do you want a correctly operating DNS64 server or do you want to filter
>> all A records? They are mutually exclusive requirements. Please read
>>
ly used update-policy but I'd think it should be like this:
>
> update-policy {grant A ;};
This leaves out rule type.
>
> from reading:
> https://bind9.readthedocs.io/en/v9_18_11/reference.html#namedconf-statement-update-policy
--
Mark Andrews, ISC
1 Seymour St., Du
ses) and dhcp are working - I just need to
> get these update-policy statements correct.
>
>
> Any help is greatly appreciated - and again, thanks in advance
>
> Cheers
>
> Dulux-Oz
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 474
Add DHCID to the list of record types permitted to be updated by the DHCP
server.
--
Mark Andrews
> On 4 Feb 2023, at 21:15, duluxoz wrote:
>
> Thanks Mark (& Darren & Jan-Piet),
>
> So I made those changes you suggested (Mark), but I'm still having issues (ie
is list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
M
s the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymo
can create subdomain entries inside
> the example.de domain.
>
> Is this possible? What grant/deny rule must i use?
>
> -André
>
> Am 13.02.2023 um 23:33 schrieb Mark Andrews:
>> Step back and tell us what you are attempting to achieve.
>>
>> e.g.
oftware with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Austr
Named just uses the notify to trigger an early refresh process. It then just
asks the primaries in configured order. There is no real point in trying the
notifier first.
--
Mark Andrews
> On 10 Mar 2023, at 06:00, Jan-Piet Mens wrote:
>
>
>>
>> I always was quit
eed:
>>>
>>> % blaeu-resolve --displayvalidation -r 100 --type A gpo.gov
>>> [ (Authentic Data flag) 162.140.14.82] : 46 occurrences
>>> [162.140.14.82] : 52 occurrences
>>> [ERROR: SERVFAIL] : 2 occurrences
>>> Test #50935448 done at 2023-03-14
or more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lis
> On 15 Mar 2023, at 11:14, Tim Maestas wrote:
>
>
>
> On Tue, Mar 14, 2023 at 4:34 PM Mark Andrews wrote:
>
>
> > On 15 Mar 2023, at 02:08, Alexandra Yang wrote:
> >
> > Hi Group,
> >
> > I wonder if anyone can shed some light on t
Message parser reports malformed message packet.
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57919
;; flags: qr aa tc; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;www.federalregister.gov. IN A
;; ANSWER SECTION:
. 32768 CLASS4096 OPT
> On 15 Mar 2023, at 16:49, Mark Andrews wrote:
>
>
>
>> On 15 Mar 2023, at 15:42, Tim Maestas wrote:
>>
>> Named should be sending queries with DO=1 and it should be getting back
>> signed responses. I suspect that you will need to run packet cap
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742
tgl
> 0030: 6202 746e 0367 6f76 0100 0100 0029 b.tn.gov...)
> 0040: 0200 8000 000c 000a 0008 5971 94c0 Yq..
> 0050: 9932 9282.2..
>
> 10:01:39.945218 172.16.20.30.58268 > 170.141.167.222.53: [bad udp cksum e2f9!
irements for the DNS
> environments since DNS Flag Day 2020 ( https://www.dnsflagday.net/2020/ ) and
> make sure the local forwarders are compliant.
> "
>
>
> On Wed, Mar 15, 2023 at 6:01 PM Mark Andrews wrote:
>
>
> > On 15 Mar 2023, at 16:49, Mark Andre
https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
>> this list
>>
>> ISC funds the development of this software with paid support subscriptions.
>> Contact us at https://www.isc.org/contact/ for more information.
>>
>>
>> bind-users ma
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
>
t; --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
&
> On 13 Apr 2023, at 06:44, Mark Andrews wrote:
>
>
>
>> On 13 Apr 2023, at 03:19, Fred Morris wrote:
>>
>> TLDR: NS records occur above and below zone cuts.
>>
>> On Wed, 12 Apr 2023, John Thurston wrote:
>>>
>>> We have autho
fo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://
ly, since you haven't provided any configuration info or even the
> name of the domain you were trying to set up, I can't make any more educated
> guesses than that.
>
> --
> Evan Hunt -- e...@isc.org
> Internet Systems Consortium, Inc.
>
> --
> Visit https://li
g/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> http
be turned into addresses.
Named includes a full iterative resolver. It uses that to get what it needs.
This should be enough for you to solve what is going wrong.
--
Mark Andrews
> On 18 Apr 2023, at 03:31, Matt Zagrabelny via bind-users
> wrote:
>
>
> Hello Ondřej,
>
that all zones have
servers that live within the zone defeats that. I suspect you have
misunderstood something. Forcing people to update millions of records to
change an address is nonsensical.
--
Mark Andrews
> On 5 May 2023, at 07:06, Jim Peters wrote:
>
>
> I am looking for
N ::1
>
> salmon.hub. IN A 8.8.8.8
> fish.hub. IN NS ns1.fish.hub.
> ns1.fish.hub. IN A 4.4.4.4
>
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC fu
add keys to primary definitions and server clauses with keys at the view
level for notify.
I’m pretty sure there is a knowledge base article with full details.
--
Mark Andrews
> On 24 May 2023, at 05:40, Kaya Saman wrote:
>
>
>
>
>> On 5/23/23 20:18, Sten Carlsen
>type slave;
>file "/var/named/var/named/domain-external.db";
> masters { int_dns1; };
> // allow-notify { ext_dns1; };
>allow-query { int_dns1; !internals; any; };
> };
> };
>
> I'm sure there are extra steps needed
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews,
nds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
; ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
s,
> Alex
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users m
There is no workaround that I can think of.
As an aside I’d be specifying the key in the primaries clause rather than
server clause.
--
Mark Andrews
> On 10 Jun 2023, at 07:52, Frey, Rick E via bind-users
> wrote:
>
>
> I’ve got a case where using BIND (v9.16.41) as a
information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org
ase do not feel
> obligated to reply outside your normal working hours.
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this lis
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo/b
more details. If you you still have an error message
cut-and-paste the
new one including time stamps.
> On 29 Jun 2023, at 09:03, Daniel A. Rodriguez via bind-users
> wrote:
>
> Exactly the same
>
>
> El 28 de junio de 2023 6:50:26 p. m. GMT-03:00, Mark Andrews
>
nt of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas
You can’t define a policy there. You can tell named to use the policy. Move the
definition outside of options.
--
Mark Andrews
> On 4 Aug 2023, at 08:26, E R wrote:
>
>
> My understanding from the ARM is that the dnssec-policy can be in the
> "options", "vi
ected] [v6 nxrrset]
>> ; ns02.incometax.gov.in [v6 TTL 114] [v4 unexpected] [v6 nxrrset]
>> ; ns01.incometax.gov.in [v6 TTL 125] [v4 unexpected] [v6 nxrrset]
>> ; ns02.incometax.gov.in [v6 TTL 114] [v4 unexpected] [v6 nxrrset]
>> ; ns01.incometax.gov.in [v6 TTL 124] [v4 unexpecte
s at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERN
one.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailin
that you ask them to fix their DNS servers to correctly answer NS
queries. They appear to need to look at the query name as well as the query
type.
This is what often happens when you write custom DNS servers. You fail to
handle some query you weren’t planning for.
Mark
--
Mark Andrews
Create a 10.in-addr.arpa zone with appropriate delegations and have all servers
serve it. That way they can all find te sub zones.
--
Mark Andrews
> On 16 Sep 2023, at 10:16, John Thurston wrote:
>
>
> A host which auto-registers in MS DNS, creates an A in foo.alaska.gov a
> On 19 Sep 2023, at 02:14, Alex wrote:
>
>
>
> On Thu, Sep 7, 2023 at 4:06 PM Mark Andrews wrote:
> Spamhaus’s servers are sending back responses that do not answer the
> question. Named is doing QNAME minimisation using NS queries and rather than
> the serve
Correction, they incorrectly answer the SOA query.
> On 19 Sep 2023, at 09:53, Mark Andrews wrote:
>
>
>
>> On 19 Sep 2023, at 02:14, Alex wrote:
>>
>>
>>
>> On Thu, Sep 7, 2023 at 4:06 PM Mark Andrews wrote:
>> Spamhaus’s servers a
forwarding in this zone’s configuration by using
an empty forwarders clause ( forwarders { /* empty */ }; ).
I know you said this was a lost cause but it doesn’t have to be 100% perfect.
It can be built up over time.
--
Mark Andrews
> On 23 Sep 2023, at 02:45, John Thurston wrote:
>
>
implementation. They should fix their broken servers.
> Cheers,
> Petr
>
> On 19. 09. 23 1:53, Mark Andrews wrote:
>>
>>> On 19 Sep 2023, at 02:14, Alex wrote:
>>>
>>>
>>>
>>> On Thu, Sep 7, 2023 at 4:06 PM Mark Andrews wrote:
You need to figure out what is updating the zone. This isn’t named.
--
Mark Andrews
> On 6 Oct 2023, at 19:28, Paul van der Vlis via bind-users
> wrote:
>
> Hello,
>
> I try to give a dynamic IP to a name, using nsupdate. This works fine, but
> after some hours th
Just configure named to sign the zone.
--
Mark Andrews
> On 6 Oct 2023, at 22:30, Paul van der Vlis wrote:
>
> Op 06-10-2023 om 10:39 schreef Mark Andrews:
>> You need to figure out what is updating the zone. This isn’t named.
>
> Thanks for your answer.
> It makes
root@localhost dnssec.example]# cat /var/named/dnssec.example.db
> $ORIGIN dnssec.example.
> $TTL 3h
>
> @ IN SOA ns01.dnssec.example. postmaster.dnssec.example. (
> 2023100601 ; Serial
> 3h; Refresh after 3 hours
>
martin...@itccoop.com
> www.itc-web.com
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
able
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 181d91ea2ecc46ce0100654054883752dba5d1912e6e (good)
;; QUESTION SECTION:
;ns2.bcc.gov.bd. IN A
;; ANSWER SECTION:
ns2.bcc.gov.bd. 38400 IN A 114.130.54.124
;; Query time: 212 msec
;; SERVER: 114.130.54.124#53(1
o/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://l
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo
It means that the servers for the zone doesn’t fully implement the DNS
protocol. NS queries for intermediate names are not getting the expected
answer.
--
Mark Andrews
> On 1 Dec 2023, at 21:10, Alessandro Vesely wrote:
>
> Hi all,
>
> I have this in BIND 9.18.19-1~deb12
could filter
and treat at every house and sometimes you still do like boiling water for baby
formula but on the most part what you get out of it is good enough for
consumption as is.
--
Mark Andrews
> On 2 Dec 2023, at 08:14, John Thurston wrote:
>
>
> At first glance, the
bad advice from that and the WG chair
refused to reopen the issue.
CD=1 addresses bad clocks and trust anchors in resolvers. CD=0 addresses bad
authoritative servers and spoofed responses. You can start with either and try
the other when validation fails.
--
Mark Andrews
> On 3 Dec 2023,
take
> effect (assuming no delay replicating between authoritative servers).
> Nick.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at
They haven’t removed sha1 they have removed certain uses of sha1. If they ever
remove sha1 we will just add an implementation for sha1.
--
Mark Andrews
> On 16 Dec 2023, at 01:09, Scott Morizot wrote:
>
>
>> On Fri, Dec 15, 2023 at 7:40 AM Petr Špaček wrote:
>> We do
Read your logs and/or use named-checkzone and/or tell name-checkconf to load
the zones.
--
Mark Andrews
> On 17 Dec 2023, at 15:22, liudong...@ynu.edu.cn wrote:
>
>
> Hi, I have a bind9 authoritative name server running, but I found a strange
> problem. One of zone in a sp
ot;
> Thanks,
> Nick.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
&g
ers to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/li
ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymou
tive answers ?
The ones where the answer count was zero (look for "ANSWER: 0,”).
> De : "Mark Andrews"
> A : pub.dieme...@laposte.net,"bind users"
> Envoyé: dimanche 14 Janvier 2024 23:54
> Objet : Re: Question about authoritative server and AA Authorita
;>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing li
gt;
> -We are not using IPV6 at all at this time.
>
> -This is occurring with both of our redundant DNS servers and I fired up a
> test server with Bind 9.16 and it is giving me the same result.
>
> -Any thoughts or suggestions would be very helpful and much appreciated!
>
You have your answer. Update the parent zone.
--
Mark Andrews
> On 4 Feb 2024, at 18:27, Gabi Nakibly wrote:
>
>
> Hi,
> I would like to set up a new temporary nameserver for my zone (say
> 'example.com'), however for various reasons I prefer not to change th
Do the analysis where the resolver is under attack or the auth server with the
best rtt is stale.
--
Mark Andrews
> On 9 Feb 2024, at 21:40, Petr Menšík wrote:
>
> Hello Mark,
>
> allow me here to correct your statement. We spent in Red Hat some time
> thinking and
--
Mark Andrews
> On 10 Feb 2024, at 04:18, Randy Bush wrote:
>
>
>>
>> I admit here we most often work with internal only forwarders, which
>> are not accessible from outer internet. So those won't be under attack
>
> i am always impressed by securi
eeks,
one of which has up to date signatures and 2 that have out of date signatures.
This is the sort of thing that happens out there by accident, e.g. unnoticed
zone transfers failing and the zone has not yet expired. Try looking up
multiple answers from that zone with your configuration a
Additionally this behaviour is specified in RFC1034 so every nameserver should
do this.
--
Mark Andrews
> On 14 Feb 2024, at 02:24, Friesen, Don CITZ:EX via bind-users
> wrote:
>
> Andy,
> The existence of 8.f.0.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa as an
> authoritative
Transfer from a single address.
The IXFR transfer is detecting that a record is being asked to be deleted but
it is not present in the zone. Named will fallback to an AXFR. The logs have
been extended recently to provide more details.
--
Mark Andrews
> On 14 Feb 2024, at 18:41, Andrea
/>...)
>
> (I also did/will tell Quad9 about it for their information.)
>
> Cheers,
> --
> Matt Nordhoff
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subsc
rypto
is performed so it wouldn’t be too expensive to skip to the next RRSIG
on those error codes but really you shouldn’t be publishing broken RRSIGs.
Mark
> On 15 Feb 2024, at 11:25, Mark Andrews wrote:
>
> Well if you are attacking the resolver by sending invalid RRSIGs ...
>
>
oftware with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117,
; liaN92BRsQO0ykBep+HxH85CXPhqBMnl2Z43guX2t+QZ
>> B36h61FrpFOt7RUnvJ8Pn3Rz+kx1VVOIsw== )
>>
>>> https://git.rg.net/randy/randy/src/master/scratch.md
>
> yes, we can see that, as we noted. and yes we could rekey 42 zones at
> the parents; great fun.
>
> but WH
to do this. Once your existing
keys
are omnipresent you can update the lifetime to what you want to run with.
On 8 Mar 2024, at 10:57, Mark Andrews wrote:
>
>
>
>> On 8 Mar 2024, at 10:54, Randy Bush wrote:
>>
>>> You DS and DNSKEY rrset are not matched. You
> Thanks,
>
>
>
>
>
> Borja.
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.or
Allow-notify is additive. You can’t block notify from primaries.
--
Mark Andrews
> On 25 Mar 2024, at 22:34, sami.ra...@sofrecom.com wrote:
>
>
> Hello community,
> I'm trying to configure a DNS slave server (192.168.56.157) . I want to allow
> notificatio
Also authoritative servers lookup information. This includes addresses of
nameservers to send NOTIFY messages. DS queries as part of DNSSEC key
management. DNSKEY queries as part of DNSSEC trust anchor management. Plus
whatever else is required to resolve those queries.
--
Mark Andrews
It a hold down cache on bad lookups. The timeout is 10 minutes. To prove
whether a zone is secure or not DS records at delegations in the chain are
looked up. Sometimes that fails. This cache records that failure.
--
Mark Andrews
> On 17 Apr 2024, at 07:03, John Thurston wr
; Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bi
pport subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61
No. “Forward zones” are not DNS zones. They are overrides to the DNS resolution
processes that just happened to be configured in named by overloading the zone
syntax element. Similarly stub and static stub are not zones. The are other
things.
--
Mark Andrews
> On 23 Apr 2024, at 01
.
Named was looking up theses NS records I.e. chasing the DS servers. This can
result in named finding delegation errors. QNAME minimisation also exposes
these errors as it also does NS queries. Garbage in breakage out.
--
Mark Andrews
> On 27 Apr 2024, at 00:45, J Doe wrote:
>
> On 2
1 - 100 of 2429 matches
Mail list logo
