.
https://gitlab.isc.org/isc-projects/bind9/blob/master/lib/isc/include/pk11/site.h
2. https://www.openssl.org/docs/fips.html#background
Ondrej
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> On 4 Jun 2018, at 10:21, Mathieu Arnold wrote:
>
> On Sun, Jun 03, 2018 at 06:00:08AM +0000, Ondřej Surý wrote:
>> The PKCS#11 interface is very fragile, as the different vendors implement
>> different parts of the
>> standard, and BIND needs to be compiled with
thout NPTL (Native POSIX Thread Library)
[…]
—cut here—
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 29 May 2019, at 07:34, Dennis Clarke wrote:
>
>
> Not sure where the need for ifaddrs.h came from but it doesn't exist in
> ye old Solaris 10 sparc boxen :
>
> /opt/developerst
The script reports everything is missing.
You’ll need to check config.log for more details what’s happening.
Anyway it should work with stock OpenSSL, so why don’t you just use that?
Cheers,
Ondrej
--
Ondřej Surý — ISC
> On 7 Jun 2019, at 17:12, wrote:
>
> That ma
uboptimal, but it should suffice as a workaround.
Ondrej
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
years to deprecate single option, as we need to take
people that upgrade from ESV to ESV into account, and we were aiming
at slightly “faster” approach :-).
Thanks,
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bi
me started on how I
just love
to receive patches, preferably as merge requests (ping me if you need up the
projects limit
in our GitLab) ;).
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 13 Jun 2019, at 15:55, G.W. Haywood via bind-users
> wrote:
>
> Hello again,
>
> O
eckconf two
> different ways.
"--no-deprecated”-like option is a nice idea, I like it. Thanks!
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users maili
system than simple
refactoring, so it is
crucial to get some testing from the systems we don’t really have access to.
Cheers,
Ondrej
* - In theory, even cross-compilation for Windows msys2 should be possible, but
I haven’t
had yet time to do that.
--
Ondřej Surý
ond...@isc.org
fix the cruft that has accumulated in last 20 years. This is more of high
level design decision, but it is something that has to be done because it is
connected with maintenance burden. And it’s a burden we don’t have to really
carry on our shoulders.
Ondrej
--
Ondřej Surý
ond...@isc.org
eed to use libcap
in GNU GPL project, you are allowed to do so without considering potential
conflicts between 3-clause BSD and GPL 2.0
Cheers,
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 11 Jun 2019, at 16:58, Mukund Sivaraman wrote:
>
> * readline is GPL, and so you'll link your code t
Hi Mayer (and other Solaris users),
could you please try following patch:
https://gitlab.isc.org/isc-projects/bind9/merge_requests/2053.patch
on your Solaris boxes with both GCC and Solaris compiler whether it correctly
complains about non-GNU ld in GCC case?
Thanks,
Ondrej
--
Ondřej Surý
ond
://gitlab.isc.org/ondrej/gitlab-victor
Ondrej
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
://jobs.isc.org/
Ondrej
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
there.
To be on the safe side, please mark the issue as confidential. We will make
sure that we redact any files before we make the issue public in the future.
BTW is there any chance that you and Havard share any common bits of
configuration?
Thanks,
Ondřej
--
Ondřej Surý — ISC
> On 8 May 2019, at 20
ays thought it’s a common knowledge that gcc from ports is
needed to compile modern software.
Ondřej
--
Ondřej Surý — ISC
> On 28 Apr 2019, at 00:33, bind-users-requ...@lists.isc.org wrote:
>
> Send bind-users mailing list submissions to
>bind-users@lists.isc.org
>
> To sub
for the inconvenience this has caused for platforms we don’t have
support for old atomics.
Ondrej
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind
Yes, the whole RRSet is always signed. Signing individual records would not
protect against attacks stripping individual records and their RRSIGs.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 2 Jul 2019, at 19:34, Josh Kuo wrote:
>
> This may not be the right place to ask, if this is
achieve, but adding only ZSK with
new algorithm serves no purpose.
Ondřej
--
Ondřej Surý — ISC
> On 11 Aug 2019, at 12:59, Mark Elkins wrote:
>
> Hi, Running BIND 9.14.4 on Gentoo.
>
> I've been running BIND and DNSSEC for a long time. Years ago - I changed from
> Algorithm
create the
issue, so we can make
BIND fail more gracefully that with an crash if there’s error in the
configuration related to the
switch between GeoIP and GeoIP2.
Thank you,
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 25 Jul 2019, at 05:51, FUSTE Emmanuel
> wrote:
>
> The new v
,
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 25 Jul 2019, at 07:40, FUSTE Emmanuel
> wrote:
>
> Le 25/07/2019 à 12:56, Ondřej Surý a écrit :
>> Hi Emmanuel,
>>
>> the crash should not happen because the discrepancy between the GeoIP and
>> GeoIP2 confi
Hi John,
like
* foo.example.org. IN CNAME foo.example.org.
for each host?
If that’s not the case you’ll have to be more specific and less vague about
your configuration...
Ondrej
--
Ondřej Surý — ISC
> On 29 Sep 2019, at 19:22, John Robson via bind-users
> wrote:
>
>
Or patch the old version instead.
--
Ondřej Surý — ISC
> On 4 Nov 2019, at 15:14, Alan Clegg wrote:
>
> On 11/4/2019 5:57 AM, Tony Finch wrote:
>> Nguyen Huy Bac wrote:
>>> So, my question is: Can and How to remove @0x in my
>>> log query message.
>&g
to spoofing attacks for off-path attacker.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 6 Nov 2019, at 09:18, Wilfred Sarmiento via bind-users
> wrote:
>
> Hi Mark,
>
> The workaround works very well, i also got the same response from Daniel of
> Switch.
>
> Thank you very
Dear BIND 9 Users,
We would like to announce proposed changes that affect 32-bit Windows platform.
In accordance with our published policy on removing features
(https://kb.isc.org/docs/policy-for-removing-namedconf-options), we are giving
notice that we plan to gradually wind down our support
instead of scattering
the defines all over the place.
(BTW I never understand the Hurd stubbornness of ignoring the PATH_MAX and
forcing all random projects to adjust the code while it could be solved in the
system headers...)
Ondřej
--
Ondřej Surý — ISC
> On 10 Nov 2019, at 18:02, Sam
g the real domain is very often misleading and prevents other
people from helping you.
I would start by checking the correctness of the zone file (with
named-checkzone) and making sure you bumped the serial number in SOA and you
reloaded the zone.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 10 De
r-cayenne.fr.
;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr. 3600IN A 186.2.246.17
;; Query time: 192 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: Tue Dec 10 14:45:16 CET 2019
;; MSG SIZE rcvd: 135
I don’t think it was an intent.
Ondrej
--
Ondřej Surý
ond...@isc.org
> O
There’s a space after com
O.
--
Ondřej Surý
ond...@isc.org
> On 5 Dec 2019, at 13:29, Sten Carlsen wrote:
>
>>
>> zone "internal.nixcraft.com " IN {
>> type master;
>> file "lan.master.nixcraft.com";
>> };
>> }
-pair for every signed zone.
Ondrej
--
Ondřej Surý — ISC
> On 7 Dec 2019, at 18:36, Chuck Aurora wrote:
>
> On 2019-12-07 08:24, Elimar Riesebieter wrote:
>> is it possible to have one key pair for DNSSEC to sign subdomains in
>> different zonefiles?
>
> IIUC h
Well, I already told you what’s wrong and you ignored that part. Please read it
again and understand what it means to delegate a part of the zone. Your
problems are not specific to BIND 9, it’s just your zone file is wrong.
Ondrej
--
Ondřej Surý — ISC
> On 10 Dec 2019, at 17:43, Edouard Gui
, all we as software users can ask is to be treated fairly and
honestly.
Ondřej
--
Ondřej Surý — ISC
> On 21 Oct 2019, at 18:01, Kevin Darcy wrote:
>
> But, it's harder for the bad guys to find. They have to use fuzzing, reverse
> engi
Hi Peter,
we had a similar report in the past, so maybe you can chime in and add
the information to the issue here
https://gitlab.isc.org/isc-projects/bind9/issues/1179 ?
That would be helpful...
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 16 Oct 2019, at 01:32, Peter wrote:
>
>
Neither analogy would work to the detail here. But search domains is the butt
dial of DNS…
You are better if you don’t use it as it works well until it doesn’t and you
send your data to the wrong party.
Ondrej
> On 28 Oct 2019, at 17:01, Paul Kosinski via bind-users
> wrote:
>
> "... long
Or changes to SELinux policies (since you are running CentOS).
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 19 Nov 2019, at 11:49, Mark Andrews wrote:
>
> There have been no changes. I would be checking directory permissions.
> Anything that would
> stop rename() succeeding.
>
Hi,
you mentioned “forwarders” - what are these and how does answer look like
on the upstream forwarders?
I would recommend enabling higher debug level (start with -d 1) and look into
logs what was the answer from the forwarders preceding the failure.
Ondrej
--
Ondřej Surý — ISC
> On
be running the affected query against the upstream
resolvers in a semi-tight loop and log the results.
while true; do echo "$(date -R): $(dig +short IN A @)“;
sleep 1; done
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 21 Nov 2019, at 01:09, Bind Mailinglist wrote:
>
> Hello Ondřej
Put a proxy between BIND and your monitoring team?
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 26 Nov 2019, at 00:38, Veaceslav Revutchi wrote:
>
> I'm looking for a way to detect and alert when our monitoring team
> starts pulling the stats from our resolvers by http://resolver:80
/coprs/isc/bind-dev/
* Ubuntu: https://launchpad.net/~isc/+archive/ubuntu/bind-dev
* Debian: https://bind.debian.net/bind-dev/
Sorry for any inconvenience our packaging changes might have caused.
Thanks,
--
Ondřej Surý
ond...@isc.org
> On 10 Oct 2019, at 00:43, Matthew Pounsett wrote:
>
&
TL;DR use ECDSA, single algorithm
https://tools.ietf.org/html/rfc8624
--
Ondřej Surý
ond...@isc.org
> On 11 Oct 2019, at 08:38, ego...@sarenet.es wrote:
>
> Good afternoon,
>
> I would like to ask you some questions about DNSSEC, which I have not been
> able to clarify
You need to ask on your distro user support forum and not here. This topic is
beyond
the subject of this list as it could include all kinds of integrations that
your distribution
provides.
This is not a bind-users topic.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 19 Dec 2019, at 11
value.
Ondrej
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
/-/merge_requests/3163.patch
ISC will be issuing a proper Operational Notification later this week
and the fix will be included in BIND 9.16.1 due in March.
Sorry for the inconvenience.
Thanks,
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 5 Mar 2020, at 10:11, Arsen STASIC wrote:
>
> Hi,
>
As far as we know the bug is present in all current BIND releases. We are still
investigating the issue, but things are looking positive thanks to Vikor
Dukhovni’s help with debugging his coredump.
Ondřej
--
Ondřej Surý — ISC
> On 24 Feb 2020, at 11:08, Jukka Pakkanen wrote:
>
&g
as confidential, we
will sanitize it before making the issue public in the future. You may use
pandora.isc.org to drop of larger files in a confidential matter and link it to
the GitLab issue.
Ondřej
--
Ondřej Surý — ISC
> On 5 Feb 2020, at 19:28, Matthew Richardson wrote:
>
> I have an in
Hi Kal,
thanks for testing the new feature. This sounds like a bug to me. Could you
please fill issue in our GitLab (https://gitlab.isc.org/), so we don’t lose
track of the bug.
Thank you,
--
Ondřej Surý — ISC
> On 2 Feb 2020, at 10:53, Kal Feher via bind-users
> wrote:
>
>
If `dig +dnssec +cd emeraldonion.org mx` will give you answers and `dig +dnssec
emeraldonion.org mx` does not, then it’s most probably validation failure.
Then of course based on your logging setup, the validation failures might be
visible in BIND 9 log.
Ondrej
--
Ondřej Surý
ond...@isc.org
> How do I fix this issue?
You don’t, their DNSSEC is broken:
https://dnsviz.net/d/emeraldonion.org/dnssec/
They have to either start signing again or remove DS record from the parent
(org).
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 8 Feb 2020, at 02:36, Alessandro Vesely wrote:
&
.
Ondrej
--
Ondřej Surý — ISC
> On 18 Feb 2020, at 23:22, Matthew Richardson
> wrote:
>
> Having upgraded to 9.11.15 I am still seeing similar problems, where some
> zones stop updating their signatures. I have a suspicion that "rndc
> reconfig" might get them re-
1. https://www.systutorials.com/docs/linux/man/1-gcore/
2. https://kb.isc.org/docs/aa-00340
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 19 Feb 2020, at 08:36, Matthew Richardson
> wrote:
>
> Dear Ondrej,
>
> I would be delighted to assist with a core dump.
>
> Howeve
in a form of merge request
in our gitlab instance
(you need to ask for a permission to fork the project) or as a patch. This
seems to be fairly trivial
bug that might be a good start if anybody wants to help fix bugs in BIND 9.
Cheers,
Ondrej
--
Ondřej Surý
ond...@isc.org
__
The wildcard doesn’t cover empty non terminals.
The only nonstandard implementation that did this was djbdns and the behavior
was considered to be incompatible with rest of the DNS implementations.
Ondrej
--
Ondřej Surý — ISC
> On 11 Feb 2020, at 15:59, Petr Bena wrote:
>
> Hell
#endif /* TUNE_LARGE */
#endif /* ifndef ISC_SOCKET_MAXEVENTS */
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 20 Feb 2020, at 09:02, Anand Buddhdev wrote:
>
> Hi BIND developers,
>
> We build our own RPMs of BIND, and ever since the 9.9 builds, we have
> been setting -DISC_SO
.
Ondrej
--
Ondřej Surý — ISC
> On 17 Jan 2020, at 20:52, Steve Farr via bind-users
> wrote:
>
>
> Hi there,
>
> I'm hoping perhaps someone can point me in a good direction for
> troubleshooting here… I recently upgraded from BIND 9.9.10-P3 running in
> 32-bit
Run named with -4 option, that will disable IPv6.
Please note that filter--on-v4 was always wrong. You should fix your
network instead. It’s a bandaid, not a fix.
Ondrej
--
Ondřej Surý — ISC
> On 20 Jan 2020, at 04:38, Carl Byington via bind-users
> wrote:
>
> -BEGI
Hi,
did you try stopping BIND, removing journal files and then starting BIND again?
If the signed copy of the zone got corrupted in the memory, you might be
dumping the corrupted version on disk again with `rndc reload`.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 22 Jan 2020, at 12:11, Ju
of using HSMs with BIND 9, so don’t be afraid to fill issues and feature
requests in BIND 9 GitLab issue tracker:
https://gitlab.isc.org/isc-projects/bind9/issues
Ondrej
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman
of this mailing list.
Ondřej
--
Ondřej Surý — ISC
> On 20 Jan 2020, at 15:19, Steve Farr via bind-users
> wrote:
>
> Yeah, it's hard to disagree on the "should" part but we all definitely have
> to administer networks in an imperfect world... To my mind, when there's
tion? You could try
enforcing AFRX on salt change.
This is currently tracked as
https://gitlab.isc.org/isc-projects/bind9/issues/1447
and associated feature request:
https://gitlab.isc.org/isc-projects/bind9/issues/1515
Ondrej
--
Ondřej Surý
ond...@isc.org
___
Pleas
NSEC3 is like a toilet window. You want it translucent, not transparent. For
that purpose, it serves well.
--
Ondřej Surý — ISC
> On 21 Jan 2020, at 17:05, Jim Reid wrote:
>
>
>
>> On 21 Jan 2020, at 15:59, Daniel Stirnimann
>> wrote:
>>
>> I agree
it to 9.16 branch since the codebases don’t differ much yet.
Ondrej
--
Ondřej Surý — ISC
> On 8 Apr 2020, at 20:58, Matthew Pounsett wrote:
>
>
>
> It looks to me like named-checkzone isn't able to read a zone file from
> stdin.
>
> % cat example.com.db | named-checkz
Hi,
you are right this is a bit confusing, but you need to specify both:
--enable-geoip (as the feature independent of used libraries)
--with-maxmindsb (where to find the libraries)
Ondrej
--
Ondřej Surý — ISC
> On 15 Apr 2020, at 22:07, PGNet Dev wrote:
>
> cosmetic con
temd unit [GL #1193]
-- Ondřej Surý Wed, 28 Aug 2019 21:35:44 +0200
$ cat named.service
[Unit]
Description=BIND Domain Name Server
Documentation=man:named(8)
After=network.target
Wants=nss-lookup.target
Before=nss-lookup.target
[Service]
EnvironmentFile=-/etc/default/named
ExecStart=/usr/sbin
med`. Also it is the name used by RPM
based systems and Arch Linux and Gentoo, so it was also made to make BIND 9
packages
in Debian/Ubuntu more unified with rest of the Linux world.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 15 Apr 2020, at 08:51, Klaus Darilion wrote:
>
> Hello!
>
&
their upgrades now.
Ondřej
--
Ondřej Surý — ISC
> On 18 Apr 2020, at 22:45, Carl Byington via bind-users
> wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Centos6, although old, is still supported, so it would be nice to get
> 9.16.2 running on that. This is my f
es/4
If there’s an issue you found and it’s small, try to look at the list of
existing issues and add it if it fits, or
just add a comment on the issue #4. If the problem is reasonable big and
contained, feel free to open
new issue for it (and probably link it in the comment in issue #4).
Thank you,
will help with
bootstrapping, but once you reach a state where most of the answers are already
in the cache there’s no or negative benefit from it.
I believe that in most scenarios the increased complexity in not worth the
benefit gained.
Ondrej
--
Ondřej Surý — ISC
> On 19 Apr 2020, at 12
I would recommend dnspython as a start. The API is very non-Python,
but once you get hang of it, it’s not that bad.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 1 Apr 2020, at 15:21, Petr Bena wrote:
>
> like a "proper DNS library" you talk about, is there any such a thin
> On 2 Apr 2020, at 17:58, Warren Kumari wrote:
>
> If you are running an older machine and older kernel, the
> /dev/random source is blocking
Then just use /dev/urandom, both random and urandom are CSPRNG.
Ondrej
--
Ondřej Surý
ond...@isc.org
signature.asc
Description: Me
LIBUV_LIBS="-L$/dependencies/libuv/lib“
JFTR this part of the line is wrong as it actually doesn’t contain the library
itself (just LDFLAGS).
You should really use the pkgconfig.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 28 Apr 2020, at 19:36, Eddy Hahn wrote:
>
>
gt; ever work well.)
On Linux, just put the path to /etc/ld.so.conf.d/local.conf and that should
do the trick. I don’t know how to configure the dynamic linker on macOS.
Ondrej
--
Ondřej Surý
ond...@isc.org
signature.asc
Description: Message signed with OpenPGP
__
the runtime problem you need to configure dynamic linker to find the
libuv library. (Or use rpath linker option.)
Actually both problems stems from the fact that you installed libuv into
nonstandard location. I would suggest to use homebrew or macports to install
the dependencies.
Ondrej
--
Ondřej
w versions of libxml2 and zlib)
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 28 Apr 2020, at 22:12, Eddy Hahn wrote:
>
>
> OK. Before I did not give you the full picture because I did not want to be
> to verbose :-)
>
> It should have been
>
> export SERVERPLUS_DI
inspect` that might be at fault.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 21 Apr 2020, at 21:14, John Wiles wrote:
>
> The only ip inspect lines that I could find in the current config are:
>
> ip inspect dns-timeout 7200
> ip inspect name CCP_HIGH dns
>
> John
>
might not be the best way to de-escalate the conflict.
Thank you for keeping this place civil,
Ondrej
--
Ondřej Surý — ISC___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
Hi,
to create a empty non-terminal (ENT) you should do:
non-empty.an-empty-name.example.com. IN TXT
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 29 Apr 2020, at 12:22, Alessandro Vesely wrote:
>
> Hi all,
>
> the doc says each node has a set of resource information, whi
rver-names {
"192.168.1.1";
};
};
and named -g reports:
15-May-2020 15:25:00.015 network unreachable resolving '192.168.1.1/A/IN':
2001:503:c27::2:30#53
15-May-2020 15:25:00.015 network unreachable resolving '192.168.1.1//IN':
2001:503:c27::2:30#53
Cheers,
Ondrej
--
Ondřej
Hi Chris,
when your vpn comes up, you need to issue:
rndc flushtree
command to the BIND 9 instance.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 15 May 2020, at 14:16, Chris Palmer via bind-users
> wrote:
>
> There is much discussion about recursion but I can't find anything tha
differently when there’s already cached content?
I suggest you run test BIND instance with -d 99 to see what’s happening.
Ondřej
--
Ondřej Surý — ISC
> On 15 May 2020, at 18:22, Chris Palmer wrote:
>
> Hi Ondřej
>
> At first glance your suggestion looked like what I had done.
Unfortunately, we still need usable coredump with debugging symbols (the
symbols could be external)
Just a staring into the code hasn’t brought anything fruitful, unfortunately,
and believe me, we tried.
Ondrej
--
Ondřej Surý — ISC
> On 18 May 2020, at 21:27, Kevan Benson wr
Hi Anand,
yes, it is. The broken code was introduced in the glibc 2.26, and generally
RedHat/CentOS/Fedora/Debian libc6 already has the required patches.
Ubuntu 18.04 (and derivatives) is the only major Linux distribution that
doesn’t have the patch yet.
Ondrej
--
Ondřej Surý
ond...@isc.org
Oh, right. I was hoping Bionic would have a fix by the time we release new BIND
9.
The fixed package should be building right now.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 23 Mar 2020, at 11:47, FUSTE Emmanuel
> wrote:
>
> Hello,
>
> 9.16.1 had been pushed into ISC sta
Hi Emmanuel,
I made a mistake in the package, so bind9 (1:9.16.1-2+ubuntu18.04.1+isc+3)
would be the correct version to use on Ubuntu bionic.
If you experience any reproducible locks and crashes, we would be interested
in having tcpdump that causes the lockup.
Thanks,
Ondrej
--
Ondřej Surý
ond
documentation that generally applies
to most Linux distros.
Ondřej
--
Ondřej Surý — ISC
> On 17 Mar 2020, at 06:15, ShubhamGoyal wrote:
>
>
> Dear sir,
>I tried whatever you said
> but it is not working.
> please give me more solutions
>
>
>
Hi Larry,
it seems like your macOS SDK is incomplete or something like this.
Both clock_gettime() and CLOCK_REALTIME are available since Mac OSX 10.12.
Please make sure you have up-to-date Xcode and matching Command Line Utils for
Xcode.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 24 Mar 2
\
internetsystemsconsortium/bind9:9.16
Thanks for any feedback you might have,
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software
on those ports, and then use
`dig` (or other DNS debugging tool) to send actual DNS
queries.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
> On 1. 9. 2020, at 16:11, Axel Rau wrote:
>
> Hi!
>
> this is a new server, which answers external queries, sends notifies and
> pushe
DME for details.
#include
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Cont
library with a focus
on asynchronous I/O.
If that doesn’t work, you really need to look into config.log, it has all or
most of the information needed to properly debug the issue.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 27 May 2020, at 17:57, DeCaro, James John (Jim) CIV DISA FE (USA) via
> bind-user
Jim, you need to read up on how to setup the system dynamic linker to add extra
directories with libraries.
Searching for “library path Solaris” shows this as one of the first links:
https://docs.oracle.com/cd/E19205-01/819-5262/aeude/index.html
Ondrej
--
Ondřej Surý — ISC
> On 27 May 2
Please submit a feature request to our GitLab instance. I can’t guarantee that
we will get to it in the timeframe you need, but the mails tend to get lost.
Ondrej
--
Ondřej Surý — ISC
> On 27 May 2020, at 19:35, PGNet Dev wrote:
>
> On 5/26/20 4:50 PM, Mark Andrews wrote:
>> T
patch for reserved port") on some of them. There are
> currently no plans to make such a combination of settings work again.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 26 May 2020, at 11:38, Ingeborg Hellemo wrote:
>
> FreeBSD 11.3-RELEASE-p3
>
> This morning I upgraded
Jim,
I would like to point out that ISC does provide a commercial support on BIND 9
as a way to provide funding to develop BIND 9 as open source software. Please
let me know if you are interested in hearing more and I can connect you to the
sales team.
Cheers,
Ondrej
--
Ondřej Surý — ISC
I think it’s reasonable for nsupdate to do the chunking on itself. Patches are
always welcome, but if you can start by creating issue for us, it would be very
much welcome. I can’t offer you any timeframe, but at least it won’t get lost.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 1 Jun 2
kports to your apt sources.list
to solve the missing dependency.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 20 May 2020, at 12:32, Marcel de Riedmatten wrote:
>
> Hi all
>
> Can't seems to find a better place to voice an issue with the
> installation of the latest packaging for
Hi Marcel,
I think I figured it out how to build without any additional extra dependencies,
so the next update of the bind9 package for Ubuntu will not require to have
-backports enabled.
Thanks for the valuable feedback.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 20 May 2020, at 13:29, Mar
Missing MX, there’s actually syntax accepted by major SMTP servers to disable
SMTP for domain:
example.com. MX 0 .
Ondrej
--
Ondřej Surý — ISC
> On 9 Jul 2020, at 16:06, Matthew Richardson wrote:
>
> On a related issues there were (perhaps long ago) issues if the A record
> for
keep the noise to minimum to the list? Your email was
not helpful,
so I would appreciate if you could cut the trolling on the list to the minimum.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
> On 8 Jul 2020, at 13:29, G.W. Haywood via bind-users
> wrote:
>
> Hi there,
>
>
Jukka and others,
I would prefer if we didn’t scold people for typos on the mailing list. The typo
in the message had no impact on the question itself, and here, we are trying
to build community that’s welcoming to newcomers to the wonderful world
of DNS.
Ondrej
--
Ondřej Surý
ond...@isc.org
, this is the configuration option you are looking for:
https://bind9.readthedocs.io/en/latest/reference.html?highlight=Cookie#server-statement-grammar
Ondrej
--
Ondřej Surý — ISC
> On 17 Jun 2020, at 17:22, Ian Springett wrote:
>
>
> Hi
> I have an issue with BIND 9.14.11 and recursive queries to
1 - 100 of 463 matches
Mail list logo