Re: dns firewall, proof of concept howto published, rpz. request for feedback

I posted the pdf of the How-To on this page, down towards the bottom: http://www.isc.org/community/tools/ Vicky Risk ISC On May 11, 2014, at 3:21 PM, G.W. Haywood b...@jubileegroup.co.uk wrote: Hi there, On Sun, 11 May 2014, Hans-Cees Speel wrote: Feedback is welcome! ... pdf at:

Re: rndc (and now nsupdate too)

This recent thread, in which people are describing their scripts and GUI provisioning systems makes me think we should recruit a few of you who think you have a sweet provisioning system, to do a WebEX and describe it for everyone else who is looking for a better system. At the RIPE meeting in

Re: ISC considering a change to the BIND open source license

> > What are the underlying reasons for wanting to make this change? Hi Lars, As you know, ISC is a non-profit. Our funding comes from software support contracts and small donations from users. We like this model because our funding is aligned with what we see as doing our core job. As

ISC considering a change to the BIND open source license

Hello BIND users- ISC published BIND under a very permissive open source license (https://www.isc.org/downloads/software-support-policy/isc-license/ ) nearly

Re: ISC considering a change to the BIND open source license

Hi Robert, > It looks like this was announced today: > > https://www.isc.org/blogs/bind9-adopts-the-mpl-2-0-license-with-bind-9-11-0/ > >> The MPL license requires that anyone redistributing the code who has changed >> it must publish their changes (or pay for an exception to the license). It

Re: replicate a whole master

West Dogger: Northerly 4 or 5. Slight. Occasional rain. Moderate or > good, occasionally poor. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.is

Comments on Root Key Rollover impact on BIND users

You all are probably aware of the plans for rolling the root dnssec key in 2017. ICANN is trying to ensure this goes smoothly and we are of course looking for ways ISC can help. There is a draft blog post on the topic of the 2017 Root Key Rollover, kind of hidden on ISC’s web site here:

Re: views

significant effort, sponsored by an OEM user of BIND. As part of the agreement with the sponsor, we agreed to embargo the feature from the open source until 2018. Victoria Risk Internet Systems Consortium vi...@isc.org signature.asc Description: Message signed with OpenPGP ___

Guest access to the BIND and ISC DHCP bug database

Hello BIND and DHCP users, We have wanted to open ISC's BIND and ISC-DHCP bug database for a long time, and now we are finally ready to do it. As of July 7th, 2017, ISC’s internal bug database will offer read-only access to anonymous guest users. Guest users will be able to read issues in a

Guest access to the BIND and ISC DHCP bug database

Hello BIND and DHCP users, We have wanted to open ISC's BIND and ISC-DHCP bug database for a long time, and now we are finally ready to do it. As of July 7th, 2017, ISC’s internal bug database will offer read-only access to anonymous guest users. Guest users will be able to read issues in a

Re: filter-aaaa-on-v4 not available in Windows binary?

> On Aug 30, 2017, at 8:55 AM, pLAN9 wrote: > > Apologies all, I missed an Event Viewer entry: > > "C:\Program Files\ISC BIND 9\etc\named.conf:19: option 'filter--on-v4' > was not enabled at compile time" > > So it appears I DO have to recompile… I see that Mark has made

Re: bugs with BIND 9.11.0-P3 edns client subnet

> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users Victoria Risk Internet Systems Consortium vi...@isc

BIND 9.13.x supported platforms

SSL >= 1.0.2 Windows 10 / x86 Windows Server 2012 Thank you! Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing

Should we bundle the MaxMind GeoIP db?

Hello GeoIP users, We are aware that Maxmind is discontinuing their older free GeoLite location database and replacing it with a new database with a new format (GeoLite2). https://dev.maxmind.com/geoip/geoip2/geolite2/ We have an issue open in the BIND gitlab to update our Geo-IP support to

Re: Should we bundle the MaxMind GeoIP db?

s, certainly. Even if they don’t include it today, they might not include it even if we bundle it. So this would not necessarily have any impact on what a particular package offers. > > On Wed, May 30, 2018 at 5:27 PM, Victoria Risk <mailto:vi...@isc.org>> wrote: > Hello

Re: Release Strategy Clarification

lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org __

tool for finding undelegated children in your DNS

Does anyone know of a good tool that you can run on your DNS records to find parent + child pairs where there is no NS record for the child in the parent? Someone must have a perl script for that, right? Thank you for any suggestions. Vicky ___

Re: tool for finding undelegated children in your DNS

11:41 AM, Victoria Risk wrote: > > Does anyone know of a good tool that you can run on your DNS records to find > parent + child pairs where there is no NS record for the child in the parent? > > Someone must have a perl script for that, right? > > Thank you for any

BIND 9.13.x is the BETA version of BIND 9.14.0

cts/bind9/issues/361) If you have the time and want to help us out, please consider testing 9.13 and giving us your feedback. We welcome anyone to open a BIND issue at https://gitlab.isc.org/isc-projects/bind9. Thank you, Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org

DNSSEC Negative Trust Anchor report

We have had a couple of requests for a log message warning that an NTA has just expired. The use case is, there is a help desk that needs to know when validation might be failing because of an NTA that was just removed. Anyway, in response, Evan wrote a Python script that takes the output of

DNS Privacy Interest and Concerns

the summary results publicly. Thank you! Vicky --- Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list

Interest in sharing operational experience with other users?

willing to give this a try? You can ask on list whether anyone is interested in your proposed topic, and/or unicast back to me to try to schedule something. Vicky -- Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org

Re: DNS flag day

> On Jan 18, 2019, at 9:09 AM, Ben Croswell wrote: > > Has ISC released minimum viable BIND version for flag day? Most versions of BIND authoritative servers, going back years, are EDNS compatible. Certainly ALL currently supported versions are compatible. I see you are running 9.8, which

Re: DNS flag day

I was replying to them about firewalls in regards to > their 9.8 issues. > > Was just hoping for a statement of 9.x or greater supports the needed badvers > signaling etc. > > On Fri, Jan 18, 2019, 12:15 PM Victoria Risk <mailto:vi...@isc.org> wrote: > &g

Re: allow-update in global options (was Re: bind and certbot with dns-challenge)

Regarding allow-update: - We do try to avoid ‘breaking existing deployments’ with this sort of change. We do also have to balance maintaining existing deployments with making improvements in security and usability. - When we ‘clarified’ behavior of BIND in 9.13.5 preventing the use of

Re: 9.14.0 filter-aaaa

Sorry Carl, I see you ARE trying to use the new syntax. I saw filter- and kind of skipped over the rest… I was so excited that finally I thought I could answer something, but, it was the *wrong* answer! Vicky > On Apr 15, 2019, at 10:49 AM, Victoria Risk wrote: > >> On

Re: 9.14.0 filter-aaaa

is using IPv6. filter--on-v6 Identical to filter--on-v4, except it filters responses to queries from IPv6 clients instead of IPv4 clients. To filter all responses, set both options to yes. Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org _

Proposal to adopt a Code of Conduct for the list

-users-ow...@lists.isc.org> ------ Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org <mailto:vi...@isc.org> ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users maili

Explicit Code of Conduct for this list established

Hey there BIND-users, A few weeks ago I posted a message here asking for feedback about establishing some sort of guideline for behavior on this list. I suggested an email sent by Cathy Almond of ISC Technical support to this list a few years ago, asking for civility and patience. A few

Re: Status of experimental COPR packages

ps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org __

Re: Status of experimental COPR packages

>> We did recently start setting up another site, Cloudsmith.io, for >> some of our packages. We need a site we can control for non-public >> stuff, like the BIND subscription edition, and private patches, and >> Cloudsmith allows us to put packages for multiple different OSes in >> one repo. I

Re: RHEL, Centos, Fedora rpm 9.14.6

> On Sep 30, 2019, at 7:08 AM, Lightner, Jeffrey > wrote: > > I can't speak for him but will say Carl has been providing these packages and > announcing them on this list for quite some time now and it is valuable to > those who would like to use later upstream packages on RHEL/CentOS/Fedora.

Re: Inquiry re: DNS over HTTPS

> On Nov 4, 2019, at 10:38 AM, LeBlanc, Daniel James > wrote: > > Hello All. > > I am interested in whether ISC BIND intends to directly support DNS over > HTTPS in the near future, or whether it is expected that users will create an > environment to accept the HTTPS request and convert it

Re: CloudSmith repository missing

Matt, We have a stable set of packages now. I just published a Knowledgebase article on our packages which we are committed to keeping up to date. https://kb.isc.org/docs/isc-packages-for-bind-9 Vicky

Re: OT: Reminder: DNSSEC series starts in 1 day

ers to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org ___ P

Re: Advice on balancing web traffic using geoip ACls

ced by 9.16, released just this past week. We will continue offering security releases for 9.14 for a 3-month period to support migration to 9.16. Someone doing a migration today should look at 9.16 rather than 9.14. > You absolutely should not be running a bind version several years old, as

Re: dnssec-lookaside auto key expiration

be possible to run named with the dlv configured. Vicky Risk Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list

Re: DoH plugin for BIND

-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org ___ Please visit http

Help us weed out the old crap in the ISC KB

comments I might need to subsequently clarify with you. Thank you for your contributions. Vicky Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs

Re: forwarders used in order or based on RTT ?

The ARM was updated in 9.16.6. Sorry it took us so long! from https://gitlab.isc.org/isc-projects/bind9/-/issues/2030 Forwarders are typically used when an administrator does not wish for all the servers at a given site to interact directly with the rest of the Internet. For example, a common

Re: distribution of Bind software through our website

ot wish to grant additional rights for their software. > > I'm also hosting a mirror of BIND at git.ghnou.su/mir/bind > <https://git.ghnou.su/mir/bind> without issues. > > Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org __

ISC is looking for dns geeks

Hello BIND-users, We have two full-time job openings at ISC. We are so busy these days, we are adding another customer support engineer, and another developer to the BIND development team. Those of you on this list know better than anyone how challenging, and satisfying, it can be to solve

Upcoming talk on VinylDNS

ultiple DNS providers (https://stackexchange.github.io/dnscontrol/ <https://stackexchange.github.io/dnscontrol/>) Vicky Victoria Risk Product Manager Internet Systems Consortium vicky at isc.org <https://lists.isc.org/mailman/listinfo/bind-users>

Request for review of performance advice

corrections or warnings are very welcome. Thank you! Vicky - Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds

Re: BIND Masters and slaves

the effort any more, because we are already convinced it is worth the effort on our part. Vicky Risk Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org (1) https://kb.isc.org/docs/policy-for-removing-namedconf-options ___ Please

Re: BIND Masters and slaves

We have decided to put the list into general moderation because it feels like there is nothing substantive to add on this topic and it seems like we might benefit from a cooling off period before anyone gets more upset. We will push through any posts on any other topic (about BIND anyway), and

Re: Latest BIND ARM is missing from docs page?

> On Jun 15, 2020, at 3:24 PM, Brett Delmage wrote: > > On Mon, 15 Jun 2020, Evan Hunt wrote: > >> On Sun, Jun 14, 2020 at 06:38:38PM -0400, Brett Delmage wrote: >>> Is this ARM the most recent version? >> >> No, the current stable release is 9.16. The "primary" and "secondary" >> keywords

Interest in a webinar on any of these DNS mgmt tools?

, Vicky Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions

Re: BIND through COPR after CentOS

sconsortium/bind9). Vicky Victoria Risk Product Manager Internet Systems Consortium vi...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with

Re: Catalog zones version 2 support

> On Nov 10, 2020, at 11:29 PM, Jan Drobil wrote: > > Hi, > will BIND support catalog zones version 2 - > https://tools.ietf.org/html/draft-ietf-dnsop-dns-catalog-zones-00 ? > Knot DNS introduces them in version 3 - > https://www.knot-dns.cz/docs/3.0/singlehtml/#catalog-zones Jan, We have

New BIND releases are available: 9.16.18, and 9.17.15

Hello BIND-users, The updated June maintenance releases of BIND 9.16 and 9.17 are available and can be downloaded from the ISC software download page, https://www.isc.org/download . These contain the fix for the previously announced “W” typo issue in BIND 9.16.17

Re: A question on logging

Also… Logging is the topic most often searched on in our knowledge base. We have one article on logging that is read more often than any other, that we are planning to migrate to the ARM. https://kb.isc.org/docs/aa-01526 That article also references a webinar Carsten Strotmann presented

Re: Deprecating BIND 9.18+ on Windows (or making it community improved and supported

> On Jun 2, 2021, at 3:24 PM, Peter via bind-users > wrote: > > Well that sucks no more bind for windows...:( We are supporting BIND 9.16 on Windows, and we are supporting 9.16 through the end of 2024, so we are not at the end of the road yet! https://kb.isc.org/docs/aa-00896 Vicky

Re: Deprecating BIND 9.18+ on Windows (or making it community improved and supported)

> On Jun 2, 2021, at 1:36 PM, Richard T.A. Neal wrote: > > Could I ask if a conclusion has been reached regarding this? I know there was > quite a bit of chatter in April/May but it's not clear to me whether any > conclusions were reached. We are pretty well decided that we will not support

Can you share some real-world queries with ISC?

Hello again BIND-users, Sorry for asking for help twice in one day. We are setting up a new resolver performance test bed, one that we hope will be a better simulation of real-world deployment. Once we have this working, we should be able to profile BIND performance using DoH and DoT as well

Plan to remove ISC custom SPEGNO from BIND

Hey there BIND Users- We have removed the ISC custom SPEGNO implementation from the development branch (9.17.x). We intend to also remove it from BIND 9.16 and 9.11. This is very old and fragile code and it is provides extra risk for everyone, while being useful for (we think) almost nobody.

Re: Status of zytrax.com "DNS for Rocket Scientists" website

I will contact Ron and see what is up. Thank you for pointing it out Carsten! Vicky > On Apr 19, 2021, at 7:21 AM, Richard T.A. Neal > wrote: > > Carsten Strotmann wrote: > >> does anyone know about the status of the zytrax.com website and the >> excellent "DNS for Rocket Scientists"

Re: Status of zytrax.com "DNS for Rocket Scientists" website

him that a lot of users still find his site very useful and to let ‘us’ know if he ever plans to pull the plug. Vicky > On Apr 19, 2021, at 8:49 AM, Victoria Risk wrote: > > I will contact Ron and see what is up. > > Thank you for pointing it out Carsten! > > Vicky >

Notice of plan to deprecate map zone file format

Greetings bind-users, The `map` zone file format was introduced in BIND 9.10. https://bind9.readthedocs.io/en/v9_16_20/reference.html?highlight=map%20zone#additional-file-formats At the

Re: Notice of plan to deprecate map zone file format

> On Sep 10, 2021, at 7:24 AM, Timothe Litt wrote: > > Clearly map format solved a big problem for some users. Asking whether it's > OK to drop it with no statement of what those users would give up today is > not reasonable. > Actually, we are not sure there ARE any users. In fact, the

Re: Notice of plan to deprecate map zone file format

>>> After all the "other improvements in performance" that you cited, what is >>> the performance difference between map and the other formats? >> >> I don’t know that, to be honest. We don’t have the resources to benchmark >> everything. Maybe someone on this list could? We would also like

Re: Bind-Users-Forum Link is down

Hi Harshith, ISC doesn’t operate Nabble, it is an independent service on the Internet. I was notified 2 weeks ago that they are ‘consolidating to a single server', and wanted to know if they should move our forum. ("Yes, please!") I think this consolidation could be a sign that they may be

Re: 9.11, 9.16 and ESV designation

Hi John, > > That document was last updated on Jan 5, 2022, so this news is at least three > weeks old. I don't recall seeing anything on the "Announce" mailing list > regarding the change in ESV designation. ….. > Nor do I see any difference in the COPR packages: > >

Reminder: BIND 9.11 is going EOL in March 2022

Hello bind-announce, BIND 9.11 is now in its last quarter of support. We are fixing critical security issues only at this point. It is time to start making plans to update if you are still running a 9.11 version. (The current release plan is published at https://kb.isc.org/docs/aa-00896

Re: Reminder: BIND 9.11 is going EOL in March 2022

> On Apr 5, 2022, at 12:37 PM, John Thurston wrote: > > We've reached April, 2022. I expect, in the next 30-days or so, we'll be > seeing an announcement regarding the change of contents of bind-esv, bind, > and bind-dev > > Is it reasonable to expect these changes will occur in about the

Re: Only one DS key comes back in query

Hi Frank, The use of example.com and the like on this list is provocative specifically because people are frustrated that they then cannot help you. It is something of a special situation that since you are not a regular participant here, you were unaware of. The people on this list will

Reminder about moderation and the code of conduct

Many of you have been members of the bind-users mailing list for many years, and have both given and received advice to/from other participants. So you understand what a helpful and caring community it can be. We appreciate all of you who generously share your expertise here, and we want to

Re: High memory consumption in bind 9.18.2

Hi Doug, I think Ondrej is referring to this post from a prior month: https://lists.isc.org/pipermail/bind-users/2022-June/106350.html …. For tips on how to measure memory usage you might want to look at

Re: DoT forwarding from BIND9

> On Dec 14, 2022, at 10:12 AM, Petr Menšík wrote: > > Hello, > > I tried to find a way how to configure queries forwarding over encrypted > channel. But unlike zone transfer and notifications, I have not found a way > to configure query forwarding over DNS over TLS even in latest 9.18.9

ISC is hiring a Technical Support Engineer

ISC is hiring a Technical Support Engineer to help BIND 9, Kea and DHCP users. This is a 100% remote working opportunity, with flexible hours. The team spans the US and Europe, but right now need someone who can help cover US business hours. This is an interesting job with a lot of variety and

BIND 9.16 is approaching EOL in April, 2024

The BIND 9.16 release branch is approaching EOL as of April, 2024. We encourage users running 9.16 or (gasp) 9.11, to upgrade to 9.18. The 9.18 branch has consistently out-performed the 9.16 branch, and we are confident that it is more stable than 9.16. One of our support engineers has

Re: BIND 9.16 is approaching EOL in April, 2024

907-465-8591 > john.thurs...@alaska.gov <mailto:john.thurs...@alaska.gov> > Department of Administration > State of Alaska > On 2/26/2024 7:35 AM, Victoria Risk wrote: >> The BIND 9.16 release branch is approaching EOL as of April, 2024. We >> encourage users running 9.16 or (gasp) 9

Re: [OFF-TOPIC] Question about ClouDNS (and others') ALIAS records

Karl, We have a knowledgebase article on the topic of ‘alias’ records: https://kb.isc.org/docs/aa-01640. The article is a bit out of date, but still basically valid. It is not specific to the implementation you mention however. Vicky > On Mar 26, 2024, at 7:49 AM, Karl Auer wrote: > > I'm