RE: extended dns error

Hi Greg, Thank you for your answer I use RPZ as follows : response-policy { zone "rpz"; } break-dnssec yes recursive-only no qname-wait-recurse no; }; Regards Sami De : Greg Choules Envoyé : mercredi 12

extended dns error

Hello community I want to use "extended dns error" option on my recursive dns server. What config changes are required to enable EDE? I am using BIND 9.16.42 as recursive server. Regards Sami -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds

Re: extended dns error

Hello Thank you for your answer yes we will plan a migration to version 9.18. now I have activated "error log" to have the cause of an error servfail is here is the result. 11-Jul-2023 10:36:21.146 query-errors: debug 3: client @0x7f217a2bd250 127.0.0.1#39627 (cadyst.com): view default: rpz

monitoring BIND

Hello comunity please what is the most recommended tool for BIND monitoring and especially display response time and latency thank you in advance. Regards Sami -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software

RE: monitoring BIND

Hello Borja Thank you very much for this feedback, yes I confirm that monitoring the latency time is not always obvious, please about this solution you are currently using, there is a tutorial to try it? Thanks in advance. Regards Sami -Message d'origine- De : Borja Marcos Envoyé :

RE: monitoring BIND

Hello Andrew Thank you for your feedback I am testing some tools including netdata from the list suggested by the isc except that I want to know your feedback about the tools you use especially to monitor latency. Regards De : Andrew Latham Envoyé : jeudi 3 août 2023 16:14 À : RAHAL Sami

Tools to mesure performance and benchmarking of a DNS

Hello Please, what is the recommended open source tool to test the performance and benchmarking of a DNS server i.e. capture packets and then send them to a DNS server to measure response time, latency, cache usage etc. Regards Sami -- Visit https://lists.isc.org/mailman/listinfo/bind-users

RE: Tools to mesure performance and benchmarking of a DNS

Hello thank you for the details regards -Message d'origine- De : bind-users De la part de bind-users-requ...@lists.isc.org Envoyé : jeudi 22 juin 2023 13:00 À : bind-users@lists.isc.org Objet : bind-users Digest, Vol 4265, Issue 1 Send bind-users mailing list submissions to

RE: replace "SERVFAIL" to "NXDOMAIN" with rpz

Thank you very much, it now works fine, just another question please, what is the recommended open source tool to test the performance of a DNS server i.e. capture packets and then send them to a DNS server to measure response time, latency, cache usage etc. Regards De : Greg Choules Envoyé :

RE: replace "SERVFAIL" to "NXDOMAIN" with rpz

Hello Thank you for your feedback, yes it works like that! for that does not work for a domain name that already has the return code "SERVFAIL" and we want to change this code by "NXDDOMAIN" like this domain name "antlauncher.com" regards Rahal -Message d'origine- De : bind-users De

RE: replace "SERVFAIL" to "NXDOMAIN" with rpz

Hello Thank you for these details Greg, by the way I worked on a problem on one of my resolvers and there are no errors of type "SERVFAIL" currently for valid domain names but I receive servfail for this domain name "antlauncher.com" that's why I wanted to change the return code for this domain

RE: replace "SERVFAIL" to "NXDOMAIN" with rpz

Thank you Greg I tested with other domain name to replace "SERVFAIL" with "NXDOMAIN" is it not working I use CentOS7 with BIND9.16.41 grep antlauncher db.rpz antlauncher.com CNAME . *.antlauncher.com CNAME . grep example db.rpz example.com

RE: replace "SERVFAIL" to "NXDOMAIN" with rpz

Thank you Greg So if I understand correctly if we receive a servfail return code we can not modify this code by nxdomain with the rpz configuration? Regards De : Greg Choules Envoyé : lundi 19 juin 2023 12:02 À : RAHAL Sami SOFRECOM Cc : bind-users@lists.isc.org Objet : Re: replace "SERVFAIL"

RE: latency and response time

Hello Greg Thank you for your feedback Latency is the amount of time it takes for a data packet to go from one place to another but Response time it's the total time taken to respond to a service request, including the service time (time to complete the requested task) and the wait time (time

replace "SERVFAIL" to "NXDOMAIN" with rpz

Hello For monitoring reasons I try to change the return code of a domain name from "SERVFAIL" to "NXDOMAIN" with the rpz classic configuration of BIND9.16.42 as follows: example.com IN CNAME. *.example.com IN CNAME . But it still doesn't work, I still have the message " SERVFAIL", is it

latency and response time

Hello In DNS benchmarking which is more important latency or response time? for a DNS server what is the difference between the two values? Regards, Sami -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with

RE: record PTR

It's clear, thank you. De : Ben Croswell Envoyé : jeudi 14 mars 2024 13:26 À : RAHAL Sami SOFRECOM ; ML BIND Users Objet : Re: record PTR 181.242.197.in-addr.arpa. 3600 IN NS douala0.orange.cm. 181.242.197.in-addr.arpa. 3600 IN NS nsbangui.orangerca.com.

record PTR

Hello, please, I want to know if I need to delegate a range of IP addresses to my authoritative DNS server with my registrar before creating a PTR record or not. In other words, if I want to create a PTR record on my authoritative server (ns1.mydomain.com) for mail.mydomain.com pointing to

transfert master slave

Hello community, I'm trying to configure a DNS slave server (192.168.56.157) . I want to allow notifications only from the master (192.168.56.154). I added the directive "allow-notify {192.168.56.154;};" and it works. However, when I try to test the prohibition of notification by adding

RE: transfert master slave

It's clearer now, thank you Greg Sami De : Greg Choules Envoyé : lundi 25 mars 2024 12:52 À : RAHAL Sami SOFRECOM Cc : ML BIND Users Objet : Re: transfert master slave Hi Sami. "allow-..." statements are to restrict from which sources *this* server will accept messages, of whichever type. On

RE: transfert master slave

Thank you Mark for this information Regards De : Mark Andrews Envoyé : lundi 25 mars 2024 12:42 À : RAHAL Sami SOFRECOM Cc : ML BIND Users Objet : Re: transfert master slave Allow-notify is additive. You can’t block notify from primaries. -- Mark Andrews On 25 Mar 2024, at 22:34,