and we'll also
have no reason to list your netblock on RBL
no need to reply, just let it sink in, but since its failed to in over 5
years, i dont expect miracles.
On 03/05/2020 15:13, Reindl Harald wrote:
> Am 03.05.20 um 01:42 schrieb Noel Butler:
>
>> Dont waste your time
o know whos going where, netflow tells
us a whole lot more anyway
--
Kind Regards,
Noel Butler
This Email, including attachments, may contain legally
privileged
information, therefore remains confidential and subject to copyright
protected under international law. You may
d DNS. Do we piggyback off an
> existing port and rely on its ubiquitous allowance on the internet or do we
> create a new port for it, where we can make a dedicated new protocol suite?
>
> On 5/2/20 5:03 PM, Reindl Harald wrote:
--
Kind Regards,
Noel Butler
t is earlier than 9.11.4
>
> Has Ubuntu properly patched it for relevant security updates? Is it safe to
> run? Of course it will be missing the latest features and software defects
> (which I am exploring on a test server sing a version I compiled myself).
--
Kin
at it is binded to or internal, if it is binded to 127.0.0.1 and
> 192.168.0.1 ?
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
ary after
> noticing the the issue.
> Then, on *both* servers:
--
Kind Regards,
Noel Butler
This Email, including any attachments, may contain legally
privileged
information, therefore remains confidential and subject to copyright
protected under international law. You may
o blindly accepted and enacted
the block.
To put it in RFC terms for non aussies, s313 is a SHOULD, and _not_ a
MUST.
If theres genuine reason, ie mass collateral damage, you can lawfully
refuse to carry out such requests.
--
Kind Regards,
Noel Butler
This Email, including any a
this not the key that is wanted? It appears to be the only key I have. Do
> I need to change to some different key type for bind 9.14, or am I forgetting
> something else.
>
> I did make some changes to the DNS back in 9/12 several months ago, and I
> don't recall having t
eff:feda:9842 prefixlen 64 scopeid 0x20
You might also want to read up on gai.conf and set some precedence's,
I dont use it, but on slackware I dont have the problems you have, it
might help - I recall having to use it well over 10 years ago on a few
centos servers we inherited at the time.
>
> Doing the following recreated the .signed file, but still didn't add the new
> subdomains.
>
> Freeze, flush, edit, thaw,
>
> Then service named stop, service named start.
freeze, edit, thaw, rndc_reload is all thats needed
--
Kind Regards,
Noel Butler
; Would you like some help?"
>
> Kidding aside, Slackware is old school awesome.
>
> ;)
>
> FROM: bind-users [mailto:bind-users-boun...@lists.isc.org] ON BEHALF OF Noel
> Butler
> SENT: Tuesday, January 01, 2019 5:32 PM
> TO: bind-users@lists.isc.org
> SUBJ
On 02/01/2019 04:48, Doug Barton wrote:
> I've had LE fail after a cerbot upgrade because it grew a dependency that
> didn't automatically get installed with the upgrade.
>
> So yes, automation good, but not perfect.
Yes likewise on the one box I could actually get certbot to run on, just
would
On 01/01/2019 12:54, John W. Blue wrote:
> nuff said, eh?
>
> I thought that Let's Encrypt wanted to roll / revalidate SSL certs every 90
> days. IIRC they have automation for apache and DNS tools when it comes to
> revalidation.
acme.sh FTW
--
Kind Re
-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Kind Regards,
Noel Butler
This Email, including any attachments, may contain legally
privileged
information, therefore remains confidential and subject to copyright
protec
ew times what John Blue suggested,
might not stop my resources being abused, but it gets the point across
:)
--
Kind Regards,
Noel Butler
This Email, including any attachments, may contain legally
privileged
information, therefore remains confidential and subject to copyright
p
in your SMTP/WWW_Module configs, like, for
example in postfix:
reject_rbl_client dul.dnsbl.sorbs.net
I wont go into the fact bind 9.8 is so old its unsupported :)
--
Kind Regards,
Noel Butler
This Email, including any attachments, may contain legally
privileged
informat
On 15/06/2016 10:29, Ted Mittelstaedt wrote:
On 6/14/2016 4:28 PM, Noel Butler wrote:
On 15/06/2016 05:38, Ted Mittelstaedt wrote:
It seems some on the list are short on philosophy? Well here is
the actual philosophy and I'll apologize in advance that it won't fit
in a SMS message
On 15/06/2016 05:38, Ted Mittelstaedt wrote:
It seems some on the list are short on philosophy? Well here is
the actual philosophy and I'll apologize in advance that it won't fit
in a SMS message for those people unable to have deep thoughts more
complex than a SMS message. Hopefully you are
On 24/02/2016 09:13, Mathew Ian Eis wrote:
> Hi BIND,
>
> I've encountered (quite by accident) an interesting behavior in BIND with
> wildcard domains:
>
> The relevant configuration is a zone; e.g. bar.com, with what I'll call a
> "second level" wildcard host, e.g. *.foo.bar.com A 10.10.10.
On 06/02/2016 07:28, Olliver Schinagl wrote:
; BIND db file for ad servers - point all addresses to an invalid IP
$TTL864000 ; ten days
@ IN SOA ns0.example.net. hostmaster.example.net. (
2008032800 ; serial number YYMMDDNN
On 06/02/2016 07:25, Olliver Schinagl wrote:
I have configured my ad zone as a 'regular' set of zones all pointing
to the same 'null' zone and the only problem I really have is that the
newer binds no longer allows you to to do that, point to the same null
poppycock
our caching resolver loads
On 12/09/2015 00:54, David Ford wrote:
We are also one of those services that will reject mail if DNS records
don't line up sufficiently to a) satisfy RFC requirements for DNS and
b)
are clearly mismatched with your DNS A/MX/PTR/SPF and who you pretend
to
be in HELO/EHLO
Those two simple rule
On 05/09/2015 11:41, Mike Hoskins (michoski) wrote:
Actually, PIX had issues... I can attest to that, having administered
several Cisco-based networks including PIX years before I was "a Cisco
The biggest issues we really saw with PIX protected networks was in
early 2000's,
it used to bit
On 05/09/2015 05:00, Leandro wrote:
> Reindl , I agree with you.
> One Firewall should be enough.
> So, what you consider this firewall should do ?
> In my opinion:
> Block requests coming from a blacklist (Who will generate this list ?)
> Block denial of service requests. It needs to measure
On 05/09/2015 04:49, Reindl Harald wrote:
mostly people who are throwing as much as possible appliances and
firewalls in front of their machines doing that because missing
knowledge
and falling for some salesman's BS, the moment they sniff you have no
idea, they rub their hands together think
On 11/08/2015 07:59, Lawrence K. Chen, P.Eng. wrote:
> On 2015-08-10 16:49, Lawrence K. Chen, P.Eng. wrote:
>
>> Though I realize my error not recalling that there is a middle (neutral)
>> level, and which is more appropriate, since softfail is somewhere between
>> fail and neutral which is
On 08/08/2015 01:23, Heiko Richter wrote:
> The "spf2.0/pra ?all" is SenderID, where "pra" forces the DMARC server
> to check only the Envelope-Sender against "v=spf1 mx -all". If you
> don't set that, SPF will always check both Envelope-From and Header-From.
>
>> Note that it's the SenderID
Hi,
No, not directly, there are things like webmin that used to let people
manage DNS, not sure how manageable though or if its even still
supported.
On 07/07/2015 19:26, Ejaz wrote:
> All.
>
> Dees bind support for web-based control panel? I need one that can
> automatically push updat
On 27/05/2015 07:00, Mike Hoskins (michoski) wrote:
> Hi folks,
>
> I've read about RRL with interest since its inception, but just now
> getting around to rolling it out. That is partially because we run a very
> small authoritative infrastructure serving mostly as Akamai EDNS origins.
> How
On 07/04/2015 17:15, G.W. Haywood wrote:
> Hi there,
>
> On Tue, 7 Apr 2015, bind-users-requ...@lists.isc.org wrote:
>
>> Message: 1
> [Snip 51 lines]
>
>> Message: 2
> [Snip 75 lines] Message: 1
[Snip 37 lines]
>> Message: 1
[Snip 45 lines]
>> Message: 2
[Snip 49 lines]
>> Messag
On 07/04/2015 17:07, Matus UHLAR - fantomas wrote:
> On 06.04.15 15:19, Noel Butler wrote:
>
>> you need an allow-query and ACL, eg:
>
> No. Don't play with allow-query if it is supposed to be authoritative for
> any zones (unless those zones are internal).
>
' to
> bind-users-requ...@lists.isc.org
>
> You can reach the person managing the list at
> bind-users-ow...@lists.isc.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
> Today's Top
you need an allow-query and ACL, eg:
Assuming for example your LAN ip range is 192.168.0.0/24, then you would
use
for simplicity, at top of named.conf:
acl "trust" { localhost; 192.168.0.0/24; };
then in...
options {
allow-query { trust; };
allow-query-cache { trust; };
..
so what about named's syslog entries, most commonly found in daemon log
On 21/08/2014 10:59, Len Conrad wrote:
> uname -a
> FreeBSD rns1..net 10.0-RELEASE
>
> named -v
> BIND 9.10.0-P2
>
> this is a recursive-only NS restricted allowing recursive queries from
> "ournetworks" ACL
>
>
list :)
On 07/08/2014 08:40, Reindl Harald wrote:
> Am 07.08.2014 um 00:33 schrieb Noel Butler:
>
>> Apart from stupid SOA values, losscontrol360.com seems OK
>
> OK? the failing NS query is caused by the errors below
> this domain only works by luck from time to time
>
On 07/08/2014 06:03, Jared Empson wrote:
What our cache server receives:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38342
;; flags: qr ; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1280
;; QUESTION SECTION:
;losscontrol
On 12/07/2014 11:08, Mark Andrews wrote:
The real problem is humans. They like to tinker with files (hence
the subject line). There really shouldn't be a reason for anyone
to need to read slave database files. They are there so named can
have the zone content when it starts up rather than hav
On 27/06/2014 12:32, Teerapatr Kittiratanachai wrote:
Dear List,
Yesterday I try to map a private IP address on Public DNS Server, but
some server, actually 1 server, doesn't show the answer. But the Rcode
is 0.
So I already removed that record for now. Is it possible to set DNS
server for not s
On 12/06/2014 20:58, Tony Finch wrote:
Noel Butler wrote:
Does this also address the crazy amount of logging (as previously
discussed
here)?
If you mean the EDNS logging, that should be fixed in 9.10.1.
Tony.
Yes, this has been the talking point of town, for all wrong reasons
On 12/06/2014 08:04, mcna...@isc.org wrote:
In summary:
BIND 9.10.0-P2:
- fixes security issue CVE-2014-3859
- fixes issue from ISC Operational Notification of 4 June 2014
- includes other minor fixes
Michael,
Does this also address the crazy amount of logging (as previously
discussed here
On Sat, 2014-06-07 at 13:35 +1000, Edwardo Garcia wrote:
> Halo,
> in recent week we have see fill daemon_log of this errors, is way to
> fix?
> I do wrong?
>
>
you are doing nothing wrong, the idiot advertising fe80 is the one doing
it wrong
in the meantime you could add to your named.conf -
On Thu, 2014-06-05 at 12:18 -0400, Kevin Darcy wrote:
> Given the heated and bitter debates over the SPF record type (see
> http://www.ietf.org/mail-archive/web/dnsext/current/maillist.html,
> search "SPF", around August of last year), I'm thinking that "a couple
> years" probably translates i
Not a BSD user, but are you running any sort of extra security
enforcement toolsets?
PIE is IIRC, Position Independent Executable.
On Fri, 2014-06-06 at 19:27 -0400, Rick Dicaire wrote:
> Hi folks, in trying to update bind 9.8.7_15 on freebsd 8.4, I get the
> following:
>
>
>
> ...
> ==
On 04/05/2014 05:28, Jeremy C. Reed wrote:
It is at the "notice" severity level. The code says:
"We didn't get a OPT record in response to a EDNS query." and also says
"We need to drop/remove the logging here when we have more
experience."
Are you getting this debugging for EDNS-related probl
Hi,
U, since upgrade 9.9.5 to 9.10 every request to the name server is
spewing copious amounts of debug type data (thankfully I only upgraded
the one server)
named[23250]: received packet from 207.66.8.132#53 (no opt): ;;
->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20501 ;; flags:
OK here too.
On 03/05/2014 11:07, Evan Hunt wrote:
> On Fri, May 02, 2014 at 05:50:45PM -0700, mm half wrote:
>
>> I have downloaded bind-9.10.0.tar.gz from the ISC download site, imported in
>> the pgpkey2013.txt located at:
>> https://www.isc.org/downloads/software-support-policy/openpg
On 30/12/2013 22:17, Gaurav Kansal wrote:
> Hi Guys,
>
> In bind 9.9.4, Reponse-Rate Limit doesn't work until you configure bind with
> “—ENABLE-RRL” option.
>
> I was wondering why is it so ?
Because it can be detrimental to existing sites if configured wrongly,
its something not all si
On Fri, 2013-12-20 at 12:58 -0500, Thomas Schulz wrote:
>
> Well, we started with them back when they were the only company registering
> domain names. And up to now there were no problems (other than perhaps price).
>
and their highly unethical business practices, OK my experiences with
them
On 06/11/2013 18:52, babu dheen wrote:
Dear All,
I would like to integrate BIND DNS with Spamhaus Malware DB feed. But i
need clarity whether Spamhaus offers this feed for free or
subscription(cost) based?
If you want your local copy it will cost, and they charge like 20
counties of farms
On Tue, 2013-09-24 at 13:40 +, Vernon Schryver wrote:
> > From: Noel Butler
>
> > We used to run our int bl on bind, it was a resource hog compared to
> > rbldnsd
> > But there is no way in hell, I'd run rbldnsd on anything else other
> > than a BL,
On Mon, 2013-09-23 at 19:21 +, Vernon Schryver wrote:
> > > As a matter of interest, if one had a DNSBL with 5.5 million entries
> > > (i.e. 5.5 million IPs):
> > >
> > > 1) What needs to be done to rewrite that to a BIND zone?
> > > 2) What sort of machine would be required to load that zone
On Fri, 2013-09-20 at 14:12 +, Vernon Schryver wrote:
> > From: Shane Kerr
>
> > With a 50% packet loss and 3 retries you'll have about 1 in 16 lookups
> > fail, right? If you've got enough legitimate lookups going on to
> > trigger RRL then you're going to get lots of failures.
>
> If 6% i
Hi Shane,
On Fri, 2013-09-20 at 11:38 +0200, Shane Kerr wrote:
> Noel,
>
> On 2013-09-20 12:48:31 (Friday)
> Noel Butler wrote:
>
> > On Fri, 2013-09-20 at 01:59 +, Vernon Schryver wrote:
>
> > > > plenty of delayed mail - hostname lookup failures (mo
On Fri, 2013-09-20 at 01:59 +, Vernon Schryver wrote:
> > From: Noel Butler
>
> > now, I never ran it as patches, my policy is only use official upstream
> > sources, so my first play around was with 9.9.3.b2 I think it was.
>
> BIND 9.9.4 and its immediately pr
Hi Vernon,
On Thu, 2013-09-19 at 23:42 +, Vernon Schryver wrote:
> BIND RRL has had whitelisting for trusted DNS clients that send repeated
> DNS requests since early days, long before any version of BIND 9.9.4.
> Look for 'exempt-clients{address_match_list};' in either the ARM that
> comes w
On Thu, 2013-09-19 at 23:40 +, Evan Hunt wrote:
> On Fri, Sep 20, 2013 at 09:20:29AM +1000, Noel Butler wrote:
> > I have been using this since 9.9.4bx, and although documentation is/was
> > lacking at the time, so there might be a whitelisting somewhere , but in
> >
On Thu, 2013-09-19 at 16:04 -0700, Michael McNally wrote:
> New versions of BIND are now available from http://www.isc.org/downloads
>
New Features 9.9.4
Added Response Rate Limiting (RRL) functionality to reduce the
effectiveness of DNS as an amplifier for reflected denial-of-service
Barry,
On Thu, 2013-08-29 at 16:16 -0400, Barry Margolin wrote:
> In article ,
> Noel Butler wrote:
>
> > replying to ones self a few times in one day or a sign I need a break..
> > but...
> >
> > I think the issue is this
> >
> > Trying
Yeah, I went out for a bit, came back and fresh, decided to take another
look, I got no further than looking at my own confs and it clicked this
was an old bug, that _was_ fixed... I've updated my RT entry to reflect
that.
On Thu, 2013-08-29 at 07:47 +0100, Steven Carr wrote:
> I think the short
version.
On Thu, 2013-08-29 at 13:09 +1000, Noel Butler wrote:
> On Thu, 2013-08-29 at 11:52 +1000, Noel Butler wrote:
>
> > Hey Mark,
> >
> > Looks like it might be a bug, *BUT* a client utils bug, so I think
> > his server is likely fine, he's panicki
On Thu, 2013-08-29 at 11:52 +1000, Noel Butler wrote:
> Hey Mark,
>
> Looks like it might be a bug, *BUT* a client utils bug, so I think
> his server is likely fine, he's panicking over what's reported not
> what's actually going on, I'm sure its not the int
Hey Mark,
Looks like it might be a bug, *BUT* a client utils bug, so I think his
server is likely fine, he's panicking over what's reported not what's
actually going on, I'm sure its not the intended response to display so
I've just added bug rep on it, if you disagree, you can always nuke
it :)
On Sun, 2013-08-18 at 17:36 -0600, LuKreme wrote:
> On 18 Aug 2013, at 14:06 , Dave Warren wrote:
>
> > Change the zones from master to slave in your named.conf? There really
> > isn't much more to it than that, assuming you have a new authoritative
> > master is already configured and serving
On Sat, 2013-08-17 at 01:18 -0400, Alan Clegg wrote:
> On Aug 17, 2013, at 12:42 AM, LuKreme wrote:
>
> > [...] I could not get the slave to do anything other than post errors and
> > refuse to start. Usually they were along the lines of not being able to
> > bind to port 953 or of not being a
On Sun, 2013-08-04 at 13:28 -0700, Eduardo Bonsi wrote:
> Hello Everyone,
>
> I have some questions about ipV6 transition and DNS configuration!
>
> I am preparing to make my transition to a dual stack ipv4, ipv6 and I
> have some concerns in regards to the security of the network since ipv6
>
On Mon, 2013-07-22 at 08:50 -0500, Barry S. Finkel wrote:
> > This was discussed here already, and imho this is anti-spf bullshit like
> > all those "spf breaks forwarding" FUD. The SPF RR is already here and is
> > preferred over TXT that is generik RR type, unlike SPF.
>
>
> It is not Fear, Un
On Mon, 2013-07-22 at 02:51 -0400, Jason Hellenthal wrote:
> It's exactly as it says...
>
>
> Instead of
> ... TXT "SPF ..."
>
>
> You now do
>
>
> ... SPF "SPF ..."
>
>
Mark Andrews wrote:
No. It has a legacy SPF TXT record. It SHOULD have record of
type SPF as per RFC 4408.
Named w
On Fri, 2013-07-12 at 16:31 +, Vernon Schryver wrote:
> Patches for both of those versions of RPZ speed improvements for some
> BIND9 releases can be with the BIND RRL patches by following the link
> labeled "Patch files for BIND9" on http://www.redbarn.org/dns/ratelimits
>
> Both of those
On Fri, 2013-06-28 at 13:57 -0400, Novosielski, Ryan wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> The short answer is "some software once cared." Does it still now, I'm
> not sure. But we do it.
SMTP does, IRC does
signature.asc
Description: This is a digitally signed messag
On Wed, 2013-05-08 at 13:59 -0400, Chip Marshall wrote:
> On 2013-05-08, Steven Carr sent:
> > Any chance someone can correct the settings on this mailing
> > list to reply to the list by default instead of the user
> > posting the message?
>
> I'd argue the settings are already correct. Having
On Wed, 2013-05-08 at 13:59 -0400, Chip Marshall wrote:
> On 2013-05-08, Steven Carr sent:
> > Any chance someone can correct the settings on this mailing
> > list to reply to the list by default instead of the user
> > posting the message?
>
> I'd argue the settings are already correct. Having
On Tue, 2013-04-30 at 17:04 -0500, Pascal wrote:
> Dig 9.9 consistently gives me "FORMERR" against NetWare DNS servers.
> Previous versions worked fine. Suggestions on how to figure out if the
> bug is in Dig or NetWare?
>
> -Pascal
>
> O:\Documents and Settings\admin\dig\9.9.2-P2>dig www.
On Tue, 2013-04-30 at 22:07 +0100, Steven Carr wrote:
> You asked this question a few weeks ago.
>
> Patch BIND to include the RRL (Response Rate Limiting) patches
> (http://www.redbarn.org/dns/ratelimits), blackhole/ignore those
> clients requesting.
>
Many people will not compromise critical
Sign them for longer, I typically use 90 days
On Thu, 2013-04-11 at 12:14 +, hugo hugoo wrote:
> Hello,
>
> Can anyone tell me why signatures in dnssec mut be renewed every 30
> days?
> What are the modifications made on a zone with a resign?
>
> Thanks in advance for the clarifications.
>
On Fri, 2013-04-05 at 08:51 +0200, Torsten Segner wrote:
> $TTL 43200
> @ IN SOA a.prim-ns.de. hostmaster.de.easynet.net. (
> 2012041802 ;
> 28800 ;
> 7200;
> 604800 ;
>
On Tue, 2013-04-02 at 14:16 -0700, Chris Buxton wrote:
> Can anyone explain this to me?
>
> If a name exists in the response policy, and also exists in the real Internet
> namespace, the value from the policy is returned. But if it doesn't exist out
> on the Internet, then the value is not retu
On Mon, 2013-04-01 at 15:03 +1100, Mark Andrews wrote:
> In message <1364786722.6226.2.camel@tardis>, Noel Butler writes:
> >
> > On Mon, 2012-11-05 at 21:21 +1100, Mark Andrews wrote:
> >
> >
> > >
> > > Ignore them. The
On Mon, 2012-11-05 at 21:21 +1100, Mark Andrews wrote:
>
> Ignore them. They will be addressed in the next maintenance release.
>
it was, but now seems to have reared its ugly head again in 9.9.2-p2
Apr 1 12:20:35 fox named[589]: RSA_verify failed
Apr 1 12:20:35 fox named[589]: error:040
On Mon, 2013-03-18 at 16:52 -0700, SM wrote:
> SPF RR type
Had a bit of a read of that thread, and the most noise comes from a guy
who should know better, but doesn't, Mr Kitterman repeatedly says "If
it's all so obvious that it makes sense to publish SPF records, why
aren't more people doing
> Vernon Schryver writes:
> > > to laziness, DNS is not rocket science, I'm sure given ARM and
> access to
> > > google, a 13yo kid could get at least the "basics" right.
> >
> > Laziness?--nonsense. Postel's Law and simple logic predict the
truth hurts eh.
Didn't see your original post, vi
On Thu, 2013-03-14 at 17:29 +1000, Noel Butler wrote:
> On Wed, 2013-03-13 at 19:33 -0700, Dave Warren wrote:
>
> > On 3/13/2013 17:11, Noel Butler wrote:
> >
> >
> > > On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote:
> > >
> > > >
On Wed, 2013-03-13 at 19:33 -0700, Dave Warren wrote:
> On 3/13/2013 17:11, Noel Butler wrote:
>
> >
> > On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote:
> >
> > > I almost wouldn't bother with SPF records these days though, except th
On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote:
>
> I almost wouldn't bother with SPF records these days though, except that
> the code was already written.
>
# grep SPF maillog |grep -c '\-all'
2438
# grep SPF maillog |grep -c '\~all'
7509
since midnight Sunday...
looks like its wor
apparently you have no comprehension of OFF TOPIC
I stopped reading at about the half dozen words because you once again
went off on your OFF TOPIC rants.
But each to our own, you hate it, many stand by it, its only fools like
you who cant accept that, thats your problem not mine.
Given that y
On Mon, 2013-02-18 at 16:07 -0600, Lyle Giese wrote:
>
> Recently I moved this domain(lcrcomputer.net) to a registrar that
> suports DNSSEC and inserted the DS record for this domain. I checked
> DNSSEC via http://dnsviz.net and
> http://dnssec-debugger.verisignlabs.com. Both show DNSSEC is w
Thanks Shane,
I have re-applied previous changes to source files and that has silenced
them again in meantime.
Cheers
Noel
On Thu, 2012-12-06 at 17:05 +0100, Shane Kerr wrote:
> Noel,
>
> On Thursday, 2012-12-06 11:03:24 +1000,
> Noel Butler wrote:
> > Hi Shane, Mark, Ev
6 10:50:09 ns1 named[9671]: sucessfully validated after lower
casing signer 'CO'
> --
> Shane Kerr
> ISC
>
> On Saturday, 2012-10-13 11:07:01 +1000,
> Noel Butler wrote:
> > Thanks Mark,
> >
> > These changes have been committed for future pa
On Wed, 2012-12-05 at 10:23 +0100, Daniele Imbrogino wrote:
> /etc/bind/named.conf.option
WTF is that file? it certainly is not an ISC named file.
if you are using some butchered to buggery distros file, please ask on
your distros mailing list
we are not to know what that file contains, or exp
On Wed, 2012-12-05 at 09:13 +, Phil Mayers wrote:
> On 12/04/2012 06:35 PM, Barry S. Finkel wrote:
>
> > A question from the OP that has not yet been answered -
> > Make the zones masters on all servers.
>
> Surely not for RPZ? The whole point with RPZ is that you have one zone
> containing
On Thu, 2012-11-29 at 13:35 +0100, Carsten Strotmann wrote:
> Hello Alexander,
>
> Alexander Gurvitz writes:
>
> > Carsten,
> >
> > The script in my original question (it's in the P.S. at the bottom of
> > my first mail) seem to work for me.
>
> Ahh, thanks, my Emacs was hiding that :)
>
>
On Tue, 2012-10-16 at 15:35 -0700, Alan Clegg wrote:
>
> You can still find it at ISC:
> http://www.isc.org/files/DNSSEC_in_6_minutes.pdf
>
> It is a bit long in the tooth. I'll be updating it soon to cover the work
> done by ISC in BIND 9.9
>
> All are welcome to propose titles for this n
On Tue, 2012-10-16 at 22:07 +0800, babu dheen wrote:
> Dear All,
>
> I am new to DNSSEC. I need your valuable help to understand and
> configure DNSSEC on my company Name servers.
>
> All users in our company using internal DNS server for name
> resolution. All internal DNS server are pointed t
Thanks Mark,
These changes have been committed for future patch releases?
Cheers
On Fri, 2012-10-12 at 12:16 +1100, Mark Andrews wrote:
>
> Just drop the log level to ISC_LOG_DEBUG(1) and recompile.
>
> Search for "sucessfully validated after lower casing" in lib/dns/dnssec.c
>
signat
On Wed, 2012-10-10 at 18:44 +, Evan Hunt wrote:
> > BIND 9.7.7, 9.8.4 and 9.9.2 have "improved" OpenSSL error logging.
> > Unfortunately, our logs are now filling up with "RSA_verify failed"
> > messages.
>
> Yeah, oops, we made that one too noisy. You're not the first one
> who's noticed. :
On Fri, 2012-04-27 at 16:18 +0200, Benny Pedersen wrote:
>
>
What you did is just as bad
If you need a list moderator there are appropriate addresses to send
your messages to, directly to the list is NOT one of them
The information you desire can be obtained from
On Tue, 2012-03-06 at 08:23 +1100, Mark Andrews wrote:
> In message , hugo hugoo writes:
> >
> > Dear all,
> >
> > Can anyone help me with its experience on reverse dns for IPV6?
> > Presently, when we reverse an IPV4 subnet for clients, we configure all=
> > the reverse for the whole subnet.
On Fri, 2012-02-24 at 11:02 -0500, Bill Owens wrote:
> I haven't heard of NS supporting DNSSEC, and there haven't been any good
> resources to find a registrar who *does*, but this popped up recently:
>
> http://www.icann.org/en/topics/dnssec/deploy-en.htm
>
> . . . and NS isn't on that list.
On Sun, 2012-02-19 at 17:00 +0100, ml wrote:
>
> fakessh.eu descriptive text "spf2.0/pra ip4:46.105.34.177
> ip4:91.121.7.86 ?all"
> fakessh.eu descriptive text "v=spf1 ip4:46.105.34.177 ip4:91.121.7.86
> ?all"
>
Why did you bother with the record at all?
"Question mark" indicat
On Sat, 2012-02-18 at 12:34 -0500, Jonathan Vomacka wrote:
> If someone uses a mobile device to send e-mail? Would ~all be better? I
Teach them to use smtp authentication using submission (port 587 stuff)
and it doesn't matter where they come from, so long as your MTA is
configured correctly of
On Sat, 2012-02-18 at 11:51 -0500, Jonathan Vomacka wrote:
> BIND Community Support,
>
> I am inquiring about how to setup a proper SPF record? I know there are
> SPF wizards/generators available but each seem to have a different
> "opinion" of what should be included and what should not be inc
1 - 100 of 146 matches
Mail list logo