Re: Question related to domain names and less to bind straight.
At 22:04 04-09-2012, Eliezer Croitoru wrote: I am working on a blacklist and in order to filter the list and to do some Error checks I first want to identify the TLD part of the domain to make the search prefix at least of the domain and not the tld. the basic list exists at: http://data.iana.org/TLD/tlds-alpha-by-domain.txt But in a case of a regional tld such as il I want to filter the domain in the second 3rd level. is there an rfc that talks about regional tld? No. is there any known restriction for regional tlds sub-domains naming? It's ccTLD policy. See the public suffix list for an informal lower level break-down. Regards, -sm ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Question related to domain names and less to bind straight.
Hello Eliezer, Not an RFC, but you may find this list helpful: http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat?raw=1 Cheers, Doron On Wed, Sep 5, 2012 at 8:04 AM, Eliezer Croitoru elie...@ngtech.co.ilwrote: I am working on a blacklist and in order to filter the list and to do some Error checks I first want to identify the TLD part of the domain to make the search prefix at least of the domain and not the tld. the basic list exists at: http://data.iana.org/TLD/tlds-** alpha-by-domain.txt http://data.iana.org/TLD/tlds-alpha-by-domain.txt But in a case of a regional tld such as il I want to filter the domain in the second 3rd level. is there an rfc that talks about regional tld? is there any known restriction for regional tlds sub-domains naming? like: under il tld there will be only the domains: net,gov,co.. etc ? Thanks, Eliezer -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer at ngtech.co.il __**_ Please visit https://lists.isc.org/mailman/**listinfo/bind-usershttps://lists.isc.org/mailman/listinfo/bind-usersto unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/**listinfo/bind-usershttps://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Question related to domain names and less to bind straight.
On 09/05/2012 07:31 AM, Doron Shikmoni wrote: Hello Eliezer, Not an RFC, but you may find this list helpful: http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat?raw=1 See also: http://publicsuffix.org/ http://www.dkim-reputation.org/regdom-libs/ ...which are more generalised versions. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Sunos 5.8 Error:EDNS not supported by your namesever
Hi When I enter the query for the client in the RIPE DataBase for the Reverse DNS ,the Error getting is EDNS not supported by ***.**.**.** EDNS is an extension to the DNS protocol. The major change is that the 512-byte size limit of the query/answer packet has been removed, which allows more information to be provided. EDNS is essential for newer protocols and technologies (such as DNSSEC and IPv6) that requires larger packet sizes. Please let me know what to do to resolve the issue -- syedhaq ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Question related to domain names and less to bind straight.
On Wed, Sep 05, 2012 at 07:51:05AM +0100, Phil Mayers p.may...@imperial.ac.uk wrote a message of 18 lines which said: See also: http://publicsuffix.org/ And remember it is unofficial, not perfectly maintained and has several holes. It's OK if you accept a few misclassifications. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sunos 5.8 Error:EDNS not supported by your namesever
In message cajw6aqc1eapdkaz+7ef2kn5c7zgzadwmxuk1bqdyrrgczog...@mail.gmail.com, syed haq writes: Hi When I enter the query for the client in the RIPE DataBase for the Reverse DNS ,the Error getting is EDNS not supported by ***.**.**.** EDNS is an extension to the DNS protocol. The major change is that the 512-byte size limit of the query/answer packet has been removed, which allows more information to be provided. EDNS is essential for newer protocols and technologies (such as DNSSEC and IPv6) that requires larger packet sizes. Please let me know what to do to resolve the issue 1) Make sure your firewall passes EDNS packets both in and out. 2) Run a nameserver that supports EDNS. Since you are asking here, if you run BIND 9 (or a late BIND 8) your nameserver supports EDNS. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sunos 5.8 Error:EDNS not supported by your namesever
On Wed, Sep 05, 2012 at 10:01:45AM +0300, syed haq smu...@gmail.com wrote a message of 66 lines which said: EDNS not supported by ***.**.**.** 1) Test your name server to be sure the diagnostic is correct: dig +bufsize=4096 @YOUR-NAME-SERVER SOA YOUR-DOMAIN You should get in the answer something like: ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 (To test with a non-EDNS name server, 'dig +bufsize=4096 @uz5dz39x8xk8wyq3dzn7vpt670qmvzx0zd9zg4ldwldkv6kx9ft090.ns.yp.to SOA yp.to' and with a EDNS name server 'dig +bufsize=4096 @f.ext.nic.fr SOA fr' so you can see the difference) 2) BIND supports EDNS for so long that everyone forget when it was included. So, it is unlikely it is the fault of your name server. If your name server does not support EDNS, it probably means there is a broken middlebox (firewall or something like that: most are configured by ignorants, specially when it comes to the DNS) that you have to fix. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sunos 5.8 Error:EDNS not supported by your namesever
the error is dig not found On Wed, Sep 5, 2012 at 10:17 AM, Stephane Bortzmeyer bortzme...@nic.frwrote: On Wed, Sep 05, 2012 at 10:01:45AM +0300, syed haq smu...@gmail.com wrote a message of 66 lines which said: EDNS not supported by ***.**.**.** 1) Test your name server to be sure the diagnostic is correct: dig +bufsize=4096 @YOUR-NAME-SERVER SOA YOUR-DOMAIN You should get in the answer something like: ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 (To test with a non-EDNS name server, 'dig +bufsize=4096 @uz5dz39x8xk8wyq3dzn7vpt670qmvzx0zd9zg4ldwldkv6kx9ft090.ns.yp.to SOA yp.to' and with a EDNS name server 'dig +bufsize=4096 @f.ext.nic.fr SOA fr' so you can see the difference) 2) BIND supports EDNS for so long that everyone forget when it was included. So, it is unlikely it is the fault of your name server. If your name server does not support EDNS, it probably means there is a broken middlebox (firewall or something like that: most are configured by ignorants, specially when it comes to the DNS) that you have to fix. -- syedhaq ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sunos 5.8 Error:EDNS not supported by your namesever
In message 20120905071700.ga2...@nic.fr, Stephane Bortzmeyer writes: On Wed, Sep 05, 2012 at 10:01:45AM +0300, syed haq smu...@gmail.com wrote a message of 66 lines which said: EDNS not supported by ***.**.**.** 1) Test your name server to be sure the diagnostic is correct: dig +bufsize=4096 @YOUR-NAME-SERVER SOA YOUR-DOMAIN You should get in the answer something like: ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 (To test with a non-EDNS name server, 'dig +bufsize=4096 @uz5dz39x8xk8wyq3dzn7vpt670qmvzx0zd9zg4ldwldkv6kx9ft090.ns.yp.to SOA yp.to' and with a EDNS name server 'dig +bufsize=4096 @f.ext.nic.fr SOA fr' so you can see the difference) 2) BIND supports EDNS for so long that everyone forget when it was included. So, it is unlikely it is the fault of your name server. If your name server does not support EDNS, it probably means there is a broken middlebox (firewall or something like that: most are configured by ignorants, specially when it comes to the DNS) that you have to fix. SunOS 5.8 is ancient (12+ year old)and no longer supported by Oracle. I can't remember which version of BIND 8, SunOS 5.8 shipped with but it wasn't a recent version at the time. Named will most probably have to be replaced. He can compile a modern version of BIND 9 or down load a prebuilt version. It looks like unixpackages.com has a prebuilt package but I'm not going to subscribe to confirm. Alternatively the OS could be upgraded to a more recent release or the entire machine could be replaced. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sunos 5.8 Error:EDNS not supported by your namesever
thank That means EDNS is not supported by that var of SunOS ,can you give me the commands for checking the ENDS,BIND version in sunos On Wed, Sep 5, 2012 at 10:54 AM, Mark Andrews ma...@isc.org wrote: In message 20120905071700.ga2...@nic.fr, Stephane Bortzmeyer writes: On Wed, Sep 05, 2012 at 10:01:45AM +0300, syed haq smu...@gmail.com wrote a message of 66 lines which said: EDNS not supported by ***.**.**.** 1) Test your name server to be sure the diagnostic is correct: dig +bufsize=4096 @YOUR-NAME-SERVER SOA YOUR-DOMAIN You should get in the answer something like: ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 (To test with a non-EDNS name server, 'dig +bufsize=4096 @uz5dz39x8xk8wyq3dzn7vpt670qmvzx0zd9zg4ldwldkv6kx9ft090.ns.yp.to SOA yp.to' and with a EDNS name server 'dig +bufsize=4096 @f.ext.nic.fr SOA fr' so you can see the difference) 2) BIND supports EDNS for so long that everyone forget when it was included. So, it is unlikely it is the fault of your name server. If your name server does not support EDNS, it probably means there is a broken middlebox (firewall or something like that: most are configured by ignorants, specially when it comes to the DNS) that you have to fix. SunOS 5.8 is ancient (12+ year old)and no longer supported by Oracle. I can't remember which version of BIND 8, SunOS 5.8 shipped with but it wasn't a recent version at the time. Named will most probably have to be replaced. He can compile a modern version of BIND 9 or down load a prebuilt version. It looks like unixpackages.com has a prebuilt package but I'm not going to subscribe to confirm. Alternatively the OS could be upgraded to a more recent release or the entire machine could be replaced. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- syedhaq ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sunos 5.8 Error:EDNS not supported by your namesever
On Wed, Sep 05, 2012 at 11:11:43AM +0300, syed haq smu...@gmail.com wrote a message of 134 lines which said: That means EDNS is not supported by that var of SunOS ,can you give me the commands for checking the ENDS,BIND version in sunos I already gave them (dig). You simply cannot expect to solve *any* DNS problem without dig (or an equivalent like drill). Install it before anything (it does not have to run on the name server, any stupid Linux box has dig). ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sunos 5.8 Error:EDNS not supported by your namesever
Hi shoul I need to add any statement in the bind to activate the EDNS0, Where do I find this EDNS statement in Sunos On Wed, Sep 5, 2012 at 11:24 AM, Stephane Bortzmeyer bortzme...@nic.frwrote: On Wed, Sep 05, 2012 at 11:11:43AM +0300, syed haq smu...@gmail.com wrote a message of 134 lines which said: That means EDNS is not supported by that var of SunOS ,can you give me the commands for checking the ENDS,BIND version in sunos I already gave them (dig). You simply cannot expect to solve *any* DNS problem without dig (or an equivalent like drill). Install it before anything (it does not have to run on the name server, any stupid Linux box has dig). -- syedhaq ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sunos 5.8 Error:EDNS not supported by your namesever
In message cajw6aqbk-ypt7bcuzy+vovy3bda2gjg7yzz792zf6xpmf6r...@mail.gmail.com , syed haq writes: Hi shoul I need to add any statement in the bind to activate the EDNS0, Where do I find this EDNS statement in Sunos This is like you have a car with a plain AM/FM radio and you need to replace the radio with a new one that supports AF/FM/CD/Bluetooth/phono jack/Satellite Radio etc. You can replace just the radio (named) or you can get yourself a whole new car (OS/machine) which most probably gets better mileage (draws less power) and has lots of other features you need. http://en.wikipedia.org/wiki/Extension_mechanisms_for_DNS http://tools.ietf.org/html/rfc2671 On Wed, Sep 5, 2012 at 11:24 AM, Stephane Bortzmeyer bortzme...@nic.frwrote : On Wed, Sep 05, 2012 at 11:11:43AM +0300, syed haq smu...@gmail.com wrote a message of 134 lines which said: That means EDNS is not supported by that var of SunOS ,can you give me the commands for checking the ENDS,BIND version in sunos I already gave them (dig). You simply cannot expect to solve *any* DNS problem without dig (or an equivalent like drill). Install it before anything (it does not have to run on the name server, any stupid Linux box has dig). -- syedhaq --e89a8fb1f806b4386f04c8f3bc20 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable div dir=3DltrHidivshoul I need to add any statement in the bind to ac= tivate the EDNS0,/divdivbr/divdivWhere do I find this EDNS statem= ent in Sunos/divdivbrbrdiv class=3Dgmail_quoteOn Wed, Sep 5, 20= 12 at 11:24 AM, Stephane Bortzmeyer span dir=3Dltrlt;a href=3Dmailto= :bortzme...@nic.fr target=3D_blankbortzme...@nic.fr/agt;/span wrot= e:br blockquote class=3Dgmail_quote style=3Dmargin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1exOn Wed, Sep 05, 2012 at 11:11:43AM +0300,br= =A0syed haq lt;a href=3Dmailto:smu...@gmail.com;smu...@gmail.com/agt= ; wrotebr div class=3Dim=A0a message of 134 lines which said:br br gt; That means EDNS is not supported by that var of SunOS ,can you givebr= gt; me the commands for checking the ENDS,BIND version in sunosbr br /divI already gave them (dig). You simply cannot expect to solve *any* DN= Sbr problem without dig (or an equivalent like drill). Install it beforebr anything (it does not have to run on the name server, any stupid Linuxbr box has dig).br br /blockquote/divbrbr clear=3Dalldivbr/div-- brsyedhaqbr /div/div --e89a8fb1f806b4386f04c8f3bc20-- --===3060930226779768695== Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users --===3060930226779768695==-- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sunos 5.8 Error:EDNS not supported by your namesever
Thanks , what if I replaced named,will EDNS starts supporting my server ? On Wed, Sep 5, 2012 at 4:14 PM, Mark Andrews ma...@isc.org wrote: In message cajw6aqbk-ypt7bcuzy+vovy3bda2gjg7yzz792zf6xpmf6r...@mail.gmail.com , syed haq writes: Hi shoul I need to add any statement in the bind to activate the EDNS0, Where do I find this EDNS statement in Sunos This is like you have a car with a plain AM/FM radio and you need to replace the radio with a new one that supports AF/FM/CD/Bluetooth/phono jack/Satellite Radio etc. You can replace just the radio (named) or you can get yourself a whole new car (OS/machine) which most probably gets better mileage (draws less power) and has lots of other features you need. http://en.wikipedia.org/wiki/Extension_mechanisms_for_DNS http://tools.ietf.org/html/rfc2671 On Wed, Sep 5, 2012 at 11:24 AM, Stephane Bortzmeyer bortzme...@nic.fr wrote : On Wed, Sep 05, 2012 at 11:11:43AM +0300, syed haq smu...@gmail.com wrote a message of 134 lines which said: That means EDNS is not supported by that var of SunOS ,can you give me the commands for checking the ENDS,BIND version in sunos I already gave them (dig). You simply cannot expect to solve *any* DNS problem without dig (or an equivalent like drill). Install it before anything (it does not have to run on the name server, any stupid Linux box has dig). -- syedhaq --e89a8fb1f806b4386f04c8f3bc20 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable div dir=3DltrHidivshoul I need to add any statement in the bind to ac= tivate the EDNS0,/divdivbr/divdivWhere do I find this EDNS statem= ent in Sunos/divdivbrbrdiv class=3Dgmail_quoteOn Wed, Sep 5, 20= 12 at 11:24 AM, Stephane Bortzmeyer span dir=3Dltrlt;a href=3Dmailto= :bortzme...@nic.fr target=3D_blankbortzme...@nic.fr/agt;/span wrot= e:br blockquote class=3Dgmail_quote style=3Dmargin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1exOn Wed, Sep 05, 2012 at 11:11:43AM +0300,br= =A0syed haq lt;a href=3Dmailto:smu...@gmail.com;smu...@gmail.com /agt= ; wrotebr div class=3Dim=A0a message of 134 lines which said:br br gt; That means EDNS is not supported by that var of SunOS ,can you givebr= gt; me the commands for checking the ENDS,BIND version in sunosbr br /divI already gave them (dig). You simply cannot expect to solve *any* DN= Sbr problem without dig (or an equivalent like drill). Install it beforebr anything (it does not have to run on the name server, any stupid Linuxbr box has dig).br br /blockquote/divbrbr clear=3Dalldivbr/div-- brsyedhaqbr /div/div --e89a8fb1f806b4386f04c8f3bc20-- --===3060930226779768695== Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users --===3060930226779768695==-- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- syedhaq ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sunos 5.8 Error:EDNS not supported by your namesever
In message CAJw6AQAD8=aLjPife+z_N5uHqaQ99wuJU=m4nanq_k3exkz...@mail.gmail.com , syed haq writes: Thanks , what if I replaced named,will EDNS starts supporting my server ? If you replace it with a version that supports EDNS. All versions of BIND 9 support EDNS. A modern version of BIND 9 should compile on SunOS 5.8 but it has been several years since we last tested this. You are running a really old OS. On Wed, Sep 5, 2012 at 4:14 PM, Mark Andrews ma...@isc.org wrote: In message cajw6aqbk-ypt7bcuzy+vovy3bda2gjg7yzz792zf6xpmf6r...@mail.gmail.com , syed haq writes: Hi shoul I need to add any statement in the bind to activate the EDNS0, Where do I find this EDNS statement in Sunos This is like you have a car with a plain AM/FM radio and you need to replace the radio with a new one that supports AF/FM/CD/Bluetooth/phono jack/Satellite Radio etc. You can replace just the radio (named) or you can get yourself a whole new car (OS/machine) which most probably gets better mileage (draws less power) and has lots of other features you need. http://en.wikipedia.org/wiki/Extension_mechanisms_for_DNS http://tools.ietf.org/html/rfc2671 On Wed, Sep 5, 2012 at 11:24 AM, Stephane Bortzmeyer bortzme...@nic.fr wrote : On Wed, Sep 05, 2012 at 11:11:43AM +0300, syed haq smu...@gmail.com wrote a message of 134 lines which said: That means EDNS is not supported by that var of SunOS ,can you give me the commands for checking the ENDS,BIND version in sunos I already gave them (dig). You simply cannot expect to solve *any* DNS problem without dig (or an equivalent like drill). Install it before anything (it does not have to run on the name server, any stupid Linux box has dig). -- syedhaq --e89a8fb1f806b4386f04c8f3bc20 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable div dir=3DltrHidivshoul I need to add any statement in the bind to ac= tivate the EDNS0,/divdivbr/divdivWhere do I find this EDNS statem= ent in Sunos/divdivbrbrdiv class=3Dgmail_quoteOn Wed, Sep 5, 20= 12 at 11:24 AM, Stephane Bortzmeyer span dir=3Dltrlt;a href=3Dmailto= :bortzme...@nic.fr target=3D_blankbortzme...@nic.fr/agt;/span wrot= e:br blockquote class=3Dgmail_quote style=3Dmargin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1exOn Wed, Sep 05, 2012 at 11:11:43AM +0300,br= =A0syed haq lt;a href=3Dmailto:smu...@gmail.com;smu...@gmail.com /agt= ; wrotebr div class=3Dim=A0a message of 134 lines which said:br br gt; That means EDNS is not supported by that var of SunOS ,can you givebr= gt; me the commands for checking the ENDS,BIND version in sunosbr br /divI already gave them (dig). You simply cannot expect to solve *any* DN= Sbr problem without dig (or an equivalent like drill). Install it beforebr anything (it does not have to run on the name server, any stupid Linuxbr box has dig).br br /blockquote/divbrbr clear=3Dalldivbr/div-- brsyedhaqbr /div/div --e89a8fb1f806b4386f04c8f3bc20-- --===3060930226779768695== Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users --===3060930226779768695==-- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- syedhaq --e89a8fb206e6d442ce04c8f43259 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable div dir=3DltrThanks ,divbr/divdivwhat if I replaced named,will = EDNS starts supporting my server ?brbrdiv class=3Dgmail_quoteOn Wed= , Sep 5, 2012 at 4:14 PM, Mark Andrews span dir=3Dltrlt;a href=3Dmai= lto:ma...@isc.org target=3D_blankma...@isc.org/agt;/span wrote:br= blockquote class=3Dgmail_quote style=3Dmargin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1exbr In message lt;a href=3Dmailto:CAJw6AQBk-YpT7BcUzY%2BVOvy3bDA2GJg7yzz792z= f6xpmf6r...@mail.gmail.comCAJw6AQBk-YpT7BcUzY+VOvy3bDA2GJg7yzz792zf6XPmF6= r...@mail.gmail.com/agt;br div class=3Dim, syed haq writes:br gt;br gt; Hibr gt; shoul I need to add any statement in the bind to activate the EDNS0,b= r gt;br gt; Where do I find this EDNS statement in Sunosbr br /divThis is like you have a car with a plain AM/FM radio and you needbr to replace the radio with a new one that supports AF/FM/CD/Bluetooth/phono= br jack/Satellite Radio etc. =A0You can replace just the radio (named)br or you can get yourself a whole new car
Re: Sunos 5.8 Error:EDNS not supported by your namesever
That means I need to completely upgrade the OS to make the EDNS support On Wed, Sep 5, 2012 at 4:24 PM, Mark Andrews ma...@isc.org wrote: In message CAJw6AQAD8=aLjPife+z_N5uHqaQ99wuJU= m4nanq_k3exkz...@mail.gmail.com , syed haq writes: Thanks , what if I replaced named,will EDNS starts supporting my server ? If you replace it with a version that supports EDNS. All versions of BIND 9 support EDNS. A modern version of BIND 9 should compile on SunOS 5.8 but it has been several years since we last tested this. You are running a really old OS. On Wed, Sep 5, 2012 at 4:14 PM, Mark Andrews ma...@isc.org wrote: In message cajw6aqbk-ypt7bcuzy+vovy3bda2gjg7yzz792zf6xpmf6r...@mail.gmail.com , syed haq writes: Hi shoul I need to add any statement in the bind to activate the EDNS0, Where do I find this EDNS statement in Sunos This is like you have a car with a plain AM/FM radio and you need to replace the radio with a new one that supports AF/FM/CD/Bluetooth/phono jack/Satellite Radio etc. You can replace just the radio (named) or you can get yourself a whole new car (OS/machine) which most probably gets better mileage (draws less power) and has lots of other features you need. http://en.wikipedia.org/wiki/Extension_mechanisms_for_DNS http://tools.ietf.org/html/rfc2671 On Wed, Sep 5, 2012 at 11:24 AM, Stephane Bortzmeyer bortzme...@nic.fr wrote : On Wed, Sep 05, 2012 at 11:11:43AM +0300, syed haq smu...@gmail.com wrote a message of 134 lines which said: That means EDNS is not supported by that var of SunOS ,can you give me the commands for checking the ENDS,BIND version in sunos I already gave them (dig). You simply cannot expect to solve *any* DNS problem without dig (or an equivalent like drill). Install it before anything (it does not have to run on the name server, any stupid Linux box has dig). -- syedhaq --e89a8fb1f806b4386f04c8f3bc20 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable div dir=3DltrHidivshoul I need to add any statement in the bind to ac= tivate the EDNS0,/divdivbr/divdivWhere do I find this EDNS statem= ent in Sunos/divdivbrbrdiv class=3Dgmail_quoteOn Wed, Sep 5, 20= 12 at 11:24 AM, Stephane Bortzmeyer span dir=3Dltrlt;a href=3Dmailto= :bortzme...@nic.fr target=3D_blankbortzme...@nic.fr /agt;/span wrot= e:br blockquote class=3Dgmail_quote style=3Dmargin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1exOn Wed, Sep 05, 2012 at 11:11:43AM +0300,br= =A0syed haq lt;a href=3Dmailto:smu...@gmail.com;smu...@gmail.com /agt= ; wrotebr div class=3Dim=A0a message of 134 lines which said:br br gt; That means EDNS is not supported by that var of SunOS ,can you givebr= gt; me the commands for checking the ENDS,BIND version in sunosbr br /divI already gave them (dig). You simply cannot expect to solve *any* DN= Sbr problem without dig (or an equivalent like drill). Install it beforebr anything (it does not have to run on the name server, any stupid Linuxbr box has dig).br br /blockquote/divbrbr clear=3Dalldivbr/div-- brsyedhaqbr /div/div --e89a8fb1f806b4386f04c8f3bc20-- --===3060930226779768695== Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users --===3060930226779768695==-- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- syedhaq --e89a8fb206e6d442ce04c8f43259 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable div dir=3DltrThanks ,divbr/divdivwhat if I replaced named,will = EDNS starts supporting my server ?brbrdiv class=3Dgmail_quoteOn Wed= , Sep 5, 2012 at 4:14 PM, Mark Andrews span dir=3Dltrlt;a href=3Dmai= lto:ma...@isc.org target=3D_blankma...@isc.org/agt;/span wrote:br= blockquote class=3Dgmail_quote style=3Dmargin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1exbr In message lt;a href=3Dmailto: CAJw6AQBk-YpT7BcUzY%2BVOvy3bDA2GJg7yzz792z= f6xpmf6r...@mail.gmail.com CAJw6AQBk-YpT7BcUzY+VOvy3bDA2GJg7yzz792zf6XPmF6= r...@mail.gmail.com/agt;br div class=3Dim, syed haq writes:br gt;br gt; Hibr gt; shoul I need to add any statement in the bind to activate the EDNS0,b= r gt;br gt; Where do I find this
Re: Sunos 5.8 Error:EDNS not supported by your namesever
On Wed, Sep 05, 2012 at 04:29:25PM +0300, syed haq smu...@gmail.com wrote a message of 769 lines which said: That means I need to completely upgrade the OS to make the EDNS support Personal opinion: you need to follow a serious Unix sysadmin training first. From your messages, it seems you are a beginner. May I suggest that you leave this matter to a more experienced colleague, while you learn system administration? And I repeat myself: dig is a pre-requisite. Without it, you won't even be able to *test* if your name server now supports EDNS. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sunos 5.8 Error:EDNS not supported by your namesever
You dont need to upgrade the OS to get EDNS support. If you get a current version of Bind compiled and running in your actual system, you will be good to go. People are just reminding you that Oracle no longer support Solaris 5.8, upgrading the system is up to you, but not necessary in from Bind point of view. Regards, 2012/9/5 syed haq smu...@gmail.com: That means I need to completely upgrade the OS to make the EDNS support On Wed, Sep 5, 2012 at 4:24 PM, Mark Andrews ma...@isc.org wrote: In message CAJw6AQAD8=aLjPife+z_N5uHqaQ99wuJU=m4nanq_k3exkz...@mail.gmail.com , syed haq writes: Thanks , what if I replaced named,will EDNS starts supporting my server ? If you replace it with a version that supports EDNS. All versions of BIND 9 support EDNS. A modern version of BIND 9 should compile on SunOS 5.8 but it has been several years since we last tested this. You are running a really old OS. On Wed, Sep 5, 2012 at 4:14 PM, Mark Andrews ma...@isc.org wrote: In message cajw6aqbk-ypt7bcuzy+vovy3bda2gjg7yzz792zf6xpmf6r...@mail.gmail.com , syed haq writes: Hi shoul I need to add any statement in the bind to activate the EDNS0, Where do I find this EDNS statement in Sunos This is like you have a car with a plain AM/FM radio and you need to replace the radio with a new one that supports AF/FM/CD/Bluetooth/phono jack/Satellite Radio etc. You can replace just the radio (named) or you can get yourself a whole new car (OS/machine) which most probably gets better mileage (draws less power) and has lots of other features you need. http://en.wikipedia.org/wiki/Extension_mechanisms_for_DNS http://tools.ietf.org/html/rfc2671 On Wed, Sep 5, 2012 at 11:24 AM, Stephane Bortzmeyer bortzme...@nic.fr wrote : On Wed, Sep 05, 2012 at 11:11:43AM +0300, syed haq smu...@gmail.com wrote a message of 134 lines which said: That means EDNS is not supported by that var of SunOS ,can you give me the commands for checking the ENDS,BIND version in sunos I already gave them (dig). You simply cannot expect to solve *any* DNS problem without dig (or an equivalent like drill). Install it before anything (it does not have to run on the name server, any stupid Linux box has dig). -- syedhaq --e89a8fb1f806b4386f04c8f3bc20 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable div dir=3DltrHidivshoul I need to add any statement in the bind to ac= tivate the EDNS0,/divdivbr/divdivWhere do I find this EDNS statem= ent in Sunos/divdivbrbrdiv class=3Dgmail_quoteOn Wed, Sep 5, 20= 12 at 11:24 AM, Stephane Bortzmeyer span dir=3Dltrlt;a href=3Dmailto= :bortzme...@nic.fr target=3D_blankbortzme...@nic.fr/agt;/span wrot= e:br blockquote class=3Dgmail_quote style=3Dmargin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1exOn Wed, Sep 05, 2012 at 11:11:43AM +0300,br= =A0syed haq lt;a href=3Dmailto:smu...@gmail.com;smu...@gmail.com /agt= ; wrotebr div class=3Dim=A0a message of 134 lines which said:br br gt; That means EDNS is not supported by that var of SunOS ,can you givebr= gt; me the commands for checking the ENDS,BIND version in sunosbr br /divI already gave them (dig). You simply cannot expect to solve *any* DN= Sbr problem without dig (or an equivalent like drill). Install it beforebr anything (it does not have to run on the name server, any stupid Linuxbr box has dig).br br /blockquote/divbrbr clear=3Dalldivbr/div-- brsyedhaqbr /div/div --e89a8fb1f806b4386f04c8f3bc20-- --===3060930226779768695== Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users --===3060930226779768695==-- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- syedhaq --e89a8fb206e6d442ce04c8f43259 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable div dir=3DltrThanks ,divbr/divdivwhat if I replaced named,will = EDNS starts supporting my server ?brbrdiv class=3Dgmail_quoteOn Wed= , Sep 5, 2012 at 4:14 PM, Mark Andrews span dir=3Dltrlt;a href=3Dmai= lto:ma...@isc.org target=3D_blankma...@isc.org/agt;/span wrote:br= blockquote class=3Dgmail_quote style=3Dmargin:0 0 0
Re: Sunos 5.8 Error:EDNS not supported by your namesever
Mark Andrews wrote: SunOS 5.8 is ancient (12+ year old)and no longer supported by Oracle. I can't remember which version of BIND 8, SunOS 5.8 shipped with but it wasn't a recent version at the time. Not that it really matters much, but I thought I'd check some old Solaris 8 installation I still have access to - the BIND bundled on that one was 8.2.4. Regards Eivind Olsen ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sunos 5.8 Error:EDNS not supported by your namesever
In message 7e1c5160a2aa122a39e879c8343bf459.squir...@webmail.aminor.no, Eivi nd Olsen writes: Mark Andrews wrote: SunOS 5.8 is ancient (12+ year old)and no longer supported by Oracle. I can't remember which version of BIND 8, SunOS 5.8 shipped with but it wasn't a recent version at the time. Not that it really matters much, but I thought I'd check some old Solaris 8 installation I still have access to - the BIND bundled on that one was 8.2.4. And EDNS support was added at 8.3.0. Regards Eivind Olsen ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sunos 5.8 Error:EDNS not supported by your namesever
On 9/5/2012 10:19 AM, Mark Andrews wrote: In message 7e1c5160a2aa122a39e879c8343bf459.squir...@webmail.aminor.no, Eivi nd Olsen writes: Mark Andrews wrote: SunOS 5.8 is ancient (12+ year old)and no longer supported by Oracle. I can't remember which version of BIND 8, SunOS 5.8 shipped with but it wasn't a recent version at the time. Not that it really matters much, but I thought I'd check some old Solaris 8 installation I still have access to - the BIND bundled on that one was 8.2.4. And EDNS support was added at 8.3.0. I just checked a Solaris 9 box, and its binary appears to be based on 8.3.3. So it would, at least, support EDNS0, but be deficient in almost every other way. I vaguely remember that Sun (that would be Oracle now) offered a package (as in pkgadd package) featuring a BIND 9 named binary and some utilities. Don't know if or how much Oracle would support that package though. I can verify that relatively-modern versions of BIND (e.g. some 9.8.* versions) compile with gcc on Solaris 9. I don't have any access to a Solaris 8 box with a compiler though... - Kevin ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sunos 5.8 Error:EDNS not supported by your namesever
I can verify that relatively-modern versions of BIND (e.g. some 9.8.* versions) compile with gcc on Solaris 9. I don't have any access to a Solaris 8 box with a compiler though... I have built various releases of BIND up to 9.8.1 on Solaris 8 using gcc 2.95.3. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sunos 5.8 Error:EDNS not supported by your namesever
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Solaris 9 is no longer supported, forget 8. It's time to upgrade (and not even hard). On 09/05/2012 09:39 AM, Yohandry Cueto wrote: You dont need to upgrade the OS to get EDNS support. If you get a current version of Bind compiled and running in your actual system, you will be good to go. People are just reminding you that Oracle no longer support Solaris 5.8, upgrading the system is up to you, but not necessary in from Bind point of view. Regards, 2012/9/5 syed haq smu...@gmail.com: That means I need to completely upgrade the OS to make the EDNS support On Wed, Sep 5, 2012 at 4:24 PM, Mark Andrews ma...@isc.org wrote: In message CAJw6AQAD8=aLjPife+z_N5uHqaQ99wuJU=m4nanq_k3exkz...@mail.gmail.com , syed haq writes: Thanks , what if I replaced named,will EDNS starts supporting my server ? If you replace it with a version that supports EDNS. All versions of BIND 9 support EDNS. A modern version of BIND 9 should compile on SunOS 5.8 but it has been several years since we last tested this. You are running a really old OS. On Wed, Sep 5, 2012 at 4:14 PM, Mark Andrews ma...@isc.org wrote: In message cajw6aqbk-ypt7bcuzy+vovy3bda2gjg7yzz792zf6xpmf6r...@mail.gmail.com , syed haq writes: Hi shoul I need to add any statement in the bind to activate the EDNS0, Where do I find this EDNS statement in Sunos This is like you have a car with a plain AM/FM radio and you need to replace the radio with a new one that supports AF/FM/CD/Bluetooth/phono jack/Satellite Radio etc. You can replace just the radio (named) or you can get yourself a whole new car (OS/machine) which most probably gets better mileage (draws less power) and has lots of other features you need. http://en.wikipedia.org/wiki/Extension_mechanisms_for_DNS http://tools.ietf.org/html/rfc2671 On Wed, Sep 5, 2012 at 11:24 AM, Stephane Bortzmeyer bortzme...@nic.fr wrote : On Wed, Sep 05, 2012 at 11:11:43AM +0300, syed haq smu...@gmail.com wrote a message of 134 lines which said: That means EDNS is not supported by that var of SunOS ,can you give me the commands for checking the ENDS,BIND version in sunos I already gave them (dig). You simply cannot expect to solve *any* DNS problem without dig (or an equivalent like drill). Install it before anything (it does not have to run on the name server, any stupid Linux box has dig). -- syedhaq --e89a8fb1f806b4386f04c8f3bc20 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable div dir=3DltrHidivshoul I need to add any statement in the bind to ac= tivate the EDNS0,/divdivbr/divdivWhere do I find this EDNS statem= ent in Sunos/divdivbrbrdiv class=3Dgmail_quoteOn Wed, Sep 5, 20= 12 at 11:24 AM, Stephane Bortzmeyer span dir=3Dltrlt;a href=3Dmailto= :bortzme...@nic.fr target=3D_blankbortzme...@nic.fr/agt;/span wrot= e:br blockquote class=3Dgmail_quote style=3Dmargin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1exOn Wed, Sep 05, 2012 at 11:11:43AM +0300,br= =A0syed haq lt;a href=3Dmailto:smu...@gmail.com;smu...@gmail.com /agt= ; wrotebr div class=3Dim=A0a message of 134 lines which said:br br gt; That means EDNS is not supported by that var of SunOS ,can you givebr= gt; me the commands for checking the ENDS,BIND version in sunosbr br /divI already gave them (dig). You simply cannot expect to solve *any* DN= Sbr problem without dig (or an equivalent like drill). Install it beforebr anything (it does not have to run on the name server, any stupid Linuxbr box has dig).br br /blockquote/divbrbr clear=3Dalldivbr/div-- brsyedhaqbr /div/div --e89a8fb1f806b4386f04c8f3bc20-- --===3060930226779768695== Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users --===3060930226779768695==-- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- syedhaq --e89a8fb206e6d442ce04c8f43259 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable div dir=3DltrThanks ,divbr/divdivwhat if I replaced named,will = EDNS starts supporting my server ?brbrdiv class=3Dgmail_quoteOn Wed= , Sep 5, 2012 at 4:14 PM, Mark Andrews span dir=3Dltrlt;a href=3Dmai= lto:ma...@isc.org target=3D_blankma...@isc.org/agt;/span wrote:br= blockquote class=3Dgmail_quote style=3Dmargin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1exbr In message lt;a href=3Dmailto:CAJw6AQBk-YpT7BcUzY%2BVOvy3bDA2GJg7yzz792z=
BIND 9.9.2rc1 is now available
Introduction BIND 9.9.2rc1 is the first release candidate of BIND 9.9.2. This document summarizes changes from BIND 9.9.1 to BIND 9.9.2rc1. Please see the CHANGES file in the source code release for a complete list of all changes. Download The latest versions of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/all. There you will find additional information about each release, source code, and pre-compiled versions for Microsoft Windows operating systems. Support Product support information is available on http://www.isc.org/services/support for paid support options. Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://lists.isc.org/mailman/listinfo. Security Fixes - Prevents a named assert (crash) when validating caused by using Bad cache data before it has been initialized. [CVE-2012-3817] [RT #30025] - A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. [CVE-2012-1667] [RT #29644] - ISC_QUEUE handling for recursive clients was updated to address a race condition that could cause a memory leak. This rarely occurred with UDP clients, but could be a significant problem for a server handling a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 #30233] New Features - Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918] - Introduces a new tool dnssec-checkds command that checks a zone to determine which DS records should be published in the parent zone, or which DLV records should be published in a DLV zone, and queries the DNS to ensure that it exists. (Note: This tool depends on python; it will not be built or installed on systems that do not have a python interpreter.) [RT #28099] - Introduces a new tool dnssec-verify that validates a signed zone, checking for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673] - Adds configuration option max-rsa-exponent-size value; that can be used to specify the maximum rsa exponent size that will be accepted when validating [RT #29228] Feature Changes - Improves OpenSSL error logging [RT #29932] - nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492] Bug Fixes - When using DNSSEC inline signing with rndc signing -nsec3param, a salt value of - can now be used to indicate 'no salt'. [RT #30099] - Prevents race conditions (address use after free) that could be encountered when named is shutting down and releasing structures used to manage recursive clients. [RT #30241] - Static-stub zones now accept forward and fowarders options (often needed for subdomains of the zone referenced to override global forwarding options). These options are already available with traditional stub zones and their omission from zones of type static-stub was an inadvertent oversight. [RT #30482] - Limits the TTL of signed RRsets in cache when their RRSIGs are approaching expiry. This prevents the persistence in cache of invalid RRSIGs in order to assist recovery from a situation where zone re-signing doesn't occur in a timely manner. With this change, named will attempt to obtain new RRSIGs from the authoritative server once the original ones have expired, and even if the TTL of the old records would in other circumstances cause them to be kept in cache for longer. [RT #26429] - Corrects the syntax of isc_atomic_xadd() and isc_atomic_cmpxchg() which are employed on Itanium systems to speed up lock management by making use of atomic operations. Without the syntax correction it is possible that concurrent access to the same structures could accidentally occur with unpredictable results. [RT #25181] - Improves OpenSSL error logging [RT #29932] - The configure script now supports and detects libxml2-2.8.x correctly [RT #30440] - The host command should no longer assert on some architectures and builds while handling the time values used with the -w (wait forever) option. [RT #18723] - Invalid zero settings for max-retry-time, min-retry-time, max-refresh-time, min-refresh-time will now be detected during parsing of named.conf and an error emitted instead of triggering an assertion failure on startup. [RT #27730] - Removes spurious newlines from log messages in zone.c [RT #30675] - When built with readline support (i.e. on a system with readline installed) nsupdate no longer terminates unexpectedly in interactive mode. [RT #29550] - All named tasks that perform task-exclusive operations now share the same single task. Prior to this change, there was the possibility of a race condition between rndc operations and other functions such as re-sizing
BIND 9.8.4rc1 is now available
Introduction BIND 9.8.4rc1 is the first release candidate of BIND 9.8.4 This document summarizes changes from BIND 9.8.3 to BIND 9.8.4rc1. Please see the CHANGES file in the source code release for a complete list of all changes. Download The latest versions of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/all. There you will find additional information about each release, source code, and pre-compiled versions for Microsoft Windows operating systems. Support Product support information is available on http://www.isc.org/services/support for paid support options. Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://lists.isc.org/mailman/listinfo. Security Fixes - Prevents a named assert (crash) when validating caused by using Bad cache data before it has been initialized. [CVE-2012-3817] [RT #30025] - A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. [CVE-2012-1667] [RT #29644] New Features - Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918] Feature Changes - Improves OpenSSL error logging [RT #29932] - nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492] Bug Fixes - Static-stub zones now accept forward and fowarders options (often needed for subdomains of the zone referenced to override global forwarding options). These options are already available with traditional stub zones and their omission from zones of type static-stub was an inadvertent oversight. [RT #30482] - Limits the TTL of signed RRsets in cache when their RRSIGs are approaching expiry. This prevents the persistence in cache of invalid RRSIGs in order to assist recovery from a situation where zone re-signing doesn't occur in a timely manner. With this change, named will attempt to obtain new RRSIGs from the authoritative server once the original ones have expired, and even if the TTL of the old records would in other circumstances cause them to be kept in cache for longer. [RT #26429] - Corrects the syntax of isc_atomic_xadd() and isc_atomic_cmpxchg() which are employed on Itanium systems to speed up lock management by making use of atomic operations. Without the syntax correction it is possible that concurrent access to the same structures could accidentally occur with unpredictable results. [RT #25181] - The configure script now supports and detects libxml2-2.8.x correctly [RT #30440] - The host command should no longer assert on some architectures and builds while handling the time values used with the -w (wait forever) option. [RT #18723] - Invalid zero settings for max-retry-time, min-retry-time, max-refresh-time, min-refresh-time will now be detected during parsing of named.conf and an error emitted instead of triggering an assertion failure on startup. [RT #27730] - Removes spurious newlines from log messages in zone.c [RT #30675] - When built with readline support (i.e. on a system with readline installed) nsupdate no longer terminates unexpectedly in interactive mode. [RT #29550] - All named tasks that perform task-exclusive operations now share the same single task. Prior to this change, there was the possibility of a race condition between rndc operations and other functions such as re-sizing the adb hash table. If the race condition was encountered, named would in most cases terminate unexpectedly with an assert. [RT #29872] - Ensures that servers are expired from the ADB cache when the timeout limit is reached so that their learned attributes can be refreshed. Prior to this change, servers that were frequently queried might never have their entries removed and reinitialized. This is of particular importance to DNSSEC-validating recursive servers that might erroneously set no-edns for an authoritative server following a period of intermittent connectivity. [RT #29856] - Adds additional resilience to a previous security change (3218) by preventing RRSIG data from being added to cache when a pseudo-record matching the covering type and proving non-existence exists at a higher trust level. The earlier change prevented this inconsistent data from being retrieved from cache in response to client queries - with this additional change, the RRSIG records are no longer inserted into cache at all. [RT #26809] - dnssec-settime will now issue a warning when the writing of a new private key file would cause a change in the permissions of the existing file. [RT #27724] - Fixes the defect introduced by change #3314 that was causing failures when saving stub zones to disk (resulting in excessive
BIND 9.6-ESV-R8rc1 is now available
Introduction BIND 9.6-ESV-R8rc1 is the first release candidate of BIND 9.6-ESV-R8. BIND 9.6-ESV is an Extended Support Version of BIND. This document summarizes changes from BIND 9.6-ESV-R7 to BIND 9.6-ESV-R8rc1. Please see the CHANGES file in the source code release for a complete list of all changes. Download The latest versions of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/all. There you will find additional information about each release, source code, and pre-compiled versions for Microsoft Windows operating systems. Support Product support information is available on http://www.isc.org/services/support for paid support options. Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://lists.isc.org/mailman/listinfo. Security Fixes - Prevents a named assert (crash) when validating caused by using Bad cache data before it has been initialized. [CVE-2012-3817] [RT #30025] - A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. [CVE-2012-1667] [RT #29644] New Features - None Feature Changes - Improves OpenSSL error logging [RT #29932] - nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492] Bug Fixes - The configure script now supports and detects libxml2-2.8.x correctly [RT #30440] - The host command should no longer assert on some architectures and builds while handling the time values used with the -w (wait forever) option. [RT #18723] - Invalid zero settings for max-retry-time, min-retry-time, max-refresh-time, min-refresh-time will now be detected during parsing of named.conf and an error emitted instead of triggering an assertion failure on startup. [RT #27730] - Corrects the syntax of isc_atomic_xadd() and isc_atomic_cmpxchg() which are employed on Itanium systems to speed up lock management by making use of atomic operations. Without the syntax correction it is possible that concurrent access to the same structures could accidentally occur with unpredictable results. [RT #25181] - Removes spurious newlines from log messages in zone.c [RT #30675] - When built with readline support (i.e. on a system with readline installed) nsupdate no longer terminates unexpectedly in interactive mode. [RT #29550] - Ensures that servers are expired from the ADB cache when the timeout limit is reached so that their learned attributes can be refreshed. Prior to this change, servers that were frequently queried might never have their entries removed and reinitialized. This is of particular importance to DNSSEC-validating recursive servers that might erroneously set no-edns for an authoritative server following a period of intermittent connectivity. [RT #29856] - Adds additional resilience to a previous security change (3218) by preventing RRSIG data from being added to cache when a pseudo-record matching the covering type and proving non-existence exists at a higher trust level. The earlier change prevented this inconsistent data from being retrieved from cache in response to client queries - with this additional change, the RRSIG records are no longer inserted into cache at all. [RT #26809] - The tests on random jitter values that are used when handling zone refreshes have been relaxed. Prior to this change named could terminate unexpectedly when processing stub zones. [RT# 29821] - Fixes the defect introduced by change #3314 that was causing failures when saving stub zones to disk (resulting in excessive CPU usage in some cases). [RT #29952] - It is now possible to using multiple control keys again - this functionality was inadvertently broken by change #3924 (RT #28265) which addressed a memory leak. [RT #29694] - Setting resolver-query-timeout too low could cause named problems recovering after a loss of connectivity. [RT #29623] - Reduces the potential build-up of stale RRsets in cache on a busy recursive nameserver by re-using cached DS and RRSIG rrsets when possible [RT #29446] - Upper-case/lower-case handling of RRSIG signer-names is now handled consistently: RRSIG records are generated with the signer-name in lower case. They are accepted with any case, but if they fail to validate, we try again in lower case. [RT #27451] Thank You Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to make quality open source software, please visit our donations page at http://www.isc.org/supportisc. (c) 2001-2012 Internet Systems Consortium ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
BIND 9.7.7rc1 is now available
Introduction BIND 9.7.7rc1 is the first release candidate of BIND 9.7.7 This document summarizes changes from BIND 9.7.6 to BIND 9.7.7rc1. Please see the CHANGES file in the source code release for a complete list of all changes. Download The latest versions of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/all. There you will find additional information about each release, source code, and pre-compiled versions for Microsoft Windows operating systems. Support Product support information is available on http://www.isc.org/services/support for paid support options. Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://lists.isc.org/mailman/listinfo. Security Fixes - Prevents a named assert (crash) when validating caused by using Bad cache data before it has been initialized. [CVE-2012-3817] [RT #30025] - A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. [CVE-2012-1667] [RT #29644] New Features - None Feature Changes - Improves OpenSSL error logging [RT #29932] - nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492] Bug Fixes - Limits the TTL of signed RRsets in cache when their RRSIGs are approaching expiry. This prevents the persistence in cache of invalid RRSIGs in order to assist recovery from a situation where zone re-signing doesn't occur in a timely manner. With this change, named will attempt to obtain new RRSIGs from the authoritative server once the original ones have expired, and even if the TTL of the old records would in other circumstances cause them to be kept in cache for longer. [RT #26429] - The configure script now supports and detects libxml2-2.8.x correctly [RT #30440] - The host command should no longer assert on some architectures and builds while handling the time values used with the -w (wait forever) option. [RT #18723] - Invalid zero settings for max-retry-time, min-retry-time, max-refresh-time, min-refresh-time will now be detected during parsing of named.conf and an error emitted instead of triggering an assertion failure on startup. [RT #27730] - Corrects the syntax of isc_atomic_xadd() and isc_atomic_cmpxchg() which are employed on Itanium systems to speed up lock management by making use of atomic operations. Without the syntax correction it is possible that concurrent access to the same structures could accidentally occur with unpredictable results. [RT #25181] - Removes spurious newlines from log messages in zone.c [RT #30675] - When built with readline support (i.e. on a system with readline installed) nsupdate no longer terminates unexpectedly in interactive mode. [RT #29550] - Ensures that servers are expired from the ADB cache when the timeout limit is reached so that their learned attributes can be refreshed. Prior to this change, servers that were frequently queried might never have their entries removed and reinitialized. This is of particular importance to DNSSEC-validating recursive servers that might erroneously set no-edns for an authoritative server following a period of intermittent connectivity. [RT #29856] - Adds additional resilience to a previous security change (3218) by preventing RRSIG data from being added to cache when a pseudo-record matching the covering type and proving non-existence exists at a higher trust level. The earlier change prevented this inconsistent data from being retrieved from cache in response to client queries - with this additional change, the RRSIG records are no longer inserted into cache at all. [RT #26809] - dnssec-settime will now issue a warning when the writing of a new private key file would cause a change in the permissions of the existing file. [RT #27724] - Fixes the defect introduced by change #3314 that was causing failures when saving stub zones to disk (resulting in excessive CPU usage in some cases). [RT #29952] - It is now possible to using multiple control keys again - this functionality was inadvertently broken by change #3924 (RT #28265) which addressed a memory leak. [RT #29694] - Reduces the potential build-up of stale RRsets in cache on a busy recursive nameserver by re-using cached DS and RRSIG rrsets when possible [RT #29446] - Upper-case/lower-case handling of RRSIG signer-names is now handled consistently: RRSIG records are generated with the signer-name in lower case. They are accepted with any case, but if they fail to validate, we try again in lower case. [RT #27451] Thank You Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to make