Re: dnssec validation issue

[dhungyel]

Hi Mukund

> Are you able to reproduce the bug with the latest stock version of BIND 
> 9.9?  9.9.4 is very old and that branch has had numerous bugfixes since. 

> I'm not able to reproduce such a validation failure with 9.9.11: 

At the moment the latest patched version of bind available for CentOS 7 is
9.9.4-50. The policy has been to stick with the patches / versions
distributed by the Distro rather than getting the latest. So, I will have to
try the new version and see if the problem persists.

I have looked around a bit more and this is where it starts getting
interesting. For hosts that are not mapped to CNAME, this works perfectly
fine. See below for host ns.icann.org

# dig @localhost ns.icann.org A +dnssec

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> @localhost ns.icann.org A
+dnssec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31866
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 9

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;ns.icann.org.  IN  A

;; ANSWER SECTION:
ns.icann.org.   3600IN  A   199.4.138.53
ns.icann.org.   3600IN  RRSIG   A 7 3 3600 20170914022301 
20170824010741 56445
icann.org. DFfGY0h65bDzMHNSkf9cmM8vHbIeOyupdw5HeagBiWzQMAbzvtc4w5et
N+1P2zeOPvCvYiBcUsHi+JGqyB0q6gpyZMcXFbMGRPnp931B+F6MUnZL
H2+2PDhkBrZ1EtyVaS8s8IyZ9XOuzJKNwOQBt4mNdFhpvrpWmXMc1zTQ OYX1Kqg=

;; AUTHORITY SECTION:
icann.org.  86393   IN  NS  a.iana-servers.net.
icann.org.  86393   IN  NS  ns.icann.org.
icann.org.  86393   IN  NS  c.iana-servers.net.
icann.org.  86393   IN  NS  b.iana-servers.net.
icann.org.  86393   IN  RRSIG   NS 7 2 86400 20170915091737 
20170825024031 56445
icann.org. P7offNJTV/zX8mZVC7x6uwvhZrdLzLNM/r1tsp4g7yaprD6LY//TLbNc
tIdbFjZdml7CYYZxZSecmb5Uzo8O7sHS+1xdandh6KxPfo47mO+Ge6JI
JmspnEaOxOlK7Vp3RGCqdeUasxIpwjHlNa+4rZ30ImmKxsAGC9oq01ey d/JE8j8=

;; ADDITIONAL SECTION:
a.iana-servers.net. 172793  IN  A   199.43.135.53
a.iana-servers.net. 172793  IN  2001:500:8f::53
b.iana-servers.net. 172793  IN  A   199.43.133.53
b.iana-servers.net. 172793  IN  2001:500:8d::53
c.iana-servers.net. 172793  IN  A   199.43.134.53
c.iana-servers.net. 172793  IN  2001:500:8e::53
ns.icann.org.   86393   IN  2001:500:89::53
ns.icann.org.   3600IN  RRSIG    7 3 3600 20170913162548 
20170824010741
56445 icann.org. cSpl1KEIPeFTzXBhjn9CMA+Y4iVG92++kdzxoTzRhgEMsH2Xud/s8Mg1
DBEc07xMgou5OqyGvlbOxP1F2c/dOFrQBMBuojBmG4ltIj663GYshyFy
3sxqNJGATHDDJ7Sk8eiYFazct09Z2wQ73UdwKGXuzM4bD9LrXUYP0rnJ l0xEen8=

However, when I try the same thing for www.icann.org, I get SERVFAIL like
below:

# dig @localhost www.icann.org A +dnssec

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> @localhost www.icann.org A
+dnssec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30814
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.icann.org. IN  A

;; Query time: 4237 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Aug 31 10:06:23 +06 2017
;; MSG SIZE  rcvd: 42

So, I am beginning to wonder if there is issue between dissed and CNAME in
9.9.4-50 version of bind. With checking disabled (as suggested by Tony), it
resolves correctly:

# dig @localhost www.icann.org A +cd

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> @localhost www.icann.org A +cd
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53618
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.icann.org. IN  A

;; ANSWER SECTION:
www.icann.org.  3386IN  CNAME   www.vip.icann.org.
www.vip.icann.org.  30  IN  A   192.0.32.7

;; AUTHORITY SECTION:
vip.icann.org.  3382IN  NS  gtm1.dc.icann.org.
vip.icann.org.  3382IN  NS  gtm1.mdr.icann.org.
vip.icann.org.  3382IN  NS  gtm1.lax.icann.org.

with +cd and +sigchase, the resolver is able to find the RRSIG data fine but
once checking is enabled, it just fails:


/# dig @localhost www.icann.org A +cd +sigchase
;; RRset to chase:
www.icann.org.  3039IN  CNAME   www.vip.icann.org.


;; RRSIG of the RRset to chase:
www.icann.org.  3039IN  RRSIG   CNAME 7 3 3600 20170914195717 
20170824110741
56445 icann.org. GoSDthX9s2BsyaT/AYyfNKixR8UMVF/fx3zz5U9XPIVJUkpp3g9xyuZy
wxO7aTVgiPaESUOttGGn4xs9KMzZ4BcI6bmOAehYubS6AaAb6YdbweR4
S6O3qiNMT5Sai4BrfmvITGjigyNXSb3vc8fsSeUPJVdR8gmObfzbJbdn 

Re: Testing...

[Hika van den Hoven]

Hoi Tony,

Wednesday, August 30, 2017, 6:44:32 PM, you wrote:

> Grant Taylor  wrote:
>>
>> There is additional footer content (as well as headers) in messages from the
>> mailing list.
>>
>> Does Gmail detect that and ignore it?  Or is the message simply folded into
>> the conversation in Gmail?

> No, I believe deduplication is based purely on the message-ID, but as far
> as I can see it isn't documented by Google. If you have more questions
> about Gmail you should take them elsewhere. There are reasons I am no
> longer a postmaster...

> Tony.

As far as I know If you pop from a gmail account, it will never
include any message containing itself as the sender. However if you go
to web-mail it will be there. Gmail takes part of the tasks of your
mail program by keeping track of what has been downloaded and it seems
to mark those messages as already downloaded.
So in that case you have to use your mailprogram filtering to copy
your send messages to the list folder.

Tot mails,
  bind userlistmailto:hika...@gmail.com

"Zonder hoop kun je niet leven
Zonder leven is er geen hoop
Het eeuwige dilemma
Zeker als je hoop moet vernietigen om te kunnen overleven!"

De lerende Mens
--

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Testing...

[Alan Clegg]

On 8/30/17 12:44 PM, Tony Finch wrote:

> There are reasons I am no longer a postmaster...

And they all said Ramen...

AlanC



signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Testing...

[Tony Finch]

Grant Taylor  wrote:
>
> There is additional footer content (as well as headers) in messages from the
> mailing list.
>
> Does Gmail detect that and ignore it?  Or is the message simply folded into
> the conversation in Gmail?

No, I believe deduplication is based purely on the message-ID, but as far
as I can see it isn't documented by Google. If you have more questions
about Gmail you should take them elsewhere. There are reasons I am no
longer a postmaster...

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Trafalgar: North or northwest 4 or 5, occasionally 6 later. Moderate,
occasionally rough later in northwest. Showers. Good.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Testing...

[Grant Taylor]

On 08/30/2017 09:49 AM, Tony Finch wrote:

You seem to be using Gmail which does de-duplication across all messages
in your account, so your messages received from the list are deleted since
they are duplicates of the copies in your sent-mail folder.


There is additional footer content (as well as headers) in messages from 
the mailing list.


Does Gmail detect that and ignore it?  Or is the message simply folded 
into the conversation in Gmail?


Also, there is a Mailman setting to enable receiving your own posts to 
the mailing list.  I believe it is disabled by default.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: filter-aaaa-on-v4 not available in Windows binary?

[Victoria Risk]

> On Aug 30, 2017, at 8:55 AM, pLAN9  wrote:
> 
> Apologies all, I missed an Event Viewer entry:
> 
> "C:\Program Files\ISC BIND 9\etc\named.conf:19: option 'filter--on-v4' 
> was not enabled at compile time"
> 
> So it appears I DO have to recompile…

I see that Mark has made a ticket to turn on filter--on-v4 support in our 
windows builds in the future.
https://bugs.isc.org/Ticket/Display.html?id=45883 


Vicky

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Testing...

[Tony Finch]

Alan Clegg  wrote:
>
> It appears that I just don't see my own posts for whatever reason.  8-)

You seem to be using Gmail which does de-duplication across all messages
in your account, so your messages received from the list are deleted since
they are duplicates of the copies in your sent-mail folder.

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
South Utsire: Westerly or northwesterly 3 or 4, decreasing 2 for a time.
Slight or moderate. Showers. Good.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Testing...

[Alan Clegg]

On 8/30/17 11:25 AM, Adamiec, Lawrence wrote:
> I see your email on the list.

Thanks to those that have responded both on- and off-list.

It appears that I just don't see my own posts for whatever reason.  8-)

[You know how long it's been since I debugged a mailing list issue??!]

No additional responses needed at this time.

AlanC



signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Testing...

[Warren Kumari]

... yes, yes you are.

I'm explicitly responding in case you have the mailman "Don't send me
my own posts" (not metoo) option.

W

On Wed, Aug 30, 2017 at 11:20 AM, Alan Clegg  wrote:
> I don't think I can post to this list for some reason.
>
> I'd like to be able to respond to questions, but my responses never seem
> to show up...
>
> this is just a test to see if I am visible on the list.
>
> Thanks!
> AlanC
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Testing...

[Adamiec, Lawrence]

I see your email on the list.



Thank you.
Larry

__
Lawrence Adamiec
Web Developer/UNIX Admin
Information Technology Services (ITS)
Chicago-Kent College of Law
Illinois Institute of Technology
565 W. Adams St.
Chicago, IL
60661

On Wed, Aug 30, 2017 at 10:20 AM, Alan Clegg  wrote:

> I don't think I can post to this list for some reason.
>
> I'd like to be able to respond to questions, but my responses never seem
> to show up...
>
> this is just a test to see if I am visible on the list.
>
> Thanks!
> AlanC
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Testing...

[Alan Clegg]

I don't think I can post to this list for some reason.

I'd like to be able to respond to questions, but my responses never seem
to show up...

this is just a test to see if I am visible on the list.

Thanks!
AlanC



signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind-chroot, runs, works, dies

[Reindl Harald]

Am 30.08.2017 um 15:21 schrieb Tony Finch:

Petr Mensik  wrote:


But presence of pid files also work as notification of completed
initialization (which is done BEFORE forking and finishing ExecStart
command).


named writes its pidfile relatively early during startup. The parent
doesn't exit until the child daemon has finished starting, so that's a
better notification (though not what systemd wants...).


Service type=simple is not good replacement of forking, because it does
not let you know when service failed to start at all.


Good grief


it's not true, it just don't let you know when start is finsished but 
other than sysvcrap systemd *always* let you know when a service failed 
and it's easy to write a simple script to catch that events from syslog 
and send periodically mails if that happens


what's better than forking/simple and so on is just native systemd 
support of the service to use type=notify like it is now poissble with 
MariaDB - that's it


maybe i should add that we run Fedora in production for a decade and 
with Fedora 15 i siwtched *every* service to native systemd-units since 
the Fedora mix of old compat services and new units was a unacceptable mess


so when i talk about systemd and servers i know what i talk about since 
we run httpd/mail/dns/epp/smb/afp and what not else likely as one of the 
first companies at all with exclusive native units and nothing else for 
production servers hosting hundrets of domains


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: filter-aaaa-on-v4 not available in Windows binary?

[Mark Andrews]

In message <20170830112841.gk2...@harrier.slackbuilds.org>, /dev/rob0 writes:
> On Tue, Aug 29, 2017 at 02:12:43PM -0500, pLAN9 wrote:
> > I have downloaded the latest 9.11.2 BIND running on Windows 10 and 
> > have set up a successful caching-only server. When I try to add 
> > "filter--on-v4 yes" to the global "options" section of 
> > named.conf, the Windows BIND service fails to start, with an event 
> > viewer log entry stating a "Parsing error" on the line containing 
> > the filter statement.
> 
> I suspect you have a syntax error, or maybe non-ASCII characters
> in your named.conf.

Agreed.  You should get a log message about it not being configured.

> > Does this mean I will have to manually compile BIND on WIndows
> > for this option to work?
> 
> There is no specific compile flag to enable that feature, so no.

It's conditionally compiled (--enable-filter-).

#ifdef ALLOW_FILTER_
{ "filter-", _type_bracketed_aml, 0 },
{ "filter--on-v4", _type_filter_, 0 },
{ "filter--on-v6", _type_filter_, 0 },
#else
{ "filter-", _type_bracketed_aml,
   CFG_CLAUSEFLAG_NOTCONFIGURED },
{ "filter--on-v4", _type_filter_,
   CFG_CLAUSEFLAG_NOTCONFIGURED },
{ "filter--on-v6", _type_filter_,
   CFG_CLAUSEFLAG_NOTCONFIGURED },
#endif

> > I assume that I don't need a full version of Visual Studio
> > to compile, the free "Community" edition of VS 2017 will work?
> 
> I think the Knowledge Base has an article on compiling BIND for 
> Windows.  But again, I doubt that could be the problem.
> -- 
>   http://rob0.nodns4.us/
>   Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dnssec validation issue

[Mukund Sivaraman]

Hi Ganga

On Thu, Aug 24, 2017 at 09:33:32AM +0600, Ganga R. Dhungyel wrote:
> With dnssec-validation turned on, resolving sites like www.icann.org
>  fails. The alternative is to remove validation
> which of course is not the desired solution.

Are you able to reproduce the bug with the latest stock version of BIND
9.9?  9.9.4 is very old and that branch has had numerous bugfixes since.

I'm not able to reproduce such a validation failure with 9.9.11:

[muks@jurassic bind9]$ bin/dig @127.0.0.1 -p 53000 www.icann.org

; <<>> DiG 9.9.11 <<>> @127.0.0.1 -p 53000 www.icann.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28837
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.icann.org. IN  A

;; ANSWER SECTION:
www.icann.org.  3497IN  CNAME   www.vip.icann.org.
www.vip.icann.org.  30  IN  A   192.0.32.7

;; Query time: 464 msec
;; SERVER: 127.0.0.1#53000(127.0.0.1)
;; WHEN: Wed Aug 30 18:59:51 IST 2017
;; MSG SIZE  rcvd: 80

[muks@jurassic bind9]$

Both dig and named are from BIND 9.9.11. AD bit is set indicating
validation was performed.

Mukund
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind-chroot, runs, works, dies

[Tony Finch]

Petr Mensik  wrote:
>
> But presence of pid files also work as notification of completed
> initialization (which is done BEFORE forking and finishing ExecStart
> command).

named writes its pidfile relatively early during startup. The parent
doesn't exit until the child daemon has finished starting, so that's a
better notification (though not what systemd wants...).

> Service type=simple is not good replacement of forking, because it does
> not let you know when service failed to start at all.

Good grief.

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Trafalgar: North or northwest 4 or 5, occasionally 6 later. Moderate,
occasionally rough later in northwest. Showers. Good.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dnssec validation issue

[Stephane Bortzmeyer]

On Thu, Aug 24, 2017 at 09:33:32AM +0600,
 Ganga R. Dhungyel  wrote 
 a message of 677 lines which said:

> # dig @localhost www.icann.org A +dnssec

When you suspect a DNSSEC issue, always retry dig with +cd (Checking
Disabled). And post the result.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dnssec validation issue

[Tony Finch]

Ganga R. Dhungyel  wrote:
>
> **debug log
>
> 23-Aug-2017 16:17:57.567 dnssec: debug 3:
>   validating @0x7f3ffc96e4d0: www.vip.icann.org A:
>   attempting insecurity proof
>
> With dnssec-validation turned on, resolving sites like www.icann.org fails.

I think that line in the debug log indicates that something went wrong
earlier - looks like the resolver somehow got an unsigned answer. I can't
say why without a bit more context.

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Faeroes: Variable, mainly north, 3 or 4. Moderate or rough. Mainly fair. Good.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: email notification in bind?

[/dev/rob0]

On Tue, Aug 29, 2017 at 06:14:51PM +0530, rams wrote:
> Do we have email notification feature in Bind when zone update 
> fails.

In addition to what Grant said, "No," in effect, you might want to 
clarify the problem and goal.  Do you mean when updating zone data 
with nsupdate(1)?  Or are you talking about a slave receiving a 
notify and pulling a zone transfer?  "Zone update fails" is an 
ambiguous phrase.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: filter-aaaa-on-v4 not available in Windows binary?

[/dev/rob0]

On Tue, Aug 29, 2017 at 02:12:43PM -0500, pLAN9 wrote:
> I have downloaded the latest 9.11.2 BIND running on Windows 10 and 
> have set up a successful caching-only server. When I try to add 
> "filter--on-v4 yes" to the global "options" section of 
> named.conf, the Windows BIND service fails to start, with an event 
> viewer log entry stating a "Parsing error" on the line containing 
> the filter statement.

I suspect you have a syntax error, or maybe non-ASCII characters
in your named.conf.

> Does this mean I will have to manually compile BIND on WIndows
> for this option to work?

There is no specific compile flag to enable that feature, so no.

> I assume that I don't need a full version of Visual Studio
> to compile, the free "Community" edition of VS 2017 will work?

I think the Knowledge Base has an article on compiling BIND for 
Windows.  But again, I doubt that could be the problem.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users