where are the testing docs ?
Hey there. I looked in the README and I dont see an INSTALL file at all so I have to assume that the testing docs exist somewhere. I build 9.11.31 after wrangling the Makefile(s) everywhere and now I have built a separate machine to run the tests. I needed that because there are a bucket of interfaces needed and I can not do that on any large production hardware easily. So anyways ... where are the testing docs ? -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to return REFUSED
[ Classification Level: GENERAL BUSINESS ]
I just checked the ARM, and it denotes that "match-recursive-only"
(boolean) still exists for views. So, you might be able to set up a special
view with that, as well as a negated match-clients, specifying allow-query
{ none; }. Put it as the first view, and both non-recursive queries, and
queries from your "recursive-users" ACL, will fall through to subsequent
views.
- Kevin
P.S. ISC's "understanding views" knowledgebase article doesn't mention
match-recursive-only, so there is a discrepancy there. Either the feature
has been removed, and the ARM documentation hasn't been updated to reflect
it, or the knowledgebase article only focuses on the most common
view-matching criteria, omitting match-recursive-only, since the use cases
for that are very rare.
On Wed, May 5, 2021 at 3:10 PM Axel Rau wrote:
> I have,
>
> allow-query { any; };
> allow-query-cache { recursive-users; };
> allow-recursion { recursive-users; };
>
> How can I make sure that none recursive-users get a REFUSED if query is
> recursive?
>
> Axel
>
> PS: I want to minimize the responses to this amplification attack:
> - - -
> 19:05:18.703238 185.230.55.130.30120 > 91.216.35.71.53: [no udp cksum] 1+
> RRSIG? pizzaseo.com.(30) (ttl 249, id 33043, len 58)
> 19:05:18.703568 91.216.35.71.53 > 185.230.55.130.30120: [udp sum ok] 1- q:
> RRSIG? pizzaseo.com. 0/13/14 ns: com. NS j.gtld-servers.net., com. NS
> m.gtld-servers.net., com. NS c.gtld-servers.net., com. NS
> b.gtld-servers.net., com. NS d.gtld-servers.net., com. NS
> e.gtld-servers.net., com. NS l.gtld-servers.net., com. NS
> f.gtld-servers.net., com. NS h.gtld-servers.net., com. NS
> i.gtld-servers.net., com. NS a.gtld-servers.net., com. NS
> k.gtld-servers.net., com. NS g.gtld-servers.net. ar: m.gtld-servers.net.
> A 192.55.83.30, l.gtld-servers.net. A 192.41.162.30, k.gtld-servers.net.
> A 192.52.178.30, j.gtld-servers.net. A 192.48.79.30, i.gtld-servers.net.
> A 192.43.172.30, h.gtld-servers.net. A 192.54.112.30, g.gtld-servers.net.
> A 192.42.93.30, f.gtld-servers.net. A 192.35.51.30, e.gtld-servers.net. A
> 192.12.94.30, d.gtld-servers.net. A 192.31.80.30, c.gtld-servers.net. A
> 192.26.92.30, b.gtld-servers.net. A 192.33.14.30, a.gtld-servers.net. A
> 192.5.6.30, m.gtld-servers.net. 2001:501:b1f9::30(490) (ttl 63, id
> 11754, len 518)
> - - -
> ---
> PGP-Key: CDE74120 ☀ computing @ chaos claudius
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
How to return REFUSED
I have,
allow-query { any; };
allow-query-cache { recursive-users; };
allow-recursion { recursive-users; };
How can I make sure that none recursive-users get a REFUSED if query is
recursive?
Axel
PS: I want to minimize the responses to this amplification attack:
- - -
19:05:18.703238 185.230.55.130.30120 > 91.216.35.71.53: [no udp cksum] 1+
RRSIG? pizzaseo.com.(30) (ttl 249, id 33043, len 58)
19:05:18.703568 91.216.35.71.53 > 185.230.55.130.30120: [udp sum ok] 1- q:
RRSIG? pizzaseo.com. 0/13/14 ns: com. NS j.gtld-servers.net., com. NS
m.gtld-servers.net., com. NS c.gtld-servers.net., com. NS b.gtld-servers.net.,
com. NS d.gtld-servers.net., com. NS e.gtld-servers.net., com. NS
l.gtld-servers.net., com. NS f.gtld-servers.net., com. NS h.gtld-servers.net.,
com. NS i.gtld-servers.net., com. NS a.gtld-servers.net., com. NS
k.gtld-servers.net., com. NS g.gtld-servers.net. ar: m.gtld-servers.net. A
192.55.83.30, l.gtld-servers.net. A 192.41.162.30, k.gtld-servers.net. A
192.52.178.30, j.gtld-servers.net. A 192.48.79.30, i.gtld-servers.net. A
192.43.172.30, h.gtld-servers.net. A 192.54.112.30, g.gtld-servers.net. A
192.42.93.30, f.gtld-servers.net. A 192.35.51.30, e.gtld-servers.net. A
192.12.94.30, d.gtld-servers.net. A 192.31.80.30, c.gtld-servers.net. A
192.26.92.30, b.gtld-servers.net. A 192.33.14.30, a.gtld-servers.net. A
192.5.6.30, m.gtld-servers.net. 2001:501:b1f9::30(490) (ttl 63, id 11754,
len 518)
- - -
---
PGP-Key: CDE74120 ☀ computing @ chaos claudius
signature.asc
Description: Message signed with OpenPGP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: REST API for recursive queries
Roee Mayerowicz wrote: > I have ~700k (and growing) domain names that should be resolved daily. > I'm trying to make it efficient as possible using the recursive BIND > server (do you know a better option?), the goal is to get 2000 queries > per second with minimum server\s cost. I do bulk lookups on that kind of scale when I am preparing a recursive server to go into production. I use this small (250 line) program as a front end to adns that works the way I like. It can easily manage thousands of queries per second. https://git.uis.cam.ac.uk/x/uis/ipreg/adns-masterfile.git (That URL may stop working within the next few months because we're moving to GitLab and my old git server will be shut down, though I would like to find somewhere to host redirection tombstones...) Tony. -- f.anthony.n.finchhttps://dotat.at/ North Foreland to Selsey Bill: Westerly 5 or 6, decreasing 3 or 4, becoming variable 2 to 4 later. Slight or moderate, becoming slight later. Showers, occasional rain later. Moderate or good, occasionally poor. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Slightly baffled about Undefined symbols that are in OpenSSL
On 5/5/21 08:35, Mark Andrews wrote: > Use a non EoL version of OpenSSL. > alpha $ openssl version OpenSSL 1.1.1k 25 Mar 2021 Not a problem. I have all that sorted out and I did go climb all over the Makefile in bin/tools and see that it is borked. So I did some un-bork and now the compile completes. I will dig a bit and see where things went wrong after 9.11.26. -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Slightly baffled about Undefined symbols that are in OpenSSL
Use a non EoL version of OpenSSL. -- Mark Andrews > On 5 May 2021, at 22:32, Dennis Clarke via bind-users > wrote: > > > This has kept me spinning in a few hours since yesterday. So I gave a > try at configure and compile of bind-9.11.31 on ye Fujitsu/Oracle SPARC > Solaris 10 boxen and I see : > > > . > . > . > /opt/developerstudio12.6/bin/cc -mt > -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003 -I../.. > -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/dns/include > -I../../lib/dns/include > -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/isc/include > -I../../lib/isc -I../../lib/isc/include -I../../lib/isc/unix/include > -I../../lib/isc/pthreads/include -I../../lib/isc/noatomic/include > -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/isccfg/include > -I../../lib/isccfg/include > -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/lwres/include > -I../../lib/lwres/unix/include -I../../lib/lwres/include > -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/bind9/include > -I../../lib/bind9/include -I/opt/bw/include -D_REENTRANT > -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DOPENSSL > -DVERSION=\"9.11.31\" -D_XPG4_2 -D__EXTENSIONS__ -std=iso9899:2011 -m64 > -xarch=sparc -g -mc -xs -errfmt=error -erroff=%none -errshort=full > -errtags=yes -errwarn=%none -ftrap=%none -xbuiltin=%none -xildoff > -xlibmieee -xstrconst -xcode=pic32 -xmemalign=8s -xnolibmil -xunroll=1 > -xregs=no%appl -xdebugformat=dwarf -I/usr/include/libxml2-KPIC-c > isc-hmac-fixup-symtbl.c > gmake[3]: Leaving directory > '/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/bin/tools' > Undefined first referenced > symbol in file > EVP_MD_CTX_new ../../lib/isc/libisc-nosymtbl.a(md5.o) > EVP_sha512 ../../lib/isc/libisc-nosymtbl.a(sha2.o) > EVP_sha384 ../../lib/isc/libisc-nosymtbl.a(sha2.o) > EVP_sha224 ../../lib/isc/libisc-nosymtbl.a(sha2.o) > EVP_sha256 ../../lib/isc/libisc-nosymtbl.a(sha2.o) > EVP_DigestInit ../../lib/isc/libisc-nosymtbl.a(md5.o) > EVP_DigestUpdate../../lib/isc/libisc-nosymtbl.a(md5.o) > EVP_MD_CTX_reset../../lib/isc/libisc-nosymtbl.a(sha2.o) > EVP_md5 ../../lib/isc/libisc-nosymtbl.a(md5.o) > EVP_sha1../../lib/isc/libisc-nosymtbl.a(sha1.o) > EVP_DigestFinal ../../lib/isc/libisc-nosymtbl.a(md5.o) > EVP_MD_CTX_free ../../lib/isc/libisc-nosymtbl.a(md5.o) > ld: fatal: symbol referencing errors. No output written to > isc-hmac-fixuptmp1 > gmake[2]: *** [Makefile:495: isc-hmac-fixup] Error 1 > gmake[2]: Leaving directory > '/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/bin/tools' > gmake[1]: *** [Makefile:79: subdirs] Error 1 > gmake[1]: Leaving directory > '/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/bin' > gmake: *** [Makefile:88: subdirs] Error 1 > > > That is just bizarre because I can cd into the bin/tools directory and > do the link stage manually just fine : > > alpha $ /opt/developerstudio12.6/bin/cc -mt \ >> -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003 \ >> -I../.. \ >> -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/dns/include \ >> -I../../lib/dns/include \ >> -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/isc/include \ >> -I../../lib/isc \ >> -I../../lib/isc/include \ >> -I../../lib/isc/unix/include \ >> -I../../lib/isc/pthreads/include \ >> -I../../lib/isc/noatomic/include \ >> -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/isccfg/include \ >> -I../../lib/isccfg/include \ >> -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/lwres/include \ >> -I../../lib/lwres/unix/include \ >> -I../../lib/lwres/include \ >> -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/bind9/include \ >> -I../../lib/bind9/include \ >> -I/opt/bw/include \ >> -D_REENTRANT -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DOPENSSL \ >> -DVERSION=\"9.11.31\" \ >> -D_XPG4_2 -D__EXTENSIONS__ -std=iso9899:2011 \ >> -m64 -xarch=sparc -g -mc -xs -errfmt=error -erroff=%none -errshort=full \ >> -errtags=yes -errwarn=%none -ftrap=%none -xbuiltin=%none -xildoff \ >> -xlibmieee -xstrconst -xcode=pic32 -xmemalign=8s -xnolibmil -xunroll=1 \ >> -xregs=no%appl -xdebugformat=dwarf -KPIC \ >> -H -# -c isc-hmac-fixup-symtbl.c > ### cc: Note: NLSPATH = > /opt/developerstudio12.6/bin/../lib/locale/%L/LC_MESSAGES/%N.cat:/opt/developerstudio12.6/bin/../../lib/locale/%L/LC_MESSAGES/%N.cat > ### cc: Note: TMPDIR = /var/tmp/dclarke > ### command line files and options (expanded): > ### -mt=yes -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003 -I../.. > -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/dns/include > -I../../lib/dns/include > -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/isc/include > -I../../lib/isc -I../../lib/isc/include
Slightly baffled about Undefined symbols that are in OpenSSL
This has kept me spinning in a few hours since yesterday. So I gave a try at configure and compile of bind-9.11.31 on ye Fujitsu/Oracle SPARC Solaris 10 boxen and I see : . . . /opt/developerstudio12.6/bin/cc -mt -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003 -I../.. -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/dns/include -I../../lib/dns/include -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/isc/include -I../../lib/isc -I../../lib/isc/include -I../../lib/isc/unix/include -I../../lib/isc/pthreads/include -I../../lib/isc/noatomic/include -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/isccfg/include -I../../lib/isccfg/include -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/lwres/include -I../../lib/lwres/unix/include -I../../lib/lwres/include -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/bind9/include -I../../lib/bind9/include -I/opt/bw/include -D_REENTRANT -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DOPENSSL -DVERSION=\"9.11.31\" -D_XPG4_2 -D__EXTENSIONS__ -std=iso9899:2011 -m64 -xarch=sparc -g -mc -xs -errfmt=error -erroff=%none -errshort=full -errtags=yes -errwarn=%none -ftrap=%none -xbuiltin=%none -xildoff -xlibmieee -xstrconst -xcode=pic32 -xmemalign=8s -xnolibmil -xunroll=1 -xregs=no%appl -xdebugformat=dwarf -I/usr/include/libxml2-KPIC-c isc-hmac-fixup-symtbl.c gmake[3]: Leaving directory '/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/bin/tools' Undefined first referenced symbol in file EVP_MD_CTX_new ../../lib/isc/libisc-nosymtbl.a(md5.o) EVP_sha512 ../../lib/isc/libisc-nosymtbl.a(sha2.o) EVP_sha384 ../../lib/isc/libisc-nosymtbl.a(sha2.o) EVP_sha224 ../../lib/isc/libisc-nosymtbl.a(sha2.o) EVP_sha256 ../../lib/isc/libisc-nosymtbl.a(sha2.o) EVP_DigestInit ../../lib/isc/libisc-nosymtbl.a(md5.o) EVP_DigestUpdate../../lib/isc/libisc-nosymtbl.a(md5.o) EVP_MD_CTX_reset../../lib/isc/libisc-nosymtbl.a(sha2.o) EVP_md5 ../../lib/isc/libisc-nosymtbl.a(md5.o) EVP_sha1../../lib/isc/libisc-nosymtbl.a(sha1.o) EVP_DigestFinal ../../lib/isc/libisc-nosymtbl.a(md5.o) EVP_MD_CTX_free ../../lib/isc/libisc-nosymtbl.a(md5.o) ld: fatal: symbol referencing errors. No output written to isc-hmac-fixuptmp1 gmake[2]: *** [Makefile:495: isc-hmac-fixup] Error 1 gmake[2]: Leaving directory '/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/bin/tools' gmake[1]: *** [Makefile:79: subdirs] Error 1 gmake[1]: Leaving directory '/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/bin' gmake: *** [Makefile:88: subdirs] Error 1 That is just bizarre because I can cd into the bin/tools directory and do the link stage manually just fine : alpha $ /opt/developerstudio12.6/bin/cc -mt \ > -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003 \ > -I../.. \ > -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/dns/include \ > -I../../lib/dns/include \ > -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/isc/include \ > -I../../lib/isc \ > -I../../lib/isc/include \ > -I../../lib/isc/unix/include \ > -I../../lib/isc/pthreads/include \ > -I../../lib/isc/noatomic/include \ > -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/isccfg/include \ > -I../../lib/isccfg/include \ > -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/lwres/include \ > -I../../lib/lwres/unix/include \ > -I../../lib/lwres/include \ > -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/bind9/include \ > -I../../lib/bind9/include \ > -I/opt/bw/include \ > -D_REENTRANT -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DOPENSSL \ > -DVERSION=\"9.11.31\" \ > -D_XPG4_2 -D__EXTENSIONS__ -std=iso9899:2011 \ > -m64 -xarch=sparc -g -mc -xs -errfmt=error -erroff=%none -errshort=full \ > -errtags=yes -errwarn=%none -ftrap=%none -xbuiltin=%none -xildoff \ > -xlibmieee -xstrconst -xcode=pic32 -xmemalign=8s -xnolibmil -xunroll=1 \ > -xregs=no%appl -xdebugformat=dwarf -KPIC \ > -H -# -c isc-hmac-fixup-symtbl.c ### cc: Note: NLSPATH = /opt/developerstudio12.6/bin/../lib/locale/%L/LC_MESSAGES/%N.cat:/opt/developerstudio12.6/bin/../../lib/locale/%L/LC_MESSAGES/%N.cat ### cc: Note: TMPDIR = /var/tmp/dclarke ### command line files and options (expanded): ### -mt=yes -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003 -I../.. -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/dns/include -I../../lib/dns/include -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/isc/include -I../../lib/isc -I../../lib/isc/include -I../../lib/isc/unix/include -I../../lib/isc/pthreads/include -I../../lib/isc/noatomic/include -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/isccfg/include -I../../lib/isccfg/include -I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003/lib/lwres/include -I../../lib/lwres/unix/include
Re: REST API for recursive queries
I have ~700k (and growing) domain names that should be resolved daily. I'm trying to make it efficient as possible using the recursive BIND server (do you know a better option?), the goal is to get 2000 queries per second with minimum server\s cost. I thought using a single packet for multiple queries might be more efficient than multiple UDPs. I'll try reading more about adns to reach more queries at the same TCP connection. Any better ideas? From: bind-users on behalf of Roee Mayerowicz Sent: Tuesday, May 4, 2021 3:41 PM To: bind-users@lists.isc.org Subject: REST API for recursive queries CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hey, Do you know of a way to ask multiple DNS queries in a recursive bind server at the same packet\request? Using DoH might work? How? Is there a plugin which does that? Tnx ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Log queried forwarder IP address
Hi I have a caching resolver. Is it possible to log the IP address of the queried forwarder without too much overhead? As I see, the resolver category should log this, but only in debug 3. Is there another way to do this? Thanks Levi ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
