Re: bind9 (9.18.14) build / install on macOS Ventura (13.3.1) fails to create dirs or files as expected

2023-05-09 Thread Ondřej Surý 
I would like to re-iterate what Greg said here - use the Homebrew package.

Using the Homebrew hides some gory details about the system administrators
and could be a good entry to learn how the system administration works.

Otherwise, you need to look at the output that the build process produced,
running `make install V=1` will give you little bit more detail about the 
process.

Uploading config.log and providing link to it also help to give us more 
information,
so we can help you.

Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org

My working hours and your working hours may be different. Please do not feel 
obligated to reply outside your normal working hours.



> On 9. 5. 2023, at 22:57, Greg Choules via bind-users 
>  wrote:
> 
> Hello.
> By far the simplest way to install BIND natively on Mac is to use the 
> Homebrew package manager. I have 9.18.14 installed on mine and it works fine.
> The other alternative is to run it from the Docker image. See here for 
> details: https://hub.docker.com/r/internetsystemsconsortium/bind9
> 
> Hope that helps.
> Greg
> 
> On Tue, 9 May 2023 at 21:43, Pacific  wrote:
> Installing bind9 (9.18.14) on macOS Ventura (13.3.1) — install is not 
> creating a namedb directory nor can I find a boilerplate named.conf. 
> Steps taken:
> Downloaded tar directly from isc, saved to a local directory as a user with 
> admin privs.
> Steps to build:
> tar xzf bind-9.18.14.tar.gz
> cd bind-9.18.14
> ./configure
> 
> 
> Config summary reads:
> =
> Configuration summary:
> -
> Optional features enabled:
> Memory allocator: jemalloc
> GSS-API (--with-gssapi)
> DNSSEC validation active by default (--enable-auto-validation)
> -
> Features disabled or unavailable on this platform:
> Small-system tuning (--with-tuning)
> Allow 'dnstap' packet logging (--enable-dnstap)
> GeoIP2 access control (--enable-geoip)
> DNS Response Policy Service interface (--enable-dnsrps)
> Allow 'fixed' rrset-order (--enable-fixed-rrset)
> Very verbose query trace logging (--enable-querytrace)
> Single-query trace logging (--enable-singletrace)
> LMDB database to store configuration for 'addzone' zones (--with-lmdb)
> IDN support (--with-libidn2)
> -
> Configured paths:
> prefix: /usr/local
> sysconfdir: ${prefix}/etc
> localstatedir: ${prefix}/var
> 
> Compiler: gcc
> Apple clang version 14.0.3 (clang-1403.0.22.14.1)
> Target: arm64-apple-darwin22.4.0
> Thread model: posix
> InstalledDir: 
> /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
> CFLAGS: -Wall -Wextra -Wwrite-strings -Wpointer-arith 
> -Wno-missing-field-initializers -Wformat -Wshadow 
> -Werror=implicit-function-declaration -Werror=missing-prototypes 
> -Werror=format-security -Werror=parentheses -Werror=implicit 
> -Werror=strict-prototypes -Werror=vla -fno-strict-aliasing 
> -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -pthread 
> -Wno-deprecated-declarations
> CPPFLAGS: -D_FORTIFY_SOURCE=2 -I/opt/homebrew/opt/openssl@3/include
> LDFLAGS: -L/opt/homebrew/opt/openssl@3/lib
> —
> After configure completes:
> make
> When make successfully completes, ran test suite:
> sudo ./bin/tests/system/ifconfig.sh up 
> make test
> Tests run clean, bring down interface and do make install which runs to 
> completion:
> sudo ./bin/tests/system/ifconfig.sh down
> sudo make install
> Install appears to complete successfully, however there is no namedb 
> directory in either /etc or /usr/local/etc
> In fact there is no named.conf file anywhere on the system except in the 
> source tree.
> Please advise as to where to look or please advise if there are additional 
> build steps to take, if configure needs edits, etc.
> Thanks for any assistance.
> 
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
> this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
> this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list

Re: bind9 (9.18.14) build / install on macOS Ventura (13.3.1) fails to create dirs or files as expected

2023-05-09 Thread Greg Choules via bind-users 
The named binary *could* exist in many places; it depends on the OS. For
example, with a Homebrew install on my Mac it's here:
/usr/local/Cellar/bind/9.18.14/sbin/named because of this build parameter:
--prefix=/usr/local/Cellar/bind/9.18.14
It's linked to from /usr/local/opt/bind/sbin/named, for convenience.

I don't recall whether you get an example "named.conf" Mine is here, by the
way:
/usr/local/etc/bind/named.conf because of this build parameter:
--sysconfdir=/usr/local/etc/bind

Again, search for a named.conf and if you don't have one, 'touch' it to
create it then try running it. By default it doesn't need to contain
anything, just exist. The built-in defaults are enough to get a server
running.
As you start to customise your config, keep an eye on the log, which will
tell you whether named starts or not and if not, why. Then you can correct
errors and try again.

I don't think it should matter that artefacts from a previous install
attempt are hanging around. But before you try installing it another way I
would search for files called "named":
sudo find / -name named
and see if you have a binary. In my case:
%file /usr/local/sbin/named
/usr/local/sbin/named: Mach-O 64-bit executable x86_64

If you find an executable, do /named -V (uppercase V), which will
print a summary of how it was built.
Similarly /named -C (uppercase) will print the defaults.

Hope this helps.
Greg


On Wed, 10 May 2023 at 05:55, Pacific  wrote:

> Hi, thanks for the reply.
>
> For some reason I thought it did install or drop a base bones named.conf
> file, however, it should have dropped the named binary into /usr/local  —
> which it didn’t do. And none of the other “various BIND 9 libraries”.
>
> The bind docs at
> https://bind9.readthedocs.io/en/latest/chapter10.html#build-bind
>
> in section 10.2 on building show this:
>
> make install installs named
>  and
> the various BIND 9 libraries. By default, installation is into /usr/local,
> but this can be changed with the --prefix option when running configure.
>
> The option --sysconfdir can be specified to set the directory where
> configuration files such as named.conf
>  
> go
> by default; --localstatedir can be used to set the default parent
> directory ofrun/named.pid. --sysconfdir defaults to $prefix/etc and
> --localstatedir defaults to $prefix/var.
> If I’m missing something please let me know - or if you have any
> suggestions, like just moving the named binary from my temp dir into
> /usr/local I’d appreciate. Thanks.
>
> On May 9, 2023, at 5:08 PM, Anand Buddhdev  wrote:
>
> On 09/05/2023 22:23, Pacific wrote:
>
> Hi Pacific,
>
> Installing bind9 (9.18.14) on macOS Ventura (13.3.1) — install is
> not  creating a namedb directory nor can I find a boilerplate named.conf.
>
>
> As far as remember, the bind install procedure doesn't create a named.conf.
>
> --
> Anand
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind9 (9.18.14) build / install on macOS Ventura (13.3.1) fails to create dirs or files as expected

2023-05-09 Thread Pacific 
Hi, thanks for the reply. 

For some reason I thought it did install or drop a base bones named.conf file, 
however, it should have dropped the named binary into /usr/local  — which it 
didn’t do. And none of the other “various BIND 9 libraries”.

The bind docs at 
https://bind9.readthedocs.io/en/latest/chapter10.html#build-bind

in section 10.2 on building show this:

make install installs named 
 and the 
various BIND 9 libraries. By default, installation is into /usr/local, but this 
can be changed with the --prefix option when running configure.

The option --sysconfdir can be specified to set the directory where 
configuration files such as named.conf 
 go 
by default; --localstatedir can be used to set the default parent directory 
ofrun/named.pid. --sysconfdir defaults to $prefix/etc and --localstatedir 
defaults to $prefix/var.

If I’m missing something please let me know - or if you have any suggestions, 
like just moving the named binary from my temp dir into /usr/local I’d 
appreciate. Thanks.

> On May 9, 2023, at 5:08 PM, Anand Buddhdev  wrote:
> 
> On 09/05/2023 22:23, Pacific wrote:
> 
> Hi Pacific,
> 
>> Installing bind9 (9.18.14) on macOS Ventura (13.3.1) — install is
>> not  creating a namedb directory nor can I find a boilerplate named.conf.
> 
> As far as remember, the bind install procedure doesn't create a named.conf.
> 
> -- 
> Anand

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Problem with subdomain delegation - NS RR ignored?

2023-05-09 Thread Mark Andrews 
Don’t use host for diagnostics.  It really is the wrong tool. If you want to 
see the
delegation make non-recursive queries.

dig a ns1.fish.hub @localhost +norec
dig ns fish.hub @localhost +norec

When you make recursive queries, named follows the records in the zone and 
returns the
answers from the referenced servers.  Compare the above with the recursive 
queries below.

dig a ns1.fish.hub @localhost
dig ns fish.hub @localhost

Mark

> On 10 May 2023, at 14:07, bindu...@thegeezer.net wrote:
> 
> Howdy
> 
> I'm struggling with subdomain creation, for some reason the delegation glue 
> records are being ignored - and i was wondering if someone could help me 
> identify what I've done wrong please.  I know i need to setup another server 
> for the subdomain, but I've been trying to get this going at work and getting 
> the same issue, so thought to try on my test bed.  Can't even get the NS 
> record returned for the subdomain
> 
> Given the domain ".hub"  I can verify the domain level NS
> # host -t NS hub localhost
> > hub name server localhost.
> 
> I can create an A record  for "salmon.hub."  and this resolves as expected:
> # host -t a salmon.hub localhost
> > salmon.hub has address 8.8.8.8
> 
> I want to delegate to a different domain server the subdomain "fish.hub" and 
> have created glue records as below in the config snippet, but get NXDOMAIN 
> for both the A record and the NS record
> # host -t a ns1.fish.hub localhost
> > Host ns1.fish.hub not found: 3(NXDOMAIN)
> 
> # host -t NS fish.hub localhost
> > Host fish.hub not found: 3(NXDOMAIN)
> 
> Any suggestions gratefully received.  Pertinent parts of named.conf and zone 
> file are shown below, if you need more info please don't hesitate to ask
> 
> thanks in advance!
> 
> TG
> 
> /etc/bind/named.conf
> acl "trusted" {
> 10.0.0.0/8;
> 192.168.0.0/16;
> 127.0.0.0/8;
> ::1/128;
> };
> allow-recursion {
> trusted;
>};
> forwarders {
> 208.67.220.220;
> 208.67.222.222;
> };
> zone "hub" IN {
>type master;
>file "pri/hub.zone";
>notify no;
> };
> 
> /etc/bind/pri/hub.zone
> $TTL 1W
> @   IN  SOA hub. root.hub.  (
>   2008122601 ; Serial
>   28800  ; Refresh
>   14400  ; Retry
>   604800 ; Expire - 1 week
>   86400 ); Minimum
> @   IN  NS  localhost.
> @   IN  A   127.0.0.1
> 
> @   IN  ::1
> 
> salmon.hub. IN  A   8.8.8.8
> fish.hub.   IN  NS  ns1.fish.hub.
> ns1.fish.hub.   IN  A   4.4.4.4
> 
> 
> 
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
> this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Problem with subdomain delegation - NS RR ignored?

2023-05-09 Thread binduser 

Howdy

I'm struggling with subdomain creation, for some reason the delegation 
glue records are being ignored - and i was wondering if someone could 
help me identify what I've done wrong please.  I know i need to setup 
another server for the subdomain, but I've been trying to get this going 
at work and getting the same issue, so thought to try on my test bed.  
Can't even get the NS record returned for the subdomain


Given the domain ".hub"  I can verify the domain level NS
# host -t NS hub localhost
> hub name server localhost.

I can create an A record  for "salmon.hub."  and this resolves as expected:
# host -t a salmon.hub localhost
> salmon.hub has address 8.8.8.8

I want to delegate to a different domain server the subdomain "fish.hub" 
and have created glue records as below in the config snippet, but get 
NXDOMAIN for both the A record and the NS record

# host -t a ns1.fish.hub localhost
> Host ns1.fish.hub not found: 3(NXDOMAIN)

# host -t NS fish.hub localhost
> Host fish.hub not found: 3(NXDOMAIN)

Any suggestions gratefully received.  Pertinent parts of named.conf and 
zone file are shown below, if you need more info please don't hesitate 
to ask


thanks in advance!

TG

/etc/bind/named.conf
acl "trusted" {
    10.0.0.0/8;
    192.168.0.0/16;
    127.0.0.0/8;
    ::1/128;
};
allow-recursion {
    trusted;
   };
forwarders {
    208.67.220.220;
    208.67.222.222;
    };
zone "hub" IN {
   type master;
   file "pri/hub.zone";
   notify no;
    };

/etc/bind/pri/hub.zone
$TTL 1W
@   IN  SOA hub. root.hub.  (
  2008122601 ; Serial
  28800  ; Refresh
  14400  ; Retry
  604800 ; Expire - 1 week
  86400 )    ; Minimum
@   IN  NS  localhost.
@   IN  A   127.0.0.1

@   IN      ::1

salmon.hub. IN  A   8.8.8.8
fish.hub.   IN  NS  ns1.fish.hub.
ns1.fish.hub.   IN  A   4.4.4.4



--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind9 (9.18.14) build / install on macOS Ventura (13.3.1) fails to create dirs or files as expected

2023-05-09 Thread Anand Buddhdev 

On 09/05/2023 22:23, Pacific wrote:

Hi Pacific,


Installing bind9 (9.18.14) on macOS Ventura (13.3.1) — install is
not  creating a namedb directory nor can I find a boilerplate named.conf.


As far as remember, the bind install procedure doesn't create a named.conf.

--
Anand
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind9 (9.18.14) build / install on macOS Ventura (13.3.1) fails to create dirs or files as expected

2023-05-09 Thread Greg Choules via bind-users 
Hello.
By far the simplest way to install BIND natively on Mac is to use the
Homebrew package manager. I have 9.18.14 installed on mine and it works
fine.
The other alternative is to run it from the Docker image. See here for
details: https://hub.docker.com/r/internetsystemsconsortium/bind9

Hope that helps.
Greg

On Tue, 9 May 2023 at 21:43, Pacific  wrote:

> Installing bind9 (9.18.14) on macOS Ventura (13.3.1) — install is not
> creating a namedb directory nor can I find a boilerplate named.conf.
>
> Steps taken:
>
> Downloaded tar directly from isc, saved to a local directory as a user
> with admin privs.
>
> Steps to build:
>
> *tar xzf bind-9.18.14.tar.gz*
>
> *cd bind-9.18.14*
>
> *./configure*
>
>
> Config summary reads:
>
> *=*
>
> *Configuration summary:*
>
> *-*
>
> *Optional features enabled:*
>
> *Memory allocator: jemalloc*
>
> *GSS-API (--with-gssapi)*
>
> *DNSSEC validation active by default (--enable-auto-validation)*
>
> *-*
>
> *Features disabled or unavailable on this platform:*
>
> *Small-system tuning (--with-tuning)*
>
> *Allow 'dnstap' packet logging (--enable-dnstap)*
>
> *GeoIP2 access control (--enable-geoip)*
>
> *DNS Response Policy Service interface (--enable-dnsrps)*
>
> *Allow 'fixed' rrset-order (--enable-fixed-rrset)*
>
> *Very verbose query trace logging (--enable-querytrace)*
>
> *Single-query trace logging (--enable-singletrace)*
>
> *LMDB database to store configuration for 'addzone' zones (--with-lmdb)*
>
> *IDN support (--with-libidn2)*
>
> *-*
>
> *Configured paths:*
>
> *prefix: /usr/local*
>
> *sysconfdir: ${prefix}/etc*
>
> *localstatedir: ${prefix}/var*
>
> **
>
> *Compiler: gcc*
>
> *Apple clang version 14.0.3 (clang-1403.0.22.14.1)*
>
> *Target: arm64-apple-darwin22.4.0*
>
> *Thread model: posix*
>
> *InstalledDir: 
> /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin*
>
> *CFLAGS: -Wall -Wextra -Wwrite-strings -Wpointer-arith 
> -Wno-missing-field-initializers -Wformat -Wshadow 
> -Werror=implicit-function-declaration -Werror=missing-prototypes 
> -Werror=format-security -Werror=parentheses -Werror=implicit 
> -Werror=strict-prototypes -Werror=vla -fno-strict-aliasing 
> -fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -pthread 
> -Wno-deprecated-declarations*
>
> *CPPFLAGS: -D_FORTIFY_SOURCE=2 -I/opt/homebrew/opt/openssl@3/include*
>
> *LDFLAGS: -L/opt/homebrew/opt/openssl@3/lib*
>
> *—*
>
> After configure completes:
>
> *make*
>
> When make successfully completes, ran test suite:
>
> *sudo ./bin/tests/system/ifconfig.sh up *
>
> *make test*
>
> Tests run clean, bring down interface and do make install which runs to 
> completion:
>
> *sudo ./bin/tests/system/ifconfig.sh down*
>
> *sudo make install*
>
> Install appears to complete successfully, however there is no namedb 
> directory in either /etc or /usr/local/etc
>
> In fact there is no named.conf file anywhere on the system except in the
> source tree.
>
> Please advise as to where to look or please advise if there are additional
> build steps to take, if configure needs edits, etc.
>
> Thanks for any assistance.
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

bind9 (9.18.14) build / install on macOS Ventura (13.3.1) fails to create dirs or files as expected

2023-05-09 Thread Pacific 
Installing bind9 (9.18.14) on macOS Ventura (13.3.1) — install is not creating 
a namedb directory nor can I find a boilerplate named.conf. 

Steps taken:

Downloaded tar directly from isc, saved to a local directory as a user with 
admin privs.

Steps to build:

tar xzf bind-9.18.14.tar.gz
cd bind-9.18.14
./configure

Config summary reads:
=
Configuration summary:
-
Optional features enabled:
Memory allocator: jemalloc
GSS-API (--with-gssapi)
DNSSEC validation active by default (--enable-auto-validation)
-
Features disabled or unavailable on this platform:
Small-system tuning (--with-tuning)
Allow 'dnstap' packet logging (--enable-dnstap)
GeoIP2 access control (--enable-geoip)
DNS Response Policy Service interface (--enable-dnsrps)
Allow 'fixed' rrset-order (--enable-fixed-rrset)
Very verbose query trace logging (--enable-querytrace)
Single-query trace logging (--enable-singletrace)
LMDB database to store configuration for 'addzone' zones (--with-lmdb)
IDN support (--with-libidn2)
-
Configured paths:
prefix: /usr/local
sysconfdir: ${prefix}/etc
localstatedir: ${prefix}/var

Compiler: gcc
Apple clang version 14.0.3 (clang-1403.0.22.14.1)
Target: arm64-apple-darwin22.4.0
Thread model: posix
InstalledDir: 
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
CFLAGS: -Wall -Wextra -Wwrite-strings -Wpointer-arith 
-Wno-missing-field-initializers -Wformat -Wshadow 
-Werror=implicit-function-declaration -Werror=missing-prototypes 
-Werror=format-security -Werror=parentheses -Werror=implicit 
-Werror=strict-prototypes -Werror=vla -fno-strict-aliasing 
-fno-delete-null-pointer-checks -fdiagnostics-show-option -g -O2 -pthread 
-Wno-deprecated-declarations
CPPFLAGS: -D_FORTIFY_SOURCE=2 -I/opt/homebrew/opt/openssl@3/include
LDFLAGS: -L/opt/homebrew/opt/openssl@3/lib
—
After configure completes:
make

When make successfully completes, ran test suite:

sudo ./bin/tests/system/ifconfig.sh up 
make test
Tests run clean, bring down interface and do make install which runs to 
completion:
sudo ./bin/tests/system/ifconfig.sh down
sudo make install
Install appears to complete successfully, however there is no namedb directory 
in either /etc or /usr/local/etc
In fact there is no named.conf file anywhere on the system except in the source 
tree.

Please advise as to where to look or please advise if there are additional 
build steps to take, if configure needs edits, etc.

Thanks for any assistance.


-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

rpz_rewrite(): failure

2023-05-09 Thread Wilfred Sarmiento via bind-users 
Hi Bind Users,

Any one familiar with the error we encountered on DNS BIND 9.18.2 Ubuntu
for DNS Caching, below;

We are using RPZ for redirecting domains (porn sites) where we already have
20k+ entries.
The domain (globem2m.com.ph) from below logs is not in the RPZ list but was
processed for RPZ QNAME rewrite, based on the logs, and query to that
domain results to SERVFAIL.
The issue is isolated to several domains only including globem2m.com.ph,
all other queries to different domains are successful.

To resolve this issue, we have to flush cache or restart the BIND service.

root@bind# nslookup globem2m.com.ph 


** server can't find globem2m.com.ph: SERVFAIL

Trace logs:

: query (cache) 'globem2m.com.ph/A/IN' approved

: rpz QNAME rewrite globem2m.com.ph stop on qresult in rpz_rewrite():
failure

: query failed (failure) for globem2m.com.ph/IN/A at query.c:7657

fetch completed at resolver.c:4053 for globem2m.com.ph/A in 0.00:
failure/success [domain:com.ph
,referral:0,restart:1,qrysent:0,timeout:0,lame:0,quota:0,neterr:0,badresp:0,adberr:2,findfail:0,valfail:0]

: reset client

: servfail cache hit globem2m.com.ph/A (CD=0)

: query failed (SERVFAIL) for globem2m.com.ph/IN/A at query.c:6949

: reset client

Thank you,
Wil

-- 
This e-mail message (including attachments, if any) is intended for the use 
of the individual or the entity to whom it is addressed and may contain 
information that is privileged, proprietary, confidential and exempt from 
disclosure. If you are not the intended recipient, you are notified that 
any dissemination, distribution or copying of this communication is 
strictly prohibited. If you have received this communication in error, 
please notify the sender and delete this E-mail message immediately.


-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users