rndc flush does not work

Hi, I am using bind-9.8.1-P1 on my resolvers. I face a cache refresh problem. On attempting to clear cache using "rndc flush", this does not work. However a named restart clears the cache. What could be the problem? Am I doing something wrong or have I understoos the "rndc flush" incorrectly?

Issue with cache

Hello, I am facing a very strange problem. On sending a DNS query for sabb...@direct.telstra.net I do not get a DNS response from the resolver. It shows a SERVEFAIL error. However on flushing the cache, this error subsides and the DNS look up is working fine.

DNSSEC bug down issue, "Servers Unreachable"

I have checked my domain against http://www.intodns.com/bonsi.org and I am getting that everything is ok. I have signed the domain bonsi.org with dnssec key and entered the key at the https://dlv.isc.org for validation. In addition I also entered the dlv.bonsi.org. at the parent. On dlv.isc

Re: Bind and ntp.org server refused issue

In message <4ecb1b3e.5010...@pacbell.net>, Eduardo Bonsi writes: > Hello; > > Does NTP interfere with DNSSEC configuration? No, though the machine has to have a good enough idea of the time when it boots so that the circular dependacy is not a issue. For DNSSEC +/- a hour should not be a issue.

Re: Bind and ntp.org server refused issue

On 11/21/2011 10:47 PM, Eduardo Bonsi wrote: > Hello; > > Does NTP interfere with DNSSEC configuration? Apple computers have their > own time synchronized and configured through the time.apple.com. > -Is that enough or do I have to configure NTP to work with their > pool.ntp.org server? No. That

Bind and ntp.org server refused issue

Hello; Does NTP interfere with DNSSEC configuration? Apple computers have their own time synchronized and configured through the time.apple.com. -Is that enough or do I have to configure NTP to work with their pool.ntp.org server? In case of Yes, does anyone here in the list have configured N

BIND 9.9.0b2 is now available

Introduction BIND 9.9.0b2 is the second beta release for BIND 9.9.0 and also contains a security update to address CVE-2011-4313 Please see the CHANGES file in the source code release for a complete list of all changes. Download The latest versions of BIND 9 software can always be fou

Re: Puzzeling about IPv6

On 11/19/2011 2:32 PM, 夜神　岩男 wrote: On 11/20/2011 04:07 AM, Matthew Seaman wrote: On 19/11/2011 18:47, 夜神　岩男 wrote: Oh, and given you've got 64bits to play with, so long as your random numbers are up to scratch no need to worry about collisions. You'ld need to be assigning millions of addresse

pns exdomain equivelent

Hello, For the moment, I am using nxdomain from pdns (). There are some well defined excludes from some domains based on prefix, sufix and full matches in redirect.lua folder. I want to replace pdns with bind 9.9. I managed to make excludes only for suffixes of the domains like *.domain.tld  

Re: RPZ configuration examples

noting, first: there is documentation online for DNS RPZ, see the following: https://deepthought.isc.org/article/AA-00525/0/Building-DNS-Firewalls-with-Response-Policy-Zones-RPZ.html second, as to the particulars: babu dheen writes: > We are new to BIND and would like to implement RPZ in B

Re: RPZ configuration examples

Hello Papdheen, ISC now has a knowledge base where more information is systematically being written and published. There is a whole section on DNSRPZ: https://kb.isc.org/category/110/0/10/Software-Products/BIND9/Features/DNSRPZ/ Each article allows for comments to improve the materials. We welc

Re: RPZ configuration examples

It seems as though you haven't followed some of the advice given you on this list -- you'll have to do a bit more reading. Nevertheless: > 1. How frequently DNS server will download the malware domain database That depends on how frequently the RPZ provider publishes updates to the zone. RPZ zone

Re: RPZ configuration examples

Wonderful update. Really thanks for the details provided. Can you give me additional details as below    I gone through link http://jpmens.net/2011/04/26/how-to-configure-your-bind-resolvers-to-lie-using-response-policy-zones-rpz/ and got to know that we need to configure one common zone to redi

Re: Question About max-clients-per-query

There's a bit more information about how clients-per-query works in this article here too - and importantly, make sure you're on a current version of BIND to avoid a bug with it (but you'd be updating anyway for CVE-2011-4313?): https://www.isc.org/software/bind/advisories/cve-2011-4313 https://d

Re: trigger point for new bug

* Jack Tavares: > Thank you again. And I agree that upgrading is the best option, however > I was looking for any possible mitigations to the problem for the > (unfortunately unavoidable) period of time it will take vendors > to provide patched bind servers. I don't think it's possible to filte