Re: DNS Flag Day - options for EDNS behavior control before then ?

2018-12-19 Thread Mark Andrews
Correct, there are no knobs in 9.13/9.14 for automatic fallback. Apart from a few very old Microsoft Windows DNS servers that don’t respond consistently to EDNS queries (they respond with FORMERR to the first query then don’t respond for a while to subsequent EDNS queries) there aren’t many

DNS Flag Day - options for EDNS behavior control before then ?

2018-12-19 Thread Brandon Applegate
Hello, I did some searching on the ML archives and didn’t see what I’m trying to ask. Is there anything (i.e. a config knob) in any current version of BIND that allows one to control this ? My understanding is that on (around ?) the DNS Flag Day of 2/1/19 - BIND won’t retry (with EDNS

Re: Questions about delegation

2018-12-19 Thread Cathy Almond
Hi Bob(s), All good so far. It doesn't matter whether the authoritative servers for the delegated subdomain are in the parent or the delegated zone. (Actually, they could be somewhere completely different - and if they are, it just needs to be possible for recursive servers following the

Re: Questions about delegation

2018-12-19 Thread Bob Harold
On Wed, Dec 19, 2018 at 10:51 AM Bob McDonald wrote: > I have a DNS server that serves a zone for domain example.org. > That DNS server lives at 192.0.2.53 > As part of hosting that domain, a child domain is delegated. ( > gtm-int.example.org.) > There are two NS records as follows: >

Red Hat BIND Security Advisory CVE-2018-5742

2018-12-19 Thread Cathy Almond
https://access.redhat.com/security/cve/cve-2018-5742 FYI and just to clarify, Red Hat Security Advisory CVE-2018-5742 does not exist in any version of BIND available directly from ISC; it is present solely in the version(s) identified by Red Hat in their own distribution(s). The problem was

Questions about delegation

2018-12-19 Thread Bob McDonald
I have a DNS server that serves a zone for domain example.org. That DNS server lives at 192.0.2.53 As part of hosting that domain, a child domain is delegated. ( gtm-int.example.org.) There are two NS records as follows: gtm-int.example.org. IN NS gtm-int-east.example.org. gtm-int.example.org. IN

Re: BIND and persistent connections

2018-12-19 Thread Tony Finch
Browne, Stuart via bind-users wrote: > > I was wondering if anybody had any thoughts on how to limit the > concurrency or at least the lifetime of these persistent connections > within BIND. If you are running BIND 9.12, you have a bunch of new options related to RFC 7827 EDNS TCP keepalive (see