Re: bind-users Digest, Vol 4123, Issue 1

GAJENDRA CHOUBISA skrev den 2022-11-27 15:32: Please no more emails on future sir. its a self service, no one can help you get more or less mails here List-Id: BIND Users Mailing List List-Unsubscribe: ,

Re: 回复: failed to start BIND 9.16.34 on Ubuntu 20.04

Ling Yun skrev den 2022-11-12 07:22: # journalctl -u named Nov 12 11:18:05 h2o named[110517]: out of memory [110517] imho you have software that limit memory "selinux?" https://james-morris.livejournal.com/33622.html same problem ?

Re: Sparklight and DNSSEC

Nick Tait via bind-users skrev den 2022-09-26 23:50: On 27/09/2022 3:58 am, Benny Pedersen wrote: imho dnssec-validation auto;  have a bug as it validates domains without DS set hope bind developpers can confirm or deny it Hi Benny. Until DS records are published in the parent zone

Re: Sparklight and DNSSEC

Bjørn Mork skrev den 2022-09-26 08:50: Petr Špaček writes: named.conf statement 'dnssec-enabled yes;' allows forwarding DNSSEC signatures (and other metadata) without validating them. named.conf statement 'dnssec-validation auto;' then enables DNSSEC validation itself. In other words, it is

Re: Mailing list questions (DMARC, ARC, more?)

Alessandro Vesely skrev den 2022-09-04 12:56: Mailman options[†] don't include something like *From munging*: Set this option to /Disabled/ to receive messages with the original From: line intact. Keep in mind that disabling this option will fail DMARC, so keep it enabled

Re: Move from Development to Production

David C. Templeton skrev den 2022-08-26 21:50: Sorry for any confusion. I started with 9.18.4 because I also wanted to test out upgrading. Install 9.18.4 first then make sure I could upgrade to 9.18.6 without issue. Am I following the correct link

Re: Can't modify an existing SPF record

On 2022-07-08 18:14, Crist Clark wrote: As far as BIND is concerned, this is arbitrary text in a TXT record. It doesn’t know or care about SPF syntax within it. TXT records is mostly used, and SPF records is in bind supported -- Visit https://lists.isc.org/mailman/listinfo/bind-users to

Re: Can't modify an existing SPF record

On 2022-07-08 18:04, Roberto Carna wrote: Dear all, I add "a:relay.company.com" using the CLI in the BIND master: company.com. 3600IN TXT "v=spf1 mx a:relay.company.com -all" But after restart, this change never goes to the slaves. If I add "ip:x.x.x.x" for example, this

Re: How can I tell if a quiry is answered or denied

On 2022-04-20 23:07, Richard T.A. Neal wrote: Hi Hal, In addition to this you might also want to look into Response Rate Limiting. This may help to reduce the load on your DNS servers from bad actors without having to play a cat & mouse game of spotting and blocking them. Response Rate

Re: DNSSEC and forwarding

On 2022-04-13 17:08, Nicholas Miller wrote: I believe this is the option you are looking for: validate-except { domain.example; }; rndc nta domain.example remember to define nta ttl in named.conf -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this

Re: Can an RPZ record be used for a non-existed domain?

On 2022-03-24 09:52, VASILAKIS GEORGIOS wrote: I have an RPZ containing 2700 Records using A record redirection. congrats :) Is it possible to add records for non-existing domains to the RPZ? what is the point ? dont waste resources -- Visit

Re: ISC BIND & Windows

On 2022-02-01 17:59, Danny Mayer via bind-users wrote: Just run it as a docker image. Docker runs on Windows. next will be we all run windows 12 in docker :) /me hiddes, i am still using gentoo -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC

Re: test - ignore

On 2022-01-27 08:42, Matus UHLAR - fantomas wrote: however, this discussion should be probably closed as it's not anymore related to this mailing list operatiorns. i only replyed to isc ignore in first place to heads up on that thay break there own dkim signer, when maillists do this all

Re: One more test -- sorry for the noise

On 2022-01-25 20:26, Dan Mahoney wrote: Sorry for the noise, attempting to validate a DKIM issue Authentication-Results: lists.isc.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=isc.org header.i=@isc.org header.b=E7VfrLLS unprotected means

Re: test - ignore

On 2022-01-25 17:45, Greg Choules wrote: Hello. Authentication-Results: lists.isc.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=isc.org header.i=@isc.org header.b=q/vOEba5; dkim=fail reason="signature verification failed" (1024-bit key;

Re: adding zone forwards without restart

On 2016-09-21 16:49, philippe.simo...@swisscom.com wrote: and after a forward add a rndc flush can help too .. why does reload not flush ? imho a bug if thats the case ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to

Re: adding zone forwards without restart

On 2016-09-21 02:40, Frank Even wrote: Is there a way to add forwarders for specific zones without a restart? Everything I've read seems to indicate an "rndc reconfig" or an "rndc reload" should take care of this, but they do not. I add forwarders to "named.conf" and neither will load the new

Re: This is a test. Please disregard.

On 2016-08-26 07:09, project722 wrote: syccessfully breaks dkim from gmail ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org

possible bug in bind9 on gentoo

sorry if i post in the incorrect maillist https://bugs.gentoo.org/show_bug.cgi?id=590692 please forward it to developers to follow up on that bug, as i read it is named ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to

Re: RHEL, Centos, Fedora rpm vs ISC bind versions

Den 2012-07-16 02:29, Drunkard Zhang skrev: 2012/7/16 Eivind Olsen eiv...@aminor.no: Den 15. juli 2012 kl. 16:57 skrev Benny Pedersen m...@junc.org: change to gentoo/funtoo ? Some might prefer to run the same Linux distribution on all their servers, changing to something like Gentoo just

Re: RHEL, Centos, Fedora rpm vs ISC bind versions

Den 2012-07-16 09:26, Michael Hoskins (michoski) skrev: hmm, sure... but if you're going for genetic diversity, why not throw BSD into the mix? or run dedicated appliances with vendor support (you did say critical)? don't forget to change the hardware architecture. i dont think centos

Re: RHEL, Centos, Fedora rpm vs ISC bind versions

Den 2012-07-15 04:49, Paul Wouters skrev: I started with the .spec file from EL6, removed all but two patches, and now have a 9.9.1-P1 source rpm that will build on EL4, EL5, EL6. Why not just grab the Fedora srpm and recompile on rhel6? have redhat/fedora stopped accepting bugreports ?,

Re: RHEL, Centos, Fedora rpm vs ISC bind versions

Den 2012-07-15 07:42, Carl Byington skrev: c) we want to be able to trivially upgrade to 9.9.1-P2 or 9.9.2 or whatever ISC releases. you choiced prebuildt binaries with all that problems it gives d) we want our binary to have the same source line numbers as the ISC source code, so that

spam on maillist, stop it !

Den 2012-04-27 00:11, Shi Jin skrev: http://guitar-stuff.net/wp-content/. spam spam spam spam and more wordpress spam spam spam ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this

Re: udp vs tcp query

On Thu, 27 Oct 2011 07:04:42 +0200, Emanuele Balla (aka Skull) wrote: TCP is needed only when replies do not fit 512 bytes (let's ignore EDNS0 and such). For any DNSBL, this limit is not a problem at all. its was edns0 defaults that maked most problems, from my logs it seem more stable now,

Re: udp vs tcp query

On Sun, 23 Oct 2011 13:56:21 +1000, Noel Butler wrote: I think you have something broken, bind uses UDP by default, if it can not connect to a dns server on UDP it then retries on TCP. It also uses TCP for AXFR's correct, its not my problem how axfr works, as i have sleeped on it now, got

udp vs tcp query

can i control this pr zone when bind is dns client ? remote server is rbldnsd with is not supporting tcp, how to solve this ? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list

Re: udp vs tcp query

On Sat, 22 Oct 2011 22:34:48 -0500, Larry Brower wrote: can i control this pr zone when bind is dns client ? Why would you want to? Just fix the problem. ask dnsbl owners to stop using rbldnsd ? remote server is rbldnsd with is not supporting tcp, how to solve this ? Use a server that is

Re: udp vs tcp query

On Sat, 22 Oct 2011 20:42:08 -0700, Kevin Oberman wrote: On Sat, Oct 22, 2011 at 8:24 PM, Benny Pedersen m...@junc.org wrote: can i control this pr zone when bind is dns client ? remote server is rbldnsd with is not supporting tcp, how to solve this ? You have a badly broken DNS if it does

Re: Reverse lookup flood from a single host

On Fri, 15 Jul 2011 13:24:29 -0600, Joshua Beard wrote: Is this abuse? If so, is it likely intentional? 100% guess, the client ip running a mailserver ? if so all is ok ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to

Re: How to Setup a Name Servers visible on Internet?

On Tue, 14 Jun 2011 14:25:12 +0200, eric...@kom.za.net wrote: zone 194.134.41.in-addr.arpa IN { type master; file /var/cache/bind/194.134.41.metropolitanbuntu.co.za.inv; }; you need to ask isp to set this, this is common error at home

Re: bind9 cache

On man 27 dec 2010 15:09:15 CET, Mark Andrews wrote You are falling foul of out of date filters. 2/8 was only allocated 2009-09 so you will still find sites that are blocking packets from / route for 2/8. post to bind-users@lists.isc.org not to bind-us...@isc.org well is there anything i can