scenarios it applies to?
Best regards,
Doug Whitfield
From: bind-users on behalf of Petr Špaček
Date: Tuesday, July 26, 2022 at 03:16
To: bind-users@lists.isc.org
Subject: Re: High memory consumption in bind 9.18.2
On 26. 07. 22 0:14, Doug Whitfield wrote:
> I wonder if simply adding the w
the words “in most cases” to the end of the sentence
might make it more clear that the 10% increase in memory is not so much a bug
as a different use case.
Best Regards,
Doug Whitfield
From: bind-users on behalf of Ondřej Surý
Date: Monday, July 25, 2022 at 08:54
To: Raman kumar
Cc: ML BIND Users
ure out what they've done to the repo, and I can't
find my old stuff in there.
You're probably better off making your working directory something
that's not named in the mtree file, so that your permissions don't get
"fixed" by it.
hope this helps,
Doug
__
I've had LE fail after a cerbot upgrade because it grew a dependency
that didn't automatically get installed with the upgrade.
So yes, automation good, but not perfect.
On 2018-12-31 6:54 PM, John W. Blue wrote:
nuff said, eh?
I thought that Let's Encrypt wanted to roll / revalidate SSL
On 08/26/2018 07:30 PM, takahiro wrote:
That's why I want to know the effect of installing with "without-openssl".
What specifically are you trying to accomplish by compiling without openssl?
___
Please visit
On 08/21/2018 08:53 AM, Grant Taylor via bind-users wrote:
On 08/20/2018 11:06 PM, Doug Barton wrote:
But that doesn't mean that slaving a zone, any zone, including the
root, is "dangerous." If slaving zones is dangerous, the DNS is way
more fragile than it already is.
Sorry,
someone explain that to me?"
In other words, do SOMETHING to help yourself. Don't complain that no
one worked hard enough to make you understand something that you seem to
be working so hard to misunderstand.
Good luck,
Doug
___
Please visit
On 08/20/2018 09:00 AM, Grant Taylor via bind-users wrote:
On 08/20/2018 05:23 AM, Tony Finch wrote:
If the local root zone gets corrupted somehow (maliciously or
otherwise) the usual setup cannot detect a problem, but it'll cause
DNSSEC validation failures downstream. The normal resolver /
vendors to use /etc/hosts
for address lookups.
nslookup doesn’t display the entire response by default.
On 20 Aug 2018, at 12:28 pm, Lee wrote:
On 8/19/18, Doug Barton wrote:
On 08/19/2018 12:11 PM, Lee wrote:
On 8/18/18, Doug Barton wrote:
nslookup uses the local resolver stub. That's fine
On 08/19/2018 12:11 PM, Lee wrote:
On 8/18/18, Doug Barton wrote:
nslookup uses the local resolver stub. That's fine, if that's what you
want/need to test. If you want to test specific servers, or what is
visible from the Internet, etc. dig is the right tool, as the answers
you get from
On 08/18/2018 04:53 PM, Barry Margolin wrote:
In article ,
Grant Taylor wrote:
On 08/18/2018 07:25 AM, Bob McDonald wrote:
I don't think anyone hates nslookup (well maybe a few do ) I
suppose the immense dislike stems from the fact that it's the default
utility under Windows. Folks who use
On 2018-08-15 10:43, Tony Finch wrote:
Doug Barton wrote:
Slaving the root and ARPA zones is a small benefit to performance for
a busy
resolver, [...]
This technique is particularly useful for folks in bad/expensive
network
conditions. While the current anycast networks of root servers
rs.
hope this helps,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
receive the new IP.
When you say "configured client" are you referring to a DHCP
reservation? If so, do you have update-static-leases enabled in your
dhcpd.conf?
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to u
-curly-bracket immediately above. You
probably want to comment out (or completely remove) the zone declaration
below.
zone "youtube.com <http://youtube.com>"
{
type master;
file "dummy-block";
allow-query {none;};
};
view ...
hope this help
.
hope this helps,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
as master for multiple AD realms that do not have an
existing trust relationship.
Thanks,
Doug
--
I am conducting an experiment in the efficacy of PGP/MIME signatures.
This message should be signed. If it is not, or the signature does not
validate, please let me know how you received
It's interesting to see the discussion about trying to turn dig into
something it isn't. :) It's a really good DNS diagnostic tool, but if
you just want to get the answer for a query, host does the job quite
well, with a lot less fuss.
Doug
On 10/23/14 4:34 AM, Péter-Zoltán Keresztes wrote:
Hello
I am trying to add a dnssec signed tomain to DLV isc.
Is there a DNSSEC path from this domain up to the root zone? (It would
be helpful to list what domain it is.) If so, why are you adding it to DLV?
Doug
as well. For
example:
$ host ajklasdfjklasd.com ; echo $?
Host ajklasdfjklasd.com not found: 3(NXDOMAIN)
1
hth,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
loading up a BIND 9.9.5 instance in the lab, loading up your data,
and answering your own question? :)
If your response is, I don't have a lab, then you know your next step.
hth,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
... all of which is not to say that your request is not reasonable, just
letting you know that a solution exists.
hope this helps,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
that these large
answers wouldn't require TCP.
... and more than a decade later EDNS still fails very often due to
misconfigured and/or ancient firewalls that don't understand it. 53/TCP
is part of the spec, and should not be blocked.
Doug
___
Please
for the zone.
In practice however it isn't used for anything except occasionally for
dynamic DNS.
hope this helps,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind
you have applications that can
ONLY work with short names, you can't even type a FQDN into the config.
hth,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
that have been reported with 9.10 you may wish
to reconsider that plan.
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
to.
And with that, I'll let others chime in, as I don't think I'm saying
anything new here. :)
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https
.
No one said it would be easy. :)
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
in such a
direct way, and I hope no one is offended by one person's opinion. I
also realize that those who wish to receive the benefits of DNSSEC
without enduring the aforementioned costs will not like my argument. I
can't help you there. :)
Doug
___
Please visit
in the
evolution of DNSSEC the commonly accepted wisdom is that it should not
be used routinely; and in fact should only be used when the admin
knows that there is a TA in it that she needs, and that is not
available with a path through the root.
FWIW,
Doug
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2
the list address and start a completely new message.
hope this helps,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
. :)
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Almost certainly not running BIND. Almost certainly is running a
creative load balancing solution.
hth,
Doug
On 07/31/2014 12:56 PM, Ray Van Dolson wrote:
Not BIND-related specifically... (though the server below could be
running BIND I suppose).
This seems weird. Why
on the zone, and fix the master definition on your
provider's slave whenever it breaks, but that's pretty fragile.
Good luck,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
On 06/10/2014 08:56 AM, Mohammed Ejaz wrote:
Any help would be highly appreciated.
Switch to BlueCat which does all communication with TSIG by default? :)
Sorry, couldn't resist ...
Doug
___
Please visit https://lists.isc.org/mailman/listinfo
the list address and start a completely new message.
hope this helps,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
the list address and start a completely new message.
hope this helps,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
recommend to customers that
they do this on their INTERNAL servers for just the reasons that Josh
outlined. And as Mark said, EXTERNAL authoritative servers should never
have a recursive role.
hth,
Doug
___
Please visit https://lists.isc.org
On 05/27/2014 03:51 PM, Baird, Josh wrote:
Hi,
Can someone recommend a modern/new-ish book on DNS (specifically BIND)? I know
there have been several O'Reily books throughout the years, but haven't kept up
on anything in the past few years. I'm looking for architecture design, best
for simultaneous transfers and SOA queries are
quite conservative. On a busy master I usually at least double them.
You'll want to watch performance on the master to make sure it's not
actually getting swamped of course.
hth,
Doug
___
Please visit
it can hang around and comiserate with resolv.conf.
Evidence of prior bad decisions does not provide justification for
future bad decisions. :)
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind
this, but I would vote for 'dq' (as in, DNS query)
which has the virtue of not matching anything in the Ubuntu did you
mean? database.
hth,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
on the master has been the canonical way to handle
this situation since day 1.
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
.
Did you find this in your search?
https://dougbarton.us/DNS/2317.html
If it falls in the category of Didn't help much I'd love to hear
suggestions for improvement.
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
On 04/07/2014 08:14 PM, Dimitar Georgievski wrote:
Hi Doug,
Thanks, your article really cleared my confusion with the naming and
delegation of zones. I did read initially RFC 2317
https://tools.ietf.org/html/rfc2317 when I started working on this
task, but I was lost with the use
... it would be interesting to see a requirements doc on what
the HSM would need to provide to do that.
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
hand. You may come up
with a more creative solution.
hth,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo
On 3/8/2014 1:30 PM, sth...@nethelp.no wrote:
One mitigation approach is to blackhole the domains using local zones.
That�s not much of a mitigation. Not having open resolvers would be mitigation.
Not having open resolvers is good - but unfortunately doesn't help
against misbehaving clients
On 02/12/2014 10:16 PM, Christoph Moench-Tegeder wrote:
## Doug Barton (do...@dougbarton.us):
If you don't have enough random bits on your system to run these simple
tests, your /dev/random is seriously underpopulated, and likely a
security risk. You should definitely not put BIND
is for the zone. Windows
DNS does have this concept, but they don't emphasize it since they like
people to believe in the fantasy that is lazy replication. :)
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
On 02/17/2014 11:37 AM, Kevin Darcy wrote:
Ugh, that mixes apples (recursive resolution) and oranges (iterative
resolution).
Out of curiosity, what bad thing do you think will happen if you mix
these two functions?
Doug
___
Please visit https
requirements.
Doug
PS for Mark, When I was maintaining BIND for FreeBSD I always ran the
unit tests before I put a new version live. :)
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
section 5, could have been better
designed from that point of view.
Honestly that wasn't a factor in my thinking, but it's interesting info
to store away for future use, thanks. :)
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
On 02/06/2014 06:27 AM, Chuck Anderson wrote:
I was kinda hoping that newer
versions of BIND could share zones (with identical zone contents)
between views without requiring the messy multiple IP alias setup.
You have always been able to do this with include files.
hth,
Doug
On 02/06/2014 04:27 AM, Klaus Darilion wrote:
Hi!
I just noticed that on rndc signing -clear all zone, Bind removes the
private RRs, updates the NSEC3 RR, and increases the serial, but it does
not send NOTIFYs.
I guess this is a bug.
I tested bind 9.9.5, with inline-signing of a zone.
Does
on the same server you get a lot of extra complexity for no real
benefit.
You may get some useful information at
https://dougbarton.us/DNS/2317.html in any case.
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
the examples, and only
change things in the default if you're certain you know what the
implications of those changes will be.
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
%. The disk is nearly inactive on both systems, and there is no
swapping. Using BIND 9.9.4.
Is there perhaps something obvious I'm overlooking here? Any suggestions
are welcome.
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
Thanks for the response, but that's not it. The auth-only responses are
generating a lot more traffic than the recursive.
Doug
On 01/12/2014 05:21 PM, Sten Carlsen wrote:
Wild guess: network bandwidth runs out before CPU? Why the difference, I
have no clue.
On 13/01/14 02.16, Doug Barton
to be working a lot less hard than the auth server, and I can't figure
out why.
Doug
On 01/12/2014 06:07 PM, Leonard Mills wrote:
Are you allowing long answers when authoritative? Performance
measurements with and without additional data in responses is measurable
(imo around 12% more network traffic
On 01/12/2014 07:30 PM, Barry Margolin wrote:
In article mailman.2014.1389579103.20661.bind-us...@lists.isc.org,
Doug Barton do...@dougbarton.us wrote:
Thanks for the response, but you're answering a different question than
I asked. :) The question I'm interested in is, Why is the recursive
this helps,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
be static but the auto-dnssec maintain process is
equivalent to the dynamic updates process, so that is the correct
directory.
Doug (who set up the permissions for named in FreeBSD ages ago)
___
Please visit https://lists.isc.org/mailman/listinfo
it for yourself).
Miscommunication about the zone names for 2317 zones are rather common.
Unless you've been told by the parent admin that the zone is precisely
192/26.* do not assume that is the case. There are a number of ways to
represent 2317 zones.
Good luck,
Doug
https://dougbarton.us
the actual zone(s) you're working with, as
that will also make it easier.
Doug
https://dougbarton.us/DNS/bind-users-FAQ.html#RealNames
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
Ok, simple. The zone you want to forward is 110.252.173.in-addr.arpa.
There is no need to make it more complicated than that.
Good luck,
Doug
On 07/09/2013 12:18 AM, sumsum 2000 wrote:
What I am trying to achieve is this:
I am using BIND9 only for forwarding DNS requests to other DNS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/03/2013 07:52 PM, Novosielski, Ryan wrote:
| On 07/03/2013 04:39 AM, Matus UHLAR - fantomas wrote:
| On 02.07.13 08:53, Daniel McDonald wrote:
| I've had trouble with OSI-Soft PI historian without reverse
| entries. If there is no reverse,
the named executable.
Assuming a Unix-like OS would having multiple links (hard or soft) have
the correct effect?
Yeah, hard links work of course, but symlinks are slightly preferable
here because they make upgrades transparent.
hth,
Doug
___
Please
an address record for
ns2.starionhost.net in the starionhost.net zone. That's likely at least
part of the reliability problem with the starionline.com zone.
hth,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
and it doesn't have any
problems. But that's not even the weirdest bit. When running the Perl
script it sometimes works for starionhost.net, but never works for the
other 2.
It seems to me that you have something very odd going on with your network.
hth,
Doug
Yes, seems fine now. Can you share more information about what it was
you turned off? Sounds odd, but the results speak for themselves.
Doug
On 06/26/2013 09:39 PM, SH Development wrote:
Sure could use some direction about where to start looking. I thought I had
everything working
Interesting, the pcap that was posted previously showed some odd errors
around udp checksums, some showed valid, some showed invalid. With
modern NICs it's not uncommon to see them all invalid due to checksum
offloading, but the mix of valid and invalid was odd.
Doug
On 06/26/2013 09:58 PM
,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Great! Now step 2 is to remove the tag from the subject line before
sending mail back to the list. :)
On 06/16/2013 02:50 PM, Jerry K wrote:
Hello Warren,
Thank you so much for this post.
Long time procmail user here. I'm only sad I didn't think of this
myself first.
Its been working
On 06/14/2013 09:08 AM, Evan Hunt wrote:
(Our usual policy is not to add substantial new features in maintenance
releases like 9.9.4; making it a compile-time option that defaults to off
is our way of tiptoeing around the rule.)
Quite reasonable, and much appreciated. :)
wrote:
In message 51baa714.9020...@dougbarton.us,
Doug Barton do...@dougbarton.us wrote:
It's obvious you're frustrated (understandable), and enthusiastic
(commendable), but you might want to consider dialing down your
rhetoric a bit.
Great idea! I have only one small question... Would you
On 06/14/2013 05:13 PM, Vernon Schryver wrote:
From: Doug Barton do...@dougbarton.us
is that (like RRL) your proposal relies on people updating their
software.
RRL needs only authority and open recursive servers to be updated.
The vast majority of DNS installations are closed
.
There is no quick fix.
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
.10...@dougbarton.us,
Doug Barton do...@dougbarton.us wrote:
No. You can still get pretty good amplification with 512 byte responses.
That is an interesting contention. Is there any evidence of, or even any
reasonably reliable report of any DDoS actually being perpetrated IN PRACTICE
using
need to fix the root problem rather than trying to support the
bad behavior.
hth,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https
On 06/05/2013 11:33 AM, Tony Finch wrote:
I believe the ANY hack on mail servers was a Sendmailism 20ish years ago.
s/Send/q/
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
On 05/21/2013 12:39 AM, Phil Mayers wrote:
On 05/21/2013 08:23 AM, Matus UHLAR - fantomas wrote:
On 21.05.13 11:03, Mark Andrews wrote:
The simplest solution is to slave the root zone and
turn off notify to so you don't spam the official
root servers. 192.5.5.241 is
SECTION:
dns6.pointhq.com. 235 IN A 91.109.245.139
dns7.pointhq.com. 235 IN A 37.123.115.172
hope this helps,
Doug
On 05/17/2013 04:02 PM, budsz wrote:
Hi folks,
I've some problem with query serveral site, I use BIND 9.6.-ESV-R7-P2
$ host dns1.pointhq.com
into proper folders ... do it for a week, a
month, whatever. If your mail client doesn't notify you when mail gets
put into a folder, get a better mail client. Once you try doing it that
way for a while chances are near 100% that you will like it much better.
Doug
PS, you kids get off my lawn
On 05/07/2013 01:50 PM, Matus UHLAR - fantomas wrote:
On 07.05.13 11:06, Michael Varre wrote:
So interestingly they did give me their setup and this is their
response, and my warm and fuzzy feeling continues to go out the window:
They use SimpleDNS
Record Name: 65.246.59.108.in-addr.arpa
DNS
On 05/03/2013 11:44 AM, rohan.he...@cwjamaica.com wrote:
What if both authoritative and recursive are running on the same server
That's a simple answer, don't do that.
Doug (ever)
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
the first word is spoken in class.
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
here you
may have over-engineered the solution a bit. :)
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind
On 04/08/2013 06:54 AM, Sam Wilson wrote:
In article mailman.61.1365232319.20661.bind-us...@lists.isc.org,
Doug Barton do...@dougbarton.us wrote:
On 04/05/2013 11:53 PM, Novosielski, Ryan wrote:
| It is funny you should mention that... my questions about using views
| to create a situation
that the world moved on, and putting websites on
hostnames that don't start with www. is the common case now. Can we save
our energy for something more productive?
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
On 04/01/2013 11:46 AM, Kevin Darcy wrote:
On 3/29/2013 12:09 AM, Doug Barton wrote:
On 03/28/2013 12:28 PM, Ben-Eliezer, Tal (ITS) wrote:
My organization is evaluating the use of split-view DNS in our
environment.
Simple ... don't do it. It's almost never the right answer, and as
you're
also common for the child to slave the
parent zone so that it can answer internal queries directly. And of
course as Mark pointed out name servers 1 is basic DNS.
You may find this useful as well:
https://dougbarton.us/DNS/2317.html
Doug
___
Please
. externally for the same label?
Sometimes multiple views are actually necessary to accomplish business
goals. IME however it's become so baked in that we need multiple views
that the right questions are never asked.
Doug
___
Please visit https
to solve.
Much better to spend the time carefully considering what your goals are,
and finding other ways to reach them.
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
a
monitoring system may need to query TLD name servers, but before we can
answer your question properly we really need to know a bit more
information.
Doug
On 03/24/2013 04:55 PM, blrmaani wrote:
I am developing a monitoring script for internal use and this requires
extensive querying
you could do is
create separate $INCLUDE files that contain the different elements that
may need to be overridden.
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
people are using ESV versions
from that channel.
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On 02/28/2013 09:34 AM, Robert Moskowitz wrote:
Only for my internal tld does the lookup fail.
Are you distributing the trust anchor for htt to all of the servers that
are doing validation?
Doug
___
Please visit https://lists.isc.org/mailman
.
Or, put another way, slogging through noisy logs is part of the job,
given the horrific state of most DNS out there. Welcome to the club.
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
On 02/26/2013 10:38 AM, Robert Moskowitz wrote:
I would like a scalpel for lame logging, but probably would not discover
any actionable data.
There is a logging category for lame-servers. It's in the ARM.
Doug
___
Please visit https://lists.isc.org
1 - 100 of 332 matches
Mail list logo
