Put a dot at the end of the query hostname so that Windows doesn't add whatever
the domain name suffix/es the Windows client may be configured with.That is,
nslookup google.com.
It may be the case that the windows client is adding whatever domain name
suffix/es it has been configured with
Maybe this:
3212. [bug] rbtdb.c: failed to remove a node from the deadnodes
list prior to adding a reference to it leading a
possible assertion failure. [RT #23219]
source: ftp://ftp.isc.org/isc/bind9/9.8.6/CHANGES
Note: I stopped
To: Fr34k freaknet...@yahoo.com
Cc: Bindlist bind-us...@isc.org
Sent: Thursday, October 25, 2012 3:29 PM
Subject: Re: BIND 9.9.1-P4 is now available
Let me define what hung means in our experience: We find that
named is
running but will not respond to queries, rndc status will
respond
Hello,
We are finding several of our recursive BIND 9.9.1-P3 servers (on Solaris
10 OS) hung and I want to be able to qualify the symptoms in order to
convince others that P4 (or 9.9.2?) will (or will not) address this.
Let me define what hung means in our experience: We find that named is
.
From: Fr34k freaknet...@yahoo.com
To: Bindlist bind-us...@isc.org
Sent: Thursday, October 25, 2012 9:51 AM
Subject: Re: BIND 9.9.1-P4 is now available
Hello,
We are finding several of our recursive BIND 9.9.1-P3 servers (on Solaris
10 OS) hung and I want
Hello Jeremy,
Thank you for your reply.
Let me define what hung means in our experience: We find that named is
running but will not respond to queries, rndc status will respond with
output but that output shows that named is not processing any queries (see
below), other rndc commands
We have been monitoring the same.
Google found an unrelated, yet similar, issue a few years ago:
http://pages.cs.wisc.edu/~plonka/netgear-sntp/#ToC16
From: Rafael Molina rafael.mol...@interlink.net.ve
To: bind-users@lists.isc.org
Sent: Thursday, June 28,
rndc status
Is this a trick question?
From: Kirk Hoganson kirkhogan...@gmail.com
To: bind-users@lists.isc.org
Sent: Tuesday, July 10, 2012 3:22 PM
Subject: Loaded zone files query
Does anyone know of a simple way to discover how many zone files bind has
: X
x=number of zones listed in named.conf + any automatically added zones
not quite what he's asking for, but I've not been able to find a better
answer either.
On Tue, 10 Jul 2012, Fr34k wrote:
rndc status
Is this a trick question?
From: Kirk Hoganson
We are exploring similar audits and opportunities for cleanup.
For domains we delegate PTRs, we track NS hostnames (e.g. IN NS
ns1.bogus.customer.tld) that have gone NXDOMAIN.
If ns1.bogus.customer.tld remains NXDOMAIN for 30+ days, we remove the
delegation.
The idea behind 30+ days is to
Great question (Augie) and great feedback (JP).
As DNSSEC is adopted, some type of mitigation process will be welcomed.
For that reason, I think this is on topic.
From: Jan-Piet Mens jpmens@gmail.com
To: bind-users@lists.isc.org
Sent: Thursday, April
Dear ISC et al.,
Within the last month, we've seen new versions for the 9.8.x, 9.7.x, and 9.6.x
trains.
http://www.isc.org/software/bind/versions
Should we expect a 9.9.0 update in the near future (e.g., 9.9.1)?
Any status would be appreciated.
Thank you for all your support!
Perhaps provide the ocsp.entrust.net folks 3rd party evaluation tool(s) to
identify areas of concerns?
For example, here are two:
http://www.dnsvalidation.com/reports/4f96bdec7d79ee78db44
http://www.intodns.com/ocsp.entrust.net
These find more than one critical item to fix.
Why is
Hello,
Did I miss any feedback on this, or perhaps there isn't any to offer (?)
Thank you.
From: Fr34k freaknet...@yahoo.com
To: Bindlist bind-us...@isc.org
Sent: Friday, March 9, 2012 10:30 AM
Subject: DNS Amplification Attack Mitigation
All,
I am (we
Hi All,
I wanted some feedback on max-cache-ttl usage and best-practices, please.
The BIND 9 ARM says:
max-cache-ttl Sets the maximum time for which the server will cache ordinary
(positive) answers. The
default is one week (7 days). A value of zero may cause all queries to return
All,
I am (we all are (?)) interested in techniques for mitigating DNS amplification
attacks for both recursive and authoritative BIND servers (versions 9.x).
Google found http://www.secureworks.com/research/threats/dns-amplification/ and
I suspect that dig is confused. Let me explain.
Looks like WHOIS says that these (2) servers are authoritative for this domain:
ns1.thehartford.com. ['162.136.188.1'] [TTL=172800]
ns2.thehartford.com. ['162.136.190.1'] [TTL=172800]
However, the DNS configuration says something
Hello,
Having trouble looking up dacspro.com.
This domain has three NS servers, one of which is not responding (ns02) to my
queries.
dacspro.com. 172800 IN NS ns01.gnenc.org.
dacspro.com. 172800 IN NS ns02.gnenc.org.
dacspro.com. 172800
Disregard. PEBKAC issue.
Happy Holidays.
- Original Message -
From: Fr34k
To: Bindlist bind-us...@isc.org
Cc:
Sent: Friday, December 23, 2011 2:09 PM
Subject: Trouble looking up dacspro.com
Hello,
Having trouble looking up dacspro.com.
This domain has three NS servers
Hello,
Read the BIND ARM (Admin Ref. Manual) about these settings, but here is an
example of what I use:
clients-per-query 10 ;
max-clients-per-query 20 ;
http://www.isc.org/software/bind/documentation
Previously, this resource was posted on this list which is good info to
http://www.sans.org/reading_room/whitepapers/dns/dns-sinkhole_33523
Perhaps the above link target may help.
Thanks.
From: Lightner, Jeff jlight...@water.com
To: Ryan Novosielski novos...@umdnj.edu; babu dheen babudh...@yahoo.co.in;
Bind Users Mailing List
Hello All,
Thanks Evan.
Should the Community expect a BIND 9.7.3 train update/maintenance release
which,
among other things, addresses this mem.c issue?
If so, any ETA?
It is not my intent to sound pushy. Let me explain.
We were in the process of rolling 9.7.3 out but we stopped figuring a
- Original Message
From: Mark Andrews ma...@isc.org
To: Fr34k freaknet...@yahoo.com
Cc: Bindlist bind-us...@isc.org
Sent: Mon, April 4, 2011 9:02:35 PM
Subject: Re: BIND 9.7 behavior - lack of response causes
What do you have lame-ttl set to?
I don't. That is, I don't have
Hello,
Given: BIND 9.7.2-P2 on Solaris 10.
For about an hour, I had a network event where a caching DNS server could not
get recursive queries back from authoritative DNS servers on the Internet.
Obviously, this is a problem.
Moreover, the authority for our most popular hostnames have set
- Original Message
From: Mark Andrews
To: Fr34k
Cc: Bindlist
Sent: Wed, March 23, 2011 9:04:00 PM
Subject: Re: Q on clients-per-query, max-clients-per-query
In message , Fr34k writes:
Hello,
# The ARM says: #
clients-per-query, max-clients-per-query
These set
Hello,
# The ARM says: #
clients-per-query, max-clients-per-query
These set the initial value (minimum) and maximum number of recursive
simultaneous clients for any given query (qname,qtype,qclass) that the server
will accept before dropping additional clients. named will attempt to self tune
See RFC1123 and RFC1912 which suggest that legitimate nodes on the Internet
have
appropriate forward/reverse DNS entries.
By appropriate, I mean DNS entires which distinguish which hosts are
static/business space from residential/dhcp space.
Reason: So others on the Internet can make informed
- Original Message
From: Mark Andrews ma...@isc.org
To: Barry Margolin bar...@alum.mit.edu
Cc: comp-protocols-dns-b...@isc.org
Sent: Thu, October 28, 2010 9:49:46 PM
Subject: Re: out of place mx records.
In message barmar-ed15c5.21262028102...@news.eternal-september.org,
I was about to ask again, but figured I had better check isc.org first.
Behold:
http://www.isc.org/software/bind/972-p2
FYI.
Thanks.
- Original Message
From: Hauke Lampe la...@hauke-lampe.de
To: Larissa Shapiro laris...@isc.org; bind-us...@isc.org
Sent: Mon, September 27, 2010
Hello,
Were there ... more information on these developments early next week?
My apologies if I missed them.
Thank you.
- Original Message
From: Larissa Shapiro laris...@isc.org
To: bind-us...@isc.org
Sent: Sun, September 19, 2010 5:54:15 PM
Subject: Notice regarding BIND 9.7.2
Hello,
http://en.wikipedia.org/wiki/Process_%28computing%29 may help to explain what
is going on.
HTH
From: max power el_shersh...@hotmail.com
To: bind-users@lists.isc.org
Sent: Wed, April 28, 2010 4:38:06 AM
Subject: bind multi-threaded question
Hi
i
Hello,
Looks like NXDOMAIN can be one of the responses.
http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20Usage#252
That said, I think it is working correctly (a la
name=33.229.242.205.zen.spamhaus.org type=A: Host not found, try again).
However, perhaps tweak the number of
Hello,
We used rsync to copy our master/primary data to the secondary servers.
Using some script magic, the primary is still the master (via named.conf)
since, as with most DBs, there can only be one source of truth.
However, the secondary servers were almost mirror copies of the primary. Only
Hello,
named-checkzone is warning you that the MX has a different FQDN than the zone
it is in.
This is fine so long as the out of zone MX record is valid, but
named-checkzone wants you to know that it can't verify for sure.
So, it is a heads up message and why the ultimate response is OK.
I
Hello,
Sufficient resources on the Internet may be helpful.
For example, http://www.indelible.org/ink/classless/
Searching for RFC2317 or classless in-addr.arpa delegation may result in
additional references.
Hope this helps.
- Original Message
From: Alex mysqlstud...@gmail.com
To:
http://www.openspf.org/ is pretty good.
Not only does it build the file for you, but it can test your live record.
From: Security Admin (NetSec) secad...@netsecdesign.com
To: bind-users@lists.isc.org bind-users@lists.isc.org
Sent: Wed, March 24, 2010 4:26:46
Hello,
Chris, I believe you are correct. That is, blackhole applies to the sending of
queries in addition to the receiving of queries.
Let me explain.
I discovered this the hard way. I had a /24 in the blackhole because it
contained abusive clients. Within this /24 sat two legitimate
Hi All,
I thought with some version of BIND 9, one no longer needed a root hints file.
I can't recall the details and my google searches are finding how to set up a
hints file (instead of suggesting this is, say, deprecated).
Can someone shed some light on this?
Thanks
That's exactly what I was recalling -- thanks for your time and response Mr.
Reed.
- Original Message
From: Jeremy C. Reed jr...@isc.org
To: Fr34k freaknet...@yahoo.com
Cc: Bindlist bind-us...@isc.org
Sent: Monday, August 31, 2009 12:37:05 PM
Subject: Re: BIND 9.x and hint file
Thank you Chris! This is what I was looking for.
- Original Message
From: Chris Thompson c...@cam.ac.uk
To: Fr34k freaknet...@yahoo.com
Cc: Bind Users Mailing List bind-users@lists.isc.org
Sent: Monday, August 31, 2009 12:33:57 PM
Subject: Re: BIND 9.x and hint file
On Aug 31 2009
Hello,
Doing a search on this at www.google.com offers this first link:
http://www.tcpipguide.com/free/t_DNSMessageGenerationandTransport-2.htm
HTH
- Original Message
From: Tech W. tech...@yahoo.com.cn
To: Stephane Bortzmeyer bortzme...@nic.fr
Cc: bind-users@lists.isc.org
Sent:
Fr34k wrote:
Hello,
As I understand it, there are so many PTRs for that IP address, that DNS
will change protocol from UDP to TCP.
So, the message you are getting is informational because of this protocol
change.
See the long list of PTRs below
Hello,
A few of the default settings changed from 9.4.x to 9.6.x
The appropriate README files, change logs, and BIND ARM will provide details
about them.
Below are some options and logging configurations you may want to investigate.
Ye Ole Disclaimer: Please be sure to understand what these do
Hello,
Do I dare comment on this? Okay, I do...
RE: Advogato:
If security was easy and conveinent, then everything would be secure. Someone
tell Advogato!
Advogato is complaining because they want an unmanagable environment of dynamic
outbound relays and expect SPF, static DNS records, to
Hello,
Some folks prefer to script something.
Some may find this tool helpful:
http://www.laffeycomputer.com/rpl.html
I'm sure there are other ways.
HTH
- Original Message
From: John D. Vo j...@eagle.net
To: bind-users@lists.isc.org
Sent: Tuesday, March 24, 2009 1:03:22 PM
Subject:
For Solaris9 kernal tunables, this may help:
http://docs.sun.com/app/docs/doc/816-7137/6md5pauj7?l=ena=view
But note that in my experience BIND 9.4.x will not use these OS limits, but
what how many FDs have compiled BIND with.
For our purposes, 9.5.1b2 worked great on Solaris9
We are now
Hello,
Has the max-cache-size setting in named.conf been considered?
If not, note that in early releases of 9.5.x max-cache-size is 32M by default
instead of unlimited as in 9.4.x
From the CHANGES file with the bind-9.5.0-P2 source:
max-cache-size defaults to 32M
Using:
max-cache-size 0 ;
Hello,
Running 9.5.1b2 on Solaris9.
Crashed with this info:
Dec 31 13:04:25 named[308]: [ID 873579 daemon.crit] rbtdb.c:1482:
REQUIRE((node)-references 0) failed
Dec 31 13:04:25 named[308]: [ID 873579 daemon.crit] exiting (due to assertion
failure)
Dec 31 13:05:07 genunix: [ID 603404
48 matches
Mail list logo