have no reason to list your netblock on RBL
no need to reply, just let it sink in, but since its failed to in over 5
years, i dont expect miracles.
On 03/05/2020 15:13, Reindl Harald wrote:
> Am 03.05.20 um 01:42 schrieb Noel Butler:
>
>> Dont waste your time trying to argue wit
ere, netflow tells
us a whole lot more anyway
--
Kind Regards,
Noel Butler
This Email, including attachments, may contain legally
privileged
information, therefore remains confidential and subject to copyright
protected under international law. You may not disseminate any
rt and rely on its ubiquitous allowance on the internet or do we
> create a new port for it, where we can make a dedicated new protocol suite?
>
> On 5/2/20 5:03 PM, Reindl Harald wrote:
--
Kind Regards,
Noel Butler
This Email, including attachments, may contain le
t is earlier than 9.11.4
>
> Has Ubuntu properly patched it for relevant security updates? Is it safe to
> run? Of course it will be missing the latest features and software defects
> (which I am exploring on a test server sing a version I compiled myself).
--
Kin
is binded to or internal, if it is binded to 127.0.0.1 and
> 192.168.0.1 ?
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> http
> noticing the the issue.
> Then, on *both* servers:
--
Kind Regards,
Noel Butler
This Email, including any attachments, may contain legally
privileged
information, therefore remains confidential and subject to copyright
protected under international law. You may not dissem
accepted and enacted
the block.
To put it in RFC terms for non aussies, s313 is a SHOULD, and _not_ a
MUST.
If theres genuine reason, ie mass collateral damage, you can lawfully
refuse to carry out such requests.
--
Kind Regards,
Noel Butler
This Email, including any attachments
the key that is wanted? It appears to be the only key I have. Do
> I need to change to some different key type for bind 9.14, or am I forgetting
> something else.
>
> I did make some changes to the DNS back in 9/12 several months ago, and I
> don't recall having to even provide
eda:9842 prefixlen 64 scopeid 0x20
You might also want to read up on gai.conf and set some precedence's,
I dont use it, but on slackware I dont have the problems you have, it
might help - I recall having to use it well over 10 years ago on a few
centos servers we inherited at the time.
--
Kind
> Doing the following recreated the .signed file, but still didn't add the new
> subdomains.
>
> Freeze, flush, edit, thaw,
>
> Then service named stop, service named start.
freeze, edit, thaw, rndc_reload is all thats needed
--
Kind Regards,
Noel Butler
T
; Would you like some help?"
>
> Kidding aside, Slackware is old school awesome.
>
> ;)
>
> FROM: bind-users [mailto:bind-users-boun...@lists.isc.org] ON BEHALF OF Noel
> Butler
> SENT: Tuesday, January 01, 2019 5:32 PM
> TO: bind-users@lists.isc.org
> S
On 02/01/2019 04:48, Doug Barton wrote:
> I've had LE fail after a cerbot upgrade because it grew a dependency that
> didn't automatically get installed with the upgrade.
>
> So yes, automation good, but not perfect.
Yes likewise on the one box I could actually get certbot to run on, just
On 01/01/2019 12:54, John W. Blue wrote:
> nuff said, eh?
>
> I thought that Let's Encrypt wanted to roll / revalidate SSL certs every 90
> days. IIRC they have automation for apache and DNS tools when it comes to
> revalidation.
acme.sh FTW
--
Kind Regards
s mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Kind Regards,
Noel Butler
This Email, including any attachments, may contain legally
privileged
information, therefore remains confidential and subject to copyright
protected u
mes what John Blue suggested,
might not stop my resources being abused, but it gets the point across
:)
--
Kind Regards,
Noel Butler
This Email, including any attachments, may contain legally
privileged
information, therefore remains confidential and subject to copyright
protec
dule configs, like, for
example in postfix:
reject_rbl_client dul.dnsbl.sorbs.net
I wont go into the fact bind 9.8 is so old its unsupported :)
--
Kind Regards,
Noel Butler
This Email, including any attachments, may contain legally
privileged
information, therefore r
On 15/06/2016 10:29, Ted Mittelstaedt wrote:
On 6/14/2016 4:28 PM, Noel Butler wrote:
On 15/06/2016 05:38, Ted Mittelstaedt wrote:
It seems some on the list are short on philosophy? Well here is
the actual philosophy and I'll apologize in advance that it won't fit
in a SMS message for those
On 15/06/2016 05:38, Ted Mittelstaedt wrote:
It seems some on the list are short on philosophy? Well here is
the actual philosophy and I'll apologize in advance that it won't fit
in a SMS message for those people unable to have deep thoughts more
complex than a SMS message. Hopefully you are
On 24/02/2016 09:13, Mathew Ian Eis wrote:
> Hi BIND,
>
> I've encountered (quite by accident) an interesting behavior in BIND with
> wildcard domains:
>
> The relevant configuration is a zone; e.g. bar.com, with what I'll call a
> "second level" wildcard host, e.g. *.foo.bar.com A
On 06/02/2016 07:28, Olliver Schinagl wrote:
; BIND db file for ad servers - point all addresses to an invalid IP
$TTL864000 ; ten days
@ IN SOA ns0.example.net. hostmaster.example.net. (
2008032800 ; serial number YYMMDDNN
On 12/09/2015 00:54, David Ford wrote:
We are also one of those services that will reject mail if DNS records
don't line up sufficiently to a) satisfy RFC requirements for DNS and
b)
are clearly mismatched with your DNS A/MX/PTR/SPF and who you pretend
to
be in HELO/EHLO
Those two simple
On 05/09/2015 04:49, Reindl Harald wrote:
mostly people who are throwing as much as possible appliances and
firewalls in front of their machines doing that because missing
knowledge
and falling for some salesman's BS, the moment they sniff you have no
idea, they rub their hands together
On 05/09/2015 05:00, Leandro wrote:
> Reindl , I agree with you.
> One Firewall should be enough.
> So, what you consider this firewall should do ?
> In my opinion:
> Block requests coming from a blacklist (Who will generate this list ?)
> Block denial of service requests. It needs to
On 05/09/2015 11:41, Mike Hoskins (michoski) wrote:
Actually, PIX had issues... I can attest to that, having administered
several Cisco-based networks including PIX years before I was "a Cisco
The biggest issues we really saw with PIX protected networks was in
early 2000's,
it used to
On 11/08/2015 07:59, Lawrence K. Chen, P.Eng. wrote:
On 2015-08-10 16:49, Lawrence K. Chen, P.Eng. wrote:
Though I realize my error not recalling that there is a middle (neutral)
level, and which is more appropriate, since softfail is somewhere between
fail and neutral which is not
On 08/08/2015 01:23, Heiko Richter wrote:
The spf2.0/pra ?all is SenderID, where pra forces the DMARC server
to check only the Envelope-Sender against v=spf1 mx -all. If you
don't set that, SPF will always check both Envelope-From and Header-From.
Note that it's the SenderID
Hi,
No, not directly, there are things like webmin that used to let people
manage DNS, not sure how manageable though or if its even still
supported.
On 07/07/2015 19:26, Ejaz wrote:
All.
Dees bind support for web-based control panel? I need one that can
automatically push updates
On 27/05/2015 07:00, Mike Hoskins (michoski) wrote:
Hi folks,
I've read about RRL with interest since its inception, but just now
getting around to rolling it out. That is partially because we run a very
small authoritative infrastructure serving mostly as Akamai EDNS origins.
However,
On 07/04/2015 17:15, G.W. Haywood wrote:
Hi there,
On Tue, 7 Apr 2015, bind-users-requ...@lists.isc.org wrote:
Message: 1
[Snip 51 lines]
Message: 2
[Snip 75 lines] Message: 1
[Snip 37 lines]
Message: 1
[Snip 45 lines]
Message: 2
[Snip 49 lines]
Message: 2
[Snip 16
On 07/04/2015 17:07, Matus UHLAR - fantomas wrote:
On 06.04.15 15:19, Noel Butler wrote:
you need an allow-query and ACL, eg:
No. Don't play with allow-query if it is supposed to be authoritative for
any zones (unless those zones are internal).
If the server is supposed to host
Subject line so it is more specific
than Re: Contents of bind-users digest...
Today's Topics:
1. Re: bind-users Digest, Vol 2083, Issue 1 (STEPHEN EYRE)
2. Re: bind-users Digest, Vol 2083, Issue 1 (Reindl Harald)
3. Re: bind-users Digest, Vol 2083, Issue 1 (Noel Butler
you need an allow-query and ACL, eg:
Assuming for example your LAN ip range is 192.168.0.0/24, then you would
use
for simplicity, at top of named.conf:
acl trust { localhost; 192.168.0.0/24; };
then in...
options {
allow-query { trust; };
allow-query-cache { trust; };
so what about named's syslog entries, most commonly found in daemon log
On 21/08/2014 10:59, Len Conrad wrote:
uname -a
FreeBSD rns1..net 10.0-RELEASE
named -v
BIND 9.10.0-P2
this is a recursive-only NS restricted allowing recursive queries from
ournetworks ACL
monitor
On 07/08/2014 06:03, Jared Empson wrote:
What our cache server receives:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 38342
;; flags: qr ; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1280
;; QUESTION SECTION:
:)
On 07/08/2014 08:40, Reindl Harald wrote:
Am 07.08.2014 um 00:33 schrieb Noel Butler:
Apart from stupid SOA values, losscontrol360.com seems OK
OK? the failing NS query is caused by the errors below
this domain only works by luck from time to time
[harry@srv-rhsoft:~]$ dig NS
On 12/07/2014 11:08, Mark Andrews wrote:
The real problem is humans. They like to tinker with files (hence
the subject line). There really shouldn't be a reason for anyone
to need to read slave database files. They are there so named can
have the zone content when it starts up rather than
On 27/06/2014 12:32, Teerapatr Kittiratanachai wrote:
Dear List,
Yesterday I try to map a private IP address on Public DNS Server, but
some server, actually 1 server, doesn't show the answer. But the Rcode
is 0.
So I already removed that record for now. Is it possible to set DNS
server for not
On 12/06/2014 20:58, Tony Finch wrote:
Noel Butler noel.but...@ausics.net wrote:
Does this also address the crazy amount of logging (as previously
discussed
here)?
If you mean the EDNS logging, that should be fixed in 9.10.1.
Tony.
Yes, this has been the talking point of town, for all
On 12/06/2014 08:04, mcna...@isc.org wrote:
In summary:
BIND 9.10.0-P2:
- fixes security issue CVE-2014-3859
- fixes issue from ISC Operational Notification of 4 June 2014
- includes other minor fixes
Michael,
Does this also address the crazy amount of logging (as previously
discussed
Not a BSD user, but are you running any sort of extra security
enforcement toolsets?
PIE is IIRC, Position Independent Executable.
On Fri, 2014-06-06 at 19:27 -0400, Rick Dicaire wrote:
Hi folks, in trying to update bind 9.8.7_15 on freebsd 8.4, I get the
following:
...
On Thu, 2014-06-05 at 12:18 -0400, Kevin Darcy wrote:
Given the heated and bitter debates over the SPF record type (see
http://www.ietf.org/mail-archive/web/dnsext/current/maillist.html,
search SPF, around August of last year), I'm thinking that a couple
years probably translates into
On Sat, 2014-06-07 at 13:35 +1000, Edwardo Garcia wrote:
Halo,
in recent week we have see fill daemon_log of this errors, is way to
fix?
I do wrong?
you are doing nothing wrong, the idiot advertising fe80 is the one doing
it wrong
in the meantime you could add to your named.conf -
On 04/05/2014 05:28, Jeremy C. Reed wrote:
It is at the notice severity level. The code says:
We didn't get a OPT record in response to a EDNS query. and also says
We need to drop/remove the logging here when we have more
experience.
Are you getting this debugging for EDNS-related problems
OK here too.
On 03/05/2014 11:07, Evan Hunt wrote:
On Fri, May 02, 2014 at 05:50:45PM -0700, mm half wrote:
I have downloaded bind-9.10.0.tar.gz from the ISC download site, imported in
the pgpkey2013.txt located at:
https://www.isc.org/downloads/software-support-policy/openpgp-key/
Hi,
U, since upgrade 9.9.5 to 9.10 every request to the name server is
spewing copious amounts of debug type data (thankfully I only upgraded
the one server)
named[23250]: received packet from 207.66.8.132#53 (no opt): ;;
-HEADER- opcode: QUERY, status: NOERROR, id: 20501 ;; flags: qr
On 30/12/2013 22:17, Gaurav Kansal wrote:
Hi Guys,
In bind 9.9.4, Reponse-Rate Limit doesn't work until you configure bind with
“—ENABLE-RRL” option.
I was wondering why is it so ?
Because it can be detrimental to existing sites if configured wrongly,
its something not all sites
On Fri, 2013-12-20 at 12:58 -0500, Thomas Schulz wrote:
Well, we started with them back when they were the only company registering
domain names. And up to now there were no problems (other than perhaps price).
and their highly unethical business practices, OK my experiences with
them
On 06/11/2013 18:52, babu dheen wrote:
Dear All,
I would like to integrate BIND DNS with Spamhaus Malware DB feed. But i
need clarity whether Spamhaus offers this feed for free or
subscription(cost) based?
If you want your local copy it will cost, and they charge like 20
counties of
On Mon, 2013-09-23 at 19:21 +, Vernon Schryver wrote:
As a matter of interest, if one had a DNSBL with 5.5 million entries
(i.e. 5.5 million IPs):
1) What needs to be done to rewrite that to a BIND zone?
2) What sort of machine would be required to load that zone?
3) How
On Tue, 2013-09-24 at 13:40 +, Vernon Schryver wrote:
From: Noel Butler noel.but...@ausics.net
We used to run our int bl on bind, it was a resource hog compared to
rbldnsd
But there is no way in hell, I'd run rbldnsd on anything else other
than a BL,
IMO, they are both
Hi Shane,
On Fri, 2013-09-20 at 11:38 +0200, Shane Kerr wrote:
Noel,
On 2013-09-20 12:48:31 (Friday)
Noel Butler noel.but...@ausics.net wrote:
On Fri, 2013-09-20 at 01:59 +, Vernon Schryver wrote:
plenty of delayed mail - hostname lookup failures (mostly because of
URI/DNS
On Thu, 2013-09-19 at 16:04 -0700, Michael McNally wrote:
New versions of BIND are now available from http://www.isc.org/downloads
New Features 9.9.4
Added Response Rate Limiting (RRL) functionality to reduce the
effectiveness of DNS as an amplifier for reflected denial-of-service
On Thu, 2013-09-19 at 23:40 +, Evan Hunt wrote:
On Fri, Sep 20, 2013 at 09:20:29AM +1000, Noel Butler wrote:
I have been using this since 9.9.4bx, and although documentation is/was
lacking at the time, so there might be a whitelisting somewhere , but in
its absence, I highly advise
Hi Vernon,
On Thu, 2013-09-19 at 23:42 +, Vernon Schryver wrote:
BIND RRL has had whitelisting for trusted DNS clients that send repeated
DNS requests since early days, long before any version of BIND 9.9.4.
Look for 'exempt-clients{address_match_list};' in either the ARM that
comes with
On Fri, 2013-09-20 at 01:59 +, Vernon Schryver wrote:
From: Noel Butler noel.but...@ausics.net
now, I never ran it as patches, my policy is only use official upstream
sources, so my first play around was with 9.9.3.b2 I think it was.
BIND 9.9.4 and its immediately preceding beta
+1000, Noel Butler wrote:
On Thu, 2013-08-29 at 11:52 +1000, Noel Butler wrote:
Hey Mark,
Looks like it might be a bug, *BUT* a client utils bug, so I think
his server is likely fine, he's panicking over what's reported not
what's actually going on, I'm sure its not the intended
Yeah, I went out for a bit, came back and fresh, decided to take another
look, I got no further than looking at my own confs and it clicked this
was an old bug, that _was_ fixed... I've updated my RT entry to reflect
that.
On Thu, 2013-08-29 at 07:47 +0100, Steven Carr wrote:
I think the short
Barry,
On Thu, 2013-08-29 at 16:16 -0400, Barry Margolin wrote:
In article mailman.1210.1377758162.20661.bind-us...@lists.isc.org,
Noel Butler noel.but...@ausics.net wrote:
replying to ones self a few times in one day or a sign I need a break..
but...
I think the issue
Hey Mark,
Looks like it might be a bug, *BUT* a client utils bug, so I think his
server is likely fine, he's panicking over what's reported not what's
actually going on, I'm sure its not the intended response to display so
I've just added bug rep on it, if you disagree, you can always nuke
it
On Thu, 2013-08-29 at 11:52 +1000, Noel Butler wrote:
Hey Mark,
Looks like it might be a bug, *BUT* a client utils bug, so I think
his server is likely fine, he's panicking over what's reported not
what's actually going on, I'm sure its not the intended response to
display so I've just
On Sun, 2013-08-18 at 17:36 -0600, LuKreme wrote:
On 18 Aug 2013, at 14:06 , Dave Warren da...@hireahit.com wrote:
Change the zones from master to slave in your named.conf? There really
isn't much more to it than that, assuming you have a new authoritative
master is already configured
On Sat, 2013-08-17 at 01:18 -0400, Alan Clegg wrote:
On Aug 17, 2013, at 12:42 AM, LuKreme krem...@kreme.com wrote:
[...] I could not get the slave to do anything other than post errors and
refuse to start. Usually they were along the lines of not being able to
bind to port 953 or of
On Sun, 2013-08-04 at 13:28 -0700, Eduardo Bonsi wrote:
Hello Everyone,
I have some questions about ipV6 transition and DNS configuration!
I am preparing to make my transition to a dual stack ipv4, ipv6 and I
have some concerns in regards to the security of the network since ipv6
do
On Mon, 2013-07-22 at 02:51 -0400, Jason Hellenthal wrote:
It's exactly as it says...
Instead of
... TXT SPF ...
You now do
... SPF SPF ...
Mark Andrews wrote:
No. It has a legacy SPF TXT record. It SHOULD have record of
type SPF as per RFC 4408.
Named will complain if
On Mon, 2013-07-22 at 08:50 -0500, Barry S. Finkel wrote:
This was discussed here already, and imho this is anti-spf bullshit like
all those spf breaks forwarding FUD. The SPF RR is already here and is
preferred over TXT that is generik RR type, unlike SPF.
It is not Fear, Uncertainty,
On Fri, 2013-06-28 at 13:57 -0400, Novosielski, Ryan wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The short answer is some software once cared. Does it still now, I'm
not sure. But we do it.
SMTP does, IRC does
signature.asc
Description: This is a digitally signed message part
On Wed, 2013-05-08 at 13:59 -0400, Chip Marshall wrote:
On 2013-05-08, Steven Carr sjc...@gmail.com sent:
Any chance someone can correct the settings on this mailing
list to reply to the list by default instead of the user
posting the message?
I'd argue the settings are already correct.
On Wed, 2013-05-08 at 13:59 -0400, Chip Marshall wrote:
On 2013-05-08, Steven Carr sjc...@gmail.com sent:
Any chance someone can correct the settings on this mailing
list to reply to the list by default instead of the user
posting the message?
I'd argue the settings are already correct.
On Tue, 2013-04-30 at 17:04 -0500, Pascal wrote:
Dig 9.9 consistently gives me FORMERR against NetWare DNS servers.
Previous versions worked fine. Suggestions on how to figure out if the
bug is in Dig or NetWare?
-Pascal
O:\Documents and Settings\admin\dig\9.9.2-P2dig
Sign them for longer, I typically use 90 days
On Thu, 2013-04-11 at 12:14 +, hugo hugoo wrote:
Hello,
Can anyone tell me why signatures in dnssec mut be renewed every 30
days?
What are the modifications made on a zone with a resign?
Thanks in advance for the clarifications.
On Fri, 2013-04-05 at 08:51 +0200, Torsten Segner wrote:
$TTL 43200
@ IN SOA a.prim-ns.de. hostmaster.de.easynet.net. (
2012041802 ;
28800 ;
7200;
604800 ;
On Tue, 2013-04-02 at 14:16 -0700, Chris Buxton wrote:
Can anyone explain this to me?
If a name exists in the response policy, and also exists in the real Internet
namespace, the value from the policy is returned. But if it doesn't exist out
on the Internet, then the value is not returned
On Mon, 2013-04-01 at 15:03 +1100, Mark Andrews wrote:
In message 1364786722.6226.2.camel@tardis, Noel Butler writes:
On Mon, 2012-11-05 at 21:21 +1100, Mark Andrews wrote:
Ignore them. They will be addressed in the next maintenance release.
it was, but now seems
On Mon, 2012-11-05 at 21:21 +1100, Mark Andrews wrote:
Ignore them. They will be addressed in the next maintenance release.
it was, but now seems to have reared its ugly head again in 9.9.2-p2
Apr 1 12:20:35 fox named[589]: RSA_verify failed
Apr 1 12:20:35 fox named[589]:
On Mon, 2013-03-18 at 16:52 -0700, SM wrote:
SPF RR type
Had a bit of a read of that thread, and the most noise comes from a guy
who should know better, but doesn't, Mr Kitterman repeatedly says If
it's all so obvious that it makes sense to publish SPF records, why
aren't more people doing
On Thu, 2013-03-14 at 17:29 +1000, Noel Butler wrote:
On Wed, 2013-03-13 at 19:33 -0700, Dave Warren wrote:
On 3/13/2013 17:11, Noel Butler wrote:
On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote:
I almost wouldn't bother with SPF records these days though, except
Vernon Schryver writes:
to laziness, DNS is not rocket science, I'm sure given ARM and
access to
google, a 13yo kid could get at least the basics right.
Laziness?--nonsense. Postel's Law and simple logic predict the
truth hurts eh.
Didn't see your original post, viewed and had
On Wed, 2013-03-13 at 19:33 -0700, Dave Warren wrote:
On 3/13/2013 17:11, Noel Butler wrote:
On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote:
I almost wouldn't bother with SPF records these days though, except that
the code was already written.
# grep SPF maillog
On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote:
I almost wouldn't bother with SPF records these days though, except that
the code was already written.
# grep SPF maillog |grep -c '\-all'
2438
# grep SPF maillog |grep -c '\~all'
7509
since midnight Sunday...
looks like its worth
On Mon, 2013-02-18 at 16:07 -0600, Lyle Giese wrote:
Recently I moved this domain(lcrcomputer.net) to a registrar that
suports DNSSEC and inserted the DS record for this domain. I checked
DNSSEC via http://dnsviz.net and
http://dnssec-debugger.verisignlabs.com. Both show DNSSEC is
apparently you have no comprehension of OFF TOPIC
I stopped reading at about the half dozen words because you once again
went off on your OFF TOPIC rants.
But each to our own, you hate it, many stand by it, its only fools like
you who cant accept that, thats your problem not mine.
Given that
Thanks Shane,
I have re-applied previous changes to source files and that has silenced
them again in meantime.
Cheers
Noel
On Thu, 2012-12-06 at 17:05 +0100, Shane Kerr wrote:
Noel,
On Thursday, 2012-12-06 11:03:24 +1000,
Noel Butler noel.but...@ausics.net wrote:
Hi Shane, Mark, Evan
On Wed, 2012-12-05 at 09:13 +, Phil Mayers wrote:
On 12/04/2012 06:35 PM, Barry S. Finkel wrote:
A question from the OP that has not yet been answered -
Make the zones masters on all servers.
Surely not for RPZ? The whole point with RPZ is that you have one zone
containing all the
On Wed, 2012-12-05 at 10:23 +0100, Daniele Imbrogino wrote:
/etc/bind/named.conf.option
WTF is that file? it certainly is not an ISC named file.
if you are using some butchered to buggery distros file, please ask on
your distros mailing list
we are not to know what that file contains, or
validated after lower
casing signer 'CO'
snip
--
Shane Kerr
ISC
On Saturday, 2012-10-13 11:07:01 +1000,
Noel Butler noel.but...@ausics.net wrote:
Thanks Mark,
These changes have been committed for future patch releases?
Cheers
On Fri, 2012-10-12 at 12:16 +1100, Mark Andrews
On Thu, 2012-11-29 at 13:35 +0100, Carsten Strotmann wrote:
Hello Alexander,
Alexander Gurvitz a...@net-me.net writes:
Carsten,
The script in my original question (it's in the P.S. at the bottom of
my first mail) seem to work for me.
Ahh, thanks, my Emacs was hiding that :)
On Tue, 2012-10-16 at 15:35 -0700, Alan Clegg wrote:
You can still find it at ISC:
http://www.isc.org/files/DNSSEC_in_6_minutes.pdf
It is a bit long in the tooth. I'll be updating it soon to cover the work
done by ISC in BIND 9.9
All are welcome to propose titles for this new
Thanks Mark,
These changes have been committed for future patch releases?
Cheers
On Fri, 2012-10-12 at 12:16 +1100, Mark Andrews wrote:
Just drop the log level to ISC_LOG_DEBUG(1) and recompile.
Search for sucessfully validated after lower casing in lib/dns/dnssec.c
On Wed, 2012-10-10 at 18:44 +, Evan Hunt wrote:
BIND 9.7.7, 9.8.4 and 9.9.2 have improved OpenSSL error logging.
Unfortunately, our logs are now filling up with RSA_verify failed
messages.
Yeah, oops, we made that one too noisy. You're not the first one
who's noticed. :/
How
On Fri, 2012-04-27 at 16:18 +0200, Benny Pedersen wrote:
What you did is just as bad
If you need a list moderator there are appropriate addresses to send
your messages to, directly to the list is NOT one of them
The information you desire can be obtained from
On Tue, 2012-03-06 at 08:23 +1100, Mark Andrews wrote:
In message dub109-w57aa00705e65417a6c57e4ac...@phx.gbl, hugo hugoo writes:
Dear all,
Can anyone help me with its experience on reverse dns for IPV6?
Presently, when we reverse an IPV4 subnet for clients, we configure all=
the
On Fri, 2012-02-24 at 11:02 -0500, Bill Owens wrote:
I haven't heard of NS supporting DNSSEC, and there haven't been any good
resources to find a registrar who *does*, but this popped up recently:
http://www.icann.org/en/topics/dnssec/deploy-en.htm
. . . and NS isn't on that list. FWIW,
On Sun, 2012-02-19 at 17:00 +0100, ml wrote:
fakessh.eu descriptive text spf2.0/pra ip4:46.105.34.177
ip4:91.121.7.86 ?all
fakessh.eu descriptive text v=spf1 ip4:46.105.34.177 ip4:91.121.7.86
?all
Why did you bother with the record at all?
Question mark indicates you
On Sat, 2012-02-18 at 11:51 -0500, Jonathan Vomacka wrote:
BIND Community Support,
I am inquiring about how to setup a proper SPF record? I know there are
SPF wizards/generators available but each seem to have a different
opinion of what should be included and what should not be included.
On Sat, 2012-02-18 at 12:34 -0500, Jonathan Vomacka wrote:
If someone uses a mobile device to send e-mail? Would ~all be better? I
Teach them to use smtp authentication using submission (port 587 stuff)
and it doesn't matter where they come from, so long as your MTA is
configured correctly of
On Fri, 2012-02-17 at 07:11 -0800, Chris Buxton wrote:
Yes, it's quite possible to split named.conf into separate per-zone .conf
files and then 'include' them back into named.conf. You can even put the list
of include statements in a separate file, and then include that into
named.conf.
:
ns2 A ip.v.4.add
ns2 ip:6:addr
I guess the old versions are not so strict on checking, or dont know
what to do about ipv6
--
Noel Butler noel.but...@ausics.net
signature.asc
Description: This is a digitally signed message part
I think you have something broken, bind uses UDP by default, if it can
not connect to a dns server on UDP it then retries on TCP.
It also uses TCP for AXFR's
On Sun, 2011-10-23 at 05:50 +0200, Benny Pedersen wrote:
On Sat, 22 Oct 2011 20:42:08 -0700, Kevin Oberman wrote:
On Sat, Oct 22, 2011
On Thu, 2011-03-10 at 19:11 -0600, Dan wrote:
I'll second that, I think everyone starts off on linux as new admins,
then eventually figures out how great freebsd ports collection is.
Also have openbsd's PF firewall at our disposal, along with rebuilding
complete OS in one command, unlike
It should work too, it was fixed within in a few minutes :)
On Thu, 2011-03-03 at 04:47 -0500, Dennis Clarke wrote:
In addition to my pvt email Evan
The dev link page still shows 9.7.3 as current production, no 9.8.0, but
going to all downloads shows 9.8.0 as current production, and
1 - 100 of 130 matches
Mail list logo