Feb 2024, at 22:01, Petr Menšík wrote:
We may want to help fixing DSCP features, but I personally do not
know any usage, where this feature would be used and what for
exactly. Recent bind9 uses libuv to back its network core, instead of
custom networking core maintained by ISC. But I haven'
(Extended Support Version)
Thanks
Semra
--
Petr Menšík
Software Engineer, RHEL
Red Hat,http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid
ents using BIND would miss it greatly. As I read in that mail, there was an alternative plan which would re-implement this functionality. If it is feasible, please consider doing it. The alternative options, e.g. setting it via iptables cannot work in our use-case.
Best regards,
Balazs Hinel
--
P
not respond as well, then yes, stale cache is
the only thing protecting us from serving SERVFAILs.
But I am not sure how that contradicts what I have written before. Can
you elaborate a bit more, please?
--
Petr Menšík
Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP
trusting *me* to validate
them?
Can someone make a good case to me for continuing to perform DNSSEC
validation on my central resolvers?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Ala
t of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for
more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Petr Menšík
Software Engineer, RHEL
Red Hat,https://w
Which setting or
knowledge am I missing ?*_
Below my "named.conf.options" file
͏
͏ ͏ ͏ ͏
--
Petr Menšík
Software Engineer, RHEL
Red Hat,http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsu
ent you are notified that disclosing,
copying, distributing or taking any action in reliance on the contents of this
information is strictly prohibited. The sender does not accept liability
for any errors or omissions in the contents of this message, which arise as a
result.
--
Open WebMail Project
tps://dnsviz.net/d/nist.gov/dnssec/>
My question is more how you all deal with the fact on current and
updates systems???
--
Petr Menšík
Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.org/mailman/listinfo/
tinfo/bind-users to
unsubscribe from this list
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for more
information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
from 50.31.133.59#53 resolving
mykey.zrd.dq.spamhaus.net/NS for : reply has no answer
... then a strange line like this:
18-Sep-2023 12:13:31.606 lame-servers: success resolving
'um27qfow2knpuwx56o4otvovib2zbomydtlkuo4sktbo34cmjqvq._file.mykey.hbl.dq.spamhaus.net/A
vast.com/sig-email?utm_medium=email_source=link_campaign=sig-email_content=webmail>
--
Petr Menšík
Software Engineer, RHEL
Red Hat,http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this
/message/20231001.165119.aa8c29f9.en.html
[2] https://www.zerodayinitiative.com/advisories/ZDI-23-1473/
--
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
?
* Send same the response (when we get it) in response to all queries
(I don't like this one)?
And does anyone know can the recommended mitigation be presumed to be
the best option regardless of the recursive server (BIND, Unbound, etc.)?
Thanks in advance...
--
Fred Morris
--
Petr
fic,
Installing bind9 (9.18.14) on macOS Ventura (13.3.1) — install is
not creating a namedb directory nor can I find a boilerplate
named.conf.
As far as remember, the bind install procedure doesn't create a
named.conf.
--
Anand
--
Petr Menšík
Software Engineer, RHEL
Red
IN NS localhost.
@ IN A 127.0.0.1
@ IN ::1
salmon.hub. IN A 8.8.8.8
fish.hub. IN NS ns1.fish.hub.
ns1.fish.hub. IN A 4.4.4.4
--
Petr Menšík
Software Engineer, RHEL
Red Hat, ht
ts like ticketmaster?
16-May-2023 10:21:09.348 lame-servers: FORMERR resolving
'engage.ticketmaster.com/NS/IN
<http://engage.ticketmaster.com/NS/IN>': 205.251.194.123#53
This resolves fine to me now, does not need disabling cookies or ends.
The host resolves fine on my bind-9.16.38 system usin
iptions. Contact us at https://www.isc.org/contact/ for more
information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Petr Menšík
Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA
is what you have meant.
Regards,
Petr
--
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid sup
in Fedora just because I can. That makes it follow
your release cycles as close as possible. Any RHEL change needs some
justification. It just won't update to every release you have released.
But that does not mean it is incapable version or is unusable in general.
On 17. 4. 2023, at 13:57, Petr M
y with Ondřey Surý's message.
Best regards,
- Håvard
--
Petr Menšík
Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of thi
RHEL packages? Do they at least
document how to contribute to EPEL anywhere?
--
Petr Menšík
Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds
will
be much
smoother.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
--
Petr Menšík
Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP
authoritative for the target name.
-- 原始邮件 --
*发件人:* "Petr Menšík" ;
*发送时间:* 2023年4月4日(星期二) 晚上8:33
*收件人:* "ltns";"bind-users";
*主题:* Re: BIND | Cname chain resolution using forward ( CNAME
returned but no use A) (#3995)
This is pu
/attachment.htm>
--
Subject: Digest Footer
___
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for more
information.
bind-users mailing list
bind-
:
Petr,
Thanks for sharing that tidbit of info. Off the top of your head do you know
if that can be disabled?
John
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Petr
Menšík
Sent: Friday, March 24, 2023 8:32 AM
To: bind-users@lists.isc.org
.27 to me
4、device10.1.1.1 go to qurey bd.bcebos.com. recursive itself,and get
another record 110.242.70.8
i have questions
1、why config is forward only, but bind get CNAME & A,bind do not
return A to me,and query cname again itself?
thanks
--
Petr Menšík
Software Engineer, RHEL
evelopment of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Petr Menšík
Software Engineer, RHEL
Red Hat, https://www.redha
ion.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Petr Menšík
Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.org/mailman/listinfo/bind-users
it seems bind-utils 9.11 and 9.16 can not co-exist (at
least in Oracle Linux 8). I had problems with dependencies and didn’t
force anything until having more information.
Thanks once again!
Regards
David Carvalho
*From:*bind-users *On Behalf Of
*Petr Menšík
*Sent:* 24 March 2023 01:09
re
called powertools on CentOS Stream 8.
On RHEL 8 enable it by command:
|subscription-manager repos --enable
codeready-builder-for-rhel-8-x86_64-rpms|
On 3/24/23 01:43, Petr Menšík wrote:
dnssec utilities are in bind9.16-dnssec-utils, which by mistake stayed
internal only package. We have
. Being a new installation I went for
9.16. The problem now is that dnssec-keygen seems to be only available
in version 9.11, and if I try to install I get problems with
dependencies .
Does anyone have some experience with this?
Kind regards
David
--
Petr Menšík
Software Engineer, RHEL
Red
ontact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Petr Menšík
Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit htt
implementation.
On 12/14/22 16:16, Victoria Risk wrote:
Petr,
You didn’t miss it, we don’t have it yet.
https://gitlab.isc.org/isc-projects/bind9/-/issues/3726
Vicky
--
Petr Menšík
Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit
for queries served over XoT. Is
it still missing ability to forward queries?
Regards,
Petr
--
Petr Menšík
Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
Visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/
for more information.
bind-users mailing list
Hi,
I have done some testing, it seems two tests fail the most often:
tcp_recv_two_quota and tcp_noresponse
PID 32090 exceeded run time limit, sending SIGKILL
Would you know, why just those tests so often timeouts?
But I have found also strange issues when trying to find a way to
reproduce
On 9/2/22 14:23, Bjørn Mork wrote:
Mark Andrews writes:
We don’t log rsamd5 is disabled now ec or ed curves when they are not
supported by the crypto provider. Why should rsasha1 based algs be
special?
Because RSASHA1 validation still is a MUST in RFC8624? MD5 is and ED is
not.
I don't know
://copr.fedorainfracloud.org/coprs/pgfed/bind-FORK/build/4784744/
1x OK, 2x FAIL
https://copr.fedorainfracloud.org/coprs/pgfed/bind-FORK/build/4784743/
either the export is incorrectly def'd/placed, or insufficient
--
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP
It certainly is the issue of the equipment. It should fetch any name
address it does not know.
I am thinking without tested it. Would pointing those phones to
authoritative server directly with a possible caching forwarder help?
Maybe if you ensure all those records has matching TTL and
Wireshark is a great tool with a nice GUI, which can record you traffic
on selected ports. Just use capture filter port 5353. But I am not
certain it works on Mac just as it does not Linux.
On 6/27/22 15:10, Larry Stone wrote:
Petr, you are going to have to tell me how to create an
On 6/10/22 12:53, Reindl Harald wrote:
PIDFile shouldn't be needed at all - esepcially for threaded services
it's useless, systemd knows the PID anyways
if that option is used in the provided systemd-unit one should ask the
guy who have written it: why?
if it would be useful my
Forgot to add the bug link.
- openssl: https://bugzilla.redhat.com/show_bug.cgi?id=2077884
- bind: https://bugzilla.redhat.com/show_bug.cgi?id=2077906
On 4/25/22 11:39, Petr Menšík wrote:
> Hello,
>
> I have sent already a notification about SHA-1 not validated in default
> c
is not optional for them. Fixing
the problem by disabling FIPS mode is not possible for everyone.
Any comments or suggestions welcome.
Best Regards,
Petr Menšík
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
te for systemd is sufficient enough
> that I would prefer avoiding it as much as possible. Thanks for any
> input.
>
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.o
record(s) (I don't quite
> remember why, but I had two)
>
> 7. wait another TTL period
>
> 8. remove old keys from zone
>
> 9. re-sign the zone
>
>
> Will that be OK?
>
>
> Best regards,
>
> Danilo
>
>
>
--
Petr Menšík
Software Engineer
Red Hat,
aware of the following:
>
> https://lists.isc.org/pipermail/bind-announce/2022-January/001205.html
>
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
___
Ple
>
>
>
> Thanks in advance for your feedback,
>
>
>
> Carlos,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Carlos Onrubia Aviles*
> Solution Engineer | WIFI @ INTERNET TECHNOLOGIES
>
>
.
On 12/20/21 17:39, Reindl Harald wrote:
>
>
> Am 20.12.21 um 17:32 schrieb Petr Menšík:
>> Hi Borja,
>>
>> In fact there is ancient patch [1] still applied to Fedora builds, which
>> hides some lame servers warnings. It makes some lame servers category
>> logs as
_
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
/21 15:38, Petr Špaček wrote:
> If you don't like nginx naming, then what about Linux kernel naming:
> bind-next (similarly linux-next)?
>
> Petr Špaček
>
>
> On 01. 12. 21 13:07, pemensik at redhat.com (Petr Menšík) wrote:
>> Mainline seems strange term to me. I think it
urý (He/Him)
> ond...@isc.org
>
>> On 1. 12. 2021, at 13:07, Petr Menšík wrote:
>>
>> Mainline seems strange term to me. I think it should be used also by ISC
>> to identify that major version. When I download an archive, it uses
>> Development status. Is mainli
ble and mainline.
>
> Ondřej
> --
> Ondřej Surý — ISC (He/Him)
>
> My working hours and your working hours may be different. Please do not feel
> obligated to reply outside your normal working hours.
>
>> On 30. 11. 2021, at 16:10, Petr Menšík wrote:
>>
>> Hell
alled? Do you like
"bind9-dev" base name?
Regards,
Petr
1. https://getfedora.org
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
___
Please visit http
job of the operator.
>
> I know how to configure apparmor, my question is not about that.
>
> My question is about what is a good way to implement rfc2136 in Bind.
>
> I guess it's not a good idea that Bind really changes the zone-files
> in /etc/bind using rfc2136 because /etc
stoms
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/
,
>
> Sonal
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support subscr
rs to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.or
t
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Petr M
t of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Petr Menšík
Software Engineer
Re
an/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
>
development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Petr Menšík
Software Engineer
Red Hat
gt; from this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
tation, just it would be virtual inside
of bind. I am just interested why was this solution chosed. It seems
more complicated to me.
>
> Thanks.
>
> Petr Menšík mailto:pemen...@redhat.com>>
> 于2021年7月12日周一 下午11:17写道:
>
> Should authoritative servers reply different way
actly the same as the IP which
> is the original's destination IP , so that the corresponding query could
> match the right view.
>
> Does that make sense?
>
> Thanks
>
> Petr Menšík 于2021年7月12日周一 下午5:32写道:
>
>> Hi Xinyu.
>>
>> Why would you need client-facing
use 1.1.1.2 to
> complete the recursion process.
>
> when a recusive query arrived at 1.1.1.3, then BIND use 1.1.1.3 to
> complete the recursion process.
>
> Hopefully I made myself clear, and looking forward to some help.
> Thanks
>
>
--
Petr Menšík
Software Engin
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Petr Menšík
Software Engineer
Red Hat, http://www
to redefine builtin acl
> 'localhost'
>
>
>
>>
>> Best
>> Ale
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
___
Please visit http
copies are used instead. It should be reasony why it cannot find
your zone data.
Move it out of chroot as a backup, when bind-chroot.service is stopped.
# mkdir -p /var/named/backup-chroot/var/named
# mv /var/named/chroot/var/named/* /var/named/backup-chroot/var/named
# systemctl restart bind-chroot
e
> other process absorbing the data and spewing it directly to the central
> syslogd.
>
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
OpenPGP_signature
Description: OpenPGP digital signature
__
ch does that?
>
> Tnx
>
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
OpenPGP_signature
Description: OpenPGP digital signature
___
Please visit https://list
BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 (Extended Support Version)
> vulnerable?
This version is not vulnerable. Check named -V | grep
disable-isc-spnego, if it finds the string, it is not affected.
>
> Thanks
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email:
.html#zone-statement-grammar
On 4/26/21 1:38 AM, Ivan Avery Frey wrote:
> I'm trying to obtain certificates from Let's Encrypt using the DNS-01
> challenge method.
>
> I just want to confirm that there is no option to configure the
> directory for the .jnl files independently of the zo
he development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
> --
> Bruce Johnson
> Un
elay traffic between the Internet
> and AREDN.
>
> The use of "delegation-only no;" in the above zone definitions was an attempt
> to work around the problem, but it didn't change the behavior over not having
> the option there. The version of Bind I am using does not
>
> Ismael Suárez Maldonado | UNIX ADM | Coqui.Net Corp / ClaroTV
> ismael_sua...@coqui.com<mailto:ismael_sua...@coqui.com> | T: 787-793-0001 x
> 4007
>
> -Original Message-
> From: Petr Menšík
> mailto:petr%20%3d%3futf-8%3fq%3fmen%3dc5%3da1%3dc3%3dadk%3f%3
his list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
are with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Petr Menšík
Software E
fo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@list
>
> [1] https://wiki.debian.org/DDNS
>
> Best regards
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of thi
al/etc/namedb/rndc.conf
>>> DNSSEC root key: /usr/local/etc/namedb/bind.keys
>>> nsupdate session key: /var/run/named/session.key
>>> named PID file: /var/run/named/pid
>>> named lock file: /var/run/named/named.lock
>>>
>>> ---
>
using root
>>Bad exit status from /var/tmp/rpm-tmp.oI0ckT (%build)
>
> My guess (which may be wrong) is that something is wrong with the line:-
> %set_build_flags
> in bind.spec.
>
> Any thoughts from others, more knowledgeable that myself, would be
> appreciated.
>
s root.
>
>> On 1 Jun 2020, at 06:36, Carl Byington via bind-users
>> wrote:
>>
>> I:runtime:verifying that named switches UID (14)
>> I:runtime:failed
>
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP
sts.sh
>
> I:runtime:checking that named logs an ellipsis when the command line is
> larger than 8k bytes (13)
> I:runtime:verifying that named switches UID (14)
> I:runtime:failed
> I:runtime:stopping servers
>
> Ignoring that, the resulting binary seems to run properly.
>
--
t; ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinf
would be welcome.
Regards,
Petr
1. https://copr.fedorainfracloud.org/coprs/pemensik/bind-9.16/
2. https://copr.fedorainfracloud.org/coprs/pemensik/bind-9.17/
--
Petr Menšík
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
signature.asc
Description: OpenPGP digital signature
you remember what was
motivation to implement it? Is it wise to still enable it by default,
without at least configure option to disable it?
1.
https://gitlab.isc.org/isc-projects/bind9/commit/05d32f6b0f6590ca22136b753309f070ce769000
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com
Hi, More below
Dne 1.2.2018 v 01:36 Ludovic Gasc napsal(a):
> 2018-01-31 21:47 GMT+01:00 Petr Menšík <pemen...@redhat.com
> <mailto:pemen...@redhat.com>>:
>
> Hi Ludovic,
>
>
> Hi Petr,
>
> I didn't expect to discuss directly with the Fedora maint
hs=/opt
> InaccessiblePaths=/root
> ReadWritePaths=/run/named
> ReadWritePaths=/var/cache/bind
> ReadWritePaths=/var/lib/bind
>
> --
> Ludovic Gasc (GMLudo)
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
Dne 31.1.2018 v 15:37 Reindl Harald napsal(a):
>
> Am 31.01.2018 um 15:18 schrieb Petr Menšík:
>> as a Fedora maintainer of BIND package, I can say only that SELinux in
>> enforcing mode will provide better hardening than most of suggested
>> changes. That does not
> keep CAP_NET_BIND_SERVICE and drop CAP_SYS_CHROOT and CAP_SETPCAP, if
>> you wanted to retain the capability to perform privileged binds at
>> runtime. Or you could eliminate CAP_SYS_CHROOT and use other systemd
>> functionality to make parts of the filesys
gt; root.eng.idt.com. 2018012901 10800 900 604800 86400
>
>
> I sure could use a suggestion.
>
> Thanks,
> Rick
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-u
that can
be used in default installation image without manual configuration? And
how does it resolve that name, when date of the system is 1970-1-1 or
something a only a bit more accurate?
Current pool.ntp.org adresses are unsigned now, so that would work
anyway. If I want spoof protection, what sh
-checking disabled. I found no way to
do that. Is there good reason why it is not available? Is better method
for solving secure configuration of timeless system available?
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com PGP: 65C6C973
94 matches
Mail list logo