Re: Forward first showing odd behavior BIND 9.11.36-RedHat-9.11.36-16.el8_10.4 (Extended Support Version)

ot deliberately unreliable or likely to fail. Hope that helps. Cheers, Greg On Fri, 5 Sept 2025 at 19:30, Reynolds, David wrote: > Greetings all, > > > > I stumbled across an oddity in BIND that may be due to my ignorance or > some other environmental factor. > > >

Re: Development version of BIND 9 - 9.21.10 with meson build system

Thanks for the suggestions! I did a local upgrade of userspace-rcu to 0.15.3, and then BIND 9.21.11 configured and built. But turning back to the original question: $ meson setup build-dir $ meson compile -C build-dir gets me the equivalent of configure make But what gets me the equivalent

Re: Development version of BIND 9 - 9.21.10 with meson build system

> Does > https://bind9.readthedocs.io/en/latest/chapter10.html#building-bind-9 > help? Yes, it gets me a bit further. The current stumbling block is that the configury system can't find liburcu-common (despite finding the other rcu libs), seemingly that's because the pkg-c

Re: Development version of BIND 9 - 9.21.10 with meson build system

> as previously announced, the BIND 9.21 (development branch) has > changed the build system from venerable autotools to meson > build system. If you build BIND 9 from sources now would be a > good time to try building the development version from sources > and report any issues

Re: Bind forwards DNS requests even though forwarding is disabled.

Hi Sascha. I have a few questions. 1) Are you sure BIND is forwarding? Is that the term you mean to use? Please can you take a binary packet capture (pcap, not copy/paste of terminal output) that shows what the BIND server is doing and send that, You may have disabled global forwarding but

Re: Bind forwards DNS requests even though forwarding is disabled.

. We will also need to know IP addresses on the server on which BIND is running and its routeing table. This is because, in your BIND config, you have not specified a query-source address, so BIND will use the address of the outgoing interface, whatever that is. Regarding recursion. I see you hav

Bind forwards DNS requests even though forwarding is disabled.

Hello, I have a Bind server running for a private Samba AD. The server is used exclusively for internal name resolution, an Adguard container is used for requests to the WAN. To enable this, forwarding is disabled on the Bind DNS (primary DNS). Unfortunately, I have noticed that the Bind DNS has

Re: Bind forwards DNS requests even though forwarding is disabled.

First of all, thank you for your quick response. In this case, “forwarding” may be somewhat of a misplaced term. What I want to achieve, and what has been working for over 5 years, is for BIND DNS to act as the primary DNS for DNS queries relating to intranet name resolution (Samba AD), and for

DNS over HTTPS in a multi-hoseted environment

from JEsus Christ is WEll done Good and Faithful servant -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-u

Re: DNSSEC policy using wrong directory?

Mike skrev den 2025-08-24 03:50: I just set up `dnssec-policy default;` in my zones. Now I'm seeing error messages like: general: error: /etc/bind/good-with-numbers.com.signed.jnl: create: permission denied Well, yeah, that's a read-only file system. options { direc

meson - rpath and chroot

I am struggling a little to adapt to meson on linux. I noticed in https://www.mail-archive.com/bind-users@lists.isc.org/msg35684.html that rpath was removed from the bind build. Now I know why my binaries could not find their libraries (I edited meson.build to re-add rpath). Am I the only end

Re: dnssec

Hello Renzo. There is no point spending time answering these questions for a version of BIND that is now obsolete. As I suggested in your other post, follow the instructions in the KB article and install 9.20. After that, if you still have questions, come back. Please also read the documentation

Re: define zone

nes, in named.rfc1912.zones file I > should to add "127.in-addr.arpa" and "255.in-addr.arpa" zones ? > > Il giorno gio 7 ago 2025 alle ore 14:24 Greg Choules < > gregchoules+bindus...@googlemail.com> ha scritto: > >> Hi again, Renzo. >> >&g

Re: define zone

Hi again, Renzo. 1) Regarding root hints, the explicit hint zone has not been necessary in BIND for many years as the hints are built-in. This applies if your resolver is doing recursion. But if you are doing global forwarding - with "forward only;" as well - then "zone ".&quo

Re: configure bind in chroot jail

> From: bind-users on behalf of Greg Choules > via bind-users > Reply to: Greg Choules > Date: Wednesday 6 August 2025 at 20:06 > To: Renzo Marengo > Cc: "bind-users@lists.isc.org" > Subject: Re: configure bind in chroot jailenzo. The Linux distros packag

Re: configure bind in chroot jail

Hi Renzo. The Linux distros package their own versions of BIND, which they obtain from ISC and patch over the years, hence it is almost guaranteed to not be the latest. That may be OK for you. But see here for how to install it directly if you choose: https://kb.isc.org/docs/isc-packages-for-bind

Re: ISC-Bind Cache preserveration

Hello, you could configure Bind at remote locations as secondaries for your internal domains, so that they have a copy of the zone locally. Other, non-internal domains probably don't matter while WAN isn'

ISC-Bind Cache preserveration

Good Afternoon, We're using ISC-Bind (v 9.16.45) out at remote locations to serve as part of local DNS service in the event of a WAN outage. However we are faced with the possibility that we might also suffer a power outage at these locations, and would have power restored before the WAN.

Re: confgiure bind files and after run chroot script ?

Hi Renzo. Firstly, please ditch 9.16, it's end of life and take a look at the latest 9.20 Secondly, you didn't respond to points made in your other post about chroot; i.e. why you think you need it. Cheers, Greg On Tue, 5 Aug 2025 at 12:52, Renzo Marengo wrote: > to configure Bi

Re: configure bind in chroot jail

Hi Renzo. This is not intended to sound negative. But why are you stuck on chroot? What benefit do you think it will bring you? It used to be the case (many years ago) that if you started BIND as root, it ran as root and chroot made sense then. But not anymore. It starts with some privilege, to

Re: configure bind in chroot jail

Have you looked here: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_networking_infrastructure_services/assembly_setting-up-and-configuring-a-bind-dns-server_networking-infrastructure-services They have a short mentioning of chroot. :-) Danjel On 7/31/2025 9

Re: configure bind in chroot jail

version 6 "some time" ago. //Danjel On 7/31/2025 8:58 AM, Renzo Marengo wrote: Thank you very much but my issue is to understand what first step I have to do, considering that the following rpm are just installed: bind.x86_64 bind-chroot.x86_64 bind-dnssec-doc.noarch bind-dnssec-ut

Re: configure bind in chroot jail

On 7/30/2025 1:11 PM, Renzo Marengo wrote: I want to install latest rpm of Bind (9.16.23-31) for Oracle Linux 9 to create only cache DNS server which is running in chroot jail. I installed several Bind packages included bind-chroot. What document do you suggest me to follow to configure bind

Re: BIND from brew on OSX - Crash

Have you tried bind in the latest macOS beta versions? James. > On 24 Jul 2025, at 5:00 pm, stuart--- via bind-users > wrote: > > Hi, > > This is mostly just me wondering if this is just a "me" issue or whether this > is endemic of BIND on OSX. > > I

BIND from brew on OSX - Crash

Hi, This is mostly just me wondering if this is just a "me" issue or whether this is endemic of BIND on OSX. I use BIND as distributed by brew.sh on OSX (14.7.6, M2 Pro) for local testing of various things and ran into an issue last week. When I configured BIND to listen on an alte

Re: DNSSEC validation broken trust July 22-23rd time.nist.gov

Hi, DNSviz is showing the issue very clearly so it was not on your side https://dnsviz.net/d/time.nist.gov/aID54g/dnssec/ regards Julian Panke Ursprüngliche Nachricht Am 24.07.25 00:18 schrieb J Doe : > Hi, > > I have a small mail server that is using: BIN

Re: suggetsed distro for Bind

ualization platform, so there’s full access to the underlying hardware. -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. On 23. 7. 2025, at 15:10, Carlos Horowicz via bind-users wrote

Re: suggetsed distro for Bind

and small with alpine linux I'd like to migrate from bind 9.11 lo last version. This service is acting as cache dns server and It' running on Centos 7 server, what Linux distro do you suggest me for new Bind?-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: 127/8 weirdness & entertainment for fun & profit.

Crist Clark writes: > Note that is all Linux-specific behavior. BSD-derived stacks are generally > different, e.g. FreeBSD and MacOS. They do not respond to addresses that > aren’t explicitly assigned to an interface. You cannot bind an address not > assigned to an interface. I

Re: BIND doesn't listen to other loopback addresses

https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/li

Re: BIND doesn't listen to other loopback addresses

Bagas Sanjaya writes: > Here in my case, I was expecting BIND to listen to 127.0.0.53 as > separate address, just like in similar applications (systemd-resolved, > dnsdist, etc). You do need to add the address to an interface, but you don't need to add a new dummy interface.

Re: 127/8 weirdness & entertainment for fun & profit.

New-Subject: host vs subnet routes Old-Subject: BIND doesn't listen to other loopback addresses On 7/6/25 1:02 AM, Ondřej Surý wrote: The IPv4 loopback is actually quite weird in this regard that 127.0.0.1/8 is assigned by everything in 127/8 automagically works without explicit ad

Re: BIND doesn't listen to other loopback addresses

https://bind9.readthedocs.io/en/stable/reference.html#namedconf-statement-automatic-interface-scan Note the phrase "...and supported by the operating system...". Linux capabilities must also be enabled (i.e. not *disabled* at build time) for BIND to be able to keep scanning as addresse

Re: question about resolving of AAAA amazoses.com

Hello and many thanks for the quick all-answering response! Thanks for Greg as well, I leave it to Petr's answer then :-) Am 04.07.2025 um 10:13 schrieb Petr Špaček: On 04. 07. 25 9:56, Florian Piekert via bind-users wrote: Hello all, I frequently have this in my logs May  4 14:29:16

Re: question about resolving of AAAA amazoses.com

Hi Florian. Well since you mention it, may we see your BIND configuration? Also "named -V", please and, if you can, a packet capture (preferably binary pcap, not just a few lines of tcpdump output) showing what your server is doing at the time you see these messages in the logs. Cheers

question about resolving of AAAA amazoses.com

feedback-smtp.us-east-1.amazonses.com/ for 127.0.0.1#44099: Name us-east-1.amazonses.com (SOA) not subdomain of zone feedback-smtp.us-east-1.amazonses.com -- invalid response and was wondering IF there is a misconfiguration on my bind? My guess is no, but I thought I'd better as

Re: Significant memory usage

“countless” reports there were not that many of them actually. How many zones can a bind instance handle realistically? Internally, we are testing BIND 9 with 1M small zones and it works just fine. What happened was that 9.20 introduced a new database backend called QP that replaced venerable custom

Re: Server crash on receiving query

Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. On 5. 11. 2024, at 11:58, James L. Brown via bind-users wrote:  On 2 Nov 2024, at 3:14 am, Scott Bradner wrote: I have the same proble

Re: Significant memory usage

g My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. On 1. 7. 2025, at 20:40, OwN-3m-All wrote: Also, 127.0.0.1 (localhost) needs to be returned for these hosts, not a NXDOMAIN response. Would that impact it? -- Vis

Re: Significant memory usage

s On 01/07/2025 19:27, OwN-3m-All wrote: >>  Apologies if I misunderstood your setup. I’ve also encountered memory issues in recent BIND versions — BIND 9.18.33 on Debian 12 is a tremendous beast, capable of handling millions of QPS — but after reducing logging (including DNSTAP) and disa

Re: Significant memory usage

Hello there, I’m not a BIND developer either, but I was intrigued when you mentioned /millions of zone entries/. Are you referring to millions of individual zones, rather than consolidating entries into a single RPZ zone? Apologies if I misunderstood your setup. I’ve also encountered memory

Re: Is there any method/config to pass through rcode refused

is any config or method to achieve > that. > > > > Thanks, > > Neil Nie > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contac

Re: dnssec/obsolete dns keys removal - how to?

On 21/06/2025 05:16, Florian Piekert via bind-users wrote: Hello, wow, that did the trick. I didn't think of this at all. It -after all- appeared to be VERY obvious. I don't know why I overlooked this possibilty. THANK YOU! Am 20.06.2025 um 19:03 schrieb Crist Clark: Do you have

Re: dnssec/obsolete dns keys removal - how to?

Hello, wow, that did the trick. I didn't think of this at all. It -after all- appeared to be VERY obvious. I don't know why I overlooked this possibilty. THANK YOU! Am 20.06.2025 um 19:03 schrieb Crist Clark: Do you have a .signed file that BIND created? To be 100%, shutdown n

dnssec/obsolete dns keys removal - how to?

deleted those files somewhen in between while trying. After a while I got a correct working setup (using the default *facepalm*). Although I have then successfully managed to get the correct key setup into the DS with the root tld zones, I have mysterious DNSKEY entries on my bind installations

Problem with latest Docker image

ternal defaults: failure (But I'm not sure what I did to generate the named.run file, and I haven't been able to recreate it) I'm not using any geo capability that I know of. I haven't changed anything in my bind config files in quite some time, and it's always worked up

Re: Significant memory usage

ket I/O Statistics ++ 191596 UDP/IPv4 sockets opened 169 TCP/IPv4 sockets opened 191580 UDP/IPv4 sockets closed 777 TCP/IPv4 sockets closed 41 UDP/IPv4 socket bind failures 43 UDP/IPv4 socket conn

Re: Significant memory usage

10:46 PM, Philip Prindeville via bind-users > wrote: > > I read: > > https://bind9.readthedocs.io/en/v9.20.9/reference.html#namedconf-statement-max-cache-size > > and it doesn’t explain the notation for . > > > > >> On Jun 8, 2025, at 10:39 PM, Ondřej Sur

Re: Significant memory usage

ybe GB is the only unit it groks. >> >> >> Jun 8 22:31:52 OpenWrt named[19145]: /etc/bind/named.conf:42: expected >> integer and optional unit or percent near ‘1536MB’ >> >> Nope: >> >> Jun 8 22:32:48 OpenWrt named[19609]: /etc/bind/named.conf:

Re: Significant memory usage

Maybe GB is the only unit it groks. Jun 8 22:31:52 OpenWrt named[19145]: /etc/bind/named.conf:42: expected integer and optional unit or percent near ‘1536MB’ Nope: Jun 8 22:32:48 OpenWrt named[19609]: /etc/bind/named.conf:43: expected integer and optional unit or percent near ‘2GB'

Re: Significant memory usage

Jun 8 22:22:10 OpenWrt named[15142]: /etc/bind/named.conf:42: expected integer and optional unit or percent near '1638MB' > On Jun 8, 2025, at 10:17 PM, Ondřej Surý wrote: > > Yes, there's no math involved, it just honors the limit. > > FTR you can als

Re: Significant memory usage

im) > ond...@isc.org > > My working hours and your working hours may be different. Please do not feel > obligated to reply outside your normal working hours. > >> Here’s my statistics-channel output: >> >> -- Visit https://lists.isc.org/mailman/listinfo/bind-us

Re: Significant memory usage

for your purposes. > > Ondrej > -- > Ondřej Surý — ISC (He/Him) > > My working hours and your working hours may be different. Please do not feel > obligated to reply outside your normal working hours. > >> On 9. 6. 2025, at 5:45, Philip Prindeville >> wrote: >> &

Re: Significant memory usage

that talk to a small number of external hosts). It’s computing the max-cache-size that I’ve set: Jun 8 21:34:08 OpenWrt named[8106]: /etc/bind/named.conf:42: 'max-cache-size 10%' - setting to 171MB (out of 1714MB) but no idea where the 1741MB that it is basing that off of is coming f

Re: Significant memory usage

t’s going on with just output of named -V. > > I would suggest to recompile names with jemalloc enabled and then use > jemalloc profiling to see where the memory goes. > > See https://www.isc.org/blogs/2023-BIND-memory-management-explained/ for more > details (search for

Re: Significant memory usage

> On Jun 8, 2025, at 3:07 PM, Philip Prindeville via bind-users > wrote: > > > >> On May 21, 2025, at 3:38 PM, Ben Scott wrote: >> >> - Original Message - >>> From: "Philip Prindeville via bind-users" >>> To: "

Re: Significant memory usage

> On May 21, 2025, at 3:38 PM, Ben Scott wrote: > > - Original Message - >> From: "Philip Prindeville via bind-users" >> To: "bind-users" >> Sent: Sunday, May 18, 2025 5:20:59 PM >> Subject: Significant memory usage > >>

Re: Significant memory usage

> On May 21, 2025, at 3:38 PM, Ben Scott wrote: > > - Original Message - >> From: "Philip Prindeville via bind-users" >> To: "bind-users" >> Sent: Sunday, May 18, 2025 5:20:59 PM >> Subject: Significant memory usage > >>

Re: QNAME minimisation question

root trust anchor)                  -b address[#port]   (bind to source address/port) etc... The rest I don't know, yet. Hope that helps, Greg Thanks Greg. On Wed, 4 Jun 2025 at 07:46, Nick Tait via bind-users wrote: I've done a bit more testing on this, and it seems like if you u

Significant Throughput Drop in BIND 9.20.8 for Batch DNS Updates – Seeking Community Insights and Solutions

Hello BIND Community, I am writing to report a significant performance drop observed after upgrading from BIND 9.18.30 to BIND 9.20.8 . We are running BIND in a batch data processing environment where large volumes of dynamic DNS updates are pushed periodically. Under 9.18.30, our system

Re: QNAME minimisation question

[#port] (bind to source address/port) etc... The rest I don't know, yet. Hope that helps, Greg On Wed, 4 Jun 2025 at 07:46, Nick Tait via bind-users < bind-users@lists.isc.org> wrote: > Hi Stace. > > The transport protocol used to ask the question is (or should be) > inde

Re: QNAME minimisation question

ot;;; WARNING: using internal name server mode: '@8.8.8.8' will be ignored" On 03/06/2025 22:36, Stacey Marshall wrote: On 3 Jun 2025, at 10:29, Nick Tait via bind-users wrote: But I also noticed that delv only makes A queries (not ), and even if I specify "-6" on t

Re: QNAME minimisation question

isit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/lis

Re: QNAME minimisation question

On 02/06/2025 23:30, Petr Špaček wrote: In short, with an empty cache, BIND will exceed pre-configured limit on number of queries it can do. This is protection from various attacks which misuse DNS to attack itself. Thanks for the explanation! This particular recursive query doesn't

Re: QNAME minimisation question

re force to set the value off or disabled, because bind finds something "strange" in the zone cut response. dig ns +dnssec 90.45.in-addr.arpa @127.0.0.1 ; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> ns +dnssec 90.45.in-addr.arpa @127.0.0.1 ;; global options: +cm

QNAME minimisation question

Hi list. I've been investigating a failure that I noticed in my DNS logs. I know the issue is related to QNAME minimisation, but rather than just turning it off (to make the problem go away), I'm trying understand whether BIND is doing exactly what it is expected to do? I can rep

Re: Dns tunnel detection/prevention

rent things. -- Grant. . . . -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-

Re: Dns tunnel detection/prevention

On 5/22/25 9:23 AM, Karol Nowicki via bind-users wrote: Does ISC Bind software by native has any dns tunneling prevention embedded ? I don't think there is anything that I would describe that way. But there may be some rate limiting option(s) that you could use to at least cripple usin

Re: 3Rd Follow Up - Re: My Introduction and current issues

-08.braze.com.cdn.cloudflare.net A 5b57 > 1053 20.772813 102.767751 2.350603 184.184.184.10 8.8.8.8 48067 Q > sdk.iad-08.braze.com.cdn.cloudflare.net A ae45 > 1054 20.773441 102.768379 0.000628 184.184.184.7 184.184.184.10 - - - ICMP > - Destination unreachable (Port unreachable) but don

Dns tunnel detection/prevention

Does ISC Bind software by native has any dns tunneling prevention embedded ?  Thanks  Wysłane z Yahoo Mail do iPhone -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us

Re: 3Rd Follow Up - Re: My Introduction and current issues

- - ICMP > - Destination unreachable (Port unreachable) but don't know which packet > this is in response to. > 1055 20.773879 102.768817 0.000438 184.184.184.10 184.184.184.80 32337 R > sdk.iad-08.braze.com A 2e9e Response to 1032 > > Note that the BIND server at ...10 makes lots

Significant memory usage

creeping up again. I updated to 9.20.8 a few minutes ago but I’m still seeing the same issue. root@OpenWrt:~# named -V BIND 9.20.8 (Stable Release) running on Linux x86_64 6.6.41 #0 SMP Sat Jul 27 03:38:57 2024 built by make with '--target=x86_64-openwrt-linux' '--host=x86_6

Re: 3Rd Follow Up - Re: My Introduction and current issues

is unreachable. Since that ICMP packet is always preceded by a DNS query directed to either 1.1.1.1 or 8.8.8.8, it might imply that either your router or something further along (i.e. your ISP) is not allowing the DNS query packets to pass. Since Bind v9

Re: long FQDN resolution

Benny Pedersen via bind-users skrev den 2025-05-15 20:42: Matus UHLAR - fantomas skrev den 2025-05-15 17:04: turn off QNAME minimisation on DNS servers used by mailservers for DNSBL/DNSWL checks. make a better rbldnsd that support qname :) or dump zone from rbldnsd to bind.zone, the bind

Re: DNSVIZ errors

i didn’t receive your reply but saw this on lists archive so replying to you: Do be aware that Ondrej is a member of ISC, the organization that develops BIND. He is also one of the maintainers of the Debian release of BIND which you are using. Why should i be aware? Is he is a threat or

Re: long FQDN resolution

Matus UHLAR - fantomas skrev den 2025-05-15 17:04: turn off QNAME minimisation on DNS servers used by mailservers for DNSBL/DNSWL checks. make a better rbldnsd that support qname :) or dump zone from rbldnsd to bind.zone, the bind zone can be in sqlite to not be so memory hungry or report

Re: long FQDN resolution

I was beaten to it! It's called QNAME minimisation and is specified here: https://datatracker.ietf.org/doc/html/rfc9156 In BIND it can be disabled with this statement: https://bind9.readthedocs.io/en/v9.20.8/reference.html#namedconf-statement-qname-minimization Hope that helps, Greg On Th

Re: My Introduction and current issues -

Sorry let me try again. I missed your other questions... On 11/05/2025 17:17, Fred Morris wrote: BIND insists on addresses bound to interfaces (at least, that's my contention, based on experience yesterday, which may or may not reflect some reality which has been manufactured

Re: My Introduction and current issues -

On 11/05/2025 17:17, Fred Morris wrote: BIND insists on addresses bound to interfaces (at least, that's my contention, based on experience yesterday, which may or may not reflect some reality which has been manufactured today). resolved uses a loopback address which is not bound

Re: My Introduction and current issues -

y. Or not. --- On Sun, 11 May 2025 12:37:23 +1200 Nick Tait via bind-users wrote: > On 11/05/2025 07:28, Fred Morris wrote: > > Stop! Squirrel wearing a systemd tshirt! Kill / maim / destroy / drive > > off systemd resolved. Then make sure that resolv.conf is not being >

Re: My Introduction and current issues -

not/ trying to say that everyone should use systemd-resolved. I'm just trying to be an "active bystander". :-) -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: My Introduction and current issues -

others on this list would disagree with me, but that's just my 2p. Cheers, Greg. On Sat, 10 May 2025, 13:43 , wrote: > On 2025-05-10 02:03, Greg Choules wrote: > > @Danilo you are correct, the contents of /etc/resolv.conf are not set by > BIND and BIND itself does not use them. B

Re: My Introduction and current issues -

@Danilo you are correct, the contents of /etc/resolv.conf are not set by BIND and BIND itself does not use them. But all applications running on that machine (including dig, unless you specify @) that want some kind of name resolution will make OS system calls and then the OS *will* use what'

Re: My Introduction and current issues -

rch mydomain.net   (where mydomain is my actual domain name and not the FQDN of the machine (i.e. "machine01.mydomain.net")).   This was entered by default as BIND was installed.   I am wondering if the "namesever" should be th

Re: My Introduction and current issues -

. In DHCP, what do you have configured for your client's DNS servers? Lyle Giese On 5/9/25 17:58, bi...@clearviz.biz wrote: Howdy all!.   My name is Arnold, and I'm new to both Bind9 and to the Bind user's list. I'm hoping to contribute my findings on the use of Bind9. in

Re: My Introduction and current issues -

Hi. I also suspect it's not BIND, but how the OS is going about resolving names. Test your running BIND by using dig (please, not nslookup) @127.0.0.1 for domains you think you are having a problem with. Also check /etc/resolv.conf and see what address(es) is/are listed as nameservers.

Re: Massive increase of SERVFAIL after April 28th 2025.

-SERVERS.NET (2001:0501:b1f9:::::0030) Refers backwards Same output from any of my bind hosts: # dnstracer -q cname -s 127.0.01  ftp.lip6.fr Tracing to ftp.lip6.fr[cname] via 127.0.01, maximum of 3 retries 127.0.01 (127.0.0.1) Refers backwards But interestingly, doing this

Re: Massive increase of SERVFAIL after April 28th 2025.

everything up. So may be that was the reason, if it coincides with your perception ... dnstracer has eventually helped me find lame delegations. Carlos Horowicz Planisys On 01/05/2025 17:23, Rob McEwen via bind-users wrote: From vinc...@cojot.name until a few days ago (April 28th?) when the

Re: Massive increase of SERVFAIL after April 28th 2025.

and purge any caching (rndc flush), then restart BIND. Maybe you've already done that? But if not, it's worth a try before digging deeper. If that doesn't fix this, then hopefully someone else on this list can help you. Rob McEwen, invaluement -- Original Message --

Re: Massive increase of SERVFAIL after April 28th 2025.

-blackout-that-hit-spain-and-portugal Hopefully, you're not seeing any more of these errors now? Rob McEwen, invaluement -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact

Re: DNSVIZ errors

version: BIND 9.20.8-1+0~20250416.117+debian12~1.gbp1ea9dd-Debian (Stable Release) (<>) running on localhost: Linux x86_64 6.1.0-33-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.133-1 (2025-04-10) boot time: Sun, 20 Apr 2025 15:40:59 GMT last configured: Sun, 20 Apr 2025 15:40:

Re: DNSVIZ errors

Thank you for your help. it does give insights into the problem. if you check dnsviz history, this does not happen everytime. the bind version is BIND 9.20.8-1+0~20250416.117+debian12~1.gbp1ea9dd-Debian obtained from: https://www.isc.org/download/ —-> https://bind.debian.net/bind th

Re: DNSVIZ errors

need anything specific let me know.') today language models are more context aware. and if you don't want to share what do you 'need' then leave it be, i don't want your help. On April 20, 2025 5:17:46 PM UTC, "Ondřej Surý" wrote: > >> O

Re: DNSVIZ errors

eel obligated to reply outside your normal working hours. On 20. 4. 2025, at 16:31, akritrim® Intelligence™ via bind-users wrote: Hi I am getting the following error if i test the domain on dnsviz.net. For example for domain example.org i get : caikb.6tqs4.example.org/A has errors; s

DNSVIZ errors

only some of them. i have these parameters defined in dnssec policy: nsec3param iterations 0 optout no salt-length 0; any ideas will be welcome. -- akritrim® Intelligence™ -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the developme

Re: Multiple views (more than 2)

secondary server could inadvertently end up transferring the zone from the public view in spite of having signed the zone transfer request with one of the private keys. Nick. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the developme

bring clientip to the authoritative server

Hey Guys, I have a cache, which can cache the client's domain name request and forward the client ip to my bind authority service in the form of ecs to hit views. But I know that after bind 9.13, authoritative ecs functionality is not supported. So I've been unable to upgrad

Re: DNS hiccups

Apr 15 15:53:34 CEST 2025 ;; MSG SIZE rcvd: 282 -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Multiple views (more than 2)

lic one (for remote clients, served by all four > name > > servers). It used to work :-) > > > > Now it's desired to create multiple different private views served > > by my > > name servers (one view for clients from each subnet of my network) > &g

Re: Multiple views (more than 2)

h-clients" directives... > > Any example, link, general formula or some smart how-to, or anything > welcome... > > Thanks a lot! > Best regards, > Marek > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > IS

  1   2   3   4   5   6   7   8   9   10   >