, December 17, 2023 11:01 AM
To: MEjaz
Cc: bind-users@lists.isc.org
Subject: Re: unable-resolve-bank=domain
> On 17. 12. 2023, at 8:20, MEjaz via bind-users
> wrote:
>
> Any hint would be highly appreciated..
Paraphrasing: Logs or it didn’t happen…
Always start with logs. Th
023
;; MSG SIZE rcvd: 101
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bi
—
Cheers,
Wolfgang
__
Wolfgang Riedel | Distinguished Engineer | CCIE #13804 | VCP #42559
On 15. Dec 2023, at 12:46, Wolfgang Riedel via bind-users
wrote:
Hello Petr,
The issue is not just BIND loc
Hi Folks,
I just wonder what's your take is on the current DNSSec mess with SHA1?
There are still a lot of top level domains being signed with SHA1 and look like
nobody really cares?
Current OS releases like RHEL9 and others simply removed SHA1 from the code so
if you're running BIND
and to answer my own question as I finally found the section in the manual
here:
https://bind9.readthedocs.io/en/latest/dnssec-guide.html#verification
On Wed, 13 Dec 2023, Brett Delmage via bind-users wrote:
Sorry, I pasted the wrong version (too many remote shells open today)
Should
r can reach the Internet it can recurse all on its own.
I hope that helps.
Greg
On Wed, 13 Dec 2023 at 16:29, Michel Diemer via bind-users <
bind-users@lists.isc.org> wrote:
>
>
> Dear Bind user,
>
> I am a teacher and trying to understand how dns works. I am spending h
Dear Bind user,
I am a teacher and trying to understand how dns works. I am spending hours
reading various sources without finding satisfying information. For teaching
purposes I have created a virtual machine with isc dhcp server and bind9 and
another virtual machine that uses
Sorry, I pasted the wrong version (too many remote shells open today)
Should be:
ii bind9 1:9.18.19-1~deb12u1 amd64Internet Domain Name Server
ii bind9-utils1:9.18.19-1~deb12u1 amd64Utilities for BIND 9
On Wed, 13 Dec 2023, Brett Delmage wrote:
I previously used
Thanks.
Brett
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
ue, 12 Dec 2023 at 17:42, Blason R wrote:
> Thanks folks
>
> I just disabled DNSSEC validation from bind config file (globally) and
> those domains started resolving fine.
>
>
> On Tue, Dec 12, 2023, 13:25 Greg Choules <
> gregchoules+bindus...@googlemail.com> wr
ith your
own problem.
Cheers, Greg
On Tue, 12 Dec 2023 at 00:48, Blason R wrote:
> Oh I forgot to tell you that. This is BIND RPZ and all the queries are
> recursive.
>
> Dig output just dies out and does not spit anything.
>
> And this specifically i noticed with .gov and .gov.i
On 12/11/23 18:47, Blason R wrote:
Oh I forgot to tell you that. This is BIND RPZ and all the queries are
recursive.
Okay, what RPZ configuration do you have? Is it messing with the
queries you're testing in any way?
What configuration do you have for RPZ related to DNSSEC?
Dig output
3 10:19 PM
To: Bhangui, Sandeep - BLS CTR
Cc: Nick Tait ; bind-users@lists.isc.org
Subject: Re: dnssec-delegation seems to be broken from .gov to bls.gov
CAUTION: This email originated from outside of BLS. DO NOT click (select) links
or open attachments unless you recognize the sender and know t
on the
dotgov.gov did not happen correctly.
Thanks
Sandeep
From: bind-users On Behalf Of Nick Tait via
bind-users
Sent: Wednesday, December 6, 2023 3:23 PM
To: bind-users@lists.isc.org
Subject: Re: dnssec-delegation seems to be broken from .gov to bls.gov
CAUTION: This email originated from outside
On 7/12/2023 9:05 am, Nick Tait via bind-users wrote:
I could be wrong, but based on the output above it looks like the
current TTL is 0, which means that doing this should provide immediate
relief.
Sorry it looks like the DNS server on the Wi-Fi network I'm connected to
has done something
On 7/12/2023 1:53 am, Bhangui, Sandeep - BLS CTR via bind-users wrote:
Hi
It seems the DNSSEC delegation is broken from “.gov” to bls.gov domain
and due to which the records for bls.gov are considered as bogus and
we are having issues at our site.
It looks like we were in the process
.
Please advise.
Thanks
Sandeep
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-use
u have a specific reason to use PKCS#11 I
would
suggest to simply avoid it until the dust settles.
Adding SoftHSM2 on top of BIND 9 doesn't really increase security as the user
under named
runs has to have access to the private key data anyway.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My w
.
Gérard
Le 03/12/2023 à 18:40, Gérard Parat via bind-users a écrit :
Hi,
I used this tutorial as reference to setup DNSSEC with SoftHSM2:
https://kb.isc.org/docs/bind-9-pkcs11
I installed the Debian package instead of building libp11:
libengine-pkcs11-openssl:amd64 0.4.12-0.1
It works until
Please do not feel
obligated to reply outside your normal working hours.
On 3. 12. 2023, at 18:41, Gérard Parat via bind-users
wrote:
Hi,
I used this tutorial as reference to setup DNSSEC with SoftHSM2:
https://kb.isc.org/docs/bind-9-pkcs11
I installed the Debian package instead of build
Hi,
I used this tutorial as reference to setup DNSSEC with SoftHSM2:
https://kb.isc.org/docs/bind-9-pkcs11
I installed the Debian package instead of building libp11:
libengine-pkcs11-openssl:amd640.4.12-0.1
It works until reaching this command:
$ dnssec-keyfromlabel \
-E pkcs11
Hi everyone,
I'm a developer on the Apache Pekko project, an open source fork of Akka.
One of our mentors has queried if we have a licensing issue for the files in
this directory.
https://github.com/apache/incubator-pekko/tree/main/actor-tests/src/test/bind/etc
The configs there are Bind9
figuration, to avoid
potential issues in future versions of BIND?
Thanks,
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more
stinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
So here is a theory if a client asks a query and bind goes out for that
query and the reply is delayed but you get the answer then for what ever
reason the reply to the client from bind is delayed more! So the quicker
the answer the quicker the answer to the client.
Why? I have no idea
and this from dig maybe a routing iusse why it take so long for me?
C:\Program Files\ISC BIND 9\bin>dig @213.227.191.1
router14.teamviewer.com +norecurs
; <<>> DiG 9.16.45 <<>> @213.227.191.1 router14.teamviewer.com +norecurs
; (1 server found)
;; global
This is the thing the setup works for many site fast just this
Teamviewer and their DNS servers are a problem and bind does reply to
192.168.53.19 all be it 26 seconds later! but Teamviewer trys over and
over then it connects yet the for the WAN side took under 4 seconds to
get the answer WAN
are going, whether you receive ICMP unreachables
or retries etc.
Also do some tests. If you have BIND you should also have dig. If you don't
have dig, use Windows nslookup in interactive mode and send queries to the
teamviewer NSs.
Right now I would prove that the network is clean first. I see no reason to
This might show the problem even more on two interfaces WAN side and LAN
you can see 192.168.53.19 ask for routerpool8 #60 then bind goes out #62
gets a answer # 75 and no reply back to 192.168.53.19
https://ufile.io/v8oob3jg
--
Visit https://lists.isc.org/mailman/listinfo/bind-users
On starting Teamviewer it can say no connection when bind does the
lookup with this delay it cause bind to not reply LAN side sometimes
which causes the app to fail yet with a bind on Ubuntu there is no problem.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
I'm just using bind to do my DNS look ups with no forwarders thats all
Teamviewer app uses DNS to find its servers from what I can tell it can
take over 4000ms to get a answer.
The following seems to help in bind
resolver-retry-interval 5000;
I think if I can then find a setting in windows
Hi there.
Can you send some information, for those unfamiliar with what you're trying
to do?
- Full BIND config
- IP addresses of relevant things, like interfaces of the servers on which
you are running BIND and of Teamviewer.
- What does Teamviewer need from DNS? What kinds of queries
Now its not working fast again! I don't know now must be Teamviewer DNS
delaying replies causing windows bind to fail in some way.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions
So more tests and the problem has come back but I think I know why
thinking internet sharing was the problem I found a way to disable it
because it bind shared access for port 53 on 0.0.0.0 so that the problem
I think now after testing with it on.
For any interested MS has made it really hard
I'm by no means an expert in DNS or how it fully works so I can't be of
any more help about this problem then I already have. But it seems
Teamviewer have rebooted their DNS servers and now windows bind allows
the Teamviewer to load faster
--
Visit https://lists.isc.org/mailman/listinfo/bind
https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
I don't know if this will be fixed before EOL for windows bind but here
is the problem
Teamviewer (and maybe other sites too) when you do the recursion when no
answer under 1000ms it tries again which is trigged by client windows
(not the one running bind) which also tries again for a answer
" (respectively). This was in spite of the fact that all
RRSIG records were replaced with the new ZSK more than a week prior. I
can only assume that the 9 days somehow relates to how long BIND wanted
to allow itself to generate RRSIGs for all the records in a really,
really large zone file?
will work, but at this
point I'm grasping at straws.
Thanks for your help
PS - sorry for the double post to the mailing list, I wasn't sure if my
last message in this thread went through.
On Sat, Nov 11, 2023 at 11:31 AM Evan Hunt wrote:
> On Fri, Nov 10, 2023 at 05:24:59PM -0500, Lannar Dean via b
quot; to the cf1 zone in view B, I get
zone 'cf1': 'in-view' used with incompatible zone options
So it appears my goal is still not achievable, unless I'm missing
something. Is there some other mechanism to achieve this end result
(sharing some zones between different user populations witho
missing something.
Is there some other mechanism to achieve this end result (sharing zones between
different user populations without loading multiple copies of the zone into
memory)?
I am currently running BIND 9.16.44 by the way.
Thanks for any advice!
--
Visit https://lists.isc.org/mailman/list
of the
child domain zone is to delete the /var/cache/bind contents and restart the
slave daemon. What is the correct method of letting slave servers know that the
child domain zones are changed? I really want to avoid putting an "also-notify"
in the definition for child zone on the master.
--
V
://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
ot;, "internal-mail.example.com" and what have you
are fine because they are more specific than the general "example.com",
queries for which will just fall through to the outide world along with any
other name.
That was a bit of an essay, but I hope at least some of it made sens
on completely. Zones like
"internal-www.example.com <http://internal-www.example.com>",
"internal-mail.example.com <http://internal-mail.example.com>" and
what have you are fine because they are more specific than the general
"example.com <http://example.com&g
/www.ietf.org/archive/id/draft-ietf-add-split-horizon-authority-06.html#name-internal-only-subdomains
It's just so much easier, particularly if you are starting from scratch.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of t
any chance of pushing this through. Also DNSMasq does not
support replication (but it could be scripted). I could look for other
solutions but I doubt I would get anywhere in the company.
I'll spend some time investigating option F, thanks.
Nick
On 04/11/2023 02:03, Nick Tait via bind-users
certainly something that you will have no control over.
E.g. It could be something bogus on a web page that these devices have
all accessed?
Nick.
On 4/11/23 11:30, J Doe wrote:
Hello,
On a Bind 9.18.19 server configured as a recursive resolver, I
sometimes see URL's being noted in the log
distinct sets of authoritative servers, which don't
overlap in any way currently. E.g. Servers A (primary/master), B & C
(secondaries/slaves) are authoritative for internal zone
("Bind-internal"); Servers C (primary), D & E (secondaries) are
authoritative for external zo
On 03/11/2023 20:07, Marco M. wrote:
Am 03.11.2023 um 19:54:32 Uhr schrieb Nick Howitt:
How do you mean remove the zone information?
In your /etc/bind are configuration files.
Look for named.conf* and find those that include zones:
zone "f.8.1.1.0.7.1.0.1.0.a.2.ip6.arpa" {
t
On 03/11/2023 19:30, Marco M. wrote:
Am 03.11.2023 um 19:18:49 Uhr schrieb Nick Howitt via bind-users:
Can the bind-internal not be made to caching only and not
authoritative? If so, how?
Of course it can, simply remove the zone configuration, but it will
then cache the records from
Unfortunately they are not separate subdomains. They are all part of the
same domain. Can the bind-internal not be made to caching only and not
authoritative? If so, how?
On 03/11/2023 19:01, Andrew Pavlin wrote:
Have you considered making your internal DNS servers unpublished
secondaries
On 03/11/2023 18:06, Marco M. wrote:
Am 03.11.2023 um 17:58:51 Uhr schrieb Nick Howitt via bind-users:
On 03/11/2023 17:54, Marco M. wrote:
Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:
My problem is the use of external IP's duplicated between the
internal and external
On 03/11/2023 17:54, Marco M. wrote:
Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:
My problem is the use of external IP's duplicated between the
internal and external masters for some IPs/FQDNs which I want to get
rid of.
Implement IPv6 and get rid of the old IPv4
On 03/11/2023 17:17, Marco M. wrote:
Am 03.11.2023 um 15:51:32 Uhr schrieb Nick Howitt via bind-users:
As this site is externally accessible as well, we also have to put an
identical entry in bind-external so we end up having many identical
entries in bind-internal and bind-external.
It seems
Hmm, I'll admit to only skim reading it but is seems quite complicated
for what I was hoping for. It would be trivial if I could change the
bind-internal machine to using dnsmasq (ugh!). Then the bind-internal
machine would serve up anything it explicitly knew about to the internal
clients
Hi,
I am fairly new to bind but I am thinking my company's use of it is
sub-optimal. We have two bind masters (and a few slaves), one for
internal use so all our internal servers point to it or its slaves as
their DNS resolvers. I will call the internal one bind-internal and the
external one
, but it will take a large company to push them to do so.
Michael Martinell
Network/Broadband Technician
Interstate Telecommunications Coop., Inc.
From: bind-users On Behalf Of Paul Stead
Sent: Saturday, October 28, 2023 11:35 AM
Cc: bind-users@lists.isc.org
Subject: Re: 9.18 BIND not iterated
ain:
mofa.gov.bd.86400 IN NS ns1.bcc.gov.bd.
mofa.gov.bd.86400 IN NS ns2.bcc.gov.bd.
couldn't get address for 'ns1.bcc.gov.bd': not found
couldn't get address for 'ns2.bcc.gov.bd': not found
dig: couldn't get address for 'ns1.bcc.gov.bd': no more
root
Hello,
At this point I am hoping that somebody might have a workaround so that we can
exclude domains from this behavior if they are broken on the far end. Does
anybody have a workaround for this?
We are a small ISP and run BIND compiled from source. We currently run 9.16.x
Every time we try
o refresh my
> certificates.
Not perfect? What issues did you see? Thanks!
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for m
https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
Op 06-10-2023 om 10:28 schreef Paul van der Vlis via bind-users:
Hello,
I try to give a dynamic IP to a name, using nsupdate. This works fine,
but after some hours the IP is gone from the master (which I update).
Something like this:
Host home.customer.nl not found: 3(NXDOMAIN)
The IP
about the removal in the logs. But I saw a "freeze"
and a "thaw" in the logs for the domain.
Any idea why the IP removes after some time?
With regards,
Paul van der Vlis
--
Paul van der Vlis Linux systeembeheer Groningen
https://vandervlis.nl/
--
Visit https://lis
Hi there
On 02/10/2023 11:06, Kurt Jaeger wrote:
In the light of the recent exim security issues[1,2]
I'm trying to find out if bind 9.18.19, if used as resolver,
does enough validation to shield exim instances from CVE-2023-42119 ?
I added 'check-names response fail;' to the internal view
stick around.
I can only assume that the reason you have rumoured state is because you
are trying to roll your ZSK to soon after the previous ZSK rollover?
Have you checked the various timing settings in the KASP definition?
Nick.
On 30/09/23 11:32, Nick Tait via bind-users wrote:
On 29/09/
me both
DNSKEY records for the ZSK after I initiate the rollover when there
should be overlap as described in Automatic DNSSEC Zone Signing Key
rollover explained (isc.org) <https://kb.isc.org/docs/aa-00822>?
Bind 9.16.23 which seems to be the newest release provided by my
distributi
sec>/./
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
if that server is publishing the new DS record.
I suppose the theoretical risk with #1 is that because the responses
from the authoritative servers aren't validated, it would be possible
for a MITM to trick BIND into thinking that the new DS records had been
published before they actually had, which
/@marcodavids | Matrix: @marco:sidnlabs.nl
Nostr: 11ed01ff277d94705c2931867b8d900d8bacce6f27aaf7440ce98bb50e02fb34
OpenPGP_signature
Description: OpenPGP digital signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
https://www.five-ten-sg.com/mapper/bind contains links to the source
rpm, and build instructions. This .src.rpm contains a .tar.gz file with
the ARM documentation, so the rpm rebuild process does not need sphinx-
build and associated dependencies
"example.com" IN {
> type forward;
> forwarders { 127.0.0.1 port xxx; a.b.c.d port xxx; };
> forward only;
> };
>
>
> Please share any other possible solutions.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this li
; technologies both want a piece of the 10 pie. So it doesn't make sense that
> both of them have the whole /8. He needs to make a decision about which DNS
> is higher in the pecking order. Personally I would make it BIND.
> For instance, if you use 10.1 in MS land but 10.2, 10.3 and other
On Sat, 16 Sep 2023 10:22:26 +0100 (BST)
"G.W. Haywood via bind-users" wrote:
> Hi there,
> ...
>I'd be surprised if the OP couldn't manage with 2^20 IPs in a segment -
> but then I guess he does work in the .gov domain.
^^^
now in case I ever
come up against this myself.
(And it's the thirtieth anniversary of RFC1517. What did we miss? :)
--
73,
Ged.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions
. Haywood via bind-users <
bind-users@lists.isc.org> wrote:
> Hi there,
>
> On Sat, 16 Sep 2023, John Thurston wrote:
>
> > A host which auto-registers in MS DNS, creates an A in foo.alaska.gov
> > and PTR in whatever.10.in-addr.arpa. MS DNS is happy to publish those.
>
Hi there,
On Sat, 16 Sep 2023, John Thurston wrote:
A host which auto-registers in MS DNS, creates an A in foo.alaska.gov
and PTR in whatever.10.in-addr.arpa. MS DNS is happy to publish those.
But the DNS system running on BIND also has a whatever.10.in-addr.arpa
zone.
So if I want
zones. Screenshots? In a mailing list?? Try it anyway. You can redact
hostnames if you like, though they won't mean anything out of context.
Secondly, why do you have ...10 in BIND at all? What's its purpose?
Next, I would keep it simple. Don't try and replicate data in different
places if you
Hi John.
Can you tell me a bit more please?
- What zones exist in both BIND and MS DNS for something.10.in-addr.arpa?
- Where are hosts auto registering to? I'd guess MS, but it would be good
to confirm.
- What does fragmentation look like? A few real examples would be useful.
I'm trying
mples. Not the whole
config.- "rndc zonestatus ". Use the same zones you chose from above.
Let’s see what we see.Cheers, Greg
On 8 Sep 2023, at 01:24, Leroy Tennison via bind-users
wrote:
Just to clarify, the configuration I was referring to was supposed to have a
master and slave DNS serv
one file stored locally. Just change the "type", leave the
> "file" statement alone and delete (or comment) the "primaries".
Agreed.
> Does that help?
No. I have personally set up and administered a corosync / pacemaker
cluster to do a standby to master
primary because it
already has the zone file stored locally. Just change the "type", leave the
"file" statement alone and delete (or comment) the "primaries".
Does that help?
Greg
On Thu, 7 Sept 2023 at 19:31, Fred Morris wrote:
> Re-reading the KB article refe
Thanks for your reply, I certainly appreciate it.
On Tuesday, September 5, 2023 at 12:24:30 PM CDT, Fred Morris
wrote:
On Tue, 5 Sep 2023, Leroy Tennison via bind-users wrote:
>
> After some recent upgrading it was discovered that both DNS servers were
> configured as mas
for those issues? Thanks for any insight.--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing
ame
time. This is so that, for popular domains, BIND only has to get an answer
once, for all clients who want it.
There is no such thing though as per-client query rate limiting. However,
there is response rate limiting, configured with "rate-limit", which (as
the name implies) limits th
NS - Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
<https://ftth.posix.co.za>
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the developmen
This seems to be an issue with the domain incometax.gov.in.
DNSSEC looks like is broken for that domain.
NS servers at our location also cannot resolve that directly but if I forward
that query to any ISP provider NS which are more lax it resolves just fine.
Thanks
Sandeep
From: bind-users
Hi Blason.
"incometax.gov.in" is a domain known to cause problems. Take a binary
packet capture and look at it in Wireshark. Also see this
https://dnsviz.net/d/incometax.gov.in/dnssec/
A workaround in BIND is to disable DNSSEC validation for just that domain
whilst leaving it on gene
Recommend you turn off DNSSEC validation and see if it starts working.
If it does, then you know the issue is with how DNSSEC is configured on your
server.
John
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Blason R
Sent: Wednesday, August 30, 2023 8:20 AM
To: bind
isit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
You may already have BIND installed; most distros do. If not, it's easy.
You don't *have* to run named, but tools like this (and dig, particularly)
are very useful to have.
Do "which arpaname" to see if you have it already.
Cheers, Greg
On Thu, 24 Aug 2023 at 08:00, Marco wr
On 8/21/23 10:11 AM, Mark Elkins via bind-users wrote:
Hi,
Hi,
1) Count how many delegated domains there are (Names with NS records)
Mind your $ORIGIN and check the number of NS record owners.
2) Extract the above Names - so I can look for changes (Added/Deleted names)
I suspect
ZA: https://ftth.posix.co.za
<https://ftth.posix.co.za>
Posix SystemsVCARD for MJ Elkins
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www
oesn’t yet exist but is tentatively planned for the
9.19.x timeframe. You can see more about it here:
https://gitlab.isc.org/isc-projects/bind9/-/issues/2748
<https://gitlab.isc.org/isc-projects/bind9/-/issues/2748>
Best,
Richard.
*From:*bind-users *On Behalf Of
*Ritterhoff, Florian
*
.
Original message From: Ondřej Surý Date:
31/07/23 8:10 PM (GMT+12:00) To: matt...@peregrineit.net Cc:
bind-users@lists.isc.org Subject: Re: Zone Transfers Being Refused Well, for
starters your primaries list 192.168.2.10, but your logs show connection from
192.168.1.1…--Ondřej Surý — ISC
Hi Petr!
> > For example, there are 8 secondaries (Mumbai, LosAngeles, Melbourne,
> > Atlante, SaoPaulo...) to which the XFR took 2361 seconds.
> >
> > Are there some mechanisms in Bind that put multiple XFRs together into
> a
> > common stream? Or do you
ds
2361 seconds
2362 seconds
For example, there are 8 secondaries (Mumbai, LosAngeles, Melbourne, Atlante,
SaoPaulo...) to which the XFR took 2361 seconds.
Are there some mechanisms in Bind that put multiple XFRs together into a common
stream? Or do you have any other ideas how it come that several XF
give the result
> you were expecting.
> - I did a dig for "specific.wildcard-test.dynx.me" against my own BIND
> server and it resolved to 1.1.1.1. So the issue is with your resolver. This
> is not new, just confirming that this must be the problem end, not the auth
> end.
&
Real data please:
- example queries (genuine, not invented for illustration)
- real domains
- real IP addresses
- packet captures
- both BIND server configs
- zone file contents
- startup logs
There are so many things it *could* be, the more information the better.
Cheers, Greg
On Sun, 16 Jul
2
> 11-Jul-2023 10:36:21.146 query-errors: debug 4: fetch completed at
> resolver.c:4983 for cadyst.com/A in 10.000118: timed out/success [domain:
> cadyst.com
> ,referral:0,restart:3,qrysent:6,timeout:5,lame:0,quota:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
>
> Regards Sam
101 - 200 of 1745 matches
Mail list logo