ailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
A ns3.dnsv5.com.
enterprise3dnsadmin.dnspod.com. 1688974445 3600 180 1209600 180
...
Again, "Additional" count is wrong, and the SOA owner name is
wrong -- it should have been cloud.huawei.com, since the copy of
the NS RRset from the huawei.com zone indicates that
cloud.huaw
On 2023-07-07 12:17, Emmanuel Fusté wrote:
Le 07/07/2023 à 11:57, Jakob Bohm via bind-users a écrit :
On 2023-06-02 05:02, Jesus Cea wrote:
On 2/6/23 4:25, Mark Andrews wrote:
Yep, some people just don’t take care with delegations. Complain
to Huawei.
Complain to the other companies you
this misconfiguration works fine for 99.9%
of their users, clients of more "lax" DNS resolvers.
What I get from your reply is that BIND is not expected to do anything
about this. It is a bit disappointed but I agree that BIND is doing
the right thing. Too bad big players don't care. But I need
/23 11:29 PM (GMT+12:00) To: bind-users@lists.isc.org Subject: How
to update zone with dnssec-policy Dear all,I have the following problem that
changes in a zone file do not get active, no matter if I reload the zone using
rndc or restarting bind 9.16.42 on FreeBSD.If I update a zone I edit
it should be 755 or 750.
(As to linux a directory is a file the x is needed to parse(execute)
it.)
Thus giving the bind user and only the bind user (and root) exclusive
write access.
Whether you want them world readable is a matter of preference, I
don't think it is needed. Any user needing read
: error occurred
writing key to disk (retry in 600 seconds)
So, to bypass it had to change permissions of my /var/cache/bind/keys
directory to rwxrwxr-- (774) and all the files therein to rw-rw-r-- (664).
One step closer, thanks to all :-). Best regards
El 29/6/23 a las 03:16, Matthijs Mekking
b DNS server at 10.32.1.6/192.168.10.183:
> include "/etc/bind/rndc.key";
> include "/etc/bind/ddns-key.key";
>
> zone "lab.domain.com" {
> type master;
> forwarders {};
> file "/var/lib/bind/db.lab.domain.com";
> update-policy {
>
On 6/29/23 6:44 AM, Matus UHLAR - fantomas wrote:
bind has "sortlist" statement that could do what you want. It will
provide all IPs but sorted differently.
+1 to "sortlist". I couldn't remember the exact nomenclature nor how it
was used.
Otherwise, you can s
Hi Ubence.
That is starting to get complex!
Firstly, yes BIND parses views top down, so order matters.
Secondly, most specific domain wins (like more specific routes).
I now see that you have created three levels of zones:
domain.com
lab.domain.com
system.lab.domain.com
This config looks like
El 29/6/23 a las 09:40, Anand Buddhdev escribió:
On 29/06/2023 14:13, Daniel Armando Rodriguez via bind-users wrote:
[snip]
Error is not the same as before, I see it know (fresh eyes maybe)
Jun 29 08:42:37 web kernel: [5679658.761672] audit: type=1400
audit(1688038957.685:548): apparmor
=== /etc/bind
total 84K
drwxr-sr-x 3 root bind 4,0K jun 28 17:07 .
drwxr-xr-x 134 root root 12K jun 22 11:15 ..
-rw-r--r-- 1 root root 2,4K feb 26 06:27 bind.keys
-rw-r--r-- 1 root root 255 feb 26 06:27 db.0
-rw-r--r-- 1 root root 271 jun 30 2017 db.127
-rw-r--r-- 1 root root 237
ystem that has two network cards on both the 192.168.10.X
> network and 10.32.10.X network.
>
> I have a remote system that is also configured to on both networks, with
> hostnames on both domains/networks.
>
> I have a hostname entry in my primary master for the domain.com [
> s
Exactly the same
El 28 de junio de 2023 6:50:26 p. m. GMT-03:00, Mark Andrews
escribió:
>The *exact* same error, word for word, or a different permission denied?
>
>> On 29 Jun 2023, at 06:35, Daniel Armando Rodriguez via bind-users
>> wrote:
>>
>&g
However, as soon as I added this
dnssec-policy "default";
inline-signing yes;
Error came up again :-(
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
El 2023-06-28 16:00, Anand Buddhdev escribió:
On 28/06/2023 20:44, Daniel Armando Rodriguez via bind-users wrote:
Hi Daniel,
[snip]
# ls -alh /etc/bind/zonas/
drw-r-S--- 2 bind bind 4,0K jun 28 14:55 .
drwxr-sr-x 3 root bind 4,0K jun 28 15:06 ..
-rwxr-xr-- 1 bind bind 323 ene 16 10:59
Certainly, you pointed in the right direction :-)
Previously I've had setted up setgid bit to /etc/bind/zonas/ due to
complains from apparmor. Now, I've removed that bit and added an
override to such folder in /etc/apparmor.d/local/usr.sbin.named.
Et voila!
However, I wonder the reason
Hello,
I think
chmod ug+x /etc/bind/zonas/
should solve the issue by giving the
owner (bind) and the group (bind) permissions to enter the
directory.
Danilo
Before I start describing the problem, I should mention that this
incident started when I tried to enable DNSSEC. I understand that it is
unrelated, but previously everything was working correctly.
I'm using Debian 11 and Bind 9.18 from backports
This is current config
# named-checkconf
nce between the two values?
>
>
>
> Regards, Sami
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
&
match LAN to LAN configuration in the VPN.
(LAN A)---[.1 R1 .83]---(Internet)---[.77 R2 .1]---(LAN B)
Something like / from memory:
r1# ip route add $LANB via $GW from $LANA.1
Grant. . . .
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ind9.readthedocs.io/en/v9.18.16/dnssec-guide.html
>
>--
>Ondřej Surý — ISC (He/Him)
>
>My working hours and your working hours may be different. Please do not feel
>obligated to reply outside your normal working hours.
>
>> On 22. 6. 2023, at 20:43, Daniel A. Rodrigue
I wonder if it's mandatory make a manual deployment prior to an automated setup.--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
https://www.five-ten-sg.com/mapper/bind contains links to the source
rpm, and build instructions. This .src.rpm contains a .tar.gz file with
the ARM documentation, so the rpm rebuild process does not need sphinx-
build and associated dependencies
ours and your working hours may be different. Please do not feel
>obligated to reply outside your normal working hours.
>
>> On 22. 6. 2023, at 17:53, Marco wrote:
>>
>> Am 22.06.2023 um 11:47:50 Uhr schrieb Daniel Armando Rodriguez via
>> bind-users:
>>
As of this morning I'm getting this error on log, and was working fine
previously
loading configuration from '/etc/bind/named.conf'
directory '/etc/bind' is not writable
/etc/bind/named.conf.options:2: parsing failed: permission denied
/etc/bind detail
drwxr-sr-x 4 root bind 4,0K jun 22 11
There are several tools with different features and behavior. I would take
alook at dnsperf, kxdpgun and flamethrower
regards
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von
> sami.ra...@sofrecom.com
> Gesendet: Mittwoch, 21. Juni 2023 17:59
> An: bind-user
;antlauncher.com" doesn't is down
> to BIND needing to perform recursion and get an answer before RPZ kicks in
> and overwrites it (unless you specify `qname-wait-recurse no;`). "
> example.com" actually gets an answer (from IANA) but "antlauncher.com"
> gets
Hi Sami.
That's not what I said.
Yes, you can do this with RPZ if you want - it's all in the BIND ARM - but
it's not something I would do.
Cheers, Greg
On Mon, 19 Jun 2023 at 12:40, wrote:
> Thank you Greg
>
> So if I understand correctly if we receive a servfail return co
to change the return code for this
> domain name to "NXDOMAIN" so as not to distort the monitoring result .
>
> Regards
>
> *De :* Greg Choules
> *Envoyé :* lundi 19 juin 2023 10:03
> *À :* RAHAL Sami SOFRECOM
> *Cc :* bind-users@lists.isc.org
> *Objet :*
t! for that does not work for a domain name that
> already has the return code "SERVFAIL" and we want to change this code by
> "NXDDOMAIN" like this domain name "antlauncher.com"
> regards Rahal
>
> -Message d'origine-
> De : bind-users De la
I need to hijack certain domains and not its subdomains, so I use dnsmasq to
achieve it:
```
[host-record=example.com](http://host-record=google.com),1.2.3.4
```
In bind I have to create a zone and copy everything there, is there a simple
way for domains I have no authority for?--
Visit https
;rndc reconfig && rndc reload && systemctl
restart bind" on both servers.
They are both Centos 7 running Bind 9.16.40.
When it fails, I get this message:
[root@ns2 ~]# delv itctel.com @ns2.itctel.com
;; validating itctel.com/A: verify failed due to bad signature (keyid
med to use, but might
want other outgoing traffic to use, you would need some "policy based routing",
which can get complicated. In Linux, this is controlled by "ip rule" (not "ip
route").
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscr
I’ve got a case where using BIND (v9.16.41) as a secondary to a third party
(commercial) primary nameserver. Using TSIG for the zone transfers. Have
verified zone transfers and TSIG key using dig between hosts. BIND is
configured to use TSIG for the primary server using server x.x.x.x { keys
.com. 600 IN NS ns4.dnsv5.com.
So... Neither of those three appear to even implement the
concept of "zone", and the observed behaviour ensues, as the SOA
when asked for or NS records for that name results in an
upwards referral, and that now triggers a SERVFAIL, as that
do
On 2/06/23 15:02, Jesus Cea wrote:
What I get from your reply is that BIND is not expected to do anything
about this. It is a bit disappointed but I agree that BIND is doing
the right thing. Too bad big players don't care. But I need to "solve"
this, so dropping BIND (nooo!) o
You are most welcome, I'm glad you got it running. Now the fun starts! :D
Greg
On Tue, 30 May 2023 at 21:02, Pacific wrote:
> Thank you and to everyone who took the time to respond. Your collective
> input did the trick and I now have bind running successfully through a brew
> insta
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
https://www.five-ten-sg.com/mapper/bind contains links to the source
rpm, and build instructions. This .src.rpm contains a .tar.gz file with
the ARM documentation, so the rpm rebuild process does not need sphinx-
build and associated dependencies
Hi Alex.
TL;DR 9.18 is stricter than 9.16 at handling junk responses from
authoritative servers.
Looking at a packet capture for this from my own BIND server (9.18.14) the
response from 195.178.56.17 is FORMERR, which tends to mean that it objects
to something in the query. The correct response
192.168.1.10 & 192.168.1.11 queried from ${UPSTREAM_DNS_PROVIDER}.
Grant. . . .
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more inf
Hi Darren,
Sorry for late response, see below scrubbed config;
We updated the bind to 9.18.14 but still experienced the same issue.
controls {
inet 127.0.0.1 port 953 allow {
127.0.0.1/32;
} keys {
"rndc-key";
};
};
logging {
channel "default_syslog" {
fil
view testing without
needing to rip n replace DHCP configs.
John
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Kereszt
Vezeték
Sent: Monday, May 15, 2023 1:58 PM
To: bind-users@lists.isc.org
Subject: host restriction
Hi Everybody
Can someone help me with the following
.fish.hub localhost
> Host ns1.fish.hub not found: 3(NXDOMAIN)
# host -t NS fish.hub localhost
> Host fish.hub not found: 3(NXDOMAIN)
Any suggestions gratefully received. Pertinent parts of named.conf
and zone file are shown below, if you need more info please don't
hesitate to ask
The named binary *could* exist in many places; it depends on the OS. For
example, with a Homebrew install on my Mac it's here:
/usr/local/Cellar/bind/9.18.14/sbin/named because of this build parameter:
--prefix=/usr/local/Cellar/bind/9.18.14
It's linked to from /usr/local/opt/bind/sbin/named
Hello.
By far the simplest way to install BIND natively on Mac is to use the
Homebrew package manager. I have 9.18.14 installed on mine and it works
fine.
The other alternative is to run it from the Docker image. See here for
details: https://hub.docker.com/r/internetsystemsconsortium/bind9
Hope
Hi Bind Users,
Any one familiar with the error we encountered on DNS BIND 9.18.2 Ubuntu
for DNS Caching, below;
We are using RPZ for redirecting domains (porn sites) where we already have
20k+ entries.
The domain (globem2m.com.ph) from below logs is not in the RPZ list but was
processed for RPZ
Hello,
I have gss-tsig running for authenticating dynamic DNS update requests for a small MIT Kerberos realm, which is working fine. Is it possible to further use gss-tsig for zone transfers instead of shared keys?
Thanks,
Richard
--
Visit https://lists.isc.org/mailman/listinfo/bind-users
hy the zone entries would use that tsig labeled one instead of the
globals since they were not referencing the tsig custom properties.
Thanks for the pointer, I'm up and running.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the developme
t;ns-gshapiro-net-xfer"
allow-query.ext IN APL 1:0.0.0.0/0
;; Zones (% printf '\7example\3org\0' | openssl sha1)
8477e81e5c5997a573ae2f33b5863c403c5d45fc.zones IN PTR gshapiro.net.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
t
Hi,
I have a situation where in a BIND 9 zone with dnssec-policy and
inline-signing, after a ZSK rollover, the (old) ZSK is refusing to retire.
Although the timing metadata shows the retire and deletion dates in the past,
the ZSK is still in the zone and is signing the records (along
nder. Yixi Meta is registered with the Dutch Chamber of
> Commerce trade register with number 85744115.*
> --
> *Van:* Greg Choules
> *Verzonden:* Wednesday, April 19, 2023 11:01:00 PM
> *Aan:* Jiaming Zhang
> *CC:* bind-users@lists.isc.org
> *Onderwerp:* Re: Best practic
Regards,
- Håvard
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
ht
that much about the parent setup.
Anyway, thanks and regards!
David
From: bind-users On Behalf Of Petr Menšík
Sent: 21 April 2023 10:59
To: bind-users@lists.isc.org
Subject: Re: DNSSEC and forward zone
Would it make sense to create a subdomain for internal use, but have the main
zone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
https://www.five-ten-sg.com/mapper/bind contains links to the source
rpm, and build instructions. This .src.rpm contains a .tar.gz file with
the ARM documentation, so the rpm rebuild process does not need sphinx-
build and associated dependencies
e information inside it, without a written
> consent from the sender. Yixi Meta is registered with the Dutch Chamber of
> Commerce trade register with number 85744115.*
> --
> *Van:* Greg Choules
> *Verzonden:* Tuesday, April 18, 2023 2:51:05 PM
> *Aan:* Jiamin
Hi Håvard
Odd, it works for me. Try a literal copy/paste of the link below. Or go to
https://kb.isc.org and search for packages:
https://kb.isc.org/docs/isc-packages-for-bind-9
Cheers, Greg
On Wed, 19 Apr 2023 at 12:03, Havard Eidnes via bind-users <
bind-users@lists.isc.org>
r
> some distros maintained by ISC
> (https://kb.isc.org/docs/isc-packages-for-bind-9).
I stand corrected, thanks for reminding me. I come from the
non-Linux open source side, so needs this reminder from time to
time.
BTW, if someone from ISC is listening in, the above KB URL
currently retu
, and even if
they were, the key would be different than that on the outside servers, which
is the same domain.
Not optimistic
Regards
David
-Original Message-
From: bind-users On Behalf Of Petr Špacek
Sent: 19 April 2023 10:35
To: bind-users@lists.isc.org
Subject: Re: DNSSEC
Anyway, It is working using your suggestion. Apparently everything is also fine
from the outside.
But I’ll have to check Petr Špaček post and study more.
Thanks!
David
From: Darren Ankney
Sent: 19 April 2023 10:27
To: David Carvalho
Cc: Bind Users Mailing List
Subject: Re: DNSSEC
Hi and thanks for the reply.
Does it make sense to not validate my parent domain entirely? Wouldn’t that
also stop exterior validation when I request it?
Thanks!
David
From: Darren Ankney
Sent: 19 April 2023 10:27
To: David Carvalho
Cc: Bind Users Mailing List
Subject: Re: DNSSEC
servers, I guess not using DNSSEC?
Can this only be accomplished by adding these entries to my parent domain?
Thanks!
Kind regards
David Carvalho
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with pa
*
> --
> *Van:* Greg Choules
> *Verzonden:* Tuesday, April 18, 2023 2:10:49 PM
> *Aan:* Jiaming Zhang
> *CC:* bind-users@lists.isc.org
> *Onderwerp:* Re: Best practice MultiView
>
> Hi Jiaming.
> I had a similar requirement. Since
merce trade register with number 85744115.*
> --
> *Van:* Greg Choules
> *Verzonden:* Monday, April 17, 2023 4:43:58 PM
> *Aan:* Jiaming Zhang
> *CC:* bind-users@lists.isc.org
> *Onderwerp:* Re: Best practice MultiView
>
> Hi Jiaming.
>
> You do not have to sift through lists.
That depends entirely what one wants to do. I see a couple of
scenarios where that may be required:
1) Let's say someone has flagged to you as a BIND administrator that
your BIND installatin is susceptible to CVE-2022-3924. This
could be done
On 18/04/2023 2:16 am, Matt Zagrabelny via bind-users wrote:
On Mon, Apr 17, 2023 at 9:04 AM Marco wrote:
Am 17.04.2023 um 08:59:29 Uhr schrieb Matt Zagrabelny via bind-users:
> I'm running a little older Debian bind:
>
> bind9 1:9.9.5.dfsg-9
Th
On 18/04/2023 2:43 am, Greg Choules via bind-users wrote:
Why do you need it? Do you have some secondaries that are not listed
as NS in zones?
The goal was to have the primary use a particular TSIG key when it sends
out the NOTIFY messages to the secondaries, which is achieved by turning
off
server has IPv4 (single or
multiple) and IPv6 glued with the domain name, and I was wondering if
by setting domain name instead of IP, bind will intelligently find if
it would need to communicate with which IP (like it currently do with
|notify yes|). I asked because if by any chance
Hello Ondřej,
On Mon, Apr 17, 2023 at 9:26 AM Ondřej Surý wrote:
>
> > On 17. 4. 2023, at 15:59, Matt Zagrabelny via bind-users <
> bind-users@lists.isc.org> wrote:
> >
> > Greetings bind-users,
> >
> > I'm running a little older Debian bind:
tead of IP?
> Both name server has IPv4 (single or multiple) and IPv6 glued with the
> domain name, and I was wondering if by setting domain name instead of IP,
> bind will intelligently find if it would need to communicate with which IP
> (like it currently do with notify yes). I as
On Mon, Apr 17, 2023 at 9:04 AM Marco wrote:
> Am 17.04.2023 um 08:59:29 Uhr schrieb Matt Zagrabelny via bind-users:
>
> > I'm running a little older Debian bind:
> >
> > bind9 1:9.9.5.dfsg-9
>
> The upgrade your OS, stretch already has 9.10 a
Greetings bind-users,
I'm running a little older Debian bind:
bind9 1:9.9.5.dfsg-9
Scenario: I have two authoritative servers locally and three authoritative
servers that are part of the parent domain:
$ dig +short NS sub.example.com | sort
ns-0.sub.example.com.
ns-1
> Our CentOS/RHEL 8 package are not just random BIND 9 snapshot.
Then please let me suggest that there is possibly an issue with
identification (customer said "9.16.23") and documentation of the
actual changes that are incorprorated in your distribution, compared
to the upstream-mai
aok after restarting the service.
Thank you all who took the time to clarify me about this.
Kind regards
David Carvalho
-Original Message-
From: Mark Andrews
Sent: 14 April 2023 02:35
To: David Carvalho
Cc: Evan Hunt ; bind-users@lists.isc.org
Subject: Re: dnssec-validation?
> O
EC policy. The reason why certain zones are (re)defined in other
views rather than linked using “in-view” is a need for different zone data, different
“allow-query” settings etc.)
So eventually it may be as simple as replacing “auto-dnssec maintain;” with
“dnssec-policy "standard";” and
t key name.
Nick.
On 17/04/23 22:12, Mark Andrews wrote:
You use keys as well when sending notify to select which view processes the
notify
On 17 Apr 2023, at 18:44, Jiaming Zhang wrote:
Dear community,
I was wondering if notifying and updating zones in different view (say "in
On 17/04/23 09:08, Andrej Podzimek via bind-users wrote:
The easiest (?) way to make DNSSEC work in all views has been to keep
a dnssec-policy for zones in *one* of the views (to generate and
maintain keys) and then passively refer to the keys from the zones’
counterparts in other views using
Hi bind-users,
I have asked this question on GitLab, but hijacking a closed issue to ask
questions is bad practice (often rewarded with silence), so I’m re-posting the
question here.
https://gitlab.isc.org/isc-projects/bind9/-/issues/3769#note_356577
My DNS server serves multiple views
named.conf on the primary and secondary server to
find why dnssec-validation needs to be off on the primary.
Thanks!
David
-Original Message-
From: Mark Andrews
Sent: 14 April 2023 02:35
To: David Carvalho
Cc: Evan Hunt ; bind-users@lists.isc.org
Subject: Re: dnssec-validation?
and reload, I would stick with this version.
Regards
David
-Original Message-
From: Evan Hunt
Sent: 13 April 2023 18:08
To: David Carvalho
Cc: bind-users@lists.isc.org
Subject: Re: dnssec-validation?
On Thu, Apr 13, 2023 at 11:38:15AM +0100, David Carvalho wrote:
> Problem number 1: Dns
Hello and thank you for the reply.
I can confirm my current dns servers have already EPEL repo enabled and
jemalloc package is available.
I'll setup my test machine accordingly to be able to install BIND 9.18. Will it
also provide named-chroot (is it really necessary?)
Thanks!
David
Hello and thanks for the reply.
I enabled this repo in Oracle Linux 8 with: dnf copr enable isc/bind
Then I tried to install (dnf install isc-bind) but I got:
Error:
Problem: package isc-bind-1:2-3.el8.x86_64 requires isc-bind-bind, but none of
the providers can be installed
- package isc
Hello.
Both content and timestamps. I've been told previously here that there is a bug
prior to version 9.16.30. I'm using 9.16.23, no update available yet.
No, not removing
Regards
David
-Original Message-
From: bind-users On Behalf Of Jan-Piet Mens
Sent: 13 April 2023 11:12
rt?
Kind regards,
David Carvalho
-Original Message-
From: Evan Hunt
Sent: 12 April 2023 18:08
To: David Carvalho
Cc: bind-users@lists.isc.org
Subject: Re: dnssec-validation?
On Wed, Apr 12, 2023 at 05:41:33PM +0100, David Carvalho via bind-users
wrote:
> After reverting my primary dns
Hello and thank you for the reply.
My domain is "di.ubi.pt". The parent domain "ubi.pt" recently configured
DNSSEC (BIND 9.11) so it was time again for me to try to set it up for my
domain.
A few months ago I updated both dns servers to Oracle Linux 8, running BIN
(i.e. same as suggested by Evan Hunt) rather than returning a
bogus IP address.
FWIW I haven't experienced any issues with youtube, so I wonder whether
one of these differences could be the cause of your CPU usage issue?
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs
that would
work within the inline-signing framework. But perhaps I was being overly
optimistic?
I've decided I'll stick with manual KSK roll-overs for now... :-)
Thanks again.
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds
On 13/04/2023 5:58 am, Havard Eidnes via bind-users wrote:
I suspect you don't need the NS records in challenge.state.ak.us and
if you remove them then the records in challenge.state.ak.us are
simply part of the state.ak.us zone since they're served off of the
same server.
Unfortunately
the delegations properly by
copying the NS RRset from the child to the parent, plus any required
address glue records, and this particular problem will not become an
issue.
Best regards,
- Håvard
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds
it'll matter when you decide to add DNSSEC to the zone, and it's also
good hygiene in the absence of DNSSEC so that any future maintainer
can be reminded that there is a subdomain at that name when looking at
the parent.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
? Any help appreciated.
Regards
David
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing
Hi list.
I'm currently running a few DNSSEC zones in BIND using dnssec-policy
option, albeit with an unlimited lifetime on the KSK, so that I can
control KSK roll-overs (which is necessary because my Registrar doesn't
support RFC 7344)...
Anyway I know that BIND supports RFC 7344 via
Thank you so much!
Regards
David
-Original Message-
From: bind-users On Behalf Of Matthijs
Mekking
Sent: 11 April 2023 13:03
To: bind-users@lists.isc.org
Subject: Re: Fully automated DNSSEC with BIND 9.16
On 4/11/23 13:14, David Carvalho wrote:
> Hello and thank you so much for y
domain?
I'll have to read more about ZSK, KSK and CSK rollovers. All of this is new to
me so far.
Thanks!
David Carvalho
-Original Message-
From: bind-users On Behalf Of Matthijs
Mekking
Sent: 11 April 2023 11:16
To: bind-users@lists.isc.org
Subject: Re: Fully automated DNSSEC
Hello, hope everyone is fine.
So it seems that going to Bind version 9.16 was the right call as it
simplifies DNSSEC a lot.
Nevertheless, I would like to clarify some things because our organization
has a parent domain and I host my own e-mail servers. I know they had
problems while implementing
for higher deployment rates.
>
> Greetings,
> Klaus
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/co
had a tax incentive
to encourage DNSSEC adoption, but no regulatory requirement.
cheers,
raf
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/
i am very very sorry ,
the zone info of first mail -zone "bd.baidubce.com." i write
wrong;
the wright info iszone "x.bd.bcebos.com."
please just see this mail,
when i use bind-9.11 for my interdns deviceip is 10.1.1.1,i config
zone "x.bd.bcebos.com."
in
hibind admin,
when i use bind-9.11 for my interdns?? deviceip is 10.1.1.1,
i config
zone "bd.baidubce.com."
in{ type forward ; forward only; forwarders { 10.10.10.10; }; };
1??when i dig @10.1.1.1 x.bd.bcebos.com.
2??10.10.10.10 return record "CNAME bd.bcebos.com.,
to
support that.
;-)
I bring this up as this is something that I've stubbed my toe on and I
would like it if others can avoid similarly stubbing their toes.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-u
201 - 300 of 1745 matches
Mail list logo
