RE: BIND 9.14.2 configure problem

Hi Ondrej, My intent is to build BIND 9.14 as a statically linked binary. The details of the config.log reveal that the OpenSSL tests are using dlopen, and since I have only a static library, those tests fail. I worked around the problem by specifying LDFLAGS=-ldl. Thanks, Greg

RE: BIND 9.14.2 configure problem

That makes sense, but unfortunately it does not resolve the problem. I've tried specifying LD_RUN_PATH and LD_LIBRARY_PATH, and exporting them both as well, but BIND 9.14 configure script still complains about lack of ECDSA support in OpenSSL. Greg -Original Message- From: Tony Finch

BIND 9.14.2 configure problem

Hi Folks, I am attempting to build BIND 9.14.2 on a CentOS 7 machine, and having problems with "configure: error: ECDSA support in OpenSSL is mandatory." When I build OpenSSL 1.1.1c, I have tried to explicitly enable ECDSA when running config (first attempt was to just leave the defaults):

BIND 9.14 configure error

Having trouble running 'configure' script for BIND 9.14.2 on CentOS 7 system. I have python 2.7.5 installed, but not the PLY package. The configure script complains: configure: error: Python >= 2.7 or >= 3.2 and the PLY package are required for dnssec-keymgr and other Python-based tools. PLY

BIND 9.11.6-P1 build fails on Solaris

BIND 9.11.5-P4 built fine on this Solaris 10 environment with same configure settings: --enable-ipv6 \ --enable-filter- \ --enable-largefile \ --enable-fixed-rrset \ --enable-threads \ --disable-shared \ --with-dlopen=no \ --with-openssl=/opt/bind911/openssl \ --with-geoip=/opt/bind911/geoip

Re: BIND 9.11.4 dnstap not capturing updates

> I could see it being useful to extend the enum to > AUTH_QUERY_UPDATE/AUTH_QUERY_RESPONSE That should read: I could see it being useful to extend the enum to AUTH_QUERY_UPDATE/AUTH_RESPONSE_UPDATE ___ Please visit

RE: BIND 9.11.4 dnstap not capturing updates

I had started down the path of adding a new enum. However, Robert's comment made sense that the granularity of the enums is really for the QR bit and the various points along the query resolution path, so I just used AUTH_QUERY for prototyping purposes. I could see it being useful to extend

RE: BIND 9.11.4 dnstap not capturing updates

Thanks Robert. I've added a few lines of code to BIND's client.c source module to call dns_dt_send for updates with a type of AUTH_QUERY, and it works as expected. Is there any reason that you can think that it should not be part of the standard BIND dnstap support? If not, I will gladly

RE: BIND 9.11.4 dnstap not capturing updates

That would be the update response, but not the update request. Regards, Greg From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Darcy, Kevin Sent: Friday, August 3, 2018 12:56 PM To: bind-us...@isc.org Subject: Re: BIND 9.11.4 dnstap not capturing updates I'm no expert in

RE: BIND 9.11.4 dnstap not capturing updates

Thanks Tony, I see in the code now where it is not calling dns_dt_send() for the update request. Regards, Greg > I use nsupdate to send a DDNS update to my zone, which is added > successfully. However, the dnstap.output does not record the DNS > update. I think (arguably) this is a

BIND 9.11.4 dnstap not capturing updates

Hello BIND users, (my apologies if this gets posted twice, I first sent to bind-us...@isc.org instead of bind-users@lists.isc.org) I am running BIND 9.11.4 on CentOS 7, built with support for dnstap. I am testing capturing of all DNS

BIND 9.11.4 dnstap not capturing updates

Hello BIND users, I am running BIND 9.11.4 on CentOS 7, built with support for dnstap. I am testing capturing of all DNS packets, including DNS update packets, but they don't seem to be captured. Here are my named.conf options: dnstap-output file "/tmp/dnstap.output" ; dnstap {

RE: Unable to build BIND 9.11.1 with dnstap support

Thanks Mark! I thought it would somehow know to search the 'bin' folder of the packages, but now it makes sense to simply add them to the path. Thanks again, Greg -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Mark Andrews Sent: Thursday,

Unable to build BIND 9.11.1 with dnstap support

Hello Bind Users, I am trying to build BIND 9.11.1 on a CentOS 7 64-bit system, including dnstap support. I have followed the instructions here - https://kb.isc.org/article/AA-01342/0/Using-DNSTAP-with-BIND-9.11.html to build protobuf, protobuf-c, and fstrm. I am also building with support

Unable to build BIND 9.11.0-P3 on RHEL 6.0 64-bit

Hi folks, I am having trouble getting BIND 9.11.0-P3 to build on RHEL 6.0 64-bit. I am linking it with static OpenSSL (1.0.2j) and GeoIP (1.6.6) libraries. Here are my configure options: --enable-ipv6 --enable-filter- --enable-largefile --enable-fixed-rrset --enable-threads

BIND 9.10 also-notify syntax

Hello BIND users, According to the BIND 9.10.3 ARM, the syntax for 'also-notify' in the options section of the named.conf file is: [ also-notify { ip_addr [port ip_port] [dscp ip_dscp] [key keyname] ; [ ip_addr [port ip_port] [dscp ip_dscp] [key keyname] ; ... ] }; However, specifying the

BIND 9.10.2-P3 with GeoIP on Solaris

Hi folks, I am attempting to build BIND 9.10.2-P3 with support for GeoIP on Solaris, but I want a statically linked version of the 'named' binary. On Linux, when I build the GeoIP library, I specify the '-disable-shared' configure flag, and then when I use the GeoIP install directory as the

RE: Enterprise IPAM/DNS Solutions

Josh, In addition to the appliance-only vendor solutions you mention below, you may wish look into the BT Diamond IP product line. This is an enterprise and service provider IPAM solution with full support for DNS and DHCP. It is available as software-only, with a centralized management

RE: dnssec-keyfromlabel out of memory

dnssec-keyfromlabel -a RSASHA1 -l pkcs11:foobar foobar This assumes you have already created a RSA key called foobar in the HSM. Thanks Mark, So, can I assume that the out of memory error really means it just can't find the key? Regards, Greg