Named just uses the notify to trigger an early refresh process. It then just
asks the primaries in configured order. There is no real point in trying the
notifier first.
--
Mark Andrews
> On 10 Mar 2023, at 06:00, Jan-Piet Mens wrote:
>
>
>>
>> I always was
oftware with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Austr
reate subdomain entries inside
> the example.de domain.
>
> Is this possible? What grant/deny rule must i use?
>
> -André
>
> Am 13.02.2023 um 23:33 schrieb Mark Andrews:
>> Step back and tell us what you are attempting to achieve.
>>
>> e.g. I wa
software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley,
.
If that is necessary, why?
Thanks, Danilo
PS: If it matters, this is (still) a manually DNSSEC'd domain.
--
Mark James ELKINS - Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
<https://ftth.posix.co
SC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 S
Add DHCID to the list of record types permitted to be updated by the DHCP
server.
--
Mark Andrews
> On 4 Feb 2023, at 21:15, duluxoz wrote:
>
> Thanks Mark (& Darren & Jan-Piet),
>
> So I made those changes you suggested (Mark), but I'm still having issues (ie
>
just need to
> get these update-policy statements correct.
>
>
> Any help is greatly appreciated - and again, thanks in advance
>
> Cheers
>
> Dulux-Oz
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...
ate-policy but I'd think it should be like this:
>
> update-policy {grant A ;};
This leaves out rule type.
>
> from reading:
> https://bind9.readthedocs.io/en/v9_18_11/reference.html#namedconf-statement-update-policy
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 211
> On 1 Feb 2023, at 05:52, Thomas Schäfer wrote:
>
> Am Montag, 30. Januar 2023, 23:12:53 CET schrieb Mark Andrews:
>> Do you want a correctly operating DNS64 server or do you want to filter
>> all A records? They are mutually exclusive requirements. Please read
>>
(node, network) that is being described as IPv6-only.
You seem to have this strange notion that to run an IPv6-only node or
network that you need to filter out A records. Could you tell me who or
what told you this was required?
Mark
> On 31 Jan 2023, at 06:01, Thomas Schäfer wrote:
>
Named-checkzone and named-compilezone are the same executable. Named-checkzone
looks up remote records to more completely detect configuration errors. See
the man page for details.
--
Mark Andrews
> On 30 Jan 2023, at 19:33, Havard Eidnes via bind-users
> wrote:
>
> Hi,
>
I would be looking for packet loss and / or a bad firewall that is dropping
fragmented packets which is triggering fallback to non EDNS requests If you
are forwarding ensure that the entire forwarding chain is validating.
--
Mark Andrews
> On 25 Jan 2023, at 04:53, John Thurston wr
own
inline-signing can produce this (RRSIGs will differ between servers
as the RRsets are changed at different times and zone serial numbers
may also differ).
There are a whole heap of reasons for IXFR to fail, this being one
of them, and named will fall back to AXFR on any of them.
> Rega
In-line signing is the concept you are looking for and yes named supports it.
--
Mark Andrews
> On 22 Jan 2023, at 07:42, Randy Bush wrote:
>
> hidden primary can not sign. can the public primary which fetches from
> it, and happens to be primary for the parent zone, do
The consistency checks are not new. The message indicates that the IXFR
contained a delete request for a record that doesn’t exist or an add for a
record that exists. Named recovers be performing an AXFR of the zone.
--
Mark Andrews
> On 22 Jan 2023, at 04:31, Havard Eidnes via bind-us
formation.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.or
tinfo/bind-users
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
&g
Please don’t hijack an existing thread by replying to an existing message for a
unrelated subject. It is bad form. Just create a new message and send it to
bind-us...@isc.org.
--
Mark Andrews
> On 8 Jan 2023, at 09:07, Michael Muller via bind-users
> wrote:
>
>
>
rds / Med vänlig hälsning
> Anders Löwinger, CEO, Abundo AB, +46 72 206 0322
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us
if appropriate
and you support it Yes you can sign a FORMERR.
--
Mark Andrews
> On 7 Jan 2023, at 06:50, Justin Krejci wrote:
>
>
> DNS Servers that do not properly support or properly ignore DNS cookies and
> instead return FORMERR is annoying. This is not new. However I have been
Just a reason to not use them for your email. Not everybody is in a position
to repair stuff on a 7/24/365 basis. Notify that the mail is delayed by don’t
bounce.
--
Mark Andrews
> On 7 Jan 2023, at 06:11, Brown, William wrote:
>
> Last I saw, both M365 and Google only retry for
Valid base64 includes spaces and new lines. Poorly written record parsers reject valid records. -- Mark AndrewsOn 30 Dec 2022, at 10:38, Eric Germann via bind-users wrote:
On Dec 29, 2022, at 16:34, Timothe Litt wrote:Yup, Eric's case was a classic example. He tried to do the right
thing
tware with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Aus
stinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> htt
nning non-compliant DNS servers and are
breaking
DNS interoperability. You can workaround the issue by telling named to not
send DNS
COOKIES in its requests.
e.g.
server 119.29.29.29 { send-cookie false; };
Mark
% dig www.qq.com @119.29.29.29 +norec
; <<>> DiG 9.19.6-de
uot;
>
> --
> Chris.
>
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more inf
is in sync with the CDS/CDNSKEY
RRset(s), the Child DNS Operator MAY delete the CDS/CDNSKEY RRset(s);
the Child can determine if this is the case by querying for DS
records in the Parent.
--
Mark James ELKINS - Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.826010496
Parent.
Personally I like to keep the CDS in the child zone, so you can see if
the parent is in sync, that is why I implemented it in BIND 9 to keep
the CDS.
Best regards,
Matthijs
On 23-11-2022 18:24, Mark Elkins via bind-users wrote:
Hi people,
I have read https://kb.isc.org/docs/dnss
g else I need to do? Any additional rndc's ??
--
Mark James ELKINS - Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.826010496
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support
The permanent fix of for PowerDNS to follow the DNS protocol and make the query
over TCP.
They have a choice of solutions. Just make a TCP query and make a second TCP
query for the XFR. Make a TCP query and then the XFR if required over the same
TCP connection.
--
Mark Andrews
> On
orm a SOA refresh query sooner than
the SOA query triggered by REFRESH and RETRY. Those queries are rate limited.
Additionally multiple notify messages often coalesce
into one action as the server is waiting to send or is waiting for responses
when they arrive.
While I don’t see the need, addi
when you are temporally
disconnected.
Any ISP that offers these delegations should be allowing their customers to
transfer
the zone that contains the CNAMEs for the customer address space by default.
Mark
> On 4 Nov 2022, at 16:36, Grant Taylor via bind-users
> wrote:
>
> On 11/4
Cross zone CNAMEs cause accidental cache poisoning with some clients when both
zones are on the same server. Named no longer follows the CNAME for
non-recursive requests to prevent this. More security aware clients will
restart the query after processing the CNAME.
--
Mark Andrews
> On
request. SLACC hosts can update their own
PTR records if you configure the nameserver to allow it. See update-policy
tcp-self.
Mark
> On 28 Oct 2022, at 14:42, Paul Ebersman wrote:
>
> grant> I'd be interested in learning what other things /require/ or are
> grant> at least predic
SC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour S
nd zone file) and
requires the zone to allow dynamic updates.
Since the latest release dnssec-policy requires either inline-signing
to be set to yes, or allow dynamic updates.
I am thinking of adding inline-signing to dnssec-policy, do you think
that would that be useful?
Best regards,
ers / firewalls that only handle
A and lookups.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the developme
s/qname-minimization-and-privacy/
>
> to suggest that it's a GoodIdea(tm).
QNAME minimisation is a good idea. It comes in two flavours, relaxed
and strict. Relaxed tries to cope with some breakages like NXDOMAIN
being returned from ENTs. Strict doesn’t.
Mark
--
Mark Andrews, ISC
1 Seymour
> respond correctly ?
> if it's pebkac, dunno where to look, yet.
>
> or is it actually a problem on for these domains' DNS, and not much i can do
> about it ... other than workaround, or just default to forwarders ?
> --
> Visit https://lists.isc.org/mailman/listinfo/bind
led acknowledgement. For example, an
option specification might say that if a responder sees and supports
option XYZ, it MUST include option XYZ in its response.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET:
Just reload the server.
--
Mark Andrews
> On 20 Oct 2022, at 01:45, PGNet Dev wrote:
>
> running
>
>bind 9.18.7
>
> i've enabled dnssec-policy signing
>
> current KSK & ZSK keys had been generated with
>
>dnssec-policy "prod01"
looked to see which) with updated content.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more in
list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark A
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-user
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
stdout=tornado.process.Subprocess.STREAM,
> close_fds=True,
> env=env)
>
> I'll request that something get pushed upstream. Many thanks for help
> tracking that down!
>
> Casey
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to
ndelijke groet / Best regards,
> Michael De Roover
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact
ort subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2
We don’t log rsamd5 is disabled now ec or ed curves when they are not supported
by the crypto provider. Why should rsasha1 based algs be special?
--
Mark Andrews
> On 2 Sep 2022, at 20:37, Anand Buddhdev wrote:
>
> On 01/09/2022 23:19, Mark Andrews wrote:
>
> Hi Mark,
IN KEY
;; AUTHORITY SECTION:
ssa.gov.60 IN SOA gtmu1.ssa.gov. 1G. 2022082605
10800 3600 604800 60
;; Query time: 273 msec
;; SERVER: 137.200.43.17#53(gtmu2.ssa.gov) (UDP)
;; WHEN: Fri Sep 02 10:18:46 AEST 2022
;; MSG SIZE rcvd: 93
%
Mark
> On 2 S
Yes. You will need to restart the server.
That all said if you are signing zones using RSASHA1 or NSEC3RSASHA1 you should
transition to a newer algorithm if you want to have your zone validated by as
many as possible.
--
Mark Andrews
> On 1 Sep 2022, at 22:59, Anand Buddhdev wr
so much shorter.
ps - Algorithm rollovers can be fun!!!
--
Mark James ELKINS - Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.826010496
OpenPGP_0xB6FA15470B82C101.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
--
Visit https://l
. -- Mark AndrewsOn 3 Aug 2022, at 04:04, Timothe Litt wrote:
On 02-Aug-22 13:18, Peter wrote:
On Tue, Aug 02, 2022 at 11:54:02AM -0400, Timothe Litt wrote:
!
! On 02-Aug-22 11:09, bind-users-requ...@lists.isc.org wrote:
!
! > | Before your authoritative v
DNSSEC is designed to be validated in the application. That applies equally to
internal zones as it does to external zones. One procedure for them all.
--
Mark Andrews
> On 1 Aug 2022, at 11:15, John W. Blue via bind-users
> wrote:
>
>
> As some enterprise networks be
sites.
jf
--
Mark James ELKINS - Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
<https://ftth.posix.co.za>
OpenPGP_0xB6FA15470B82C101.asc
Description: application/pgp-keys
OpenPGP_signa
> option is missing or there is a bug in bind?
>
> With best regards,
> b.
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Con
The client is supposed to lookup missing address records. Complain to the
supplier of the phone that they have a defective product.
--
Mark Andrews
> On 13 Jul 2022, at 21:18, Peter wrote:
>
>
> My Telco has removed the A record for their VoIP server, and now has
>
support
subscriptions. Contact us at https://www.isc.org/contact/
<https://www.isc.org/contact/> for more information.
bind-users mailing list
bind-users@lists.isc.org <mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
<https://li
hostnames for the name
servers.
--
Mark Andrews
> On 27 Jun 2022, at 06:15, Sandro wrote:
>
> Hello,
>
> I recently ran into "bad [owner] name" errors trying to setup a
> '_acme-challenge' subdomain. Yes, this is for Let's Encrypt domain validation.
>
> I wa
Show your procedure.
--
Mark Andrews
> On 5 Jun 2022, at 06:37, @lbutlr wrote:
>
> Using nsupdate when I try to delete an MX record for a domain, I get REFSUED.
>
> When I try to add an MX record with the same priority (or not), it leaves the
> old record as well.
&g
Thanks.
INDENT is being addressed.
Can you add an issue on https://gitlab.isc.org/ for the view name in dnstap?
Mark
> On 2 Jun 2022, at 07:26, Peter wrote:
>
> Hi,
>
> this is broken in 916 (and apparently 918 also).
> Consequentially, output from dnstap gets unread
opment of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley,
no; };” to
named.conf.
Mark
> On 24 May 2022, at 11:12, Lefteris Tsintjelis via bind-users
> wrote:
>
> I turned on all logs channels and this is the error I get:
>
> zone domain.com/IN: refresh: unexpected rcode (FORMERR) from
> primary1.1.2.2#53 (source 0.0.0.0#0
>
>
a problem with your car.
Using ‘example’ is like doing that.
Mark
> On 17 May 2022, at 04:41, frank picabia wrote:
>
> I've been using open source for decades. Long enough that I rarely need to
> use lists for help.
>
> Here's the RFC mentioning reserved domain name use:
specify.
You also missed the leading ‘/‘ on the path when you ran configure previously
as it is not in the path reported below. This all said you should be able just
specify —-with-geoip=yes and configure will figure out the rest.
Mark
> On 17 May 2022, at 06:09, MAYER Hans wrote:
>
>
act/ for more information.bind-users mailing listbind-users@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this listISC funds the development of this software with paid support subscriptions. Contact us a
Working around servers that drop queries causes problems for zones that do have
protocol compliant servers. The workarounds cause problems with getting
DNSSEC responses wic leads to validation failures.
--
Mark Andrews
> On 13 May 2022, at 22:58, Paul Stead wrote:
>
>
Signature-refresh determines when the RRSIGs will be replaced by looking at the
expiration time and working backwards. New RRSIGs are generate Using
signature-interval.
--
Mark Andrews
> On 11 May 2022, at 18:15, Tom wrote:
>
> Hi list
>
> After switching from "sem
--
Mark Andrews
> On 9 May 2022, at 22:32, Veronique Lefebure
> wrote:
>
> Second thought on this topic:
>
> are the BIND EDNS messages rather related to
>
> gr/DNSKEY (alg 8, id 13987): No response was received until the UDP payload
> size was decreased,
portable devices. Switching named to use a public recursive
server that supports DNSSEC in forward only mode helps sometimes. It really
depends on what the middleware is doing.
Mark
> On 6 May 2022, at 09:35, Ted Mittelstaedt wrote:
>
> Thought I would document this in case anyone else
e development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St
py the ID and OPCODE
fields. Copy any
header bits that you know are supposed to be copied. Set the RCODE field to
FORMERR. If it was
a QUERY, and you understood the QUESTION section, you can copy that as well
updating the QUESTION
count.
Basically there is a broken firewall and a brok
It’s already been addressed
--
Mark Andrews
> On 4 May 2022, at 06:16, Larry Rosenman wrote:
>
> I did find a manpage bug for the rndc man page for 9.18.2:
> dnssec (-status | -rollover -key id [-alg algorithm] [-when time] |
> -checkds [-key id [-alg algorithm]] [-when
nfigured
for TSIG.
When you tell dig to use TSIG and it doesn’t get TSIG in the response it fails
the query and complains. dig also hides most of the extraneous details when
performing an AXFR. Add +all to get show these if you want to see them. Add
+qr to see the query.
Mark
> --
>
> On 2 May 2022, at 12:28, J Doe wrote:
>
> On 2022-04-29 01:18, Mark Andrews wrote:
>
>> break-dnssec is about if the client could detect the re-write or not using
>> DNSSEC. If the client has DO=1 in the request and the normal response is
>> signed then rewr
60E3D64328B3D8929838FD1F2AB03CD5C8C72E3185C667B059E00157 D95F8CED
The DS records need to be removed before the DNSKEYs referencing them go. Also
does your registrar support CDS/CDNSKEY or do you need to manually update the
DS records? Based on
https://support.google.com/domains/answer/6387342?hl=en_topic=9018335 I’d
say no
Mark
% dig lerctr.net
gt;
> - J
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bin
43121
>
> and dig only shows my RRSet:
> ❯ dig 0.1.0.0.0.0.0.0.b.d.c.f.2.0.6.2.ip6.arpa +dnssec +nocrypto ns @1.0.0.1
> zsh: correct 'ns' to 'nws' [nyae]? n
>
> ; <<>> DiG 9.16.27 <<>> 0.1.0.0.0.0.0.0.b.d.c.f.2.0.6.2.ip6.arpa +dnssec
> +nocrypto ns @1.0.0
there.
--
Mark Andrews
> On 18 Apr 2022, at 17:57, Thomas Martin wrote:
>
> Hello,
>
> I recently upgraded from Debian Buster to Debian Bullseye and I'm
> having a hard time having the same behavior as before with the new
> bind9 version.
>
> Here is my setup
Worst case should be double the queries which happens when there isn’t a cached
DNSKEY RRset to validate the response. If there are multiple queries clustered
together the overhead is reduced.
--
Mark Andrews
> On 14 Apr 2022, at 22:23, Andrew P. wrote:
>
> Greetings, all.
&
ion
> situation.
> --
> Dave
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more i
Add a static-stub zone for .by which has the addresses of the nameservers for
.by configured. This will break the stupid address fetching loop.
The real fix is for .by to use nameservers that are directly in .by or ones
thot don’t require a loop to get there addresses.
--
Mark Andrews
/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https
The one on line 40
--
Mark Andrews
> On 12 Mar 2022, at 10:28, Michael Richardson wrote:
>
>
> I upgraded to 9.18 from 9.11 or something that was in debian nulleye.
>
> Mar 11 18:14:27 tilapia named[9206]: /etc/bind/named.conf.options:40: invalid
> prefix, bits
IN {
> type hint;
> file "named.ca";
> };
> include "/etc/named.rfc1912.zones";
> include "/etc/named.root.key";
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the deve
t; Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
&g
ds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St.
You switched your server from ‘auto-dnssec maintain;’ to ‘dnssec-policy
mypolicy;’
and removed ‘inline-signing yes;’. Put back ‘inline-signing yes;’ if you want
named to maintain two instances of the zone.
--
Mark Andrews
> On 6 Mar 2022, at 03:49, Josef Vybíhal wrote:
>
> Hi
When building with OpenSSL in non system locations ensure that the
PKG_CONFIG_PATH is properly set.
e.g.
OPENSSL=/opt/local
PKG_CONFIG_PATH=$OPENSSL/lib/pkgconfig
Mark
> On 22 Feb 2022, at 12:29, Larry Stone wrote:
>
> So, just for fun, I decided to see if I could build 9.18.0 on m
EDNS is hop by hop. There is no copying by any compliant server.
--
Mark Andrews
> On 20 Feb 2022, at 06:32, Brian J. Murrell wrote:
> On Sat, 2022-02-19 at 19:02 +0100, Matus UHLAR - fantomas wrote:
>>
>> what's the point of this setup?
>> BIND can resolve by
f this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 211
our time and expertise.
>
>
> Andy Baker
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org
/ bind913/
bind916/ bind918/ bindgraph/
[root@ns-01-jnb /home/tinka]#
Mark.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact
- it's been on
their wishlist for years.
Ah, I misunderstood the OP's question - I thought he meant if their
provider does IPv6, but cannot assign an IPv6 address from their PA space.
Yes, if your providers does not yet support IPv6, then a tunnel broker
like HE (and others) are workable.
Mark
to hear what you see re: 9.16.25.
Mark.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
the days when I ran SuSE Linux and OpenSUSE (up until
2007), I think I recall apps being tied to major/minor OS versions, when
they used RPM as the package manager. It's been a while, so things may
have since changed.
Mark.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
we strike out
and bring our DNS setup up to date and future proofed!
https://www.oreilly.com/library/view/dns-and-bind/9781449308025/
Mark.--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support
resolvers, with no
issue.
9.16. 25 is working fine for our authoritative servers.
9.18 is too new for us.
We have no issue keeping 9.11.36 well beyond its EoL date on our
resolvers, if it means 9.16 needs further improvements for that
use-case. Thanks.
Mark.--
Visit https://lists.isc.org
, and no
more so.
Mark.--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
101 - 200 of 2289 matches
Mail list logo