Thanks for the reply
On 2020/04/14 08:42, Matthijs Mekking wrote:
Mark,
On 4/13/20 8:54 PM, Evan Hunt wrote:
On Mon, Apr 13, 2020 at 02:22:53PM +0200, Mark Elkins wrote:
Question - What are the "TYPE65534" records? What are they saying? I am
using "DiG 9.16.1" so
> On 14 Apr 2020, at 04:54, Evan Hunt wrote:
>
> On Mon, Apr 13, 2020 at 02:22:53PM +0200, Mark Elkins wrote:
>> Question - What are the "TYPE65534" records? What are they saying? I am
>> using "DiG 9.16.1" so surprised it doesn't know.
>
&g
erial Number still needs to be maintained manually.
Was expecting a more OpenDNSSEC approach. Would love an automated
MMDDxx number - date it was last 'modified'. Would be perfect for
small zones that are rarely updated.
--
Mark James ELKINS - Posix Systems - (South) Africa
m...@posi
Use tsig-keygen.
--
Mark Andrews
> On 11 Apr 2020, at 09:52, moo can via bind-users
> wrote:
>
>
> Hello,
>
> For educational purpose I need to setup an DDNS between DCHPD and BIND.
>
> Everywhere, debian, zytrax, freeipa, veritas ... use dnssec-keygen.
Add delegations if they are missing. This is how DNS is designed to be managed.
This should have been done as part of allocating the address space initially.
--
Mark Andrews
> On 8 Apr 2020, at 02:43, bind-li...@iano.org wrote:
>
> Currently our linux caching resolvers have a f
for the
children of 10.in-addr.arpa.
};
Forwarding should NEVER be needed if servers are reachable at the IP level. If
the solution says “configure a forward zone” it is almost always wrong.
Do the similar for the top of all other private namespaces you are using.
Mark
> On 4 Apr 2020, at 03
> On 2 Apr 2020, at 11:59, Jim Popovitch via bind-users
> wrote:
>
> On Thu, 2020-04-02 at 09:27 +1100, Mark Andrews wrote:
>>> On 2 Apr 2020, at 06:53, Jim Popovitch via bind-users <
>>> bind-users@lists.isc.org> wrote:
>>>
>>> H
n length (4 bytes, network byte order )
TKEY token (remainder of packet)
The daemon replies with a four-byte value in network byte order, containing
either 0 or 1; 0 indicates that the specified update is not permitted, and 1
indicates that it is.
Mark
> tia!
>
> -Jim P.
>
>
> ___
1585729721 300 16 xx==
> 30709 NOERROR 0
>
>
> Is there any alternative to nsupdate that can do this? Or some newer version
> of nsupdate that can acomplish this?
>
> Thanks
>
>
> *1 https://github.com/benapetr/dnsphpadmin
>
> ___
gt;
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-user
>
> - Håvard
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mail
oaded from https://developer.apple.com/download/more/ or,
if you have Xcode already installed, you can run xcode-select --install.
(Note that an Apple ID may be required to access the download page.)
Mark
> On 25 Mar 2020, at 09:08, Larry Stone wrote:
>
> Thanks, Ondrej. It took some doing
m + the query section + the header + the
authority section. Turning on minimal responses will help if not already
enabled.
Mark
> --
> Bob Harold
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>
and the content of /var/named/keys are?
> On 11 Mar 2020, at 12:06, Alan Batie wrote:
>
> On 3/10/20 5:51 PM, Mark Andrews wrote:
>> So what do you still have related to the zone? Have you examined the
>> contents of those files? Some of them may be binary so grep w
order and
there are limits on the number of nodes processed and the numbers of signatures
generated in each increment. These are controlled by the following
options.
sig-signing-nodes ;
sig-signing-signatures ;
Mark
> rndc zonestatus 45.10.0.10.in-addr.arpa
> name
So what do you still have related to the zone? Have you examined the
contents of those files? Some of them may be binary so grep won’t work.
Are you actually looking in the right place. Are you running chroot?
Did you really stop named? How is the zone defined in named.conf?
Mark
> On 11
85427 IN DS 9675 5 2
EBC1B325B8740433571AC648B0925A2158D5521446DFE50402142243E834F234
cascocom.com. 85427 IN DS 30841 8 2
E8870853532B4CF3588FE6B4DE59324F5E99C8C40F29CDED06845321CFDAB46C
now I don’t know exactly what you did but detected error will have been logged.
Mark
&g
hat 30 seconds before giving up.
DNS, initially, is UDP and the client manages retransmission attempts. Named
uses sub second initial timeouts. Most of the world is less that 200ms RTT
from any other point though there are exceptions.
Mark
> Failures aside, I’m worried about creating a bad
> On 26 Feb 2020, at 08:40, Alan Batie wrote:
>
> On 2/25/20 1:30 PM, Mark Andrews wrote:
>> Firstly unset the deletion date for the old key. It is way
>> too early for incremental re-signing. Named replaces RRSIG
>> *as-they-fall-due* for re-signing. With the
with that
key. It does NOT cause old RRSIGs to be replaced. This is
deliberate.
You are using offline signing timings where everything in the
zone is re-signed at once. To use the offline time model just
use 22.5 days as the time to sign the zone rather than the fictional
0 seconds.
Mark
> On 26
of the
zone to the raw zone when adding the deletion CDS and CDNSKEY records. Wait for
the parent zone to remove the DS records, then remove the CDS, CDNSKEY, and
DNSKEY
records from the raw zone.
Mark
> On 21 Feb 2020, at 18:31, Tom wrote:
>
> Hi Mark
>
> Thank you for yo
all DS records or replacing
all the DS records with the CDS records, or generating a new set of DS records
from the CDNSKEY records. You can't do both at once.
Mark
> On 21 Feb 2020, at 03:54, Ondřej Surý wrote:
>
> Hi Tom,
>
>> On 20 Feb 2020, at 17:42, Tom wrote:
>>
_t *dir);
>
> | ^
>
> make: *** [Makefile:9: dir.o] Error 1
>
>
>
> 9.14.11's module builds are both, still OK
>
> I've not found relevant mention in CHANGES, and nothing, yet, in bugs etc.
>
> Known issue? f
://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
__
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Vall
with
BADSIG. [RT #37216]
The fix preserves the transaction ID when forwarding the SIG(0) signed message.
Mark
> On 4 Feb 2020, at 15:47, Matthew Davis wrote:
>
> Greetings.
>
>Please excuse this re-posting. My initial messages was inadvertently
> marked
customers. This will require BITWORKS.NET reporting the fault to their
vendor.
In the meantime you can stop named sending DNS COOKIE options to the server
with:
server 213.188.101.9 { send-cookie false; };
Mark
% dig dqb.info @ns1.bitworks.net +qr
; <<>> DiG 9.15.4+hotspot+add-prefetch+ma
l return old data.
> >
> > The named process has all possible rights in the file structure.
> >
> > What might be wrong?
> >
> > ___
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
takes small
while to convert a application from serial connection attempts to parallel
connection attempts to the addresses returned from getaddrinfo(). What’s
more work is adding MIF (multiple interface) support which allows you to
try different source addresses as well.
Mark
> On 20 Jan 2
day)
> 300; minimum (5 minutes)
> )
> NS ns1.rdrop.com.
> NS ns2.rdrop.com.
>
> ___
> Please visit https://lists.isc.o
Open a ticket saying “CDS/CDNSKEY not handled when performing constancy
checks”.
--
Mark Andrews
> On 11 Jan 2020, at 07:52, Tom wrote:
>
> Hi list
>
> Using BIND 9.14.9 or BIND 9.14.8 and a zonefile with cds-deletion record:
> @ IN CDS 0 0 0 00
>
>
DKIM
record.
Niall O'Reilly
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark James ELKINS -
may be
useful to the additional section of the query. Exit.
Also why is the machine getting a rpz modified response in the first place?
Mark
> On 30 Nov 2019, at 00:16, Ict Security wrote:
>
> Dear guys,
>
> we use RPZ zone in Bind 9 to protect some users against poss
eautiful cross platform clean C code someone allowed python
> in the door?
>
> Has anyone tested this "--without-python" option ?
>
>
>
>
> --
> Dennis Clarke
> RISC-V/SPARC/PPC/ARM/CISC
> UNIX and Linux spoken
> GreyBeard and suspenders optional
&g
You don’t as Microsoft has not implemented TSIG.
--
Mark Andrews
> On 25 Nov 2019, at 18:52, Mundile wrote:
>
>
> How do I accomplish zone transfers (Master and Slave) between Master Linux
> Nameserver and Slave Windows 2016 Nameserver using TSIG Keys
>
> Sent fro
t just because you can.
>
> John Thurston907-465-8591
> john.thurs...@alaska.gov
> Department of Administration
> State of Alaska
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this
The RRSIGs need to be regenerated periodically. This is the changes you are
seeing.
--
Mark Andrews
> On 12 Nov 2019, at 20:42, Alessandro Vesely wrote:
>
> Hi,
>
> I have a signed domain, with inline-signing yes and auto-dnssec maintain.
>
> Although the domain i
multiple keys.
Mark
> server ip-addr {
> [ keys "key-name"; ["key-name"; ... ; ]
> ;}
> For example, I have tried the following but it is giving errors
>
> server 162.0.4.49 {
>
> keys { tsig.example.org1 ; tsig.example.org2; tsig
n in error, please notify
> the sender and delete this E-mail message immediately.
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing
checking isn’t anything more than a misunderstanding of how the DNS works.
Mark
> On 5 Nov 2019, at 07:38, Computerisms Corporation
> wrote:
>
> Hi Reindl,
>
> Thanks for your response.
>
>> no matter which record type a CNAME will match and that is the simple
>>
names with non-default ndots is also
unsafe, but slightly less so. You reach internal information / services
accidentally instead of leaking it to a external party.
Mark
> On 26 Sep 2019, at 9:20 pm, Petr Mensik wrote:
>
> Hello,
>
> I got bug report [1] about different behav
ers and DNSSEC authoritative Nameservers
separate is best practise - follow that. Configs will then be more simple.
--
Mark James ELKINS - Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.128070590 Cell: +27.826010496
For fast, reliable,
the
process
and consume more memory for no benefit.
Mark
> On 7 Sep 2019, at 9:24 am, Brandon Applegate wrote:
>
> Hello,
>
> I just very recently set up all my zones for inline signing + auto maintain.
> Prior to this I had cron jobs resigning and it was working okay. But after I
&
Signing
Key), see https://tools.ietf.org/html/rfc6781#section-3.1 and
https://tools.ietf.org/html/rfc8499#section-10
I don’t know exactly know what are you trying achieve, but adding only
ZSK with new algorithm serves no purpose.
Ondřej
--
Ondřej Surý — ISC
On 11 Aug 2019, at 12:59, Mark
l be created according to the existing
schedule. If the Second Algo-13 ZSK is to be created in under 3 days -
then I'll replace the oldest KSK with an Algo-13 KSK.
--
Mark James ELKINS - Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, l
> On 28 Jul 2019, at 2:03 am, Jim Popovitch via bind-users
> wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Sun, 2019-07-28 at 01:36 +1000, Mark Andrews wrote:
>> Authoritative servers lookup addresses of nameservers to send notify
&
Authoritative servers lookup addresses of nameservers to send notify messages.
If the names are not in the authoritative data it will iterate to find the
address.
Mark
> On 28 Jul 2019, at 1:06 am, Jim Popovitch via bind-users
> wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
&g
response if there isn’t a cached
positive entry between the looked up name and loans. The IETF decided to
not make a delegation at .local to break the chain of trust.
Mark
> On 26 Jul 2019, at 7:10 am, Evan Hunt wrote:
>
> On Thu, Jul 25, 2019 at 09:03:26PM +, Evan Hunt wrote:
&
I meant d.f.ip6.arpa rather than f.d.in-addr.arpa.
> On 24 Jul 2019, at 11:18 pm, Mark Andrews wrote:
>
> There is f.d.in-addr.arpa which is what this ticket is about and
> ipv4only.arpa which Stuart Cheshire is writing a update for and for which
> there is a seperate ticket.
.
For f.d.in-addr.arpa there are clear instructions to break the chain of trust.
For ipv4only.arpa you need to understand the RFC to know that ipv4only.arpa
should be unsigned. Stuart’s draft just makes that clearer.
Please don’t confuse the two issues.
Mark
> On 24 Jul 2019, at 10:24 pm, Miche
your nameserver configuration to point to the signed zone file -Export
your DS records (dsset) to the domain registration company (EPP).
Confirm the chain.. http://dnsviz.net/d/apnic.com.au/dnssec/
Mal
On 18/07/2019 4:46 pm, Mark Elkins wrote:
I can't comment on com.au (but looking up
ones ?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark James ELKINS - Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.128070590
"synth-from-dnssec no;”
> __
> Jay Ford , Network Engineering, University of Iowa
>
> On Sat, 13 Jul 2019, Mark Andrews wrote:
>> I suspect this will be negative response synthesis. The cache has learnt
>> that d.f.ip6.arpa doesn’t
See ticket [IANA #992665] from December 2017 for at least one previous request
to get this fixed.
Mark
> On 12 Jul 2019, at 12:13 pm, Mark Andrews wrote:
>
> IANA, why is there NOT a insecure delegation for D.F.IP6.ARPA as REQUIRED by
> RFC 6303?
>
> How many ti
appropriately to
allow this to be triggered. One then needs to trigger a lookup for a name
which finds the covering NSEC in the search back through the cache. Named
skips some responses in the search depending on the content but aborts it on
others content.
--
Mark Andrews
> On 13 Jul 2019, at 00
> On 12 Jul 2019, at 1:00 pm, Mark Andrews wrote:
>
>
>
>> On 12 Jul 2019, at 11:12 am, Jay Ford wrote:
>>
>> I have a similar problem with zones for IPv6 ULA space. I'm running BIND
>> 9.14.3. I had hoped that validate-except would do the tric
wered from the delegated servers.
It is recommended that sites actively using these namespaces secure
them using DNSSEC [RFC4035] by publishing and using DNSSEC trust
anchors. This will protect the clients from accidental import of
unsigned responses from the Internet.
Mark
[beetle:bin/tests/sys
t slow down DNS noticeably as long as your
firewall allows them through. Having to perform PMTUD does however and this
applies to both UDP and TCP.
> Lefteris
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
DNSSEC validation.
Note .local is reserved for mDNS. getaddrinfo() shouldn’t be looking in the DNS
for
.local names.
Mark
> On 12 Jul 2019, at 7:25 am, btb via bind-users
> wrote:
>
> hi-
>
> i have an environment which over time has managed to accumulate various
60 IN A 68.142.70.27
cebupacair-dd.lldns.net. 60 IN A 68.142.68.27
Mark
> On 3 Jul 2019, at 5:48 pm, Wilfred Sarmiento via bind-users
> wrote:
>
> Hi Bind Users,
>
> Currently drained my brain troubleshooting where could be the cause of my
> issu
e UDP response is
bigger that almost all EDNS UDP buffers sizes in use.
Mark
% dig dnskey capgeminioutsourcing.nl +dnssec
;; BADCOOKIE, retrying.
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.15.1+hotspot+add-prefetch+marka <<>> dnskey
capgeminioutsourcing.nl +dnssec
;
e.com. txt;
> };
> file "/etc/namedb/master/db.example.com";
> };
>
> Thank you,
>
> Lefteris
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-use
;
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Pleas
No. Treating no response as anything other than packet loss leads to lookups
failing when it is packet loss.
Mark
--
Mark Andrews
> On 16 Jun 2019, at 23:10, Sebastian Arcus wrote:
>
>
>> On 16/06/19 12:37, Mark Andrews wrote:
>> The servers for this zone are broken
_
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valle
Thanks
> On 13 Jun 2019, at 1:17 am, Rune Hassel wrote:
>
> Hi!
>
> This problem should now be completely resolved.
>
> Regards
> Rune Hassel
>
>
> -----Original Message-
> From: Mark Andrews
> Sent: Tuesday, June 11, 2019 6:08 AM
> To: Juk
form with a bad CERT (for
mail.datatower.fi).
Mark
> On 11 Jun 2019, at 4:36 am, Jukka Pakkanen wrote:
>
> Yeah, another advertising company turned to an ISP...
>
> Solved *our* problem now by including the suggested server clause for both of
> their broken servers, to our s
> On 11 Jun 2019, at 8:01 am, Grant Taylor via bind-users
> wrote:
>
> On 6/10/19 3:29 PM, Mark Andrews wrote:
>> The primary issue here is that there is still source address spoofing
>> happening so you have to consider what if this packet was spoofed. DNS
ports into the mix of source ports doesn’t significantly improve
anything. If you look at IETF documents for CGNs they say to not use the lower
1024 ports.
--
Mark Andrews
> On 11 Jun 2019, at 05:44, Warren Kumari wrote:
>
> On Mon, Jun 10, 2019 at 12:37 PM Grant Taylor via b
t; from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
__
but problem still persist.
>
> Thank you, cheers!
> FC
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://li
grade OpenSSL at this time.
> --
> Forgive your enemies, but remember their names.
>
>
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.is
The servers for vpn.smiths.com are misconfigured. The zone vpn.smiths.com
is delegated to them but they are configured to serve smiths.com. Just
because Google ignores the delegation error, it doesn’t make the configuration
correct.
Mark
smiths.com. 172800 IN NS ns
have to be checked.
Mark
> On 13 May 2019, at 9:36 pm, Tom wrote:
>
> Hi list
>
> Using BIND-9.14.1 as a resolver and qname-minimization set to "relaxed":
>
> The following A-record resp. CNAME could not be resolved, when
> qname-minimiza
ame-and-shame.com, www.opendnssec.org) have
an issue.
Frank
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark James ELKINS
Before you pay attention to the round trip time you need this fix from BIND
9.9.6
from nearly 5 years ago now (2014-07-31).
3903. [bug] Improve the accuracy of DiG's reported round trip
time. [RT 36611]
Mark
> On 13 Apr 2019, at 12:59 am, Paul A wr
IN 2001:678:5c::1
;; Query time: 136 msec
;; SERVER: 194.0.38.1#53(194.0.38.1)
;; WHEN: Mon Apr 08 14:31:12 AEST 2019
;; MSG SIZE rcvd: 308
%
That said you can set "tcp-only yes”; in an appropriate server
clause.
Mark
> On 8 Apr 2019, at 2:26 pm, Sukmoon Lee wrote:
>
> the system log shows :listening on IPv6 interfaces,port 53,but i am sure port
> 53 does not response the request.
>
> thanks for help
> best regards
> celia
> 2019-03-19
>
> ___
> Please visit https://lists.isc.org/
> On 19 Mar 2019, at 10:59 am, LeBlanc, Daniel James
> wrote:
>
> Thanks Mark for your quick response.
>
> On page 29 of the Bv9-12-3-P1ARM I had seen the following, which is why I
> thought that I "needed" to have one of those statements:
>
>
>
o/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@is
"rndc showzone" only works if you also have "allow-new-zones yes;” set.
The last time there was a complaint about UPDATE’s not sticking the
startup procedure was wiping out the changes.
Mark
> On 14 Mar 2019, at 10:01 am, Marc Chamberlin via bind-users
> wrote:
>
&g
> On 13 Mar 2019, at 2:42 am, Philippe Maechler
> wrote:
>
> Hello Mark and bind users
>
> Thank you for the explanations. Some things are still not clear to me...
>
> > -Original Message-
> > From: Mark Andrews
> > Sent: Monday, March 11,
to fix the firewalls. This is self
inflicted
pain. If you have local equipment that is dropping fragments FIX IT.
Mark
> On 12 Mar 2019, at 1:02 am, Stéphane Bortzmeyer wrote:
>
> On Mon, Mar 11, 2019 at 09:39:58PM +1100,
> Mark Andrews wrote
> a message of 119 lines which
You are using the wrong control.
Max-udp-size is what you want.
--
Mark Andrews
> On 11 Mar 2019, at 20:14, Stéphane Bortzmeyer wrote:
>
> This machine has 'edns-udp-size: 1432' and, indeed, in the reply, it
> displays this buffer size. But it does not respect that limit. Here,
ges now, ~12 days after I deleted the key? (named was
> restarted several times in the time between)
> They key has a delete Date of 14.02.2019 and the TTL is 3600, when should I
> delete this key file? I had the impression that after DELET
e.g. launchd and Windows Services
manager.
If you have a assertion failure in named report it to secur...@isc.org.
Mark
> Thanks.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this
s://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742
odule
installed.
You need to install it.
Mark
> On 2 Mar 2019, at 7:13 am, Larry Stone wrote:
>
> I’m trying to build the just released BIND 9.12.4 on a Macintosh running
> Mojave (10.14.3). Same results on one running High Sierra (10.13.6).
>
> Running configure, I get an er
traffic switching to it. This in turn reduces costs.
Named will already be using IPv6 for queries it is making as that is enabled by
default.
--
Mark Andrews
> On 23 Feb 2019, at 06:28, @lbutlr wrote:
>
> I did try manually updating vi nsupdate -l
>
>> zone example
ind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
> On 1 Feb 2019, at 11:34 am, Alan Clegg wrote:
>
> On 1/31/19 7:19 PM, Mark Andrews wrote:
>
>>> Question: How does named (actually 'dig') know that any given data (in
>>> this case "AA") can't be a fingerprint?
>>> Difficulty: You are on
> On 1 Feb 2019, at 11:10 am, Alan Clegg wrote:
>
> On 1/31/19 6:44 PM, Lee wrote:
>> On 1/31/19, Alan Clegg wrote:
>>> On 1/31/19 4:57 PM, Mark Andrews wrote:
>>>
>>>> Given type 1 is a SHA-1 fingerprint it isn’t legal. Named just
>>
> On 1 Feb 2019, at 10:44 am, Lee wrote:
>
> On 1/31/19, Alan Clegg wrote:
>> On 1/31/19 4:57 PM, Mark Andrews wrote:
>>
>>> Given type 1 is a SHA-1 fingerprint it isn’t legal. Named just
>>> hasn’t added type to length to the parsing code.
>
code.
No real SSHFP will be 1 octet long.
> AlanC
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listin
=timeout
edns1=timeout edns@512=timeout ednsopt=timeout edns1opt=timeout do=timeout
ednsflags=timeout optlist=timeout signed=timeout ednstcp=timeout bind11=timeout
Mark
> On 29 Jan 2019, at 4:46 am, German Molano wrote:
>
> Hi to all.
>
> Checking on the website (https://dnsfl
gt;
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews,
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., D
catch-all log I configured. I will
> certainly bring this up to our Juniper rep but in the meantime, I have a
> spare Cisco ASA I am going to migrate these subnets to and see if that fixes
> the timeouts we are experiencing.
>
> Mark, thank you for your explanation. And if anyone k
s list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from th
with Juniper.
Mark
> On 19 Jan 2019, at 4:02 am, N. Max Pierson wrote:
>
> Hi List,
>
> I am trying to ensure our Bind servers comply with EDNS for the upcoming Flag
> Day (https://dnsflagday.net/). I am somewhat ignorant to EDNS but from what I
> have read, the information is
401 - 500 of 2293 matches
Mail list logo