Re: Questions about NAPTR

In message <1505734269.2518.70.ca...@biplane.com.au>, Karl Auer writes: > On Mon, 2017-09-18 at 19:45 +1000, Mark Andrews wrote: > > In message <1505723565.2518.54.ca...@biplane.com.au>, Karl Auer > > writes: > > > 2: Can the Replacement field be empty? It lo

Re: NOAA.GOV domain not working

to reduce UDP response sizes to fit into a single ethernet frame. It just hides the problem cause by bad firewall configuration. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___

Re: NOAA.GOV domain not working

t Ranges > > > > use-v4-udp-ports { range 32768 65535; }; > > > > use-v6-udp-ports { range 32768 65535; }; > > > > recursive-clients 15000; > > > > server-id none; > > > > version none; > > > > interface-int

Re: Questions about NAPTR

B > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrew

Re: bind-users Digest, Vol 2734, Issue 2

Because it isn't all about udp size. Sending a OPT signals that the client supports EDNS. Also if you want DNSSEC you send the do with EDNS. -- Mark Andrews > On 17 Sep 2017, at 16:10, Harshith Mulky <harshith.mu...@outlook.com> wrote: > > Am 15.09.2017 um 09:37 schrieb

Re: Automatic Key Management

On 14/09/2017 16:55, Tony Finch wrote: > Mark Elkins <m...@posix.co.za> wrote: > >> With BIND version 9.12  coming out - I'm wondering if I've missed any >> announcements on some form of Automatic (DNS)Key Management? >> Something that will create and retire keys ac

Automatic Key Management

with BIND?  That is, using the latest features of BIND. I'd assume that to be something along the lines of https://kb.isc.org/article/AA-00711/205/In-line-Signing-With-NSEC3-in-BIND-9.9-A-Walk-through.html but newer. -- Mark James ELKINS - Posix Systems - (South) Africa m...@posix.co.za Tel

Re: What is wrong with my second $ORIGIN

Please read the error message *carefully*. ns1.mail.lab.example.com.lab.example.com != ns1.mail.lab.example.com. You are missing a terminating period on the MX record. Mark In message <pn1pr01mb038124567f7a52d927b9d1f181...@pn1pr01mb0381.indprd01.prod. OUTLOOK.COM>, Harshith Mulky

Re: Re: Re: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints

Sep 11 10:09:10 AEST 2017 ;; MSG SIZE rcvd: 811 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to

Re: Re: checkhints: view “internal”: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints

I suspect that you are forwarding your queries and that your forwarder is returning out-of-date addresses. In message , Alberto Colosi writes: > I haven't seen as from a while I have no servers to admin > > as I

Re: named: how to disable ipv6 lookups on windows 10?

Use server clauses. Most specific wins. server ::/0 { bogus yes; }; // all of IPv6 server 2001:DB8::/48 { bogus no; }; // site server { bogus ; edns ; edns-udp-size ; edns-version ; keys ; max-udp-size ;

Re: filter-aaaa-on-v4 not available in Windows binary?

veral years now so if you have trouble reaching websites I think a upgrade of the OS on the phone is in order. As for the VPN it could be the server side that isn't configured to supply you with IPv6. Mark > Thanks! -- Mark Andrews, ISC 1 Seymour St

Re: filter-aaaa-on-v4 not available in Windows binary?

could be the problem. > -- > http://rob0.nodns4.us/ > Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe &

Re: Subdomain DNSSEC

is insecure. The negative answers will come from the parent zone. >Best regards, >Niall O'Reilly > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing

Re: DNS not resolving for a particular domain only

In message <93595848.2099571.1503336849...@mail.yahoo.com>, U Zee writes: > Thanks Mark, > So mysteriously the problem is now gone and I have no idea how, I know > that I didn't change anything. > While investigating, I tried looking but didn't get anything in packet > cap

Re: DNS Flag signification in Syslog

l subsequent log messages related to the same query.) -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-use

Re: DNS not resolving for a particular domain only

gular linux client but the > output was similar except that it didn't include the CNAME line. Well the next stage is to trace what happens when the recursive server looks for cs47.can.lnvcdn.net, the target of the CNAME. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE:

Re: command line ID vs Wireshark transaction ID (dns.id)

; and response together into a stream. > > Thoughts? Apply Occam's razor. The packet in wireshark is not the packet DiG displayed. > John -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___

Re: Transition from BIND 9.9 to 9.10

server 199.252/16 { send-cookie false; }; Unknown EDNS options are supposed to be ignored. Mark > -- > Hal King - h...@utk.edu > Systems Administrator > Office of Information Technology > Shared Systems Services > > The University of Tennessee > 103C5 Kingston Pike Bu

Re: Encapsulating Requester IP in the DNS payload

s feature was a significant effort, sponsored by an OEM user of BIND. As part of the agreement with the sponsor, we agreed to embargo the feature from the open source until 2018. Victoria Risk Internet Systems Consortium vi...@isc.org -- Mark Andrews, ISC 1 Seymour St., Dundas Valle

Re: Problem w/ Forwarding Zone in Caching-Only Config

In message <alpine.deb.2.11.1706281050330.31...@grey.csi.cam.ac.uk>, Tony Finch writes: > Mark Andrews <ma...@isc.org> wrote: > > > > See https://tools.ietf.org/html/rfc6763 for details of how it is > > designed to work. Section 11 shows how to go from IP addre

Re: Problem w/ Forwarding Zone in Caching-Only Config

you should need to do beyound rebooting the devices to get them to register themselves. Hopefully I haven't left anything out or got something wrong as I am yet to do this in real life. Mark In message <fd2d7867-c934-de08-9e4b-90a0d07f8...@csub.edu>, "Michael W. Fleming "

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

xx.com. > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.o

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark James ELKINS - Posix Systems - (South) Africa m...@posix.co.za Tel

Re: BIND 9.11.x build failing on Mac OS X - gssapi errors

Apple's compilers when build BIND in testing. These are available free from Apple though need to be explicitly installed. Mark In message <e246e405-d260-4098-8d7e-7eb1d5c7f...@stonejongleux.com>, Larry Stone writes: > Im also running OS X 10.12.5 so decided to see if I can replicat

Re: make AAAA type the default for dig

In message <22408832-7b45-c1dc-870d-c16fb8cb9...@gmail.com>, Sachin Garg writes: > > On Thursday 15 June 2017 01:06 PM, wbr...@e1b.org wrote: > > Mark Andrews wrote on 06/15/2017 12:02:37 AM: > > > >> Other ISP's should try to match Google's level of I

Re: make AAAA type the default for dig

In message <offe8a6ac9.f6535ea0-on85258140.005dd50f-85258140.005df...@e1b.org>, wbr...@e1b.org writes: > Mark Andrews wrote on 06/15/2017 12:02:37 AM: > > > Other ISP's should try to match Google's level of IPv6 commitment. > > I'll be they would if they had Google's l

Re: make AAAA type the default for dig

nly the machines are dual stacked and are returning answers over IPv6 in certain countries. You can almost, but not quite be IPv6-only when communicating with Google. Internally Google is mostly IPv6-only. Other ISP's should try to match Google's level of IPv6 commitment. Mark -- Mark Andrews, ISC 1 Sey

Re: make AAAA type the default for dig

gt; same response detail as dig -t A ; dig -t ; and dig -t MX). % dig +short isc.org a isc.org isc.org mx 149.20.64.69 2001:4f8:0:2::69 20 mx.ams1.isc.org. 10 mx.pao1.isc.org. % > On the other remarks, inline. > > On 14-Jun-17 21:09, Mark Andrews wrote: > > In message &l

Re: make AAAA type the default for dig

just routed around them to get IPv6 at home. If you have a piece of computing equipement bought in the last 10 years that doesn't suppport IPv6 today it is because the manufacture is a ludite, not because IPv6 doesn't work. Mark > On Wed, 14 Jun 2017 22:10:25 +1000 > Mark

Re: Automatic RRSIG Refresh in BIND 9.8.2

RSIG-Refresh-in-BIND-9-8-2-tp3946p3948.html > Sent from the Bind-Users forum mailing list archive at Nabble.com. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users m

Re: make AAAA type the default for dig

CTION: ;isc.org. IN ;; ANSWER SECTION: isc.org.6 IN 2001:4f8:0:2::69 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jun 14 22:09:26 AEST 2017 ;; MSG SIZE rcvd: 92 % -- Mark Andrews, ISC 1 Seymour St., Dundas

Re: question about reverse zones and nsupdate

In message

Re: named-checkzone with multiple $ORIGIN

l > consistency > check. > > Tony. > -- > f.anthony.n.finch <d...@dotat.at <mailto:d...@dotat.at>> > http://dotat.at/ - I xn--zr8h punycode > Fitzroy: Southwesterly, veering northwesterly, 6 to gale 8, > decreasing

Re: named-checkzone with multiple $ORIGIN

.com. SOA ns.example.com. hostmaster.example.com. 0 0 0 0 0 example.com. NS ns ns.example.com. A 1.1.1.1 sub1.example.com. A 1.2.3.4 sub2.example.com. A 1.2.3.8 $ORIGIN doesn't mean start of a zone though every zone has a implict $ORIGIN set when it is being loaded. > Thanks, > Bernard -- Mark

Re: Stop Reverse resolution query Logging

he reverse resolution queries. No. > Thank you! > F > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://li

Re: dyndb regression: bind fails to build --without-dlopen

And the way to contact the developers is to log a bug report. Email bind9-b...@isc.org or click on the Contact link on the ISC site which takes you to https://www.isc.org/contact-me/ and select "BIND Bug Report" at "What can we help you with?". Both end up in the bug tra

Re: named-compilezone errors

s "why does this lookup fail". If a "server" has no address records then it isn't a server so why is it listed in the NS records for the zone? Almost all of the time there are no records at all so the glue A records get wiped out by the NXDOMAIN response to the lookup and y

Re: edns responses not sent by DNS Server

In message <1496134856349-3886.p...@n4.nabble.com>, Harshith Mulky writes: > Hello Mark, > > Yes the client is retrying the query over TCP. > > But initially I am getting no Answers > The ANSWER is as below > > ;; ->>HEADER<<- opcode: QUERY, status

Re: edns responses not sent by DNS Server

uot; "SIP+D2U" "" > _sip._udp.pcr21381.dflt.vzb.com. > pcr21381.dflt.vzb.com. 300 IN NAPTR 11 37 "u" "SIP+D2U" "" > _sip._udp.pcr21381.dflt.vzb.com. > pcr21381.dflt.vzb.com. 300 IN NAPTR 11 39 "u" "SIP+D2U" "" > _sip._udp.pcr21381.df

Re: Why does dig queries for NAPTR not return Additional Section info as Detailed returned in SRV dig response

domain-name and should be used to lookup either A, , or A6 records for that domain. The "U" flag means that the output of the Rule is a URI [15]. Named examines the Flags field to determine what additional data to add. "S" -> SRV records "A" -> A a

Re: Weird issue with bind & router

and see if the problem goes away. If that doesn't work. Try to report the bug to the router manufacture. If you can't do that return the router requesting a full refund as it is not fit for purpose. Suppliers and manufactures need to get some pushback on broken products. Mark in message

Re: dkim cname records replication

es of the records it uses do not clash with the syntax of valid hostnames. DKIM does no use A, or MX records at these names. This is also why SRV uses records with underscore prefixes. Mark > Get Outlook for iOS<https://aka.ms/o0ukef> > > > > On Mon, May 22, 2017

Re: dkim cname records replication

ot; with "Owner Name" / "Record Name" / "Domain Name" in the documentation referenced below. Host name has a specific meaning and the documentation referenced there is just plain wrong in its use of "Host Name". Mark > From: bind-users <bind-user

Re: dkim cname records replication

ink > that help me. > > Reference: > https://technet.microsoft.com/en-us/library/mt695945(v=exchg.150).aspx > > Thanks in advance! Post the actual error messages or the actual zone content. Your suppositions are incorrect. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, A

Re: How to generate authoritative DNS64 reverse zone

ly. This will let everyone in the world find the CNAME records. This should be done even if you are just doing it for your recursive clients. If you don't want A to mappings to happen then turn off the DNS64 mapping for everyone on the server. dns64 2001:67c:2b0:db32:0:1::/9

Re: Sign zone escapes semicolon for RR 257 (CAA) and RR 256 (URI)

nbosschie...@gmail.com > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- M

Re: Providing GeoIP information for servers

In message <3cc295c2-1717-3af3-362a-66c708256...@htt-consult.com>, Robert Mosko witz writes: > > > On 05/10/2017 05:41 PM, Mark Andrews wrote: > > In message <c51ed4ea-2ce2-e7d4-8fec-f59c91708...@htt-consult.com>, Robert M > osko > > witz writes: > &g

Re: Providing GeoIP information for servers

bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman

Re: Unable to build BIND 9.11.1 with dnstap support

https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 47

Re: INSIST error from BIND 9.9.9-P6

In message <20170420.140824.1617725721724411930...@uninett.no>, Havard Eidnes writes: > > Upgrade. > > :) So 9.9.10 should have a fix for this? As did 9.9.9-P8 last week. > (Its release had passed under my radar.) > > Regards, > > - H=E5vard -- Mark A

Re: INSIST error from BIND 9.9.9-P6

visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri= > be from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 47

Re: Slow zone signing with ECDSA

hem and new genuine random values should only be a instruction code away. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/ma

Re: BIND 9 windows XP builds

. Most of the problem have been with applications installed on XP machines and running as Administrator not the OS itself. IE is a application as far as I am concerned. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742

Response Policy Zone on forward-only nameserver

Ref : bind-9.9.7-P2 Can I use the RPZ mechanism on a forward only nameserver too ,without abonding the forward only setup ? M. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list

Re: Unable to slave root zones

On 08/04/2017 07:56, Dave Warren wrote: Why wouldn't you just use the ICANN's authorized zone transfer servers? http://www.dns.icann.org/services/axfr/ This is what I've now done. Thanks for all of the replies (on and off list)! -- Mark Knight Mobile: +44 7753 250584. http

Unable to slave root zones

]: transfer of 'arpa/IN' from 192.5.5.241#53: Transfer status: REFUSED I cannot find any announcement that this is now disallowed, any ideas what's changed or how I should do this? Thanks, Mark -- Mark Knight Mobile: +44 7753 250584. http://www.knigma.org/ Email: ma...@knigma

Re: Zones not being recognised as Signed

In message

Re: Troubleshooting BIND stops responding

-oOo- If you were to run IPv6, a number of errors would disappear, otherwise force BIND not to do any IPv6. Adding IPv6 though would be preferable. ;-) Don't think though that any of this is causing your problem. You could always upgrade your version of BIND. On my Gentoo Laptop, I'm run

Re: Unable to build BIND 9.11.0-P3 on RHEL 6.0 64-bit

'configure --with-dlopen=no' and apply this patch from 9.11.1 or fix how OpenSSL is being built. commit de6469b663b55aacd19bdcdd925ce381f0c4b4df Author: Mark Andrews <ma...@isc.org> Date: Thu Oct 27 15:37:26 2016 +1100 4493. [bug] bin/tests/system/dyndb/driver/Makef

Re: view directive problems

l no longer > be branded under Chemring Technology Solutions. Email addresses of Roke > staff have therefore been changed > from firstname.surn...@chemringts.com to firstname.surna...@roke.co.uk – > please use this updated format > with immediate effect. > > _

Re: Difference between delegation and forward zone

t is what you are trying to do and that is how the DNS is designed to work. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/ma

Re: Adding/removing name servers under DNSSEC

master. > > Thanks again, > > Mathew Eis > Northern Arizona University -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mai

Re: status openssl v1.1 support?

OpenSSL 1.1 support is in the upcoming maintenance releases which are available on the ISC web site <https://www.isc.org/downloads/> Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@i

Re: Adding/removing name servers under DNSSEC

TL). * Deconfigure the old servers for the zone. This really is independent of DNSSEC. Many people don't do this correctly. They don't ensure new and old servers serve the same content during the change over or add the necessary wait periods. Mark -- Mark Andrews, ISC 1 S

Re: Using inline-signing, need to allow dynamic updates.

d-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please v

Re: Will BIND support RFC8080? ED25519 and Ed448 for DNSSEC

> > Will ED25519 and ED448 be supported by BIND anytime soon? That means > including these algorithms in dnssec-keygen and the dnssec validator. We will look at this when the crypto providers we use support these curves. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 21

Re: switching entire DNS system to new servers and IP addresses

urn off the old servers. You will still have zone maintanence traffic between the old servers. If the traffic doesn't stop you will have to track down the static configurations and update them. Mark > We haven't assigned IPv6 addresses yet. > > We'd like advice about any issues or

Re: about source code

Different platforms have different structure contents. lib/isc/unix/socket.c (has nevents) lib/isc/win32/socket.c (doesn't have nevents) Mark In message <sg2pr06mb0457cf8de40943dc1bcde069a4...@sg2pr06mb0457.apcprd06.prod. outlook.com>, Yao HEALTH writes: > Hello, > &

Re: Configuration advice for a post-8020 world

zone. This changed the behaviour of ENTs from NODATA to NXDOMAIN. Versions of named which supported this specification of DNSSEC return NXDOMAIN rather than NODATA for ENT. It took a while to get the IETF working group to update to specification to restore ENT. -- Mark Andrews, ISC 1 Seymour

Re: Quick Response Query for server-fail?

A 209.132.245.131 > ns2.site4now.net. 172800 IN A 23.89.199.119 > ns3.site4now.net. 172800 IN A 208.118.63.170 > > ;; Query time: 5 msec > ;; SERVER: 192.33.14.30#53(192.33.14.30) > ;; WHEN: Mon

Re: RFC for SOA record for delegated subdomaain

nd regards > > Abdul Khader > > > -- > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists

Re: bind localhost domain not working

IN A 192.168.78.20 > router IN A 192.168.78.20 > server IN A 192.168.78.20 > address-bookIN A 192.168.78.20 > fortune-cookie IN A 192.168.78.20 > torrent IN A 192.168.78.20 > test

Re: domain-unable-resolve

code FORMERR returned. badversion - expected EDNS version not found. timeout - lookup timed out. To retrieve this report in the future: https://ednscomp.isc.org/ednscomp/f60adf3942 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE

Re: Bind Queries log file format

8-Feb-2017 15:56:27.109 client @0x7fc1c503e800 127.0.0.1#63454 (.): view external: query: . IN SOA -E(0)DV (127.0.0.1) [ECS 127.0.0.0/8/0] Or from a stub resolver. 08-Feb-2017 16:02:22.971 client @0x7fc1c490dc00 127.0.0.1#61028 (sprocket.isc.org): view secure: query: sprocket.isc.org IN A +

Re: Bind Queries log file format

RD, signed, EDNS, TCP, DO, CD, local address 9.11.0: client, qname, qclass, qtype, RD, signed, EDNS + version, TCP, DO, CD, cookies, local address 9.12.0: client, qname, qclass, qtype, RD, signed, EDNS + version, TCP, DO, CD, cookies, local address, ecs That's basically 5 changes in 17 years. M

Re: Enforce EDNS

In message <4b0243b1-1c89-023b-f3f3-7279216d5...@thelounge.net>, Reindl Harald writes: > > > Am 07.02.2017 um 22:11 schrieb Mark Andrews: > > In message <3836f038-c480-9970-fd53-a5c87ad36...@thelounge.net>, Reindl Har > ald wr > > ites: > >>> Bre

Re: Enforce EDNS

In message <3836f038-c480-9970-fd53-a5c87ad36...@thelounge.net>, Reindl Harald wr ites: > > > Am 07.02.2017 um 18:13 schrieb Chuck Anderson: > > On Tue, Feb 07, 2017 at 11:59:39AM +1100, Mark Andrews wrote: > >> I really don't want to add new automatic work a

Re: Enforce EDNS

rvers not answering would EDNS or EDNS + DNS COOKIE would require operator intervention. Mark > Daniel > > [1] > https://ftp.isc.org/isc/bind9/cur/9.11/doc/arm/Bv9ARM.ch06.html#server_statement_grammar > ___ > Please visit https://l

Re: From AWS route 53 to Bind9

In message <1aeb1e7d-f2e2-dd1e-baf2-96729656f...@thelounge.net>, Reindl Harald writes: > > > Am 04.02.2017 um 22:30 schrieb Mark Andrews: > > It has been suggested many times that there should be a record which > > says which server(s) serve a zone for H

Re: From AWS route 53 to Bind9

re not included in the initial response. It doesn't matter to them that recursive servers could be make to always complete the address chain in the additional section for either of these solutions. There is nothing preventing recursive server vendors from doing this. Mark > Thanks. > > > On 02/0

Re: dnssec key events too often?

y management in automatic mode and named needs to periodically check if you have created new keys or changed the timers of existing keys or removed a old key. Mark > -- > Best regards > > Sten Carlsen > > No improvements come from shouting: > >"MALE BOVINE MANU

Re: filter-aaaa-on-v4 does not filter AAAA if there is no existing A Record with the same FQDN - working as designed?

eturning the ? All you get is a reminder to fix your network / application / OS if a failure takes a long time to be reported. Mark > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list >

Re: Setting serial number in NOTIFY message with dig

rs@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users +opcode is primarially there to be able to test servers ablilty to handle unknown opcodes. There is no ability to add a RR to the request. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PH

Re: rDNS

d) ;; QUESTION SECTION: ;87.233.202.162.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 233.202.162.in-addr.arpa. 3583 IN SOA ns1.swbell.net. postmaster.swbell.net. 2016061700 10800 900 604800 3600 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Jan 21 10:3

Re: synthetic DNS64 response for sync-na.dyn.itg.com

ITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;sync-na.dyn.itg.com. IN A > > ;; ANSWER SECTION: > sync-na.dyn.itg.com. 30 IN A65.172.71.41 > > ;; Query time: 201 msec > ;; SERVER: x.x.x.x #53 (x.x.x.x) > ;; W

Re: rDNS

lookups. zone "233.202.162.in-addr.arpa" { type slave; masters { 151.164.1.1; }; file "233.202.162.in-addr.arpa"; }; Mark In message <20170120162146.ga14...@fantomas.sk>, Matus UHLAR - fantomas writes: > On 20.01.17 09:57, Ron Wingfield wrote:

Re: How to get the CNAME for a domain?

quot;master;" ) { print zone }' | sed -e 's/^"//' -e 's/"$//' | dig axfr -f - | awk -v VSERVER=${VSERVER} '$4 == "CNAME" && $5 == VSERVER { print $1 }' -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET

Re: real BIND start time

stats-version":"1.2", "boot-time":"2016-12-30T04:42:08.871Z", "config-time":"2016-12-30T04:42:08.936Z", "current-time":"2017-01-05T22:29:11.384Z", "version":"9.11.0" } Mark -- Mark Andrews, ISC 1

Re: How can limit recursive query on ipv6 network?

server ::/0 { bogus yes; }; Adjust for actual reachable topology. Note the real fix for this is to get IPv6 connectivity to the world. Trying to run with disconnected IPv6 island is only asking for pain. -- Mark Andrews, ISC 1 Seymour St., Dundas

Re: writeable secondary zone?

ords (giving them change control of the contents) and have you slave them on your recursive servers possibly using TSIG to get the correct instance from them. They can supply you with example.com with the SRV records present or one of the above zones. You clients see will see

Re: problem domains host in ns1/ns2.planetdomain.com (Eric Yiu)

s get NOERROR no data. Garbage In Garbage Out. Planet Domain / Netregistry need to fix up this stuff up. Mark > On Thu, Dec 29, 2016 at 10:23 PM, MURTARI, JOHN <jm5...@att.com> wrote: > > > Eric, > > Thanks for the complete example below, bu

Re: BIND transferring zones with incorrect view

In message

Re: BIND transferring zones with incorrect view

ost; }; > acl wan_queries { key WAN-key; !key LAN-key; !192.168.0.0/16; > !10.233.0.0/24; }; Add "any;" to the end of the acl otherwise everyone gets REFUSED. The default at the end of the acl is "!any;". acl wan_queries { key WAN-key; !key LAN-key; !192.168.0.0/16;

Re: BIND transferring zones with incorrect view

an/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PH

Re: EDNS issue with bind 9.11 and NetScaler 11.0

RFC6891 Codes ok - test passed. subnet - EDNS Client Subnet supported [RFC7871]. nosoa - SOA record not found when expected. echoed - EDNS option echoed back. formerr - rcode FORMERR returned. badversion - expected EDNS version not found. To retrieve this report in the future: https://ednscomp.isc.org/e

Re: DNS view "passthrough" and caching

In message <24234.1481320...@vindemiatrix.encs.concordia.ca>, Anne Bennett writes: > > Mark Andrews <ma...@isc.org> answers "Vladimir-M. Obelic" <vobe...@gbit6.net>: > > > Use 'zone "zonename" { in-view "namename"; };' and have all

Re: DNS view "passthrough" and caching

amed transfer the zones between views. If you are supposed to be authoritative for a zone then it needs to be configured in all appropriate views. Remember to keep the file names seperate. Mark In message <ca+m0wj_oiq9rmtyb9kcg9cxdmickbow9qnehh4e1u-qm-ss...@mail.gmail.com>, "Vladimir-

Re: 9.11/dnstap on centos: fstrm

https://github.com/farsightsec/fstrm.git -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users

Re: False positive on inscure zone update by IP?

ilman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742

<    2   3   4   5   6   7   8   9   10   11   >