023, at 09:23, Ian Bobbitt wrote:
>
> I have a system running BIND 9.18.17 that needs to transfer a zone from
> djbdns/axfrdns. I receive FORMERRs, and haven't been able to get any log
> messages indicating the problem.
>
> xfer-in: info: zone example.net/IN: Transfer sta
I have a system running BIND 9.18.17 that needs to transfer a zone from
djbdns/axfrdns. I receive FORMERRs, and haven't been able to get any log
messages indicating the problem.
xfer-in: info: zone example.net/IN: Transfer started.
xfer-in: info: transfer of 'example.net/IN' from 198.51.100.1
shed Engineer
--
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.
On 21-Aug-23 18:56, bind-users-requ...@lists.isc.org wrote:
Send bind-users mailing list submissions to
bind-users@lists.isc.org
To subsc
: vendredi 4 août 2023 07:34
À : RAHAL Sami SOFRECOM
Cc : bind-users@lists.isc.org
Objet : Re: monitoring BIND
> On 3 Aug 2023, at 17:07, sami.ra...@sofrecom.com wrote:
>
> Hello comunity
> please what is the most recommended tool for BIND monitoring and especially
> displa
SOFRECOM
Cc : bind-users@lists.isc.org
Objet : Re: monitoring BIND
Maybe start with https://kb.isc.org/docs/monitoring-recommendations-for-bind-9
On Thu, Aug 3, 2023 at 9:07 AM
mailto:sami.ra...@sofrecom.com>> wrote:
Hello comunity
please what is the most recommended tool for BIND moni
> On 3 Aug 2023, at 17:07, sami.ra...@sofrecom.com wrote:
>
> Hello comunity
> please what is the most recommended tool for BIND monitoring and especially
> display response time and latency thank you in advance.
For latency, your friend is Dnstap. The implementation on Bind
Maybe start with
https://kb.isc.org/docs/monitoring-recommendations-for-bind-9
On Thu, Aug 3, 2023 at 9:07 AM wrote:
>
>
> Hello comunity
>
> please what is the most recommended tool for BIND monitoring and
> especially display response time and latency thank you in advance
Hello comunity
please what is the most recommended tool for BIND monitoring and especially
display response time and latency thank you in advance.
Regards Sami
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software
rvers, into clusters
for the benefit of servers that only have intermittent connectivity
to the internet. This is no longer a common enough scenario to justify
the added code complexity.
They will be deprecated as of BIND 9.20 and removed in BIND 9.22.
--
Evan Hunt -- e...@isc.org
Internet Sys
Thanks I’ll try download from the official site, it seems oracle’s repo is
really slow in catching up new updates.
Met vriendelijke groet / Best regards,
Jiaming Zhang
Van: Ondřej Surý
Verzonden: Friday, July 28, 2023 10:09:08 AM
Aan: Jiaming Zhang
CC: bind
The latest BIND 9.16 release is 9.16.42. You either need to upgrade to the
latest release, preferably directly to 9.18.17. Alternatively, you should
contact the supplier who provided you the outdated version.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may
Hi Community,
I recently upgraded bind to 9.16.23, and a wired error occurs: the named could
not start after the configuration is loaded (and any zone mentioned in the
config). However, if loaded with the example config, and after the service is
successfully started, I can replace the sample
...
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https
y client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { null; };
};
Any ideas or adjustments I can make to get more info?
--
Visit https://lists.isc.org/mailman/listinfo/bind-
ful:
http://23.29.117.19/bind_tcpdump.zip
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
give the result
> you were expecting.
> - I did a dig for "specific.wildcard-test.dynx.me" against my own BIND
> server and it resolved to 1.1.1.1. So the issue is with your resolver. This
> is not new, just confirming that this must be the problem end, not the auth
> end.
&
Spam assassin is blocking my message, so here are all the details (my
latest response message):
https://pastebin.com/raw/jSm6aGfC
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions
detailOndřej--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.On 16. 7. 2023, at 10:25, Greg Choules via bind-users wrote:Real data please:- example queries (genuine, not invented for illustration
Real data please:
- example queries (genuine, not invented for illustration)
- real domains
- real IP addresses
- packet captures
- both BIND server configs
- zone file contents
- startup logs
There are so many things it *could* be, the more information the better.
Cheers, Greg
On Sun, 16 Jul
On 16.07.23 02:08, OwN-3m-All wrote:
I've got a bind recursion DNS server setup that is returning the wrong
value for an outside domain that I also maintain and host on another server
running a bind DNS server. Yet Google's DNS and other major DNS providers
respond with the correct IP address
I've got a bind recursion DNS server setup that is returning the wrong
value for an outside domain that I also maintain and host on another server
running a bind DNS server. Yet Google's DNS and other major DNS providers
respond with the correct IP address A record when querying. I can't figure
Thanks Ondrej, that's a really good suggestion to run named-checkconf when
doing upgrades.
Richard.
-Original Message-
From: Ondřej Surý
Sent: Tuesday, July 11, 2023 9:33 AM
To: Richard T.A. Neal ; ML BIND Users
Subject: Re: Unable to upgrade BIND v9.19.11 on Ubuntu without error
And this:
--cut here--
Notes for BIND 9.18.14
--
Removed Features
- Zone type ``delegation-only``, and the ``delegation-only`` and
``root-delegation-only`` statements, have been deprecated.
A warning is now logged when they are used.
These statements
Thanks Peter, I shall pay more attention to those release notes next time!
Best,
Richard.
-Original Message-
From: Peter Davies
Sent: Tuesday, July 11, 2023 9:25 AM
To: Richard T.A. Neal
Cc: bind-users@lists.isc.org
Subject: Re: Unable to upgrade BIND v9.19.11 on Ubuntu without
Hi Richard,
FYI: The BIND 9.19.12 Release Notes contain the following:
Removed Features
...
Zone type delegation-only, and the delegation-only and root-delegation-only
statements,
have been removed. Using them is a configuration error.
...
Kind Regards Peter
all the problems, REM'ing it out has fixed
it:
category delegation-only { auth_servers_log; default_debug; };
Thanks again for your help Darren,
Richard.
-Original Message-
From: Darren Ankney
Sent: Monday, July 10, 2023 9:07 PM
To: Richard T.A. Neal
Cc: bind-users@lists.isc.org
Le 10/07/2023 à 21:54, Richard T.A. Neal a écrit :
Jul 10 19:49:07 flons3 named[1140]: /etc/bind/named.conf.logging:147:
undefined category: 'delegation-only'
Jul 10 19:49:07 flons3 named[1140]: loading configuration: failure
Jul 10 19:49:07 flons3 named[1140]: exiting (due to fatal error
Hi Richard,
It looks like you have an error in the configuration file
/etc/bind/named.conf.logging on line 147:
Jul 10 19:49:07 flons3 named[1140]: /etc/bind/named.conf.logging:147:
undefined category: 'delegation-only'
Jul 10 19:49:07 flons3 named[1140]: loading configuration: failure
I assume
For the past few releases I've been unable to successfully upgrade my BIND
v9.19.11 on Ubuntu 22.04.2 LTS.
The upgrade appears to go OK at first but then it stumbles at the following
line. I've had to re-type this because my console tool can't copy/paste this
segment for some reason:
Process
On 26. 06. 23 3:05, Fred Morris wrote:
I have an authoritative server which performs a resource intensive
operation to determine an answer; sometimes it takes long enough that
BIND asks again (and again!). Firing off multiple attempts to determine
the answer just digs the hole deeper
defined clients because
I set it up that way. Anything that needs the data can ask those clients
(e.g. BIND) and that's the point: to hand off caching and access control
instead of reinventing the wheel. Nothing else running on the machine
where BIND is running in this example has any need
long enough that
BIND asks again (and again!). Firing off multiple attempts to
determine the answer just digs the hole deeper.
What's the best approach, assuming the same client asks repeatedly:
* Discard later queries, answer the first one?
* Discard earlier queries, answer the last one
ase do not feel
> obligated to reply outside your normal working hours.
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this lis
urs and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact
e?
randy
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.
> On 26 Jun 2023, at 11:05, Fred Morris wrote:
>
> I have an authoritative server which performs a resource intensive operation
> to determine an answer; sometimes it takes long enough that BIND asks again
> (and again!). Firing off multiple attempts to determine the a
I have an authoritative server which performs a resource intensive
operation to determine an answer; sometimes it takes long enough that
BIND asks again (and again!). Firing off multiple attempts to determine
the answer just digs the hole deeper.
What's the best approach, assuming the same client
://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
ISC funds the development of this software with paid
support subscriptions. Contact us at
https://www.isc.org/contact/ for more information
...@alaska.gov
Department of Administration
State of Alaska
On 6/23/2023 11:43 AM, Ondřej Surý wrote:
What does
apt-cache policy bind9
say?
--
Ondřej Surý — ISC (He/Him)
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
ISC funds the development
On 6/23/2023 11:43 AM, Ondřej Surý
wrote:
What does
apt-cache policy bind9
say?
--
Ondřej Surý — ISC (He/Him)
-- Visit https://lists.isc.org/mailman/listinfo/bind-users
-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 6/23/2023 11:43 AM, Ondřej Surý wrote:
What does
apt-cache policy bind9
say?
--
Ondřej Surý — ISC (He/Him)--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds
running 9.18. It was
installed in 2021 from the PPA, using the instructions at
https://launchpad.net/~isc/+archive/ubuntu/bind We have
successfully updated the packages many times in the past two
years. But apt currently says there are no updates to install.
If I 'dpkg -l
I have an Ubuntu instance on which I'm running 9.18. It was installed in
2021 from the PPA, using the instructions at
https://launchpad.net/~isc/+archive/ubuntu/bind We have successfully
updated the packages many times in the past two years. But apt currently
says there are no updates
Hi Eli,
Your configuration looks correct (see the latets reference manual[1]),
but BIND 9.18 does not support forwarding queries via DoT. This feature
was introduced[2] in the development version of BIND 9 (9.19.10 and
later), and will be available in the next stable version of BIND 9.
[1
Greetings all... I'm puzzling my way through a DNS over TLS connection. I
am configuring a forwarder to OpenDNS via DoT.
I am running BIND 9.18.15-1+ubuntu22.04.1+isc+1-Ubuntu, and trying to
follow the documentation for a TLS block. In named.conf, I have:
tls OpenDNS-DoT {
ca-file "
log;
};
Thank you,
Darren Ankney
On Sat, Jun 10, 2023 at 1:01 AM Kereszt Vezeték wrote:
>
> Hi
>
> logging {
> channel update_log {
> file "/var/log/bind/updates/update-debug.log" versions
> 5 size 20m;
>
stration logged is /var/log/syslog file.
> Can I avoid that duplicated logging ? I would like see only separated log
> file.
> Related configuration ( debian11 )
>
> ---
> channel query_log {
>
)
---
channel query_log {
file "/var/log/bind/queries/query.log" versions 10 size 50m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
categ
this as it's a privileged operation.
Danny
On 6/7/23 5:53 AM, Bozhidar Petrov wrote:
Hi,
Please pardon the amateur question but I'm getting "an error occurred
while creating registry keys" from the BIND 9 installer.
How can I resolve this?
Thank you.
Boz
--
Visit https://lists.isc.org/mailma
You need to be an administrator to do this as it's a privileged operation.
Danny
On 6/7/23 5:53 AM, Bozhidar Petrov wrote:
Hi,
Please pardon the amateur question but I'm getting "an error occurred
while creating registry keys" from the BIND 9 installer.
How can I resolve this?
Hi,
Please pardon the amateur question but I'm getting "an error occurred while
creating registry keys" from the BIND 9 installer.
How can I resolve this?
Thank you.
Boz
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the d
Hi,
the bind-9.xx branches are current major.minor tracking branches.
The old CVS-style branches and tags are kept for the moment until
the dust settles and we are sure nothing broke.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please
/isc-projects/bind9 I see there are
several branches. For example there is v9_18 and there is also
bind-9.18
I am asking what is the difference ? When I checkout
'origin/v9_18‘ I get 9.18.14-dev and for'origin/bind-9.18’ I get
9.18.16-dev
So in both cases a development release. Why ever
Dear All,
looking at https://github.com/isc-projects/bind9 I see there are several
branches. For example there is v9_18 and there is also bind-9.18
I am asking what is the difference ? When I checkout 'origin/v9_18‘ I get
9.18.14-dev and for'origin/bind-9.18’ I get 9.18.16-dev
So in both
On Fri, 2023-05-26 at 16:51 +0530, Shailendra Gautam wrote:
> Does bind provide any way to manage(add,update,delete) resource
> records
> with HTTP API, like powerdns?
Not TTBOMK. It does have an API for managing RRs but that is using RFC
2136 and not HTTP.
> I currently use zonefi
Does bind provide any way to manage(add,update,delete) resource records
with HTTP API, like powerdns? I currently use zonefiles to store DNS data
and have been planning to switch to an API to add/remove records. Is there
any way to do that with bind?
--
Thanks,
SG
--
Visit https://lists.isc.org
Regards,
- Håvard
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
ht
; On 21. 4. 2023, at 9:41, Stacey Marshall
> > wrote:
> >
> >
> > If it helps, my assessment was that one could skip 9.16 too.
> >
> > I recognise that this is thanks to the hard effort that ISC work to
> > provide backward compatibility,
rovide
> backward compatibility, and not by some accident.
>
> On Solaris 11.4 current shipping versions of BIND are
>
> $ pkg list -fa service/network/dns/bind
> NAME (PUBLISHER) VERSION IFO
> service/network/dns/bind 9.18.11.0.0-11.4.55.0.1.138.1 ---
> service/netw
If it helps, my assessment was that one could skip 9.16 too.
I recognise that this is thanks to the hard effort that ISC work to
provide backward compatibility, and not by some accident.
On Solaris 11.4 current shipping versions of BIND are
$ pkg list -fa service/network/dns/bind
NAME
Hi,
we are currently running several bind 9.11 servers on Debian buster machines.
We would
like to upgrade and wonder if we could skip version 9.16 altogether or if it's
a necessary
middle step.
We have read both
https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-911-to-916[1
Hi Håvard
Odd, it works for me. Try a literal copy/paste of the link below. Or go to
https://kb.isc.org and search for packages:
https://kb.isc.org/docs/isc-packages-for-bind-9
Cheers, Greg
On Wed, 19 Apr 2023 at 12:03, Havard Eidnes via bind-users <
bind-users@lists.isc.org>
r
> some distros maintained by ISC
> (https://kb.isc.org/docs/isc-packages-for-bind-9).
I stand corrected, thanks for reminding me. I come from the
non-Linux open source side, so needs this reminder from time to
time.
BTW, if someone from ISC is listening in, the above KB URL
currently retu
.
That depends entirely what one wants to do. I see a couple of
scenarios where that may be required:
1) Let's say someone has flagged to you as a BIND administrator that
your BIND installatin is susceptible to CVE-2022-3924. This
could be done via an "external scan" and based on the BIND
On Tue, Apr 18, 2023 at 3:20 AM Havard Eidnes via bind-users
wrote:
>and if I run straight "upstream" code, it's fairly straight-
>forward to upgrade to this version, modulo, of course, the fact
>that this involves building it from source.
>
It may not be n
> You do not have to sift through lists.
That depends entirely what one wants to do. I see a couple of
scenarios where that may be required:
1) Let's say someone has flagged to you as a BIND administrator that
your BIND installatin is susceptible to CVE-2022-3924. This
could be done
rate "real" production grade Bind server.
Don't take the "you" for yourself. As the email used, you represent RH here.
The truth is that there is a market for RH like release policy choices.
You work for this business. Perfect.
98% of your clients choose this release model for
that you are trying to do a great job maintaining
the BIND 9 packages for RHEL, it is what it is - a random snapshot
defined not by the quality of the chosen version but by the time
availability. This is made even more complicated by applying a set
of patches where the set is defined by the downstream
of releases, any our
packages of bind 9.16 are capable of automated DNSSEC deployment just
fine. Sure, even we do not support it for RHEL7 or older.
[1] https://gitlab.com/redhat/centos-stream/rpms/bind/-/commits/c9s
On 4/17/23 15:10, Havard Eidnes wrote:
Our CentOS/RHEL 8 package are not just random
s simple as replacing “auto-dnssec maintain;”
> with “dnssec-policy "standard";” and *not* worrying about having
> exactly one “key producing” instance of each zone, because Bind can
> handle this automatically. (?) I’ll give that a try.
That is correct: When you have the same zone (id
> Our CentOS/RHEL 8 package are not just random BIND 9 snapshot.
Then please let me suggest that there is possibly an issue with
identification (customer said "9.16.23") and documentation of the
actual changes that are incorprorated in your distribution, compared
to the upstream-mai
Petr,
while I understand that you are trying to do a great job maintaining
the BIND 9 packages for RHEL, it is what it is - a random snapshot
defined not by the quality of the chosen version but by the time
availability. This is made even more complicated by applying a set
of patches where
If you have enabled SELinux and the package uses selinux policy to
restrict file access of named, I think named-chroot is not necessary. It
just complicates the usage and maintenance. But I think packages of ISC
do not have similar SELinux protection as Red Hat supported bind or
bind9.16
Our CentOS/RHEL 8 package are not just random BIND 9 snapshot. If he
wanted bleeding edge, he would use RHEL 9 or even Fedora. But he uses
conservative package I am looking after. While it may have some known
issues, it has all important fixes it needs. Can you please stop telling
people
EC policy. The reason why certain zones are (re)defined in other
views rather than linked using “in-view” is a need for different zone data, different
“allow-query” settings etc.)
So eventually it may be as simple as replacing “auto-dnssec maintain;” with
“dnssec-policy "standard";” and
On 17/04/23 09:08, Andrej Podzimek via bind-users wrote:
The easiest (?) way to make DNSSEC work in all views has been to keep
a dnssec-policy for zones in *one* of the views (to generate and
maintain keys) and then passively refer to the keys from the zones’
counterparts in other views using
Hello Andrej,
On 4/16/23 23:08, Andrej Podzimek via bind-users wrote:
Hi bind-users,
I have asked this question on GitLab, but hijacking a closed issue to
ask questions is bad practice (often rewarded with silence), so I’m
re-posting the question here.
https://gitlab.isc.org/isc-projects
Hi bind-users,
I have asked this question on GitLab, but hijacking a closed issue to ask
questions is bad practice (often rewarded with silence), so I’m re-posting the
question here.
https://gitlab.isc.org/isc-projects/bind9/-/issues/3769#note_356577
My DNS server serves multiple views
Hello and thank you for the reply.
I can confirm my current dns servers have already EPEL repo enabled and
jemalloc package is available.
I'll setup my test machine accordingly to be able to install BIND 9.18. Will it
also provide named-chroot (is it really necessary?)
Thanks!
David
On 13/04/2023 17:17, David Carvalho via bind-users wrote:
Hi David,
Hello and thanks for the reply.
I enabled this repo in Oracle Linux 8 with: dnf copr enable isc/bind
Then I tried to install (dnf install isc-bind) but I got:
Error:
Problem: package isc-bind-1:2-3.el8.x86_64 requires isc
Hello and thanks for the reply.
I enabled this repo in Oracle Linux 8 with: dnf copr enable isc/bind
Then I tried to install (dnf install isc-bind) but I got:
Error:
Problem: package isc-bind-1:2-3.el8.x86_64 requires isc-bind-bind, but none of
the providers can be installed
- package isc
> On 13. 4. 2023, at 15:25, David Carvalho via bind-users
> wrote:
>
> I'm using 9.16.23
Just don't.
ISC provides packages for major linux distributions
(https://www.isc.org/download/),
so there's really no reason to shoot yourself into foot to use a random BIND 9
snapshot prov
Hello.
Both content and timestamps. I've been told previously here that there is a bug
prior to version 9.16.30. I'm using 9.16.23, no update available yet.
No, not removing
Regards
David
-Original Message-
From: bind-users On Behalf Of Jan-Piet Mens
Sent: 13 April 2023 11:12
/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
that would
work within the inline-signing framework. But perhaps I was being overly
optimistic?
I've decided I'll stick with manual KSK roll-overs for now... :-)
Thanks again.
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds
On 12. 04. 23 5:38, Nick Tait via bind-users wrote:
I'm currently running a few DNSSEC zones in BIND using dnssec-policy
option, albeit with an unlimited lifetime on the KSK, so that I can
control KSK roll-overs (which is necessary because my Registrar doesn't
support RFC 7344)...
Anyway I
Hi list.
I'm currently running a few DNSSEC zones in BIND using dnssec-policy
option, albeit with an unlimited lifetime on the KSK, so that I can
control KSK roll-overs (which is necessary because my Registrar doesn't
support RFC 7344)...
Anyway I know that BIND supports RFC 7344 via
Thank you so much!
Regards
David
-Original Message-
From: bind-users On Behalf Of Matthijs
Mekking
Sent: 11 April 2023 13:03
To: bind-users@lists.isc.org
Subject: Re: Fully automated DNSSEC with BIND 9.16
On 4/11/23 13:14, David Carvalho wrote:
> Hello and thank you so much for y
.
When exactly? You can check with 'rndc dnssec -status '. If the DS
state is rumoured it is safe to submit the DS to the parent.
Best regards,
Matthijs
Thanks! David Carvalho
-Original Message- From: bind-users
On Behalf Of Matthijs Mekking
Sent: 11 April 2023 11:16 To: bind-users
domain?
I'll have to read more about ZSK, KSK and CSK rollovers. All of this is new to
me so far.
Thanks!
David Carvalho
-Original Message-
From: bind-users On Behalf Of Matthijs
Mekking
Sent: 11 April 2023 11:16
To: bind-users@lists.isc.org
Subject: Re: Fully automated DNSSEC
Hello David,
On 4/11/23 12:02, David Carvalho via bind-users wrote:
Hello, hope everyone is fine.
So it seems that going to Bind version 9.16 was the right call as it
simplifies DNSSEC a lot.
Nevertheless, I would like to clarify some things because our
organization has a parent domain
Hello, hope everyone is fine.
So it seems that going to Bind version 9.16 was the right call as it
simplifies DNSSEC a lot.
Nevertheless, I would like to clarify some things because our organization
has a parent domain and I host my own e-mail servers. I know they had
problems while implementing
No. forward only; means only it won't try to iterate from root in case
forwarder does not respond or responds with Server Failure. It would try
to get answer its own way iterating from root hints if forward first;
were used. Or forward clause were not present. It will not make bind to
blindly
S: version: 0, flags:; udp: 1232
; COOKIE: ce297c8717115be00100642c1022251028e6f44a59cc (good)
;; QUESTION SECTION:
;bd.bcebos.com. IN A
;; Query time: 201 msec
;; SERVER: 110.242.68.39#53(ns1.n.shifen.com.) (UDP)
;; WHEN: Tue Apr 04 13:55:14 CEST 2023
;; MSG SIZE rcvd: 70
It does no
i am very very sorry ,
the zone info of first mail -zone "bd.baidubce.com." i write
wrong;
the wright info iszone "x.bd.bcebos.com."
please just see this mail,
when i use bind-9.11 for my interdns deviceip is 10.1.1.1,i config
zone "x.bd.bcebos.com."
in
it ignores hints from server not authoritative for it. I do not
know a way to disable such behavior. Dns caches such as dnsmasq would
forward the reply as it is, but bind uses zones with authoritative
servers preferred. It does so to prevent unrelated servers pushing
invalid answers into
hibind admin,
when i use bind-9.11 for my interdns?? deviceip is 10.1.1.1,
i config
zone "bd.baidubce.com."
in{ type forward ; forward only; forwarders { 10.10.10.10; }; };
1??when i dig @10.1.1.1 x.bd.bcebos.com.
2??10.10.10.10 return record "CNAME bd.bcebos.com.,
-PER-SECOND: sets the limit of error (REFUSED,FORMERR or
SERVFAIL)?
BR, Nyamka
From: bind-users on behalf of Matus UHLAR -
fantomas
Sent: Wednesday, March 29, 2023 3:24 PM
To: bind-users@lists.isc.org
Subject: Re: Bind dns amplification attack
>On 3/28/23
On 3/28/23 11:28 AM, Matus UHLAR - fantomas wrote:
Yes, this is one of the problem "authoritative zones for local use".
On 28.03.23 12:18, Grant Taylor via bind-users wrote:
Authorizing the /zone/ for local use wasn't the problem. The problem
was that the world could get some of t
to
support that.
;-)
I bring this up as this is something that I've stubbed my toe on and I
would like it if others can avoid similarly stubbing their toes.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-u
101 - 200 of 6382 matches
Mail list logo
