hi,
AWS are returning NXDOMAIN instead of NOERROR for empty non terminals. Do you
have strict
qname minimisation turned on?
yup, i do
...
qname-minimization strict;
...
only because my i understood my reads of
BIND to Add QNAME Minimization
https
00:9000:5301:8d00::1#53(ns-397.awsdns-49.com) (UDP)
;; WHEN: Wed Oct 26 10:35:57 AEDT 2022
;; MSG SIZE rcvd: 137
> On 26 Oct 2022, at 10:23, PGNet Dev wrote:
>
> i run bind 9.18.8
>
> i use root hints; forwarding is, by default, disabled in config
>
> with this config, i noti
i run bind 9.18.8
i use root hints; forwarding is, by default, disabled in config
with this config, i notice that although lookups for (e.g.) *.dock.io are
available in public NS caches, e.g.
dig A elb-default.us-east-1.aws.dckr.io @1.1.1.1
; <<>>
Jan-Piet Mens wrote:
>> A Beginner's Guide to DNSSEC with BIND 9.
> Well done! A few comments, if I may:
{snip}
Thanks JP, I really appreciate the feedback. I'll take all of that onboard,
change my zones and guide from master/slave to primary/secondary, and take a
look at TSI
A Beginner's Guide to DNSSEC with BIND 9.
Well done! A few comments, if I may:
1. in your zone stanzas you use the term "master" (type: master, ... masters
{}). BIND has been updated already a while ago to support the term primary, e.g. `type
primary;' and `primaries {};'
along the way: A
Beginner's Guide to DNSSEC with BIND 9.
If anyone else on this list has been as reticent as me to dip their toe in the
DNSSEC waters then now might be the time - it's actually quite a simple process
provided you follow the instructions carefully and watch your log files for any
sfully created/wrote the initial KSK/ZSK files.
hm. i've got something else going on. smells like pebkac.
time to try a clean install ...
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
any more detail about what "error occurred" ?
It will be attempting to write into the key-directory for the zone as defined
by named.conf. It will be creating a new file and then renaming that to replace
one of the exisiting files associated with that key, the .private or .state (I
haven’t
detail about what "error occurred" ?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users m
it https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
v.so.1
Oct 15 16:48:08 sec named[39818]: 0x8002fc9ab at
/usr/local/lib/libisc-9.18.7.so
Oct 15 16:48:08 sec named[39818]: 0x80033d2c6 at
/usr/local/lib/libisc-9.18.7.so
Oct 15 16:48:08 sec named[39818]: exiting (due to assertion failure)
--
p...@opsec.eu+49 171 3101372
sub txt; };
};
but, on restart, still see
dnssec: error: zone example.com/IN/external:
zone_rekey:dns_zone_getdnsseckeys failed: not found
something additional needed?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the developmen
Which parental-agent to use is up to you. Something you trust.
You can also configure multiple, if so then all parental agents will
perform the DS check and only if all parental agents agree (have seen
the DS), BIND will set the DS as "seen published in the parent" and the
This is a log level bug. This log happens when BIND want to check the parental-agents if
the DS has been published. But if you don't have parental-agents set up, the list of keys
to check will be empty. Hence the "not found" result.
Thanks for reporting, this will be fixed in the ne
16K
> drwxrwxr-x 2 named named 4.0K Oct 14 08:47 ./
> drwxr-xr-x 5 named named 4.0K Oct 14 08:47 ../
> -rw--- 1 named named 8.0K Oct 14 08:47 external.nzd
> -rw-r- 1 named named0 Oct 14 08:47 managed-keys.bind
> --
> Visit
Hi,
This is a log level bug. This log happens when BIND want to check the
parental-agents if the DS has been published. But if you don't have
parental-agents set up, the list of keys to check will be empty. Hence
the "not found" result.
Thanks for reporting, this will be fixed i
naged-keys.bind
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
te-policy { grant pgnd-external-rndc-key zonesub txt; };
};
what's the source of the "zone_rekey:dns_zone_getdnsseckeys"?
specifically, what's not being found?
have i missed/miconfig'd config, omitted a file/dir that current config
expects, or is this a bug?
D
i run,
named -v
BIND 9.18.7 (Stable Release)
i've setup dnssec-policy operation for a number of domain.
keys are all generated, KSK-derived DS Records are pushed to registrar->root,
and all DNSSEC-analyzer tools online report all's good.
i can see no functio
On 04. 10. 22 9:38, Sami Leino wrote:
Hi,
I tried to upgrade Bind from 9.16.32 to 9.16.33 on a Windows Server 2016.
Service failed to start with several similar errors in event log;
named.conf:411: 'dnssec-policy;' requires dynamic DNS or inline-signing to be
configured for the zone
Hi,
I tried to upgrade Bind from 9.16.32 to 9.16.33 on a Windows Server 2016.
Service failed to start with several similar errors in event log;
named.conf:411: 'dnssec-policy;' requires dynamic DNS or inline-signing to be
configured for the zone
On those lines which error occurs I have
On 28. 09. 22 13:50, Prasanna Mathivanan (pmathiva) via bind-users wrote:
Thanks Ondrej for responding.
We have created gitlab issue for the same.
Adding it here for reference
https://gitlab.isc.org/isc-projects/bind9/-/issues/3568
To close the loop for readers of this list
Thanks Ondrej for responding.
We have created gitlab issue for the same.
Adding it here for reference
https://gitlab.isc.org/isc-projects/bind9/-/issues/3568
--
Regards,
Prasanna.
From: Ondřej Surý
Date: Tuesday, 27 September 2022 at 8:02 PM
To: Prasanna Mathivanan (pmathiva)
Cc: bind
, I would recommend installing the latest jemalloc
version and compiling BIND 9 with it (or `LD_LIBRARY_PRELOAD` it) and setup the
heap profiling:
https://github.com/jemalloc/jemalloc/wiki/Use-Case%3A-Heap-Profiling
I would either use lg_prof_interval for periodic dumps.
All the data points
Hi team,
We had recently upgraded our bind nameservers from 9.14.10 to 9.16.28. This led
to the hosts gradually using up a lot of memory and eventually named was OOM
killed as it consumed nearly 7GB out of total 8GB server memory. (This package
was built from source for centos 7)
I’ve been
, but I disagree
with it being disabled silently. If BIND is disabling something as
important as this at runtime, at the very least, a log entry about it
would go a long way towards helping system administrators. Here's my
reasoning:
There is a difference between RSAMD5 and RSASHA1. RFC 8624
ould be helpful to
have:
a) a single logline mentioning all supported algorithms at "info" level
b) a dedicate logline mentioning that SHA1 is not available and SHA1 signed
zones will be downgraded to "unsigned", at "warn" level
regards
Klaus
--
Visit http
, it is checking to see
if it can validate RSASHA1 signatures, and if it can't, it is disabling
the algorithm *silently*. I understand the reasoning, but I disagree
with it being disabled silently. If BIND is disabling something as
important as this at runtime, at the very least, a log entry about
, William
Cc: Ahmad Ibrahim ; bind-users@lists.isc.org
Subject: Re: Installing bind on Windows 10
This email originated from outside of the organization. Use caution
when replying, opening attachment(s), and/or clicking on URL's.
Windows Subsystem for Linux (WSL) is easy enough
Windows Subsystem for Linux (WSL) is easy enough to install. BIND, tools
included, will run just fine in there.
On Fri, Sep 9, 2022 at 7:35 AM Brown, William wrote:
> After I hit send, I thought I should add this request to ISC:
>
>
>
> Can you keep supporting dig (and perha
>
>
>
>
> --
>
> William Brown
>
> WNYRIC/Erie 1 BOCES
>
> 716-821-7285
>
>
>
> Email and Spam Filtering Please reach out to exchgt...@e1b.org
>
> For Immediate Needs Call our Service Desk at 716-821-7171
>
>
>
> *From:* bind-users * On
to exchgt...@e1b.org
> For Immediate Needs Call our Service Desk at 716-821-7171
>
> From: bind-users On Behalf Of Brown,
> William
> Sent: Friday, September 9, 2022 10:29 AM
> To: Ahmad Ibrahim ; bind-users@lists.isc.org
> Subject: RE: Installing bind on Windows 10
>
I wrote the Windows BIND installer to install the BIND daemon (named) as
a service with minimum privileges. It creates a service account with
minimum privileges if the service account does not already exist. It was
never intended to install tools. You don't need the installer if you
only want
Filtering Please reach out to exchgt...@e1b.org
For Immediate Needs Call our Service Desk at 716-821-7171
From: bind-users On Behalf Of Brown, William
Sent: Friday, September 9, 2022 10:29 AM
To: Ahmad Ibrahim ; bind-users@lists.isc.org
Subject: RE: Installing bind on Windows 10
The service account is to run BIND as a DNS server. Click the box to install
tools only. Add the directory containing the extracted files to you path in
Windows to make life easier.
--
William Brown
WNYRIC/Erie 1 BOCES
716-821-7285
Email and Spam Filtering Please reach out to exchgt
On 09.09.2022 05:31, Ahmad Ibrahim wrote:
/Hello I'm working installing an equivalent to dig on windows and
stumbled upon the following site: https://phoenixnap.com/kb/dig-windows/
use this: https://www.youtube.com/watch?v=bacxWTAWiVQ (instruction
with link to ISC BIND)
/During
t feel comfortable
uninstalling them randomly but I do have one (2015-2022 x64 14.32.31332)
that seems to be more current than the one bundled with the installation.*
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software wit
ns Redhat then.
Bjørn
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.
hen it occasionally failed I'd
> probably never would have blamed Redhat.
>
> IMHO BIND without RSASHA1 is useless as a validating resolver as long as
> there are RSASHA1 signed zones out there. At least as long as this is
> still allowed. And it is. Hence the MUST validate.
It do
I think such list would be short enough.
signature.asc
Description: Message signed with OpenPGP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org
n arbitrary example. Would still work fine for a majority of users. It
would probably take me some time before I noticed. After all, I rarely
have a need to look up "nz" domains. And when it occasionally failed I'd
probably never would have blamed Redhat.
IMHO BIND without RSASHA1 is use
would be short enough.
Administrators should be aware of those issues by reading release notes
on affected distributions. They should not be surprised so much.
Regards,
Petr
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development
RSASHA1 signatures, and if it can't, it is disabling
the algorithm *silently*. I understand the reasoning, but I disagree
with it being disabled silently. If BIND is disabling something as
important as this at runtime, at the very least, a log entry about it
would go a long way towards helping
'd prefer the
server to die by default. It is unsuitable as a validating resolver and
forcing adminstrators to find that out the hard way is not very nice.
Bjørn
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with pai
>
>> Yes. You will need to restart the server.
>
> Okay, I'm trying out 9.18.6 on an Oracle Linux 9 server. When starting BIND,
> it doesn't log anything about disabling RSASHA1. But when I query it for
> ietf.org/SOA, I get an unvalidated response. BIND also logs:
>
> 0
On 01/09/2022 23:19, Mark Andrews wrote:
Hi Mark,
Yes. You will need to restart the server.
Okay, I'm trying out 9.18.6 on an Oracle Linux 9 server. When starting
BIND, it doesn't log anything about disabling RSASHA1. But when I query
it for ietf.org/SOA, I get an unvalidated response
ote:
>
> Hi BIND developers,
>
> The release notes for 9.18.6 say:
>
> "The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically
> disabled on systems where they are disallowed by the security policy (e.g.
> Red Hat Enterprise Linux 9)."
>
> D
Hi BIND developers,
The release notes for 9.18.6 say:
"The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically
disabled on systems where they are disallowed by the security policy
(e.g. Red Hat Enterprise Linux 9)."
Does this happen at runtime when B
On Tue, Aug 16, 2022 at 05:28:19PM +0200, Tom wrote:
Using BIND-9.18.5 as a recursive server:
What's the reason, that BIND answers with the additional section for the
the following query where for example Knot resolver and also PowerDNS
resolver doesn't add the additional section for the same
.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https
to ensure
that the query logs are not eating up too much disk space. The size
limit of a days' log will never get that high, but if it does, the disk
is not filled up. In that case, I understand logging for that day may
be incomplete because Bind would stop logging if I it did get to 1 G
u might
> struggle to do rotation based on both date/time *and* file size, but I use
> logrotate to rotate all of my BIND logs daily, keeping 31 days of logs. And
> you'll see that one of the last things that logrotate does is to call [rndc
> reconfig] which causes BIND to generate fresh log
On 2022-08-25 16:46, Richard T.A. Neal wrote:
Hi J,
I'm coming a little late to the party on this one and I think you might
struggle to do rotation based on both date/time *and* file size, but I use
logrotate to rotate all of my BIND logs daily, keeping 31 days of logs. And
you'll see
J wrote:
> I'm looking to have my: queries.log (which logs all the queries my Bind
> 9.16.30 recursive resolver resolves), rotated at the end of the day and I'd
> like to keep 7 days worth of those logs.
{snip}
> I still want any daily log *before* it's being rotated to be a
On 2022-08-25 04:52, Anand Buddhdev wrote:
On 25/08/2022 05:23, J Doe wrote:
Hello J Doe,
I was wondering if anyone could provide feedback on whether the
following: newsyslog.conf file is correct to allow for daily log
rotation for my Bind 9.16.30 logs ?
My currently logging settings
On 2022-08-25 03:05, Greg Choules wrote:
Hello J
What is it you're actually trying to achieve here?
Cheers, Greg
Hi Greg,
I'm looking to have my: queries.log (which logs all the queries my Bind
9.16.30 recursive resolver resolves), rotated at the end of the day and
I'd like to keep 7 days
Hi Anand,
> I note that none of the official ISC BIND
> packages for EL7 and EL8 link against jemalloc, even though the
> documentation recommends it.
Could you please double check? This is what I get in a fresh CentOS 7
Docker container:
# yum install yum-plugin-copr
# yum co
Hi Ondřej
Thank you for this explanation. I note that none of the official ISC
BIND packages for EL7 and EL8 link against jemalloc, even though the
documentation recommends it.
The jemalloc folks have deemed 3.6 as stable, and that's why it's the
latest version in EPEL7. For EPEL8 and EPEL9
to reply outside your normal working hours.
> On 25. 8. 2022, at 14:44, Anand Buddhdev wrote:
>
> Dear BIND developers and users,
>
> My question is about jemalloc on Enterprise Linux 7 (RHEL 7 and its clones).
> I've built BIND 9.18.6 on CentOS 7. It links against jem
Dear BIND developers and users,
My question is about jemalloc on Enterprise Linux 7 (RHEL 7 and its
clones). I've built BIND 9.18.6 on CentOS 7. It links against jemalloc
3.6.0, which is available in the EPEL repository.
BIND does run without any problems, but I've only tried
On 25/08/2022 05:23, J Doe wrote:
Hello J Doe,
I was wondering if anyone could provide feedback on whether the
following: newsyslog.conf file is correct to allow for daily log
rotation for my Bind 9.16.30 logs ?
My currently logging settings in: named.conf are:
...
logging
Hello J
What is it you're actually trying to achieve here?
Cheers, Greg
On Thu, 25 Aug 2022 at 04:24, J Doe wrote:
> Hello,
>
> I was wondering if anyone could provide feedback on whether the
> following: newsyslog.conf file is correct to allow for daily log
> rotation for my Bi
Hello,
I was wondering if anyone could provide feedback on whether the
following: newsyslog.conf file is correct to allow for daily log
rotation for my Bind 9.16.30 logs ?
My currently logging settings in: named.conf are:
...
logging {
channel chn_file_queries
On 8/17/22 06:45, Tom wrote:
On 8/17/22 02:27, Evan Hunt wrote:
On Tue, Aug 16, 2022 at 05:28:19PM +0200, Tom wrote:
Using BIND-9.18.5 as a recursive server:
What's the reason, that BIND answers with the additional section for the
the following query where for example Knot resolver
Hello,
Reading release notes, 9.16.25 is the point release where the default
memory allocator was switched:
https://downloads.isc.org/isc/bind9/9.16.32/doc/arm/html/notes.html#notes-for-bind-9-16-25
The issue linked https://gitlab.isc.org/isc-projects/bind9/-/issues/2398
is giving lots
Our August maintenance releases of BIND are available and can be
downloaded from the ISC software download page, https://www.isc.org/download
A summary of significant changes in the new releases can be found in
their release notes:
current supported stable branches:
9.16.32 -
https
On 8/17/22 02:27, Evan Hunt wrote:
On Tue, Aug 16, 2022 at 05:28:19PM +0200, Tom wrote:
Using BIND-9.18.5 as a recursive server:
What's the reason, that BIND answers with the additional section for the
the following query where for example Knot resolver and also PowerDNS
resolver doesn't add
On Tue, Aug 16, 2022 at 05:28:19PM +0200, Tom wrote:
> Using BIND-9.18.5 as a recursive server:
> What's the reason, that BIND answers with the additional section for the
> the following query where for example Knot resolver and also PowerDNS
> resolver doesn't add the additi
Hi list
Using BIND-9.18.5 as a recursive server:
What's the reason, that BIND answers with the additional section for the
the following query where for example Knot resolver and also PowerDNS
resolver doesn't add the additional section for the same query?
# Querying BIND
$ dig @test ns
On 08/08/2022 12:29, Dmitri Pavlov wrote:
Hi Dmitri,
Your response about the KB correctness will help to deliver a better
optimized business decision.
If you're using BIND in your commercial products and making money from
it, you should consider taking out an ISC support contract, so
Thank you very much, Team.
Your feedback is very much appreciated.
Dmitri.
-Original Message-
From: bind-users On Behalf Of Ondrej Surý
Sent: Thursday, August 4, 2022 7:48 PM
To: Emmanuel Fusté
Cc: bind-users@lists.isc.org
Subject: Re: High memory consumption in bind 9.18.2
What
;> Therefore, a very small request. Would it be possible on your side to run
>> the same experiment as with (BIND 9.16.32 / BIND 9.18.6 / BIND 9.19.4) one
>> more time but with BIND 9.16.21 (or any other version in 9.16.x <25 range )?
>>
>>
> Why not the opposite
Le 04/08/2022 à 17:48, Dmitri Pavlov a écrit
Therefore, a very small request. Would it be possible on your side to run the same
experiment as with (BIND 9.16.32 / BIND 9.18.6 / BIND 9.19.4) one more time but
with BIND 9.16.21 (or any other version in 9.16.x <25 range )?
Why not the oppos
Hi Ondřej,
Sorry to bother you one more time regarding the same topic.
I have looked through your shared logs one more time. This is what you have
shared
YOUR LAB RESULTS ARE:
BIND 9.16.32 / BIND 9.18.6 / BIND 9.19.4
RSS:30454872 / RSS:29451056 / RSS:29066580
OUR LAB RESULTS ARE:
BIND 9.16.21
On 02/08/2022 18:46, Bhangui, Sandeep - BLS CTR via bind-users wrote:
Hello all
We are getting ready to test Bind 9.18.x. Currently we are running the
latest version of 9.16.x branch.
We have downloaded and successfully installed the jemalloc module on the
Server ( RHEL 7.9 OS) and getting
On Tue, Aug 02, 2022 at 11:54:02AM -0400, Timothe Litt wrote:
!
! On 02-Aug-22 11:09, bind-users-requ...@lists.isc.org wrote:
!
! > | Before your authoritative view, define a recursive view with the internal
! > ! zones defined as static-stub, match-recursive-only "yes", an
Hello all
We are getting ready to test Bind 9.18.x. Currently we are running the latest
version of 9.16.x branch.
We have downloaded and successfully installed the jemalloc module on the Server
( RHEL 7.9 OS) and getting ready to compile the latest version of Bind 9.18.x.
Can someone please
On 02-Aug-22 11:09, bind-users-requ...@lists.isc.org wrote:
| Before your authoritative view, define a recursive view with the internal
! zones defined as static-stub, match-recursive-only "yes", and a
! server-address of localhost.
Uh? Why before?
Because each request attempt
Thank you very much, Ondrej,
There is a KB https://kb.isc.org/docs/bind-memory-consumption-explained
==
Overview
BIND users upgrading from BIND 9.11 versions to BIND 9.16 may notice increased
memory consumption. This article explains in detail how BIND allocates memory
in 9.16, and 9.17
0c"
Dmitri.
-Original Message-
From: Anand Buddhdev
Sent: Tuesday, August 2, 2022 6:42 PM
To: Dmitri Pavlov
Cc: bind-users@lists.isc.org
Subject: Re: High memory consumption in bind 9.18.2
Dmitri,
Just downloading, building and installing the latest version of jemalloc like
this doe
Dmitri,
Just downloading, building and installing the latest version of jemalloc
like this doesn't mean that BIND will find and use it. BIND has to be
compiled with the correct compiler and linker flags to use this version.
Are you certain BIND is using your installed version?
--
Anand
rom: Dmitri Pavlov
> Sent: Tuesday, August 2, 2022 6:14 PM
> To: Ondřej Surý
> Cc: bind-users@lists.isc.org
> Subject: RE: High memory consumption in bind 9.18.2
>
> Hi,
>
> Thank you very much for your feedback, Ondrej.
>
> Sharing the steps. Very simple: configure -&g
eboot -f
Dmitri.
-Original Message-
From: Dmitri Pavlov
Sent: Tuesday, August 2, 2022 6:14 PM
To: Ondřej Surý
Cc: bind-users@lists.isc.org
Subject: RE: High memory consumption in bind 9.18.2
Hi,
Thank you very much for your feedback, Ondrej.
Sharing the steps. Very simple: configure -> m
rom: Ondřej Surý
Sent: Tuesday, August 2, 2022 6:20 PM
To: Dmitri Pavlov
Cc: bind-users@lists.isc.org
Subject: Re: High memory consumption in bind 9.18.2
I don’t see jemalloc anywhere in your setup scripts. Preferably use the latest
upstream jemalloc version available.
Ondřej
--
Ondřej Surý —
steps be to get the expected smaller memory
> footprint. Or maybe there are obvious flaws in the experiment?
>
> Thanking you very much for patience and cooperation,
> Dmitri.
>
>
>
>
> -Original Message-
> From: Ondřej Surý
> Sent: Monday, August 1, 20
get the expected smaller memory footprint. Or maybe
there are obvious flaws in the experiment?
Thanking you very much for patience and cooperation,
Dmitri.
-Original Message-
From: Ondřej Surý
Sent: Monday, August 1, 2022 8:18 PM
To: Dmitri Pavlov
Cc: bind-users@lists.isc.org
Subject:
than anything else.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 2. 8. 2022, at 0:29, Grant Taylor via bind-users
> wrote:
> On 8/1/22 4:21 PM, Greg Ch
On 01-Aug-22 18:29, Grant Taylor wrote:
On 8/1/22 4:21 PM, Greg Choules via bind-users wrote:
Off the top of my head, could it be this?
random-device
...
BIND will need a good source of randomness for crypto operations.
Drive by plug: If it is lack of entropy, try installing and running
if the problem continues.
Thanks so much for your help!
From: Greg Choules
Date: Monday, August 1, 2022 at 6:21 PM
To: White, Peter
Cc: bind-users@lists.isc.org
Subject: Re: Bind 9.11/RHEL7 Server Freezes FUTEX_WAKE_PRIVATE
CAUTION: This email originated from outside of Penguin Random House. Please
On 8/1/22 4:21 PM, Greg Choules via bind-users wrote:
Off the top of my head, could it be this?
random-device
...
BIND will need a good source of randomness for crypto operations.
Drive by plug: If it is lack of entropy, try installing and running
Haveged. At least as a troubleshooting
and is ignored on subsequent reloads.
BIND will need a good source of randomness for crypto operations.
Cheers, Greg
On Mon, 1 Aug 2022 at 23:08, White, Peter
wrote:
> I’m running BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 (Extended Support
> Version) on RHEL 7 in a chroo
I’m running BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 (Extended Support
Version) on RHEL 7 in a chroot jail.
As of late, at times running some rndc commands are causing my server to lock
up. It’s usually an “rndc addzone” that triggers the issue. I’ll also mention
that I have recently started
/no effect on the memory.
The 554MB less memory makes quite a sense because couple of bytes
related to MAP format has been removed from dns_rbtnode structure.
So, these are the results for just ./configure && make on Debian bullseye:
## BIND 9.16
01-Aug-2022 22:00:18.335 starting BIND 9.1
feel
obligated to reply outside your normal working hours.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind
s
files. That is it.
We will test with a higher kernel.
Kind regards,
Dmitri.
-Original Message-
From: Ondřej Surý
Sent: Monday, August 1, 2022 6:46 PM
To: Dmitri Pavlov
Cc: bind-users@lists.isc.org
Subject: Re: High memory consumption in bind 9.18.2
> On 1. 8. 2022, at 17:19, D
(f"xh{x}-{y} IN CNAME az{x}-{y}”)
## BIND 9.16(git)
01-Aug-2022 19:06:27.151 starting BIND 9.16.32-dev (Extended Support Version)
01-Aug-2022 19:06:27.151 running on Linux x86_64 5.10.0-16-amd64 #1 SMP Debian
5.10.127-1 (2022-06-30)
01-Aug-2022 19:06:27.151 built with 'CC=gcc-12' 'LD=' 'C
Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software
ime-consuming task is to
generate 100 MIL A + CANME dummy records into the zone file.
#9.18.5
/usr/local/sbin/named -v
BIND 9.18.5 (Stable Release)
3.10.0-1160.71.1.el7.x86_64 #1 SMP Wed Jun 15 08:55:08 UTC 2022 x86_64 x86_64
x86_64 GNU/Linux
Virtualized AWS EC2 - Intel(R) Xeon(R) Platinum 825
I think Ondrej is referring to this post from a prior month:
> https://lists.isc.org/pipermail/bind-users/2022-June/106350.html
> <https://lists.isc.org/pipermail/bind-users/2022-June/106350.html>
>
> ….
> For tips on how to measure memory usage you might want to look at
> htt
out our experiment are required.
Regards,
Dmitri.
From: bind-users On Behalf Of Victoria Risk
Sent: Monday, August 1, 2022 6:08 PM
To: Doug Whitfield
Cc: bind-users@lists.isc.org; Ond≈ôej Sur√Ω
Subject: Re: High memory consumption in bind 9.18.2
Hi Doug,
I think Ondrej is referring to this p
301 - 400 of 6382 matches
Mail list logo