Hi Doug,
I think Ondrej is referring to this post from a prior month:
https://lists.isc.org/pipermail/bind-users/2022-June/106350.html
….
For tips on how to measure memory usage you might want to look at
https://stackoverflow.com/questions/131303/how-can-i-measure-the-actual-memory-usage
rs and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at
scenarios it applies to?
Best regards,
Doug Whitfield
From: bind-users on behalf of Petr Špaček
Date: Tuesday, July 26, 2022 at 03:16
To: bind-users@lists.isc.org
Subject: Re: High memory consumption in bind 9.18.2
On 26. 07. 22 0:14, Doug Whitfield wrote:
> I wonder if simply adding the w
it was
not verified.
I did lots of testing and simply cannot reproduce it, so it might be not
surprising I consider it a bad idea to extend our articles with
information we cannot verify.
--
Petr Špaček
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC
I do not see a link to the full
> code. Is this the testing tool that the community prefers? Where can we find
> this tool?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscrip
the
documentation at https://kb.isc.org/docs/bind-memory-consumption-explained .
There is this piece: “There is a change in BIND 9.18.0, which is partly
backported to 9.16.25, which reduces BIND's memory consumption down to levels
similar to those with 9.11.“
I wonder if simply adding
for free
buffet where you come and just take.
And don’t be mistaken - I was not helping you specifically, I was just
disputing your claim that BIND 9.18 takes more memory than 9.16 because that
claim didn’t match our own measurements.
Have a nice day,
--
Ondřej Surý — ISC (He/Him)
My working
Top posting...
I'm no BIND guru, so I'm of no real help on the technical aspects of your query
- but I'm puzzled by the direction this has gone.
>· Bind compiled with openssl 1.0 and openssl 1.1 behavior was the same,
>in 9.18.3 memory usage was high wrt 9.16.21.
The claim tha
Thanks Ondřej
We really appreciate your help in debugging this issue.
Observations that we have shared are with 32M data of 15 characters and we
have configured jemalloc and bind using.
Downloaded the jemalloc-5.3.0.tar.bz2 and configure using below command
# ./configure --prefix=/usr
Downloaded
Hey,
I did a measurement with 1M small generated zones that we are
using internally for the performance testing and here are some numbers:
The measured values are USS/PSS/RSS using `smem -P named -k`
BIND 9.16 w/o jemalloc: 10.9G/10.9G/10.9G (default configuration)
BIND 9.16 with jemalloc
Our July maintenance releases of BIND are available and can be
downloaded from the ISC software download page, https://www.isc.org/download
A summary of significant changes in the new releases can be found in
their release notes:
current supported stable branches:
9.16.31 -
https
).
Note that this does NOT cause the build to fail. The binaries built
using Autoconf files prepared that way will just have the "srcid" string
set to an empty value:
$ bin/named/named -v
BIND 9.18.4 (Stable Release)
(If you really need this to work, I guess you could tweak
Your custom workflow may not need it, but it is still useful and there
is a reason why it is still used.
rndc is quite a cool thing. running your named without it prevents
several great debugging checks. YMMV.
Petr
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
Why command "autoreconf -fi" can only execute in git path?
--
xushipei
北京linuxer
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.o
On Jun 27, 2022, at 11:34 AM, Stephane Bortzmeyer
mailto:bortzme...@nic.fr>> wrote:
Also, I do not understand the writing of "hundreds of lines of
code". The code to load DMARC records is in BIND for a very long time
since they are just TXT records.
@ IN TXT v=DMARC
On Mon, Jun 27, 2022 at 02:16:26PM -0400,
daniel jay foran wrote
a message of 370 lines which said:
> I cant be the only one that has racked his brains and written
> hundreds of lines of code trying to get ISC BIND 9 to authenticate
> Dmarc records correctly.
I'm not sure I under
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https
igated to reply outside your normal working hours.
> On 16. 6. 2022, at 9:02, Raman kumar <kumarraman@gmail.com> wrote:
>
> Hello All,
>
> We configured bind 9.18, using jemalloc but still memory consumption is high in 9.18 as compared to 9.16.
>
> On version 9.16.21, R
normal working hours.
>
> > On 16. 6. 2022, at 9:02, Raman kumar wrote:
> >
> > Hello All,
> >
> > We configured bind 9.18, using jemalloc but still memory consumption is
> high in 9.18 as compared to 9.16.
> >
> > On version 9.16.21, RAM
.
> On 16. 6. 2022, at 9:02, Raman kumar wrote:
>
> Hello All,
>
> We configured bind 9.18, using jemalloc but still memory consumption is high
> in 9.18 as compared to 9.16.
>
> On version 9.16.21, RAM consumption was 3.8 GB without jemalloc. And on
> 9.18.2
Hello All,
We configured bind 9.18, using jemalloc but still memory consumption is
high in 9.18 as compared to 9.16.
On version 9.16.21, RAM consumption was 3.8 GB without jemalloc. And on
9.18.2, RAM consumption is 4.2 GB with jemalloc with the same data.
Is this the expected behaviour or any
Our June maintenance releases of BIND are available and can be
downloaded from the ISC software download page, https://www.isc.org/download
A summary of significant changes in the new releases can be found in
their release notes:
current supported stable branches:
9.16.30 -
https
Søren,
> Oh.. gosh.. You're right.. It works! - It wasn't 100% clear to me that this
> was the only correct way to install bind from your repo.
We have seen users run into this exact same issue before, so I have now
made this particular bit of information more prominent on the "la
Hello Michael,
Oh.. gosh.. You're right.. It works! - It wasn't 100% clear to me that this was
the only correct way to install bind from your repo.
Thanks a lot.
/Søren
From: Michał Kępień
Sent: Monday, 13 June 2022 22.04
To: Søren Andersen
Cc: Sandro
Søren,
> On a fresh install the selinux context are 'var_t', and if I changed it to
> 'named_var_run_t' it works!
This is the suspicious part for me. How did you install the packages?
The only supported way is the one that is documented [1]:
dnf install isc-bind
That pulls in t
> My apologies if I offended you.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
b
n/kill -TERM
$MAINPID'
PrivateTmp=true
[Install]
WantedBy=multi-user.target
Anyone else who are using ISC repo and have the same issue with the wrong
selinux context?
From: bind-users on behalf of Sandro
Sent: Friday, 10 June 2022 17.45
To: bind-users@list
with your point of view, that PIDFile in case of named has become obsolete.
So, I think we are on the same page here.
-- Sandro
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
"pid-file" of named
:facepalm:
Indeed. I was led down the garden path. The PIDFile setting in the unit
file can be totally different from the pid-file option in bind.
Although, they should probably point to the same file.
Yet, the man page for systemd.service (5) states:
epalm:
Indeed. I was led down the garden path. The PIDFile setting in the unit
file can be totally different from the pid-file option in bind.
Although, they should probably point to the same file.
Yet, the man page for systemd.service (5) states:
Usage of this option [PIDFile] is recommended fo
othing to do with "pid-file" of named
below the entry post:
---
If I remove PIDFile in the systemd unit it just works fine..
[Service]
Type=forking
EnvironmentFile=-/etc/opt/isc/scls/isc-bind/sysconfig/named
#PIDFile=/var/opt/isc/scls/isc-bind/run/named/named.pid
ExecStart=/opt/is
amed chokes on not being able to
write the PID file.
-- Sandro
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more informatio
; The shipped unit file for named on
> Fedora (and by extension RHEL) makes
> use of PID files
but why in the world for a service with only a single process?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with
On 10-06-2022 10:52, Søren Andersen wrote:
I've installed a fresh BIND on a RHEL 8.6 system with enforcing
SElinux, and when I try to start BIND with the provided systemd unit
file it just waits and timeout, and also logs these errors in
/var/log/message
Jun 10 10:09:25 systemd[1]: isc-bind
Am 10.06.22 um 12:59 schrieb Søren Andersen:
I think the source of the systemd unit file is from:
https://gitlab.isc.org/isc-packages/rpms/bind/-/blob/main/named.service.in
<https://gitlab.isc.org/isc-packages/rpms/bind/-/blob/main/named.service.in>
(And I'm using ISC's repo)
P
I think the source of the systemd unit file is from:
https://gitlab.isc.org/isc-packages/rpms/bind/-/blob/main/named.service.in
(And I'm using ISC's repo)
Perhaps Michał Kępień have any idea?
[https://gitlab.isc.org/uploads/-/system/project/avatar/49/rpm-public.png]<https://gitlab.isc.org/
Am 10.06.22 um 10:52 schrieb Søren Andersen:
I've installed a fresh BIND on a RHEL 8.6 system with enforcing SElinux,
and when I try to start BIND with the provided systemd unit file it just
waits and timeout, and also logs these errors in /var/log/message
Jun 10 10:09:25 systemd[1]: isc
Hello,
I've installed a fresh BIND on a RHEL 8.6 system with enforcing SElinux, and
when I try to start BIND with the provided systemd unit file it just waits and
timeout, and also logs these errors in /var/log/message
Jun 10 10:09:25 systemd[1]: isc-bind-named.service: Can't convert PID files
Buster server with BIND 9.16.27 and ISC DHCPd
4.4.1
root@domac:# dpkg -l ...
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version
of 'rndc zonestatus. For the internal view I get a date in
the future for 'next resign time'. For the external view, the date is in
the past. Not sure if that's a tell tale sign.
-- Sandro
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds
begining . thanks
Thanks
Shawn
在 5/26/2022 4:44 PM, Jan-Piet Mens via bind-users 写道:
(putting this back on list)
thank you for the feedback,now I have already start the slave server
[root@bind-master-centos7 ~]# dig kaixinduole.com +nssearch
SOA ns1.kaixinduole.com. shawn.kaixinduole.com
Nick,
On 27-05-2022 10:27, Nick Tait via bind-users wrote:
On 26/05/22 20:34, Matthijs Mekking wrote:
What version are you using? We had a bug with dnssec-policy and views
(#2463), but that has been fixed.
Since 9.16.18 you should not be able to set the same key-directory for
the same zone
:
On 26-05-2022 12:00, Sandro wrote:
Thank you, Matthijs, for pointing out the bug. Do you have any
suggestion for what to try first, key separation or policy separation?
Well, I went for key separation. Let's see if it sticks. Last time I
restarted BIND everything seemed fine in the beginning
wrong?
Thanks,
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
Hi,
I just stumbled upon a problem. It happened on FreeBSD 13.1-RC (going to update
to 13.1 today).
I am running bind 9.18.3 with dnstap using a Unix socket.
Once the socket has been opened by bind, if the process serving the Unix socket
blocks and you try to
kill named, it fails to stop
On 26-05-2022 12:00, Sandro wrote:
Thank you, Matthijs, for pointing out the bug. Do you have any
suggestion for what to try first, key separation or policy separation?
Well, I went for key separation. Let's see if it sticks. Last time I
restarted BIND everything seemed fine in the beginning
as needed.
Since they share the same key now, I could reconfigure the internal view
and have BIND create a new key in a separate directory for that view. I
could also define a separate policy for the internal view to see if that
makes a difference. Probably one change at a time to nail this thing down
26-May-2022 10:06:14.458 debug 3: zone penguinpee.nl/IN/external:
zone_rekey failure: unexpected error (retry in 600 seconds)
One of the first things BIND does, if I'm reading lib/dns/zone.c correctly, is
to attempt to lock the keys, and if it fails it emits that diagnostic.
Assuming
On 23-05-2022 16:12, Sandro wrote:
I'll do some more digging through the log files. I meanwhile increased
the severity to 'debug 3' for dnssec_debug.
I'm having some issues again. Not as severe as last time, since the
RRSIG records are all still within their validity period.
However, bind
On 26-05-2022 10:34, Matthijs Mekking wrote:
What version are you using? We had a bug with dnssec-policy and views
(#2463), but that has been fixed.
I'm using BIND 9.16.28-RH on Fedora Server. I'll take a look at the bug
report in a minute.
Since 9.16.18 you should not be able to set
(putting this back on list)
thank you for the feedback,now I have already start the slave server
[root@bind-master-centos7 ~]# dig kaixinduole.com +nssearch
SOA ns1.kaixinduole.com. shawn.kaixinduole.com. 2022041566 3600 900 604800
86400 from server 52.130.145.30 in 0 ms.
SOA ns1
2. [image: image.png]
In this screenshot you've shown the result of `cat named.conf', but where's the
zone definition for kaixinduole.com? What we are seeing here is a recursive
server.
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC
increased
the severity to 'debug 3' for dnssec_debug.
-- Sandro
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information
h dig, it looks as though the
> domain wasn't reloaded.
>
> Also, it looks like NS2 doesn't responf.
>
> Bob
>
--
Best Regards
Bian Mingkai (边明凯)
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this
still seeing the unchanged SOA serial number.
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users
glance at the zone with dig, it looks as though the
domain wasn't reloaded.
Also, it looks like NS2 doesn't responf.
Bob
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us
/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On 24-05-2022 20:57, Jan-Piet Mens via bind-users wrote:
Slightly off-topic, but I believe ISC reccomend using a custom policy
instead of `default' in case the default changes in future.
Yes, sort of. The documentation hints at the fact that the default
policy is subject to change. I
your system's
resolver, likely querying a caching server which is responding with a cached
entry.
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https
nal.zone";
};
};
view "external" {
zone "penguinpee.nl" {
typeprimary;
file"master/penguinpee.nl.zone";
};
};
Using delv, the internal view of the zone fully validated, for SOA, A,
etc.
That surprises me a
Hello ,
I have run the dns server by myself which installed centos7 and bind
version is BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 (Extended Support
Version) ,the domain name is kaixinduole.com
I just create a cname record for tesing ,which is www cname to www.baidu.com.
please see the below
.
-- Sandro
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
the log files. I meanwhile increased
the severity to 'debug 3' for dnssec_debug.
-- Sandro
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org
ly 6 later. Slight, occasionally
smooth in south, becoming slight or moderate later in north. Showers,
perhaps thundery at first. Good, occasionally poor at first.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software
FcrfTtdZDxO1dmarFgvbb+jAM5dT8EOrqGdOywKjQqjL
dcSHfaFuR8qP5PyyrCW6UOqMxWRjelPqBQBaBIY2aA== )
I thought that with 'dnssec-policy default' BIND would take care of it.
Upon updating the zone, increase the serial number and tell named with
'rndc reload zone'. What am I missing?
-- Sandro
--
Visit https://lists.isc.or
in a few days.
Meanwhile I think the problem with 9.18 was a different one: we use bind as
"distribution" name server with several hughe zones. So XFR from customer in,
and XRF out to 20+ slaves. When we upgraded to 9.18, suddenly the slaves (Bind,
Nsd...) needed longer to update their zo
).
I hope it helps.
Petr Špaček
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
On 18. 5. 2022, at 22:32, Klaus Darilion via bind-users
wrote:
Can you please provide
obligated to reply outside your normal working hours.
> On 18. 5. 2022, at 22:32, Klaus Darilion via bind-users
> wrote:
>
> Can you please provide some commands whose output you are interested? I want
> to collect the statistics for 9.16 before updating to 9.18.
&
Can you please provide some commands whose output you are interested? I want to
collect the statistics for 9.16 before updating to 9.18.
Thanks
Klaus
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Petr
> Špacek
> Gesendet: Mittwoch, 18. Mai 2022 18:20
>
>
> Thank you!
> Petr Špaček
>
>
>> On 18. 05. 22 8:56, Klaus Darilion via bind-users wrote:
>> I remember we had similar issues with 9.18 (isc ppa packages) and hence
>> wen't back to 9.16. But I can not remember the details.
>> regards
>> Klau
.
If you encounter it again please get back to us so we can diagnose it.
Thank you!
Petr Špaček
On 18. 05. 22 8:56, Klaus Darilion via bind-users wrote:
I remember we had similar issues with 9.18 (isc ppa packages) and hence wen't
back to 9.16. But I can not remember the details.
regards
Klaus
Hello,
Please find the details below.
Free command is used to check RAM available/used. space used is 50GB on
RHEL 7.9 in bind version 9.18.2 whereas in bind version 9.16.10 RAM
space used is 44 GB with the same amount of data and configuration.
free -g
totalused
I remember we had similar issues with 9.18 (isc ppa packages) and hence wen't
back to 9.16. But I can not remember the details.
regards
Klaus
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Ondrej
> Surý
> Gesendet: Mittwoch, 18. Mai 2022 08:37
> An: Ra
You did not provided any details, so we can’t really help you.
What is “RAM consumption” anyway? VSZ, RSS, numbers pulled from stats channel
from named?
What’s the hardware, what is the configuration, how was BIND 9 compiled (or
packaged)?
The more details, the better
Ondrej
--
Ondřej Surý
Hello Team,
While upgrading from BIND 9.16.10 to 9.18.2, we have observed high memory
consumption.
On version 9.16.2, RAM consumption was 3.8 GB. And on 9.18.2, RAM
consumption is 4.5 GB. Due to this an increase of approximately 20 % memory
is observed.
Is this the expected behaviour or any
On 13.05.22 10:06, Philip Prindeville wrote:
After rebooting my OpenWRT router with Bind 9.18.1 yesterday, I started seeing
a lot of:
May 12 19:24:06 OpenWrt named[11061]: validating ./NS: no valid signature found
May 12 19:24:06 OpenWrt named[11061]: validating net/DS: no valid signature
.
> >
> > I hope some of that is useful.
> > Cheers, Greg
> >
> > On Fri, 13 May 2022 at 17:07, Philip Prindeville <
> philipp_s...@redfish-solutions.com> wrote:
> > After rebooting my OpenWRT router with Bind 9.18.1 yesterday, I started
> seeing a lot of:
&
e
> into play with a packet ~1k).
>
> I hope some of that is useful.
> Cheers, Greg
>
> On Fri, 13 May 2022 at 17:07, Philip Prindeville
> wrote:
> After rebooting my OpenWRT router with Bind 9.18.1 yesterday, I started
> seeing a lot of:
>
>
> May 12 19
check if
something is doing IP fragmentation (though I wouldn't expect this to come
into play with a packet ~1k).
I hope some of that is useful.
Cheers, Greg
On Fri, 13 May 2022 at 17:07, Philip Prindeville <
philipp_s...@redfish-solutions.com> wrote:
> After rebooting my OpenWRT route
After rebooting my OpenWRT router with Bind 9.18.1 yesterday, I started seeing
a lot of:
May 12 19:24:06 OpenWrt named[11061]: validating ./NS: no valid signature found
May 12 19:24:06 OpenWrt named[11061]: validating net/DS: no valid signature
found
May 12 19:24:06 OpenWrt named[11061
> we observed a strange behaviour for the domain foryoudecor.com,
> when trying to resolve it using bind 9.18.2, using
>
> dig -t mx foryoudecor.com
>
> The bind log for 9.18.2 says:
>
> May 11 12:00:14 ns named[96774]: fetch: foryoudecor.com/MX
> May 11 12:00:14
Hello,
we observed a strange behaviour for the domain foryoudecor.com,
when trying to resolve it using bind 9.18.2, using
dig -t mx foryoudecor.com
The bind log for 9.18.2 says:
May 11 12:00:14 ns named[96774]: fetch: foryoudecor.com/MX
May 11 12:00:14 ns named[96774]: DNS format error from
@mail.mil
james.j.decaro3@mail.smil.mil
-Original Message-
From: Michał Kępień
Sent: Monday, May 9, 2022 7:53 AM
To: DeCaro, James John (Jim) CIV DISA FE (USA)
Cc: bind-users@lists.isc.org; Mcallister, Reginald CTR DISA FE (USA)
Subject: Re: [URL Verdict: Neutral][Non-DoD Source] Re
figure out what that "something"
is yourself, though, because it looks like an environment-specific issue
to me at this point and not a problem with Copr itself.
Good luck!
--
Best regards,
Michał Kępień
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
Hi Anand,
> How did you add this zone to BIND?
We added this zone through OpenStack Desigante. We sent a HTTP request to
Designate for adding a zone. Designate would convert the HTTP request to
RNDC command to add zone to BIND.
Tengfei
Anand Buddhdev 于2022年5月7日周六 16:27写道:
> On 07/05/2
On 07/05/2022 08:08, tengfei xiao wrote:
Hi Tengfei,
We are encountering a problem that SOA records had data residue when
deleting a new-created zone with BIND 9. The operation procedures are as
below:
1. Firstly, a zone named test18.cn was added with BIND 9. The command "dig
-t SOA test
Hi,
We are encountering a problem that SOA records had data residue when
deleting a new-created zone with BIND 9. The operation procedures are as
below:
1. Firstly, a zone named test18.cn was added with BIND 9. The command "dig
-t SOA test18.cn" shows the corresponding SOA record w
I tried this utility and got the following message: gnutls-cli: command not
found...
Thank you
V/R
Jim DeCaro
-Original Message-
From: Ondřej Surý
Sent: Thursday, April 28, 2022 5:15 PM
Cc: DeCaro, James John (Jim) CIV DISA FE (USA) ;
bind-users@lists.isc.org; Mcallister, Reginald
d.org
* start date: Nov 30 00:00:00 2021 GMT
* expire date: May 11 19:03:32 2022 GMT
* common name: download.copr.fedorainfracloud.org
* issuer: CN=DoD WCF Signing CA 2,OU=WCF PKI,OU=DoD,O=U.S. Government,C=US
> GET /results/isc/bind/epel-7-x86_64/repodata/repomd.xml HTTP/1.1
>
On 2/05/2022 8:13 pm, Reindl Harald wrote:
you want 127.0.0.1 act as your resolver no matter what
Well, not always... If your local BIND service isn't a recursive
resolver
irrelevant in context of this topic and worth exactly the same as
saying "if you don't use bind at all" and
> On 2 May 2022, at 18:13, Reindl Harald wrote:
>
>
>
> Am 01.05.22 um 23:54 schrieb Nick Tait via bind-users:
>> On 1/05/2022 9:13 pm, Reindl Harald wrote:
>>> Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users:
>>>> I'm not 100% sure, but
Am 01.05.22 um 23:54 schrieb Nick Tait via bind-users:
On 1/05/2022 9:13 pm, Reindl Harald wrote:
Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users:
I'm not 100% sure, but I wonder if disabling systemd-resolved may
create issues if, for example, you are using netplan with
systemd
>>> On 29 Apr 2022, at 11:24, J Doe wrote:
>>>
>>> Hi,
>>>
>>> I am configuring an RPZ for a validating resolver. I read in the BIND
>>> 9.18.2 ARM that there is a boolean option for RPZ zones called:
>>> break-dnssec.
>>>
nssec clientnon dnssec
client
You don’t want the second recursive server to spend all its time re-asking
queries that will fail validation
On 29 Apr 2022, at 11:24, J Doe wrote:
Hi,
I am configuring an RPZ for a validating resolver. I read in the BIND 9.18.2
ARM that there is a boolean op
On 1/05/2022 9:13 pm, Reindl Harald wrote:
Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users:
I'm not 100% sure, but I wonder if disabling systemd-resolved may
create issues if, for example, you are using netplan with
systemd-networkd as the renderer? E.g. Will it still be possible
Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users:
I'm not 100% sure, but I wonder if disabling systemd-resolved may create
issues if, for example, you are using netplan with systemd-networkd as
the renderer? E.g. Will it still be possible to pick up DNS servers from
IPv6 router
Please do
not feel obligated to reply outside your normal working hours.
On 22. 4. 2022, at 17:20, Randy Bush wrote:
sudo systemctl disable systemd-resolved.service
sudo service systemd-resolved stop
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this li
(Jim) CIV DISA FE (USA)
Cc: bind-users@lists.isc.org; Mcallister, Reginald CTR DISA FE (USA)
Subject: [URL Verdict: Neutral][Non-DoD Source] Re: Attempting to configure an
ISC BIND repository on Red Hat Linux 7.9
All active links contained in this email were disabled. Please verify the
t the second recursive server to spend all its time re-asking
queries that will fail validation
> On 29 Apr 2022, at 11:24, J Doe wrote:
>
> Hi,
>
> I am configuring an RPZ for a validating resolver. I read in the BIND 9.18.2
> ARM that there is a boolean option for
Hi,
I am configuring an RPZ for a validating resolver. I read in the BIND
9.18.2 ARM that there is a boolean option for RPZ zones called:
break-dnssec.
The ARM states:
...In that case, RPZ actions are applied regardless of DNSSEC.
The name of the clause option reflects the fact
401 - 500 of 6382 matches
Mail list logo
