RE: [Non-DoD Source] Re: BIND installed on a Solaris 11.4 x 86 virtual server

2020-06-01 Thread DeCaro, James John (Jim) CIV DISA FE (USA) via bind-users 
Also, BIND binaries are located in /usr/bin and /usr/sbin   --sorry I forgot to 
mention that.  I went ahead and re-compiled with ./configure 
--enable-full-report --with-gssapi=krb5-config --sysconfdir=/etc 
--with-openssl=/usr/local --localstatedir=/var --enable-fixed-rrset and 
installed it, now the default directories are correct but the service still 
goes into maintenance with the same error as produced by named -c 
/etc/named.conf -g.

I apologize that my inexperience makes this confusing.  


V/R
Jim DeCaro
DISA
Systems Administrator
Windows and Unix Server Operations
FE222/DoDNet Service Section
Defense Enclave Services Directorate
☎ 301-225-8180 
☎ 301-375-8180 
james.j.decaro3@mail.mil
james.j.decaro3@mail.smil.mil

"If you always do what you always did you will always get what you always got."


-Original Message-
From: DeCaro, James John (Jim) CIV DISA FE (USA) 
Sent: Monday, June 1, 2020 3:23 PM
To: 'Anand Buddhdev' ; bind-users@lists.isc.org
Subject: RE: [Non-DoD Source] Re: BIND installed on a Solaris 11.4 x 86 virtual 
server

named -c /etc/named.conf -g
01-Jun-2020 15:02:22.034 starting BIND 9.16.3 (Stable Release) 
01-Jun-2020 15:02:22.034 running on SunOS i86pc 5.11 11.4.20.4.0
01-Jun-2020 15:02:22.034 built with '--with-gssapi=krb5-config' 
'LDFLAGS=-L/usr/local/lib -R/usr/local/lib' 
'PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/local/lib/pkgconfig'
01-Jun-2020 15:02:22.034 running as: named -c /etc/named.conf -g
01-Jun-2020 15:02:22.034 compiled by GCC 9.2.0
01-Jun-2020 15:02:22.034 compiled with OpenSSL version: OpenSSL 1.1.1b  26 Feb 
2019
01-Jun-2020 15:02:22.034 linked to OpenSSL version: OpenSSL 1.1.1b  26 Feb 2019
01-Jun-2020 15:02:22.034 compiled with libxml2 version: 2.9.9
01-Jun-2020 15:02:22.034 linked to libxml2 version: 20909
01-Jun-2020 15:02:22.035 compiled with json-c version: 0.12
01-Jun-2020 15:02:22.035 linked to json-c version: 0.12
01-Jun-2020 15:02:22.035 compiled with zlib version: 1.2.11
01-Jun-2020 15:02:22.035 linked to zlib version: 1.2.11
01-Jun-2020 15:02:22.035 
01-Jun-2020 15:02:22.035 BIND 9 is maintained by Internet Systems Consortium,
01-Jun-2020 15:02:22.035 Inc. (ISC), a non-profit 501(c)(3) public-benefit
01-Jun-2020 15:02:22.035 corporation.  Support and training for BIND 9 are
01-Jun-2020 15:02:22.035 available at https://www.isc.org/support
01-Jun-2020 15:02:22.035 
01-Jun-2020 15:02:22.035 found 2 CPUs, using 2 worker threads
01-Jun-2020 15:02:22.035 using 2 UDP listeners per interface
01-Jun-2020 15:02:22.038 using up to 21000 sockets
01-Jun-2020 15:02:22.044 loading configuration from '/etc/named.conf'  
<

RE: [Non-DoD Source] Re: BIND installed on a Solaris 11.4 x 86 virtual server

2020-06-01 Thread DeCaro, James John (Jim) CIV DISA FE (USA) via bind-users 
named -c /etc/named.conf -g
01-Jun-2020 15:02:22.034 starting BIND 9.16.3 (Stable Release) 
01-Jun-2020 15:02:22.034 running on SunOS i86pc 5.11 11.4.20.4.0
01-Jun-2020 15:02:22.034 built with '--with-gssapi=krb5-config' 
'LDFLAGS=-L/usr/local/lib -R/usr/local/lib' 
'PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/local/lib/pkgconfig'
01-Jun-2020 15:02:22.034 running as: named -c /etc/named.conf -g
01-Jun-2020 15:02:22.034 compiled by GCC 9.2.0
01-Jun-2020 15:02:22.034 compiled with OpenSSL version: OpenSSL 1.1.1b  26 Feb 
2019
01-Jun-2020 15:02:22.034 linked to OpenSSL version: OpenSSL 1.1.1b  26 Feb 2019
01-Jun-2020 15:02:22.034 compiled with libxml2 version: 2.9.9
01-Jun-2020 15:02:22.034 linked to libxml2 version: 20909
01-Jun-2020 15:02:22.035 compiled with json-c version: 0.12
01-Jun-2020 15:02:22.035 linked to json-c version: 0.12
01-Jun-2020 15:02:22.035 compiled with zlib version: 1.2.11
01-Jun-2020 15:02:22.035 linked to zlib version: 1.2.11
01-Jun-2020 15:02:22.035 
01-Jun-2020 15:02:22.035 BIND 9 is maintained by Internet Systems Consortium,
01-Jun-2020 15:02:22.035 Inc. (ISC), a non-profit 501(c)(3) public-benefit
01-Jun-2020 15:02:22.035 corporation.  Support and training for BIND 9 are
01-Jun-2020 15:02:22.035 available at https://www.isc.org/support
01-Jun-2020 15:02:22.035 
01-Jun-2020 15:02:22.035 found 2 CPUs, using 2 worker threads
01-Jun-2020 15:02:22.035 using 2 UDP listeners per interface
01-Jun-2020 15:02:22.038 using up to 21000 sockets
01-Jun-2020 15:02:22.044 loading configuration from '/etc/named.conf'  
<>default paths:  these are not what I was shooting 
for --should be:

  named configuration:  /etc/named.conf
  rndc configuration:   /etc/rndc.conf  
  DNSSEC root key:  /etc/bind.keys
 nsupdate session key: /usr/var/run/named/session.key
  named PID file:   /usr/var/run/named/named.pid
  named lock file:  /usr/var/run/named/named.lock

Thank you

V/R
Jim DeCaro
DISA
Systems Administrator
Windows and Unix Server Operations
FE222/DoDNet Service Section
Defense Enclave Services Directorate
☎ 301-225-8180 
☎ 301-375-8180 
james.j.decaro3@mail.mil
james.j.decaro3@mail.smil.mil

"If you always do what you always did you will always get what you always got."


-Original Message-
From: Anand Buddhdev  
Sent: Monday, June 1, 2020 3:00 PM
To: DeCaro, James John (Jim) CIV DISA FE (USA) ; 
bind-users@lists.isc.org
Subject: [Non-DoD Source] Re: BIND installed on

Re: BIND installed on a Solaris 11.4 x 86 virtual server

2020-06-01 Thread Anand Buddhdev 
On 01/06/2020 20:08, DeCaro, James John (Jim) CIV DISA FE (USA) via 
bind-users wrote:


Hi Jim,


Installed BIND 9.16.3 and I discovered that the SMF dns/server is
trying to read named.conf from /usr/local/etc/:
"/usr/local/etc/named.conf: file not found".  I am trying to figure
out how point named to read /etc/named.conf.


I last touched SMF over 15 years ago, and I don't remember enough about 
it now, so I can't speak for the SMF parts of your question.



I did try re-compiling BIND with different switches but it resulted
in the same thing.  Is there an environment variable or a ./configure
switch to re-point the default to /etc/named.conf?  I tried
'--sysconfdir=/etc'  --no luck there.  Do I edit the manifest file?


This *is* the correct way to define the default location of named.conf.


I attempted named -c /etc/named.conf  with no luck


This *must* work. However, your description "no luck" isn't enough. Can 
you describe exactly what happened when you named "named -c 
/etc/named.conf"?



$ named -g:


Run "named -c /etc/named.conf -g" and see what happens.

Regards,
Anand
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

BIND installed on a Solaris 11.4 x 86 virtual server

2020-06-01 Thread DeCaro, James John (Jim) CIV DISA FE (USA) via bind-users 
Installed BIND 9.16.3 and I discovered that the SMF dns/server is trying to 
read named.conf from /usr/local/etc/: "/usr/local/etc/named.conf: file not 
found".  I am trying to figure out how point named to read /etc/named.conf.

I did try re-compiling BIND with different switches but it resulted in the same 
thing.  Is there an environment variable or a ./configure switch to re-point 
the default to /etc/named.conf?  I tried '--sysconfdir=/etc'  --no luck there.  
Do I edit the manifest file?

I tried reviewing the man pages for ./configure but I don't know enough for 
that to answer my question.

I attempted named -c /etc/named.conf  with no luck

$ named -v
BIND 9.16.3 (Stable Release) 

$ named -V
BIND 9.16.3 (Stable Release) 
running on SunOS i86pc 5.11 11.4.20.4.0
built by make with '--with-gssapi=krb5-config' 'LDFLAGS=-L/usr/local/lib 
-R/usr/local/lib' 'PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/local/lib/pkgconfig'
compiled by GCC 9.2.0
compiled with OpenSSL version: OpenSSL 1.1.1b  26 Feb 2019
linked to OpenSSL version: OpenSSL 1.1.1b  26 Feb 2019
compiled with libxml2 version: 2.9.9
linked to libxml2 version: 20909
compiled with json-c version: 0.12
linked to json-c version: 0.12
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled

default paths:   <<- default paths are not correct  
should be /etc/...
  named configuration:  /usr/local/etc/named.conf
  rndc configuration:   /usr/local/etc/rndc.conf
  DNSSEC root key:  /usr/local/etc/bind.keys
  nsupdate session key: /usr/local/var/run/named/session.key
  named PID file:   /usr/local/var/run/named/named.pid
  named lock file:  /usr/local/var/run/named/named.lock


$ named -g:

01-Jun-2020 13:59:55.636 running as: named -g
01-Jun-2020 13:59:55.636 compiled by GCC 9.2.0
01-Jun-2020 13:59:55.636 compiled with OpenSSL version: OpenSSL 1.1.1b  26 Feb 
2019
01-Jun-2020 13:59:55.636 linked to OpenSSL version: OpenSSL 1.1.1b  26 Feb 2019
01-Jun-2020 13:59:55.636 compiled with libxml2 version: 2.9.9
01-Jun-2020 13:59:55.636 linked to libxml2 version: 20909
01-Jun-2020 13:59:55.636 compiled with json-c version: 0.12
01-Jun-2020 13:59:55.637 linked to json-c version: 0.12
01-Jun-2020 13:59:55.637 compiled with zlib version: 1.2.11
01-Jun-2020 13:59:55.637 linked to zlib version: 1.2.11
01-Jun-2020 13:59:55.637 
01-Jun-2020 13:59:55.637 BIND 9 is maintained by Internet Systems Consortium,
01-Jun-2020 13:59:55.637 Inc. (ISC), a non-profit 501(c)(3) public-benefit
01-Jun-2020 13:59:55.637 corporation.  Support and training for BIND 9 are
01-Jun-2020 13:59:55.637 available at https://www.isc.org/support
01-Jun-2020 13:59:55.637 
01-Jun-2020 13:59:55.637 found 2 CPUs, using 2 worker threads
01-Jun-2020 13:59:55.637 using 2 UDP listeners per interface
01-Jun-2020 13:59:55.641 using up to 21000 sockets
01-Jun-2020 13:59:55.647 loading configuration from '/usr/local/etc/named.conf' 
<< should be /etc/named.conf
01-Jun-2020 13:59:55.647 open: /usr/local/etc/named.conf: file not found 
<< should be /etc/named.conf
01-Jun-2020 13:59:55.663 loading configuration: file not found
01-Jun-2020 13:59:55.663 exiting (due to fatal error)


Thanks


V/R
Jim DeCaro
DISA
Systems Administrator
Windows and Unix Server Operations
FE222/DoDNet Service Section
Defense Enclave Services Directorate
☎ 301-225-8180 
☎ 301-375-8180 
james.j.decaro3@mail.mil
james.j.decaro3@mail.smil.mil

"If you always do what you always did you will always get what you always got."


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: nsupdate - adding large/split TXT record (2048 bit DKIM key)

2020-06-01 Thread vom513 
Done:

https://gitlab.isc.org/isc-projects/bind9/-/issues/1907 


Thanks.

> On Jun 1, 2020, at 7:08 AM, Ondřej Surý  wrote:
> 
> I think it’s reasonable for nsupdate to do the chunking on itself. Patches 
> are always welcome, but if you can start by creating issue for us, it would 
> be very much welcome. I can’t offer you any timeframe, but at least it won’t 
> get lost.
> 
> Ondrej
> --
> Ondřej Surý
> ond...@isc.org
> 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: nsupdate - adding large/split TXT record (2048 bit DKIM key)

2020-06-01 Thread vom513 
> On Jun 1, 2020, at 6:50 AM, Andreas S. Kerber  wrote:
> 
> Yeah, I had troubles with those 2048 bit DKIM records too. nsupdate will need 
> it like this:
> 
> server X.X.X.X
> zone ag-trek.de
> update add test.ag-trek.de. 86400 IN TXT"v=DKIM1; 
> k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LmxUW2tnM07YbofiOGR3T6KS/BfHmyPYe0GOEEch/abeTjaL3OtuhmVmr4QMe2HV/6n5SBiVh4PE2wZxUcS2LMNbo5Hn7KO3UsTbIxCKuM6jvUpWtJPgC0uBGNkEARQVBSjW9pqYUQYkXzXLEULbu1AThgaUvCbVzWmvTQeEFXbBWP24O/"
>  
> "LkiprI+iKRskRv0qgIOV0CRm32tk4MP/IcZBdjZ3sHrg3myjVJPfSUBOUyISXKRtiwfIgPeCj4V97Q+psmHvnDz9EID0eZaKih8neroRBETYDLFYjd6Pv9JTqrY7jXOHhM4kmOZOUyNXEIz22JVuaNSJbtXzNWTKpyQIDAQAB"
> 
> 
> Break up the record in chunks of less than 255 byte, enclose each of these 
> parts with "" and feed nsupdate all of these chunks seperated with a space on 
> one line.

Thanks - that’s what I needed.  I have an ‘h=‘ tag as well, so I split mine 
into 3 “chunks”.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: nsupdate - adding large/split TXT record (2048 bit DKIM key)

2020-06-01 Thread Ondřej Surý 
I think it’s reasonable for nsupdate to do the chunking on itself. Patches are 
always welcome, but if you can start by creating issue for us, it would be very 
much welcome. I can’t offer you any timeframe, but at least it won’t get lost.

Ondrej
--
Ondřej Surý
ond...@isc.org

> On 1 Jun 2020, at 12:50, Andreas S. Kerber  wrote:
> 
> On Mon, Jun 01, 2020 at 04:11:43AM -0400, vom513 wrote:
>> Can anyone point me to an example of how to do this ?  I have a script that 
>> rotates my DKIM keys, and uses nsupdate to publish.  With 1024 bit - I must 
>> be getting by by the skin of my teeth…
>> 
>> When I try 2048 bit, the record is obviously longer.  All of my attempts of 
>> running it through the Rube Goldberg sed machine have failed - nsupdate 
>> chokes on format.
> 
> Yeah, I had troubles with those 2048 bit DKIM records too. nsupdate will need 
> it like this:
> 
> server X.X.X.X
> zone ag-trek.de
> update add test.ag-trek.de. 86400 IN TXT"v=DKIM1; 
> k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LmxUW2tnM07YbofiOGR3T6KS/BfHmyPYe0GOEEch/abeTjaL3OtuhmVmr4QMe2HV/6n5SBiVh4PE2wZxUcS2LMNbo5Hn7KO3UsTbIxCKuM6jvUpWtJPgC0uBGNkEARQVBSjW9pqYUQYkXzXLEULbu1AThgaUvCbVzWmvTQeEFXbBWP24O/"
>  
> "LkiprI+iKRskRv0qgIOV0CRm32tk4MP/IcZBdjZ3sHrg3myjVJPfSUBOUyISXKRtiwfIgPeCj4V97Q+psmHvnDz9EID0eZaKih8neroRBETYDLFYjd6Pv9JTqrY7jXOHhM4kmOZOUyNXEIz22JVuaNSJbtXzNWTKpyQIDAQAB"
> 
> 
> Break up the record in chunks of less than 255 byte, enclose each of these 
> parts with "" and feed nsupdate all of these chunks seperated with a space on 
> one line.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users



signature.asc
Description: Message signed with OpenPGP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: nsupdate - adding large/split TXT record (2048 bit DKIM key)

2020-06-01 Thread Andreas S. Kerber 
On Mon, Jun 01, 2020 at 04:11:43AM -0400, vom513 wrote:
> Can anyone point me to an example of how to do this ?  I have a script that 
> rotates my DKIM keys, and uses nsupdate to publish.  With 1024 bit - I must 
> be getting by by the skin of my teeth…
> 
> When I try 2048 bit, the record is obviously longer.  All of my attempts of 
> running it through the Rube Goldberg sed machine have failed - nsupdate 
> chokes on format.

Yeah, I had troubles with those 2048 bit DKIM records too. nsupdate will need 
it like this:

server X.X.X.X
zone ag-trek.de
update add test.ag-trek.de. 86400 IN TXT"v=DKIM1; 
k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LmxUW2tnM07YbofiOGR3T6KS/BfHmyPYe0GOEEch/abeTjaL3OtuhmVmr4QMe2HV/6n5SBiVh4PE2wZxUcS2LMNbo5Hn7KO3UsTbIxCKuM6jvUpWtJPgC0uBGNkEARQVBSjW9pqYUQYkXzXLEULbu1AThgaUvCbVzWmvTQeEFXbBWP24O/"
 
"LkiprI+iKRskRv0qgIOV0CRm32tk4MP/IcZBdjZ3sHrg3myjVJPfSUBOUyISXKRtiwfIgPeCj4V97Q+psmHvnDz9EID0eZaKih8neroRBETYDLFYjd6Pv9JTqrY7jXOHhM4kmOZOUyNXEIz22JVuaNSJbtXzNWTKpyQIDAQAB"


Break up the record in chunks of less than 255 byte, enclose each of these 
parts with "" and feed nsupdate all of these chunks seperated with a space on 
one line.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: nsupdate: using "wildcard" TTL when removing specific record

2020-06-01 Thread Mark Andrews 
TTL is ignored on delete if it present.  It is set to 0 when sending.

2.5.4 - Delete An RR From An RRset

   RRs to be deleted are added to the Update Section.  The NAME, TYPE,
   RDLENGTH and RDATA must match the RR being deleted.  TTL must be
   specified as zero (0) and will otherwise be ignored by the primary
   master.  CLASS must be specified as NONE to distinguish this from an
   RR addition.  If no such RRs exist, then this Update RR will be
   silently ignored by the primary master.



> On 1 Jun 2020, at 18:45, Petr Bena  wrote:
> 
> Hello,
> 
> Is there any way to tell nsupdate to delete specific record with ANY TTL 
> value? For example I have following record:
> 
> record.domain.org 3500 A 1.2.3.4
> 
> I want to delete exactly that record (A with IP 1.2.3.4), except I don't know 
> what the TTL is, normally, if I knew the TTL, I would do
> 
> update delete record.domain.org 3500 A 1.2.3.4
> 
> But I would like to do something like
> 
> update delete record.domain.org * A 1.2.3.4
> 
> Is there any way to accomplish this, or do I always have to retrieve the 
> record somehow, figure out the TTL and then continue?
> 
> Thanks
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

nsupdate: using "wildcard" TTL when removing specific record

2020-06-01 Thread Petr Bena 

Hello,

Is there any way to tell nsupdate to delete specific record with ANY TTL 
value? For example I have following record:


record.domain.org 3500 A 1.2.3.4

I want to delete exactly that record (A with IP 1.2.3.4), except I don't 
know what the TTL is, normally, if I knew the TTL, I would do


update delete record.domain.org 3500 A 1.2.3.4

But I would like to do something like

update delete record.domain.org * A 1.2.3.4

Is there any way to accomplish this, or do I always have to retrieve the 
record somehow, figure out the TTL and then continue?


Thanks

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

nsupdate - adding large/split TXT record (2048 bit DKIM key)

2020-06-01 Thread vom513 
Hello,

Can anyone point me to an example of how to do this ?  I have a script that 
rotates my DKIM keys, and uses nsupdate to publish.  With 1024 bit - I must be 
getting by by the skin of my teeth…

When I try 2048 bit, the record is obviously longer.  All of my attempts of 
running it through the Rube Goldberg sed machine have failed - nsupdate chokes 
on format.

I see lots of blogposts on how to split long TXT records, but I specifically 
need the bits to make nsupdate happy.  The blogs all have these being entered 
by hand or through some web gui.  It’s nsupdate’s particulars that are eluding 
me.

Thanks in advance for any clue.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: 9.16.3 make tests on centos 8

2020-06-01 Thread Petr Menšík 
It seems okay to test it. It just should be able to skip the test if
chosen user cannot reach test directory. This test also fails on 9.11.19
version.

On 6/1/20 1:38 AM, Mark Andrews wrote:
> Opened ticket.  That system test appears to be very linux capabilities 
> specific when run as root.
> 
>> On 1 Jun 2020, at 06:36, Carl Byington via bind-users 
>>  wrote:
>>
>> I:runtime:verifying that named switches UID (14)
>> I:runtime:failed
> 

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: 9.16.3 make tests on centos 8

2020-06-01 Thread Petr Menšík 
Hi, I have fixed this on RHEL by chmod o+x $HOME before build.
I think it should autodetect nobody's access at least to current $HOME.

Not sure what would be the best fix. named-checkconf is missing user
switch. That check should be skipped if not configured properly. I am
unsure which bind utility can detect just missing rights to read file
under specified user.

It was also hit by Red Hat.

Regards,
Petr

On 5/31/20 10:36 PM, Carl Byington via bind-users wrote:
> Trying to build on centos 8, all the tests except one pass. I get a
> failure in bin/tests/system/runtime/tests.sh
> 
> I:runtime:checking that named logs an ellipsis when the command line is
> larger than 8k bytes (13)
> I:runtime:verifying that named switches UID (14)
> I:runtime:failed
> I:runtime:stopping servers
> 
> Ignoring that, the resulting binary seems to run properly.
> 

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users