date:20201020

Re: Logging on a Bind server

2020-10-20 Thread Borja Marcos




> On 20 Oct 2020, at 18:02, Chuck Aurora  wrote:
> 
> On 2020-10-20 10:34, Borja Marcos wrote:
>>> On 20 Oct 2020, at 17:28, Rick Dicaire  wrote:
>>> On Tue, Oct 20, 2020 at 10:17 AM  wrote:
>>> Dear BIND-Users,
>>> Does someone has an idea, which log I have to activate.
> 
> While everything Borja says below, and what Kevin said in the other
> subthread, is absolutely true, in this case I am not sure these are
> the best answers. :)
> 
> I would suggest to the OP that you go to your software vendor and ask
> exactly why you should be concerned about queries going to that
> particular server.  Demand detailed information, which should be a
> reasonable thing, given what your company is paying them.

Of course :) Anyway, gaining the capability of tracing a DNS query so that you
know which clients started it can be extremely valuable.




Borja.


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Logging on a Bind server

2020-10-20 Thread Chuck Aurora


On 2020-10-20 10:34, Borja Marcos wrote:

On 20 Oct 2020, at 17:28, Rick Dicaire  wrote:

On Tue, Oct 20, 2020 at 10:17 AM  wrote:
Dear BIND-Users,

Does someone has an idea, which log I have to activate.


While everything Borja says below, and what Kevin said in the other
subthread, is absolutely true, in this case I am not sure these are
the best answers. :)

I would suggest to the OP that you go to your software vendor and ask
exactly why you should be concerned about queries going to that
particular server.  Demand detailed information, which should be a
reasonable thing, given what your company is paying them.

In some cases, such vendors are frauds.  Note, I have no inside
information about Cybereason nor ns2.honeybot.us, so the warning could
very well be a valid concern.  But I wouldn't recommend going to all
this trouble without knowing details of why to worry.

And then rather than dnstap/logging, I'd probably follow Kevin's
advice about RPZ, if it turned out to be a valid concern.  I think if
your vendor is as good as you hope they are (and as they surely claim
to be) they would have information about setting up RPZ.



Do you have querylog enabled?


Querylog is not enough. It will tell you which clients are sending
which queries, but not which queries go to the Server Of Interest.
It won’t log the queries the recursive server sends itself.

That’s a good use case for dnstap.

As a sort of desperate measure you can capture packets sent to the
suspicious IP addresses (no need to put the interface in promisc
mode) and check which queries were sent to them.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Logging on a Bind server

2020-10-20 Thread Kevin Darcy

[ Classification Level: GENERAL BUSINESS ]

Sorry to follow up on my own post, but I feel I should add a caveat about
blocking IPs -- the resolution of ns2.honeypot.us could *change* over time,
so an IP-based block might not be effective in the long term, and in fact
might cause more harm than good.

If you truly want to block any communication with ns2.honeypot.us by
*name*, permanently, you'd probably have to go to the extreme of creating a
zone for just that particular name, resolve it to 0.0.0.0, something of
that nature.

In the larger picture, you might want to consider, instead, a dynamic,
reputation-based RPZ feed. See https://dnsrpz.info/ for more.

- Kevin

On Tue, Oct 20, 2020 at 10:45 AM Kevin Darcy 
wrote:

> [ Classification Level: GENERAL BUSINESS ]
>
> According to securitytrails.com (for instance), there are over 3,000
> domains hosted on ns2.honeybot.us (securitytrails only shows the first
> few domains hosted -- to see more, one presumably needs a subscription to
> their service).
>
> If one of your clients looked up a name in one of those 3,000+ domains,
> your BIND instance will potentially reach out to that nameserver to resolve
> the name.
>
> As far as BIND logging, I don't know the best way to track this, offhand,
> short of cranking up debug to ridiculous levels, and wading through the
> verbose output. This might take significant resources (storage, CPU, etc.)
>
> It might be easier to run a packet capture, looking for something sent to
> the specific IP associated with ns2.honeybot.us. Or, if you have a robust
> Intrusion Prevention/Detection System (IPS or IDS), maybe configure an
> "alert" rule for that destination IP. For either option, it might also be
> interesting to see the response from ns2.honeybot.us, to check for
> shenanigans.
>
> If you just want to mitigate any danger, and are willing to deal with any
> fallout, you could just block the IP, on your firewall or IPS or with
> BIND's "blackhole" feature.
>
>   - Kevin
>
> On Tue, Oct 20, 2020 at 10:17 AM  wrote:
>
>> Dear BIND-Users,
>>
>> We use in our environment a BIND Server. It works properly.
>> One Day it came an alert from Cybereason (Antivirus-Software), that our
>> Bind server tried to Connect to a suspicious domain "ns2.honeybot.us".
>> But I couldn’t find the log,  which domain the BIND server was searching
>> for, so that the BIND server has to connect to "ns2.honeybot.us". I can
>> see the Queries log, which domain the Clients were querying but I couldn’t
>> find out why our Bind Server tried to connect the name server "
>> ns2.honeybot.us".
>>
>> Does someone has an idea, which log I have to activate.
>>
>> Thank you for your help in advance.
>>
>> Best Regards
>> Senthan
>>
>> --
>>
>> Schwyzer Kantonalbank
>>
>> Senthan Sivasundaram
>>
>> IT Systems
>>
>> Postfach 263
>>
>> 6431 Schwyz
>>
>>
>>
>> Tel. +41 (0)58 800 29 88
>>
>> Fax +41 (0)58 800 20 21
>>
>> senthan.sivasunda...@szkb.ch
>>
>> www.szkb.ch
>>
>>
>>
>> [image: http://www.szkb.ch/files/png1/facebook.png]
>>   [image:
>> http://www.szkb.ch/files/png1/xing.png]
>>   [image:
>> http://www.szkb.ch/files/png1/youtube.png]
>> 
>>
>>
>>
>>
>> Gut beraten, Schwyzer Art. - SZKB-Newsletter abonnieren
>> 
>>
>>
>> Aufgrund der bisherigen E-Mail-Korrespondenz bzw. getroffener Absprachen,
>> erachtet sich die SZKB als berechtigt, mit Ihnen per E-Mail zu
>> kommunizieren. Die SZKB geht davon aus, dass Sie die Risiken von E-Mails
>> kennen und in Kauf nehmen. So sind namentlich gewöhnliche,
>> unverschlüsselte, E-Mails, die über das Internet gesendet werden, weder
>> vertraulich noch sicher. Es besteht die Gefahr von Manipulation oder
>> Missbrauch durch Dritte, Fehlleitung, verzögerte Übermittlung oder
>> Bearbeitung, Anhang von Viren, Malware usw. Die SZKB lehnt jede Haftung für
>> Schäden im Zusammenhang mit der Verwendung von E-Mails ab, sofern sie die
>> geschäftsübliche Sorgfalt nicht verletzt hat.
>>
>> E-Mails werden nur während den üblichen Geschäftszeiten der SZKB
>> bearbeitet. Sie können nicht von der sofortigen Kenntnisnahme Ihrer E-Mail
>> ausgehen. Die SZKB ist grundsätzlich nicht verpflichtet, Aufträge oder
>> Anweisungen, die per E-Mail erteilt werden, auszuführen, ausser dies wurde
>> ausdrücklich vereinbart. Falls Sie diese E-Mail irrtümlich erhalten haben,
>> ersuchen wir Sie, die E-Mail an den Absender zurückzusenden und die
>> Nachricht mit allen Anhängen von ihrem System zu löschen.
>>
>>
>>   Bitte denken Sie an die Umwelt - drucken Sie diese E-Mail nicht aus und
>> sparen Sie pro Seite 100 ml Wasser, 7 g CO2 und 11 g Holz.
>>
>> Gut beraten, Schwyzer Art. - SZKB-Newsletter abonnieren
>>

Re: Logging on a Bind server

2020-10-20 Thread Borja Marcos

> On 20 Oct 2020, at 17:28, Rick Dicaire  wrote:
> 
> On Tue, Oct 20, 2020 at 10:17 AM  wrote:
> Dear BIND-Users,
> 
> Does someone has an idea, which log I have to activate.
> 
> 
> Do you have querylog enabled? 

Querylog is not enough. It will tell you which clients are sending which 
queries, but not which queries
go to the Server Of Interest. It won’t log the queries the recursive server 
sends itself.

That’s a good use case for dnstap. 

As a sort of desperate measure you can capture packets sent to the suspicious 
IP addresses (no need to
put the interface in promisc mode) and check which queries were sent to them. 

Borja.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Logging on a Bind server

2020-10-20 Thread Rick Dicaire

On Tue, Oct 20, 2020 at 10:17 AM  wrote:

> Dear BIND-Users,
>
> Does someone has an idea, which log I have to activate.
>

Do you have querylog enabled?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Why are no notifies send?

2020-10-20 Thread Sami Ait Ali Oulahcen via bind-users




On 10/20/20 3:54 PM, Axel Rau wrote:



Am 20.10.2020 um 16:02 schrieb Sami Ait Ali Oulahcen >:


I don't see the part where the acls are used.
Yes, acls have nothing to do with the notify, instead they are used in 
an allow-transfer statement.



Is "also-notify" meant to be "allow-notify" ?

No:
 From bind 9.16 ARM:

also-notify


Yes, sorry just realized after sending. I never used that option before. 
It shouldn't be an issue with the stack, we've been using v6 for 
notifies for years.


Only meaningful if notify is active for this zone. The set of machines 
that will receive a DNS NOTIFY message for this zone is made up of all 
the listed name servers (other than the primary master) for the zone 
plus any IP addresses specified with also-notify. A port may be 
specified with each also-notify address to send the notify messages to a 
port other than the default of 53. A TSIG key may also be specified to 
cause the NOTIFY to be signed by the given key. also-notify is not 
meaningful for stub zones. The default is the empty list.


Axel
---
PGP-Key: CDE74120  ☀  computing @ chaos claudius


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Why are no notifies send?

2020-10-20 Thread Axel Rau



> Am 20.10.2020 um 16:02 schrieb Sami Ait Ali Oulahcen :
> 
> I don't see the part where the acls are used.
Yes, acls have nothing to do with the notify, instead they are used in an 
allow-transfer statement.

> Is "also-notify" meant to be "allow-notify" ?
No:
From bind 9.16 ARM:

also-notify
Only meaningful if notify is active for this zone. The set of machines that 
will receive a DNS NOTIFY message for this zone is made up of all the listed 
name servers (other than the primary master) for the zone plus any IP addresses 
specified with also-notify. A port may be specified with each also-notify 
address to send the notify messages to a port other than the default of 53. A 
TSIG key may also be specified to cause the NOTIFY to be signed by the given 
key. also-notify is not meaningful for stub zones. The default is the empty 
list.

Axel
---
PGP-Key: CDE74120  ☀  computing @ chaos claudius



signature.asc
Description: Message signed with OpenPGP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Logging on a Bind server

2020-10-20 Thread Kevin Darcy

[ Classification Level: GENERAL BUSINESS ]

According to securitytrails.com (for instance), there are over 3,000
domains hosted on ns2.honeybot.us (securitytrails only shows the first few
domains hosted -- to see more, one presumably needs a subscription to their
service).

If one of your clients looked up a name in one of those 3,000+ domains,
your BIND instance will potentially reach out to that nameserver to resolve
the name.

As far as BIND logging, I don't know the best way to track this, offhand,
short of cranking up debug to ridiculous levels, and wading through the
verbose output. This might take significant resources (storage, CPU, etc.)

It might be easier to run a packet capture, looking for something sent to
the specific IP associated with ns2.honeybot.us. Or, if you have a robust
Intrusion Prevention/Detection System (IPS or IDS), maybe configure an
"alert" rule for that destination IP. For either option, it might also be
interesting to see the response from ns2.honeybot.us, to check for
shenanigans.

If you just want to mitigate any danger, and are willing to deal with any
fallout, you could just block the IP, on your firewall or IPS or with
BIND's "blackhole" feature.

  - Kevin

On Tue, Oct 20, 2020 at 10:17 AM  wrote:

> Dear BIND-Users,
>
> We use in our environment a BIND Server. It works properly.
> One Day it came an alert from Cybereason (Antivirus-Software), that our
> Bind server tried to Connect to a suspicious domain "ns2.honeybot.us".
> But I couldn’t find the log,  which domain the BIND server was searching
> for, so that the BIND server has to connect to "ns2.honeybot.us". I can
> see the Queries log, which domain the Clients were querying but I couldn’t
> find out why our Bind Server tried to connect the name server "
> ns2.honeybot.us".
>
> Does someone has an idea, which log I have to activate.
>
> Thank you for your help in advance.
>
> Best Regards
> Senthan
>
> --
>
> Schwyzer Kantonalbank
>
> Senthan Sivasundaram
>
> IT Systems
>
> Postfach 263
>
> 6431 Schwyz
>
>
>
> Tel. +41 (0)58 800 29 88
>
> Fax +41 (0)58 800 20 21
>
> senthan.sivasunda...@szkb.ch
>
> www.szkb.ch
>
>
>
> [image: http://www.szkb.ch/files/png1/facebook.png]
>   [image:
> http://www.szkb.ch/files/png1/xing.png]
>   [image:
> http://www.szkb.ch/files/png1/youtube.png]
> 
>
>
>
>
> Gut beraten, Schwyzer Art. - SZKB-Newsletter abonnieren
> 
>
>
> Aufgrund der bisherigen E-Mail-Korrespondenz bzw. getroffener Absprachen,
> erachtet sich die SZKB als berechtigt, mit Ihnen per E-Mail zu
> kommunizieren. Die SZKB geht davon aus, dass Sie die Risiken von E-Mails
> kennen und in Kauf nehmen. So sind namentlich gewöhnliche,
> unverschlüsselte, E-Mails, die über das Internet gesendet werden, weder
> vertraulich noch sicher. Es besteht die Gefahr von Manipulation oder
> Missbrauch durch Dritte, Fehlleitung, verzögerte Übermittlung oder
> Bearbeitung, Anhang von Viren, Malware usw. Die SZKB lehnt jede Haftung für
> Schäden im Zusammenhang mit der Verwendung von E-Mails ab, sofern sie die
> geschäftsübliche Sorgfalt nicht verletzt hat.
>
> E-Mails werden nur während den üblichen Geschäftszeiten der SZKB
> bearbeitet. Sie können nicht von der sofortigen Kenntnisnahme Ihrer E-Mail
> ausgehen. Die SZKB ist grundsätzlich nicht verpflichtet, Aufträge oder
> Anweisungen, die per E-Mail erteilt werden, auszuführen, ausser dies wurde
> ausdrücklich vereinbart. Falls Sie diese E-Mail irrtümlich erhalten haben,
> ersuchen wir Sie, die E-Mail an den Absender zurückzusenden und die
> Nachricht mit allen Anhängen von ihrem System zu löschen.
>
>
>   Bitte denken Sie an die Umwelt - drucken Sie diese E-Mail nicht aus und
> sparen Sie pro Seite 100 ml Wasser, 7 g CO2 und 11 g Holz.
>
> Gut beraten, Schwyzer Art. - SZKB-Newsletter abonnieren
> 
>
>
> Aufgrund der bisherigen E-Mail-Korrespondenz bzw. getroffener Absprachen,
> erachtet sich die SZKB als berechtigt, mit Ihnen per E-Mail zu
> kommunizieren. Die SZKB geht davon aus, dass Sie die Risiken von E-Mails
> kennen und in Kauf nehmen. So sind namentlich gewöhnliche,
> unverschlüsselte, E-Mails, die über das Internet gesendet werden, weder
> vertraulich noch sicher. Es besteht die Gefahr von Manipulation oder
> Missbrauch durch Dritte, Fehlleitung, verzögerte Übermittlung oder
> Bearbeitung, Anhang von Viren, Malware usw. Die SZKB lehnt jede Haftung für
> Schäden im Zusammenhang mit der Verwendung von E-Mails ab, sofern sie die
> geschäftsübliche Sorgfalt nicht verletzt hat.
>
> E-Mails werden nur während den üblichen Geschäftszeiten der SZKB
> bearbeitet. Sie können nicht von der sofortigen Kenntnisnahme Ihrer E-Ma

Logging on a Bind server

2020-10-20 Thread Senthan.Sivasundaram

Dear BIND-Users,
We use in our environment a BIND Server. It works properly.
One Day it came an alert from Cybereason (Antivirus-Software), that our Bind 
server tried to Connect to a suspicious domain "ns2.honeybot.us".
But I couldn't find the log,  which domain the BIND server was searching for, 
so that the BIND server has to connect to "ns2.honeybot.us". I can see the 
Queries log, which domain the Clients were querying but I couldn't find out why 
our Bind Server tried to connect the name server "ns2.honeybot.us".

Does someone has an idea, which log I have to activate.

Thank you for your help in advance.

Best Regards
Senthan
--
Schwyzer Kantonalbank
Senthan Sivasundaram
IT Systems
Postfach 263
6431 Schwyz

Tel. +41 (0)58 800 29 88
Fax +41 (0)58 800 20 21
senthan.sivasunda...@szkb.ch
www.szkb.ch

[http://www.szkb.ch/files/png1/facebook.png]  
[http://www.szkb.ch/files/png1/xing.png] 
   
[http://www.szkb.ch/files/png1/youtube.png] 



Gut beraten, Schwyzer Art. - SZKB-Newsletter 
abonnieren


Aufgrund der bisherigen E-Mail-Korrespondenz bzw. getroffener Absprachen, 
erachtet sich die SZKB als berechtigt, mit Ihnen per E-Mail zu kommunizieren. 
Die SZKB geht davon aus, dass Sie die Risiken von E-Mails kennen und in Kauf 
nehmen. So sind namentlich gewöhnliche, unverschlüsselte, E-Mails, die über das 
Internet gesendet werden, weder vertraulich noch sicher. Es besteht die Gefahr 
von Manipulation oder Missbrauch durch Dritte, Fehlleitung, verzögerte 
Übermittlung oder Bearbeitung, Anhang von Viren, Malware usw. Die SZKB lehnt 
jede Haftung für Schäden im Zusammenhang mit der Verwendung von E-Mails ab, 
sofern sie die geschäftsübliche Sorgfalt nicht verletzt hat.

E-Mails werden nur während den üblichen Geschäftszeiten der SZKB bearbeitet. 
Sie können nicht von der sofortigen Kenntnisnahme Ihrer E-Mail ausgehen. Die 
SZKB ist grundsätzlich nicht verpflichtet, Aufträge oder Anweisungen, die per 
E-Mail erteilt werden, auszuführen, ausser dies wurde ausdrücklich vereinbart. 
Falls Sie diese E-Mail irrtümlich erhalten haben, ersuchen wir Sie, die E-Mail 
an den Absender zurückzusenden und die Nachricht mit allen Anhängen von ihrem 
System zu löschen.


[https://www.szkb.ch/files/png1/co2.png]  Bitte denken Sie an die Umwelt - 
drucken Sie diese E-Mail nicht aus und
sparen Sie pro Seite 100 ml Wasser, 7 g CO2 und 11 g Holz.

Gut beraten, Schwyzer Art. - SZKB-Newsletter 
abonnieren


Aufgrund der bisherigen E-Mail-Korrespondenz bzw. getroffener Absprachen, 
erachtet sich die SZKB als berechtigt, mit Ihnen per E-Mail zu kommunizieren. 
Die SZKB geht davon aus, dass Sie die Risiken von E-Mails kennen und in Kauf 
nehmen. So sind namentlich gewöhnliche, unverschlüsselte, E-Mails, die über das 
Internet gesendet werden, weder vertraulich noch sicher. Es besteht die Gefahr 
von Manipulation oder Missbrauch durch Dritte, Fehlleitung, verzögerte 
Übermittlung oder Bearbeitung, Anhang von Viren, Malware usw. Die SZKB lehnt 
jede Haftung für Schäden im Zusammenhang mit der Verwendung von E-Mails ab, 
sofern sie die geschäftsübliche Sorgfalt nicht verletzt hat.

E-Mails werden nur während den üblichen Geschäftszeiten der SZKB bearbeitet. 
Sie können nicht von der sofortigen Kenntnisnahme Ihrer E-Mail ausgehen. Die 
SZKB ist grundsätzlich nicht verpflichtet, Aufträge oder Anweisungen, die per 
E-Mail erteilt werden, auszuführen, ausser dies wurde ausdrücklich vereinbart. 
Falls Sie diese E-Mail irrtümlich erhalten haben, ersuchen wir Sie, die E-Mail 
an den Absender zurückzusenden und die Nachricht mit allen Anhängen von ihrem 
System zu löschen.



smime.p7s
Description: S/MIME cryptographic signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Why are no notifies send?

2020-10-20 Thread Sami Ait Ali Oulahcen via bind-users

I don't see the part where the acls are used. Is "also-notify" meant to 
be "allow-notify" ?


On 10/20/20 12:55 PM, Axel Rau wrote:

Using the IPv4 address of the dual stack notify receiver, works.

Has anybody a working IPv6 notify address in use?

Axel

Am 16.10.2020 um 10:59 schrieb Axel Rau >:


Signierter PGP-Teil
Hi all,

related parts from my named.conf:
- - -
include "/usr/local/etc/namedb/dns-keys/Kns4-he.net.conf";


// slave.dns.he.net  pulls zones from us, 
ns1.he.net  receives notify from us

 server 216.218.133.2 {
   keys { ns4-he.net . ; };
   };
 server 2001:470:600::2 {
   keys { ns4-he.net . ; };
   };
 server 2001:470:100::2 {
   keys { ns4-he.net . ; };
   };


// From slave.dns.he.net  pulls zones from 
us, ns1.he.net  receives notify from us
 acl not-he {  !216.218.133.2;  !2001:470:600::2;  !2001:470:100::2; 
 any; };

 acl ns4-he { !not-he; key ns4-he.net .; };


also-notify {
   2001:470:100::2 key "ns4-he.net " ;
   144.91.89.26 key "ns5-ping" ;
};
- - -
I can’t see any notifies to 2001:470:100::2 in the logs.

What am I doing wrong?

Axel
---
PGP-Key: CDE74120  ☀  computing @ chaos claudius




---
PGP-Key: CDE74120  ☀  computing @ chaos claudius


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Why are no notifies send?

2020-10-20 Thread Axel Rau

Using the IPv4 address of the dual stack notify receiver, works.

Has anybody a working IPv6 notify address in use?

Axel

> Am 16.10.2020 um 10:59 schrieb Axel Rau :
> 
> Signierter PGP-Teil
> Hi all,
> 
> related parts from my named.conf:
> - - -
> include "/usr/local/etc/namedb/dns-keys/Kns4-he.net.conf";
> 
> 
> // slave.dns.he.net pulls zones from us, ns1.he.net receives notify from us
>  server 216.218.133.2 {
>keys { ns4-he.net. ; };
>};
>  server 2001:470:600::2 {
>keys { ns4-he.net. ; };
>};
>  server 2001:470:100::2 {
>keys { ns4-he.net. ; };
>};
> 
> 
> // From slave.dns.he.net pulls zones from us, ns1.he.net receives notify from 
> us
>  acl not-he {  !216.218.133.2;  !2001:470:600::2;  !2001:470:100::2;  any; };
>  acl ns4-he { !not-he; key ns4-he.net.; };
> 
> 
>   also-notify {
>2001:470:100::2 key "ns4-he.net" ;
>144.91.89.26 key "ns5-ping" ;
>   };
> - - -
> I can’t see any notifies to 2001:470:100::2 in the logs.
> 
> What am I doing wrong?
> 
> Axel
> ---
> PGP-Key: CDE74120  ☀  computing @ chaos claudius
> 
> 
> 

---
PGP-Key: CDE74120  ☀  computing @ chaos claudius



signature.asc
Description: Message signed with OpenPGP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Logging on a Bind server

Re: Logging on a Bind server

Re: Logging on a Bind server

Re: Logging on a Bind server

Re: Logging on a Bind server

Re: Why are no notifies send?

Re: Why are no notifies send?

Re: Logging on a Bind server

Logging on a Bind server

Re: Why are no notifies send?

Re: Why are no notifies send?

11 matches

Site Navigation

Mail list logo

Footer information