Re: Bind won't listen
listen-on is a ACL. 0.0.0.0 is short hand for 0.0.0.0/32 and that matches an interface that is NOT configured. Use “any;”. > On 7 May 2021, at 15:37, Dan Egli wrote: > > Okay, I got all the zones loaded by named-checkzone, and named-checkconf > returns no errors. So I started up named in the foreground using the -g > option. All looks good, UNTIL it gets to where it is supposed to listen on > port 53. Then I get: > > 06-May-2021 23:35:20.979 not listening on any interfaces > > Why not? My config file specifically says listen-on { 0.0.0.0; }; and > listen-on-v6 { ::; }; > > -- > Dan Egli > From my Test Server > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind won't listen
Dan, nobody can help you if you strip the logs to bare minimum. -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 7. 5. 2021, at 7:37, Dan Egli wrote: > > Okay, I got all the zones loaded by named-checkzone, and named-checkconf > returns no errors. So I started up named in the foreground using the -g > option. All looks good, UNTIL it gets to where it is supposed to listen on > port 53. Then I get: > > 06-May-2021 23:35:20.979 not listening on any interfaces > > Why not? My config file specifically says listen-on { 0.0.0.0; }; and > listen-on-v6 { ::; }; > > -- > Dan Egli > From my Test Server > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind refusing my DKIM key
Thanks! I went somewhere else, used THEIR dkim generator, and it works fine. I've sent a message to supp...@powerdmarc.com about this. On 5/6/2021 10:40 PM, Mark Andrews wrote: Split the record at 255 characters. TXT field need to be <= 255 characters. Complain to the developers of the tool that created this record that it is INVALID as the field length is TOO BIG. On 7 May 2021, at 14:35, Dan Egli wrote: I don't know what's up, but when I tried to put my DKIM into the test server, named-checkzone keeps giving a syntax error on the key line. Here's what I'm putting in (it really is on one line in the zone file, just too long for my MUA to put on one line): key1._domainkeyINTXT "v=DKIM1;p=QUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQWdRQ3B0Uy9SMzRJQm5yZEhGZFYzNE4zMmdWUjQyelFDUnpXdkJMWDloNkUwOUlRNnBsV0p3S09aL0hHQ3ZjSHlaNytKZVk4MWlCR1p4NWhLN1pvQkZaYTMxcjlmMDRZU2NkeVZmVUQrb004UjJCQzBGNVdQY3ptMGl1TVJQemFqY29tSU5LSHltWEplRHU0K05oTnlhWEJoRi9oS0hrUlNJeFNDU3JqbWxlZWRsdz09IA==" But when I run checkzone: dns_rdata_fromtext: myzone.zone:26: syntax error zone eglifamily.name/IN: loading from master file myzone.zone failed: syntax error What's wrong? Why is it failing? -- Dan Egli From my Test Server ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Dan Egli From my Test Server OpenPGP_0x11B7451DF2015959.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind refusing my DKIM key
Split the record at 255 characters. TXT field need to be <= 255 characters. Complain to the developers of the tool that created this record that it is INVALID as the field length is TOO BIG. > On 7 May 2021, at 14:35, Dan Egli wrote: > > I don't know what's up, but when I tried to put my DKIM into the test server, > named-checkzone keeps giving a syntax error on the key line. Here's what I'm > putting in (it really is on one line in the zone file, just too long for my > MUA to put on one line): > > key1._domainkeyINTXT > "v=DKIM1;p=QUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQWdRQ3B0Uy9SMzRJQm5yZEhGZFYzNE4zMmdWUjQyelFDUnpXdkJMWDloNkUwOUlRNnBsV0p3S09aL0hHQ3ZjSHlaNytKZVk4MWlCR1p4NWhLN1pvQkZaYTMxcjlmMDRZU2NkeVZmVUQrb004UjJCQzBGNVdQY3ptMGl1TVJQemFqY29tSU5LSHltWEplRHU0K05oTnlhWEJoRi9oS0hrUlNJeFNDU3JqbWxlZWRsdz09IA==" > > > But when I run checkzone: > dns_rdata_fromtext: myzone.zone:26: syntax error > zone eglifamily.name/IN: loading from master file myzone.zone failed: syntax > error > > What's wrong? Why is it failing? > -- > Dan Egli > From my Test Server > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind refusing my DKIM key
I don't know what's up, but when I tried to put my DKIM into the test server, named-checkzone keeps giving a syntax error on the key line. Here's what I'm putting in (it really is on one line in the zone file, just too long for my MUA to put on one line): key1._domainkey IN TXT "v=DKIM1;p=QUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQWdRQ3B0Uy9SMzRJQm5yZEhGZFYzNE4zMmdWUjQyelFDUnpXdkJMWDloNkUwOUlRNnBsV0p3S09aL0hHQ3ZjSHlaNytKZVk4MWlCR1p4NWhLN1pvQkZaYTMxcjlmMDRZU2NkeVZmVUQrb004UjJCQzBGNVdQY3ptMGl1TVJQemFqY29tSU5LSHltWEplRHU0K05oTnlhWEJoRi9oS0hrUlNJeFNDU3JqbWxlZWRsdz09IA==" But when I run checkzone: dns_rdata_fromtext: myzone.zone:26: syntax error zone eglifamily.name/IN: loading from master file myzone.zone failed: syntax error What's wrong? Why is it failing? -- Dan Egli From my Test Server OpenPGP_0x11B7451DF2015959.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: took a while to figure out why all your tests fail
First of all the user running the tests needs to be able to write to bin/tests/system. See the permission denied from tee. -- Mark Andrews > On 7 May 2021, at 08:20, Dennis Clarke via bind-users > wrote: > > > > I very carefully created an airgap test system for this process and did > setup all the required network interfaces. However all tests fail > terribly due to some weird python requirement ? > > airgap$ ./runall.sh -n > + SYSTEMTESTTOP=. > + . ./conf.sh > ++ TOP=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005 > ++ DEFAULT_ALGORITHM=RSASHA256 > ++ DEFAULT_ALGORITHM_NUMBER=8 > ++ DEFAULT_BITS=1280 > ++ TMPDIR=/tmp > ++ ALTERNATIVE_ALGORITHM=RSASHA1 > ++ ALTERNATIVE_ALGORITHM_NUMBER=5 > ++ ALTERNATIVE_BITS=1280 > ++ DISABLED_ALGORITHM=ECDSAP384SHA384 > ++ DISABLED_ALGORITHM_NUMBER=14 > ++ DISABLED_BITS=384 > ++ NAMED=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/named/named > ++ > LWRESD='/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/named/named -l' > ++ DIG=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dig/dig > ++ DELV=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/delv/delv > ++ RNDC=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/rndc/rndc > ++ > NSUPDATE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/nsupdate/nsupdate > ++ > DDNSCONFGEN=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/confgen/ddns-confgen > ++ > TSIGKEYGEN=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/confgen/tsig-keygen > ++ > RNDCCONFGEN=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/confgen/rndc-confgen > ++ > KEYGEN=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dnssec/dnssec-keygen > ++ > KEYFRLAB=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dnssec/dnssec-keyfromlabel > ++ > SIGNER=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dnssec/dnssec-signzone > ++ > REVOKE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dnssec/dnssec-revoke > ++ > SETTIME=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dnssec/dnssec-settime > ++ > DSFROMKEY=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dnssec/dnssec-dsfromkey > ++ HOST=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dig/host > ++ > IMPORTKEY=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dnssec/dnssec-importkey > ++ > CHECKDS=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/python/dnssec-checkds > ++ > COVERAGE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/python/dnssec-coverage > ++ > KEYMGR=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/python/dnssec-keymgr > ++ > CHECKZONE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/check/named-checkzone > ++ > CHECKCONF=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/check/named-checkconf > ++ > PK11GEN='/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/pkcs11/pkcs11-keygen > -q -s 0 -p 1234' > ++ > PK11LIST='/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/pkcs11/pkcs11-list > -s 0 -p 1234' > ++ > PK11DEL='/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/pkcs11/pkcs11-destroy > -s 0 -p 1234 -w 0' > ++ > JOURNALPRINT=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tools/named-journalprint > ++ > VERIFY=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dnssec/dnssec-verify > ++ > ARPANAME=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tools/arpaname > ++ > RESOLVE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/lib/samples/resolve > ++ > RRCHECKER=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tools/named-rrchecker > ++ > GENRANDOM=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tools/genrandom > ++ > NSLOOKUP=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dig/nslookup > ++ > DNSTAPREAD=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tools/dnstap-read > ++ MDIG=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tools/mdig > ++ > NZD2NZF=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tools/named-nzd2nzf > ++ FSTRM_CAPTURE= > ++ > FEATURETEST=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/system/feature-test > ++ > RANDFILE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/system/random.data > ++ > BIGKEY=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/system/rsabigexponent/bigkey > ++ > GENCHECK=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/system/rndc/gencheck > ++ > KEYCREATE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/system/tkey/keycreate > ++ > KEYDELETE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/system/tkey/keydelete > ++ > LWTEST=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/system/lwresd/lwtest > ++ > MAKEJOURNAL=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/makejournal > ++ > PIPEQUERIES=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/system/pipelined/pipequeries > ++ > SAMPLEUPDATE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/lib/samples/sample-update > ++ KRB5_CONFIG=/dev/null > ++ RANDOMSIZE=4096 > ++ SEQUENTIALDIRS='ecdsa
RE: BIND 9.16.15 Windows x64 broken?
I'm running BIND 9.16.15 fine on Windows Server Standard 2019. What do you see in the Event Viewer > Application log? There'll be lots of entries in there of course, so just filter by Source "named" and look for any Critical, Error, or Warning messages. Richard. From: bind-users On Behalf Of Jukka Pakkanen Sent: 06 May 2021 11:10 pm To: bind-us...@isc.org Subject: BIND 9.16.15 Windows x64 broken? What changed between Bind 9.16.13 and 9.16.15 Windows x64 binaries? 9.16.15 will not start at all in Server 2008 R2 Enterprise x64, 9.16.13 worked fine. Only get "The service is not responding to the control function" when trying to start the service. Tried this as an upgrade to the 9.16.13, or as a fresh install, same result in both cases. Downgrading to 9.16.13 and works fine again. Jukka ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
took a while to figure out why all your tests fail
I very carefully created an airgap test system for this process and did setup all the required network interfaces. However all tests fail terribly due to some weird python requirement ? airgap$ ./runall.sh -n + SYSTEMTESTTOP=. + . ./conf.sh ++ TOP=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005 ++ DEFAULT_ALGORITHM=RSASHA256 ++ DEFAULT_ALGORITHM_NUMBER=8 ++ DEFAULT_BITS=1280 ++ TMPDIR=/tmp ++ ALTERNATIVE_ALGORITHM=RSASHA1 ++ ALTERNATIVE_ALGORITHM_NUMBER=5 ++ ALTERNATIVE_BITS=1280 ++ DISABLED_ALGORITHM=ECDSAP384SHA384 ++ DISABLED_ALGORITHM_NUMBER=14 ++ DISABLED_BITS=384 ++ NAMED=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/named/named ++ LWRESD='/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/named/named -l' ++ DIG=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dig/dig ++ DELV=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/delv/delv ++ RNDC=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/rndc/rndc ++ NSUPDATE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/nsupdate/nsupdate ++ DDNSCONFGEN=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/confgen/ddns-confgen ++ TSIGKEYGEN=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/confgen/tsig-keygen ++ RNDCCONFGEN=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/confgen/rndc-confgen ++ KEYGEN=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dnssec/dnssec-keygen ++ KEYFRLAB=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dnssec/dnssec-keyfromlabel ++ SIGNER=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dnssec/dnssec-signzone ++ REVOKE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dnssec/dnssec-revoke ++ SETTIME=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dnssec/dnssec-settime ++ DSFROMKEY=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dnssec/dnssec-dsfromkey ++ HOST=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dig/host ++ IMPORTKEY=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dnssec/dnssec-importkey ++ CHECKDS=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/python/dnssec-checkds ++ COVERAGE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/python/dnssec-coverage ++ KEYMGR=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/python/dnssec-keymgr ++ CHECKZONE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/check/named-checkzone ++ CHECKCONF=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/check/named-checkconf ++ PK11GEN='/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/pkcs11/pkcs11-keygen -q -s 0 -p 1234' ++ PK11LIST='/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/pkcs11/pkcs11-list -s 0 -p 1234' ++ PK11DEL='/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/pkcs11/pkcs11-destroy -s 0 -p 1234 -w 0' ++ JOURNALPRINT=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tools/named-journalprint ++ VERIFY=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dnssec/dnssec-verify ++ ARPANAME=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tools/arpaname ++ RESOLVE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/lib/samples/resolve ++ RRCHECKER=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tools/named-rrchecker ++ GENRANDOM=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tools/genrandom ++ NSLOOKUP=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/dig/nslookup ++ DNSTAPREAD=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tools/dnstap-read ++ MDIG=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tools/mdig ++ NZD2NZF=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tools/named-nzd2nzf ++ FSTRM_CAPTURE= ++ FEATURETEST=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/system/feature-test ++ RANDFILE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/system/random.data ++ BIGKEY=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/system/rsabigexponent/bigkey ++ GENCHECK=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/system/rndc/gencheck ++ KEYCREATE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/system/tkey/keycreate ++ KEYDELETE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/system/tkey/keydelete ++ LWTEST=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/system/lwresd/lwtest ++ MAKEJOURNAL=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/makejournal ++ PIPEQUERIES=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/bin/tests/system/pipelined/pipequeries ++ SAMPLEUPDATE=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005/lib/samples/sample-update ++ KRB5_CONFIG=/dev/null ++ RANDOMSIZE=4096 ++ SEQUENTIALDIRS='ecdsa eddsa gost lwresd tkey' ++ PARALLELDIRS='dnssec rpzrecurse acl additional addzone allow-query auth autosignbuiltin cacheclean case catz chain checkconf checknames checkzone cookie database digdelv dlv dlz dlzexternal dns64 dscp dsdigest dyndb ednscompliance emptyzones fetchlimit filter- formerr forward geoip geoip2 glue idna inline integrity ixfrlegacy limits logfileconfig masterfile
BIND 9.16.15 Windows x64 broken?
What changed between Bind 9.16.13 and 9.16.15 Windows x64 binaries? 9.16.15 will not start at all in Server 2008 R2 Enterprise x64, 9.16.13 worked fine. Only get "The service is not responding to the control function" when trying to start the service. Tried this as an upgrade to the 9.16.13, or as a fresh install, same result in both cases. Downgrading to 9.16.13 and works fine again. Jukka ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to return REFUSED
> With 2 views ddos trace looks much better: > > 17:40:21.483188 186.149.116.55.80 > 91.216.35.171.53: [no udp cksum] 1+ > > RRSIG? pizzaseo.com.(30) (ttl 242, id 21165, len 58) > 17:40:21.483470 91.216.35.171.53 > 186.149.116.55.80: [udp sum ok] 1 > > Refused- q: RRSIG? pizzaseo.com. 0/0/0(30) (DF) (ttl 64, id 0, len 58) > > Hopefully, they give up in some days, if there is no amplification any > more. They don't ever give up. I see one or two of these RRSIG? pizzaseo.com. queries every few days and even when I agressively packet filter the ones that appear likely to be real probes from malicious actors as opposed to bogus queries from forged ip addresses targetting innocents, return "refused" for the others and minimise the number of "refused" packets I send out by using "errors-per-second 1", they still keep on trying. The most recent one I've seen was three days ago but there could have been more since then that hit the packet filters when I wasn't paying attention. Regards, Peter Coghlan. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to return REFUSED
> Am 06.05.2021 um 18:41 schrieb Axel Rau : > > This NS has some other clients in the DMZ LAN, so I need Views. With 2 views ddos trace looks much better: 17:40:21.483188 186.149.116.55.80 > 91.216.35.171.53: [no udp cksum] 1+ RRSIG? pizzaseo.com.(30) (ttl 242, id 21165, len 58) 17:40:21.483470 91.216.35.171.53 > 186.149.116.55.80: [udp sum ok] 1 Refused- q: RRSIG? pizzaseo.com. 0/0/0(30) (DF) (ttl 64, id 0, len 58) Hopefully, they give up in some days, if there is no amplification any more. I have now 2 views. All zones are in the internal view. The (only) external zones in external view use in-view to reference them in internal view. axfr seems to work,, notify still to be tested. If someone wants to play with the staging server please: dig ANY chaos1.de. @ns3.lrau.net. Any feedback welcome, Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius signature.asc Description: Message signed with OpenPGP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Installing BIND 9.16.15
See https://gitlab.isc.org/isc-projects/bind9/-/issues/2667 -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 6. 5. 2021, at 18:48, DeCaro, James John (Jim) CIV DISA FE (USA) via > bind-users wrote: > > Hello, > > I have what is probably a very rudimentary question, but I am stuck. > > I am attempting to upgrade BIND on a Solaris 11.4 x86 virtual platform. I > have installed BIND successfully up to version 9.16.12 using ./configure > --enable-full-report --with-gssapi=krb5-config --sysconfdir=/etc > --with-openssl=/usr/local --localstatedir=/var --enable-fixed-rrset > > I also added environment variables: export LDFLAGS="-L/usr/local/lib > -R/usr/local/lib" [and] export > PKG_CONFIG_PATH="usr/lib/pkgconfig:/usr/local/lib/pkgconfig (for libuv) > > This time ./configure aborts with errors related to linking gssapi to kerberos > > checking krb5.h presence... yes > checking for krb5.h... yes > checking krb5-config linking as -lkrb5 -lk5crypto -lcom_err... krb5-config: > could not determine proper GSSAPI linkage > checking for GSSAPI library, non krb5-config method... looking in /usr/lib > checking for gssapi.h... (cached) yes > checking for gssapi/gssapi.h... (cached) yes > checking gssapi_krb5.h usability... no > checking gssapi_krb5.h presence... no > checking for gssapi_krb5.h... no > checking gssapi/gssapi_krb5.h usability... no > checking gssapi/gssapi_krb5.h presence... no > checking for gssapi/gssapi_krb5.h... no > checking for krb5.h... (cached) yes > checking for krb5/krb5.h... (cached) yes > checking kerberosv5/krb5.h usability... no > checking kerberosv5/krb5.h presence... no > checking for kerberosv5/krb5.h... no > checking linking as -lgssapi_krb5... no > checking linking as -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err... no > checking linking as -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv... no > checking linking as -lgssapi... no > checking linking as -lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err... > no > checking linking as -lgssapi -lkrb5 -lcrypt -lasn1 -lroken -lcom_err... no > checking linking as -lgssapi -lkrb5 -lgssapi_krb5 -lcrypt -lasn1 -lroken > -lcom_err... no > checking linking as -lgssapi -lkrb5 -lhx509 -lcrypt -lasn1 -lroken > -lcom_err... no > checking linking as -lgss -lkrb5... no > configure: error: could not determine proper GSSAPI linkage > > I am looking all through the internet, the config.log, README etc. and I > can't seem to find a solution. > krb5.h is located at > /usr/include/kerberosv5/krb5/krb5.h > /usr/include/kerberosv5/krb5.h > /usr/lib/krb5/krb5.h > > I am pretty sure it is a matter of setting the correct path variable, but I > am new at this and I can't figure it out yet. Any help would be appreciated. > > Jim > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to return REFUSED
> Am 05.05.2021 um 22:06 schrieb Kevin Darcy via bind-users > mailto:bind-users@lists.isc.org>>: > > I just checked the ARM, and it denotes that "match-recursive-only" (boolean) > still exists for views. So, you might be able to set up a special view with > that, as well as a negated match-clients, specifying allow-query { none; }. > Put it as the first view, and both non-recursive queries, and queries from > your "recursive-users" ACL, will fall through to subsequent views. > > P.S. ISC's "understanding views" knowledgebase article doesn't mention > match-recursive-only, so there is a discrepancy there. Either the feature has > been removed, and the ARM documentation hasn't been updated to reflect it, or > the knowledgebase article only focuses on the most common view-matching > criteria, omitting match-recursive-only, since the use cases for that are > very rare. Thanks, Kevin for your quick response, which let me start converting to views, Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius signature.asc Description: Message signed with OpenPGP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Installing BIND 9.16.15
Hello, I have what is probably a very rudimentary question, but I am stuck. I am attempting to upgrade BIND on a Solaris 11.4 x86 virtual platform. I have installed BIND successfully up to version 9.16.12 using ./configure --enable-full-report --with-gssapi=krb5-config --sysconfdir=/etc --with-openssl=/usr/local --localstatedir=/var --enable-fixed-rrset I also added environment variables: export LDFLAGS="-L/usr/local/lib -R/usr/local/lib" [and] export PKG_CONFIG_PATH="usr/lib/pkgconfig:/usr/local/lib/pkgconfig (for libuv) This time ./configure aborts with errors related to linking gssapi to kerberos checking krb5.h presence... yes checking for krb5.h... yes checking krb5-config linking as -lkrb5 -lk5crypto -lcom_err... krb5-config: could not determine proper GSSAPI linkage checking for GSSAPI library, non krb5-config method... looking in /usr/lib checking for gssapi.h... (cached) yes checking for gssapi/gssapi.h... (cached) yes checking gssapi_krb5.h usability... no checking gssapi_krb5.h presence... no checking for gssapi_krb5.h... no checking gssapi/gssapi_krb5.h usability... no checking gssapi/gssapi_krb5.h presence... no checking for gssapi/gssapi_krb5.h... no checking for krb5.h... (cached) yes checking for krb5/krb5.h... (cached) yes checking kerberosv5/krb5.h usability... no checking kerberosv5/krb5.h presence... no checking for kerberosv5/krb5.h... no checking linking as -lgssapi_krb5... no checking linking as -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err... no checking linking as -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv... no checking linking as -lgssapi... no checking linking as -lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err... no checking linking as -lgssapi -lkrb5 -lcrypt -lasn1 -lroken -lcom_err... no checking linking as -lgssapi -lkrb5 -lgssapi_krb5 -lcrypt -lasn1 -lroken -lcom_err... no checking linking as -lgssapi -lkrb5 -lhx509 -lcrypt -lasn1 -lroken -lcom_err... no checking linking as -lgss -lkrb5... no configure: error: could not determine proper GSSAPI linkage I am looking all through the internet, the config.log, README etc. and I can't seem to find a solution. krb5.h is located at /usr/include/kerberosv5/krb5/krb5.h /usr/include/kerberosv5/krb5.h /usr/lib/krb5/krb5.h I am pretty sure it is a matter of setting the correct path variable, but I am new at this and I can't figure it out yet. Any help would be appreciated. Jim ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to return REFUSED
> Am 06.05.2021 um 12:05 schrieb Matus UHLAR - fantomas : > > > Which named version do you run? 9.16.15 > do you use views? No, but after reading Tonys response, I’m now starting to convert my config to views. Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius signature.asc Description: Message signed with OpenPGP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to return REFUSED
> Am 06.05.2021 um 16:45 schrieb Tony Finch : > > Axel Rau wrote: > >> I have, >> >> allow-query { any; }; >> allow-query-cache { recursive-users; }; >> allow-recursion { recursive-users; }; >> >> How can I make sure that none recursive-users get a REFUSED if query is >> recursive? > > Weird! I think your config should do what you want so I wonder why it > isn't working. Your server is responding to the problem queries with a > referral from the root zone, so have you configured your server with a > local authoritative copy of the root? Yes. > > There's a broader issue here: > > Usually when you have a server that is providing recursive service to > anyone, it is best to set the allow-query ACL to cover just your users, so > everyone else gets REFUSED. > > This means that your recursive server cannot also be used as an > authoritative server advertised in NS records. Your public authoritative > servers should be authoritative-only and not offer recursion to anyone. > >> PS: I want to minimize the responses to this amplification attack: > > Ooh, RRSIG queries are fun. They are like a stealth ANY query. > > BIND has several tools for dealing with this kind of junk: > > * RRL is very effective > > * minimal-any also minimizes responses to RRSIG queries > > * minimal-responses can also help to reduce packet sizes > > Your server is responding with a referral from the root, so minimal-any > won't have any effect on the response. And because it's a referral, the > glue etc. is not optional, so there's nothing that minimal-responses can > omit. So in your situation the most useful things to do would be: > > * tighten up your allow-query ACL > > * if you can't do that, use RRL (you can add recursive-users to the >exempt-clients list) > > * configure separate views for recursive-users and others; do not >include the root zone in your external view Currently, I have: minimal-responses yes; require-server-cookie yes; rate-limit { responses-per-second 5; exempt-clients { recursive-users; }; }; which do not really help. This NS has some other clients in the DMZ LAN, so I need Views. I gave up with views years ago and I have now to learn to use them with all the recent stuff, like in-view. in-view can be helpful to reference the auth zones in the local view, I guess. Thanks for your your comprehensive explanation, Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius signature.asc Description: Message signed with OpenPGP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: where are the testing docs ?
On 5/6/21 11:24, Ondřej Surý wrote: > FTR the test suite is meant to be used by developers. There’s little value to > use it for validating the production systems. > > Generally speaking, having the dependencies and test interfaces (`sudo > bin/tests/system/ifconfig.sh up`) and running `make check` is enough. > I do NOT trust a build result where I had to go hacking into all the Makefiles just to get it to build. You install without doing testing? Dennis ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: where are the testing docs ?
FTR the test suite is meant to be used by developers. There’s little value to use it for validating the production systems. Generally speaking, having the dependencies and test interfaces (`sudo bin/tests/system/ifconfig.sh up`) and running `make check` is enough. Ondřej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 6. 5. 2021, at 17:03, Dennis Clarke via bind-users > wrote: > > On 5/6/21 10:50, Tony Finch wrote: >> Dennis Clarke via bind-users wrote: >>> >>> Hey there. I looked in the README and I dont see an INSTALL file at all >>> so I have to assume that the testing docs exist somewhere. >> >> Have a look at >> >> https://gitlab.isc.org/isc-projects/bind9/-/tree/main/bin/tests/system > > Good stuff, thank you. I was searching high and low and I did see : > >https://kb.isc.org/docs/aa-00768 > > However that says nothing at all about running the testsuite after a > nice clean build. Which is non-trivial now that Makefiles are slightly > borked but that is another issue. > > Perhaps the docs at https://kb.isc.org/docs/aa-00768 can be updated to > at least point to the gutlab link above? > >> >> There are some more notes in: >> >> https://gitlab.isc.org/isc-projects/bind9/-/blob/main/doc/dev >> > > I will glance there but for now I think the testsuite should be able to > at least run. > > Dennis > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: where are the testing docs ?
On 5/6/21 10:50, Tony Finch wrote: > Dennis Clarke via bind-users wrote: >> >> Hey there. I looked in the README and I dont see an INSTALL file at all >> so I have to assume that the testing docs exist somewhere. > > Have a look at > > https://gitlab.isc.org/isc-projects/bind9/-/tree/main/bin/tests/system Good stuff, thank you. I was searching high and low and I did see : https://kb.isc.org/docs/aa-00768 However that says nothing at all about running the testsuite after a nice clean build. Which is non-trivial now that Makefiles are slightly borked but that is another issue. Perhaps the docs at https://kb.isc.org/docs/aa-00768 can be updated to at least point to the gutlab link above? > > There are some more notes in: > > https://gitlab.isc.org/isc-projects/bind9/-/blob/main/doc/dev > I will glance there but for now I think the testsuite should be able to at least run. Dennis ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Log queried forwarder IP address
Levente Birta wrote: > > I have a caching resolver. Is it possible to log the IP address of the queried > forwarder without too much overhead? dnstap might be what you want, but it's a bit intricate. Tony. -- f.anthony.n.finchhttps://dotat.at/ Irish Sea: Northwesterly 4 to 6, occasionally 7 in north. Slight or moderate. Showers. Good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: where are the testing docs ?
Dennis Clarke via bind-users wrote: > > Hey there. I looked in the README and I dont see an INSTALL file at all > so I have to assume that the testing docs exist somewhere. Have a look at https://gitlab.isc.org/isc-projects/bind9/-/tree/main/bin/tests/system There are some more notes in: https://gitlab.isc.org/isc-projects/bind9/-/blob/main/doc/dev Tony. -- f.anthony.n.finchhttps://dotat.at/ disperse power, foster diversity, and nurture creativity ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to return REFUSED
Axel Rau wrote: > I have, > > allow-query { any; }; > allow-query-cache { recursive-users; }; > allow-recursion { recursive-users; }; > > How can I make sure that none recursive-users get a REFUSED if query is > recursive? Weird! I think your config should do what you want so I wonder why it isn't working. Your server is responding to the problem queries with a referral from the root zone, so have you configured your server with a local authoritative copy of the root? There's a broader issue here: Usually when you have a server that is providing recursive service to anyone, it is best to set the allow-query ACL to cover just your users, so everyone else gets REFUSED. This means that your recursive server cannot also be used as an authoritative server advertised in NS records. Your public authoritative servers should be authoritative-only and not offer recursion to anyone. > PS: I want to minimize the responses to this amplification attack: Ooh, RRSIG queries are fun. They are like a stealth ANY query. BIND has several tools for dealing with this kind of junk: * RRL is very effective * minimal-any also minimizes responses to RRSIG queries * minimal-responses can also help to reduce packet sizes Your server is responding with a referral from the root, so minimal-any won't have any effect on the response. And because it's a referral, the glue etc. is not optional, so there's nothing that minimal-responses can omit. So in your situation the most useful things to do would be: * tighten up your allow-query ACL * if you can't do that, use RRL (you can add recursive-users to the exempt-clients list) * configure separate views for recursive-users and others; do not include the root zone in your external view Tony. -- f.anthony.n.finchhttps://dotat.at/ The Minch: North 6 or 7, backing northwest 3 to 5. Rough or very rough at first northeast of skye, otherwise slight or moderate. Wintry showers. Good, occasionally poor. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to return REFUSED
On 05.05.21 21:09, Axel Rau wrote: allow-query { any; }; allow-query-cache { recursive-users; }; allow-recursion { recursive-users; }; How can I make sure that none recursive-users get a REFUSED if query is recursive? I thought this is the default... PS: I want to minimize the responses to this amplification attack: 19:05:18.703238 185.230.55.130.30120 > 91.216.35.71.53: [no udp cksum] 1+ RRSIG? pizzaseo.com.(30) (ttl 249, id 33043, len 58) 19:05:18.703568 91.216.35.71.53 > 185.230.55.130.30120: [udp sum ok] 1- q: RRSIG? pizzaseo.com. 0/13/14 ns: com. NS j.gtld-servers.net., com. NS m.gtld-servers.net., com. NS c.gtld-servers.net., com. NS b.gtld-servers.net., com. NS d.gtld-servers.net., com. NS e.gtld-servers.net., com. NS l.gtld-servers.net., com. NS f.gtld-servers.net., com. NS h.gtld-servers.net., com. NS i.gtld-servers.net., com. NS a.gtld-servers.net., com. NS k.gtld-servers.net., com. NS g.gtld-servers.net. ar: m.gtld-servers.net. A 192.55.83.30, l.gtld-servers.net. A 192.41.162.30, k.gtld-servers.net. A 192.52.178.30, j.gtld-servers.net. A 192.48.79.30, i.gtld-servers.net. A 192.43.172.30, h.gtld-servers.net. A 192.54.112.30, g.gtld-servers.net. A 192.42.93.30, f.gtld-servers.net. A 192.35.51.30, e.gtld-servers.net. A 192.12.94.30, d.gtld-servers.net. A 192.31.80.30, c.gtld-servers.net. A 192.26.92.30, b.gtld-servers.net. A 192.33.14.30, a.gtld-servers.net. A 192.5.6.30, m.gtld-servers.net. 2001:501:b1f9: :30(490) (ttl 63, id 11754, len 518) ... exactly because of this reason. Which named version do you run? do you use views? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 2B|!2B, that's a question! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users