Jiann-Ming Su wrote:
> What would cause a delay in zone transfers? The notify go out
> immediately when the serial number changes on the master, but some of the
> secondaries can take up to 10 minutes before initiating the zone
> transfer. Also, even after the zone has been transferred, the secon
sasa sasa wrote:
> I'm trying to setup a DNS for an ISP, this ISP's DNS is in delegation
> tree (answering world), and I know about cache vulnerabilities so I was
> wondering what is the best solution for ISPs? By separating cache from
> authorities, you mean implementing 2 DNSs (2 different IPs)?
'ns1.zdns.google/A'
As this is logged at "info" level, I presume it doesn't do any harm, but
has anyone run into this with this particular Google domain ? I have
seen it over a number of weeks.
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to un
ificance of logging the URL and why does this happen in
only some cases ?
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contac
Hello,
I run BIND 9.18.26 as a recursive, validating resolver. In my logs, I
noticed the following:
22-Apr-2024 19:25:59.614 lame-servers: info: chase DS servers
resolving '180.96.34.in-addr.arpa/DS/IN': 216.239.34.102#53
What does "chase DS servers" mean ?
T
7;s listed ?
Secondly, I'm still not entirely sure what the phrasing "chase DS
servers" means. I am aware of the DS RR type.
As a side-note: I believe the "lame-servers" here is a function of me
configuring QNAME minimization to "relaxed".
Thanks,
- J
e got it now - thanks for you explanation!
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users ma
arpa/dnssec/>
Hi Josh,
Ok, sounds good!
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bin
ffic being truncated
and/or rejected via firewalls or middle-boxes that enforce limits on
expected packet size (I believe one of the goals of a recent Flag Day
was to address these configs), but what would lead to truncated TCP
traffic in the context of DNS ?
Thanks,
- J
--
Visit https://lists.isc.o
On 2024-05-05 20:47, Mark Andrews wrote:
On 6 May 2024, at 07:38, J Doe wrote:
Hello,
I run BIND 9.18.26 as a recursive, validating resolver. In my logs, I
noticed the following:
01-May-2024 00:52:49.689 lame-servers: info: truncated TCP response
resolving 'www.ipfire.
.
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
in the cloud with excellent connectivity, I don't do
anything special with my firewall and I do not run any software that
would mutate the DNS data over port 53.
What could be causing the cookie to not be received from this particular
server over a number of days ?
Thanks,
- J
--
Visit
On 2024-05-17 19:37, Nick Tait via bind-users wrote:
On 18/05/2024 09:11, J Doe wrote:
Hello,
When using RPZ with BIND 9.18.27 and rpz-ip, can any CIDR prefix be used
or must they be either: /8, /16, /24, /32 for IPv4 ?
For example, if I want to block records with an A address of
en a query that times out
versus a query that hangs ?
In both cases, I would think these queries are hitting a time limit and
are stopped by BIND, but the fact that there are two different log
entries makes me wonder if there's more to this.
Thanks,
- J
--
Visit https://lists.isc.org/mailma
thing else ?
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc
meter in: named.conf, as
Petr had mentioned. Bumping it from the default of 100 to 120 and
repeating the test allows my resolver to return all the A records.
Thank you for the warning of potential DoS ... I am thinking that a
small increase on a server that doesn't get/generate a huge of e-ma
Hello all!
I understand RFC compliant DNS servers use AXFR and IXFR for synching
bewteen masters and slaves... and that this is the general scenario for
that purpose.
However, I need somebody to technically explain
to me why cant I use a DNS resolver daemon such as the pdnsd dns proxy
dae
Due to a little too aggressive firewall configuration we had a lot of
"deleted from unreachable cache"
messsages in the log, but absolutely no messages logged for the reason for
entering the host
into the cache, which is much more useful in tracking down the problem.
It appears to me, that the
I am wondering why a particular test of 9.10.0 is failing and how it can be
fixed.
It happens repeatedly with linux on two different hardware platforms.
I:System test result summary:
I: 1 FAIL
I: 63 PASS
I: 4 SKIPPED
T:xfer:1:A
A:System test xfer
I:testing basic zone transfer fu
On Fri, 06 Jun 2014 09:45:56 +1000,Mark Andrews wrote:
>
>It takes years to do transitions like this. TXT to SPF was actually
>ramping up but that is now water under the bridge.
>
In that case named-compilezone should no longer emit
found SPF/TXT record but no SPF/SPF record found, add match
On Tue, 27 Jan 2015 11:16:04 +0530,Mukund Sivaraman wrote:
>Meanwhile, please can you enable statistics-channels in named.conf and
>send us a dump of the XML statistics along with process sizes reported
>by ps when named grows very large?
>
I run the small script below every 5 minutes in a cron
Hello their,
I am new to bind dns i would like to configure a public
dns . I need to know what is the procedure to configure bind dns
server in cento os 6 and how to increase the performance of the bind
server . I am waiting for your answer
Thank you
__
Hi their i need an new ideas for securing the bind dns server for centos 6.6
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/
How to change centos server as real time cloud server ?..
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Hi
How to configure a DNS server as public DNS server like google's 8.8.8.8 server
Help me to clear out these problem
Thank you
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bi
Hello,
In my named.log I can see a lot of SERVFAIL/REFUSED unexpected RCODE messages.
Most of the time someone tries to resolve a PTR
I can see an average of 10 messages per second like these
May 3 10:46:26 dns named[7228]: REFUSED unexpected RCODE resolving
'x.204.99.116.in-addr.arpa/PTR/IN': 2
o correct the servers or remove the
delegations."You mean this one "x.204.99.116.in-addr.arpa" which appeared in my
logs ?
Regards
Le Mardi 3 mai 2016 13h30, Mark Andrews a écrit :
In message <353379836.10168122.1462272936427.javamail.ya...@mail.yahoo.com>, Mi
k J
Thank you guys for your answers.
Le Mardi 3 mai 2016 16h09, Barry Margolin a écrit :
In article ,
Mik J wrote:
> Hello Mark,
> Thank you for your answer. I'm not sure I've understood everything but I'll
> read it numerous times if necessary.I have ACLs so
Hello,
I have a bind DNS that is authoritative for many zones and that same system is
also forwarding.I plan to split these two functions on two different systems.
Have some of you done this task ? Do you have any guidelines or advices ?
I'm thinking about migrating the forwarding functionality to
servers don't let queued
messages grow older than one day".
Out of curiosity, what servers have you encountered that no longer use
the five day cutoff ?
Thanks,
- J
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to uns
oes a lookup and performs DNSSEC validation,
validation works ? Or do I still need to download bind.keys from [1] ?
Thanks for your help,
- J
Sources:
[1] https://www.isc.org/bind-keys/
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC fund
On 2022-03-30 02:23, Evan Hunt wrote:
On Wed, Mar 30, 2022 at 12:16:05AM -0400, J Doe wrote:
I have a question about the bind.keys file and what happens when it is
not available.
[...]
** If I don't have bind.keys in my BIND directory but have:
dnssec-validation auto in my named.con
te.
This would mean that: break-dnssec yes:
...only breaks DNSSEC validation for evil.com because it is re-written
...does NOT break DNSSEC validation for sites _NOT_ in RPZ that use
DNSSEC (ie: ietf.org).
Is that correct ?
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bin
nssec clientnon dnssec
client
You don’t want the second recursive server to spend all its time re-asking
queries that will fail validation
On 29 Apr 2022, at 11:24, J Doe wrote:
Hi,
I am configuring an RPZ for a validating resolver. I read in the BIND 9.18.2
ARM that there is a boolean op
| true"
So settings:
Log path: My Bind is running in chroot
File mode:0640
Log count:7 (1 per day)
Size limit: none
Frequency:$D0 (daily)
Flags:z to compress
Binary: rndc (instead of pkill)
Is this correct ?
Thank you,
- J
--
V
On 2022-08-25 03:05, Greg Choules wrote:
Hello J
What is it you're actually trying to achieve here?
Cheers, Greg
Hi Greg,
I'm looking to have my: queries.log (which logs all the queries my Bind
9.16.30 recursive resolver resolves), rotated at the end of the day and
I'd like
On 2022-08-25 04:52, Anand Buddhdev wrote:
On 25/08/2022 05:23, J Doe wrote:
Hello J Doe,
I was wondering if anyone could provide feedback on whether the
following: newsyslog.conf file is correct to allow for daily log
rotation for my Bind 9.16.30 logs ?
My currently logging settings in
On 2022-08-25 16:46, Richard T.A. Neal wrote:
Hi J,
I'm coming a little late to the party on this one and I think you might
struggle to do rotation based on both date/time *and* file size, but I use
logrotate to rotate all of my BIND logs daily, keeping 31 days of logs. And
you'l
On 2022-08-25 18:04, Greg Choules wrote:
Hi again J.
If I understand correctly, you want to enable querylog on a busy
recursive server permanently, rotate the files once a day and don't care
if you lose some logs because the number of queries on a busy day
generates more data tha
The handling of large numbers of zone transfers between master and slave is not
working
well.
Having several thousands of zones and a new slave DNS on the same internal
network made me
change the low defaults to this:
master:
transfers-out 20; transfers-per-ns 20;
slave:
transfers-in 20; transf
The view facility is apparently only useful for several copies of the same zone
and not for
grouping zones.
If a zone is not present in the first view matching the client, but in another
view below,
BIND will apparently return a response of zone not found and not use the next
matching view.
As
>
>If you want a zone to be in multiple views, list it in all of them.
You are totally missing the point. No zones in multiple views !
I am simply suggesting, that a concept of subdividing views should be
introduced.
We are having several customers and currently maintaining the zones using
se
Alans,
>
>Have 2 questions, is there any limitation (beside hardware) on number of
>views? I mean creating a view/customer?
>And is there any limitation for number of zones/view?
You cannot use views to group zones for customers.
I have recently on this list proposed an extension to the view co
Alan Clegg,
>
>Can you perhaps explain your need to fragment the DNS namespace (which
>was NOT supposed to be done)?
I cannot speak for Alans, but only for our own needs.
We run DNSes for a number of customers i.e. everybody in the whole world should
see the
same zone data. No different views
>
>I'm not sure you quite understand what zones and views are. Why would
>you not simply create a single zone per customer, and eliminate views
>altogether?
>
Are you suggesting a single zone with multiple domain names ?
I fail to see, how that should be a possible road to follow.
The idea, tha
>
>Is there a way or option to configure bind to do the following logic: If the
>bind didn’t find a entry in a view 1 (internal view) it will search this
>entry on the view 2 (external view) ?
Not to my knowledge. We had the same problem and ended up with using the hosts
file for
the special IP
>Not sure why you felt it necessary to resort to hosts files.
Well, I don't know how to configure ressource records in an include file and
don't want to
waste gigabytes of RAM duplicating zones.
> What am I missing here?
The idea of avoiding front ends !
>"View"s in BIND was never meant to
>If your main concern is resource consumption, maybe you should focus on
>developing some clever algorithm by which named could keep track of
>multiple references to the same data, without actually having to make
>separate copies of the data. Kind of a specialized "compression"
>algorithm. But
> From a nameserver implementation and maintenance perspective, it's even
>simpler for the data to already be present in the first view that
>matches. Why complicate things more than that?
Because there is a need for it especially in large installations with a large
number of
zones.
>Differen
>Is there any expertise on implementing Bind and IDN? Our business is wanting
>to server up DNS for an IDN. I have attempted to add what I believe is needed
>- but can not do a nslookup or a query from external website for this new
>domain. Are there any additional steps need to have a IDN?
Hall, David,
>Is there any expertise on implementing Bind and IDN? Our business is wanting
>to server up DNS for an IDN. I have attempted to add what I believe is needed
>- but can not do a nslookup or a query from external website for this new
>domain. Are there any additional steps need t
h.gtld-servers.net is one of the net domain's NS servers.
As the info below:
$ dig mydots.net @h.gtld-servers.net
; <<>> DiG 9.4.2-P2.1 <<>> mydots.net @h.gtld-servers.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57902
;; flags: qr rd; QUERY
that's meaningless.
"net" and "com" are different zones, though they are located in the same
servers.
于 2011-7-2 3:48, Emanuele Balla (aka Skull) 写道:
On 7/1/11 9:31 PM, PANG J. wrote:
> Why the "net" zone has the glue for the servers which are i
于 2011-7-2 5:47, Casey Deccio 写道:
However, records in the additional section don't always correspond to
glue records contained in the delegating zone. Servers may also return
records from other sources in their additional section, such as from
other zones for which they are authoritative. Such
On Wed, 03 Aug 2011 15:45:25 -0500,Barry Finkel wrote:
>
>I did not see any improvement in start-up time.
Neither did I at my first test on a primarily slave DNS with raw format
zonefiles
Next test was on a master and slave with 60K small different zones.
The master now loaded about 650 zon
On Tue, 9 Aug 2011 17:18:13 +,Evan Hunt wrote:
>> The master now loaded about 650 zones/sec.
>> The slave did not change from the usual 120 zones/sec.
>
>I'm purely guessing, but I wonder if there's some rate-limiting
>due to the SOA queries slaves have to send to their masters.
>
You are pr
Hi,
This morning the slave in our nameserver setup went down and surprisingly
none of the domains hosted on these system could be resolved anymore even
with the master working perfectly fine.
When I send queries directly to the master it resolves the domains fine so
I'm not sure why a failure o
Hello,
In BIND configuration, is it possible to set the RD flag to 1, because my DNS
Relay receives DNS Request with RD flag to 0 and the forwarding doesn't work
when this flag is set to 0.
The configuration is this one : Public DNS with delegation of the zone toto
to DNS A, public DNS sent r
Hi,
I have 5 signed zones ( 2 x .email, 2 x .com and 1 x .co.uk ).
I used Webmin to do the heavy lifting of signing/resigning etc.
Only 2 of the 5 zones are recognised as (DNSSEC Signed) by BIND on
restart/zone application and that fact is reported in the system logs.
I’m trying to work out why
EC' or 'IN NSEC3PARAM' records ?
Jay
On 30 March 2017 at 23:02, Mark Andrews wrote:
>
> In message f5pug3...@mail.gmail.com>, J T writ
> es:
> > Hi,
> >
> > I have 5 signed zones ( 2 x .email, 2 x .com and 1 x .co.uk ).
> >
> > I us
Please ignore the * in the copy pasted records. It seems the list converts
color text to be *TEXT* hehe
On 31 March 2017 at 00:11, J T wrote:
> Hi Mark,
>
> Thank you for responding. What do you mean by zone apex?
>
> If we assume one of the domains that fails to be se
zones that
were "working" were using a different algorithm and so it didn't mismanage
those.
Sorry for troubling you. However your information did help me locate the
problem.
Thanks
Jay
On 31 March 2017 at 00:17, J T wrote:
> Please ignore the * in the copy pasted rec
My server once ran about 200,000 zones on a VPS with 4GB RAM, 2 vCores,
BIND powered.
Running tests against them is good.
https://www.nominum.com/measurement-tools/
On 2018/3/28 星期三 AM 10:54, Blason R wrote:
Hi,
Is there any DNS sizing guide available? I have created a sinkhole
server which
I saw a zone check on intodns.com shows,
Stealth NS records were sent:
ns2.xxx.com
ns1.xxx.com
So what's a stealth NS record?
thanks.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
After recently improving the tracking of errors coming from commands
running from scripts, we found that a large number of “rndc reconfig”
requests (about 15-20% of all requests) error out with exit status 1
and the message:
rndc: ‘reconfig' failed: unexpected end of input
The “unexpected end of
Hello,
I have a basic question regarding RPZ on Bind 9.11.x.
Is it possible to re-write a response on a reverse lookup ? For instance, if I
considered example.com a “bad domain”, can I write a RPZ policy so that a
reverse lookup of IP’s that map to example.com fails or is blocked ?
I know I c
e e-mail is rejected.
I think the major difficulty I was running into was trying to have DNS RPZ do
everything.
Thank you for the pointer to the RPZ mailing list - I will be joining that
shortly
Regards,
- J
> On Aug 25, 2019, at 12:54 PM, m3047 wrote:
>
> Clarification on what D
4.0.0, which would be doing
lookups for DKIM, DMARC.
Has anyone noticed anything similar ? It only seems to happen with the
socialinnovation.ca domain.
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this soft
his category of errors set to: severity info. Should
I increase this or are there other ways to determine why resolution is
sometimes REFUSED ?
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software wi
ime.nist.gov/IN/A at query.c:7849
The host in question (time.nist.gov), is used by this server for NTP.
The problem appears to have resolved itself today (July 23rd), at around
10:00 AM EDT and happily NTP is able to complete with this particular host.
Did anyone else notice something sim
Hi Julian,
Ok, thanks. It slipped my mind to use DNSviz - thank you for mentioning it.
- J
On 7/24/25 01:19, Julian Panke wrote:
Hi,
DNSviz is showing the issue very clearly so it was not on your side
https://dnsviz.net/d/time.nist.gov/aID54g/dnssec/
regards
Julian Panke
is taking issue with the _ character in
this particular example ? I seem to think in the original RFC for DNS
this wasn't allowed.
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list.
On Fri, 2023-05-26 at 16:51 +0530, Shailendra Gautam wrote:
> Does bind provide any way to manage(add,update,delete) resource
> records
> with HTTP API, like powerdns?
Not TTBOMK. It does have an API for managing RRs but that is using RFC
2136 and not HTTP.
> I currently use zonefiles to store D
Not having dipped my toe into DNSSEC yet (yes, I know, but time is
always so scarce)...
So I am seeing a bunch of this sort of thing in my BIND logs now:
04:02:18 named validating @0xb0f58988: 124.in-addr.arpa SOA: no valid signature
found
04:02:18 named validating @0xb0f58988: 124.in-addr.arpa
On 12-05-02 09:29 AM, Mark Andrews wrote:
>
>
> The zones are signed. Possible reason are:
>
> * a firewall blocking EDNS queries.
This shouldn't be the case. Outgoing traffic from the bind9 server
being used here should be completely unfettered.
> * using a non DNSSEC enabled forwarder so y
On 12-05-02 09:29 AM, Mark Andrews wrote:
>
> * a firewall blocking EDNS queries.
> * using a non DNSSEC enabled forwarder so you don't get signatures.
> * a firewall blocking fragmented UDP and named falling back to
> plain DNS.
> * other packet loss causing named to fallback to plain DNS.
Gi
On 12-05-15 09:01 AM, Phil Mayers wrote:
>
Sorry about the way delayed response. There seems to be some confusion
about which list/group gmane is following.
> Isn't it more likely it's a local problem?
Indeed. But what, is the question (and I do have the answer, now --
see below).
> Which v
On 12-07-20 08:34 AM, Brian J. Murrell wrote:
>
> The problem here seems to be fragmented UDP.
I seem to have misdiagnosed this due to tcpdump peculiarities. I only
initially saw/suspected the problem since my capture for port 53
packets was including (only the first) ipv4 fragments.
On 12-07-20 09:11 AM, Phil Mayers wrote:
>
> Or, what happens if you start bind up in debug mode and run the query?
> There will be a lot of output, but I've found most problems to be fairly
> obvious if you read through it.
Yeah, there is a lot of output. Too big of a haystack for me to find
th
On 12-07-20 10:42 AM, Mark Andrews wrote:
>
> The NS RRset is the delegation records and as such has no RRSIGs.
> If you turn on minimal-responses the NS rrset won't be added and
> AD won't be cleared. AD is only set to 1 if all the records in the
> answer and authority sections are marked as se
On 12-07-20 11:40 AM, Mark Andrews wrote:
>
> In message <500978a5.4070...@imperial.ac.uk>, Phil Mayers writes:
>> On 20/07/12 16:21, Mark Andrews wrote:
>>>
>>> In message <50096c2b.1080...@interlinx.bc.ca>, "Brian J. Murrell" writes:
>>
On 12-07-20 07:16 PM, Mark Andrews wrote:
>
> "dnssec-validation auto;"
Well, this seems to have done the trick. Changing it from yes to auto
has eliminated most (almost all in fact) of the validation
warnings/errors I was getting in my logs.
> tells named to use the compiled
>
I've come across something interesting in my named logs:
00:14:37 named client 205.166.76.12#60486: view greatunwashed: query (cache)
'5.37.58.216.in-addr.arpa/PTR/IN' denied
00:14:37 named client 205.166.76.12#60486: view greatunwashed: query (cache)
'5.37.58.216.in-addr.arpa/PTR/IN' denied
00:
On 12-07-24 07:05 AM, Brian J. Murrell wrote:
> I've come across something interesting in my named logs:
>
> 00:14:37 named client 205.166.76.12#60486: view greatunwashed: query (cache)
> '5.37.58.216.in-addr.arpa/PTR/IN' denied
> 00:14:37 named client 205.166.7
On 12-07-24 07:53 AM, Phil Mayers wrote:
> On 24/07/12 12:05, Brian J. Murrell wrote:
>
> Change ISP?
A. You must be one of those people who live in that part of the
world where internet service providing is not a monopoly, duopoly or at
best a price-fixing oligopoly. :-) Unfo
On Sep 7, 2012, at 8:46 PM, pangj wrote:
> Hi, I have a macbook pro, just want to install a BIND on it for test
> purpose. is there any guide for this? thanks.
open your terminal.app and type ;
named -v
most likely it is already installed.
else you can download source tarball unpack and compil
Trying to follow an example I found of manually verifying a name's
DNSSEC records I did the following:
# dig . DNSKEY | grep -Ev '^($|;)' > root.keys
# dig +sigchase +trusted-key=./root.keys www.eurid.eu. A
That resulted in some errors but more importantly the following in my
syslog:
Mar 23 08:1
First of all, sorry that I cannot reply within the thread, I was not
yet a member of the mailing list when those emails were sent.
> On Thu 15/Oct/2020 18:57:16 +0200 Jason Long via bind-users wrote:
> >
> > Excuse me, I just have one server for DNS and that tutorial is about
> > secondary
> > DN
Having at least two name servers is not a requirement by the RFC standards
but which TLD allows for only one NS server to be given when hou register a
domain?
On Sat, 7 Nov 2020 at 16:53, Kevin A. McGrail wrote:
> On 11/7/2020 10:15 AM, Reindl Harald wrote:
>
>
> https://tools.ietf.org/html/rfc1
Thank you for your valuable feedback. It is much appreciated.
On Fri, 20 Nov 2020 at 19:37, Reindl Harald wrote:
>
> Am 08.11.20 um 14:44 schrieb Timothe Litt:
>
>
> I'm amazed that this thread has persisted for so long on this list of
> knowledgeable people
>
>
> me too, i would understand that
Hey Onur,
I would guess it depends on your setup and how many traffic you
receive. [1] gives
as an example a value of 10 responses per second, which I would say is
a good place
to start. [5] gives a value of 5 responses per second and I get the
impression that
that is the value used by the F roo
Hey all,
Just wondering here, why switching from CentOS to Debian or building BIND
from sources? What is wrong with migrating to CentOS Stream? Why would that
be so much worse than using Debian?
Regards,
Tom
On Sat, 19 Dec 2020 at 00:25, G.W. Haywood via bind-users <
bind-users@lists.isc.org> wr
I have a BIND9 server configured as a resolver for the local network to
forward all requests to 1.1.1.1. Given that that 1.1.1.1 includes
(RFC8914) EDE EDNS options in it's responses, can I configure the BIND
resolver to forward those EDNS options in it's response to the client?
While I know BIND
On Sat, 2022-02-19 at 19:02 +0100, Matus UHLAR - fantomas wrote:
>
> what's the point of this setup?
> BIND can resolve by itself perfectly and you wouldn't rely on 3rd
> party
> service
Except that it cannot do EDE, as I already said in my original message.
Cheers,
b.
signature.asc
Descri
On Sun, 2022-02-20 at 08:16 +1100, Mark Andrews wrote:
>
> EDNS is hop by hop. There is no copying by any compliant server.
Fair enough. I thought it was a long shot.
Cheers,
b.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the developme
I am trying to do some testing of an IPv6-only network here using some
nat64 to reach the "legacy" :-) IPv4 Internet. My network is currently
dual-stack.
I have dns64 query mapping working, but I am still seeing some clients
that I am trying to test with (that still have IPv4 addresses until the
On Sep 27, 2010, at 4:03 PM, Christopher Cain wrote:
> Hi all.
>
> I am setting up a new appliance-based DNS solution that will contain a fair
> number of separately managed Windows DNS slave servers (in addition to the
> DNS appliances that will handle the .
>
> Currently there are just over
test
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Since enabling DNSSEC on my resolving server I have been seeing various
instances of the following sort of messages:
named error (broken trust chain) resolving '133.168.163.66.sa-
trusted.bondedsender.org/TXT/IN': 173.45.100.146#53
named error (broken trust chain) resolving
'173.65.147.69.bb.bar
Alan Clegg isc.org> writes:
>
Hi Alan,
> There isn't a chain of signed DS records that lead from a trust anchor
> to the thing that you are trying to resolve.
I guess I'm going to have to learn a bit more about DNSSEC in order to parse
that. :-)
Are there any good tutorials on the mechanics
1 - 100 of 196 matches
Mail list logo
