; ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
nds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews,
>type slave;
>file "/var/named/var/named/domain-external.db";
> masters { int_dns1; };
> // allow-notify { ext_dns1; };
>allow-query { int_dns1; !internals; any; };
> };
> };
>
> I'm sure there are extra steps needed
add keys to primary definitions and server clauses with keys at the view
level for notify.
I’m pretty sure there is a knowledge base article with full details.
--
Mark Andrews
> On 24 May 2023, at 05:40, Kaya Saman wrote:
>
>
>
>
>> On 5/23/23 20:18, Sten Carlsen
N ::1
>
> salmon.hub. IN A 8.8.8.8
> fish.hub. IN NS ns1.fish.hub.
> ns1.fish.hub. IN A 4.4.4.4
>
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC fu
that all zones have
servers that live within the zone defeats that. I suspect you have
misunderstood something. Forcing people to update millions of records to
change an address is nonsensical.
--
Mark Andrews
> On 5 May 2023, at 07:06, Jim Peters wrote:
>
>
> I am looking for
be turned into addresses.
Named includes a full iterative resolver. It uses that to get what it needs.
This should be enough for you to solve what is going wrong.
--
Mark Andrews
> On 18 Apr 2023, at 03:31, Matt Zagrabelny via bind-users
> wrote:
>
>
> Hello Ondřej,
>
g/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> http
ly, since you haven't provided any configuration info or even the
> name of the domain you were trying to set up, I can't make any more educated
> guesses than that.
>
> --
> Evan Hunt -- e...@isc.org
> Internet Systems Consortium, Inc.
>
> --
> Visit https://li
fo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://
> On 13 Apr 2023, at 06:44, Mark Andrews wrote:
>
>
>
>> On 13 Apr 2023, at 03:19, Fred Morris wrote:
>>
>> TLDR: NS records occur above and below zone cuts.
>>
>> On Wed, 12 Apr 2023, John Thurston wrote:
>>>
>>> We have autho
t; --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
&
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
>
https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
>> this list
>>
>> ISC funds the development of this software with paid support subscriptions.
>> Contact us at https://www.isc.org/contact/ for more information.
>>
>>
>> bind-users ma
irements for the DNS
> environments since DNS Flag Day 2020 ( https://www.dnsflagday.net/2020/ ) and
> make sure the local forwarders are compliant.
> "
>
>
> On Wed, Mar 15, 2023 at 6:01 PM Mark Andrews wrote:
>
>
> > On 15 Mar 2023, at 16:49, Mark Andre
tgl
> 0030: 6202 746e 0367 6f76 0100 0100 0029 b.tn.gov...)
> 0040: 0200 8000 000c 000a 0008 5971 94c0 Yq..
> 0050: 9932 9282.2..
>
> 10:01:39.945218 172.16.20.30.58268 > 170.141.167.222.53: [bad udp cksum e2f9!
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742
> On 15 Mar 2023, at 16:49, Mark Andrews wrote:
>
>
>
>> On 15 Mar 2023, at 15:42, Tim Maestas wrote:
>>
>> Named should be sending queries with DO=1 and it should be getting back
>> signed responses. I suspect that you will need to run packet cap
Message parser reports malformed message packet.
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57919
;; flags: qr aa tc; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;www.federalregister.gov. IN A
;; ANSWER SECTION:
. 32768 CLASS4096 OPT
> On 15 Mar 2023, at 11:14, Tim Maestas wrote:
>
>
>
> On Tue, Mar 14, 2023 at 4:34 PM Mark Andrews wrote:
>
>
> > On 15 Mar 2023, at 02:08, Alexandra Yang wrote:
> >
> > Hi Group,
> >
> > I wonder if anyone can shed some light on t
or more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lis
eed:
>>>
>>> % blaeu-resolve --displayvalidation -r 100 --type A gpo.gov
>>> [ (Authentic Data flag) 162.140.14.82] : 46 occurrences
>>> [162.140.14.82] : 52 occurrences
>>> [ERROR: SERVFAIL] : 2 occurrences
>>> Test #50935448 done at 2023-03-14
Named just uses the notify to trigger an early refresh process. It then just
asks the primaries in configured order. There is no real point in trying the
notifier first.
--
Mark Andrews
> On 10 Mar 2023, at 06:00, Jan-Piet Mens wrote:
>
>
>>
>> I always was quit
oftware with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Austr
can create subdomain entries inside
> the example.de domain.
>
> Is this possible? What grant/deny rule must i use?
>
> -André
>
> Am 13.02.2023 um 23:33 schrieb Mark Andrews:
>> Step back and tell us what you are attempting to achieve.
>>
>> e.g.
s the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymo
is list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
M
Add DHCID to the list of record types permitted to be updated by the DHCP
server.
--
Mark Andrews
> On 4 Feb 2023, at 21:15, duluxoz wrote:
>
> Thanks Mark (& Darren & Jan-Piet),
>
> So I made those changes you suggested (Mark), but I'm still having issues (ie
ses) and dhcp are working - I just need to
> get these update-policy statements correct.
>
>
> Any help is greatly appreciated - and again, thanks in advance
>
> Cheers
>
> Dulux-Oz
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 474
ly used update-policy but I'd think it should be like this:
>
> update-policy {grant A ;};
This leaves out rule type.
>
> from reading:
> https://bind9.readthedocs.io/en/v9_18_11/reference.html#namedconf-statement-update-policy
--
Mark Andrews, ISC
1 Seymour St., Du
> On 1 Feb 2023, at 05:52, Thomas Schäfer wrote:
>
> Am Montag, 30. Januar 2023, 23:12:53 CET schrieb Mark Andrews:
>> Do you want a correctly operating DNS64 server or do you want to filter
>> all A records? They are mutually exclusive requirements. Please read
>>
Regards,
> Thomas
>
>
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more informatio
Named-checkzone and named-compilezone are the same executable. Named-checkzone
looks up remote records to more completely detect configuration errors. See
the man page for details.
--
Mark Andrews
> On 30 Jan 2023, at 19:33, Havard Eidnes via bind-users
> wrote:
>
> Hi,
>
I would be looking for packet loss and / or a bad firewall that is dropping
fragmented packets which is triggering fallback to non EDNS requests If you
are forwarding ensure that the entire forwarding chain is validating.
--
Mark Andrews
> On 25 Jan 2023, at 04:53, John Thurston wr
oing their own
inline-signing can produce this (RRSIGs will differ between servers
as the RRsets are changed at different times and zone serial numbers
may also differ).
There are a whole heap of reasons for IXFR to fail, this being one
of them, and named will fall back to AXFR on any of them.
In-line signing is the concept you are looking for and yes named supports it.
--
Mark Andrews
> On 22 Jan 2023, at 07:42, Randy Bush wrote:
>
> hidden primary can not sign. can the public primary which fetches from
> it, and happens to be primary for the parent zone, do
The consistency checks are not new. The message indicates that the IXFR
contained a delete request for a record that doesn’t exist or an add for a
record that exists. Named recovers be performing an AXFR of the zone.
--
Mark Andrews
> On 22 Jan 2023, at 04:31, Havard Eidnes via bind-us
act us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTER
org/mailman/listinfo/bind-users
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
Please don’t hijack an existing thread by replying to an existing message for a
unrelated subject. It is bad form. Just create a new message and send it to
bind-us...@isc.org.
--
Mark Andrews
> On 8 Jan 2023, at 09:07, Michael Muller via bind-users
> wrote:
>
>
>
--
> Regards / Med vänlig hälsning
> Anders Löwinger, CEO, Abundo AB, +46 72 206 0322
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
>
appropriate
and you support it Yes you can sign a FORMERR.
--
Mark Andrews
> On 7 Jan 2023, at 06:50, Justin Krejci wrote:
>
>
> DNS Servers that do not properly support or properly ignore DNS cookies and
> instead return FORMERR is annoying. This is not new. However I have been
Just a reason to not use them for your email. Not everybody is in a position
to repair stuff on a 7/24/365 basis. Notify that the mail is delayed by don’t
bounce.
--
Mark Andrews
> On 7 Jan 2023, at 06:11, Brown, William wrote:
>
> Last I saw, both M365 and Google only retry for
Valid base64 includes spaces and new lines. Poorly written record parsers reject valid records. -- Mark AndrewsOn 30 Dec 2022, at 10:38, Eric Germann via bind-users wrote:
On Dec 29, 2022, at 16:34, Timothe Litt wrote:Yup, Eric's case was a classic example. He tried to do the right
thing,
f this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 211
stinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> htt
rsion: 1.2.7
> threads support is enabled
>
>
>
>
>
>
>
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Co
TXT "v=spf1 -all"
>
> --
> Chris.
>
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.is
The permanent fix of for PowerDNS to follow the DNS protocol and make the query
over TCP.
They have a choice of solutions. Just make a TCP query and make a second TCP
query for the XFR. Make a TCP query and then the XFR if required over the same
TCP connection.
--
Mark Andrews
> On
p, Core Dump" _/_/_/_/_/_/ _/_/ _/_/
> "El amor es poner tu felicidad en la felicidad de otro" - Leibniz
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this sof
rg/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.
Cross zone CNAMEs cause accidental cache poisoning with some clients when both
zones are on the same server. Named no longer follows the CNAME for
non-recursive requests to prevent this. More security aware clients will
restart the query after processing the CNAME.
--
Mark Andrews
> On
this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-u
SC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour S
but then you run up against toy DNS servers / firewalls that only handle
A and lookups.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
s/qname-minimization-and-privacy/
>
> to suggest that it's a GoodIdea(tm).
QNAME minimisation is a good idea. It comes in two flavours, relaxed
and strict. Relaxed tries to cope with some breakages like NXDOMAIN
being returned from ENTs. Strict doesn’t.
Mark
--
Mark Andrews, ISC
1 Sey
ries
> respond correctly ?
> if it's pebkac, dunno where to look, yet.
>
> or is it actually a problem on for these domains' DNS, and not much i can do
> about it ... other than workaround, or just default to forwarders ?
> --
> Visit https://lists.isc.org/mailma
ht wish to
include some kind of signaled acknowledgement. For example, an
option specification might say that if a responder sees and supports
option XYZ, it MUST include option XYZ in its response.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +6
Just reload the server.
--
Mark Andrews
> On 20 Oct 2022, at 01:45, PGNet Dev wrote:
>
> running
>
>bind 9.18.7
>
> i've enabled dnssec-policy signing
>
> current KSK & ZSK keys had been generated with
>
>dnssec-policy "prod01&q
.private or .state (I
haven’t looked to see which) with updated content.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://ww
this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
M
ms
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mai
DEVNULL,
> stdout=tornado.process.Subprocess.STREAM,
> close_fds=True,
> env=env)
>
> I'll request that something get pushed upstream. Many thanks for help
> tracking that down!
>
> Casey
> --
> Visit https://lists.isc.org/m
;
> --
> Met vriendelijke groet / Best regards,
> Michael De Roover
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at ht
tware with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Aus
We don’t log rsamd5 is disabled now ec or ed curves when they are not supported
by the crypto provider. Why should rsasha1 based algs be special?
--
Mark Andrews
> On 2 Sep 2022, at 20:37, Anand Buddhdev wrote:
>
> On 01/09/2022 23:19, Mark Andrews wrote:
>
> Hi Mark,
>
t; Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bi
Yes. You will need to restart the server.
That all said if you are signing zones using RSASHA1 or NSEC3RSASHA1 you should
transition to a newer algorithm if you want to have your zone validated by as
many as possible.
--
Mark Andrews
> On 1 Sep 2022, at 22:59, Anand Buddhdev wr
Additionally authoritative servers for a zone are supposed to answer queries with RD=1 set with RA=0 if the client is not being offered recursion. REFUSED is the wrong answer of the query name involves zones you serve. Only if you are a recursive only server should you be considering REFUSED. -- M
DNSSEC is designed to be validated in the application. That applies equally to
internal zones as it does to external zones. One procedure for them all.
--
Mark Andrews
> On 1 Aug 2022, at 11:15, John W. Blue via bind-users
> wrote:
>
>
> As some enterprise networks be
tion
> option is missing or there is a bug in bind?
>
> With best regards,
> b.
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Co
The client is supposed to lookup missing address records. Complain to the
supplier of the phone that they have a defective product.
--
Mark Andrews
> On 13 Jul 2022, at 21:18, Peter wrote:
>
>
> My Telco has removed the A record for their VoIP server, and now has
> only
hostnames for the name
servers.
--
Mark Andrews
> On 27 Jun 2022, at 06:15, Sandro wrote:
>
> Hello,
>
> I recently ran into "bad [owner] name" errors trying to setup a
> '_acme-challenge' subdomain. Yes, this is for Let's Encrypt domain validation.
Show your procedure.
--
Mark Andrews
> On 5 Jun 2022, at 06:37, @lbutlr wrote:
>
> Using nsupdate when I try to delete an MX record for a domain, I get REFSUED.
>
> When I try to add an MX record with the same priority (or not), it leaves the
> old record as well.
>
>
>
> -- PMc
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dunda
of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Va
ank, do you suppose they would be thrilled with me posting
>> their networking innards for the world to see?
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscripti
L AND VOID. You may ignore it.
>
>
>
>
>
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at ht
ontact us at https://www.isc.org/contact/ for more information.bind-users mailing listbind-users@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this listISC funds the development of this software with
Working around servers that drop queries causes problems for zones that do have
protocol compliant servers. The workarounds cause problems with getting
DNSSEC responses wic leads to validation failures.
--
Mark Andrews
> On 13 May 2022, at 22:58, Paul Stead wrote:
>
>
> Fur
Signature-refresh determines when the RRSIGs will be replaced by looking at the
expiration time and working backwards. New RRSIGs are generate Using
signature-interval.
--
Mark Andrews
> On 11 May 2022, at 18:15, Tom wrote:
>
> Hi list
>
> After switching from "semi-a
--
Mark Andrews
> On 9 May 2022, at 22:32, Veronique Lefebure
> wrote:
>
> Second thought on this topic:
>
> are the BIND EDNS messages rather related to
>
> gr/DNSKEY (alg 8, id 13987): No response was received until the UDP payload
> size was decreased,
air
> out.
>
> Ted
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> b
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
servers will use EDNS.
>>
>> Cheers, Greg
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more in
It’s already been addressed
--
Mark Andrews
> On 4 May 2022, at 06:16, Larry Rosenman wrote:
>
> I did find a manpage bug for the rndc man page for 9.18.2:
> dnssec (-status | -rollover -key id [-alg algorithm] [-when time] |
> -checkds [-key id [-alg algorithm]] [-when
m. Add
+qr to see the query.
Mark
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more informati
> On 2 May 2022, at 12:28, J Doe wrote:
>
> On 2022-04-29 01:18, Mark Andrews wrote:
>
>> break-dnssec is about if the client could detect the re-write or not using
>> DNSSEC. If the client has DO=1 in the request and the normal response is
>> signed then rewr
r
> Phone: +1 214-642-9640 E-Mail: l...@lerctr.org
> US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid supp
Thanks,
>
> - J
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
43121
>
> and dig only shows my RRSet:
> ❯ dig 0.1.0.0.0.0.0.0.b.d.c.f.2.0.6.2.ip6.arpa +dnssec +nocrypto ns @1.0.0.1
> zsh: correct 'ns' to 'nws' [nyae]? n
>
> ; <<>> DiG 9.16.27 <<>> 0.1.0.0.0.0.0.0.b.d.c.f.2.0.6.2.ip6.arpa +dnssec
>
there.
--
Mark Andrews
> On 18 Apr 2022, at 17:57, Thomas Martin wrote:
>
> Hello,
>
> I recently upgraded from Debian Buster to Debian Bullseye and I'm
> having a hard time having the same behavior as before with the new
> bind9 version.
>
> Here is my s
Worst case should be double the queries which happens when there isn’t a cached
DNSKEY RRset to validate the response. If there are multiple queries clustered
together the overhead is reduced.
--
Mark Andrews
> On 14 Apr 2022, at 22:23, Andrew P. wrote:
>
> Greetings, all.
>
lps. Needless to say, it has been a frustration
> situation.
> --
> Dave
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https
Add a static-stub zone for .by which has the addresses of the nameservers for
.by configured. This will break the stupid address fetching loop.
The real fix is for .by to use nameservers that are directly in .by or ones
thot don’t require a loop to get there addresses.
--
Mark Andrews
>
isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
The one on line 40
--
Mark Andrews
> On 12 Mar 2022, at 10:28, Michael Richardson wrote:
>
>
> I upgraded to 9.18 from 9.11 or something that was in debian nulleye.
>
> Mar 11 18:14:27 tilapia named[9206]: /etc/bind/named.conf.options:40: invalid
> prefix, bits
101 - 200 of 1141 matches
Mail list logo