Re: SRV on multiple subdomains

On 14 May 2024, at 15:20, DEMBLANS Mathieu wrote: A part of the subdomains are managed by us, others subdomains by an other entity. So we can't configure a generic target for all subdomains as each entity has its own target for SRV entries. -Message d'origine- De : bind-users bind-us

Re: [KASP] setup KASP in master / slave architecture

On 16 Dec 2022, at 15:59, adrien sipasseuth wrote: > - on the slaves: files .db > > I don't understand why there is no .db.signed file on my slave > knowing that a dig from a slave does return RRSIG. The secondary (slave) only needs one file to hold whatever zone data the primary provides when tr

Documentation suggestion for Ubuntu PPA http://ppa.launchpad.net/isc/bind/ubuntu

pathnames. Do I understand correctly that this advice also applies to zones for which a dnssec-policy and inline-signing (rather than update-policy) are specified? If so, it might be well to extend the parenthesis "(such as ...)" to mention this case also. Best regards, Niall O&#

Re: How to introduce automatic signing for existing signed zones?

On 8 Nov 2022, at 7:54, Matthijs Mekking wrote: Thanks for reporting back. This is an omission in our KB article that I will fix. Thanks, Matthijs. I think that will be useful. Niall -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the devel

Re: How to introduce automatic signing for existing signed zones?

On 7 Nov 2022, at 11:40, Niall O'Reilly wrote: > Preparation: > > - Set up minimal stand-alone instance of BIND9 named, > configured with a **dnssec-policy** for each algorithm, > matching properties of existing DNSSEC keys, and with > `lifetime unlimited`; > - Del

Re: How to introduce automatic signing for existing signed zones?

Thank you for your speedy response, Matthijs. On 7 Nov 2022, at 13:10, Matthijs Mekking wrote: Ignore that, I saw too late there were attachments. Perhaps I ought to have mentioned them explicitly. Are you able to share the public key and key state files with me so I can investigate why BIN

How to introduce automatic signing for existing signed zones?

I have a couple of zones which I want to migrate from CLI-driven signing to BIND9 automatic signing, while avoiding any change to the respective parent-zone DS RR. Status quo ante: - https://dnsviz.net/d/no8.be/dnssec/ separate KSK, ZSK; both using alg 13 - https://dnsviz.net/d/jamm.ie/dnssec/

Re: Unexpected extra care needed for building BIND 9.18.8

Thanks for replying so promptly, Ondřej. On 6 Nov 2022, at 15:34, Ondřej Surý wrote: Nope, that’s local to your system. Hard to tell what’s wrong from just a single message, but either there’s cruft somewhere in the path with more priority That was it. Rebuilding the cache cleared the proble

Unexpected extra care needed for building BIND 9.18.8

Building BIND 9.18.8 from source seems to need ./configure; LD_RUN_PATH=/usr/local/lib make; sudo make install instead of the traditional ./configure; make; sudo make install Using the traditional recipe, I obtained the run-time error message named: error while loading shared libraries: libis

Re: How to prevent gratuitous publication of CDS/CDNSKEY records

On 14 Apr 2022, at 13:22, Matthijs Mekking wrote: these records may also stay in the zone. BIND chooses to keep them in the zone Thanks, Matthijs. That fills the gap for me. Niall -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the developm

How to prevent gratuitous publication of CDS/CDNSKEY records

Hi. Clue needed, please. I’ve managed to migrate a number of zones from cron-driven signing using homegrown scripts to automatic management by named, while retaining the respective original KSK for each. Following migration, ZSK:s have been replaced as might be expected, since the keys were shor

Re: dns_dnssec_findzonekeys2: error reading WHATEVER.private: file not found

On 23 Feb 2022, at 14:32, Niall O'Reilly wrote: > I shall be grateful for any helpful advice. Thanks to Josef Moeller and Ondřej Surý. Niall -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid

dns_dnssec_findzonekeys2: error reading WHATEVER.private: file not found

Hello. Using BIND 9.16.1-Ubuntu (Stable Release) because that’s what’s most simply available on Ubuntu 20.04.3 LTS (Focal Fossa), I’m seeing messages reporting that private key files can’t be found, such as the one in the subject line. The files look to me to be present as expected. I shall be g

Re: Possible to condition a view based on the interface the query comes in on?

match-destinations ? ⁣--- >From an Android device, using BlueMail, which forces top-posting.​ On 18 Nov 2021, 20:40, at 20:40, Fred Morris wrote: >I wanted to provide enhanced recursive DNS to (internal) clients on an >"opt in" basis, which is to say that clients could choose whether or >not >to

Re: Request for review of performance advice

On 9 Jul 2020, at 21:25, Havard Eidnes via bind-users wrote: > 2e#1) Make sure your UDP socket *receive* buffers are big enough. > If on BSD, monitor for "dropped due to full socket buffers" > count in "netstat -s" output, and tune accordingly. Note that > this may be a symptom

Re: How to set up a dmarc record ?

of "_dmarc.pasteur-cayenne.fr", you should put "_dmarc", leaving out ".pasteur-cayenne.fr", just as you did for the DKIM record. Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs

Re: What is wrong in the view matching below

h-clients` specification matches the requesting client; that view is then used. Since you have `match-clients { any; };` in the first view, scanning will stop there. Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-us

Re: Regarding named related issue observed with bind 9.11.5-P4 version

On 3 Apr 2019, at 10:26, Chandra Rao wrote: > exec /usr/sbin/named -u named -c "/etc/ClusterDNS.conf" -f You may need to use sudo /usr/sbin/named -u named ... or, if you prefer exec sudo /usr/sbin/named -u named ... Best regards, N

Re: rndc and nsupdate failing to work for me

to the syntax of some of the configuration statements I needed to use in rndc.conf. I hope this helps. Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind

Re: Help: BIND _ Recursive query

On 4 Mar 2019, at 16:20, Paul Kosinski wrote: > provides our users with general caching DNS service for > all other domains. [...] > Its "named.conf" file doesn't list any "forwarders" any more, and > "forward-only" is gone, but it still has a leftover "recursion yes" > clause. Am I correct i

Re: Server can not resolve Domain

On 21 Feb 2019, at 9:28, Wolfgang Pähler wrote: > The domain is: paehler.coud Zonemaster reports problems with the (currently) delegated name servers. I've put a little more detail in a private message. Best regards, Niall O'Reilly ___

Re: How to create an SRV record for the CSTA service

On 13 Sep 2018, at 17:03, King, Harold Clyde (Hal) wrote: > _csta._tcp.csta.example.com. 3600 IN SRV 20 0 1040 > hostname.example.com Instead of "hostname.example.com", you need "hostname.example.com.", with a trailing dot. Niall O'Reilly sig

Re: How to create an SRV record for the CSTA service

/SRV_record For something more formal: https://tools.ietf.org/html/rfc2782 Good luck! Niall O'Reilly signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bi

Re: DNSSEC and secondary DNS servers

On 8 Sep 2018, at 14:58, @lbutlr wrote: > so I think there must be something else. You might need to so some other housekeeping: https://zonemaster.net/domain_check http://dnsviz.net/d/covisp.net/dnssec/ /Niall signature.asc Description: OpenPGP digital signature

Re: slave-not-updated

On 1 Aug 2018, at 10:01, Mohammed Ejaz wrote: Is there any way to troubleshoot from the master server why there is no synchnization to one more Slave. Only partly. You may need access to the slave at some stage. Master log should record NOTIFY messages sent to all slaves. If not all desired s

Re: Handling expired domains

might involve a delay of some, or even many, hours. In any recovery situation, I would be minded to check slave status within a few minutes of restoration of reachability, and to force the master to send NOTIFY messages in case any slaves had not yet resumed service. Niall O'Rei

Re: DNS not resolving on google, but is on other services

uthority servers; in such a case, it seems to give up early and report SERVFAIL. As it happens, there seem to be problems with the set of authority servers involved. You'll find more information at https://zonemaster.fr/test/932ded6946bfebb4 . Best regards, Niall O'Reilly signatur

Re: intermittent SERVFAIL for high visible domains such as *.google.com

any to spare. Best regards, Niall O'Reilly signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https

Re: Subdomain DNSSEC

need NS records as has always been the case. By simply not adding a DS record, you signal an insecure delegation. You may have problems if the two sets of name servers (for parent and child zones) overlap. Best regards, Niall O'Reilly

Re: delegation NS records

On 14 Jul 2017, at 14:07, b...@zq3q.org wrote: > only a single **delegation** NS record > needed Actually, there should be two or more, and their IP addresses should belong to different networks. RFC1034, section 4.1: A given zone will be available from several name servers to insure its av

Re: "spare hosts" as personal DNS nameservers for 'mynew.org'

need to fix, right? Short answer: just no. Long answer: not unless either of your servers is providing name service for the zone that the nameserver itself is in. As I understand from your original message, this is not the case, so just no. I hope this helps. With best regards, Niall O&#

Re: "spare hosts" as personal DNS nameservers for 'mynew.org'

linux hosts outside of mynew.org as personal DNS authorative nameservers.** Any additional related tips appreciated. See above. With best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: DNS and cache-expiration modification

On 18 Nov 2016, at 9:24, Job wrote: Do you know if with Bind is possible? Perhaps the configuration option 'max-cache-ttl' is what you're looking for ? Best regards, Niall O'Reilly ___ Please visit https://lists.isc.

Re: Multiple IPs Associated With A Single Name

on a privileged port, and nothing else. If this is for testing and you control all the clients, a VM of your own, perhaps under VirtualBox on your laptop, may meet your need. Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/lis

Re: Unable to Load the Zone file

bhnis.net), and the SOA record is ignored. You could either put $ORIGIN enum.bhnis.net. ;; NB: the final dot is significant! or just omit the "$ORIGIN" directive. Best regards, Niall O'Reilly ___ Please visit https://lists.isc.or

Re: BIND started replying to queries for .com with .COM

On 1 Apr 2016, at 11:08, Tony Finch wrote: > Robert Edmonds wrote: >> Tony Finch wrote: >>> Phil Mayers wrote: What is considered the source of the ownername for, say, "com."? >>> >>> It should be the root zone master file. >> >> Why not the com zone master file? > > If you are going

Re: unalbe-to-query

to run a comprehensive series of tests against the zone(s) which are giving you trouble. Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users ma

Re: subdomain/zone with DHCPD

On 15 October 2015 15:56:42 BST, lejeczek wrote: >hi everybody > >I'm trying a bind setup which could be talked to by dhcpd. >I've bind setup with virtual zones and now trying to set up >dhcpd so it would be updating DNS, but... but. > >In dhcpd.conf I'm trying: and what's in your named.conf

Re: dname reverse delegation

> 0/24 NS RR? It seems like because of the above DNAME RR it expects and > zone file for the 0/24. However I just want to forward this. I'm sorry. I don't understand what you think you're trying to achieve. I hope this helps. Best regards, Niall O'Reilly __

Re: problem using setuid ("-u" option) with BIND 9.10.3 on RedHat when listening on tun/tap interface

x27; with the "-u incadmin" option, it > works fine -- it listens on the configured ip's and it changes the > owner of the process to 'incadmin'. This is the "traditional" way to run a reduced-privilege instance of named. I've used it, and I be

Re: problem using setuid ("-u" option) with BIND 9.10.3 on RedHat when listening on tun/tap interface

use the "-u" option of > "named" to lower the privileges after launch (requiring native root > privileges to launch), but I can't use both at the same time. > > Can anyone shed any light on this scenario? I'm missing some informat

Re: Multiple A and PTR and the "main" ones?

On Fri, 11 Sep 2015 15:54:52 +0100, David Ford wrote: > > [...] satisfy RFC requirements for DNS [...] Would you mind citing? Thanks Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe

Re: windows client request timed out

se has an article which may be useful: https://kb.isc.org/article/AA-00269/0/What-has-changed-in-the-behavior-of-allow-recursion-and-allow-query-cache.html Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo

Re: Issue in calling same zone in more than one VIEW

k you'll find that just one of your views can reference the zone file, while the other(s) will have an "in-view" option referencing the first view. I hope this helps. Best regards, Niall O'Reilly ___ Please visit https:

Re: Issue in calling same zone in more than one VIEW

On Fri, 29 May 2015 11:25:48 +0100, Cathy Almond wrote: > > > From 9.10.0 there is a new zone type 'in-view'. From the release notes: Neat! Thanks and best regards, Niall O'Reilly ___ Please visit https://lists.

Re: Issue in calling same zone in more than one VIEW

n. > This is happening because I am calling same zone file in both view. > > Please help me out what I should do for getting rid of this issue. You need to use as many copies of each zone file as you have views needing to write to it. Best regards, Niall O'Reilly

Re: lists subdomain not fully working [SOLVED]

On Wed, 27 May 2015 07:50:12 +0100, Lucio Crusca wrote: > > I've now fixed the MNAME and I have to wait propagation before testing > again, but I'm really confident it will solve the problem, Fammi sapere, per piacere ... Niall ___ Please visit h

Re: lists subdomain not fully working

I sit, this problem does not appear. If you can confirm that this problem is still present, you'll need to look for help with analysing it to someone who has access to the name server(s) used by this SMTP server. Either of the users you mention may be able to help. Best regar

Re: BIND response time is relatively high

At Mon, 26 Jan 2015 21:50:37 +, Darcy Kevin (FCA) wrote: > > > The parameter that is glaringly missing from your list is > “recursive-clients”. Do you have that set at default value (1000) or > have you bumped it up higher? Since you say that this happens at “peak > hours”, recursive-clients

Re: BIND9 Return different IP address based on subnet

At Sat, 3 Jan 2015 19:24:47 +0100, Christian Kette wrote: > > I have found a workaround. > I defined a different zone for every network A simpler solution might be to use a sortlist. From the ARM: 6.2.16.13 The sortlist Statement The response to a DNS query may consist of multiple resource

Re: recursive-clients : recommended value for a high traffic recursive nameserver

nts list. This may be due to rogue clients, misconfigured authoritative servers, network problems, or some combination of these. Your logs will help identify which. I hope this helps. Niall O'Reilly ___ Please visit https://lists.isc.org

Re: recursive-clients : recommended value for a high traffic recursive nameserver

nts list. This may be due to rogue clients, misconfigured authoritative servers, network problems, or some combination of these. Your logs will help identify which. I hope this helps. Niall O'Reilly ___ Please visit https://lists.isc.org

Re: Digging to the final IP

At Thu, 23 Oct 2014 15:17:49 +0100, Sam Wilson wrote: > > In article , > Bob Harold wrote: > > > Anytime you see 'grep' and 'cut' used together, they can usually be > > shortened to just 'awk', which requires starting one less process. And if > > this case it splits fields the way a users sees

Re: Digging to the final IP

At Thu, 23 Oct 2014 15:17:49 +0100, Sam Wilson wrote: > > In article , > Bob Harold wrote: > > > Anytime you see 'grep' and 'cut' used together, they can usually be > > shortened to just 'awk', which requires starting one less process. And if > > this case it splits fields the way a users sees

Re: Digging to the final IP

At Tue, 21 Oct 2014 22:31:28 -0500, Frank Bulk wrote: > > Dave, > > Thanks for the input, but what I was looking for was a dig command that > returns the IP(s) or a fail. It looks like the host command is the right > solution in this case, not dig. Doesn't egrep fail on no match? Niall _

Re: Does bind read /etc/hosts?

he DNS. For more information, please see http://serverfault.com/questions/498500/why-does-the-host-command-not-resolve-entries-in-etc-hosts Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri

Re: How to setup a backup NameServer?

At Tue, 29 Apr 2014 10:24:58 +, houguanghua wrote: > > Yes, I had asked the same question months ago. > I'm designing how to protect DNS for an ISP. The zones are not owned > by the ISP. The ISP wants to proect the DNS query during attacking. > So it's not standard DNS solution. During the at

Re: intermittent resolving problem for some domains

r your server which is giving these messages can reach any of the root servers or even any of the external Internet. Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this

Re: bad owner name - Unable to add forward map from Nintendo Wii U ... REFUSED

figuration of this server, I expect you're in a position to determine what owner name is passed to the DNS server, and that this approach might be what you need. This thread probably belongs better on the dhcp-users list ... Niall O'Reilly ___

Re: missing ‘additional section’

On 18 Dec 2013, at 15:19, houguanghua wrote: > Is there any way to enable the Additional Section? Thanks. The server sends data in the additional section if either (a) these data are required, or (b) the server supports and is configured to send data which, although not

Re: Recursive DNS server cannot resolve the reverse zone records from my IPv6 private network

t place the corresponding record(s) in the zone file you're using. Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users

Re: use bind 9.8 as caching server and authoritative nameserver

/6584/show/the-afnic-scientific-council-shares-its-report-on-dns-based-internet-filtering.html Best regards, Niall O'Reilly Member of AFNIC's Conseil Scientifique PS. I wan't a significant contributor to this report. Credit for that belongs to the

Re: packet size

On 11 Sep 2013, at 17:24, Maria Iano wrote: > What does it mean when the edns0 response to a dig says the overall packet > size will be one value Not "will be one value" but "can be no more than that value". > but the message size reported is different. That's the actual size

Re: ISO or virtual appliance

or delegate www.example.com as a tiny dynamic zone and update it directly. Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.o

Re: BIND 9.8.1-P1: 'make test' fails

On 20 Aug 2013, at 15:08, Chris Buxton wrote: > There is a mailing list for Net::DNS. > > List-Subscribe: , > > > That said, there was a discussion last December about what ha

Re: BIND 9.8.1-P1: 'make test' fails

On 22 Nov 2011, at 11:24, Niall O'Reilly wrote: > Since quite a few years, I habitually run 'make test' after building BIND > from sources. I'me seiing a failure with 9.8.1-P1, and wonder whether > anyone else is also. [By way of putting this to bed, a

Re: Slave not creating/updating zones

On 15 Jul 2013, at 12:49, Grace Ingabire wrote: > The issue is now resolved, my master was not configured properly! There's something else: LTD.RW seems not to be delegated. The problem seems to be masked from you because this zone and its parent are both hosted on ns{1

Re: Reverse address entries

On Fri, 28 Jun 2013 13:57:44 -0400 "Novosielski, Ryan" wrote: > The short answer is "some software once cared." Does it still now, I'm > not sure. But we do it. Some still does Niall O'Reilly __

Re: Some Server not Resolving certain address

dig @127.0.0.1 ... you can be sure that the server on which your shell session is running is the one to which dig sends the query. If this is not what you need, use the address of the server's network interface. ATB Niall

Re: Suspecious DNS traffic

ur server. Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Blocking private addresses with a optionq

On 14 Mar 2013, at 16:22, Chris Buxton wrote: > Well, yes, if the server in question is authoritative for all the data in > question. But if it's just a resolver, that may be more difficult. Fair comment. I was (perhaps naïvely) being led by my aversion to open resolvers

Re: Blocking private addresses with a optionq

On 14 Mar 2013, at 15:57, Chris Buxton wrote: > No, I'm pretty sure the OP wants to strip records from responses if the > records are A records referring to private address space (RFC 1918). > > I've no idea how you would do this. Other than separate views, with a "trimmed" zone in the

Re: BIND9 statistics-server: JSON?

On 15 Feb 2013, at 05:57, Jan-Piet Mens wrote: > would there be a chance of ISC adding this to stock > BIND9? Even better: would ISC take on the work of doing it? ;-) FWIW: +1 /Niall ___ Please visit https://lists.isc.org/mailman/list

Re: what do you use for logging?

r offers. Best regards Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: what do you use for logging?

On 18 Jan 2013, at 06:27, Jan-Piet Mens wrote: >> Could "CLI utility" be man(1) and info(1)? :-) > > It could, yes, but `b10-msg NNN` isn't going to break BIND 10's > development budget (I hope), +1 > and I feel it to be more practical than > scrolling through a man page with 900+ err

Re: what do you use for logging?

On 17 Jan 2013, at 20:58, Mike Hoskins (michoski) wrote: > Syslog as the default is perfectly fine with us. Please keep that as the default, following the principle of least astonishment. > I do also use the rotated file method a few places, so hoping that doesn't > disappear.

Re: Update view without using 2 ip for each DNS Server

The example in the last one is extracted from a live configuration which I'm responsible for. Best regards, Niall O'Reilly University College Dublin IT Services ___ Please visit https://lists.isc.org/mailman/lis

Re: dhcpd

to use DHCP instead of BOOTP. Jim Glassford's suggestion seems good enough to me. On 18 Oct 2012, at 14:28, Jim Glassford wrote: > We just continue to deny bootp for subnets that have no need for it and > ignore them. Best regards, Niall O'Reilly U

RH release selection (was: Moving from "type forward" to "type static-stub")

On 21 Sep 2012, at 08:55, Adam Tkac wrote: > Because rc2 was released too late to get it into RHEL 6.3... Btw which is the > bug that bothers you? Why don't you report it to RH bugzilla? I don't understand why RH would choose to include a release candidate rather than a stable re

Re: question about how a particular dig works ...

On 18 Sep 2012, at 14:45, M. Meadows wrote: > dig www.careerone.com.au +short @8.8.8.8 > www.careerone.com.au.edgesuite.net. > a903.g.akamai.net. > 208.44.23.99 > 208.44.23.121 > > Why does the above dig work when If you try dig +trace www.careerone.com.au you'll find that t

Re: ho to filter hundeds of domains ?

Besides, if you take this approach, you will have to commit resources to chasing a moving target. Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from t

Re: SRV query with no domain?

On 16 Aug 2012, at 15:42, Christopher Cain wrote: > Of course a dig query will fail without the domain appended. Dig takes > you query at face value and will not append domains from your search > suffix list like nslookup and ping will. You ALWAYS have to fully qualify > your requests when usin

Re: recursive-clients recommended values

ers/2009-August/077589.html. Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Basic scope question

On 10/07/12 18:07, Bennett, Gary L. wrote: > No, have that part. Was just wondering which domain-name-servers parm, > global or in DHCP address pool, has precedence. Thanks. The more specific specific over-rides the global one. Niall O&

Re: Several (>2) different views [SOLVED]

On 3 Jul 2012, at 21:21, Rodrigo Renie Braga wrote: > Just giving a feedback, this method worked great, but in my case, didn't have > no negate the keys in the ACL (like the example below), I created one key for > each ACL in my configuration and used that ACL for the "match-clients" > directi

Several (>2) different views

uot;captive" { match-clients { captive-clients; }; // view details go here ... }; // End view "captive" view "internal" { match-clients { internal-clients; }; // view details go here ... }; // standard view: 'general' view "gene

Re: Transfer the same zone from a split-view master

what you expected to happen, and what actually happened. People won't help unless they believe you're making a serious effort; so far, you haven't sent anything which might convince them. Best regards, Niall O'Reilly

Re: erros in logs

your request or has sent a badly-formed response. You can expect to see these all the time when you run a resolver. There are broken and misconfigured servers out there! I hope this helps. Niall O'Reilly ___ P

Re: Restricting access & keeping identical data across views

't be an issue. The devil is in the details, which I'll spare you! 8-) Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list b

Re: Restricting access & keeping identical data across views

'm not averse to contributing some effort to such a project. ATB Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org htt

Re: Master/slave configuration

On 8 Mar 2012, at 02:58, Lyle Giese wrote (on bind-users): > On linux boxes, adding > > options rotate > > to the /etc/resolv.conf helps. [cross-posted, reply-to header set] Is there a DHCP option which expresses that, and which typical fielded DHCP clients will respe

Re: Bind bind-9.3.6-16.P1.el5_7.1 - socket.c:4373: unexpected error

On 27 Feb 2012, at 13:18, Rafał Radecki wrote: > Feb 27 13:44:13 dns1 named[21599]: isc_socket_create: fcntl/reserved: > Too many open files It's likely that this isn't specific to BIND, but a consequence of the (combination of) load(s) on your system. Results from Googl

Re: State diagram for DNSsec key lifecycle

ect I might not be alone. 8-) Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Permissions change after running dnssec-settime bind 9.9.0rc2

On 1 Feb 2012, at 09:52, Phil Mayers wrote: > As is probably obvious, I consider it an irritating bug ;o) +1 Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bi

Re: BIND 9.8.1-P1: 'make test' fails

On 22/11/11 18:10, /dev/rob0 wrote: Is this a manifestation of the same issue as brought up last week? https://lists.isc.org/pipermail/bind-users/2011-November/085593.html I don't think so. I can compile without problem. I see a failure during 'make test' processing, and only

BIND 9.8.1-P1: 'make test' fails

Since quite a few years, I habitually run 'make test' after building BIND from sources. I'me seiing a failure with 9.8.1-P1, and wonder whether anyone else is also. Relevant log fragment is shown below. /Niall S:xfer:Tue Nov 22 11:12:07 GMT 2011 T

Re: I can dig a domain but named won't resolve it.

bad idea. You might find https://www.dns-oarc.net/oarc/services/porttest an interesting read. Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this lis

Re: I can dig a domain but named won't resolve it.

to do some packet capture to find out what's not happening. Best regards, Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bi

Re: Delegation check failed

ay out of scope for "bind-users" by now. Thanks for clarifying, Kevin. I hadn't tried the "Undelegated domain test" until just now. I see. Best rregards Niall O'Reilly ___ Please visit https://lis

Re: Delegation check failed

ATB Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

  1   2   >