Whos idea was it to change to mailman?
I am geting notices saying subscription disabled because of bounces,
yet my mail server shows NO rejects to ISC and no failures for them
either
What gives?
___
bind-users mailing list
bind-users@lists.isc.org
Thanks Alan,
Would be nice if mailman included a reject reason/header :)
On Sat, 2009-01-17 at 22:48, Alan Clegg wrote:
Noel Butler wrote:
I am geting notices saying subscription disabled because of bounces,
yet my mail server shows NO rejects to ISC and no failures for them either
On Tue, 2009-01-27 at 07:43, Danny Thomas wrote:
Al Stu wrote:
So within the zone SMTP requirements are in fact met when the
MX RR is a CNAME.
you might argue the line of it being OK when additional processing
includes an A record.
In all the time its taken him to type his rants and
Hi Tony,
On Tue, 2009-01-27 at 09:35, Tony Toews [MVP] wrote:
Noel Butler noel.but...@ausics.net wrote:
This is not your config, so long as you are not answering thats fine.
How do I know I'm not answering those?
Since your on win, I can't help you, but whatever your packet monitor
On Tue, 2009-01-27 at 13:16, Tony Toews [MVP] wrote:
Noel Butler noel.but...@ausics.net wrote:
Surely windows can block access to an inbound IP request from some IP
to local udp port 53 ?
Not the firewall software built into Windows 2003 Server.
Gawd...
If not, you know what my
On Sat, 2009-01-31 at 16:55, Al Stu wrote:
History is fraught with individuals or a few being ridiculed for putting
forth that which goes against the conventional wisdom of the masses and so
You don't get to speak for anyone else but yourself, just because you
believe in your own trolling,
Hi,
A question about $GENERATE, what I'm looking for though is if there's
an option or some way that if an entry is manually made, it will be used
in place of the generated entry, at present lookups will return both.
I'm trying to see where we can have-
$GENERATE 1-254 $.9 PTR
Ed (I didn't see your post to the list?),
I tend to agree with Ben, I looked into this a few years ago and
couldn't see a way, decided it was less time to write a perl script to
automate it all than to keep experimenting.
It creates the PTR zone, adds to named.conf and adds the corresponding A
On Thu, 2009-04-30 at 19:38, Scott Haneda wrote:
On Apr 30, 2009, at 1:43 AM, Kal Feher wrote:
When I clicked on that link the only error was an MNAME error. Did
you see
another error? (I wonder if it was a transient error you observed,
because
it appears different to yours).
Scott,
On Sun, 2009-05-03 at 08:39, Scott Haneda wrote:
I client of mine has thousands of DNS zones that will need a ttl
chance and a serial bump. I want to set a relevant ttl to 300 for a
few days.
After that, an IP address change will be made, and I would like to
change the TTL
On Sun, 2009-05-03 at 10:12, Scott Haneda wrote:
On May 2, 2009, at 4:25 PM, Noel Butler wrote:
Any suggestions
perl substitutions would be your friend, had to do this myself a
few years back, but the key is do fresh backup /var/named first,
then try: perl -pi -e s/2009
On Tue, 2009-06-02 at 13:08 +1000, dantian...@optusnet.com.au wrote:
Hi,
I have a bind server I now use as a caching.
In allowing my work desktop to access i found that it was being refused using
allow-query, but if i add it to recursion it works, have i mis-understood the
use of
On Tue, 2009-06-02 at 16:52 -0500, travis+ml-b...@subspacefield.org
wrote:
Hello,
My primary bind9 name server which does double-duty as a server and recursive
lookup
is becoming wedged where it does not respond to queries or stop events from
rndc.
Sending SIGTERM does not work; I have
My comments below will be to all in general, not to anyone specific and
no offence intended to anyone...
RE: Advogato:
Who?
RE: Circlied:
Who ?
Ok enough of the sarcasm :)
Is someone here seriously trying to use those sites as a reason to not
do something, might as well reference us
Firstly, I feel this really belongs on mailops not bind list :)
secondly...
On Mon, 2010-02-01 at 00:00 +0300, Wael Shaheen wrote:
Blocking port 25 is much worse IMHO because it forces users out of the
service, by restricting their ability to use their own mail servers that can
be hosted
On Sat, 2010-04-10 at 21:19 +0300, Mihamina Rakotomandimby wrote:
Manao ahoana, Hello, Bonjour,
In a zone (the zone == the domain, here), I want a basic thing:
- mails for the domain goes to smtp1.mg.tambazotra.net.
- http://the-domain.tld and http://www.the-domain.tld
both resolve to
On Sat, 2010-05-01 at 13:10 -0400, Server Administrator wrote:
I tried OARC's DNS Reply Size Test on two of my name servers, both on
the same network, behind the same firewall router.
Both came back and reported DNS reply size limit is at least 3843
(results below).
I'd image so, I
On Thu, 2010-05-06 at 22:37 -0400, Dave Filchak wrote:
Our master server machine had a drive failure and looks like it will
be offline for some time. Somewhere in the back of my mind, I thought
I remembered that something bad can happen to the dns resolution for
your zones if the master is
Dave, You are missing the X in the -zuka-rw-MailScanner: Found to be
clean line.
and it appears to not match the other X-zuka-RWMailScanner headers, this
may lead to problems, and no doubt if you --lint mailscanner it will
throw errors saying mismatch for SA.
On Fri, 2010-05-07 at 13:47 +1000,
Hi,
On Wed, 2010-07-14 at 16:29 +, Kebba Foon wrote:
Hi List
i have been having issues with my dns server for a while now,
my server suddently stops answering to queries. i notice that this
happen when every my recursive clients is more that a thousand, as per
the result of rndc
On Thu, 2010-07-15 at 10:18 +, Kebba Foon wrote:
i did i set my recursive-clients to 1 but it does not help.
On Thu, 2010-07-15 at 20:21 +1000, Noel Butler wrote:
UDP
What version of Bind are you running and under which platform
On Fri, 2010-07-16 at 08:41 +, Kebba Foon wrote:
am running 9.6-ESV-R1 on Debian 5.0 lenny
You might need to ensure your operating system can handle more than 1024
file descriptors as it sounds like it is not, but the logs should
reflect this, this could be your problem, if it's not,
On Mon, 2010-08-02 at 22:13 -0400, donovan jeffrey j wrote:
Greetings
i have an internal dns server it resolvs all my queries from the inside.
I have a mail system requesting an spf record. Should i add the same record
on the inside as i do for the outside ? i don't want internal address
On Mon, 2010-10-04 at 17:29 -0500, Lyle Giese wrote:
Dotan Cohen wrote:
The ports aren't blocked as another site (example.eu) hosted on the
1.1.1.1 server works fine. The working site has both nameservers
pointed to that same server (on two different IP addresses on eth0 and
apart from my dig for you not giving real information..
On Mon, 2010-10-04 at 23:08 +0200, Dotan Cohen wrote:
// On 1.1.1.1
[r...@1.1.1.1]# cat /etc/named.conf
options {
directory /etc;
Why are you specifying /etc here?
I suggest you use /var/named
pid-file
On Thu, 2010-12-02 at 17:09 +1100, Stelios Georgi wrote:
I’ve just upgraded my version of bind on my Solaris 10 servers to
9.5.1-P3, and it worked for a week until the TTL’s expired after 7
days.
I’ve restarted the named daemon but it fails to update any of slave
servers. It’s deemed useless
On Thu, 2010-12-02 at 13:15 +0700, David S. wrote:
Hi Mark,
Yes, bind work fine without allow-query statement in view.
Here is my named.conf and view:
options {
allow-query { trusted; };
};
Correct
view mynetwork in {
match-clients {trusted; };
recursion yes;
Further to my private message, is your border router using bogon
filters?
I can actually get your local NS's using a U.S host on an old IP, but
not from my connection, this suggests an outdated bogon filter
since i'm on 27.x IP range.
On Thu, 2011-02-24 at 15:00 +1300, Gregory Machin wrote:
Hi,
You can pretty much remove the entire statement now, as all /8's are
issued as of about two weeks ago.
(Confirming, with my 27.x IP I can now get answers from your local NS's
so all looks good)
Cheers
On Thu, 2011-02-24 at 17:04 +1300, Gregory Machin wrote:
Hi.
Thanks for the support
In addition to my pvt email Evan
The dev link page still shows 9.7.3 as current production, no 9.8.0, but
going to all downloads shows 9.8.0 as current production, and as things
happen in three's ...
bind-9.8.0.tar.gz clicking on this yields a file called
bind-980targzno periods,
It should work too, it was fixed within in a few minutes :)
On Thu, 2011-03-03 at 04:47 -0500, Dennis Clarke wrote:
In addition to my pvt email Evan
The dev link page still shows 9.7.3 as current production, no 9.8.0, but
going to all downloads shows 9.8.0 as current production, and
On Thu, 2011-03-10 at 19:11 -0600, Dan wrote:
I'll second that, I think everyone starts off on linux as new admins,
then eventually figures out how great freebsd ports collection is.
Also have openbsd's PF firewall at our disposal, along with rebuilding
complete OS in one command, unlike
I think you have something broken, bind uses UDP by default, if it can
not connect to a dns server on UDP it then retries on TCP.
It also uses TCP for AXFR's
On Sun, 2011-10-23 at 05:50 +0200, Benny Pedersen wrote:
On Sat, 22 Oct 2011 20:42:08 -0700, Kevin Oberman wrote:
On Sat, Oct 22, 2011
:
ns2 A ip.v.4.add
ns2 ip:6:addr
I guess the old versions are not so strict on checking, or dont know
what to do about ipv6
--
Noel Butler noel.but...@ausics.net
signature.asc
Description: This is a digitally signed message part
On Fri, 2012-02-17 at 07:11 -0800, Chris Buxton wrote:
Yes, it's quite possible to split named.conf into separate per-zone .conf
files and then 'include' them back into named.conf. You can even put the list
of include statements in a separate file, and then include that into
named.conf.
On Sat, 2012-02-18 at 11:51 -0500, Jonathan Vomacka wrote:
BIND Community Support,
I am inquiring about how to setup a proper SPF record? I know there are
SPF wizards/generators available but each seem to have a different
opinion of what should be included and what should not be included.
On Sat, 2012-02-18 at 12:34 -0500, Jonathan Vomacka wrote:
If someone uses a mobile device to send e-mail? Would ~all be better? I
Teach them to use smtp authentication using submission (port 587 stuff)
and it doesn't matter where they come from, so long as your MTA is
configured correctly of
On Sun, 2012-02-19 at 17:00 +0100, ml wrote:
fakessh.eu descriptive text spf2.0/pra ip4:46.105.34.177
ip4:91.121.7.86 ?all
fakessh.eu descriptive text v=spf1 ip4:46.105.34.177 ip4:91.121.7.86
?all
Why did you bother with the record at all?
Question mark indicates you
On Fri, 2012-02-24 at 11:02 -0500, Bill Owens wrote:
I haven't heard of NS supporting DNSSEC, and there haven't been any good
resources to find a registrar who *does*, but this popped up recently:
http://www.icann.org/en/topics/dnssec/deploy-en.htm
. . . and NS isn't on that list. FWIW,
On Tue, 2012-03-06 at 08:23 +1100, Mark Andrews wrote:
In message dub109-w57aa00705e65417a6c57e4ac...@phx.gbl, hugo hugoo writes:
Dear all,
Can anyone help me with its experience on reverse dns for IPV6?
Presently, when we reverse an IPV4 subnet for clients, we configure all=
the
On Fri, 2012-04-27 at 16:18 +0200, Benny Pedersen wrote:
What you did is just as bad
If you need a list moderator there are appropriate addresses to send
your messages to, directly to the list is NOT one of them
The information you desire can be obtained from
On Wed, 2012-10-10 at 18:44 +, Evan Hunt wrote:
BIND 9.7.7, 9.8.4 and 9.9.2 have improved OpenSSL error logging.
Unfortunately, our logs are now filling up with RSA_verify failed
messages.
Yeah, oops, we made that one too noisy. You're not the first one
who's noticed. :/
How
Thanks Mark,
These changes have been committed for future patch releases?
Cheers
On Fri, 2012-10-12 at 12:16 +1100, Mark Andrews wrote:
Just drop the log level to ISC_LOG_DEBUG(1) and recompile.
Search for sucessfully validated after lower casing in lib/dns/dnssec.c
On Tue, 2012-10-16 at 15:35 -0700, Alan Clegg wrote:
You can still find it at ISC:
http://www.isc.org/files/DNSSEC_in_6_minutes.pdf
It is a bit long in the tooth. I'll be updating it soon to cover the work
done by ISC in BIND 9.9
All are welcome to propose titles for this new
On Thu, 2012-11-29 at 13:35 +0100, Carsten Strotmann wrote:
Hello Alexander,
Alexander Gurvitz a...@net-me.net writes:
Carsten,
The script in my original question (it's in the P.S. at the bottom of
my first mail) seem to work for me.
Ahh, thanks, my Emacs was hiding that :)
On Wed, 2012-12-05 at 09:13 +, Phil Mayers wrote:
On 12/04/2012 06:35 PM, Barry S. Finkel wrote:
A question from the OP that has not yet been answered -
Make the zones masters on all servers.
Surely not for RPZ? The whole point with RPZ is that you have one zone
containing all the
On Wed, 2012-12-05 at 10:23 +0100, Daniele Imbrogino wrote:
/etc/bind/named.conf.option
WTF is that file? it certainly is not an ISC named file.
if you are using some butchered to buggery distros file, please ask on
your distros mailing list
we are not to know what that file contains, or
validated after lower
casing signer 'CO'
snip
--
Shane Kerr
ISC
On Saturday, 2012-10-13 11:07:01 +1000,
Noel Butler noel.but...@ausics.net wrote:
Thanks Mark,
These changes have been committed for future patch releases?
Cheers
On Fri, 2012-10-12 at 12:16 +1100, Mark Andrews
Thanks Shane,
I have re-applied previous changes to source files and that has silenced
them again in meantime.
Cheers
Noel
On Thu, 2012-12-06 at 17:05 +0100, Shane Kerr wrote:
Noel,
On Thursday, 2012-12-06 11:03:24 +1000,
Noel Butler noel.but...@ausics.net wrote:
Hi Shane, Mark, Evan
On Mon, 2013-02-18 at 16:07 -0600, Lyle Giese wrote:
Recently I moved this domain(lcrcomputer.net) to a registrar that
suports DNSSEC and inserted the DS record for this domain. I checked
DNSSEC via http://dnsviz.net and
http://dnssec-debugger.verisignlabs.com. Both show DNSSEC is
apparently you have no comprehension of OFF TOPIC
I stopped reading at about the half dozen words because you once again
went off on your OFF TOPIC rants.
But each to our own, you hate it, many stand by it, its only fools like
you who cant accept that, thats your problem not mine.
Given that
On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote:
I almost wouldn't bother with SPF records these days though, except that
the code was already written.
# grep SPF maillog |grep -c '\-all'
2438
# grep SPF maillog |grep -c '\~all'
7509
since midnight Sunday...
looks like its worth
On Wed, 2013-03-13 at 19:33 -0700, Dave Warren wrote:
On 3/13/2013 17:11, Noel Butler wrote:
On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote:
I almost wouldn't bother with SPF records these days though, except that
the code was already written.
# grep SPF maillog
On Thu, 2013-03-14 at 17:29 +1000, Noel Butler wrote:
On Wed, 2013-03-13 at 19:33 -0700, Dave Warren wrote:
On 3/13/2013 17:11, Noel Butler wrote:
On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote:
I almost wouldn't bother with SPF records these days though, except
Vernon Schryver writes:
to laziness, DNS is not rocket science, I'm sure given ARM and
access to
google, a 13yo kid could get at least the basics right.
Laziness?--nonsense. Postel's Law and simple logic predict the
truth hurts eh.
Didn't see your original post, viewed and had
On Mon, 2013-03-18 at 16:52 -0700, SM wrote:
SPF RR type
Had a bit of a read of that thread, and the most noise comes from a guy
who should know better, but doesn't, Mr Kitterman repeatedly says If
it's all so obvious that it makes sense to publish SPF records, why
aren't more people doing
On Mon, 2012-11-05 at 21:21 +1100, Mark Andrews wrote:
Ignore them. They will be addressed in the next maintenance release.
it was, but now seems to have reared its ugly head again in 9.9.2-p2
Apr 1 12:20:35 fox named[589]: RSA_verify failed
Apr 1 12:20:35 fox named[589]:
On Mon, 2013-04-01 at 15:03 +1100, Mark Andrews wrote:
In message 1364786722.6226.2.camel@tardis, Noel Butler writes:
On Mon, 2012-11-05 at 21:21 +1100, Mark Andrews wrote:
Ignore them. They will be addressed in the next maintenance release.
it was, but now seems
On Tue, 2013-04-02 at 14:16 -0700, Chris Buxton wrote:
Can anyone explain this to me?
If a name exists in the response policy, and also exists in the real Internet
namespace, the value from the policy is returned. But if it doesn't exist out
on the Internet, then the value is not returned
On Fri, 2013-04-05 at 08:51 +0200, Torsten Segner wrote:
$TTL 43200
@ IN SOA a.prim-ns.de. hostmaster.de.easynet.net. (
2012041802 ;
28800 ;
7200;
604800 ;
Sign them for longer, I typically use 90 days
On Thu, 2013-04-11 at 12:14 +, hugo hugoo wrote:
Hello,
Can anyone tell me why signatures in dnssec mut be renewed every 30
days?
What are the modifications made on a zone with a resign?
Thanks in advance for the clarifications.
On Tue, 2013-04-30 at 17:04 -0500, Pascal wrote:
Dig 9.9 consistently gives me FORMERR against NetWare DNS servers.
Previous versions worked fine. Suggestions on how to figure out if the
bug is in Dig or NetWare?
-Pascal
O:\Documents and Settings\admin\dig\9.9.2-P2dig
On Wed, 2013-05-08 at 13:59 -0400, Chip Marshall wrote:
On 2013-05-08, Steven Carr sjc...@gmail.com sent:
Any chance someone can correct the settings on this mailing
list to reply to the list by default instead of the user
posting the message?
I'd argue the settings are already correct.
On Wed, 2013-05-08 at 13:59 -0400, Chip Marshall wrote:
On 2013-05-08, Steven Carr sjc...@gmail.com sent:
Any chance someone can correct the settings on this mailing
list to reply to the list by default instead of the user
posting the message?
I'd argue the settings are already correct.
On Fri, 2013-06-28 at 13:57 -0400, Novosielski, Ryan wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The short answer is some software once cared. Does it still now, I'm
not sure. But we do it.
SMTP does, IRC does
signature.asc
Description: This is a digitally signed message part
On Mon, 2013-07-22 at 02:51 -0400, Jason Hellenthal wrote:
It's exactly as it says...
Instead of
... TXT SPF ...
You now do
... SPF SPF ...
Mark Andrews wrote:
No. It has a legacy SPF TXT record. It SHOULD have record of
type SPF as per RFC 4408.
Named will complain if
On Mon, 2013-07-22 at 08:50 -0500, Barry S. Finkel wrote:
This was discussed here already, and imho this is anti-spf bullshit like
all those spf breaks forwarding FUD. The SPF RR is already here and is
preferred over TXT that is generik RR type, unlike SPF.
It is not Fear, Uncertainty,
On Sun, 2013-08-04 at 13:28 -0700, Eduardo Bonsi wrote:
Hello Everyone,
I have some questions about ipV6 transition and DNS configuration!
I am preparing to make my transition to a dual stack ipv4, ipv6 and I
have some concerns in regards to the security of the network since ipv6
do
On Sat, 2013-08-17 at 01:18 -0400, Alan Clegg wrote:
On Aug 17, 2013, at 12:42 AM, LuKreme krem...@kreme.com wrote:
[...] I could not get the slave to do anything other than post errors and
refuse to start. Usually they were along the lines of not being able to
bind to port 953 or of
On Sun, 2013-08-18 at 17:36 -0600, LuKreme wrote:
On 18 Aug 2013, at 14:06 , Dave Warren da...@hireahit.com wrote:
Change the zones from master to slave in your named.conf? There really
isn't much more to it than that, assuming you have a new authoritative
master is already configured
Hey Mark,
Looks like it might be a bug, *BUT* a client utils bug, so I think his
server is likely fine, he's panicking over what's reported not what's
actually going on, I'm sure its not the intended response to display so
I've just added bug rep on it, if you disagree, you can always nuke
it
On Thu, 2013-08-29 at 11:52 +1000, Noel Butler wrote:
Hey Mark,
Looks like it might be a bug, *BUT* a client utils bug, so I think
his server is likely fine, he's panicking over what's reported not
what's actually going on, I'm sure its not the intended response to
display so I've just
+1000, Noel Butler wrote:
On Thu, 2013-08-29 at 11:52 +1000, Noel Butler wrote:
Hey Mark,
Looks like it might be a bug, *BUT* a client utils bug, so I think
his server is likely fine, he's panicking over what's reported not
what's actually going on, I'm sure its not the intended
Yeah, I went out for a bit, came back and fresh, decided to take another
look, I got no further than looking at my own confs and it clicked this
was an old bug, that _was_ fixed... I've updated my RT entry to reflect
that.
On Thu, 2013-08-29 at 07:47 +0100, Steven Carr wrote:
I think the short
Barry,
On Thu, 2013-08-29 at 16:16 -0400, Barry Margolin wrote:
In article mailman.1210.1377758162.20661.bind-us...@lists.isc.org,
Noel Butler noel.but...@ausics.net wrote:
replying to ones self a few times in one day or a sign I need a break..
but...
I think the issue
On Thu, 2013-09-19 at 16:04 -0700, Michael McNally wrote:
New versions of BIND are now available from http://www.isc.org/downloads
New Features 9.9.4
Added Response Rate Limiting (RRL) functionality to reduce the
effectiveness of DNS as an amplifier for reflected denial-of-service
On Thu, 2013-09-19 at 23:40 +, Evan Hunt wrote:
On Fri, Sep 20, 2013 at 09:20:29AM +1000, Noel Butler wrote:
I have been using this since 9.9.4bx, and although documentation is/was
lacking at the time, so there might be a whitelisting somewhere , but in
its absence, I highly advise
Hi Vernon,
On Thu, 2013-09-19 at 23:42 +, Vernon Schryver wrote:
BIND RRL has had whitelisting for trusted DNS clients that send repeated
DNS requests since early days, long before any version of BIND 9.9.4.
Look for 'exempt-clients{address_match_list};' in either the ARM that
comes with
On Fri, 2013-09-20 at 01:59 +, Vernon Schryver wrote:
From: Noel Butler noel.but...@ausics.net
now, I never ran it as patches, my policy is only use official upstream
sources, so my first play around was with 9.9.3.b2 I think it was.
BIND 9.9.4 and its immediately preceding beta
Hi Shane,
On Fri, 2013-09-20 at 11:38 +0200, Shane Kerr wrote:
Noel,
On 2013-09-20 12:48:31 (Friday)
Noel Butler noel.but...@ausics.net wrote:
On Fri, 2013-09-20 at 01:59 +, Vernon Schryver wrote:
plenty of delayed mail - hostname lookup failures (mostly because of
URI/DNS
On Mon, 2013-09-23 at 19:21 +, Vernon Schryver wrote:
As a matter of interest, if one had a DNSBL with 5.5 million entries
(i.e. 5.5 million IPs):
1) What needs to be done to rewrite that to a BIND zone?
2) What sort of machine would be required to load that zone?
3) How
On Tue, 2013-09-24 at 13:40 +, Vernon Schryver wrote:
From: Noel Butler noel.but...@ausics.net
We used to run our int bl on bind, it was a resource hog compared to
rbldnsd
But there is no way in hell, I'd run rbldnsd on anything else other
than a BL,
IMO, they are both
On 06/11/2013 18:52, babu dheen wrote:
Dear All,
I would like to integrate BIND DNS with Spamhaus Malware DB feed. But i
need clarity whether Spamhaus offers this feed for free or
subscription(cost) based?
If you want your local copy it will cost, and they charge like 20
counties of
On Fri, 2013-12-20 at 12:58 -0500, Thomas Schulz wrote:
Well, we started with them back when they were the only company registering
domain names. And up to now there were no problems (other than perhaps price).
and their highly unethical business practices, OK my experiences with
them
On 30/12/2013 22:17, Gaurav Kansal wrote:
Hi Guys,
In bind 9.9.4, Reponse-Rate Limit doesn't work until you configure bind with
“—ENABLE-RRL” option.
I was wondering why is it so ?
Because it can be detrimental to existing sites if configured wrongly,
its something not all sites
OK here too.
On 03/05/2014 11:07, Evan Hunt wrote:
On Fri, May 02, 2014 at 05:50:45PM -0700, mm half wrote:
I have downloaded bind-9.10.0.tar.gz from the ISC download site, imported in
the pgpkey2013.txt located at:
https://www.isc.org/downloads/software-support-policy/openpgp-key/
Hi,
U, since upgrade 9.9.5 to 9.10 every request to the name server is
spewing copious amounts of debug type data (thankfully I only upgraded
the one server)
named[23250]: received packet from 207.66.8.132#53 (no opt): ;;
-HEADER- opcode: QUERY, status: NOERROR, id: 20501 ;; flags: qr
On 04/05/2014 05:28, Jeremy C. Reed wrote:
It is at the notice severity level. The code says:
We didn't get a OPT record in response to a EDNS query. and also says
We need to drop/remove the logging here when we have more
experience.
Are you getting this debugging for EDNS-related problems
Not a BSD user, but are you running any sort of extra security
enforcement toolsets?
PIE is IIRC, Position Independent Executable.
On Fri, 2014-06-06 at 19:27 -0400, Rick Dicaire wrote:
Hi folks, in trying to update bind 9.8.7_15 on freebsd 8.4, I get the
following:
...
On Thu, 2014-06-05 at 12:18 -0400, Kevin Darcy wrote:
Given the heated and bitter debates over the SPF record type (see
http://www.ietf.org/mail-archive/web/dnsext/current/maillist.html,
search SPF, around August of last year), I'm thinking that a couple
years probably translates into
On Sat, 2014-06-07 at 13:35 +1000, Edwardo Garcia wrote:
Halo,
in recent week we have see fill daemon_log of this errors, is way to
fix?
I do wrong?
you are doing nothing wrong, the idiot advertising fe80 is the one doing
it wrong
in the meantime you could add to your named.conf -
On 12/06/2014 08:04, mcna...@isc.org wrote:
In summary:
BIND 9.10.0-P2:
- fixes security issue CVE-2014-3859
- fixes issue from ISC Operational Notification of 4 June 2014
- includes other minor fixes
Michael,
Does this also address the crazy amount of logging (as previously
discussed
On 12/06/2014 20:58, Tony Finch wrote:
Noel Butler noel.but...@ausics.net wrote:
Does this also address the crazy amount of logging (as previously
discussed
here)?
If you mean the EDNS logging, that should be fixed in 9.10.1.
Tony.
Yes, this has been the talking point of town, for all
On 27/06/2014 12:32, Teerapatr Kittiratanachai wrote:
Dear List,
Yesterday I try to map a private IP address on Public DNS Server, but
some server, actually 1 server, doesn't show the answer. But the Rcode
is 0.
So I already removed that record for now. Is it possible to set DNS
server for not
On 12/07/2014 11:08, Mark Andrews wrote:
The real problem is humans. They like to tinker with files (hence
the subject line). There really shouldn't be a reason for anyone
to need to read slave database files. They are there so named can
have the zone content when it starts up rather than
On 07/08/2014 06:03, Jared Empson wrote:
What our cache server receives:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 38342
;; flags: qr ; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1280
;; QUESTION SECTION:
:)
On 07/08/2014 08:40, Reindl Harald wrote:
Am 07.08.2014 um 00:33 schrieb Noel Butler:
Apart from stupid SOA values, losscontrol360.com seems OK
OK? the failing NS query is caused by the errors below
this domain only works by luck from time to time
[harry@srv-rhsoft:~]$ dig NS
so what about named's syslog entries, most commonly found in daemon log
On 21/08/2014 10:59, Len Conrad wrote:
uname -a
FreeBSD rns1..net 10.0-RELEASE
named -v
BIND 9.10.0-P2
this is a recursive-only NS restricted allowing recursive queries from
ournetworks ACL
monitor
Subject line so it is more specific
than Re: Contents of bind-users digest...
Today's Topics:
1. Re: bind-users Digest, Vol 2083, Issue 1 (STEPHEN EYRE)
2. Re: bind-users Digest, Vol 2083, Issue 1 (Reindl Harald)
3. Re: bind-users Digest, Vol 2083, Issue 1 (Noel Butler
On 07/04/2015 17:15, G.W. Haywood wrote:
Hi there,
On Tue, 7 Apr 2015, bind-users-requ...@lists.isc.org wrote:
Message: 1
[Snip 51 lines]
Message: 2
[Snip 75 lines] Message: 1
[Snip 37 lines]
Message: 1
[Snip 45 lines]
Message: 2
[Snip 49 lines]
Message: 2
[Snip 16
1 - 100 of 130 matches
Mail list logo