tart.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users
nny
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
ht
Test Server
OpenPGP_0x11B7451DF2015959.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds
On 5/8/21 14:13, Evan Hunt wrote:
> On Thu, May 06, 2021 at 11:57:58AM -0400, Dennis Clarke via bind-users wrote:
>> I do NOT trust a build result where I had to go hacking into all the
>> Makefiles just to get it to build. You install without doing testing?
>
> I think Ondr
On 09/05/2021 12:32, Xavier Humbert via bind-users wrote:
Hi,
My DNS system if perfectly working :
[xavier@numenor ~]$ dig dns.google.com
; <<>> DiG 9.16.15 <<>> dns.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status
On 09/05/2021 13:44, Xavier Humbert via bind-users wrote:
On 09/05/2021 12:32, Xavier Humbert via bind-users wrote:
Hi,
My DNS system if perfectly working :
[xavier@numenor ~]$ dig dns.google.com
; <<>> DiG 9.16.15 <<>> dns.google.com
;; global options: +cmd
;;
enPGP_0x90B78A89BCC49C10.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with pa
192.33.14.30, a.gtld-servers.net. A
> 192.5.6.30, m.gtld-servers.net. 2001:501:b1f9::30(490) (ttl 63, id
> 11754, len 518)
> - - -
> ---
> PGP-Key: CDE74120 ☀ computing @ chaos claudius
>
> ___
> Please visit https://lists.i
://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo
How can I run those
tests as separate items manually ?
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC f
On 5/6/21 10:50, Tony Finch wrote:
> Dennis Clarke via bind-users wrote:
>>
>> Hey there. I looked in the README and I dont see an INSTALL file at all
>> so I have to assume that the testing docs exist somewhere.
>
> Have a look at
>
> https://gitlab.isc.org/i
8
bge2:14: flags=2000801 mtu 1500 index 4
inet6 fd92:7065:b8e:ff::2/128
bge2:15: flags=2000801 mtu 1500 index 4
inet6 fe80::203:baff:fe13:3c25/10
dude@nix$
dude@nix$ ./runall.sh -n
+ SYSTEMTESTTOP=.
+ . ./conf.sh
++ TOP=/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.005
++ DEFAULT_
l[#]] [-n # [-x]] [-s size] [cmd [args ...]]
R:allow-query:PASS
So I guess there are hard coded gnuisms in there?
Dennis
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this
On 5/7/21 16:00, Ondřej Surý wrote:
> No, the tests run fine on BSDs, there are no gnuisms.
>
> Solaris just isn’t on our supported platform list
Oh thats right .. you guys dropped it.
Still a whack of legacy boxes out there running but I guess
not ISC Bind in the very very very ne
d running `make check` is enough.
>
I do NOT trust a build result where I had to go hacking into all the
Makefiles just to get it to build. You install without doing testing?
Dennis
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
ving the software.
I feel strongly that I should chime in with my experiences of trying
to use Git/Web interfaces to report issues. Not, I hasten to add,
issues with BIND - I don't recall ever trying to use ISC's GitLab and
I'd have no particular issues with creating an account except that I'd
Upgrade to WHAT? You said it was fixed in 9.11.25, but isn't that a lot
OLDER than 9.16.15, which is what I'm running?
jupiter ~ # named -v
BIND 9.16.15 (Stable Release)
jupiter ~ # dig -v
DiG 9.16.15
On 5/16/2021 12:06 AM, Mark Andrews wrote:
On 16 May 2021, at 10:17, Dan Egli via bind
-signing using
dnssec-keygen. The new dnssec-policy feature can do automatic key
management for you.
Tony.
So, I updated the settings. Now I have keyfiles generated by bind, as
well as a binary .zone.signed in addition to the plain text .zone which
has no DNSSEC information at all in it. I ran
If you can have BIND log directly to a file, couldn't you use a FIFO
(prwxrwxrwx) or Unix domain socket (srwxrwxrwx) and avoid the disk I/O by
sending the log data directly to the forwarder? (E.g., Pulse Audio listens on a
socket for audio data from an application, and sends it in real-time
NS
uz5w6sb91zt99b73bznfkvtd0j1snxby06gg4hr0p8uum27n0hf6cd.free.ns.buddyns.com.
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do
not feel obligated to reply outside your normal working hours.
On 16. 5. 2021, at 8:45, Dan Egli via bind-users
wrote:
Upgrade to WHAT? You said it was fixed in 9
are they?
Some long TTL?
Just shootin' the fish, I don't know nearly as much about this stuff
at the guys already helping you.
--
73,
Ged.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds
Hello again,
On Sun, 16 May 2021, I wrote:
... If you can't agree their numbers then
you're some information ...
Having screen troubles. The word 'missing' is missing.
--
73,
Ged.
___
Please visit https://lists.isc.org/mailman/listinfo/bind
On 5/10/21 5:11 AM, Ondřej Surý wrote:
On 10. 5. 2021, at 10:29, Richard T.A. Neal wrote:
At this time I don't therefore believe that running BIND via WSL or WSL2 on
Windows Server is a viable reliable solution.
Thanks for the analysis.
The alternative is as I outlined in the first email
On 5/10/21 01:55, @lbutlr wrote:
> On 06 May 2021, at 09:57, Dennis Clarke via bind-users
> wrote:
>> I do NOT trust a build result where I had to go hacking into all the
>> Makefiles just to get it to build. You install without doing testing?
>
> That's a very strang
I very carefully created an airgap test system for this process and did
setup all the required network interfaces. However all tests fail
terribly due to some weird python requirement ?
airgap$ ./runall.sh -n
+ SYSTEMTESTTOP=.
+ . ./conf.sh
++ TOP=/opt/bw/build/bind
Actually, it's in keeping with the *original* definition of hacking!
On Sun, 9 May 2021 23:55:13 -0600
@lbutlr wrote:
> On 06 May 2021, at 09:57, Dennis Clarke via bind-users
> wrote:
> > I do NOT trust a build result where I had to go hacking into all the
> > Mak
Hi there,
On Wed, 26 May 2021, He/Him wrote:
we merged a change that substantially reduces a contention between threads
and improves the recursive performance ...
We are currently running 9.11.26, and 9.11 has always built with no issues.
Debian 9.13 (Stretch).
$ aunpack bind-9.16.17
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
https://www.five-ten-sg.com/mapper/bind contains links to the source
rpm, and build instructions. This .src.rpm contains a .tar.gz file with
the ARM documentation, so the rpm rebuild process does not need sphinx-
build and associated dependencies
Inside the zone statement of the primary add:
also-notify { ipofsecondary };
This will make transfer in microseconds.
Let me know if it works for you.
Dan
On Jun 1, 2021, at 7:24 PM, Mark Andrews wrote:
On 2 Jun 2021, at 01:18, Cuttler, Brian R (HEALTH) via bind-users
wrote:
My dns
On 5/23/21 9:27 AM, Ondřej Surý wrote:
Nope, that’s how you enter email to SOA with dot in user part as
the first dot gets converted to @.
#TodayIlearned
I agree with Ondřej. I think it's the missing $ in front of ORIGIN.
Remember the $ lines are directives to BIND and not zone data
Nevertheless I think there is a bug. IIR the previous default was 100% (switch
to AXFR if IXFR would be grater than AXFR) and we also saw plenty of AXFR
although the IXFR difference was very small and far away from 100%
regards
Klaus
> -Ursprüngliche Nachricht-
> Von: bind-use
Running bind 9.16.15 on FreeBSD 11.4-STABLE.
Master is out on a cloud server at Digital Ocean. Slave is on-premise.
All on-prem LANs point to the slave instance.
Running split horizon to keep nosey parkers out of our local DNS assignments.
Recently - and for no obvious reason - the on-prem
On 5/20/21 8:43 AM, Anand Buddhdev wrote:
> On 20/05/2021 15:30, Tim Daneliuk via bind-users wrote:
>
> Hi Tim,
>
>> Recently - and for no obvious reason - the on-prem instance stops resolving
>> properly. The fix is to stop it, clear out the slave files, and restart.
&g
sit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.or
On 5/30/21 9:24 AM, Richard T.A. Neal wrote:
I spent a little time this weekend setting-up BIND 9.17.13 on Ubuntu
21.04 and configuring the system as a recursive resolver offering DNS
over HTTPS using a LetsEncrypt certificate.
Nice work.
Is there any interest in me writing this up as a web
Call me naive, but I’m trying to figure out what the corner case is to use BIND
on Windows.
For an internal network Windows Server already has a name server that
integrates with AD and everything else needed to run a Windows network.
Support for DDNS is a lot easier, it has tons of SRV
: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
signature.asc
Description: Message signed with OpenPGP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software
ortable (by Adobe).
P.S. I am not a fan of Windows, but it is widespread, and many people even use
it for Internet servers.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development
the effort was made.
FWIW.
Danny
On 6/3/21 4:03 AM, Richard T.A. Neal wrote:
Thanks Vicky and Ondrej for providing clarity. I'll be sad to see it when this
happens but as I said in my original post I don't underestimate the sheer
amount of effort required to maintain BIND for Windows going
, and I haven't used root.hints for years.
The hints section (zone ".") in my named.conf is just commented out.
https://kb.isc.org/docs/aa-01309
HTH
--
73,
Ged.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscr
On 30/05/2021 17:24, Richard T.A. Neal wrote:
DNS over HTTPS support appears to be steadily increasing and it looks
like the next version of Windows 10, Windows 10 21H2, will including
support for DoH at the operating system level.
�
I spent a little time this weekend setting-up BIND
On 6/3/21 7:05 PM, Peter via bind-users wrote:
Guess not even a subscription will not happen too.
I'm having to try and do Bind on ubuntu and it just will not let me
edit files like named.conf unless you do some vodoo that I don't
understand and even updating the bind like how? Windows
On 6/3/21 2:17 PM, Reindl Harald wrote:
Am 03.06.21 um 20:12 schrieb Danny Mayer via bind-users:
I don't speak for ISC but it's important to understand that support
of an operating system costs money and unless a company or
organization is willing to step up with money it cannot
gt; ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ f
included
> and we set the LD_LIBRARY_PATH, or a 'static' link?
>
>
> It only takes a 'few minutes' more -- once you spend a few hours getting the
> whole environment setup. some don't build it all the time.
>
>
> I'll give ISC Five Stars on Google!
>
>
&
Or “make dig”
> On Jul 6, 2021, at 11:47, Paul Kosinski via bind-users
> wrote:
>
> On Tue, 6 Jul 2021 12:44:15 +
> "MURTARI, JOHN" wrote:
>
>> Folks, let me add my desire for a quick download dig supporting DoH. It
>> could really help with s
I’m in the process of building a custom version of bind with DoH and would also
like to add DNSSEC algorithm 15 for experimental purposes
DoH works just fine on the servers I have configured.
My “configure" command is
./configure --with-openssl=../openssl-1.1.1k --with-libxml2 --with-j
>>
>>> There’s no such option to configure.
>>>
>>> Ondřej
>>> --
>>> Ondřej Surý — ISC (He/Him)
>>>
>>> My working hours and your working hours may be different. Please do not
>>> feel obligated to reply outside your n
tory.
>
> There’s no such option to configure.
>
> Ondřej
> --
> Ondřej Surý — ISC (He/Him)
>
> My working hours and your working hours may be different. Please do not feel
> obligated to reply outside your normal working hours.
>
>> On 5. 7. 2021, at 18:2
Has ISC given any thought to releasing dig as a separate source package?
It’s good for testing DoH, but you need to build the entire bind package to get
it. It would be useful for support analysts without the overhead of compiling
all of bind to get it
---
Eric Germann
ekgermann {at} semperen
Hi
Its possible to delegate tld domain example.com to 1.1.1.1 name server and
.example.com to 2.2.2.2 name server ?
Wysłane z Yahoo Mail do iPhone
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ndently of the zone files.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
On 4/27/21 10:24 AM, Kevin A. McGrail wrote:
Agreed on the OT and good subject change.
:-)
For me, I wouldn't bind DNS to the eth0, just another attack surface
hence I would use local loopback.
I think the main reason to bind to eth0 / LAN is for when there are
multiple (mail) servers
Hi,
I need some help setting up a recursive nameserver for my internal
network using BIND 9. The recursive name server is not resolving any
domains.
I am running the BIND 9 package from the ppa:isc/bind repo.
BIND Version Number: 9.16.15
OS: Ubuntu 18.04 LTS
This is the named.conf.options
mechanism in bind9 where the server
> chooses different records to resolve for each request, but is there a way
> to assign weights so that the server resolves with different probabilities?
>
> All I could find about the topic was this old mail from the archive:
> https://lists.isc.
pipeline runner to my remote BIND staging server and update
> the zone files on there with my newly updated zone file.
> I initially thought about using ssh from the runner to the remote BIND
> server but this may not be the most secure way of connecting.
> So my question is: Is it possib
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https
ppear to be confused about what the various tools do, so here's a
> summary:
>
> 1. ssh is used to log into a remote server, get a shell, and run
> operating system commands.
>
> 2. rndc is for controlling a running BIND server. It can be used to
> check the status of BIND, relo
This has kept me spinning in a few hours since yesterday. So I gave a
try at configure and compile of bind-9.11.31 on ye Fujitsu/Oracle SPARC
Solaris 10 boxen and I see :
.
.
.
/opt/developerstudio12.6/bin/cc -mt
-I/opt/bw/build/bind-9.11.31_sunos5.10_sparcv9.003 -I../..
-I/opt/bw/build/bind
ompile completes.
I will dig a bit and see where things went wrong after 9.11.26.
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsub
On 4/26/21 2:45 PM, bamberg2000 via bind-users wrote:
Hi!
Hi,
BIND 9.11.5, I forward the request ("forward zone" or global "forward
first") to another server and I get NXDOMAIN. Is it possible to process
NXDOMAIN other than "redirect zone"? I just want to
BIND-Users on topic content first:
#1 bind for a local caching DNS query server
I absolutely agree.
and change resolve.conf to 127.0.0.1 for the best RBL performance.
How much effective performance difference does the loopback interface
(lo) vs the local LAN interface (eth0) make
recursive resolver? As far as I
remember, BIND used as a recursive resolver will "cache" this
knowledge, but I'm not entirely certain for how long, since it
can't use the method from an NXDOMAIN reply which includes the
SOA record (and uses the re-purposed "minimum" field for the TTL
; > there where errors reported. It could be as simple as a routing issue
> > between you and these servers.
> >
> > > On 10 Feb 2021, at 13:25, sami's strat wrote:
> > >
> > > couldn't get address for 'internet-dns1.state.ma.us': not found
> > > couldn't get address
easons a recursor might choose to return a
SERVFAIL response. It uses an EDNS option to communicate the
additional information.
As for its implementation status in general or in BIND in
particular I'll admit that I don't know off-hand.
Regards,
- Håvard
___
I rather prefer tshark to tcpdump: it's essentially the command line version of
wireshark, and thus has wireshark's protocol "dissecting" abilities.
On Wed, 10 Feb 2021 22:20:08 +
"John W. Blue via bind-users" wrote:
> Three words: tcpdump and wireshark
>
>
gards,
- Håvard
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bi
>> So ... I can't get the glibc behaviour to mesh with the standard
>> on this particular point.
>
> It's set in RFC 6840:
I stand corrected, thanks.
- Håvard
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
mbol(s) not found for architecture arm64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
configure:16164: $? = 1
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME "BIND"
Looks like I need to download and install libuv.
Thanks again.
James.
&
Can anyone help me get BIND 9.16.13 to work with Apple’s new M1s?
Compiler: gcc
Configured with: --prefix=/Applications/Xcode.app/Contents/Developer/usr
--with-gxx-include-dir=/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/c++/4.2.1
implement both 4 and 5 ?
I would assume that #4 can be done.
I would expect that #5 can be done.
2. Any alternative architecture (I can use up to 5 hosts) ?
I /think/ that BIND has some options to use something else, a
(traditional) DB and / or LDAP for zone information via Dynamically
_____
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
0hhstYcI1wpsBcA
nRdv220ju0R0IIEgbLzfbXs8CjHX
=+zDb
-END PGP SIGNATURE-
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
response time.
Kind Regards
Thomas Preissler
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https:/
---END PGP SIGNATURE-
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more infor
o share it generously.
>
> Tony.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
dns_dnssec_findmatchingkeys: error reading key file Kfive-ten-
sg.com.+008+39376.private: permission denied
Those key files are 0600 root:root. Bind should never need to read them
since we are not doing in-line signing or key rotation within bind
/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ames in zone files.
>
> Mark
OK that makes sense. Thanks. It's been so long since I configured these
servers - and
they have worked so flawlessly - I forgot everything I knew about bind config
files ;)
___
Please visit https://lists.isc.o
Description: S/MIME Cryptographic Signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact
for things that need to be
allowed.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development
On Monday, 12 April 2021 01:18:11 CDT @lbutlr via bind-users wrote:
> Doe anyone know the syntax for using purge-keys in 9.16.13? I've search and
> all I can find is notes that it was added. I've tried a couple of things, but
> I am shooting in the dark. I cannot redefine the "d
NS query returned: "Server failed to complete the DNS request".
>"
>
>You should check the requirements. You'd need to answer for three
>consecutive days, be consistent in all NS IP addresses, etc.
>
>Hugo
>
>On 15:11 09/04, Jim Popovitch via bind-users wrote:
On April 9, 2021 8:21:33 PM UTC, "John W. Blue via bind-users"
wrote:
>Sorry .. clicked send too soon.
>
>Found this via google:
>
>https://docs.gandi.net/en/domain_names/advanced_users/dnssec.html
>
>"You can not add DS keys as we compute it for you
t very clear.
> Eventually I hope to improve this once our resolvers support RFC8914
> extended dns errors which we could pass on to the frontend.
+1 Thanks!!
> On 4/9/21 9:11 PM, Jim Popovitch via bind-users wrote:
> > > > What I can't figure out is how/when does .ch query the CDS/
on: S/MIME Cryptographic Signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more i
[ Classification Level: GENERAL BUSINESS ]
It's not a "BIND" solution, per se, but if you have a
sufficiently-sophisticated IPS (Intrusion Prevention System) you could have
it simply drop all queries of a particular QNAME, or any particular
combination of QNAME, QTYPE, QCLASS, be
Hi,
I am using bind's geoip feature, created one ACL to allow country IN. I am not
getting logs of a failed query if the client IP is other than than country IN.
Rest all is working fine, getting logs of successful queries. Below find the
config details:
BIND 9.16.13 (Stable Release
nsfer them from server to server using the
OVH API. This is great for database resiliency/failover, etc.
-Jim P.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this sof
.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
5 GMT 92.204.191.45#2927 (sl): query: sl IN ANY +E(0)
> 13-Apr-2021 07:04:33.993 GMT 92.204.191.45#2927 (sl): query: sl IN ANY +E(0)
> 13-Apr-2021 07:04:34.047 GMT 92.204.191.45#2927 (sl): query: sl IN ANY +E(0)
___
Please visit https://lists.isc
. We have DNS servers at our site
running BIND that allow recursion, but I’ve been requested to set up some
additional DNS servers for another project that is expected to *only* access
the data that we’re authoritative for. And of course …. there’s a chance that
it might need to look up one
Interesting observation. I just did lookups on 4 recent (< 24 hrs ago)
'sl/ANY/IN' queries logged by our BIND and got:
2 Comcast cable IPs (hsd1.tx.comcast.net and hsd1.ma.comcast.net)
1 OVH Hosting IP (Montreal)
1 Afranet IP (Tehran!)
The whois info for the OVH IP contains the line:
Comm
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-use
On Wednesday, 14 April 2021 15:00:38 CDT Bob Harold wrote:
> Does anyone have an automated KSK roll process, that checks for the DS
> record at the parent, that they can share?
>
> As far as I can tell, the automated signing in BIND will roll the KSK if I
> set the timing in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2021-04-14 at 12:58 -0400, Paul Kosinski via bind-users wrote:
> Interesting, although we host different domains, in and from different
> geographic areas, we got the same queries as yours on the same day,
> with some at about the
LXRlbi1zZy5jb20ACgkQL6j7milTFsFhLACgicNwiEmrZonfJpM70v1NfHL1BVQA
n2VuDBTqHCPKtGhZlRpMHPkUkN0H
=kr0W
-END PGP SIGNATURE-
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development
On Fri, 2021-04-09 at 19:05 +, John W. Blue via bind-users wrote:
> So the issue here is that the DS record that sit in .ch has an ID of 22048
> but the domainmail.ch servers are telling the world that the correct ID is
> 17870.
>
> Thus the DNSSEC breakage.
Of
801 - 900 of 1728 matches
Mail list logo