Re: Rear View RPZ: PTR records from local knowledge

2021-12-02 Thread Grant Taylor via bind-users
On 12/2/21 9:59 AM, Fred Morris wrote: Hello, Rear View RPZ (https://github.com/m3047/rear_view_rpz) is now generally available: turn your local BIND resolver into a network investigation enabler with locally generated PTR records. Would you please elaborate on what Rear View RPZ does

Re: Rear View RPZ: PTR records from local knowledge

2021-12-02 Thread Greg Rivers via bind-users
On Thursday, 2 December 2021 10:59:17 CST Fred Morris wrote: > And I have one small favor to ask: if you know of a Linux distribution > which ships BIND compiled with Dnstap support, please let me know! > The Linux packages that ISC provide[1] all have dnstap enabled. Also, the FreeBSD

Re: A good name for development branch releases package

2021-12-01 Thread Ron Hall via bind-users
bind9- if were voting Ron Hall Senior System Administrator IT Services - NCS Core Infrastructure & Applications 514 398 3718 From: bind-users on behalf of Petr Menšík Sent: Wednesday, December 1, 2021 8:43:55 AM To: Ondřej Surý Cc: bind-users@lists.isc

Re: A good name for development branch releases package

2021-12-01 Thread G.W. Haywood via bind-users
fusion. -- 73, Ged. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users

Re: A good name for development branch releases package

2021-11-30 Thread Xavier Humbert via bind-users
Hi Petr, Le 11/30/21 16:09, Petr Menšík a écrit : Is there any distribution offering already two releases at the same time? Would you have some idea, how should it be called? Do you like "bind9-dev" base name? For example, FreeBSD provides 3 bind releases : - dns/bind-devel - d

Re: Recommendations for replacing a master server without breaking DNSSEC

2021-11-26 Thread Ralph Seichter via bind-users
nc" between Alpha and Beta whenever I made a change. In any case, I guess all is well that ends well. ;-) -Ralph ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this so

Recommendations for replacing a master server without breaking DNSSEC

2021-11-23 Thread Ralph Seichter via bind-users
to be doing something wrong re DNSSEC. I'd appreciate you sharing any experiences and recommendations you may have in this matter. Thanks! -Ralph ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds

RHEL, Centos, Fedora rpm 9.16.23

2021-11-19 Thread Carl Byington via bind-users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies

Re: DNSSEC implementation on IPv6 PTR Zones

2021-11-18 Thread Grant Taylor via bind-users
RoI for higher counts. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software

Re: host your subdomain on your own ?

2021-11-13 Thread Grant Taylor via bind-users
t. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions.

Re: host your subdomain on your own ?

2021-11-13 Thread Grant Taylor via bind-users
t globally routed, firewalled, etc. If this is not a fair expansion, please enlighten me. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to un

Re: host your subdomain on your own ?

2021-11-13 Thread Grant Taylor via bind-users
On 11/13/21 12:59 AM, Reindl Harald wrote: i doubt that any ISP out there would delegate to a private address and when your bind is asked over it's public IP a view won't work ISP's willingness to do something is a policy decision and that's completely different than their capability to do

Re: host your subdomain on your own ?

2021-11-13 Thread lejeczek via bind-users
On 13/11/2021 07:16, Erich Eckner wrote: On Sat, 13 Nov 2021, Reindl Harald wrote: > Am 12.11.21 um 18:55 schrieb lejeczek via bind-users: >> On 12/11/2021 17:14, Reindl Harald wrote: >>> wouldn't it be easier to setup two different subdomains in which case you don't need

Re: host your subdomain on your own ?

2021-11-12 Thread lejeczek via bind-users
On 12/11/2021 17:14, Reindl Harald wrote: Am 12.11.21 um 17:48 schrieb lejeczek via bind-users: Hi guys. I'm looking to setup my subdomin in-house and I'm hoping for some wise advises from experts, it's my first foray into this thus go easy on me please. zone.top - is hosted

host your subdomain on your own ?

2021-11-12 Thread lejeczek via bind-users
Hi guys. I'm looking to setup my subdomin in-house and I'm hoping for some wise advises from experts, it's my first foray into this thus go easy on me please. zone.top - is hosted by a public registrar priv.zone.top - I want to delegate to my own bind I'd hope for some generic recipe

Master-Slave with IPv6 only?

2021-11-07 Thread Walter H. via bind-users
on slave; Thanks, Walter smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions

A record for @?

2021-11-05 Thread @lbutlr via bind-users
) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users

Re: named service suddenly fails to start

2021-11-04 Thread Grant Taylor via bind-users
On 11/4/21 1:27 PM, Bruce Johnson via bind-users wrote: named-checkconf -z revealed a name had been entered with underscores. The person responsible has been sacked. (not really, merely reminded no underscores are allowed in A records :-) You might want to apologize to them. Underscores

Re: named service suddenly fails to start

2021-11-04 Thread Bruce Johnson via bind-users
titutions do not have opinions, merely customs ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/conta

Re: named service suddenly fails to start

2021-11-04 Thread Bruce Johnson via bind-users
re allowed in A records :-) Does named-checkzone not check for this? -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs ___ Please visit https://lists.isc.org

named service suddenly fails to start

2021-11-04 Thread Bruce Johnson via bind-users
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users

9.16.22 - rndc reload not sending to secondaries.

2021-11-03 Thread Speagle, Andy via bind-users
Hi Team, I'm not a bind expert... we're upgrading from 9.11 to 9.16 as we migrate to new servers... and for some reason we can't get zone transfers working from the primary to secondary. We have this directive in our options for named.conf allow-transfer { secondaries; }; and of course

RHEL, Centos, Fedora rpm 9.16.22

2021-10-28 Thread Carl Byington via bind-users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies

RE: Query on issue#2389 BIND 9.16.10

2021-10-26 Thread Rajnish Kamboj via bind-users
Hi Ondřej We have gone thru the issue " https://gitlab.isc.org/isc-projects/bind9/-/issues/2389; and could not find the scenario which causes this issue. Before upgrading to latest BIND, we want to reproduce the issue in our labs. In the issue it is mentioned that "The s

Re: CNAME for google sites

2021-10-25 Thread Xavier Humbert via bind-users
signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind

Re: consolidating Reverse Zones

2021-10-21 Thread Grant Taylor via bind-users
ct something like the following: 151.10 3600 IN PTR blue.stop. Perhaps there is a BIND zone file optimization that I'm not taking into account. I guess bind can not consolidate like this and we have to put up with a million /24 zone files ? Maybe it's just me, but I feel like 32 is

RE: Query on issue#2389 BIND 9.16.10

2021-10-18 Thread Rajnish Kamboj via bind-users
the quick resolution as soon as possible. Continuing on mail thread “bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>” we have asked for more info on top of your response. We shall be more than happy if you look into the last thread and share more info on the scenario. Regards R

RE: Query on issue#2389 BIND 9.16.10

2021-10-18 Thread Rajnish Kamboj via bind-users
Thanks Ondrej for your quick reply, Upgrading to latest release will fix the issue. Can you also help us with scenarios as to why this issue is occurring? May be this will help us in quick workaround (if possible) till the time we plan for latest BIND. Regards Rajnish Kamboj -Original

Query on issue#2389 BIND 9.16.10

2021-10-18 Thread Rajnish Kamboj via bind-users
Hi Team, Currently we are using Bind version 9.16.10, My Query I recently found that there is an issue with the 9.16.10 version. "Issue#2389 BIND 9.16.10: critical: xfrout.c:1643: INSIST(xfr->sends == 0) failed". Can anyone please help me to understand the scenario when this issue

RE: Query regarding tmp-xxxx files in ../named/zones

2021-10-03 Thread Rajnish Kamboj via bind-users
(improper shutdown etc.) then does Named uses these tmp- files to correct its database after restart? Regards Rajnish Kamboj -Original Message----- From: bind-users On Behalf Of Rajnish Kamboj via bind-users Sent: Wednesday, September 29, 2021 9:30 AM To: bind-users@lists.isc.org Subject:

Re: force nameserver(bind) information exchanges with clients via tcp only

2021-09-30 Thread Carl Byington via bind-users
nfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: libisc-9.16.15-Debian.so: undefined symbol: uv_udp_connect

2021-09-30 Thread Maihöfer via bind-users
gt;> Can you try command: >> >> LD_DEBUG=files host --help >> >> It should list libuv.so.1 in the process, therefore this error cannot happen. >> >> Regards, >> Petr >> >> On 9/29/21 23:30, Maihöfer via bind-users wrote: >>> Hi, &g

libisc-9.16.15-Debian.so: undefined symbol: uv_udp_connect

2021-09-29 Thread Maihöfer via bind-users
Hi, for whatever reason my bind, or anything related to that library, is not starting anymore error is: phil...@sources.list.d$ dig dig: symbol lookup error: /usr/lib/x86_64-linux-gnu/libisc-9.16.15-Debian.so: undefined symbol: uv_udp_connect phil...@sources.list.d$ Having the same error

Re: Freezing a Zone vs. Stopping the DNS Server

2021-09-29 Thread FUSTE Emmanuel via bind-users
Le 29/09/2021 à 13:41, Frank Kyosho Fallon a écrit : > Hi, > > Occasionally I need to add hosts manually to forward/reverse lookup > zones in BIND 9.16. We also have ISC DHCP. Both are on a Mac Mini > using MacPorts to install. > > Since dynamic updates are continually in p

RE: Query regarding tmp-xxxx files in ../named/zones

2021-09-28 Thread Rajnish Kamboj via bind-users
ome errors (improper shutdown etc.) then does Named uses these tmp- files to correct its database after restart? Regards Rajnish Kamboj -Original Message- From: Mark Andrews Sent: Thursday, September 16, 2021 11:53 AM To: Rajnish Kamboj Cc: bind-users@lists.isc.org Subject: Re: Query

Re: CNAME query

2021-09-23 Thread Havard Eidnes via bind-users
> Don't know if that helps, but if I query my local Bind DNS for a CNAME, > that doesn't exists, dig gives me the SOA record: > >> dig cname nonexisting.example.com @mydns > > ; <<>> DiG 9.16.6 <<>> cname nonexisting.example.com @mydns > ;; glob

Re: CNAME query

2021-09-23 Thread Danilo Godec via bind-users
Don't know if that helps, but if I query my local Bind DNS for a CNAME, that doesn't exists, dig gives me the SOA record: > dig cname nonexisting.example.com @mydns ; <<>> DiG 9.16.6 <<>> cname nonexisting.example.com @mydns ;; global options: +cmd ;; Got answer: ;;

Problem resolving

2021-09-16 Thread Danilo Godec via bind-users
. Digging a bit deeper I found out that these queries cause BIND to log errors: named[12737]: DNS format error from 185.100.2.22#53 resolving ftp.rs.verisigndns.com/ for 127.0.0.1#39521: Name rs.verisigndns.com (SOA) not subdomain of zone ftp.rs.verisigndns.com -- invalid response named[12737

Query regarding tmp-xxxx files in ../named/zones

2021-09-15 Thread Rajnish Kamboj via bind-users
Hello All, We have a query with the tmp-<> file generation in ../named/zones in BIND 9 Over a period of time the tmp files grows and disk usage was full. What is the purpose of these tmp files and when are these generated.?? This will help us to take our internal decision on handling (dele

Re: Reloading new certs for DNS over HTTPS

2021-09-09 Thread Grant Taylor via bind-users
On 9/9/21 10:29 AM, Ondřej Surý wrote: I think the rndc reconfig should pick the new cert/key, but I am not sure if we have actually implemented this. Drive by comment: Should BIND /need/ to take any action for a /reconfig/ if it's configuration hasn't change? -- To me the configuration

Reloading new certs for DNS over HTTPS

2021-09-09 Thread Eric Germann via bind-users
Twitter: @ekgermann Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712 GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

Re: BIND 9.16.19 or any version newer than 9.16.15 does not start on Windows Server 2019

2021-09-08 Thread G.W. Haywood via bind-users
Hi there, On Wed, 8 Sep 2021, Sami Leino wrote: I will return to this problem with 8 vCPU count. You wrote earlier that there could be a way to have BIND run a specific number of vCPU cores? Have you tried searching something like "windows processor affinity"? -

bind extended dns error

2021-09-07 Thread Sachchidanand Upadhyay via bind-users
Hi, What version of bind is supporting "extended dns error (EDE)"? Do i have to do any configuration changes to enable EDE? Currently I am running BIND 9.16.18 as recursive server. BR, Sachchidanand ___ Please visit https://lis

Re: SMIMEA syntax question

2021-09-04 Thread raf via bind-users
On Fri, Sep 03, 2021 at 08:58:49PM +1000, Mark Andrews wrote: > yes Thanks. > > On 3 Sep 2021, at 20:41, raf via bind-users > > wrote: > > > > Hi, > > > > Sorry, but I'm having trouble finding zonefile syntax > > documentation. > > >

SMIMEA syntax question

2021-09-03 Thread raf via bind-users
many hex lines...] be412474f2c5f04d193124990ef9b15490883604e4aa9adb ) Thanks. cheers, raf ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support

Re: KSK signing zone records

2021-09-02 Thread Timothy A. Holtzen via bind-users
Okay, so if I'm interpreting this correctly.  When the new alg 14 KSKs were created and then the zone was signed (either automatically or via a command) there was probably only a valid alg 8 ZSK available.  As a result bind used the alg 14 KSK as a defacto CSK and singed the zone RRSets directly

Re: KSK signing zone records

2021-09-01 Thread raf via bind-users
at the signatures are good. > > Mark Thanks again! cheers, raf ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for mo

Re: KSK signing zone records

2021-09-01 Thread raf via bind-users
On Wed, Sep 01, 2021 at 03:04:56PM +0100, Tony Finch wrote: > raf via bind-users wrote: > > On Mon, Aug 30, 2021 at 10:13:05AM -0700, Chris Buxton > > wrote: > > > > > What algorithm(s) are you using for ZSK and KSK? If they’re not the > > > same al

Re: KSK signing zone records

2021-08-31 Thread raf via bind-users
pdate-check-ksk and the keys sub-clause of > dnssec-policy. Thanks. cheers, raf ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support sub

Re: KSK signing zone records

2021-08-31 Thread Timothy A. Holtzen via bind-users
r Nebraska Wesleyan University Public PGP ECC Curve 25519 Key: 11A2 3FDB AD70 12CA D77D C7DD DFFB 7662 24E6 C30D Old Public PGP RSA key: CFB4 3AE8 B726 DEBF 00D9 CCFC 426E 76AF DABC B3D7 On 8/30/21 17:40, raf via bind-users wrote: > On Mon, Aug 30, 2021 at 10:13:05AM -0700, Chris Bux

Re: KSK signing zone records

2021-08-30 Thread raf via bind-users
ng the KSK sign the ZSK enough? What difference does the nature of the thing being signed make? cheers, raf ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software wi

KSK signing zone records

2021-08-30 Thread Timothy A. Holtzen via bind-users
rather than the records directly? I'm running bind 9.16.16.  -- Timothy A. Holtzen Campus Network Administrator Nebraska Wesleyan University Public PGP ECC Curve 25519 Key: 11A2 3FDB AD70 12CA D77D C7DD DFFB 7662 24E6 C30D Old Public PGP RSA key: CFB4 3AE8 B726 DEBF 00D9 CCFC 426E 76AF DABC

Re: Logging statements w.r.t. view in Bind 9.16.18

2021-08-24 Thread G.W. Haywood via bind-users
; allow-query { none; } ; recursion no; }; You have recursion turned off for PUBLIC. As I understand it, the conventional wisdom is not to run recursive and non-recursive services on the same BIND instance. Would it make sense then, in your case, to run two separate instances of BIND? Separating

Re: unresolvable pms.psc.gov, but google/cloudflare/unbound work

2021-08-22 Thread John W. Blue via bind-users
out ID 180. Recommend the pms.psc.gov admins give the psc.gov admins the correct hash. Sent from Nine<http://www.9folders.com/> From: Roger Hammerstein Sent: Sunday, August 22, 2021 9:45 AM To: bind-users@lists.isc.org Subject: unresolvable pms.psc.gov, but

Re: tsig question (and documentation bug)

2021-08-20 Thread raf via bind-users
On Fri, Aug 20, 2021 at 09:46:46PM +1000, raf via bind-users wrote: > On Fri, Aug 20, 2021 at 09:33:01PM +1000, raf via bind-users > wrote: > > > Hi, > > > > I want to use TSIG for zone transfers, > > only allowing zone transfers to > > particular IP

Re: tsig question

2021-08-20 Thread raf via bind-users
On Fri, Aug 20, 2021 at 09:33:01PM +1000, raf via bind-users wrote: > Hi, > > I want to use TSIG for zone transfers, > only allowing zone transfers to > particular IP addresses if they > possess the TSIG shared secret. > > The documentation at: > > https://

tsig question

2021-08-20 Thread raf via bind-users
rg/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: [Question] About migration for 9.11.X to 9.16.X.

2021-08-19 Thread G.W. Haywood via bind-users
Hi there, On Thu, 19 Aug 2021, Techs-yama wrote: I'm thinking about BIND Version migration for 9.11.X to 9.16.X. Also, I'm about to check the different default config value and config parameters for the purpose of that now. I would like to ask you all. Are there any other points of observe

RHEL, Centos, Fedora rpm 9.16.20

2021-08-18 Thread Carl Byington via bind-users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies

Re: debian11 + bind-9.16.15 + dnssec-policy = lost zonefiles + crashes

2021-08-16 Thread raf via bind-users
On Mon, Aug 16, 2021 at 10:32:35AM +0200, Matthijs Mekking wrote: > Hi, > > On 16-08-2021 04:28, raf via bind-users wrote: > > On Sun, Aug 15, 2021 at 10:35:27PM +1000, raf wrote: > ... > > > > So it's looking good and I'm happy now. But how long > >

Re: debian11 + bind-9.16.15 + dnssec-policy = lost zonefiles + crashes

2021-08-15 Thread raf via bind-users
On Sun, Aug 15, 2021 at 10:35:27PM +1000, raf wrote: > But the real problem is that bind crashed, and dumped > core, and couldn't start at all. There were a hectic > few minutes there. :-) I deleted the coredump and the > key files, and the .jnl files, restored backup > zon

Re: Tracking Down Odd bind Behavior

2021-08-15 Thread Tim Daneliuk via bind-users
On 8/15/21 9:07 AM, G.W. Haywood via bind-users wrote: > Hi there, > > On Sun, 15 Aug 2021, Tim Daneliuk wrote: > >> I have a bind slave instance running on FreeBSD 13-STABLE.  Periodically >> (after >> a few days of perfect operation), it loses its ability to

Re: Tracking Down Odd bind Behavior

2021-08-15 Thread G.W. Haywood via bind-users
Hi there, On Sun, 15 Aug 2021, Tim Daneliuk wrote: I have a bind slave instance running on FreeBSD 13-STABLE. Periodically (after a few days of perfect operation), it loses its ability to resolve at least some names - in this case, git.freebsd.org. ... ... Aug 14 17:07:03 ozzie named[32292

debian11 + bind-9.16.15 + dnssec-policy = lost zonefiles + crashes

2021-08-15 Thread raf via bind-users
Hi, I've just upgraded my bind9 server to debian-11 which has bind-9.16.15. I've been looking forward to this. I had my local dnssec-policy ("annual") all ready to go. But it didn't go well at all. For the first few seconds, I thought it was great. I uncommented my new config to ena

Tracking Down Odd bind Behavior

2021-08-14 Thread Tim Daneliuk via bind-users
I have a bind slave instance running on FreeBSD 13-STABLE. Periodically (after a few days of perfect operation), it loses its ability to resolve at least some names - in this case, git.freebsd.org. When I look at the logs, I see this: ==> /var/log/named/query-errors <== 14-Aug-2021

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-11 Thread raf via bind-users
On Wed, Aug 11, 2021 at 12:14:38PM -0500, Tim Daneliuk via bind-users wrote: > On 8/10/21 11:27 PM, raf via bind-users wrote: > > Does that help at all? > > Very much thank you. I have now discovered my DNS key and corresponding DS > record. I believe the DS record is what

Re: Debug Approach Help?

2021-08-11 Thread Tim Daneliuk via bind-users
On 8/11/21 12:49 PM, Richard T.A. Neal wrote: > There's a very good article on the ISC website which discusses BIND logging: > https://kb.isc.org/docs/aa-01526 > > I recommend reading and implementing the logging as per their suggestion > (backup or make a note of your

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-11 Thread Tim Daneliuk via bind-users
On 8/10/21 11:27 PM, raf via bind-users wrote: > Does that help at all? Very much thank you. I have now discovered my DNS key and corresponding DS record. I believe the DS record is what I have to provide my registrar as I underst

Re: DKIM setup

2021-08-11 Thread Vinícius Ferrão via bind-users
I understood the .ve question. On 11 Aug 2021, at 13:56, Vinícius Ferrão via bind-users mailto:bind-users@lists.isc.org>> wrote: Hello. Ve is Venezuela. It’s a country. Alice is the selector name, you can have whatever you want. https://dmarcly.com/blog/what-is-dkim-selector-and-how

Re: DKIM setup

2021-08-11 Thread Vinícius Ferrão via bind-users
, at 13:47, Bruce Johnson via bind-users wrote: I’m trying to set up DNS records for DKIM in our system; we have a hybrid O365/On-Prem Exchange server and separate Mailman list server, all of which send email from our domain (and are in the spf list in DNS.) I’m a little unclear on the syntax

DKIM setup

2021-08-11 Thread Bruce Johnson via bind-users
of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software

Debug Approach Help?

2021-08-11 Thread Tim Daneliuk via bind-users
I am running bind 9.16.19 on two FreeBSD 13-STABLE instances. The master is on a Digital Ocean droplet and works fine. The slave is hosted on physical machine here in our offices. This has always worked flawlessly until recently. Periodically, the slave refuses to resolve names like

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-11 Thread raf via bind-users
. Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-10 Thread raf via bind-users
On Tue, Aug 10, 2021 at 09:19:33PM -0500, Tim Daneliuk via bind-users wrote: > On 8/10/21 7:32 PM, raf via bind-users wrote: > > To get the DS record information to convey to the > > registrar, after starting to use the default policy. > > look for the CDS record (the ch

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-10 Thread Tim Daneliuk via bind-users
On 8/10/21 7:32 PM, raf via bind-users wrote: > To get the DS record information to convey to the > registrar, after starting to use the default policy. > look for the CDS record (the child version of the DS > record) with dig: > > dig CDS EXAMPLE.ORG > > For the def

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-10 Thread raf via bind-users
On Tue, Aug 10, 2021 at 11:24:31AM -0500, Tim Daneliuk via bind-users wrote: > On 8/10/21 10:07 AM, Matthijs Mekking wrote: > >> So just to be sure I'm doing the right thing, I've added this to my > >> options stanza: > >> > >>  dnssec-policy &q

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-10 Thread raf via bind-users
On Tue, Aug 10, 2021 at 08:51:04AM -0500, Tim Daneliuk via bind-users wrote: > On 8/10/21 7:51 AM, Matthijs Mekking wrote: > > Hi Klaus, > > > > On 10-08-2021 13:38, Klaus Darilion wrote: > >> Hi Matthijs! > >> > >>> We would like to encourage

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-10 Thread Tim Daneliuk via bind-users
tp://www.tundraware.com/PGP/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/cont

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-10 Thread Tim Daneliuk via bind-users
;>> >>> https://kb.isc.org/docs/dnssec-key-and-signing-policy >> >> Some comments to this KB article and dnssec-policy: >> >> - The article should mention how to retrieve the DS record from >> Bind. So just to be sure I'm doing the right thing, I've added

AW: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-10 Thread Klaus Darilion via bind-users
and-signing-policy > > > > Some comments to this KB article and dnssec-policy: > > > > - The article should mention how to retrieve the DS record from > > Bind. > > I am not sure what you are asking. Do you mean how to convert the DS > from the DNSKEY record

AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-10 Thread Klaus Darilion via bind-users
mention how to retrieve the DS record from Bind. - How does Bind handle duplicate keyids when generating new keys? Will Bind ensure that there will not be any duplicate key ideas or will it just use the duplicate keys? In the latter case the " rndc dnssec -checkds -key 12345 ..." commands wi

Re: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-10 Thread FUSTE Emmanuel via bind-users
Le 10/08/2021 à 12:34, Matthijs Mekking a écrit : > Hi Emannuel, > > Thanks for your response. > > On 10-08-2021 11:28, FUSTE Emmanuel via bind-users wrote: >> Le 10/08/2021 à 10:02, Matthijs Mekking a écrit : >>> Hi users, >>> >>> We ar

Re: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-10 Thread FUSTE Emmanuel via bind-users
Le 10/08/2021 à 10:02, Matthijs Mekking a écrit : > Hi users, > > We are planning to deprecate the options 'auto-dnssec' and > 'inline-signing' in BIND 9.18. The reason for this is because > 'dnssec-policy' is the preferred way of maintaining your DNSSEC zone. > > Deprecati

AW: Does BIND supports ANAME RR

2021-08-09 Thread Klaus Darilion via bind-users
Do you think that we can get rid of CNAME too? regards Klaus > -Ursprüngliche Nachricht- > Von: Ondřej Surý > Gesendet: Montag, 9. August 2021 19:19 > An: Klaus Darilion > Cc: Mark Andrews ; bind-users@lists.isc.org > Betreff: Re: Does BIND supports ANAME RR &g

Re: Add DNS records automatically for static IP's

2021-08-09 Thread tale via bind-users
On Mon, Aug 9, 2021 at 8:46 AM Roberto Carna wrote: > Thanks to all of you, is it possible to use nslookup in order to > update DNS records from Linux hosts to a Windows DNS server (not BIND) Not nslookup, but nsupdate as Brian Cuttler said. nslookup is purely a query tool; nsupdate impl

AW: Does BIND supports ANAME RR

2021-08-09 Thread Klaus Darilion via bind-users
Does every application that uses gethostbyname have a benefit of HTTPS/SVCB? That is what I meant. regards Klaus > -Ursprüngliche Nachricht- > Von: Mark Andrews > Gesendet: Montag, 9. August 2021 15:55 > An: Klaus Darilion > Cc: Evan Hunt ; Gaurav Kansal ; bind- > u

AW: Does BIND supports ANAME RR

2021-08-09 Thread Klaus Darilion via bind-users
> On 09.08.21 13:55, Klaus Darilion via bind-users wrote: > >But honestly SVCB will not solve the ANAME problem. I will take years > > until all resolvers/client would support SVCB whereas ANAME would be > > implemented in the authoritative name server > > resolving on

AW: Does BIND supports ANAME RR

2021-08-09 Thread Klaus Darilion via bind-users
> -Ursprüngliche Nachricht- > Von: bind-users Im Auftrag von Evan > Hunt > Gesendet: Samstag, 7. August 2021 20:21 > An: Gaurav Kansal > Cc: bind-users@lists.isc.org > Betreff: Re: Does BIND supports ANAME RR > > On Sat, Aug 07, 2021 at 11:05:51PM +0530, Gaur

Re: DNSSEC questions

2021-08-09 Thread raf via bind-users
Hi Matthijs, On Mon, Aug 09, 2021 at 11:11:48AM +0200, Matthijs Mekking wrote: > Hi raf, > > On 09-08-2021 10:08, raf via bind-users wrote: > > Hi, > > > > I've got a bunch of DNSSEC questions. > > Any advice would be appreciated. > > > > The

DNSSEC questions

2021-08-09 Thread raf via bind-users
Hi, I've got a bunch of DNSSEC questions. Any advice would be appreciated. The context is a little VM with six little zones, soon to be upgraded to debian-11 and bind-9.16.15. I haven't signed my zones before but now is the time. I'm going to rotate KSKs annually because it's finally so easy

Re: Re: Multisite deployment issue

2021-08-08 Thread Daniel A. Rodriguez via bind-users
Armando Rodriguez via bind-users < bind-users@lists.isc.org> wrote: Was wondering If would be possible to setup a forwarding scheme just for some subdomains, I emphasize the fact that master is publicly accesible and current need is to locally resolv a bunch of subdomains of the same zone. I

dnssec-guide erratum

2021-08-06 Thread raf via bind-users
ut no salt-length 16; }; There should be an integer after "iterations". Based on the following text, the number of iterations should be 10. Should I submit a merge request, or can someone just fix it? cheers, raf ___ Please visit https://lists

Re: Different DNSSEC behaviour between two old versions

2021-08-05 Thread raf via bind-users
server that's doing its own resolving. Apologies for the noise. cheers, raf On Fri, Aug 06, 2021 at 11:56:06AM +1000, raf wrote: > Hi, > > Firstly, I'd like to thank everyone involved with making bind. > I'm used to using old versions (9.10.3 on an old ubuntu host) > and (9.11

Different DNSSEC behaviour between two old versions

2021-08-05 Thread raf via bind-users
Hi, Firstly, I'd like to thank everyone involved with making bind. I'm used to using old versions (9.10.3 on an old ubuntu host) and (9.11.5 on debian-10 stable). And just as I'm about to start using DNSSEC for my domains, debian-11 stable is about to come out in a few days with bind-9.16.15

RE: Add DNS records automatically for static IP's

2021-08-05 Thread Cuttler, Brian R (HEALTH) via bind-users
wiki article if you'd like to see it. Brian -Original Message- From: bind-users On Behalf Of Roberto Carna Sent: Thursday, August 5, 2021 12:19 PM To: ML BIND Users Subject: Add DNS records automatically for static IP's ATTENTION: This email came from an external source. Do not open

Re: Add DNS records automatically for static IP's

2021-08-05 Thread tale via bind-users
On Thu, Aug 5, 2021 at 12:19 PM Roberto Carna wrote: > I have several hosts with static IP's / hostnames and I want to > register them to our private BIND DNS, and they should be updated if > the IP or hostname changes. > > Is there any way to do what I need ? Any Linux

Re: Multisite deployment issue

2021-08-02 Thread Daniel Armando Rodriguez via bind-users
NS ns2.dominio.edu.ar. ;; ADDITIONAL SECTION: ns1.dominio.edu.ar. 3600IN A XXX.XXX.XXX.XXX ns2.dominio.edu.ar. 3600IN A XXX.XXX.XXX.XXY ;; Query time: 33 msec ;; SERVER: XXX.XXX.XXX.XXX#53(XXX.XXX.XXX.XXX) ;; WHEN: lun ago 02 17:36:42 -03 2021 ;; MSG SIZE

Re: Multisite deployment issue

2021-08-02 Thread Daniel Armando Rodriguez via bind-users
ppreciated. ___ Daniel A. Rodriguez Informática, Conectividad y Sistemas Universidad Nacional del Alto Uruguay San Vicente - Misiones - Argentina www.unau.edu.ar ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: should I be seeing piles of gnuism extensions in the test suite?

2021-07-31 Thread Dennis Clarke via bind-users
_ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org htt

should I be seeing piles of gnuism extensions in the test suite?

2021-07-30 Thread Dennis Clarke via bind-users
spoken GreyBeard and suspenders optional ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact

  1   2   3   4   5   6   7   8   9   10   >