RHEL, Centos, Rocky, Fedora rpm 9.18.26
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZiAhLBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsH/TwCfRECCzSbMwWY4o32rzDT1X3b8kxMA nj9AgWAaoXYHW7AtfK7Ii57mrHkp =iSyg -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.18.25
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZf3WuxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHr2gCfYw4U1U1itN4N0USVhyfg1325YjMA nRpCW3TjF6RFMPWZgReI3QC9W2pt =LxDT -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.18.24
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZcuVihUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEkLwCdF0KogNOgy3cYPjPU7uV7nlC8TfQA n0bzi9A+vDq3rmi69k4zLi2QVSaG =OPRR -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
HEL, Centos, Rocky, Fedora rpm 9.18.21
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. This is my first 9.18 build. It seems to work for me. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZYeF+hUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsH6IgCfZ2X6pE9f2WGwqqIzcUMpXl0QnI8A nj/2N6vWXFKB5/rPuc6jb4E7rZIP =2pik -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.44
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZQsqkxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsF7uwCfYDqYBEqkKXSJNn+fOSWskg/+mtsA n0MmFNixc8j7pJChAItigVdQeouV =nb+i -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.42
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZJSPPxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHAogCbBb0MD0Tud7fZOkCCI87dDJhQRmQA n0s5fehk7/+Ab+NaVbSyTAs5Jg4Q =rblI -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.41
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZGT0FxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEktwCdEham4g5wCclROhytQwZUUMMcr4YA niY/4lQ8KjD0ZzWLeK3ZBS1UyM0p =ijRn -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.40
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZEHCuxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHkpwCfYSw+dDbpRtPjGLWttQV9f/q2vrgA oIpFLi3ouqws8qzO4L2wFySmg3Au =jn/E -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.38
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCY+0crBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsF67wCdHaasF+8opViaBwD1Rdeqe7OlbQgA njngltXenB/3cPlIii4C0mKaqJt8 =vL/d -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.37
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCY9Fm1hUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFozgCfb5FJRMhwKC0gnpa3T5l3ZUiunn4A nisHLUwfoJtp+xdgxSzVfm7OmXA8 =Ys4u -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.35
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCY3UAQRUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFO4ACfVz0vqb1HinaYn9utWWqzPpoM4uUA n32fCM2xymQZG8dTjuG2P48LHmI/ =Djxd -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse lookups not working when Internet connection failed.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, 2022-11-06 at 14:39 +0100, Matus UHLAR - fantomas wrote: > alternatively they can choose to 0/28.66.136.193.in-addr.arpa. or > 0-15.66.136.193.in-addr.arpa. > instead of 0-28.66.136.193.in-addr.arpa. or use $clientname.66.136.193.in-addr.arpa. as the intermediate zone which has a slight advantage when the same client has multiple disjoint parts of the same /24. -BEGIN PGP SIGNATURE- iHIEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCY2f41xUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHBXgCTByqT09Rrz54p7OjWMqOEmj3fnwCe LPnNvD9XwOCDCK94G4ui+uAd8Vc= =mnp9 -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.33
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYyvoWxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFzSACeKcDrYYkIYw3WoAtJPpQ5ni8HZf8A n3Qo5b9ywnGAeTBBvABuaYd5EB3v =qdVy -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.31
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYtt+aBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFaSwCdEPyf1klXiqmgm2ojBvIfJf5xo2kA n1lweraji+gMMaM73huz0OtwqY9X =6YDE -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.30
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYrHgRhUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFRpgCfU9/j2Hfbvvox+3IP8LQjFEknnIoA n3Wv0nFe5HVnbyJRd9NehqZ/1Ytw =Ei2A -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.28
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYmR19RUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsGC0ACfcaWaBYoTv2D7uYlfz3e9ebwEHEQA n2z3BmoYKfBT5RzrFMfsaTnKOFty =XWZq -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can an RPZ record be used for a non-existed domain?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2022-03-24 at 16:13 -0600, Grant Taylor via bind-users wrote: > But there seems to be a disconnect. > I was talking about adding a domain that is outbound.example.com. and > put the A / records in that domain's apex. Thus you are only > overriding outbound.example.com and nothing else in the example.com > domain. Yes, the disconnect was my brain. I will try to plug that back in. > We must have different experiences and / or have used different MTAs. > I've routinely been able to address one offs do to lack of PTR via > /etc/hosts entries. How do you do that in /etc/hosts? Suppose the mail arrives from a.b.c.d, and they have some name outbound.example.com A a.b.c.d, but d.c.b.a.in- addr.arpa does not exist. For some users, for some (possibly all) senders, we require that d.c.b.a .in-addr.arpa has some PTR record where the corresponding A record resolves back to a.b.c.d. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYjzxpxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHPYgCeNHTOSOzTq78dKjx6/WUyfJ2w8+kA nAqRrCYz72YZrMxyH7OYcP6VCM3R =l8G6 -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can an RPZ record be used for a non-existed domain?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2022-03-24 at 12:16 -0600, Grant Taylor via bind-users wrote: > What advantage does RPZ have in this case over just hosting the > domain(s) locally? In general, the domain exists with a bunch of existing names - www, mail, etc. We just need to add one more (outbound) and tie it to the ip address of their outbound mail server. I don't want to take over their entire domain. Rather than updating /etc/hosts on a bunch of customer mail servers, their dns server just zone transfers the rpz zone using notify/ixfr. And many times, their error is in an incorrect or missing PTR record, so /etc/hosts does not help there. I have many other cases where we do take over the entire domain, like princetonprivacystudy.orgA 127.0.0.2 *.princetonprivacystudy.org A 127.0.0.2 which makes any host name like abc.princetonprivacystudy.org appear to be listed on Zen. But this is one rpz file to maintain, rather than adding a few hundred zones to the dns servers. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYjznjBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsE8PwCeJRLLeGhQE9E51mreW3Yuq2g0Ig0A n29Nl0oy3X0503WD3h9Udg1rEBoW =DwNb -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can an RPZ record be used for a non-existed domain?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2022-03-24 at 16:48 +0100, Benny Pedersen wrote: > > Is it possible to add records for non-existing domains to the RPZ? I think so. > what is the point ? Presumably to create those domains locally. Of course the rest of the world won't see them. For example, I have some clients using a sendmail milter, which for some users requires matching forward/reverse dns. And there are some senders that just cannot seem to get that right. So we add 1.0.0.127.in-addr.arpaPTR outbound.example.com. outbound.example.com A 127.0.0.1 to force matching forward/reverse dns. But that creates the name outbound.example.com locally, where that name does not exist in the global name space. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYjyVrRUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEu8ACfWgB0gXmrfZrsLrZ2+3b/K+PYgDkA n18rhjSH1nRnxXepbbttXLr03FZS =mTOI -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.24
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYbpI/RUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsH6jACfd9vy+ex9uo4AFwXor8udHbE6h/AA njcgw5yiMORKWkVH15W7c7wEFlX4 =jY6P -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.23
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYZhCGhUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHbYQCgid1Ciok51XJZH5iXU026RdyJ1A0A oIcdWGTIn2d32PvHhK0gFlHgF/tR =/jph -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.22
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYXroixUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFq3QCfX8vJV6bueied+o0bwoS3Lk40n8gA n3JeOfVuP5BGPdrOld/FEssC11s9 =5vzM -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: force nameserver(bind) information exchanges with clients via tcp only
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2021-09-30 at 16:30 -0700, Fred Morris wrote: > https://github.com/m3047/tcp_only_forwarder So what exactly are the media devices doing to screw up dns resolution between the osx laptop and the local dns server? -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYVZWKBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsF72ACeKnKQUwq352DRaLSohoHlYNaYi80A ni0Ezvujqf9nhjDAgAHWuZb6pdiD =HipY -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.20
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYR1U5hUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHJlwCfencOcQ8pivhwufl3V5F6afdxk7AA n0l2RJtAx5af4H1lTm+4lbFWLgvJ =uYyp -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.18
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYNJIrRUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHxJgCgiT4kA7jfLZ0IPF7qtgLKAjGXNDQA n06lFr9x466DnE+E003Skl+LlZO7 =uHhm -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.17
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYMqYhBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEYgACeJssST9z3XssglZ/g9sgb0f0ixYwA njPtvTLlYWMCjd0NQA3Ruk9Bnse6 =He28 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Any interest in a write-up showing how to configure BIND 9.17x with DoH and LetsEncrypt?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, 2021-05-30 at 15:24 +, Richard T.A. Neal wrote: > Is there any interest in me writing this up as a web article, or has > everyone who's interested in DoH already got it running comfortably in > their test environment? I am interested. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYLOyzxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFMfACfcs9Ovcyvw6sHjmwz1wHuf9gPXzgA oIo0M0HeOogH88oih5+8Edv7TVGI =BvAs -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.16
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYK0cMxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHgOACdHD/vT82dCiVETeHyb7oyxxZ9LxYA oIIUlyYU+9yuFtQKjNd0SKI1Ljej =Tugz -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Preventing a particular type of nameserver abuse
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2021-04-14 at 12:58 -0400, Paul Kosinski via bind-users wrote: > Interesting, although we host different domains, in and from different > geographic areas, we got the same queries as yours on the same day, > with some at about the same time (we're EDT). > 13-Apr-2021 02:19:58.468 security: info: client 76.20.145.58#3074 > (sl): query (cache) 'sl/ANY/IN' denied > 13-Apr-2021 02:19:58.638 security: info: client 76.20.145.58#3074 > (sl): query (cache) 'sl/ANY/IN' denied These times are PDT (-0700) Apr 12 23:18:13 ns named[5091]: client @0x7fda540105b8 76.20.145.58#3074 (sl): view normal: query (cache) 'sl/ANY/IN' denied Apr 12 23:18:13 ns named[5091]: client @0x7fda540105b8 76.20.145.58#3074 (sl): view normal: query (cache) 'sl/ANY/IN' denied Apr 12 23:19:15 ns named[5091]: client @0x7fda540105b8 76.20.145.58#3074 (sl): view normal: query (cache) 'sl/ANY/IN' denied So either 76.20.145.58, or someone forging that source ip, made queries to servers in (+), (-0400), and (-0700) at the same time. Malware running on 76.20.145.58 is one explanation. Would the REFUSED replies carry enough information from the original query to be used as a covert communication channel into something listening on 76.20.145.58? vpn over dns query-refused replies? That seems a bit far-fetched. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYHcqsRUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEvgACgh6muAlNI6qk99Rd9sLaSp29IESQA njJo7E3ajD0Yw/ja7VOStNhgkxDd =tlQQ -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: FW: Preventing a particular type of nameserver abuse
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2021-04-13 at 22:42 +, Richard T.A. Neal wrote: > Yes, another individual & I were discussing this off-list today. We > wonder if those queries are from malware on infected hosts that are > trying to determine whether a given nameserver can be used in a > distributed reflection attack? The source IP is not spoofed (because > it wants to get the answer), so if it gets either "refused" or a > timeout then it knows that nameserver can't be used in the reflection > attack. But if it gets a response with data then it knows it *can* be > used in the reflection attack. That makes sense, but in that case the malware is badly written (what a surprise). In 28 hours a single dns server here saw 1182 such queries from 80.2.150.110 = cpc99574-brnt1-2-0-cust621.4-2.cable.virginm.net. I am now using the equivalent of fail2ban to firewall those clients. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYHY0yhUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEkYwCfT3lTQO8NIdgSkMvAS03QmrnixiUA n0IYWwS3qImFMByQzfUbWhK1v850 =D55z -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Preventing a particular type of nameserver abuse
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2021-04-13 at 22:32 +0200, Julien Salort wrote: > Reading this thread, I considered simply enabling the fail2ban > named-refused jail, but they advise against it because it would end > up > blocking the victim rather than the attacker. In the particular case of the .sl denied queries, I don't think these are forged queries from the attack victim. Something else is going on here. We see queries from systems like these, almost exclusively consumer endpoints: 142-197-133-231.res.spectrum.com. mta-162-154-195-235.kya.rr.com. mobile-166-173-63-176.mycingular.net. prg03s05-in-f193.1e100.net. prg03s05-in-f1.1e100.net. pool-173-79-59-79.washdc.fios.verizon.net. 174-30-51-96.wrbg.centurylink.net. c-174-53-75-253.hsd1.va.comcast.net. 174-081-062-250.res.spectrum.com. cpe-174-106-58-62.ec.res.rr.com. 192.sub-174-214-12.myvzw.com. stop-looking-at-drifteds-ip.gov. 252.243.53.179.d.dyn.claro.net.do. ip184-186-26-40.no.no.cox.net. dsl-187-193-200-41-dyn.prod-infinitum.com.mx. dsl-189-178-58-206-dyn.prod-infinitum.com.mx. customer-189-216-112-75.cablevision.net.mx. 189.223.57.66.dsl.dyn.telnor.net. 212-149-157-12.rev.dnaip.fi. It seems unlikely that someone is trying to attack those specific endpoints. Unless the attack is *very* widely distributed and they are actually attacking the ISP infrastructure. But in that case, this seems to be a simultaneous attack on almost every major ISP, which I find unlikely. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYHYHGhUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsG2xwCeNRKi5df2TdmaWyJQJhGCraf1UIoA n0zp1wmsrlc9yeDc/wXJCy8xBToC =Ir5g -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: 9.16.13 overwrote master files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Issue #2623 opened at gitlab. It appears to be tied to attempts to use the old journal format: zone local/IN/normal: retried using old journal format -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYHM0bhUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFhLACgicNwiEmrZonfJpM70v1NfHL1BVQA n2VuDBTqHCPKtGhZlRpMHPkUkN0H =kr0W -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: 9.16.13 overwrote master files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2021-03-30 at 15:45 +1100, Mark Andrews wrote: > can you add a "#" in front of "dnssec-policy" in bin/named/config.c > and see how that goes for you. That will comment out the default > 'dnssec-policy "none";'. I have not been able to reproduce this in a disposable centos 8 VM, using the same /etc/named.conf and /var/named contents from the production server. If I cannot make that work, I will try reproducing the error on the production server tomorrow. Once I get a reproducible scenario, I will try your above patch. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYGOI7xUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHU1QCgi6yeu2Yls19f/406zWLIoqo3/QMA nA4PFkv1wnI089pW+VFch454UoLg =hTUy -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
9.16.12 tries to read keys that it does not need?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 dns_dnssec_findmatchingkeys: error reading key file Kfive-ten- sg.com.+008+39376.private: permission denied Those key files are 0600 root:root. Bind should never need to read them since we are not doing in-line signing or key rotation within bind. That is just a log message - it does not seem to have any operational impact. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYGIZYBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEBoQCcD5Ohlvnf9NnLKLX7VRZKelM62akA n03DV9O+59R6CBUMlQz/0qdeyj8p =yFia -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: 9.16.13 overwrote master files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2021-03-29 at 12:54 +1100, Mark Andrews wrote: > What do you have in options? options { directory "/var/named"; allow-recursion { "friends"; }; dnssec-enable yes; dnssec-validation auto; bindkeys-file "/etc/named.bind.keys"; managed-keys-directory "/var/named/dynamic"; listen-on-v6 {any;}; ixfr-from-differences yes; max-journal-size 2m; notify yes; response-policy { zone "rpz.five-ten-sg.com";} qname-wait-recurse no; rate-limit { responses-per-second 500; errors-per-second50; nxdomains-per-second 500; qps-scale4000; exempt-clients { "friends"; }; }; max-recursion-queries 200; qname-minimization disabled; fetches-per-server 50; fetches-per-zone 50; server-id hostname; }; This is on Centos 8. I will setup a VM tomorrow for more testing on this. For now, reverted back to 9.16.12. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYGFRRxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFm/wCbBpzr/W/QdtUMG0hhstYcI1wpsBcA nRdv220ju0R0IIEgbLzfbXs8CjHX =+zDb -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
9.16.13 overwrote master files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I just updated from 9.16.12 to 9.16.13. zone "naturediscovery.org" { type master; file "named.naturediscovery.org"; }; 9.16.13 has overwritten the master file with the current zone contents, replacing the $INCLUDE statements with the contents of the included files. Is there some new config item to prevent this? -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYF+vMBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHjeQCfRQ9MOrPma6hoUpYycgb3zbTSVhUA n3GNG6lyTPbYZ4W2w8EVPrL7Ltra =5yyq -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.12
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYC6iThUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEOPACeLKD93PvGTa9ojIpjKJlZrnZdnUgA n0u6PUCxG79+jdCf/R2r2KQF/MFV =Dua7 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX9uRhRUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFpFACcD0YoVAshJ4tYIyOsjw3F1pwfmfcA nj9HeeYhGiwSy83yvWaPnrnqKn0g =M9z3 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.9
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX8APLhUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEA5gCfSJPL0ftRp+JlrMN4ppqBjWuyRV0A n18rY/9MAnQikEpvgEcfj3tbiP/M =dx29 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. Thanks to Espen Stefansen for spec updates, this should work on EL8 systems with ipa-client. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX5NsARUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsGoVwCfaoGeu4CdeRDC54nUndo7Z2AYv9wA n0P5tcKNUlUZmWX5WuguWkX6iqjD =H3Kf -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX2ToIhUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFmPQCghTw5xsvqr08dX5zn1/OemSQTVx0A nRaFiXPCbgfvwoWvH4suYP46v3kK =4xwB -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Do not cache certain domains
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2020-09-10 at 15:35 +0100, Ben Lavender wrote: > Anyone think they may know the answer to this? With the cooperation of the "certain domains" master servers, just slave the zones. The masters should be configured to send you notify messages on zone changes, so you always have the current authoritative contents. Of course, if you are trying to avoid caching google.com, that won't work. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX1o/ehUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFijgCeP/0k4923K9ha21b8SfFardvTYJYA njg5U3NImciTSJEZn1eMzsgtNuAY =4J6o -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: RHEL, Centos, Fedora rpm 9.16.6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2020-08-20 at 12:20 -0700, PGNet Dev wrote: > Are they otherwise unrelated? Mine are intended as an in-place replacement/update from the bind versions in RHEL/Centos 7 and 8. The same file layout, etc. This is as close as I can come to a hypothetical RHEL release of bind 9.16. I believe the ISC versions install into a different path to avoid clobbering the RHEL bind version. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX1LJChUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsGs9QCfbLu97Z5dhUORW2BdBcVt0K47cLsA nR3f6SHCRdnvSlRKknq7fKxoCu/J =MyMD -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Response Policy Zone: disabling "leaking" of lookups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2020-09-02 at 17:47 -0700, Fred Morris wrote: > how do I disable the (useless) resolution directed at upstream > servers? Isn't that just "qname-wait-recurse no;" -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX1BhpBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFe7gCfVN8JVwC8eQ5RExIYVJkOVf3Ywc4A n1pCBkinzCzqBH9IYlXfp5sNeNh1 =Zfin -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rpmbuild problem with 9.11.22 on Centos
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sat, 2020-08-29 at 19:06 +0100, Matthew Richardson wrote: > My guess (which may be wrong) is that something is wrong with the > line:- > %set_build_flags > in bind.spec. It looks like isc is depending on some rpm macros from epel yum install epel-rpm-macros -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX0rARxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsG3fACaA5uiRIRN5AU9Gpql+s4wcUqP9h0A n0Gv0z5a0GzUaV3/VEz9REtAOCSo =TQ+p -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXz7EtRUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHXUwCffZxEKWp/Ssbw7cXJaBUPbmFvN6IA n27w8NdQ1K5MP3Y3lngDGTadE2N0 =KeXf -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXxiM4BUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFMXACfRQPFj8FFws3T9jMtu8gAyvLbpgsA nAkTIEwuyRmsO1P+EVbuWL3E5nvL =Pvxd -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. geoip support is not available, since geoip2 is not available in the epel repositories. libuv is in the EL7 epel repository; for EL6 a link is included to a source rpm. SELinux needs a custom policy, link included. This also fixes the issue with running bind on a machine in enforcing mode under KVM. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXup3TRUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsGCwgCdFn4mIAyiGjV2bQP57V3Dpg4GdFkA n2gGvoSmrF214K0ckA7nqwnLO/bk =TITQ -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
9.16.3 make tests on centos 8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Trying to build on centos 8, all the tests except one pass. I get a failure in bin/tests/system/runtime/tests.sh I:runtime:checking that named logs an ellipsis when the command line is larger than 8k bytes (13) I:runtime:verifying that named switches UID (14) I:runtime:failed I:runtime:stopping servers Ignoring that, the resulting binary seems to run properly. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl7UFVoACgkQL6j7milTFsGlBgCeLdUaqE0wFBTaY23kmy2S3qJK bpcAn1rvKZ3B57CATYcPh7fZjYW0j2vm =D8F/ -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. geoip support is not available, since geoip2 is not available in the epel repositories. libuv is in the EL7 epel repository; for EL6 a link is included to a source rpm. SELinux needs a custom policy, link included. This also fixes the issue with running bind on a machine in enforcing mode under KVM. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl7EHicACgkQL6j7milTFsHbZACeLr0tA1Gr4i2/LNhMkRpw0Swj tyAAnjZbfku4d2rt81c2IZC45W/0FTLX =Qnja -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. geoip support is not available, since geoip2 is not available in the epel repositories. libuv is in the EL7 epel repository; for EL6 a link is included to a source rpm. SELinux needs a custom policy, link included. This also fixes the issue with running bind on a machine in enforcing mode under KVM. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl6h854ACgkQL6j7milTFsGK5ACfQWX+wNpzHH4u6JNHh51xXkSe QOUAn3jU9gvZMrztcO57agdTYB84sOJp =fw26 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: NAT and Question Section Mismatch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2020-04-21 at 14:08 -0400, John Wiles wrote: ;; ;; Question section mismatch: got 17.1.1.10.in-addr.arpa/PTR/IN tcpdump is your friend. Dump the outgoing packets from your home connection to see exactly what you are sending for: dig 3.32.162.72.in-addr.arpa ptr @72.162.32.4 +nodnssec +norecur Dump the incoming packets at your dns server to see what it is receiving for that command. Any differences are probably generated by the cisco. Dump the outgoing packets from your dns server, and the incoming packets at your home connection also. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl6fcKwACgkQL6j7milTFsHWLACffvw6WJlQecTYmUWQ0al6szXu GncAn05uTakguddRQfrb3QlhMdhVl2gB =hUGI -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind 9.16.2 on centos6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, 2020-04-19 at 09:07 +0200, Ondrej Sury wrote: > I would suggest starting with vanilla libuv from sources, or at least > review the patches the RPM applies on top of the RPM. There are none. That rpm is just a wrapper around the stock autoconf/automake stuff. > Also please be aware of https://gitlab.isc.org/isc- > projects/bind9/-/blob/v9_16/PLATFORMS.md I should have been more specific - when I said that Centos6 is still supported, I meant supported by Centos, not necessarily by ISC. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl6ceawACgkQL6j7milTFsFUzQCggH9/2MypmkUS1ZIpnbfaE85D ayQAn0dRzHOeNqgwAfKiTdfoWvYLbPo1 =pKY4 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind 9.16.2 on centos6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > Is this the same issue previously reported against 9.16.1? That was > apparently resolved by downgrading to libuv 1.35. In my case, I can > try > to upgrade to 1.35. Nope, libuv 1.35.0 does not change the crash. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl6bdZAACgkQL6j7milTFsFmnwCfZC0IxRYScs3qNSxDJ67q31qH 8n4AnRUFgWKhTeachVnl/yihhaz+sm6v =Qnan -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
bind 9.16.2 on centos6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Centos6, although old, is still supported, so it would be nice to get 9.16.2 running on that. This is my first attempt at building 9.16.x. I pulled the libuv source rpm from Centos7, made some minor changes to the spec file, and built libuv 1.34.0. Using that, bind 9.16.2 builds to an rpm and installs, but crashes on startup. (gdb) bt #0 0x0033772324f5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x003377233cd5 in abort () at abort.c:92 #2 0x7f2f5fba9cc4 in uv_async_send () from /usr/lib64/libuv.so.1 #3 0x7f2f5fdf6329 in isc_nm_pause (mgr=0x7f2f5f945010) at netmgr.c:322 #4 0x7f2f5fe06e07 in isc_task_beginexclusive (task0=) at task.c:1662 #5 0x0043613f in load_configuration ( filename=0x7f2f59eac770 "\030\307\060O/\177", server=0x7f2f5c0a8010, first_time=true) at ./server.c:8309 #6 0x0043a27d in run_server (task=, event=0x0) at ./server.c:9660 #7 0x7f2f5fe07b21 in dispatch (queuep=) at task.c:1152 #8 run (queuep=) at task.c:1344 #9 0x003c18807aa1 in start_thread (arg=0x7f2f59ead700) at pthread_create.c:301 #10 0x0033772e8c4d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 Is this the same issue previously reported against 9.16.1? That was apparently resolved by downgrading to libuv 1.35. In my case, I can try to upgrade to 1.35. The test in configure.ac in the bind source checks that the version of libuv is >= 1.0.0. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl6bZrgACgkQL6j7milTFsFDTQCfUw2AaohJDFUN1NljCf6RDs1X 6QsAn3Dh+4VK1t+k2f7mO/cNjPM+fvL9 =Ilbj -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Slow recursive query performance on Windows x64
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, 2020-01-19 at 21:54 -0500, Steve Farr via bind-users wrote: > Does anyone know of a functionality that replaced the now-obsolete > filter--on-v4? plugin query "filter-.so" { filter--on-v4 yes; }; -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl4lII0ACgkQL6j7milTFsEkNgCcDPjGp5r6X7wvC0MJUcW5rFUz V4sAn2WL6OOPWwGUyKpMyWo27+5hphqx =MrO2 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.14.8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl3VnVMACgkQL6j7milTFsGv4ACfZBdGLuzuSS+5n1+yU4XGlH3u HzYAnRN+vZ/lMhKo8b0bCp9ghAmjOyR2 =pK5T -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.14.7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl2qWNcACgkQL6j7milTFsF8BwCfYQAStqPziT2iCMWxyquxo/3n ezQAnjbs9g6x7f60lmg1lD79dHvkO16Q =Yg4K -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.14.6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl2Q8rYACgkQL6j7milTFsHbqQCfW4iTTxaJUcvuRphFj5ALnctC fjcAniCHtMwZSrTSbGExD4FklCgV2mG3 =+eHj -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: SERVFAIL when looking up TXT from particular domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2019-06-26 at 13:16 +, Dennis via bind-users wrote: > dig TXT cleanmail4.capgeminioutsourcing.nl @localhost dig TXT cleanmail4.capgeminioutsourcing.nl +nodnssec @ns1.capgeminioutsourcing.nl. ;; MSG SIZE rcvd: 124 dig TXT cleanmail4.capgeminioutsourcing.nl +dnssec @ns1.capgeminioutsourcing.nl. ;; MSG SIZE rcvd: 4931 Check your ability to receive fragmented ip packets. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl0UGRIACgkQL6j7milTFsFh1gCfcny3HFKDxUH8p9bxF6vVeSZm 0rIAn3rUK0pCmDeQeStpakHQaldlvoN8 =cOJV -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.14.3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl0KrX8ACgkQL6j7milTFsFuyQCfZyov2lJnPYxKngKucU8eNw+z 1R4AnjS5lxvECD+d2FeHrgdjuvIyZmYx =ZJAX -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [External] Re: Request assistance configuring RPZ
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2019-05-29 at 09:05 -0400, David Bank wrote: > Re-reading the ARM, it seemed to me that I needed to add a After adding the zone and the response-policy statement to named.conf, I presume you did: rndc reconfig To test that you can: dig rpz.internal.local axfr @zurg That should dump the rpz zone, and verify that zurg is serving it. The response-policy should be in the global options. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlzuk4QACgkQL6j7milTFsEtgQCaA2gk7mvDO9jWYlAGTm+soYty aEcAn1L7goSEfLdCIBIChF8wklA4MRFA =q+pb -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [External] Re: Request assistance configuring RPZ
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2019-05-28 at 13:13 -0400, David Bank wrote: > Perhaps I'm missing something, but I don't see how to make zurg reply > with 192.168/16 IPs for andy and sid, but correctly resolve the rest > of *.internal.local On zurg, add a new dns zone rpz.ncdot.gov $TTL 3600 rpz.ncdot.gov. IN SOA localhost. root.localhost. ( 2019052800 ; serial 3H ; refresh 1H ; retry 1W ; expiry 1H) ; minimum IN NS localhost. andy.internal.local IN A 192.168.10.10 sid.internal.local IN A 192.168.20.20 === Then in named.conf on zurg, add: === response-policy { zone "rpz.ncdot.gov";} qname-wait-recurse no; === On zurg, all other names in internal.local will get the normal processing, with answers via buzz. But when someone uses zurg to lookup andy.internal.local, it will reply with 192.168.10.10 without even asking buzz. An alternative rpz mechanism it to allow zurg to query buzz, and then have rpz rewrite the 10/8 address into 192.168/16. But if you have multiple names that map to the same 10/8 address, and you only want some of those names to resolve to 192.168/16, you will need to use the above mechanism, which I think is simpler anyway. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlzt+e4ACgkQL6j7milTFsGjuQCbBsxNHh26aEGfhXzh4muEFcyN a/UAn1w2mEs6WrUVjZ2oMMHA4MmDw+Fi =D5Yv -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.11.6-P1 build fails on Solaris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2019-04-26 at 10:41 +1000, Nick Edwards wrote: > lots of things failing in recent times, even with CentOS, mostly > because of openssl min version changes, and most recently even latest > releases wont build now because of a change in min python versions > *sigh*, i'm just going to leave it as is, thats all we can do. On centos, you might try https://www.five-ten-sg.com/mapper/bind -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlzJ9CoACgkQL6j7milTFsE83gCff5EeY09QUCkVYhODAvMRtY8g R0AAoIlzg8ejExYucdtPZoUcuMJUrGJR =pjpX -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
bind 9.14.1 qname-minimization
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The default for the qname-minimization option is relaxed, but with that, we cannot resolve the PTR for 142.136.234.134. dig -x 142.136.234.134 @localhost ; <<>> DiG 9.14.1 <<>> -x 142.136.234.134 @localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25604 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 19827bd99b1c2e4c9b3031d25cc38cd99291547909a1072a (good) ;; QUESTION SECTION: ;134.234.136.142.in-addr.arpa. IN PTR But a dig+trace works: dig -x 142.136.234.134 +trace 136.142.in-addr.arpa. 86400 IN NS ns1.twcable.com. 136.142.in-addr.arpa. 86400 IN NS ns2.twcable.com. 136.142.in-addr.arpa. 10800 IN NSEC137.142.in-addr.arpa. NS RRSIG NSEC 136.142.in-addr.arpa. 10800 IN RRSIG NSEC 5 4 10800 20190510203932 20190426193932 3402 142.in-addr.arpa. VYmReUU/xtnUrJnsiSpl+HUeHfAsbG9YyOMFz9bkvKkY7R/N2MmJbC0j 5eWk+S31Iyqj7tvTxYRXZHWUNLDhr87PeW+5IF0noETb3CRrjX9vC3ef NFyTR0K6Hz7Kd6fmc8qJJj0o9xthqZkdN2ugpoOzFi/AmswNKHo+Spmt GAM= ;; Received 322 bytes from 193.0.9.10#53(arin.authdns.ripe.net) in 138 ms 134.234.136.142.in-addr.arpa. 14400 IN PTR nce.mail.chartercom.com. 234.136.142.in-addr.arpa. 500 IN NS cdp-wn-tm-5-01.inf.twcable.com. ;; Received 135 bytes from 165.237.86.252#53(ns1.twcable.com) in 78 ms If we switch to qname-minimization disabled, we can resolve that: dig -x 142.136.234.134 @localhost ; <<>> DiG 9.14.1 <<>> -x 142.136.234.134 @localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27045 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: e576889a026393635adb613d5cc38d31b91f6bc06bca426d (good) ;; QUESTION SECTION: ;134.234.136.142.in-addr.arpa. IN PTR ;; ANSWER SECTION: 134.234.136.142.in-addr.arpa. 14400 IN PTR nce.mail.chartercom.com. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlzDjboACgkQL6j7milTFsEhjQCcCRniXDQZhyx/vXKnGplb5Qdw EW8Ani7w4bbl7Eq8nSxFF9fWyu9JKd+T =HJMK -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.14.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlzA/HQACgkQL6j7milTFsG5CgCfROG2P4f8SbtEA8GUWC6cv3rs zHAAn0vlcuF/cnCCITE7L58MM1vzsHLI =TlZp -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
9.14.0 filter-aaaa
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 view "normal" { plugin query "filter-.so" { filter--on-v4 yes; filter- { "brokenv6"; }; }; named-checkconf likes that, but named gets a segfault in filter-.so. Anyone using filter-.so in a working configuation? The log shows: Apr 14 17:15:18 ns named[29299]: mem.c:1795: INSIST(mpctx->allocated > 0) failed, back trace The backtrace in the log does not have debug info, but the Centos abort handler shows a bit more detail: libns.so(ns_query_start) -> libns.so -> libns.so -> filter-.so -> libisc.so(isc__mempool_put) -> libisc.so -> libc.so(abort) Anything obvious that I am doing incorrectly, before I rebuild this with debug symbols? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlyz0CQACgkQL6j7milTFsGgVQCffDMNYDku0nbB+nCRfVf53g9n kgUAn0Mw7wlNPODkp408l2VQCeoSeN0S =m1el -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.12.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlx0X4IACgkQL6j7milTFsGukwCfRSD9xFL5WHo0bZYi+6aOHBYY ZpoAnRKtRH72BxwO7rZS9Kc9se4muuNh =mDEd -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.12.3-P4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlx0X4IACgkQL6j7milTFsGukwCfRSD9xFL5WHo0bZYi+6aOHBYY ZpoAnRKtRH72BxwO7rZS9Kc9se4muuNh =mDEd -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users