On Thu, Feb 29, 2024 at 10:34:42AM +0100, Borja Marcos wrote:
> But bear in mind that this is only guaranteed to work inside your
> network/ASN. It’s not unusual to scrub DSCP at the network border.
Same problem would also apply to DSCP values set internally by named,
of course.
--
Eva
merged.
You do raise a good point - there may be reasons for different sites to
want to teak these settings. Iif so, though, they we should probably
add the tuning to named judiciously, after a proper research and
data-gathering process, instead just accidentally leaving it there. :)
--
Evan Hunt --
They are not thought to be useful in a production environment,
and we know of no operators using them. (Please let us know if this is
incorrect!)
Our plan is to mark these options as deprecated in BIND 9.16 and 9.18,
and to remove them as of BIND 9.20.
--
Evan Hunt -- e...@isc.org
Internet Systems Consor
ample, zone cf1 was in view1, so it sent its summary information
to view1. It doesn't know that it's also in view2.
I've been thinking for a while about the best way to address this, and
there might be some news coming in the not-too-distant future, but I don't
have a good solution for you right now
rvers, into clusters
for the benefit of servers that only have intermittent connectivity
to the internet. This is no longer a common enough scenario to justify
the added code complexity.
They will be deprecated as of BIND 9.20 and removed in BIND 9.22.
--
Evan Hunt -- e...@isc.org
Internet Sys
On Thu, Jun 08, 2023 at 07:57:12PM +, Evan Hunt wrote:
> So, I'm guessing systemd-resolved is choking on the EDNS COOKIE option.
> This needs to be reported as a bug to the systemd maintainers. And, maybe
> delv should have a +nocookie option.
Hmm, on further inspection, I was wr
nts EDNS correctly. It will validate the data it
receives, but it has to receive some.
The newest version of delv, in the BIND 9.19 development release, has
a 'delv +ns' option to do its own resolution internally, without needing
an external server to look up the data; that would also work.
--
ant lines from your log file so I can see what you're referring to
by "key regeneration"?
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this so
working fine (otherwise presumably dnssec-analyzer would've
complained), but recursive isn't working.
Unfortunately, since you haven't provided any configuration info or even
the name of the domain you were trying to set up, I can't make any more
educated guesses than that.
--
Evan Hunt -- e...@isc.org
In
e request at https://gitlab.isc.org/isc-projects/bind9,
and if you submit a patch we'll look at it, but I don't think this is
the right way to do this. Why are you remapping to a blackholed
address, instead of returning NXDOMAIN?
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
--
Vi
e preferable way to accomplish what I want, either with 9.18
> itself or otherwise.
It should, the raw file format hasn't changed. (There used to be a
format called "map" that was incompatible between versions, but
you're not using that, and it's been removed from BIND now anyway.)
al name is resolved. The two lookups will wait on
each other for ten seconds, and then the whole query times out and issues
that log message.
The log message is new in 9.18, but the 10-second delay and SERVFAIL
response would probably have happened in earlier releases as well.
--
Evan Hunt --
uery, but unless your server gets an overwhelming amount
of traffic you won't notice it.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid suppo
sually ignore the authority section.
no-auth-recursive is meant for use in mixed-mode servers that
handle both authoritative and recursive queries.
So when recursion is requested in the query, the server omits the NS
records from the authority section, and if there's no NS records then
there
before turning on DNSSEC validation,
and we no longer consider that to be worthwhile advice. Just keep your
packages up to date and you'll be fine.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this lis
ull it from the source tree:
https://gitlab.isc.org/isc-projects/bind9/-/blob/main/bind.keys.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software wi
l that last reference is released.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.
view->plugins_free(view->mctx, >plugins);
| }
view->plugins_free is a pointer to ns_plugins_free(), which calls
unload_plugin() for each plugin configured in the view, and that calls
the plugin_destroy() function defined in the module.
If you have the logging level set to debug(1), you shoul
the Makefile? No package requirement checking
> through configure.ac?
Correct.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid suppor
at's what was in configure.ac.
Later we added dlopen-able DLZ modules, which are built separately
and linked in at runtime (see contrib/dlz/modules and subdirectories).
For a long time both methods were available but in (I think?) 9.18 we
finally removed the old-style drivers.
--
Evan Hunt -- e..
would definitely be easier to *make* dyndb work for the cache;
it has all the necessary API calls, and DLZ doesn't. But I don't
know a way to configure it to take the place of the cache currently.
If you do, please educate me.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
--
Visit ht
y clunky to me but I've never had
the necessary combination of time and brains to improve it.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid s
d additional section data except when necessary.
The default is "no-auth-recursive", which omits authority section data
when it isn't strictly necessary, but will still add additional data for
records in the answer section.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
--
om {
type primary;
file "example.db";
update-policy {
grant update-key zonesub ANY;
};
};
(Incidentally, the "ddns-confgen" command is a version of tsig-keygen
that, in addition to generating a new key, also prints a configuration
e
bly related to that. Please
open a bug report at https://gitlab.isc.org/isc-projects/bind9/-/issues,
we'll look into it.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the
ned.com | grep flags
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
$ dig @localhost ietf.org | grep flags
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
^^
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
--
V
needed to be updated.
In today's world, I don't think it's inmportant anymore.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subsc
SKIP: 0
> # XFAIL: 0
> # FAIL: 0
> # XPASS: 0
> # ERROR: 0
>
> make[7]: Leaving directory '/tmp/bind9/bind-9.18.0/bin/tests/system’
> […]
> $
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
--
Visit https://lists.isc.org/m
.com {
type secondary;
file "example-secondary.db";
primaries { 127.0.0.1 key them-key; };
};
};
view them {
match-clients { any; };
zone example.com {
type primary;
file "example-primary.d
(not to mention being documented to mean a third).
Thanks for bringing this to our attention. I've created issue #2918 to track
it in gitlab.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailm
ormat
> instead. Until the pendulum swings again.
Yep, I think that's how we'll do this, if we do it.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
came to
maintaining feature parity.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid suppor
to go.
I'm not sure which of the open-source auth servers currently have ECS
support. PowerDNS maybe? And a quick google search just suggested one
called gdnsd, which I hadn't heard of before.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
documentation. There's a mechanism for flagging
obsolete options in named.conf and logging a useful message about them, but
it's not so straightforward when the option is still valid but the
parameters have changed.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
eason for ANAME was that browser vendors were unwilling to use
SRV. If they *are* willing to use HTTPS/SVCB - which looks promising at
the moment - then the remaining use cases for ANAME aren't worth the
complexity.
--
Evan Hunt -- e...@isc.org
Internet Systems
ecords look like a better approach anyway.
BIND will have support for those pretty soon.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC
of both "trusted-keys" and
"managed-keys".
For the moment, using the old syntax only generates a warning, not a fatal
error, but the old options will be removed in a future release (9.20, I
think, but don't quote me on that).
--
Evan Hunt -- e..
happy to get help
with that project from anyone who knows windows better than I do - it
wouldn't take much.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
m/ifconfig.sh up").
I think the message got lost when we switched to automake.
Some tests will be skipped if there are missing dependencies, so you may
also wish to install the Net::DNS, Net::DNS::Nameserver and XML::Simple
modules for perl, and dnspython for python.
--
Evan Hunt -- e..
give an example to achieve the same?
match-clients { !geoip country A; !geoip country B; !geoip country C; any; };
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to un
ot;reconfig" either. Views
don't scale well. Finding the correct view for a query is a linear search,
so your performance will decline quite badly if you have more than a few
views to search through.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_
.17.11.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Cont
cally sorted.
"named" can do this automatically if you dynamically update a zone and
remove the DNSKEY rrset. I think "dnssec-signzone -SPRQ" would do it if you
marked the keys as deleted with "dnssec-settime" first; I haven't tested
this, but it should. But I think t
r/cache/bind/db.powercraft.nl.signed
You can just regex out all the DNSSEC-related types. Something like
this ought to work:
$ named-compilezone -f raw -F text -s full -o - powercraft.nl | \
awk '$4 ~ /(DNSKEY|DS|RRSIG|NSEC|NSEC3|NSEC3PARAM)/ {next} {print}'
--
Evan Hunt -- e...@isc.
her domains listed there will be ignored. So, this would already not
work.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC fu
- HMAC-SHA512?
No, go ahead. I tend to use sha256, just because it's the default
from rndc-confgen.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
fro
d syntax will continue working so old named.conf files don't
need to be changed, at least for the next several releases.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>1. Can bind support DoH and DoT
>2. If yes Which version of bind support DoH or DoT
It's in development now. The plan is for it to be supported in 9.18 when it
comes out next year, and backported to the 9.16 branch as a compile-time
option.
--
Evan Hunt -- e...@isc.org
Internet S
in contrib/dlz/drivers ones do need to be linked in at compile
time, so they still turn up as configure options even though they're
kinda obsolete now.
I expect them to go away in 9.17/9.18; the only reason they're still there
now is that a few of them support databases that we don't have modules
docs/aa-01149
Ah, thank you, I hadn't seen that.
The only thing I see in that article that's out of date is that
the "--with-geoip" option is no longer needed, or valid; it's
"--with-maxminddb" now, and it's enabled by default.
--
Evan Hunt
nfrequently used keywords like "areacode" and "netspeed"
became unavailable in the new API, and three-letter country codes are
now obsolete. "Country" is definitely still supported, and since you used
"us" rather than &quo
ration for an nginx proxy in the BIND source tree under
contrib/dnspriv that you can use now, if you wish.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> Does BIND have a DoH plugin official?
> Or is there any guide to customize that one?
Not yet, but we plan to have a DoH implementation in named by the end of
this year.
In the meantime, there are DoH proxies that can run BIND as the back-end.
--
Evan Hunt -- e...@isc.org
Internet S
.com in a
> update add example.com in a 192.0.2.1
> update add example.com in a 192.0.2.2
> update add example.com in a 192.0.2.3
> send
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/l
chance?
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinf
unusual in your server configuration?
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
h
last 'modified'. Would be perfect for
> small zones that are rarely updated.
I think the zone option "serial-update-method date;" does this. (I haven't
tested it with dnssec-policy though.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
On Wed, Apr 08, 2020 at 10:22:55PM +, Evan Hunt wrote:
> You didn't mention what version you're running, but IIRC, this was
> added in 9.16.
My mistake, 9.17.
On most Unices you can specify /dev/stdin as the filename though, and
that should work with any version.
--
Evan Hun
On Wed, Apr 08, 2020 at 02:58:12PM -0400, Matthew Pounsett wrote:
> It looks to me like named-checkzone isn't able to read a zone file from
> stdin.
You didn't mention what version you're running, but IIRC, this was
added in 9.16.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortiu
:47 GMT
>
> name: .
> keyid: 20326
> algorithm: RSASHA256
> flags: SEP
> next refresh: Tue, 25 Feb 2020 19:16:47 GMT
> trusted since: Mon, 03 Feb 2020 18:10:26 GMT
"trusted since" indicates it managed to get at least query through
on Feburary 3. If it hadn't, it
l module, but views are easier.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists
On Tue, Sep 24, 2019 at 03:15:42AM +, Evan Hunt wrote:
> Six years is a long time, I've probably forgotten a few.
Oh here's one: "dig +sigchase" is dead now, use "delv" to check DNSSEC
validation chains.
--
Evan Hunt -- e...@isc.org
Internet
In newer releases there's also a configuration option, "validate-except",
which permanently disables validation below specified domains. This can
be used, for example, if you have an internal network using a fake TLD
and you want to prevent it f
On Thu, Jul 25, 2019 at 09:03:26PM +, Evan Hunt wrote:
> In 9.11, no. In 9.14, you can use "validate-except { local; };"
(Afterthought: In 9.11, you can also use "rndc nta" to suppress validation
on a given domain, but negative trust anchors expire after a while, so
On Thu, Jul 25, 2019 at 12:52:18PM -0800, John Thurston wrote:
> Is there any way to tell my resolver it shouldn't be validating
> responses for foo.local?
In 9.11, no. In 9.14, you can use "validate-except { local; };"
--
Evan Hunt -- e...@isc.org
Internet Systems
ds the zone from the master file *plus* the journal file,
if there is one. There's no need to sync the journal file to the master
file before reloading.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lis
On Sun, Jun 23, 2019 at 05:01:11PM +, Evan Hunt wrote:
> It's a bug. I see the same result. Thanks for pointing it out, I'm
> looking into it.
Ah, I see the problem. You overrode the default policy by using the name
"default", but you didn't set a "coverage" valu
ug. I see the same result. Thanks for pointing it out, I'm
looking into it.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users maili
ith it.
But a standard policy that covers all deprecated options would need
to be stricter than "enh".
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsub
en an option must
removed, and how to ensure operators aren't blindsided by that.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing l
be available in
BIND 9.15.1, which should be out next week; the old syntax will be
phased out later.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
te corporate
domain. AIUI, there are some people doing that; I don't know how many.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-u
ion relaxed" really ought to be able to work around this,
though, and I thank you for bringing it up. You can file a bug report at
gitlab.isc.org/isc-projects/bind9/issues if you wish.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Pl
On Sun, Apr 14, 2019 at 05:35:42PM -0700, Carl Byington via bind-users wrote:
> named-checkconf likes that, but named gets a segfault in filter-.so.
> Anyone using filter-.so in a working configuation? The log shows:
>
> Apr 14 17:15:18 ns named[29299]: mem.c:1795: INSIST(mpctx->allocated
and comments in configure_view() you might see how easy it is to be
misled.)
I actually do still think that *ought* to be the rule for allow-update,
but it wasn't, so when I cleaned things up I cleaned them up wrong, mea
culpa.
--
Evan Hunt -- e...@isc.org
Internet Systems Co
but I think Grant was suggesting having named itself dump its current
configuration state, which would be useful in a whole different way.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/list
radigm, so I' not sure if every assertion failure can cause BIND to
> crash and is there any mechanism in BIND that can just drop the event
> which triggers an assertion failure and move on to other events? Thanks.
An assertion failure is always a crash.
--
Evan Hunt -- e...@isc.org
Inte
ure, but so
far we've hesitated out of skepticism that ECS is a good idea that will be
needed very much in the long term - we don't want to have to support it
forever if it fizzles. But we do revisit the conversation periodically.
--
Evan Hunt -- e...@isc.org
Internet Sy
others. I'd need to know what database you're using and
what kind of zones you're serving (big or small, DNSSEC signed or not,
high-traffic or not) to be of much help.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit
that specific server. That option will still be
available after flag day.
An easy way to check would be to install the latest BIND development
release (version 9.13.5) and see if it works. It already has all the flag
day changes in it.
--
Evan Hunt -- e...@isc.org
Internet Sy
forgotten,
but I think we intended to leave the "no" behavior alone. Thanks for
bringing it up, I'll open a bug ticket about it.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/list
ct the
> authoritative behavior. But I don't understand, why this happens when
> "minimal-responses no;" is configured.
Authoritative or recursive? Can you give a specific example
of a query that isn't getting an additional section and should?
--
Eva
dnssec doesn't exist in 9.11, there must be another cause
in your case. Very sorry for misleading you. How often are you seeing this?
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bin
test -- they would have been deleted
if it had passed but should still be there now -- which can also be
used to work out what went wrong.
If you want to just tar up bin/tests/system and send it to me, I'd be
happy to take a look.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
__
"). It's fixed in the upcoming release.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://li
secroots" already existed before that change, we left its default
behavior the same as it had been before, and added a "-" option to return
text over the command channel.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Ple
t, run "rndc-confgen" and follow the directions.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-use
nt to). Is it a 9.12 onwards
> thing?
No, but Mark's comment may have been confusing. You can set up keys
that way in named.conf ("algorithm hmac-md5-96;" or whatever). At first
I thought he was talking about tsig-keygen; perhaps you read it the same
way I did?
--
Evan Hunt
quot;configure --without-openssl".
There will be features you can't use. They're good features, and in my
opinion disabling them is a mistake, but you are allowed to do so.
In BIND 9.13, the option to disable these features no longer exists.
--
Evan Hunt -- e...@isc.org
Int
o libraries, which meant openssl wasn't available
on all platforms, and I've always guessed it was because of that.
No longer an issue, anyway.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/l
quot;query" is the same
as "request".
I can't think of any reason not to tap update requests, but I do
wonder whether an extension to the type enum would reduce confusion.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
rnal
and external views, then views are unnecessary. Just use
"allow-recursion { localnets; };" and external queries won't be
allowed to do recursion.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.o
transferred at all. There's a
single copy of the zone in memory, and both views have pointers to it.
You can still use the file option.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/
d between
9.12.1 and 9.12.1-P2 are:
lib/dns/rbtdb.c
lib/dns/zone.c
lib/ns/include/ns/query.h
lib/ns/query.c
And all other differences are from rebuilding the documentation with the
new version number.
--
Evan Hunt -- e...@isc.org
Internet Systems Consor
On Fri, May 04, 2018 at 04:19:43PM +, Evan Hunt wrote:
> You're right, something's broken. I see it too, and not just on chrome.
> I'll escalate. Thanks for bringing this to our attention.
It's fixed now.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortiu
e
> BIND doesn't seem to be distributed from there anymore.
As others have already pointed out, it's still there: 'cd isc/bind9/$version'.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailma
building BIND packages for various
distributions, and while we're still testing the process and haven't
started publishing them yet, I do have an experimental 9.11.2-P1 RPM
that you can try out if you like.
--
Evan Hunt -- e...@isc.org
Internet Systems Consor
ributions would speed things up.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.
ether domain registrars make use of it.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https:
ovide a nice speed-up, as well as allowing the validator to avoid
> looking into insecure subtrees, which will have the side-effect of
> avoiding problems with apex CNAMEs.
Yep, that's one of the approaches we've discussed.
--
Evan Hunt -- e...@isc.org
Internet Syste
1 - 100 of 494 matches
Mail list logo
