Root hints

2015-10-06 Thread Jack Tavares
file locally) Thank you -- Jack Tavares ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Inline signing and views.

2014-04-11 Thread Jack Tavares
Hello - Is it possible to enable inline signing of a zone in 2 different views with 2 different keys? I have the following config: view external { match-clients { 1.1.1.1; }; zone test.com. { type master; file external.test.com.; allow-update {

BIND and idnkit vs GNU libidn

2013-10-31 Thread Jack Tavares
BIND appears to be setup to compile against the idnkit supplied in contrib. It will not build against GNU's libidn. Or at least I have not been able to make it do so. Is there a way to use libidn instead of idnkit (besides modifying the code myself) that I am missing? Thank you -- Jack

RE: compile error building 9.9.3-P2

2013-09-12 Thread Jack Tavares
Please disregard. -- Jack Tavares How many more can we sell with this button? From: bind-users-bounces+j.tavares=f5@lists.isc.org [bind-users-bounces+j.tavares=f5@lists.isc.org] on behalf of Jack Tavares [j.tava...@f5.com] Sent: Thursday

compile error building 9.9.3-P2

2013-09-12 Thread Jack Tavares
/dns' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/local/tavares/perforce/tmos-dns-bugs-bind/ports/bind/build/lib' make: *** [subdirs] Error 1 -- Jack Tavares ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe

RE: ISC Security Advisory: CVE-2013-2266: A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named

2013-03-26 Thread Jack Tavares
I have a request for clarification: The workaround states to rebuild BIND with regexp support disabled. And I see new versions of BIND have been released. Are those versions just a rebuild with regexp support disabled? Or are they a more comprehensive fix? thanks. -- Jack Tavares

RE: ISC Security Advisory: CVE-2013-2266: A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named

2013-03-26 Thread Jack Tavares
Thank you. -- Jack Tavares From: ISC Support Staff [support-st...@isc.org] Sent: Tuesday, March 26, 2013 11:08 To: Jack Tavares Cc: bind-us...@isc.org Subject: Re: ISC Security Advisory: CVE-2013-2266: A Maliciously Crafted Regular Expression Can Cause

RE: libbind 6.0

2013-02-12 Thread Jack Tavares
to? I see the LWRES but that does not appear to have any update support. Thank you -- Jack Tavares ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https

libbind 6.0

2013-02-08 Thread Jack Tavares
I have been using libbind(6.0) to do dynamic updates via res_mkupdate() libbind is not currently under development. Is there are replacement in bind9 that I should move to? I see the LWRES but that does not appear to have any update support. Thank you -- Jack Tavares

RE: adding DS record via nsupdate

2013-02-06 Thread Jack Tavares
Of course. Thank you. -- Jack Tavares How many more can we sell with this button? From: Mark Andrews [ma...@isc.org] Sent: Tuesday, February 05, 2013 19:58 To: Andrew Latham Cc: Jack Tavares; bind-us...@isc.org Subject: Re: adding DS record via nsupdate

adding DS record via nsupdate

2013-02-05 Thread Jack Tavares
. IN DS ;; ANSWER SECTION: subzone.test.net. IN DS 34845 7 1 325AA7B83FAC7DB621678EB2FB9035B51A0A504F ;; Query time: 0 msec Should this work? Thank you -- Jack Tavares ___ Please visit https://lists.isc.org/mailman

SOA minimum vs negative ttl

2013-01-23 Thread Jack Tavares
that this is the minimum TTL. Thanks -- Jack Tavares ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

RE: Need to improve named performance

2012-11-13 Thread Jack Tavares
One issue that *may* be impacting you (and another reason to upgrade) is the size of the receive buffer within named was bumped up in 9.5 or 9.6 IIRC. -- Jack Tavares From: bind-users-bounces+j.tavares=f5@lists.isc.org [bind-users-bounces+j.tavares=f5

RE: Disable log message

2012-10-21 Thread Jack Tavares
I wasn't suggesting that it be removed. I was asking if it was possible to disable it if desired. The answer is obviously no. Thank you all for your time. -- Jack Tavares How many more can we sell with this button? From: bind-users-bounces+j.tavares=f5

Disable log message

2012-10-18 Thread Jack Tavares
-shared' '--enable-threads' '--enable-ipv6' '--with-libtool' etc etc etc I would prefer to not have that show up in the log. Short of modifying the source, is there an easy way to disable that? Thanks -- Jack Tavares ___ Please visit https

RE: Disable log message

2012-10-18 Thread Jack Tavares
Let me be more specific. Is there a way to tell named to not log this message? Thank you -- Jack Tavares From: Warren Kumari [war...@kumari.net] Sent: Thursday, October 18, 2012 10:18 To: Jack Tavares Cc: Warren Kumari; bind-us...@isc.org Subject: Re

named-checkconf view in error message?

2012-07-03 Thread Jack Tavares
to have. Can I make a request to add that info to the output if possible. Thank you Not that it matters but bind9.8.1-P1 build from the source. -- Jack Tavares ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

Bind 9.6-ESV-R5 errors

2012-03-26 Thread Jack Tavares
to stop these errors? -- Jack Tavares ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

RE: Bind 9.6-ESV-R5 errors

2012-03-26 Thread Jack Tavares
Mark: Ignore them. They are from the built in empty zones. They are fixed in the next maintenance release. I notice that adding enable-empty-zones no; to the config stops these messages. Is there any downside to doing that? Thank you -- Jack ___

RE: trigger point for new bug

2011-11-17 Thread Jack Tavares
So is it true that there is no way to make an existing bind server (without this patch) safe from this? -- Jack Tavares How many more can we sell with this button? From: bind-users-bounces+j.tavares=f5@lists.isc.org [bind-users-bounces+j.tavares=f5

RE: trigger point for new bug

2011-11-17 Thread Jack Tavares
From: Evan Hunt [e...@isc.org] Sent: Thursday, November 17, 2011 14:30 To: Jack Tavares Cc: John Wobus; bind-users Subject: Re: trigger point for new bug So is it true that there is no way to make an existing bind server (without this patch) safe from this? A server that only serves

RE: trigger point for new bug

2011-11-17 Thread Jack Tavares
So is it true that there is no way to make an existing bind server (without this patch) safe from this? A server that only serves authoritative data and doesn't recurse is safe. The assertion takes place when retrieving data from the cache, which an authoritative server never does. Any

RE: trigger point for new bug

2011-11-17 Thread Jack Tavares
I asked If the assertion takes place when retrieving data from the cache, would setting cache size to 0 (do disable caching) avert this issue while still allowing recursion? Evan responded: I don't think so. I believe the cache actually has a minimum size, lower than which named won't let you

RE: BIND 9.4-ESV-R5b1 is now available

2011-05-13 Thread Jack Tavares
Did I miss a notice? What issue(s) does this address? I can't find a way to see what this addresses without downloading the tarball.. -- Jack Tavares From: bind-users-bounces+j.tavares=f5@lists.isc.org [bind-users-bounces+j.tavares=f5

RE: Threaded bind on CentOS

2011-02-28 Thread Jack Tavares
Recap: running named with -n 1 will spin up one worker thread and approx 4 other threads. Is there an official discussion or explanation of what these other threads do? -- Thanks ___ bind-users mailing list bind-users@lists.isc.org

Threaded bind on CentOS

2011-02-24 Thread Jack Tavares
I am using bind 9.7.3 and I have tried running it with various -n values and it appears that I will always get n+3 threads. Ex: I run it: named -n 1 I get 4 threads named -n 4 I get 7 threads etc. I understand the desire to have background housekeeping threads, but I would like to know what,

RE: Threaded bind on CentOS

2011-02-24 Thread Jack Tavares
-Original Message- From: bind-users-bounces+j.tavares=f5@lists.isc.org [mailto:bind- users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Eivind Olsen Sent: Thursday, February 24, 2011 11:46 AM To: bind-users@lists.isc.org Subject: Re: Threaded bind on CentOS I am

RE: Threaded bind on CentOS

2011-02-24 Thread Jack Tavares
-Original Message- From: Chris Thompson [mailto:c...@hermes.cam.ac.uk] On Behalf Of Chris Thompson Sent: Thursday, February 24, 2011 1:21 PM To: Jack Tavares Cc: bind-users@lists.isc.org Subject: Re: Threaded bind on CentOS On Feb 24 2011, Jack Tavares wrote: I am using bind

RE: root hints

2011-01-28 Thread Jack Tavares
I have a question about the hints file. It is built in to BIND. Does bind check for updates to this periodically? If so, where does it get it from ? I assume it gets it from ftp.isc.org. Does bind contain a hardcode for that IP address? or does it use the existing hints to find the address of

RE: bind replication

2010-12-31 Thread Jack Tavares
A further complication on this is if you are using dynamic updates. If you are using dynamic zones, bind will create journal files. If you were to copy over the zone files and journal files and do a reload, bind determines whether or not to reload the zone based on the timestamp of the zone

dynamic updates via libbind.

2010-11-12 Thread Jack Tavares
I am currently using libbind to do dynamic updates in C. I have looked in the bind 9.7.x source and I don't see a replacement mechanism for this. Is there one or is there one planned in bind10? Thanks -- Jack. ___ bind-users mailing list

libbind error

2010-11-12 Thread Jack Tavares
I believe I found a bug in the libbind code. Is this the correct place to report that? Thanks -- jack ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

RE: managed-keys-zone file not found

2010-10-04 Thread Jack Tavares
Forgive the top post. The directory is writable. I run bind chrooted and the directory exists, is owned by the named user and is writable by the named user. -- Jack Tavares How many more can we sell with this button? From: David Forrest

RE: managed-keys-zone file not found

2010-10-04 Thread Jack Tavares
Evan: My statement about the expected behavior (i.e., that you'd see this log message only on the first start, and not thereafter) turns out to be true only if there's actually a managed key that needs maintaining. If you don't have any such keys, named won't create a file to save them in--

managed-keys-zone file not found

2010-10-01 Thread Jack Tavares
Hello While starting up bind I get the following 2 messages 01-Oct-2010 15:13:15.304 set up managed keys zone for view external, file '3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys' and 01-Oct-2010 15:13:15.309 managed-keys-zone ./IN/external: loading from master file

RE: Dynamically add zones

2010-07-30 Thread Jack Tavares
Thanks. I use the libisccc where possible. -- Jack Tavares How many more can we sell with this button? From: bind-users-bounces+j.tavares=f5@lists.isc.org [bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Mark Andrews [ma...@isc.org

question about bind bug fixed in 9.6.2-P2

2010-06-01 Thread Jack Tavares
From the release notes: --- 9.6.2-P2 released --- 2876. [bug] Named could return SERVFAIL for negative responses from unsigned zones. [RT #21131] Question: Does this bug only occur if dnssec is enabled? or only if dnssec validation is turned on? or will it

RE: dnssec-keygen is waiting endless...

2010-05-28 Thread Jack Tavares
Or it is a chroot jail and it does not have a source of entropy -Original Message- From: bind-users-bounces+j.tavares=f5@lists.isc.org [mailto:bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Paul Wouters Sent: Friday, May 28, 2010 9:34 AM To: Michelle Konzack Cc:

RE: dnssec-keygen is waiting endless...

2010-05-28 Thread Jack Tavares
Disregard my statement. An incorrect chroot setup will affect the named executable, but not the dnssec-keygen -Original Message- From: bind-users-bounces+j.tavares=f5@lists.isc.org [mailto:bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Michelle Konzack Sent:

RE: BIND 9.6.2-P2 is now available.

2010-05-20 Thread Jack Tavares
I have a question about the bug that this patch fixes. --- 9.6.2-P2 released --- 2876. [bug] Named could return SERVFAIL for negative responses from unsigned zones. [RT #21131] Does this bug only occur if dnssec is enabled? or only if dnssec

RE: add a record into signed zone

2010-05-13 Thread Jack Tavares
When I have this problem the first thing I check is the permissions on the key files. Ownership, etc. Are they in a place that named knows about? From: bind-users-bounces+j.tavares=f5@lists.isc.org [mailto:bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of rams Sent: Thursday,

named-checkzone behavior change?

2010-05-10 Thread Jack Tavares
I have downloaded 9.7.0-P1 and I am running into something odd with named-checkzone I have a simple zone with an NS record that has no A or record. named-checkzone has flags to ignore this. and this same command (see below) worked in 9.6 but given this zone file test.net. 500 IN SOA

RE: named-checkzone behavior change?

2010-05-10 Thread Jack Tavares
Correction: I am calling named-checkzone not checkconf. this: named-checkconf -k ignore -n ignore -i none test.net. zonefile should read named-checkzone -k ignore -n ignore -i none test.net. zonefile the rest of the email is correct From: Jack Tavares Sent: Monday, May 10, 2010 12:49 PM

RE: named-checkzone behavior change?

2010-05-10 Thread Jack Tavares
would cause the zone to fail the above checks if committed. [RT #20678] From: Jack Tavares Sent: Monday, May 10, 2010 12:54 PM To: Jack Tavares; bind-users@lists.isc.org Subject: RE: named-checkzone behavior change? Correction: I am calling named

ftp.isc.org is down

2010-05-06 Thread Jack Tavares
Not quite the right place to report this but... wget http://ftp.isc.org/isc/bind9/9.7.0-P1/bind-9.7.0-P1.tar.gz --2010-05-06 10:53:30-- http://ftp.isc.org/isc/bind9/9.7.0-P1/bind-9.7.0-P1.tar.gz Resolving ftp.isc.org... 204.152.184.110, 2001:4f8:0:2::18 Connecting to

RE: ftp.isc.org is down

2010-05-06 Thread Jack Tavares
also fails From: bind-users-bounces+j.tavares=f5@lists.isc.org [mailto:bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Jack Tavares Sent: Thursday, May 06, 2010 10:55 AM To: bind-users@lists.isc.org Subject: ftp.isc.org is down Not quite the right place to report

RE: ftp.isc.org is down

2010-05-06 Thread Jack Tavares
] From: Jack Tavares Sent: Thursday, May 06, 2010 11:07 AM To: Jack Tavares; bind-users@lists.isc.org Subject: RE: ftp.isc.org is down Acouple people have pointed out that I am attempting to connect to ftp.isc.orgftp://ftp.isc.org using http. That is so, but that is what happens if you use

ftp.isc.org back up

2010-05-06 Thread Jack Tavares
from isc.org: ISC experienced a fiber outage this morning that affected some of our services. It has now been fixed and you should be able to reach all of the download servers. ___ bind-users mailing list bind-users@lists.isc.org

RE: Question about message your system is lacking dev/random (or equivalent)

2010-04-13 Thread Jack Tavares
Perhaps you have configured it to run in a chroot jail and have not fully outfitted the chroot with /dev/random this is old, but looks to be accurate, at least when talking about the /dev/random file on linux. You didn't even specify what OS you are running on:

RE: threading and linux (2.6.

2010-03-17 Thread Jack Tavares
You said: On most operating systems, the default is threaded. On linux, the default is unthreaded, for historical reasons having t do with an odd interaction between linux threads and linux process privileges. I expect we'll correct this fairly soon; it's on the to-do list for 9.7.1. [Jack

threading and linux (2.6.

2010-03-16 Thread Jack Tavares
Hello - What is the default build on linux (2.6) with regard to threads. If I don't explicitly enable or disable threads, does named run threaded or unthreaded? Thanks -- jack ___ bind-users mailing list bind-users@lists.isc.org

RE: is it possible to dynamically update an RRSIG record?

2010-01-26 Thread Jack Tavares
Jack Tavares wrote: Looking at the code for libbind, specifically res_nmkupdate, there is no case statement for RRSIG records. In this case, I was trying to update the TTL. Is that not allowed intentionally? I think so. The TTL of a RRSIG RR *MUST* match the TTL value of the RRset

RE: can't query for RRSIG that references NSEC3

2009-06-24 Thread Jack Tavares
Thanks. I obviously missed that part of the rfc. -- Jack Tavares From: Chris Thompson [c...@hermes.cam.ac.uk] On Behalf Of Chris Thompson [c...@cam.ac.uk] Sent: Wednesday, June 24, 2009 18:44 To: Jack Tavares Cc: Bind Users Mailing List Subject: RE

/dev/random in chroot jail causing errors with nsupdate of dnssec signed zone

2009-05-14 Thread Jack Tavares
-tos I have seen all talk about re-creating /dev/null and /dev/random etc) Note: I also tried generating the keys not using /dev/urandom, and have the same inconsistent behavior with the chroot /dev/random present. -- Jack Tavares ___ bind-users

RE: /dev/random in chroot jail causing errors with nsupdate of dnssec signed zone

2009-05-14 Thread Jack Tavares
the chroot random, but I would still like to know why using the chrooted /dev/random causes this problem. -- Jack Tavares AIM: jacktavares SKYPE: jackandkaddee Reminder: I am at GMT+2, 10 hours AHEAD of Seattle. My workweek is Sunday-Thursday. Email sent to me Thursday afternoon (PST) may

error while attempting to use nsupdate on a DNSSEC signed zone

2009-05-13 Thread Jack Tavares
setup and the regeneration of the RRSIG/NSEC keys is failing. (I have tried it with both NSEC and NSEC3 keys) I will put together a (simpler) named.conf and zone file that causes this and post that info, but I was hoping that maybe somebody has seen this and has an idea. Thanks -- Jack Tavares

RE: error while attempting to use nsupdate on a DNSSEC signed zone

2009-05-13 Thread Jack Tavares
I am running bind in a chroot jail, btw. I had this working a while ago, and left it for a while and then tried to set it up again, with no luck. I am sure it is something simple... -- Jack Tavares From: bind-users-boun...@lists.isc.org [bind-users-boun

RE: error while attempting to use nsupdate on a DNSSEC signed zone

2009-05-13 Thread Jack Tavares
-directory /config/namedb; -- Jack Tavares From: mark_andr...@isc.org [mark_andr...@isc.org] Sent: Wednesday, May 13, 2009 10:38 To: Jack Tavares Cc: bind-users@lists.isc.org Subject: Re: error while attempting to use nsupdate on a DNSSEC signed zone In message

RE: error while attempting to use nsupdate on a DNSSEC signed zone

2009-05-13 Thread Jack Tavares
Tavares From: Alexa Petrean [apetr...@bluecatnetworks.com] Sent: Wednesday, May 13, 2009 17:50 To: Jack Tavares Cc: bind-users@lists.isc.org Subject: RE: error while attempting to use nsupdate on a DNSSEC signed zone I've encountered a similar issue when

NS_NXT_BITS for NSEC records

2009-04-02 Thread Jack Tavares
, but I was wondering if there is a plan for updateing nameser.h? Thanks -- Jack Tavares ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

RE: NS_NXT_BITS for NSEC records

2009-04-02 Thread Jack Tavares
Sorry. I still have libbind-6.0b1. I missed the announcement that libbind6.0 had shipped. What I need is in libbind6.0 Thank you From: bind-users-boun...@lists.isc.org [bind-users-boun...@lists.isc.org] On Behalf Of Jack Tavares [j.tava...@f5.com] Sent

RE: ResendRE: ns_type question

2009-02-24 Thread Jack Tavares
No, you're looking at the right place, and libbind isn't supposed to provide any new feature regarding the new DNSSEC spec. Ok. So is there a 'C' api for dealing with DNSSEC in this regard? Hmm...I was wrong. There's actually a planned patch to introduce newer types in nameser.h,

RE: libbind 6.0b1 bug?

2009-02-24 Thread Jack Tavares
Thank you Actually, it is a compile time problem. Is there a place on the isc.org website to report a bug on libbind? I ddn't see it anywhere. libbind-b...@isc.org -- jack ___ bind-users mailing list bind-users@lists.isc.org

libbind 6.0b1 bug?

2009-02-23 Thread Jack Tavares
Actually, it is a compile time problem. Is there a place on the isc.org website to report a bug on libbind? I ddn't see it anywhere. Thanks -- Jack Tavares ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo

RE: ResendRE: ns_type question

2009-02-17 Thread Jack Tavares
From: JINMEI Tatuya / 神明達哉 [jinmei_tat...@isc.org] I have downloaded libbind6.0b1 My question is; the arpa/nameser.h file included does not include type definitions for DNSKEY (or other dnssec rr types) in the ns_type enum. am I looking in the wrong place? No, you're looking at the

ResendRE: ns_type question

2009-02-15 Thread Jack Tavares
Hello - Any suggestions on this? Thank you -- Jack Tavares From: bind-users-boun...@lists.isc.org [bind-users-boun...@lists.isc.org] On Behalf Of Jack Tavares [j.tava...@f5.com] Sent: Wednesday, February 11, 2009 15:00 To: bind-users@lists.isc.org Subject

ns_type question

2009-02-11 Thread Jack Tavares
I have downloaded libbind6.0b1 My question is; the arpa/nameser.h file included does not include type definitions for DNSKEY (or other dnssec rr types) in the ns_type enum. am I looking in the wrong place? Thanks -- Jack Tavares ___ bind-users

RE: is this a valid zone file?

2008-12-22 Thread Jack Tavares
03:17:53 2008 ;; MSG SIZE rcvd: 69 So I am trying to figure out, if named wont serve the 0/16 NS record from 168.192 zone, what is the purpose of putting it there? -- Jack Tavares AIM: jackatavares SKYPE: jackandkaddee Reminder: I am at GMT+2, 10 hours AHEAD of Seattle. My workweek is Sunday

RE: is this a valid zone file?

2008-12-21 Thread Jack Tavares
as specified, wouldn't this zone then be non-authoritative -- Jack Tavares AIM: jackatavares SKYPE: jackandkaddee Reminder: I am at GMT+2, 10 hours AHEAD of Seattle. My workweek is Sunday-Thursday. Email sent to me Thursday afternoon (PST) may not be viewed until Sunday morning (GMT+2

is this a valid zone file?

2008-12-21 Thread Jack Tavares
193.192/26.2.0.192.in-addr.arpa. 194 CNAME 194.192/26.2.0.192.in-addr.arpa. 195 CNAME 195.192/26.2.0.192.in-addr.arpa. That has no NS server defined for the zone, just the ranges of the zone. Is that valid? o -- Jack Tavares