Re: Compile problems on musl/arm32 since 9.16.8

2021-07-18 Thread Mark Andrews
d to provide enough details at this stage. Please be > gentle... > > Thanks > > Ed W > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the develop

Re: query-source and listened interfaces

2021-07-08 Thread Mark Andrews
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list >

Re: non-improving referral

2021-07-07 Thread Mark Andrews
: 176 msec ;; SERVER: 64.70.78.82#53(64.70.78.82) ;; WHEN: Thu Jul 08 15:09:04 AEST 2021 ;; MSG SIZE rcvd: 121 % > On 8 Jul 2021, at 01:03, tale wrote: > > On Mon, Jul 5, 2021 at 8:20 PM Mark Andrews wrote: >> This is an error with the delegation of ok.contact. The NS record

Re: compile flag to disable AAAA responses is unrecognized

2021-07-06 Thread Mark Andrews
> Scott Strattner > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact

Re: Problem with internal/external VIEWs

2021-07-05 Thread Mark Andrews
tinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list >

Re: non-improving referral

2021-07-05 Thread Mark Andrews
t; > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrew

Re: dig standalone source?

2021-07-05 Thread Mark Andrews
gt; > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andre

Re: 'managed-keys' is deprecated ??

2021-06-14 Thread Mark Andrews
gt; bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please v

Re: 9.11 to 9.16: need directions

2021-06-13 Thread Mark Andrews
Mbox names are user\.host.example where \. embeds a period in the label. -- Mark Andrews > On 13 Jun 2021, at 21:09, Eric Germann via bind-users > wrote: > > bind doesn’t support @ signs for the email contact. It would be > root.rn6.xyz.local > > Line

Re: 9.11 to 9.16: need directions

2021-06-12 Thread Mark Andrews
the .local. -- Mark Andrews > On 13 Jun 2021, at 10:33, ToddAndMargo via bind-users > wrote: > > On 6/12/21 5:30 PM, ToddAndMargo via bind-users wrote: >> Hi All, >> I just upgraded from Fedora 33 to Fedora 34. >> Bind was updated from 9.11 to 9.16 in Fedora

Re: no _smtp_tls in published zone

2021-06-01 Thread Mark Andrews
listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org >

Re: configure notify for ixfer?

2021-06-01 Thread Mark Andrews
support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia

Re: Inline signing fails dnsviz test - STILL [LONG]

2021-05-16 Thread Mark Andrews
dig -v > DiG 9.16.15 > > > On 5/16/2021 12:06 AM, Mark Andrews wrote: >> >>> On 16 May 2021, at 10:17, Dan Egli via bind-users >>> wrote: >>> >>> On 5/10/2021 12:38 PM, Tony Finch wrote: >>>> Dan Egli >>>> wrote: >>>

Re: Inline signing fails dnsviz test - STILL [LONG]

2021-05-16 Thread Mark Andrews
inline-signing yes; > dnssec-policy default; > }; > }; > Help? If you have errors reaching me, try d...@eglifamily.name, as it doesn't > seem to be having issues. > --Dan Egli > From my Test Server > > __

Re: ISC Bind as secondary to Windows Server: bad bitmap error on named xfer.

2021-05-12 Thread Mark Andrews
There is enough information to reproduce. Dig does have +besteffort but it doesn’t recover from this. You don’t want default handling to accept broken records so just skipping isn’t good behavior. It should be possible to extend +besteffort to print bad records in unknown format. -- Mark

Re: [External] strange queries incrementing letter by letter

2021-05-07 Thread Mark Andrews
Some piece of software trying to speed up resolution by resolving names as you type. -- Mark Andrews > On 8 May 2021, at 04:21, Kevin A. McGrail wrote: > >  > Weird. > > Thoughts are: > > Bad software? What we call ratware. > > UDP/TCP Firewall

Re: Bind won't listen

2021-05-06 Thread Mark Andrews
aid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley

Re: Bind refusing my DKIM key

2021-05-06 Thread Mark Andrews
> bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___

Re: took a while to figure out why all your tests fail

2021-05-06 Thread Mark Andrews
First of all the user running the tests needs to be able to write to bin/tests/system. See the permission denied from tee. -- Mark Andrews > On 7 May 2021, at 08:20, Dennis Clarke via bind-users > wrote: > >  > > I very carefully created an airgap test system for th

Re: Slightly baffled about Undefined symbols that are in OpenSSL

2021-05-05 Thread Mark Andrews
Use a non EoL version of OpenSSL. -- Mark Andrews > On 5 May 2021, at 22:32, Dennis Clarke via bind-users > wrote: > >  > This has kept me spinning in a few hours since yesterday. So I gave a > try at configure and compile of bind-9.11.31 on ye Fujitsu/Oracle SPARC > S

Re: managed-keys-error since BIND-9.16.15

2021-05-02 Thread Mark Andrews
0:20:28.532 general: error: > /var/named/slave/example.com.hosts.jnw: journal file corrupt: expected serial > 2021050100, got 2021050300 > 03-May-2021 00:20:28.532 general: error: zone example.com/IN: > dns_journal_compact failed: unexpected error > > Thank you. > Kin

Re: managed-keys-error since BIND-9.16.15

2021-05-01 Thread Mark Andrews
Named should automatically correct this error. The journal version was not updated when the transaction header was updated. This has been corrected and named detects the unexpected transaction header and writes out a corrected journal. -- Mark Andrews > On 30 Apr 2021, at 21:16, Tom wr

Re: Configuring the location of named .jnl files

2021-04-26 Thread Mark Andrews
/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https:

Re: Configuring the location of named .jnl files

2021-04-25 Thread Mark Andrews
> Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE

Re: Ask for automated KSK roll with DS checking

2021-04-15 Thread Mark Andrews
d. > > Seeing that I still need some scripting, does anyone already have scripts > that work? > > -- > Bob Harold > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list

Re: Ask for automated KSK roll with DS checking

2021-04-15 Thread Mark Andrews
later. Slight or moderate, > becoming rough later in west. Fair. Good. > > Seeing that I still need some scripting, does anyone already have scripts > that work? > > -- > Bob Harold > > ___ > Please visit http

Re: Preventing a particular type of nameserver abuse

2021-04-14 Thread Mark Andrews
ith paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHO

Re: No logging of failed queries

2021-04-13 Thread Mark Andrews
Real world configurations would have a catch all view after the more specific views. Add one. -- Mark Andrews > On 13 Apr 2021, at 22:41, Sachchidanand Upadhyay via bind-users > wrote: > >  > Hi, > >I am using bind's geoip feature, created one ACL to a

Re: Zone 126.0.0.1 has 0 SOIA records

2021-04-12 Thread Mark Andrews
re with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, A

Re: forwarding zone setup from a BIND slave (without recursion?)

2021-04-07 Thread Mark Andrews
https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-use

Re: Maximum limit in a NAPTR RR

2021-03-31 Thread Mark Andrews
iptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9

Re: 9.16.13 overwrote master files

2021-03-29 Thread Mark Andrews
GIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Mon, 2021-03-29 at 12:54 +1100, Mark Andrews wrote: >> What do you have in options? > > options { >directory "/var/named"; >allow-recursion { "friends"; }; >dnssec-enable yes; >

Re: 9.16.13 overwrote master files

2021-03-28 Thread Mark Andrews
__ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing

Re: Timeout setting

2021-03-26 Thread Mark Andrews
> On 26 Mar 2021, at 20:44, FUSTE Emmanuel > wrote: > > Le 25/03/2021 à 22:15, Mark Andrews a écrit : >> This is a bug in postfix. Temporary failures in the DNS are not supposed to >> result in permanent failure at the SMTP level. SERVFAIL is not NXDOMAIN. >>

Re: BIND 9.16.13 and Mac OS X 10.13.6 - problems with ./configure

2021-03-25 Thread Mark Andrews
ailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https

Re: Timeout setting

2021-03-25 Thread Mark Andrews
This is a bug in postfix. Temporary failures in the DNS are not supposed to result in permanent failure at the SMTP level. SERVFAIL is not NXDOMAIN. -- Mark Andrews > On 26 Mar 2021, at 04:12, Julien Salort wrote: > > Hello, > > > I have a VPS running postfix and b

Re: Compile Errors, Apple Silicon (M1), BIND 9.16.13

2021-03-22 Thread Mark Andrews
t; ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for

Re: Broken signatures on packages.sury.org

2021-03-17 Thread Mark Andrews
d buster InRelease > The following signatures were invalid: EXPKEYSIG B188E2B695BD4743 > DEB.SURY.ORG Automatic Signing Key > > I haven't seen any official word from ISC that there are new keys to > grab, so wanted to check that someone isn't messing about with your > repository. > _

Re: Using NAT64 for IPv6 only DNS resolvers

2021-03-15 Thread Mark Andrews
nd-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.o

Re: Zone set for dynamic updating isn't updating

2021-03-04 Thread Mark Andrews
as they add additional constraints. Additionally if you are running as root named does not have permission to override file permissions root normally has. -- Mark Andrews > On 5 Mar 2021, at 05:59, Bruce Johnson wrote: > > We have one zone set for Active directory to update dynamically

Re: BIND server; dig vs dig +trace on failing lookup.

2021-03-02 Thread Mark Andrews
unsubscribe from this list > > >> ISC funds the development of this software with paid support > >> subscriptions. Contact us at https://www.isc.org/contact/ for more > >> information. > > > >> bind-users mailing lis

Re: BIND server; dig vs dig +trace on failing lookup.

2021-03-02 Thread Mark Andrews
___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-us

Re: dnstap shows little logging at debug 10

2021-03-01 Thread Mark Andrews
gt; > Any idea what I am doing wrong? > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Con

Re: Impact on removing IPV6 DNS Server from client terminals when Dual-stack is enabled

2021-02-28 Thread Mark Andrews
ps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bin

Re: TXT & SPF Record Syntax

2021-02-28 Thread Mark Andrews
ind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit

Re: Filtering A records in combination with DNS64

2021-02-18 Thread Mark Andrews
ww.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.o

Re: underscore in A or PTR records

2021-02-17 Thread Mark Andrews
No. The PTR records that map from IP address to hostname enforce the hostname rules. -- Mark Andrews > On 18 Feb 2021, at 02:20, Sten Carlsen wrote: > >  > >> On 17 Feb 2021, at 12.34, ONRUBIA AVILES Carlos (CCS/MST) >> wrote: >> >> Hello, >&

Re: underscore in A or PTR records

2021-02-17 Thread Mark Andrews
isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _

Re: Problems with interfaces going down

2021-02-14 Thread Mark Andrews
> > _______ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/con

Re: Problems with interfaces going down

2021-02-14 Thread Mark Andrews
___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mail

Re: Trying again on SERVFAIL

2021-02-11 Thread Mark Andrews
things faster. I’ve seem day long outages in the last 7 days. They still happen. Personally I was happy the emails queued. -- Mark Andrews > On 11 Feb 2021, at 23:26, Alessandro Vesely wrote: > > On Wed 10/Feb/2021 22:38:05 +0100 J Doe wrote: >> Out of curiosity, what s

Re: Bind 9.11 serving up false answers for a single domain.

2021-02-10 Thread Mark Andrews
Because they are connected at different points in the network and as such see different network faults. The servers can all be working fine, it the connections between them that are not working. -- Mark Andrews > On 11 Feb 2021, at 04:54, sami's strat wrote: > >  > T

Re: Bind 9.11 serving up false answers for a single domain.

2021-02-09 Thread Mark Andrews
/h0SxXWlQXi+W3G9LN > +4z/qxtl9dGD1ka54Ln3MAVxB1Tp4pt0ri4qPLmfGKf/HA== > couldn't get address for 'internet-dns3.state.ma.us': not found > couldn't get address for 'internet-dns1.state.ma.us': not found > couldn't get address for 'internet-dns2.state.ma.us': not found > dig: couldn't

Re: Bind 9.11 serving up false answers for a single domain.

2021-02-09 Thread Mark Andrews
not found > couldn't get address for 'internet-dns3.state.ma.us': not found > couldn't get address for 'internet-dns2.state.ma.us': not found > dig: couldn't get address for 'internet-dns1.state.ma.us': no more -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHON

Re: Forward zone does not work when allow recursive is restrictive

2021-02-09 Thread Mark Andrews
___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more info

Re: rDNS for RFC1918 network fails

2021-01-24 Thread Mark Andrews
Use the correct zone name. 1.168.192.IN-ADDR.ARPA You have the full /24 so you don’t need to use RFC2317 techniques. -- Mark Andrews > On 25 Jan 2021, at 08:04, Alex wrote: > > Hi, I have a fedora32 system with bind-9.11.25 and having a problem > with setting up a

Re: Secure Active Directory updates and allow-update-forwarding issues

2021-01-19 Thread Mark Andrews
Forwarding is designed for TSIG and works for SIG(0). It doesn’t work for GSS-TSIG. -- Mark Andrews > On 19 Jan 2021, at 22:23, Nagesh Thati wrote: > >  > Hi, > I am getting update failed on master DNS appliance when I am using > allow-update-forwadin

Re: "not subdomain of zone {XXXX} -- invalid response" errors found in named.run log

2021-01-13 Thread Mark Andrews
bdomain of zone {} -- invalid response" errors > found in named.run log > > Thanks mark, but why this issue is related to load balancer? > > > > -- Original Message -- > From: "Mark Andrews"; > Date: 202

Re: SRV Record Server Availability

2021-01-06 Thread Mark Andrews
tion. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC fun

Re: unsubscribe

2021-01-06 Thread Mark Andrews
ct/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org __

Re: "not subdomain of zone {XXXX} -- invalid response" errors found in named.run log

2021-01-06 Thread Mark Andrews
Complain to the administrators of the zone. They have not properly delegated it. We see this often with load balancers. The zone a.b.example has been delegated but the answer is as if it is from b.example. -- Mark Andrews > On 6 Jan 2021, at 21:02, 同屋 <39223...@qq.com&

Re: check-names conflicts with SPF macro definition

2021-01-04 Thread Mark Andrews
se visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list >

Re: Quick dynamic DNS?

2020-12-24 Thread Mark Andrews
See draft-ietf-dnssd-srp -- Mark Andrews > On 25 Dec 2020, at 12:22, Grant Taylor via bind-users > wrote: > > On 12/24/20 3:05 PM, Mark Andrews wrote: >> TSIG, GSS-TSIG and SIG(0) are all secure mechanisms to update DNS zones. > > Thank you for the follow up Mark

Re: Quick dynamic DNS?

2020-12-24 Thread Mark Andrews
means as long as the KEY records where added at the same time. -- Mark Andrews > On 25 Dec 2020, at 07:46, Grant Taylor via bind-users > wrote: > > On 12/24/20 8:48 AM, @lbutlr wrote: >> That is what example.com always is, yes. > > Sorry. I'm so used to people not usi

Re: special solution needed please

2020-12-20 Thread Mark Andrews
ached part in memory ... > > nslookup www.lan.home.arpa2001:db8:0:0:0::10 > this works from any client > > how can I face this? > > any hints/suggestions would be great; > > Thanks, > Walter > > > _______ &g

Re: Forwarded lookup failing on no valid RRSIG

2020-12-20 Thread Mark Andrews
validation yourself, or select a better upstream. Personally I'd go > looking for a better upstream (or just stop using a forwarder entirely, and > do your own direct recursion, if that's possible in your environment). -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE

Re: bind refusing update [never mind]

2020-12-19 Thread Mark Andrews
Stop using IP addresses for UPDATE authentication. Use TSIG instead between the DHCP server and named. -- Mark Andrews > On 19 Dec 2020, at 18:25, Dan Egli wrote: > > I guess sometimes you just need to look at it in a differnet way. I never > noticed it was using the 10.0.2.

Re: Forwarded lookup failing on no valid RRSIG

2020-12-18 Thread Mark Andrews
Correct it is not validating. Additionally it isn’t even DNSSES aware. It will need to be updated for you to validate through it. -- Mark Andrews > On 19 Dec 2020, at 05:07, Nicolas Bock wrote: > > Hi Mark, > > Thanks so much for the reply. I ran this command a

Re: Forwarded lookup failing on no valid RRSIG

2020-12-17 Thread Mark Andrews
> Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742

Re: How Zone Files Are Read

2020-12-16 Thread Mark Andrews
of the authoritative nodes in the zone should be glue information, rather than the result of an origin or similar error." Those of use with long memories have seen all the errors scenarios reported here play out in real life because early versions of BIND did just drop bad lines an

Re: query-source and recursive options

2020-12-16 Thread Mark Andrews
Nameservers generate their own requests. Nameservers have to translate names to addresses as part of the notify process. -- Mark Andrews > On 16 Dec 2020, at 19:18, Xinyu Wang wrote: > >  > > > Hi guys, I noticed query-source takes effect even recursive is set fal

Re: Bind: named can't listen while using VRF

2020-12-14 Thread Mark Andrews
bscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Au

Re: Weird DNS behaviour resolution issues when more labels are present in a zone

2020-12-13 Thread Mark Andrews
/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc

Re: How to selectively skip DNSSEC validation?

2020-12-07 Thread Mark Andrews
nside a zone definition. > > I look forward to your advice in this matter. > > Andrew Pavlin, KA2DDO > member, Amateur Radio Emergency Service > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe

Re: Two copies of recent posts

2020-11-25 Thread Mark Andrews
://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lis

Re: Servfail on Bind -9.16.1

2020-11-22 Thread Mark Andrews
9781 > ;; flags: qr rd ra cd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags: do; udp: 4096 > ; COOKIE: 028fb4fde9f61d5301005fbb1fcca2b3cd29887d7e13 (good) > ;; QUESTION SECTION: > ;www.facebook.com. IN DNS

Re: Servfail on Bind -9.16.1

2020-11-22 Thread Mark Andrews
.org/mailman/listinfo/bind-users > > > -- > upen, > emerge -uD life (Upgrade Life with dependencies) > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the d

Re: "in-view" behavior

2020-10-30 Thread Mark Andrews
___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more in

Re: How do I insert "CDS 0 0 0 0"?

2020-10-04 Thread Mark Andrews
All the fields must exist. NET_DNS2 is wrong. There must only be the delete cds/cdnskey records and not any other cds/cdnskey records. Publish and delete instructions at the same time is not consistent. -- Mark Andrews > On 5 Oct 2020, at 00:02, Mark Andrews wrote: > Use up t

Re: How do I insert "CDS 0 0 0 0"?

2020-10-04 Thread Mark Andrews
Use up to date software. -- Mark Andrews > On 4 Oct 2020, at 23:48, Mark Elkins wrote: > >  What is the magic incantation to inserting a "CDS 0 0 0 0" record in BIND. > Version - BIND 9.16.6 (Stable Release) > I've read RFC8070 - which says... (https://to

Re: bind 9.16.7 Odd query error (Borja Marcos)

2020-10-01 Thread Mark Andrews
> On 1 Oct 2020, at 16:30, Borja Marcos wrote: > > > >> On 30 Sep 2020, at 22:34, Mark Andrews wrote: >> >> No, it’s just fetches per query taking effect. With a empty cache there are >> just too many queries made looking up addresses of name se

Re: bind 9.16.7 Odd query error (Borja Marcos)

2020-09-30 Thread Mark Andrews
No, it’s just fetches per query taking effect. With a empty cache there are just too many queries made looking up addresses of name servers. You can raise the default slightly. -- Mark Andrews > On 1 Oct 2020, at 01:29, Borja Marcos wrote: > >  > >> On 30 Sep 2

Re: different TTLs for multiple TXT records

2020-09-26 Thread Mark Andrews
It won’t happen and there is zero point in doing so as all RRs in a RRset are deleted at the same time. -- Mark Andrews > On 26 Sep 2020, at 23:59, Verne Britton wrote: > > I see that RFC2181, written I think 20+ years ago, says in part > > >> >> 5

Re: AppArmor, DHCP, Bind9 issue

2020-09-22 Thread Mark Andrews
Put the zone file in /var/lib/bind and update named.conf. -- Mark Andrews > On 23 Sep 2020, at 00:43, Olivier wrote: >  > Hello, > > I've got one ISC-DHCP server instance (4.4.1) and one Bind9 (9.11.5) instance > installed on a Debian Buster box. > Both come from Debia

Re: Problem building BIND 9.11.23 on SPARC Solaris 10 w/ isc_atomic_xadd

2020-09-16 Thread Mark Andrews
t; > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for m

Re: bind v6 record

2020-09-14 Thread Mark Andrews
uukhuu > > Engineer > TPD/ETSD > UNESCO street - 28, MPM Complex > Ulaanbaatar -14220, Mongolia > Mobile: (976) 94081017 > Web: www.mobicom.mn > > Before you start - Be safety smart > > > > From: Mark Andrews > Sent: Tuesday, September 15, 2020

Re: bind v6 record

2020-09-14 Thread Mark Andrews
vd: 122 > > > > > Have a nice day :) > BR, NYAMKHAND Buluukhuu > > Engineer > TPD/ETSD > UNESCO street - 28, MPM Complex > Ulaanbaatar -14220, Mongolia > Mobile: (976) 94081017 > Web: www.mobicom.mn > > Before you start - Be safety smart > &

Re: bind v6 record

2020-09-14 Thread Mark Andrews
ww.mobicom.mn > > Before you start - Be safety smart > > > > From: Mark Andrews > Sent: Monday, September 14, 2020 5:22 PM > To: Nyamkhand Buluukhuu > Cc: bind-users@lists.isc.org > Subject: Re: bind v6 record > > You have a out-of-date local copy of the zo

Re: bind v6 record

2020-09-14 Thread Mark Andrews
ort subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2

Re: rbldnsd and DNSSEC compatibility issues - any suggestions?

2020-09-13 Thread Mark Andrews
>> knowing that such MISuse of my service isn't going to take out an >> entire datacenter for hours (with MANY innocent bystanders taken out, >> too!) with a DOS attack due to those queries NOT ending with a >> valid/public domain name, thus making such an attack impossible. >

Re: rbldnsd and DNSSEC compatibility issues - any suggestions?

2020-09-11 Thread Mark Andrews
> On 11 Sep 2020, at 22:22, Rob McEwen wrote: > > On 9/11/2020 2:46 AM, Mark Andrews wrote: >> validate-except (I typo’d it the second time, unfortunately expect and >> except are both valid words). > > I got so far down the rabbit trail with your oth

Re: rbldnsd and DNSSEC compatibility issues - any suggestions?

2020-09-11 Thread Mark Andrews
out what exactly you were suggesting. > > Rob McEwen > > On 9/11/2020 1:32 AM, Mark Andrews wrote: >>> On 11 Sep 2020, at 15:04, Rob McEwen wrote: >>> >>> Mark, >>> >>> The whole usage of DNS by the anti-spam industry in our DNSBLs

Re: rbldnsd and DNSSEC compatibility issues - any suggestions?

2020-09-10 Thread Mark Andrews
those. RFCs > were written by humans. Humans make mistakes Actually I did. I said "add validate-expect entries to named.conf”. > And it's too bad that the maintainers of BIND didn't anticipate that there > might be local-data situations where sys admins should be given the ability

Re: rbldnsd and DNSSEC compatibility issues - any suggestions?

2020-09-10 Thread Mark Andrews
ould be EXCELLENT news! Or, if that doesn't actually fix my problem, do > you have any suggestions that actually address my actual question? I gave you a answer. See below. Mark > Rob McEwen > > On 9/10/2020 7:37 PM, Mark Andrews wrote: >> .local is for mDNS (RFC 6762).

Re: rbldnsd and DNSSEC compatibility issues - any suggestions?

2020-09-10 Thread Mark Andrews
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more info

Re: Upgrading from 9.14.12 to 9.16.4 - with existing DNSSEC zones

2020-09-01 Thread Mark Andrews
list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark

Re: dnssec-keygen getting dates wrong

2020-08-30 Thread Mark Andrews
t https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc

Re: Error "Query section mismatch : got"

2020-08-19 Thread Mark Andrews
ark the movie) > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.

Re: intermittent failures and queries sent over TCP

2020-08-18 Thread Mark Andrews
disable-empty-zone > "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; > > > querylog yes; > > > }; > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe &g

Re: Invalid class in dns query

2020-08-05 Thread Mark Andrews
gt; ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1

  1   2   3   4   5   6   7   8   9   10   >