id support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61
> On 11 Sep 2024, at 16:06, Lee wrote:
>
> On Tue, Sep 10, 2024 at 10:52 PM Mark Andrews wrote:
>>
>>> On 11 Sep 2024, at 12:10, Lee wrote:
>>>
>>> On Tue, Sep 10, 2024 at 6:17 PM Mark Andrews wrote:
>>>>
>>>> Comma is legal
> On 11 Sep 2024, at 12:10, Lee wrote:
>
> On Tue, Sep 10, 2024 at 6:17 PM Mark Andrews wrote:
>>
>> Comma is legal in a domain name. It isn’t legal in a host name which are a
>> subset of domain names. Named-checkzone is working exactly as it should.
>
>
Comma is legal in a domain name. It isn’t legal in a host name which are a
subset of domain names. Named-checkzone is working exactly as it should.
If the current origin is example.com. then comma expands to ,.example.com. as
it is treaded as a relative name.
--
Mark Andrews
> On 11
>
> ---+---------
> 117965258 | ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: **
> +
> | ;; flags: qr rd ra; QUESTION: 1, ANSWER: 0, AUTHORIT
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing
On further reflection I suspect broken clocks. Named uses If-Modified-Since to
determine
whether to resend the style file. Named uses the server’s start time as the
modification time
in that calculation.
> On 26 Aug 2024, at 11:06, Mark Andrews wrote:
>
> We are probably not
o looks like I'll have to find out why collecting BIND
> stats via collectd (5.12.0) no longer works after upgrading to
> 9.20.x.
>
> Best regards,
>
> - Håvard
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
>
> On 19 Aug 2024, at 00:59, Marco Moock wrote:
>
> Am 18.08.2024 um 23:44:26 Uhr schrieb Mark Andrews:
>
>>> On 18 Aug 2024, at 20:32, Marco Moock wrote:
>
>> It is. Go to the product page. Look at panel 3 “Configuration".
>> Click on "Admini
this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
>
Negative cache entries.
--
Mark Andrews
> On 15 Aug 2024, at 22:10, Marco Moock wrote:
>
> Hello!
>
> named.stats includes that:
>
> [...]
> ++ Cache DB RRsets ++
> [View: default]
>3184 A
>1059 NS
>
to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/li
he development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas
gt;
>category security { bind_log; };
>
> };
>
>
>
>
> alpha_one_x86/BRULE Herman
> Main developer of Supercopier/Ultracopier/CatchChallenger, Esourcing and
> server management
> IT, OS, technologies, research & development, security and business d
oftware with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Austra
N A
>
> ;; Query time: 87 msec
> ;; SERVER: 199.38.247.210#53(199.38.247.210) (UDP)
> ;; WHEN: Mon Jul 15 00:56:01 UTC 2024
> ;; MSG SIZE rcvd: 67
> alpha_one_x86/BRULE Herman
> Main developer of Supercopier/Ultracopier/CatchChallenger, Esourcing and
> server ma
88
[ant:~/git/bind9] marka%
Mark
> alpha_one_x86/BRULE Herman
> Main developer of Supercopier/Ultracopier/CatchChallenger, Esourcing and
> server management
> IT, OS, technologies, research & development, security and business department
> On 7/12/24 19:01, Mark Andrews wrote:
&
gt; this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
tact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNE
24, at 07:00, Mark Andrews wrote:
>
> It’s just a false positive when the result is NXDOMAIN. Because people forget
> to put delegating NS records in parent zones when both are served by the same
> server the lookups continue on NXDOMAIN. There is an issue to address this.
>
>
It’s just a false positive when the result is NXDOMAIN. Because people forget
to put delegating NS records in parent zones when both are served by the same
server the lookups continue on NXDOMAIN. There is an issue to address this.
--
Mark Andrews
> On 25 Jun 2024, at 06:36, Peter wr
> On 20 Jun 2024, at 15:29, Michael Richardson wrote:
>
>
> Mark Andrews wrote:
>> Named and nsupdate validate input for types they know about (both text
>> and wire). You would have to use versions that are not HTTPS aware and
>> use unknown type format.
>
Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INT
tware with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, A
Have you read the fine documentation on BIND where it is stated this is not
(currently) possible?
If you want to extend named to support this we would be happy to review a
change request. It is complicated however which is why it has not been done.
--
Mark Andrews
> On 13 Jun 2024, at
gt; Contact us at https://www.isc.org/contact/ for more information.
>>
>>
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>> --
>> - Andrew "lathama" Latham -
>>
rs to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mai
insecure. It is just that a myth. Not posting them just makes it harder for
other people to help you.
Mark
> From nsupdate:
>
> nsupdate -L99 -dD -k TrueNAS.key nsupdate-cmds-py.txt
>
> show_message()
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, sta
given
NOTHING for people to work with to help you.
Mark
> On 27 May 2024, at 13:39, Mark Andrews wrote:
>
>
>
>> On 25 May 2024, at 03:25, Erik Edwards via bind-users
>> wrote:
>>
>> algorithm hmac-sha256;
>>
>> named-checkconf -p shows
re information.
>>
>>
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the devel
DNSSEC or adding a HINFO
record for every name in your zone when offline signing.
Mark
--
Mark Andrews
> On 21 May 2024, at 00:31, Ondřej Surý wrote:
>
> I would suggest you to create a feature request in our GitLab. This way it
> won't get lost
> in the tides of time
Named does not support this. There is no requirement to support this.
--
Mark Andrews
> On 21 May 2024, at 00:04, Amaury Van Pevenaeyge
> wrote:
>
>
> Hello everyone,
>
> How is it possible to set up a resource record of type HINFO so that it is
> returned on e
t;
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, I
reports due to garbage records at the zone apex.
Mark
--
Mark Andrews
> On 17 May 2024, at 23:31, Stephane Bortzmeyer wrote:
>
> On Fri, May 17, 2024 at 03:25:01PM +0200,
> Matus UHLAR - fantomas wrote
> a message of 43 lines which said:
>
>> I have noticed that BI
h paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHON
re information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.
> On 1 May 2024, at 22:25, Walter H. via bind-users
> wrote:
>
> On 01.05.2024 01:33, Mark Andrews wrote:
>>
>>> On 1 May 2024, at 03:32, Lee wrote:
>>>
>>> On Mon, Apr 29, 2024 at 11:40 PM Walter H. wrote:
>>>> On 29.04.2024 22:19,
is list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Ma
:54 AEST 2024
;; MSG SIZE rcvd: 203
%
> On 30 Apr 2024, at 06:55, Lee wrote:
>
> On Sun, Apr 28, 2024 at 7:56 PM Mark Andrews wrote:
>>
>> It isn’t DNSSEC. It’s a badly configured DNS server that is claiming that it
>> serves .com rather than dnssec-analy
port subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2
I prefer to only name and shame when I’m 100% sure of the target.
--
Mark Andrews
> On 30 Apr 2024, at 06:56, Lee wrote:
>
> On Sun, Apr 28, 2024 at 7:56 PM Mark Andrews wrote:
>>
>> It isn’t DNSSEC. It’s a badly configured DNS server that is claiming that it
>&
And the SMTP server doesn’t need to listen on IPv6 if it isn’t going to accept
messages over that transport. Talk about a way to DoS yourself.
--
Mark Andrews
> On 30 Apr 2024, at 06:19, Lee wrote:
>
> On Sun, Apr 28, 2024 at 2:18 AM Walter H. via bind-users
> wrote:
>
>
/dnssec/>
>
> Hi Josh,
>
> Ok, sounds good!
>
> - J
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https
-records ...
>
> would it be a problem with just this DNS zone, why are only problems getting
> the IPv6?
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support
.
Named was looking up theses NS records I.e. chasing the DS servers. This can
result in named finding delegation errors. QNAME minimisation also exposes
these errors as it also does NS queries. Garbage in breakage out.
--
Mark Andrews
> On 27 Apr 2024, at 00:45, J Doe wrote:
>
> On 2
No. “Forward zones” are not DNS zones. They are overrides to the DNS resolution
processes that just happened to be configured in named by overloading the zone
syntax element. Similarly stub and static stub are not zones. The are other
things.
--
Mark Andrews
> On 23 Apr 2024, at 01
pport subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61
; Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bi
It a hold down cache on bad lookups. The timeout is 10 minutes. To prove
whether a zone is secure or not DS records at delegations in the chain are
looked up. Sometimes that fails. This cache records that failure.
--
Mark Andrews
> On 17 Apr 2024, at 07:03, John Thurston wr
Also authoritative servers lookup information. This includes addresses of
nameservers to send NOTIFY messages. DS queries as part of DNSSEC key
management. DNSKEY queries as part of DNSSEC trust anchor management. Plus
whatever else is required to resolve those queries.
--
Mark Andrews
Allow-notify is additive. You can’t block notify from primaries.
--
Mark Andrews
> On 25 Mar 2024, at 22:34, sami.ra...@sofrecom.com wrote:
>
>
> Hello community,
> I'm trying to configure a DNS slave server (192.168.56.157) . I want to allow
> notificatio
> Thanks,
>
>
>
>
>
> Borja.
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.or
to do this. Once your existing
keys
are omnipresent you can update the lifetime to what you want to run with.
On 8 Mar 2024, at 10:57, Mark Andrews wrote:
>
>
>
>> On 8 Mar 2024, at 10:54, Randy Bush wrote:
>>
>>> You DS and DNSKEY rrset are not matched. You
; liaN92BRsQO0ykBep+HxH85CXPhqBMnl2Z43guX2t+QZ
>> B36h61FrpFOt7RUnvJ8Pn3Rz+kx1VVOIsw== )
>>
>>> https://git.rg.net/randy/randy/src/master/scratch.md
>
> yes, we can see that, as we noted. and yes we could rekey 42 zones at
> the parents; great fun.
>
> but WH
oftware with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117,
rypto
is performed so it wouldn’t be too expensive to skip to the next RRSIG
on those error codes but really you shouldn’t be publishing broken RRSIGs.
Mark
> On 15 Feb 2024, at 11:25, Mark Andrews wrote:
>
> Well if you are attacking the resolver by sending invalid RRSIGs ...
>
>
/>...)
>
> (I also did/will tell Quad9 about it for their information.)
>
> Cheers,
> --
> Matt Nordhoff
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subsc
Transfer from a single address.
The IXFR transfer is detecting that a record is being asked to be deleted but
it is not present in the zone. Named will fallback to an AXFR. The logs have
been extended recently to provide more details.
--
Mark Andrews
> On 14 Feb 2024, at 18:41, Andrea
Additionally this behaviour is specified in RFC1034 so every nameserver should
do this.
--
Mark Andrews
> On 14 Feb 2024, at 02:24, Friesen, Don CITZ:EX via bind-users
> wrote:
>
> Andy,
> The existence of 8.f.0.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa as an
> authoritative
eeks,
one of which has up to date signatures and 2 that have out of date signatures.
This is the sort of thing that happens out there by accident, e.g. unnoticed
zone transfers failing and the zone has not yet expired. Try looking up
multiple answers from that zone with your configuration a
--
Mark Andrews
> On 10 Feb 2024, at 04:18, Randy Bush wrote:
>
>
>>
>> I admit here we most often work with internal only forwarders, which
>> are not accessible from outer internet. So those won't be under attack
>
> i am always impressed by securi
Do the analysis where the resolver is under attack or the auth server with the
best rtt is stale.
--
Mark Andrews
> On 9 Feb 2024, at 21:40, Petr Menšík wrote:
>
> Hello Mark,
>
> allow me here to correct your statement. We spent in Red Hat some time
> thinking and
You have your answer. Update the parent zone.
--
Mark Andrews
> On 4 Feb 2024, at 18:27, Gabi Nakibly wrote:
>
>
> Hi,
> I would like to set up a new temporary nameserver for my zone (say
> 'example.com'), however for various reasons I prefer not to change th
gt;
> -We are not using IPV6 at all at this time.
>
> -This is occurring with both of our redundant DNS servers and I fired up a
> test server with Bind 9.16 and it is giving me the same result.
>
> -Any thoughts or suggestions would be very helpful and much appreciated!
>
;>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing li
tive answers ?
The ones where the answer count was zero (look for "ANSWER: 0,”).
> De : "Mark Andrews"
> A : pub.dieme...@laposte.net,"bind users"
> Envoyé: dimanche 14 Janvier 2024 23:54
> Objet : Re: Question about authoritative server and AA Authorita
ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymou
ers to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/li
ot;
> Thanks,
> Nick.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
&g
Read your logs and/or use named-checkzone and/or tell name-checkconf to load
the zones.
--
Mark Andrews
> On 17 Dec 2023, at 15:22, liudong...@ynu.edu.cn wrote:
>
>
> Hi, I have a bind9 authoritative name server running, but I found a strange
> problem. One of zone in a sp
They haven’t removed sha1 they have removed certain uses of sha1. If they ever
remove sha1 we will just add an implementation for sha1.
--
Mark Andrews
> On 16 Dec 2023, at 01:09, Scott Morizot wrote:
>
>
>> On Fri, Dec 15, 2023 at 7:40 AM Petr Špaček wrote:
>> We do
take
> effect (assuming no delay replicating between authoritative servers).
> Nick.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at
bad advice from that and the WG chair
refused to reopen the issue.
CD=1 addresses bad clocks and trust anchors in resolvers. CD=0 addresses bad
authoritative servers and spoofed responses. You can start with either and try
the other when validation fails.
--
Mark Andrews
> On 3 Dec 2023,
could filter
and treat at every house and sometimes you still do like boiling water for baby
formula but on the most part what you get out of it is good enough for
consumption as is.
--
Mark Andrews
> On 2 Dec 2023, at 08:14, John Thurston wrote:
>
>
> At first glance, the
It means that the servers for the zone doesn’t fully implement the DNS
protocol. NS queries for intermediate names are not getting the expected
answer.
--
Mark Andrews
> On 1 Dec 2023, at 21:10, Alessandro Vesely wrote:
>
> Hi all,
>
> I have this in BIND 9.18.19-1~deb12
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo
o/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://l
able
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 181d91ea2ecc46ce0100654054883752dba5d1912e6e (good)
;; QUESTION SECTION:
;ns2.bcc.gov.bd. IN A
;; ANSWER SECTION:
ns2.bcc.gov.bd. 38400 IN A 114.130.54.124
;; Query time: 212 msec
;; SERVER: 114.130.54.124#53(1
martin...@itccoop.com
> www.itc-web.com
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
root@localhost dnssec.example]# cat /var/named/dnssec.example.db
> $ORIGIN dnssec.example.
> $TTL 3h
>
> @ IN SOA ns01.dnssec.example. postmaster.dnssec.example. (
> 2023100601 ; Serial
> 3h; Refresh after 3 hours
>
Just configure named to sign the zone.
--
Mark Andrews
> On 6 Oct 2023, at 22:30, Paul van der Vlis wrote:
>
> Op 06-10-2023 om 10:39 schreef Mark Andrews:
>> You need to figure out what is updating the zone. This isn’t named.
>
> Thanks for your answer.
> It makes
You need to figure out what is updating the zone. This isn’t named.
--
Mark Andrews
> On 6 Oct 2023, at 19:28, Paul van der Vlis via bind-users
> wrote:
>
> Hello,
>
> I try to give a dynamic IP to a name, using nsupdate. This works fine, but
> after some hours th
implementation. They should fix their broken servers.
> Cheers,
> Petr
>
> On 19. 09. 23 1:53, Mark Andrews wrote:
>>
>>> On 19 Sep 2023, at 02:14, Alex wrote:
>>>
>>>
>>>
>>> On Thu, Sep 7, 2023 at 4:06 PM Mark Andrews wrote:
forwarding in this zone’s configuration by using
an empty forwarders clause ( forwarders { /* empty */ }; ).
I know you said this was a lost cause but it doesn’t have to be 100% perfect.
It can be built up over time.
--
Mark Andrews
> On 23 Sep 2023, at 02:45, John Thurston wrote:
>
>
Correction, they incorrectly answer the SOA query.
> On 19 Sep 2023, at 09:53, Mark Andrews wrote:
>
>
>
>> On 19 Sep 2023, at 02:14, Alex wrote:
>>
>>
>>
>> On Thu, Sep 7, 2023 at 4:06 PM Mark Andrews wrote:
>> Spamhaus’s servers a
> On 19 Sep 2023, at 02:14, Alex wrote:
>
>
>
> On Thu, Sep 7, 2023 at 4:06 PM Mark Andrews wrote:
> Spamhaus’s servers are sending back responses that do not answer the
> question. Named is doing QNAME minimisation using NS queries and rather than
> the serve
Create a 10.in-addr.arpa zone with appropriate delegations and have all servers
serve it. That way they can all find te sub zones.
--
Mark Andrews
> On 16 Sep 2023, at 10:16, John Thurston wrote:
>
>
> A host which auto-registers in MS DNS, creates an A in foo.alaska.gov a
that you ask them to fix their DNS servers to correctly answer NS
queries. They appear to need to look at the query name as well as the query
type.
This is what often happens when you write custom DNS servers. You fail to
handle some query you weren’t planning for.
Mark
--
Mark Andrews
one.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailin
s at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERN
ected] [v6 nxrrset]
>> ; ns02.incometax.gov.in [v6 TTL 114] [v4 unexpected] [v6 nxrrset]
>> ; ns01.incometax.gov.in [v6 TTL 125] [v4 unexpected] [v6 nxrrset]
>> ; ns02.incometax.gov.in [v6 TTL 114] [v4 unexpected] [v6 nxrrset]
>> ; ns01.incometax.gov.in [v6 TTL 124] [v4 unexpecte
You can’t define a policy there. You can tell named to use the policy. Move the
definition outside of options.
--
Mark Andrews
> On 4 Aug 2023, at 08:26, E R wrote:
>
>
> My understanding from the ARM is that the dnssec-policy can be in the
> "options", "vi
nt of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas
more details. If you you still have an error message
cut-and-paste the
new one including time stamps.
> On 29 Jun 2023, at 09:03, Daniel A. Rodriguez via bind-users
> wrote:
>
> Exactly the same
>
>
> El 28 de junio de 2023 6:50:26 p. m. GMT-03:00, Mark Andrews
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo/b
ase do not feel
> obligated to reply outside your normal working hours.
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this lis
information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org
There is no workaround that I can think of.
As an aside I’d be specifying the key in the primaries clause rather than
server clause.
--
Mark Andrews
> On 10 Jun 2023, at 07:52, Frey, Rick E via bind-users
> wrote:
>
>
> I’ve got a case where using BIND (v9.16.41) as a
s,
> Alex
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users m
1 - 100 of 1002 matches
Mail list logo