startup phase. It has to daemonize then
finish its startup. The parent process waits for the startup to complete and
then exits with an appropriate error code. Somewhere in that startup something
has failed.
Mark
> On 21 May 2024, at 14:10, avijeet gupta wrote:
>
> My Apologies. I
for DNSSEC or adding a HINFO
record for every name in your zone when offline signing.
Mark
--
Mark Andrews
> On 21 May 2024, at 00:31, Ondřej Surý wrote:
>
> I would suggest you to create a feature request in our GitLab. This way it
> won't get lost
> in the tides of time.
>
Named does not support this. There is no requirement to support this.
--
Mark Andrews
> On 21 May 2024, at 00:04, Amaury Van Pevenaeyge
> wrote:
>
>
> Hello everyone,
>
> How is it possible to set up a resource record of type HINFO so that it is
> returned on e
SC’s behalf don’t
support DNS COOKIE where as those run by ISC directly do. Changes in
routing can mean that the particular instance that answers your query will
change.
Mark
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
&
reports due to garbage records at the zone apex.
Mark
--
Mark Andrews
> On 17 May 2024, at 23:31, Stephane Bortzmeyer wrote:
>
> On Fri, May 17, 2024 at 03:25:01PM +0200,
> Matus UHLAR - fantomas wrote
> a message of 43 lines which said:
>
>> I have noticed that BI
subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4
what would lead to truncated TCP
> traffic in the context of DNS ?
Usually it is a software bug in the server where it doesn’t support 65535 byte
responses or incorrectly applies UDP limits to TCP. Very occasionally the
response actually won’t fit in 65535 bytes.
Whatever it was I’m not seeing it now.
> On 1 May 2024, at 22:25, Walter H. via bind-users
> wrote:
>
> On 01.05.2024 01:33, Mark Andrews wrote:
>>
>>> On 1 May 2024, at 03:32, Lee wrote:
>>>
>>> On Mon, Apr 29, 2024 at 11:40 PM Walter H. wrote:
>>>> On 29.04.2024 22:19,
nds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour
:54 AEST 2024
;; MSG SIZE rcvd: 203
%
> On 30 Apr 2024, at 06:55, Lee wrote:
>
> On Sun, Apr 28, 2024 at 7:56 PM Mark Andrews wrote:
>>
>> It isn’t DNSSEC. It’s a badly configured DNS server that is claiming that it
>> serves .com rather than dnssec
port subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2
I prefer to only name and shame when I’m 100% sure of the target.
--
Mark Andrews
> On 30 Apr 2024, at 06:56, Lee wrote:
>
> On Sun, Apr 28, 2024 at 7:56 PM Mark Andrews wrote:
>>
>> It isn’t DNSSEC. It’s a badly configured DNS server that is claiming that it
>&
And the SMTP server doesn’t need to listen on IPv6 if it isn’t going to accept
messages over that transport. Talk about a way to DoS yourself.
--
Mark Andrews
> On 30 Apr 2024, at 06:19, Lee wrote:
>
> On Sun, Apr 28, 2024 at 2:18 AM Walter H. via bind-users
> wrote:
>
>
t;
> Hi Josh,
>
> Ok, sounds good!
>
> - J
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/
rds ...
>
> would it be a problem with just this DNS zone, why are only problems getting
> the IPv6?
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subsc
.
Named was looking up theses NS records I.e. chasing the DS servers. This can
result in named finding delegation errors. QNAME minimisation also exposes
these errors as it also does NS queries. Garbage in breakage out.
--
Mark Andrews
> On 27 Apr 2024, at 00:45, J Doe wrote:
>
> On 2
No. “Forward zones” are not DNS zones. They are overrides to the DNS resolution
processes that just happened to be configured in named by overloading the zone
syntax element. Similarly stub and static stub are not zones. The are other
things.
--
Mark Andrews
> On 23 Apr 2024, at 01
s://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc
his list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Ma
It a hold down cache on bad lookups. The timeout is 10 minutes. To prove
whether a zone is secure or not DS records at delegations in the chain are
looked up. Sometimes that fails. This cache records that failure.
--
Mark Andrews
> On 17 Apr 2024, at 07:03, John Thurston wr
Also authoritative servers lookup information. This includes addresses of
nameservers to send NOTIFY messages. DS queries as part of DNSSEC key
management. DNSKEY queries as part of DNSSEC trust anchor management. Plus
whatever else is required to resolve those queries.
--
Mark Andrews
Allow-notify is additive. You can’t block notify from primaries.
--
Mark Andrews
> On 25 Mar 2024, at 22:34, sami.ra...@sofrecom.com wrote:
>
>
> Hello community,
> I'm trying to configure a DNS slave server (192.168.56.157) . I want to allow
> notifications on
.
Mark
> On 12 Mar 2024, at 22:50, Borja Marcos wrote:
>
> Hi,
>
> This is driving me nuts. I have three BIND 9.18.24 running on FreeBSD. Two of
> them on FreeBSD 14, one on FreeBSD 13.2.
>
> Just one of the servers is failing to resolve a single domain comp
to do this. Once your existing
keys
are omnipresent you can update the lifetime to what you want to run with.
On 8 Mar 2024, at 10:57, Mark Andrews wrote:
>
>
>
>> On 8 Mar 2024, at 10:54, Randy Bush wrote:
>>
>>> You DS and DNSKEY rrset are not match
; liaN92BRsQO0ykBep+HxH85CXPhqBMnl2Z43guX2t+QZ
>> B36h61FrpFOt7RUnvJ8Pn3Rz+kx1VVOIsw== )
>>
>>> https://git.rg.net/randy/randy/src/master/scratch.md
>
> yes, we can see that, as we noted. and yes we could rekey 42 zones at
> the parents; great fun.
>
> but WH
oftware with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117,
rypto
is performed so it wouldn’t be too expensive to skip to the next RRSIG
on those error codes but really you shouldn’t be publishing broken RRSIGs.
Mark
> On 15 Feb 2024, at 11:25, Mark Andrews wrote:
>
> Well if you are attacking the resolver by sending invalid RRSIGs ...
>
>
r their information.)
>
> Cheers,
> --
> Matt Nordhoff
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ f
Transfer from a single address.
The IXFR transfer is detecting that a record is being asked to be deleted but
it is not present in the zone. Named will fallback to an AXFR. The logs have
been extended recently to provide more details.
--
Mark Andrews
> On 14 Feb 2024, at 18:41, Andrea
Additionally this behaviour is specified in RFC1034 so every nameserver should
do this.
--
Mark Andrews
> On 14 Feb 2024, at 02:24, Friesen, Don CITZ:EX via bind-users
> wrote:
>
> Andy,
> The existence of 8.f.0.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa as an
> authoritative
> On 9 Feb 2024, at 21:40, Petr Menšík wrote:
>
> Hello Mark,
>
> allow me here to correct your statement. We spent in Red Hat some time
> thinking and testing validating clients. Validating resolver is *not*
> necessary for validating clients to work. They are b
--
Mark Andrews
> On 10 Feb 2024, at 04:18, Randy Bush wrote:
>
>
>>
>> I admit here we most often work with internal only forwarders, which
>> are not accessible from outer internet. So those won't be under attack
>
> i am always impressed by security op
Do the analysis where the resolver is under attack or the auth server with the
best rtt is stale.
--
Mark Andrews
> On 9 Feb 2024, at 21:40, Petr Menšík wrote:
>
> Hello Mark,
>
> allow me here to correct your statement. We spent in Red Hat some time
> thinking and
dnssec” commands don’t exist in 9.16 which make it harder to
follow some of the examples. Was I wrong to enable “inline-signing
yes” for my slave zones? I would assume each slave would need its own
DS key? Can I do that?
Trying to sort through some of this before I start cutting clients over.
Thank
You have your answer. Update the parent zone.
--
Mark Andrews
> On 4 Feb 2024, at 18:27, Gabi Nakibly wrote:
>
>
> Hi,
> I would like to set up a new temporary nameserver for my zone (say
> 'example.com'), however for various reasons I prefer not to change the
> de
allowed.
Just because Google accepts broken responses, it doesn’t make them correct.
Mark
% dig members.nmar.com +norec @ns2.hover.com
; <<>> DiG 9.19.20-dev <<>> members.nmar.com +norec @ns2.hover.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<
list.
https://learn.microsoft.com/en-au/windows/win32/api/iphlpapi/nf-iphlpapi-getadaptersaddresses
Mark
> On 1/8/2024 9:41 AM, Gentry Deng via bind-users wrote:
>> Hello there,
>>
>>
>> Due to an accident my local network is missing IPv4 DNS but has IPv6 DN
> On 16 Jan 2024, at 02:32, pub.dieme...@laposte.net wrote:
>
>
>
> Dear Mark,
>
> I am sorry but I don'y understand you reply.
>
>
> RFC 1034, § 6.2.2 the AA bit is set.
> I have a non-recursive authoritative server and the AA bit is not set. My
>
unds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St.
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Ma
,
> Nick.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-use
Read your logs and/or use named-checkzone and/or tell name-checkconf to load
the zones.
--
Mark Andrews
> On 17 Dec 2023, at 15:22, liudong...@ynu.edu.cn wrote:
>
>
> Hi, I have a bind9 authoritative name server running, but I found a strange
> problem. One of zone in
They haven’t removed sha1 they have removed certain uses of sha1. If they ever
remove sha1 we will just add an implementation for sha1.
--
Mark Andrews
> On 16 Dec 2023, at 01:09, Scott Morizot wrote:
>
>
>> On Fri, Dec 15, 2023 at 7:40 AM Petr Špaček wrote:
>> We
ake
> effect (assuming no delay replicating between authoritative servers).
> Nick.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at http
. There was bad advice from that and the WG chair
refused to reopen the issue.
CD=1 addresses bad clocks and trust anchors in resolvers. CD=0 addresses bad
authoritative servers and spoofed responses. You can start with either and try
the other when validation fails.
--
Mark Andrews
> On 3 Dec 2
could filter
and treat at every house and sometimes you still do like boiling water for baby
formula but on the most part what you get out of it is good enough for
consumption as is.
--
Mark Andrews
> On 2 Dec 2023, at 08:14, John Thurston wrote:
>
>
> At first glance,
It means that the servers for the zone doesn’t fully implement the DNS
protocol. NS queries for intermediate names are not getting the expected
answer.
--
Mark Andrews
> On 1 Dec 2023, at 21:10, Alessandro Vesely wrote:
>
> Hi all,
>
> I have this in BIND 9.18.19-1~deb12
d-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-user
People accidentally enter urls as domain names into tools.
https://app-measurement.com/sdk-exp/A is
a legal, but unusual, domain name consisting of 3 labels
'https://app-measurement’, 'com/sdk-exp/A’ and ‘.’.
Mark
> On 4 Nov 2023, at 13:29, Nick Tait via bind-users
> wrote:
>
; COOKIE: 181d91ea2ecc46ce0100654054883752dba5d1912e6e (good)
;; QUESTION SECTION:
;ns2.bcc.gov.bd. IN A
;; ANSWER SECTION:
ns2.bcc.gov.bd. 38400 IN A 114.130.54.124
;; Query time: 212 msec
;; SERVER: 114.130.54.124#53(114.130.54.124) (UDP)
;; WHEN: Tue Oct 31 12:12:40 AEDT 2023
;; MS
n they should expect lookups to fail. The NS records on both sides
of a zone
cut are supposed to be IDENTICAL. This is not a new requirement. It has been
this way
since the very beginning.
The bank needs to fix what they publish.
Mark
> On 28 Oct 2023, at 02:36, Michael Martine
root@localhost dnssec.example]# cat /var/named/dnssec.example.db
> $ORIGIN dnssec.example.
> $TTL 3h
>
> @ IN SOA ns01.dnssec.example. postmaster.dnssec.example. (
> 2023100601 ; Serial
> 3h; Refresh after 3 hours
>
Just configure named to sign the zone.
--
Mark Andrews
> On 6 Oct 2023, at 22:30, Paul van der Vlis wrote:
>
> Op 06-10-2023 om 10:39 schreef Mark Andrews:
>> You need to figure out what is updating the zone. This isn’t named.
>
> Thanks for your answer.
> It makes
You need to figure out what is updating the zone. This isn’t named.
--
Mark Andrews
> On 6 Oct 2023, at 19:28, Paul van der Vlis via bind-users
> wrote:
>
> Hello,
>
> I try to give a dynamic IP to a name, using nsupdate. This works fine, but
> after some hour
> On 4 Oct 2023, at 06:31, Petr Menšík wrote:
>
> Hi Mark,
>
> I have seen this error before and I admit it is quite annoying. Especially
> when the owners of failing implementations refuse to fix their bugs. Is there
> any possibility to tune this only for set of broken
forwarding in this zone’s configuration by using
an empty forwarders clause ( forwarders { /* empty */ }; ).
I know you said this was a lost cause but it doesn’t have to be 100% perfect.
It can be built up over time.
--
Mark Andrews
> On 23 Sep 2023, at 02:45, John Thurston wr
Correction, they incorrectly answer the SOA query.
> On 19 Sep 2023, at 09:53, Mark Andrews wrote:
>
>
>
>> On 19 Sep 2023, at 02:14, Alex wrote:
>>
>>
>>
>> On Thu, Sep 7, 2023 at 4:06 PM Mark Andrews wrote:
>> Spamhaus’s serve
> On 19 Sep 2023, at 02:14, Alex wrote:
>
>
>
> On Thu, Sep 7, 2023 at 4:06 PM Mark Andrews wrote:
> Spamhaus’s servers are sending back responses that do not answer the
> question. Named is doing QNAME minimisation using NS queries and rather than
> the serve
Create a 10.in-addr.arpa zone with appropriate delegations and have all servers
serve it. That way they can all find te sub zones.
--
Mark Andrews
> On 16 Sep 2023, at 10:16, John Thurston wrote:
>
>
> A host which auto-registers in MS DNS, creates an A in foo.alaska
that you ask them to fix their DNS servers to correctly answer NS
queries. They appear to need to look at the query name as well as the query
type.
This is what often happens when you write custom DNS servers. You fail to
handle some query you weren’t planning for.
Mark
--
Mark Andrews
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing lis
formation.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.is
] [v6 nxrrset]
>> ; ns02.incometax.gov.in [v6 TTL 114] [v4 unexpected] [v6 nxrrset]
>> ; ns01.incometax.gov.in [v6 TTL 125] [v4 unexpected] [v6 nxrrset]
>> ; ns02.incometax.gov.in [v6 TTL 114] [v4 unexpected] [v6 nxrrset]
>> ; ns01.incometax.gov.in [v6 TTL 124] [v4 unexpected] [v
d to display the associated DNSSEC
records (if they exist). It doesn't affect validation. You must make
the options change indicated by Greg Choules in his previous post to
disable DNSSEC validation for a specific domain.
Sorry if this is redundant or very rudimentary.
Bob
--
Mark James ELKI
DNS" type
library so shouldn't be difficult.
Yes - this will go into a Database - etc..
On 2023/08/22 02:10, Timothe Litt wrote:
(Sorry for the duplicate/reply without context). See below.
On 21-Aug-23 11:11, Mark Elkins wrote:
Hi,
I'm writing some software to be able to read
hat easier.
I'd hate to re-invent software that already exists.
The primary purpose is to pull in data into an (ICANN requested) African
DNS Observatory.
--
Mark James ELKINS - Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.826010496
For fast, reliable, low cost Internet in
You can’t define a policy there. You can tell named to use the policy. Move the
definition outside of options.
--
Mark Andrews
> On 4 Aug 2023, at 08:26, E R wrote:
>
>
> My understanding from the ARM is that the dnssec-policy can be in the
> "options", "
or explicit log attribute or similar that would allow conclusions
about the use of TLS.
Can someone possibly help here?
Best regards
Florian Ritteroff
--
Florian Ritterhoff - Zentrale IT
Hochschule München University of Applied Sciences
Lothstraße 34, 80335 München, G2.21a
T +49 89 1265-1745
pment of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas
more details. If you you still have an error message
cut-and-paste the
new one including time stamps.
> On 29 Jun 2023, at 09:03, Daniel A. Rodriguez via bind-users
> wrote:
>
> Exactly the same
>
>
> El 28 de junio de 2023 6:50:26 p. m. GMT-03:00, Mark Andrews
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinf
ase do not feel
> obligated to reply outside your normal working hours.
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this lis
n.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/m
There is no workaround that I can think of.
As an aside I’d be specifying the key in the primaries clause rather than
server clause.
--
Mark Andrews
> On 10 Jun 2023, at 07:52, Frey, Rick E via bind-users
> wrote:
>
>
> I’ve got a case where using BIND (v9.16.41)
.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
>
“Here is a DNS configuration testing site and it reports the zone as broken, you
need to take it up with the company."
Mark
> On 2 Jun 2023, at 00:58, Jesus Cea wrote:
>
> I am getting errors "Name huawei.com (SOA) not subdomain of zone
> cloud.huawei.com". The pro
nds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
lopment of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dun
.1 key external; };
masters { 10.0.0.1 key internal; };
also-notify { 10.0.0.2 key external; };
also-notify { 10.0.0.2 key internal; };
allow-transfer { key external; };
allow-transfer { key internal; };
Mark
> On 24 May 2023, at 08:13, Kaya Saman wrote:
>
> Not sure if I did something wrong
.
Then add keys to primary definitions and server clauses with keys at the view
level for notify.
I’m pretty sure there is a knowledge base article with full details.
--
Mark Andrews
> On 24 May 2023, at 05:40, Kaya Saman wrote:
>
>
>
>
>> On 5/23/23 20:1
the referenced servers. Compare the above with the recursive
queries below.
dig a ns1.fish.hub @localhost
dig ns fish.hub @localhost
Mark
> On 10 May 2023, at 14:07, bindu...@thegeezer.net wrote:
>
> Howdy
>
> I'm struggling with subdomain creation, for some reason the
that all zones have
servers that live within the zone defeats that. I suspect you have
misunderstood something. Forcing people to update millions of records to
change an address is nonsensical.
--
Mark Andrews
> On 5 May 2023, at 07:06, Jim Peters wrote:
>
>
> I am looking for
to be turned into addresses.
Named includes a full iterative resolver. It uses that to get what it needs.
This should be enough for you to solve what is going wrong.
--
Mark Andrews
> On 18 Apr 2023, at 03:31, Matt Zagrabelny via bind-users
> wrote:
>
>
> Hello Ondřej,
>
listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https:
nfo or even the
> name of the domain you were trying to set up, I can't make any more educated
> guesses than that.
>
> --
> Evan Hunt -- e...@isc.org
> Internet Systems Consortium, Inc.
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
own 10.in-addra.arpa for RFC 1918 addresses.
Mark
> On 14 Apr 2023, at 08:28, John Thurston wrote:
>
> Due to a requirement to use something Microsoft crafted, we are being asked
> to assert (internally) authority over 3rd-level names under ç
> I've pushed back on this, becaus
> On 13 Apr 2023, at 06:44, Mark Andrews wrote:
>
>
>
>> On 13 Apr 2023, at 03:19, Fred Morris wrote:
>>
>> TLDR: NS records occur above and below zone cuts.
>>
>> On Wed, 12 Apr 2023, John Thurston wrote:
>>>
>>> We have autho
tps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-use
to validate the responses
to prevent the cache being poisoned by spoofed responses. The clients will
switch between UDP and TCP to get the responses they need.
The AD bit is only to be trusted if there is channel security and you trust the
recursive server.
Mark
> On 12 Apr 2023, at 05:11,
https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
>> this list
>>
>> ISC funds the development of this software with paid support subscriptions.
>> Contact us at https://www.isc.org/contact/ for more information.
>>
>>
>> bind-users ma
and 1 in the
additional section when there is only 1 record present. That is the definition
of a malformed response.
Mark
> On 4 Apr 2023, at 12:41, Alexandra Yang wrote:
>
> Hi Mark,
>
> We just heard back from the gpo.gov nameserver, see below. Looks like they
> think the ca
The servers don’t respond to queries for names that don’t exist. The
servers (or the firewall in front of them) are misconfigured. All it
does it make it harder to determine if a server is working or not.
Mark
[ant-7149:~/git/bind9] marka% dig dns4.tn.gov @170.141.167.222
; <<>>
ttps://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INT
> On 15 Mar 2023, at 16:49, Mark Andrews wrote:
>
>
>
>> On 15 Mar 2023, at 15:42, Tim Maestas wrote:
>>
>> Named should be sending queries with DO=1 and it should be getting back
>> signed responses. I suspect that you will need to run packet cap
age parser reports malformed message packet.
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57919
;; flags: qr aa tc; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;www.federalregister.gov. IN A
;; ANSWER SECTION:
. 32768 CLASS4096 OPT
;;
> On 15 Mar 2023, at 11:14, Tim Maestas wrote:
>
>
>
> On Tue, Mar 14, 2023 at 4:34 PM Mark Andrews wrote:
>
>
> > On 15 Mar 2023, at 02:08, Alexandra Yang wrote:
> >
> > Hi Group,
> >
> > I wonder if anyone can shed some light on t
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/l
t;
>>> % blaeu-resolve --displayvalidation -r 100 --type A gpo.gov
>>> [ (Authentic Data flag) 162.140.14.82] : 46 occurrences
>>> [162.140.14.82] : 52 occurrences
>>> [ERROR: SERVFAIL] : 2 occurrences
>>> Test #50935448 done at 2023-03-14T15:46:50Z
>
Named just uses the notify to trigger an early refresh process. It then just
asks the primaries in configured order. There is no real point in trying the
notifier first.
--
Mark Andrews
> On 10 Mar 2023, at 06:00, Jan-Piet Mens wrote:
>
>
>>
>> I always was
oftware with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Austr
1 - 100 of 2287 matches
Mail list logo