Re: CAA iodef clarification

rams wrote: > > On the CAA record iodef filed, do we force this to be unique or can it > match a CNAME? The specification says the iodef field contains a URL so normal URL resolution applies. https://tools.ietf.org/html/rfc8659#section-4.4 Questions about CNAMEs are at the wrong layer. HTTP

CAA iodef clarification

Hi On the CAA record iodef filed, do we force this to be unique or can it match a CNAME? Thanks, Ramesh ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list

Re: Release Strategy Clarification

will issue a security > patch even though we are no longer issuing regular maintenance on that > branch. So, effectively there is a quarter, 3 months, of overlap. > > Thanks for the clarification, Vicky. It sounds like ISC and I have different definitions of "no longer sup

Re: Release Strategy Clarification

> On Apr 26, 2018, at 5:53 AM, Matthew Pounsett <m...@conundrum.com> wrote: > > This is a question for ISC about the new BIND release plan which I thought > might be a useful clarification for others as well. > > I didn't notice this when the new plan was

Release Strategy Clarification

This is a question for ISC about the new BIND release plan which I thought might be a useful clarification for others as well. I didn't notice this when the new plan was first presented in March, but the key text in the legend of the Example Release Plan[0] for the red blocks is "a re

RE: GSS-TSIG update-policy clarification

. - Kevin -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Nicholas Miller Sent: Friday, March 23, 2018 4:16 PM To: bind-users@lists.isc.org Subject: Re: GSS-TSIG update-policy clarification Thats well and good for an organization that controls

Re: GSS-TSIG update-policy clarification

e >>> (host/machine@REALM). >>> >>>> On 23 Mar 2018, at 2:50 am, Nicholas Miller <nicholas.mil...@colorado.edu> >>>> wrote: >>>> >>>> With the latest update to bind our named.conf started reporting errors. I >>

Re: GSS-TSIG update-policy clarification

...@colorado.edu> >>> wrote: >>> >>> With the latest update to bind our named.conf started reporting errors. I >>> have figured it out but wanted to get clarification about the syntax. >>> >>> We had been using: >>> >>>

Re: GSS-TSIG update-policy clarification

ado.edu> >> wrote: >> >> With the latest update to bind our named.conf started reporting errors. I >> have figured it out but wanted to get clarification about the syntax. >> >> We had been using: >> >> deny DOMAIN.EDU krb5-subdomain DOM

Re: GSS-TSIG update-policy clarification

ng errors. I > have figured it out but wanted to get clarification about the syntax. > > We had been using: > > deny DOMAIN.EDU krb5-subdomain DOMAIN.EDU CNAME MX SRV TXT; > > We are now using: > > deny DOMAIN.EDU krb5-subdomain . CNAME MX SRV TXT; > >

GSS-TSIG update-policy clarification

With the latest update to bind our named.conf started reporting errors. I have figured it out but wanted to get clarification about the syntax. We had been using: deny DOMAIN.EDU krb5-subdomain DOMAIN.EDU CNAME MX SRV TXT; We are now using: deny DOMAIN.EDU krb5-subdomain

Re: need clarification on "forward" behavior

Veaceslav Revutchi wrote: > I see the server forwarding the query and it gets the answer below: > > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 > ;; > ;; ANSWER SECTION: > aaa.example.org. 200 IN CNAME bbb.example.net. > bbb.example.net. 60 IN

need clarification on "forward" behavior

Hi, I have a statement in my recursive resolver (rr-server) similar to this: zone "example.org" { type forward; forward only; forwarders { 10.64.1.1; 10.64.1.2; } ; }; When clients ask for "aaa.example.org" I would expect it to send the same query to one of the IPs above and return the answer to

Bind 9.9.2 Clarification

Should I install bind 9.9.0 first and then update to bind 9.9.1 then update to bind 9.9.2? This excerpt from the README file is a little confusing: BIND 9.9.2 BIND 9.9.2 is a maintenance release and patches the security flaw described in CVE-2012-4244. BIND 9.9.1 BIND

Re: Bind 9.9.2 Clarification

You can install 9.9.2 directly. Doug On 11/01/2012 01:30 PM, Manson, John wrote: Should I install bind 9.9.0 first and then update to bind 9.9.1 then update to bind 9.9.2? This excerpt from the README file is a little confusing: BIND 9.9.2 BIND 9.9.2 is a maintenance release

rndc/controls block clarification needed?

Just spent a bit of time on missing a subtle rndc issue with Bind 9.9.1's control block -- either I'm missing a better way to do this, or perhaps bind should more appropriately issue a warning or fail to load instead of silently accepted my bad control block. I did RTFM, and until I'd spent a

Clarification on wildcard falls into glue records

Hi, I have NS record points a record [A/] which is falls into wildcard . But when I query for NS record against bind, we are not getting these records as glue records. ex: *.a.example.com A 1.1.1.1 example.com. NS abc.a.example.com. Querying example.com with any or ns. don't we get glue

Re: Clarification on TTL Value

Hi Ramesh, When you query for rd1.ramesh40finalround.com. then you will get answer for all records but it will show minimum TTL value. -Ashok On Tue, May 15, 2012 at 3:00 PM, rams brames...@gmail.com wrote: Hi , I have a setup as follows: rd1.ramesh40finalround.com. 98400 INA

Re: Clarification on TTL Value

rd1.ramesh40finalround.com. 98400 INA 11.11.11.11 rd1.ramesh40finalround.com. 96400 INA 12.12.12.12 rd1.ramesh40finalround.com. 99 IN A 13.13.13.13 rd1.ramesh40finalround.com. 1 INA 14.14.14.14 RFC 2181, section 5.2 specifies: the use of

Re: Clarification on wildcard falls into glue records

You should NOT get A records. Wildcard works only for hostnames that have NO records of ANY type. From wikipedia: To quote RFC 1912, A common mistake is thinking that a wildcard MX for a zone will apply to all hosts in the zone. A wildcard MX will apply only to names in the zone which aren't

Re: Clarification on wildcard falls into glue records

In article mailman.797.1337090936.63724.bind-us...@lists.isc.org, Alexander Gurvitz a...@net-me.net wrote: You should NOT get A records. Wildcard works only for hostnames that have NO records of ANY type. Excuse me while I delirk, but this is interesting. Is a name on the RHS of an RR

Re: Clarification on wildcard falls into glue records

Sam Wilson sam.wil...@ed.ac.uk wrote: Is a name on the RHS of an RR regarded as existing enough to prevent wildcard lookup? No, only RR owner names. In this I would have expected the NS lookup to be followed by an A lookup for abc.a.example.com which would match the wildcard, assuming no

Re: Clarification on wildcard falls into glue records

In article mailman.800.1337093642.63724.bind-us...@lists.isc.org, Tony Finch d...@dotat.at wrote: Sam Wilson sam.wil...@ed.ac.uk wrote: Is a name on the RHS of an RR regarded as existing enough to prevent wildcard lookup? No, only RR owner names. In this I would have expected the

Re: Clarification on wildcard falls into glue records

Sam Wilson sam.wil...@ed.ac.uk wrote: Not I - another poster. Sorry! Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ Forties, Cromarty, Forth, Tyne, Dogger: Northwest 5 to 7, occasionally 4 in Forth and Tyne. Moderate or rough, occasionally very rough in Forties and Dogger.

Re: Clarification on wildcard falls into glue records

At 07:08 15-05-2012, Alexander Gurvitz wrote: From wikipedia: To quote RFC 1912, A common mistake is thinking that a wildcard Using Wikipedia to quote RFC 1912 is odd ... Regards, -sm ___ Please visit

Re: Clarification on question and the answer section uppercase lower case mis match

http://www.ietf.org/rfc/rfc4343.txt Some resolvers use 0x20 tricks to encode additional entropy into queries. This works by randomly adding 0x20 to characters in the qname and then making sure they are the same when they come back (e.g: example.com - eXAmpLe.coM)... W On Apr 10, 2012, at

Re: Clarification on question and the answer section uppercase lower case mis match

On Tue, Apr 10, 2012 at 2:56 AM, rams brames...@gmail.com wrote: Hi, When i queried domain with capital letters , In answer section domain name is displaying small letters. Is it expected? any RFC for this? dig @localhost D.ashwintrail.com ; DiG 9.2.4 @localhost D.ashwintrail.com ; (1

Re: Clarification on DNSKEY query

In message CANYqYkMfOGp30KgS4_X=bw2qzBOwencNJ5706VKvfu9o+=s...@mail.gmail.com , rams writes: Hi, When I queried a domain with type DNSKEY, I am getting only ANSWER section and not returned Authority section. Is it expected? Yes. It would be helpful if you give the RFC number for reference .

Re: RFC 1918 error clarification

On 17.08.11 14:31, Morgan Toal wrote: I would like to clarify something. I have 14 locations each using a private class c address, and a single dns server which I have just moved from bind8 to bind9. I am getting a lot of these: Aug 17 13:33:13 mail2 named[18610]: client 192.168.16.3#55546:

RFC 1918 error clarification

Hi bind-users, I would like to clarify something. I have 14 locations each using a private class c address, and a single dns server which I have just moved from bind8 to bind9. I am getting a lot of these: Aug 17 13:33:13 mail2 named[18610]: client 192.168.16.3#55546: RFC 1918 response

Clarification on wildcard scenario

Hi, I have zone as follows in bind. $ORIGIN joshfeb1.com. @ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. ( 2011013101 ; serial 10800 ; refresh 3600 ; retry 2592000 ;

Re: Clarification on wildcard scenario

In message AANLkTi=mms6aghguqyt1pmllyqfz2zp0su6yqwqmx...@mail.gmail.com, rams w rites: Hi, I have zone as follows in bind. $ORIGIN joshfeb1.com. @ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. ( 2011013101 ; serial 10800 ;

Re: Clarification on wildcard scenario

Hi Mark, Thank You for quick clarify. I have included trailing dot and restart bind. Now when i queired for domain www.joshfeb1.com with type A, I am getting NOERROR and NOANSWER. [root@ zones]# dig www.joshfeb1.com. A ; DiG 9.6.1-P3 www.joshfeb1.com. A ; (1 server found) ;; global options:

Re: Clarification on wildcard scenario

I must admit, I'm kinda confused by what you are actually trying to achieve ?A foo.joshfeb1.com. should be getting returning 1.1.1.1 ?A www.joshfeb1.com. should be returning noerror / nodata because: 1: There is a record at www.joshfeb1.com (so it's not NXDOMAIN), but 2: the record is not an

Clarification on wildcard scenario

Hi, I have zone as follows in bind. $ORIGIN joshfeb1.com. @ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. ( 2011013101 ; serial 10800 ; refresh 3600 ; retry 2592000 ; expire

Re: Clarification on wildcard scenario

In message AANLkTin+PmzXYUVbCVX3D=Mh1S75ddpMwhjuE9r5zk2=@mail.gmail.com, rams w rites: Hi, I have zone as follows in bind. $ORIGIN joshfeb1.com. @ IN SOA rboddeti.yahoo.com. rboddeti.gmail.com. ( 2011013101 ; serial 10800 ; refresh

Re: Clarification on CNAME

In article mailman.1454.1295874574.555.bind-us...@lists.isc.org, Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 24.01.11 17:13, rams wrote: y resolver is returning multiple CNAMEs for same hostname. But I believe CNAME should not return same hostname with multiple values. correct.

Clarification on CNAME

y resolver is returning multiple CNAMEs for same hostname. But I believe CNAME should not return same hostname with multiple values. Ex: Configured GEOIP records as follows: ramesh.com CNAME a.ramesh.com. ramesh.com CNAME az.ramesh.com. Arizone configured ramesh.com CNAME va.ramesh.com.

Re: Clarification on CNAME

On 24.01.11 17:13, rams wrote: y resolver is returning multiple CNAMEs for same hostname. But I believe CNAME should not return same hostname with multiple values. correct. Is this behavior is correct. Could you please clarify me. it's not. CNAME may be the only record type for a domain,

Re: clarification on SOA

On Wed, 2010-12-01 at 19:05 +0530, rams wrote: I have one SOA record as follows in zone. qa.com. 86400 IN SOA ramesh.com. qa.com. ( 2009111903 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour)

Re: clarification on SOA

On 01.12.10 19:05, rams wrote: I have one SOA record as follows in zone. qa.com. 86400 IN SOA ramesh.com. qa.com. ( 2009111903 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 2592000

Clarification

Hi, What is the bind response when queried MX record. The MX record is having prefernce value is greater than maximum of preference value [ex: 65536]. Thanks Regards, Ramesh ___ bind-users mailing list bind-users@lists.isc.org

Re: Clarification

On Fri, Oct 22, 2010 at 05:05:06PM +0530, rams brames...@gmail.com wrote a message of 38 lines which said: What is the bind response when queried MX record. % dig @ns3.nic.fr MX nic.fr ; DiG 9.7.1-P2 @ns3.nic.fr MX nic.fr ; (2 servers found) ;; global options: +cmd ;; Got answer: ;;

clarification

Hi, I have a record in BIND as follows: mxdomain.com. 86400 IN MX 65536 gmail.com. When I query mxdomain.com. with type MX. What is the bind response. Is there any RFC mentioned about this . Thanks Regards, Ramesh ___ bind-users mailing list

Loading MX record with illegal preference (Lame subject replaced: clarification

On Fri, Oct 22, 2010 at 06:01:22PM +0530, rams brames...@gmail.com wrote a message of 42 lines which said: I have a record in BIND as follows: mxdomain.com. 86400 IN MX 65536 gmail.com. I don't think you tell us the truth. Because BIND refuses to load it: % named-checkzone example

Re: Loading MX record with illegal preference (Lame subject replaced: clarification

https://www.isc.org/files/arm96.html#types_of_resource_records_and_when_to_use_them Scroll down to the data type MX and it says: Identifies a mail exchange for the domain with a 16-bit preference value (lower is better) followed by the host name of the mail exchange. Described in RFC 974,

Re: clarification

On Fri, 22 Oct 2010, rams wrote: I have a record in BIND as follows:   mxdomain.com. 86400 IN MX 65536 gmail.com. How did you get named to load this? If your named does load it, what version of BIND are you using? You should get out of range. (See named-checkzone too.) When I query

Re: Loading MX record with illegal preference (Lame subject replaced: clarification

On Fri, Oct 22, 2010 at 09:02:49AM -0500, Jeremy C. Reed jr...@isc.org wrote a message of 8 lines which said: Because subject was replaced I didn't find it before my response :) You should really used a threaded mail client software (which understands the In-Reply-To: header) :-)

Re: clarification

On Oct 22, 2010, at 8:31 AM, rams wrote: I have a record in BIND as follows: mxdomain.com. 86400 IN MX 65536 gmail.com. When I query mxdomain.com. with type MX. What is the bind response. Is there any RFC mentioned about this . On the wire, the MX preference is carried in a 16-bit field,

Re: Clarification on delegated NS

In message aanlkti=nfu6avy5tnbcc2wyrp0fckh1gskgzl4o8a...@mail.gmail.com, rams writes: Hi , When I created delegated NS record. Bind 9.7.1 p3 is giving SERVFAIL , when i queried for NS delegated record with NS. Could you please clarify me or is it bug in 9.7? To see the delegation you

Clarification on delegated NS

Hi , When I created delegated NS record. Bind 9.7.1 p3 is giving SERVFAIL , when i queried for NS delegated record with NS. Could you please clarify me or is it bug in 9.7? Thanks Regards, Ramesh ___ bind-users mailing list bind-users@lists.isc.org

Re: Clarification on delegated NS

In message aanlkti=nfu6avy5tnbcc2wyrp0fckh1gskgzl4o8a...@mail.gmail.com, rams writes: Hi , When I created delegated NS record. Bind 9.7.1 p3 is giving SERVFAIL , when i queried for NS delegated record with NS. Could you please clarify me or is it bug in 9.7? To see a delegation you need

Clarification about DNS notify

Hey Guys, I have an issue which need some help. I have two master DNS servers, say A B. A is running freebsd B is running centos. B is running BIND 9 also. Now, I want to add one more to this cluster say C. I have installed centos in C with BIND 9. Now, I have copied /etc/named.conf

Re: Clarification about DNS notify

Am Fri, 10 Sep 2010 12:51:11 +0530 schrieb Sherin George l...@sheringeorge.co.cc: Hey Guys, I have an issue which need some help. I have two master DNS servers, say A B. A is running freebsd B is running centos. B is running BIND 9 also. Now, I want to add one more to this cluster

Re: Clarification about DNS notify

Hello Torsten, Thanks for looking into this. Basically, my previous question came from my ignorance. But, I learned more and I think found the answer. The SOA MNAME field is used by NOTIFY and by dynamic update. Authoritative name servers send NOTIFY messages to all name servers in NS records

Clarification on bind response

Hi, I have set up data as follows in bind. Zone: rameshops5526old.com maint.rameshops5526old.com. 300 IN CNAME maint.global.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns5.rameshops5526old.com. rameshops5526old.com. 21600 IN NS

Re: Clarification on bind response

In message aanlktinrcdo9eetozjb4xsxcp309jaedtza7wxfeh...@mail.gmail.com, rams writes: Hi, I have set up data as follows in bind. Zone: rameshops5526old.com maint.rameshops5526old.com. 300 IN CNAME maint.global.rameshops5526old.com. rameshops5526old.com. 21600 IN NS

Re: Clarification on bind response

Hi , Please tell me the correct answer for the below set up: *Zone: rameshops5526old.com * maint.rameshops5526old.com. 300 IN CNAME maint.global.rameshops5526old.com. rameshops5526old.com. 21600 IN NS dns5.rameshops5526old.com. rameshops5526old.com. 21600 IN NS

Re: Clarification on bind response

On 24.08.10 12:48, rams wrote: Please tell me the correct answer for the below set up: this is not set up, this is the answer. *Zone: rameshops5526old.com * maint.rameshops5526old.com. 300 IN CNAME maint.global.rameshops5526old.com. rameshops5526old.com. 21600 IN NS

Clarification on bind response

Hi When we have data as follows queried domain maint.rameshops5526old.com. against bind and my own resolver. Bind and my resolver response are same but only mismatching with flags. bind is returning AA flag but my resolver is not returning AA flag. in this case wihcih is correct bind or my

Re: Clarification on bind response

On 24.08.10 17:48, rams wrote: When we have data as follows queried domain maint.rameshops5526old.com. against bind and my own resolver. Bind and my resolver response are same but only mismatching with flags. bind is returning AA flag but my resolver is not returning AA flag. in this case

Re: Clarification on bind response

On 8/24/2010 2:25 AM, rams wrote: Hi, I have set up data as follows in bind. Zone: rameshops5526old.com http://rameshops5526old.com maint.rameshops5526old.com http://maint.rameshops5526old.com. 300 IN CNAME maint.global.rameshops5526old.com http://maint.global.rameshops5526old.com.

Re: Clarification on bind response

On 8/24/2010 8:18 AM, rams wrote: Hi When we have data as follows queried domain maint.rameshops5526old.com http://maint.rameshops5526old.com/. against bind and my own resolver. Bind and my resolver response are same but only mismatching with flags. bind is returning AA flag but my resolver

Re: Clarification on ANY query

It might be worth pointing out a) that you're trying to recursively query a non-recursive nameserver b) that the MX record is technically superfluous, since its target is the same as the owner name, and all mail clients will fail over to doing an A query of the same name if no MX record is

Clarification on ANY query

Hi , I have data as follows a.rameshops5446.com. 86400 IN A 1.2.3.1 a.rameshops5446.com. 86400 IN MX 10 a.rameshops5446.com. I queried domain a.rameshops5446.com with type ANY against bind9.6 . Actual Result: Bind is returning above two records in answer section and also returning A record in

Re: Clarification on ANY query

Here my doubt is A record already returned in answer section why the same A record is returning in additional section. I know if MX pointed record have any A/ records will return in additional section. but in above case already the same A record returned in answer section. Is bind result

clarification on AXFR

Hi, During AXFR of a zone, the zone.dbfile is not created till the AXFR completes. Till AXFR completes, the file name will be some value as 456eefwfc. Is it correct behavior? Thanks Regards, Ramesh ___ bind-users mailing list bind-users@lists.isc.org

Re: clarification on AXFR

At Thu, 3 Jun 2010 11:39:30 +0530, rams brames...@gmail.com wrote: During AXFR of a zone, the zone.dbfile is not created till the AXFR completes. Till AXFR completes, the file name will be some value as 456eefwfc. Is it correct behavior? Yes, that's the intended behavior. --- JINMEI, Tatuya

Re: Clarification on bind result

What exactly are you expecting to see there? NS records for the root zone? Is this *non-recursive* nameserver obligated to give out NS and/or SOA records for the root zone in the Authority Section? I think not.

Re: Clarification on bind result

Is there any update on the following issue. On Mon, May 31, 2010 at 2:16 PM, rams brames...@gmail.com wrote: Hi , I have the following zone file: $ORIGIN td3497.com. @ IN SOA udns1.ultradns.net. ppk.yahoo.com. ( 2010052610 ; serial 10800 ; refresh 3600 ; retry 2592000 ; expire

Clarification on bind result

Hi , I have the following zone file: $ORIGIN td3497.com. @ IN SOA udns1.ultradns.net. ppk.yahoo.com. ( 2010052610 ; serial 10800 ; refresh 3600 ; retry 2592000 ; expire 86400 ; minimum ) cname.chain.td3497.com. 86400 IN CNAME mx.chain.td3497.com. mx.chain.td3497.com. 86400 IN MX 34

Clarification of statistics

Hi list, In an attempt to wrap my head around the statistics gathered and presented by the statistics-channel I created the following visio drawing: http://bildr.no/image/593944.jpeg I would be happy if someone with more knowledge of both DNS protocols and BIND in specific could verify what I