Hi Håvard
Odd, it works for me. Try a literal copy/paste of the link below. Or go to
https://kb.isc.org and search for packages:
https://kb.isc.org/docs/isc-packages-for-bind-9
Cheers, Greg
On Wed, 19 Apr 2023 at 12:03, Havard Eidnes via bind-users <
bind-users@lists.isc.org> wrote:
> >>
>>and if I run straight "upstream" code, it's fairly straight-
>>forward to upgrade to this version, modulo, of course, the fact
>>that this involves building it from source.
>
> It may not be necessary to build from source. There are packages for
> some distros maintained by ISC
>
For CVEs, we have own site listing each and what is affected, what is
not and whether fix is already available. CVE-2022-3924 [1] is not yet
released in RHEL. Of course if you look into upstream notes to check
what we have fixed in our distribution, it won't work well. Watching
your own
On Tue, Apr 18, 2023 at 3:20 AM Havard Eidnes via bind-users
wrote:
>and if I run straight "upstream" code, it's fairly straight-
>forward to upgrade to this version, modulo, of course, the fact
>that this involves building it from source.
>
It may not be necessary to build from
> You do not have to sift through lists.
That depends entirely what one wants to do. I see a couple of
scenarios where that may be required:
1) Let's say someone has flagged to you as a BIND administrator that
your BIND installatin is susceptible to CVE-2022-3924. This
could be done via
Le 17/04/2023 à 20:40, Petr Menšík a écrit :
Ondřej,
it would be awesome if we could choose a higher quality release
instead to use for our longer support. But we lack any good metric to
choose one. So we update from time to time unless there is something
stopping us.
How could you
Ondřej,
it would be awesome if we could choose a higher quality release instead
to use for our longer support. But we lack any good metric to choose
one. So we update from time to time unless there is something stopping us.
On 4/17/23 14:49, Ondřej Surý wrote:
Petr,
while I understand that
You do not have to sift through lists. We provide quite detailed git
branch with each change we make. It has references to bugs related too.
I admit changes listed in release notes of bind9 releases are nicer. But
we do not hide what and why we do changes, publish them quite nice way
for c9s
> Our CentOS/RHEL 8 package are not just random BIND 9 snapshot.
Then please let me suggest that there is possibly an issue with
identification (customer said "9.16.23") and documentation of the
actual changes that are incorprorated in your distribution, compared
to the upstream-maintained patch
Petr,
while I understand that you are trying to do a great job maintaining
the BIND 9 packages for RHEL, it is what it is - a random snapshot
defined not by the quality of the chosen version but by the time
availability. This is made even more complicated by applying a set
of patches where the
DNSSEC with BIND 9.16
On 13/04/2023 17:17, David Carvalho via bind-users wrote:
Hi David,
Hello and thanks for the reply.
I enabled this repo in Oracle Linux 8 with: dnf copr enable isc/bind
Then I tried to install (dnf install isc-bind) but I got:
Error:
Problem: package isc-bind-1:2-3.el8
Our CentOS/RHEL 8 package are not just random BIND 9 snapshot. If he
wanted bleeding edge, he would use RHEL 9 or even Fedora. But he uses
conservative package I am looking after. While it may have some known
issues, it has all important fixes it needs. Can you please stop telling
people to
-Original Message-
From: Anand Buddhdev
Sent: 13 April 2023 16:48
To: David Carvalho
Cc: 'Bind Users Mailing List'
Subject: Re: Fully automated DNSSEC with BIND 9.16
On 13/04/2023 17:17, David Carvalho via bind-users wrote:
Hi David,
> Hello and thanks for the reply.
> I enabled thi
On 13/04/2023 17:17, David Carvalho via bind-users wrote:
Hi David,
Hello and thanks for the reply.
I enabled this repo in Oracle Linux 8 with: dnf copr enable isc/bind
Then I tried to install (dnf install isc-bind) but I got:
Error:
Problem: package isc-bind-1:2-3.el8.x86_64 requires
packages.
Kind regards
David
-Original Message-
From: Ondřej Surý
Sent: 13 April 2023 14:40
To: David Carvalho
Cc: Bind Users Mailing List
Subject: Re: Fully automated DNSSEC with BIND 9.16
> On 13. 4. 2023, at 15:25, David Carvalho via bind-users
> wrote:
>
> I'm using 9
> On 13. 4. 2023, at 15:25, David Carvalho via bind-users
> wrote:
>
> I'm using 9.16.23
Just don't.
ISC provides packages for major linux distributions
(https://www.isc.org/download/),
so there's really no reason to shoot yourself into foot to use a random BIND 9
snapshot provided by your
To: bind-users@lists.isc.org
Subject: Re: Fully automated DNSSEC with BIND 9.16
>1. Everytime I restart the service, it seems all these files are recreated.
How did you observe this? Just by file timestamps or actual content? And just
to be sure to ask the obvious: you are not manually remov
1. Everytime I restart the service, it seems all these files are recreated.
How did you observe this? Just by file timestamps or actual content? And just
to be sure to ask the obvious: you are not manually removing these files are
you? :)
-JP
--
Visit
Thank you so much!
Regards
David
-Original Message-
From: bind-users On Behalf Of Matthijs
Mekking
Sent: 11 April 2023 13:03
To: bind-users@lists.isc.org
Subject: Re: Fully automated DNSSEC with BIND 9.16
On 4/11/23 13:14, David Carvalho wrote:
> Hello and thank you so much for y
@lists.isc.org Subject: Re:
Fully automated DNSSEC with BIND 9.16
Hello David,
On 4/11/23 12:02, David Carvalho via bind-users wrote:
Hello, hope everyone is fine.
So it seems that going to Bind version 9.16 was the right call as
it simplifies DNSSEC a lot.
Nevertheless, I would like
domain?
I'll have to read more about ZSK, KSK and CSK rollovers. All of this is new to
me so far.
Thanks!
David Carvalho
-Original Message-
From: bind-users On Behalf Of Matthijs
Mekking
Sent: 11 April 2023 11:16
To: bind-users@lists.isc.org
Subject: Re: Fully automated DNSSEC
Hello David,
On 4/11/23 12:02, David Carvalho via bind-users wrote:
Hello, hope everyone is fine.
So it seems that going to Bind version 9.16 was the right call as it
simplifies DNSSEC a lot.
Nevertheless, I would like to clarify some things because our
organization has a parent domain and
Hello, hope everyone is fine.
So it seems that going to Bind version 9.16 was the right call as it
simplifies DNSSEC a lot.
Nevertheless, I would like to clarify some things because our organization
has a parent domain and I host my own e-mail servers. I know they had
problems while implementing
23 matches
Mail list logo