This is probably overblown:
On Mon, 23 Sep 2024, Lars Kollstedt wrote:
[...]
since the discovery of the real name of text.example.com (if this is
requestable from unvalidated source IP addresses - almost any source IP
address in
the "internet" has to be considered unvalidated - since there is
On 23.09.24 10:23, I wrote:
The attacker just needs to send requests for text.example.com IN TXT with the
forged IP of the victim, and the victim will get your hundreds of TXT records
under this name from your server for each of them.
s/forged/faked/g
;-)
--
Lars Kollstedt
Telefon: +49 61
On 23.09.24 08:07, Peter Davies wrote:
*From: *"Nagesh Thati"
*To: *"bind-users"
*Sent: *Mon
On 23. 09. 24 8:07, Peter Davies wrote:
*Additional Information:*
- Zone File Structure: The zone file contains a high number of TXT
records, particularly for infrastructure asset IDs.
*Request for Assistance:*
1. _Understanding the Limit:_ Is there a configurable limit in BIND that
restricts
Hi Nagesh,
Two new settings "max-records-per-type" and "max-types-per-name " were
introduced in BIND 9.18.28
See BIND 9.18.28 Release Notes at:
https://downloads.isc.org/isc/bind9/9.18.30/doc/arm/html/notes.html#notes-for-bind-9-18-28
The "max-records-per-type" default setting is 100.
https
> On 17 Sep 2024, at 22:39, Bischof, Ralph F. (MSFC-IS64)[AEGIS] via bind-users
> wrote:
>
> Hello,
> BIND 9.18.7
> RHEL 8.10 (Oopta)
> I am being asked if it is possible to differentiate the percentage of
> queries coming into a server that are unencrypted, DoT and DoH.
> Example: For
I think the reason for the REFUSED is pretty obvious
% dig +norec google._domainkey.socialinnovation.ca @173.245.59.231 txt
; <<>> DiG 9.21.0-dev <<>> +norec google._domainkey.socialinnovation.ca
@173.245.59.231 txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: RE
I’m sorry, but the message and the image doesn’t match. If you believe there is
a bug, please report it in a coherent way. Our GitLab has some guidances and
there are many guides on the internet on how to write good bug reports. I
particularly like Simon’s:
https://www.chiark.greenend.org.uk/~s
Ralph,
You already may be aware of the BIND webinar's put on by ISC and presented by
Carsten:
https://www.isc.org/docs/BIND_9webinar2.pdf
https://www.youtube.com/watch?v=7Uu6XvY68SM
If not, spend some time watching the video and would like to point out that
slide 12 lists several COTS vendors
Hi Ralph,
I don't believe this is presently possible but it's being considered for future
development. Please see the following Issue Ticket for more details:
https://gitlab.isc.org/isc-projects/bind9/-/issues/2748
Best,
Richard.
From: bind-users On Behalf Of Bischof, Ralph
F. (MSFC-IS64)[A
Am Mon, Sep 16, 2024 at 09:08:11PM +0900 schrieb Sakuma, Koshiro:
> Hello. Thank you for your quick response. Here is config.log file. And
> also, libatomic installed list on RHEL9.4 version.
{...}
> $ ./configure --prefix=/usr/local/bind/chroot --localstatedir=/var
> --sysconfdir=/etc --with
> gcc: warning: /usr/local/include: linker input file unused because linking
> not done
> configure:18448: $? = 0
> configure:18450: checking whether -latomic is needed for 64-bit stdatomic.h
> functions
> configure:18464: gcc -o conftest -g -O2 /usr/local/include conftest.c
> /usr/local/lib
Hi,
you have provided no information that can be used to debug this issue. You need
to send a full config.log and preferably also the full information on how you
are
invoking all of the commands, what is the hardware in the question and so on.
The only thing that I can tell from the two lines yo
Are you running NTP? (e.g. is your time correct on the device running bind?)
Forwarding to another recursive resolver or using hints?
I'm running Bind 9.18.29 on FreeBSD 14.1-p4 on a RPI4. No jails. (It runs
on RPI5 also)
I also have it setup to run unbound 1.21.0 for comparison. (BTW, that works
Hi Steven.
As you said, `listen-on {...;};` tells BIND which addresses to register for
incoming traffic. This can be a list, not just one address. Any query
received on (say) 10.0.0.1 will be responded to from the same address.
It is possible to choose which address to use for outgoing queries/fet
On 13/09/2024 16:14, Steven Shockley wrote:
Is there a way to tell BIND to listen (and respond) on a specific
interface? I already have listen-on { 10.0.0.1; }; (vlan101 IP) in the
config with nothing else listening.
BIND will send the response with a source address of 10.0.0.1, and it
hand
On 9/12/2024 9:20 PM, Steven Shockley wrote:
I'll try to run some tcpdumps inbound and outbound tomorrow, traffic
should be pretty light.
I did find something interesting that may or may not be related.
The machine is also the Internet gateway. One NIC has a vlan interface
for each network;
On 9/11/2024 2:11 AM, Ondřej Surý wrote:
Does this happen only with this specific domain or it happens with different
names too?
Thanks for the reply. It happens with many domains.
If you can reliably reproduce the problem, you can either bump up the debugging
(-d 9 argument to named) or c
particular I had fixed the parameter “nosuid”
on the /opt partition, that was it !
Now all is fine.
Thanks a lot for your time.
Best regards
De : Ondřej Surý
Envoyé : jeudi 12 septembre 2024 12:38
À : TABAKA Mathieu
Cc : bind-users@lists.isc.org
Objet : Re: ISC-BON 9.20.1 - Almalinux 9
Vous ne
returns NXDOMAIN (name does not exist)
> >>> ; *. RPZ processing returns NODATA (name exists but no
> >>> answers returned)
> >>> ; rpz-drop. No response is returned to the user query
> >>> ; rpz-passthru. This identifies an
Then I guess you have to look why the selinux policy hasn’t been installed.My first instinct would be to purge isc-bind package and re-install it again.Ondrej--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different. Please do not feel obligated to reply outside your
-3.el9.x86_64
isc-bind-bind-libs-9.20.1-1.1.el9.x86_64
isc-bind-bind-9.20.1-1.1.el9.x86_64
isc-bind-bind-utils-9.20.1-1.1.el9.x86_64
isc-bind-2-3.el9.x86_64
De : Ondřej Surý
Envoyé : jeudi 12 septembre 2024 12:31
À : TABAKA Mathieu
Cc : bind-users@lists.isc.org
Objet : Re: ISC-BON 9.20.1
Can you provide logs that you actually installed isc-bind and not just
isc-bind-bind package?
Because what you are reporting sounds exactly like this:
https://lists.isc.org/pipermail/bind-users/2022-June/106321.html
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours m
urned)
>>> ; rpz-drop. No response is returned to the user query
>>> ; rpz-passthru. This identifies an exception(a whitelisted name)
Well you are wrong. There are 4 special CNAME right hand sides. The rest can
be
used to re-write the response. This is docume
Hi Steven,
sorry to hear that.
Does this happen only with this specific domain or it happens with different
names too?
If you can reliably reproduce the problem, you can either bump up the debugging
(-d 9 argument to named) or capture the traces.
Are there any other log entries preceding the
On Tue, Sep 10, 2024 at 10:52 PM Mark Andrews wrote:
>
> > On 11 Sep 2024, at 12:10, Lee wrote:
> >
> > On Tue, Sep 10, 2024 at 6:17 PM Mark Andrews wrote:
> >>
> >> Comma is legal in a domain name. It isn’t legal in a host name which are
> >> a subset of domain names. Named-checkzone is working
> On 11 Sep 2024, at 12:10, Lee wrote:
>
> On Tue, Sep 10, 2024 at 6:17 PM Mark Andrews wrote:
>>
>> Comma is legal in a domain name. It isn’t legal in a host name which are a
>> subset of domain names. Named-checkzone is working exactly as it should.
>
> Except this isn't really a domain
On Tue, Sep 10, 2024 at 6:17 PM Mark Andrews wrote:
>
> Comma is legal in a domain name. It isn’t legal in a host name which are a
> subset of domain names. Named-checkzone is working exactly as it should.
Except this isn't really a domain name - it's a whatever-it's-called
in a response policy
Comma is legal in a domain name. It isn’t legal in a host name which are a
subset of domain names. Named-checkzone is working exactly as it should.
If the current origin is example.com. then comma expands to ,.example.com. as
it is treaded as a relative name.
--
Mark Andrews
> On 11 Sep 20
-users
Subject: RE: Sporadic Timeouts after upgrading to bind9.20
Correcting myself: event with { reuseport no; }; and UV_THREADPOOL_SIZE=12
still timeouts happen, but the situation improved a lot.
Regards
Klaus
From: bind-users
mailto:bind-users-boun...@lists.isc.org>> On
Behalf Of
Hey everyone,
thanks for bringing this up to our attention.
I would ask - if you have specific examples of domain names that fail to
resolve with cold cache, please either record them to the issue that Thomas
filled: https://gitlab.isc.org/isc-projects/bind9/-/issues/4921 or send them
here. It
Am Fri, Sep 06, 2024 at 09:27:21PM +0200 schrieb Ondřej Surý:
> Anyway - since you are hitting the 32 limit, perhaps bumping the limit to 100
> (the value before) would help in your case? I am guessing the resolver is
> being used for a limited set of clients and the chance of this specific abuse
-users
Subject: RE: Sporadic Timeouts after upgrading to bind9.20
From: Ondřej Surý mailto:ond...@isc.org>>
Sent: Friday, September 6, 2024 4:08 PM
To: Klaus Darilion mailto:klaus.daril...@nic.at>>
Cc: Petr Špaček mailto:pspa...@isc.org>>;
bind-users@lists.isc.org<mailto:bin
From: Ondřej Surý
Sent: Friday, September 6, 2024 4:08 PM
To: Klaus Darilion
Cc: Petr Špaček ; bind-users@lists.isc.org; Klaus Darilion via
bind-users
Subject: Re: Sporadic Timeouts after upgrading to bind9.20
Are your running with options { reuseport no; }; ?
You might want to try that
On Fri, Sep 06, 2024 at 09:12:51PM +0200, Ondřej Surý wrote:
! Now the question remains - why? I don’t really see a reason for this
! behavior from where I tested it, so what is the traffic between your
! recursor and the Internet during the time this happens?
Well, I can see why - but I don't kno
The original zone has NS records in two domains:
t-ipnet.de. 82632 IN NS dns20.dns.t-ipnet.de.
t-ipnet.de. 82632 IN NS dns02.dns.t-ipnet.de.
t-ipnet.de. 82632 IN NS dns00.dns.t-ipnet.de.
t-ipnet.de. 82632 IN NS pns.dtag.de.
t-ipnet.de. 82632 IN NS dns50.dns.t-ipnet.de.
And dtag.de has:
dtag.de. 61
Ok, so according to zonemaster:
https://zonemaster.net/en/result/7fc39ff8fc1766ac all the nameservers are in
the same zone. I am guessing that any intermittent failure can cause a lot of
outgoing queries.
Anyway - since you are hitting the 32 limit, perhaps bumping the limit to 100
(the value
Now the question remains - why? I don’t really see a reason for this behavior
from where I tested it, so what is the traffic between your recursor and the
Internet during the time this happens?
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please
On Fri, Sep 06, 2024 at 08:05:18PM +0200, Ondřej Surý wrote:
! Try using running `named -d 9 (plus other existing args)` to see why there
are 31+ queries. There must be something wonky going on.
!
Alright. "-d 9" does nothing.
Changing the named.conf does something:
channel named_log {
Try using running `named -d 9 (plus other existing args)` to see why there are
31+ queries. There must be something wonky going on.
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
>
On Fri, Sep 06, 2024 at 12:55:20PM -0400, Bob Harold wrote:
! Recently (2024/9/21) I ran into an issue that might be similar. Due to
! DDoS attacks that use complicated lookups to make DNS servers do extra
! work, to slow them down, some recent DNS server software has tightened the
! amount of 'wo
Recently (2024/9/21) I ran into an issue that might be similar. Due to
DDoS attacks that use complicated lookups to make DNS servers do extra
work, to slow them down, some recent DNS server software has tightened the
amount of 'work' that it will do on a single query before giving up and
returning
This one was accidentially not sent to the list, sorry!
On Thu, Sep 05, 2024 at 08:04:37PM +0200, Ondřej Surý wrote:
! I’m on my phone, so this is a long shot, but you can try disabling the qname
minimization.
Thank You for the suggestion, I can try this occasionally. Rather
I'd prefer to figure
From: Ondřej Surý
Sent: Friday, September 6, 2024 4:10 PM
To: Klaus Darilion
Cc: Klaus Darilion via bind-users
Subject: Re: Sporadic Timeouts after upgrading to bind9.20
Hmm, what is the churn in the zones? How often there’s IXFR and how large those
changes are?
Every 30 minutes. See logs
As there just was another IXFR, for the records, here is another trace with
debug symbols installed. Thanks
Klaus
PID 1605200 - process
TID 1605200:
#0 0x7b8ceb529ee0 epoll_pwait - /usr/lib/x86_64-linux-gnu/libc.so.6
#1 0x7b8cec52c9fa - 1 - /usr/lib/x86_64-linux-gnu/libuv.so.1.0.0
#
Špaček ; bind-users@lists.isc.org; Klaus Darilion via bind-users
Subject: Re: Sporadic Timeouts after upgrading to bind9.20
Ah, you’ve confirmed my suspicions: https://gitlab.isc.org/isc-projects/bind9/-/issues/4898
See https://gitlab.isc.org/isc-projects/bind9/-/issues/4898#note_487237 for
I just happened again. I have not yet installed the debug symbols.
I query the SOA every second with 1 second timeout. Here are the traces. I
happened a few times in a row.
Below are the traces.
I noticed the timeout happened during Bind9 starting an inbound IXFR:
Sep 06 07:20:55 named[1605200]
Yup, you need dbgsym packages?
https://ubuntu.com/server/docs/debug-symbol-packages
https://wiki.ubuntu.com/DebuggingProgramCrash#Installing_dbgsym_packages_from_a_PPA
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply
On 06. 09. 24 9:04, Klaus Darilion via bind-users wrote:
I play around with eu-stack. When I call eu-stack -p 1605200 -v (during
normal operations) the stacktrace looks meaningless to me (See below).
Do I need a certain parameter or do I have to install debug symbols?
Seems fine to me - you j
-Haringer-Straße 8/V
5020 Salzburg, Austria
From: Ondřej Surý
Sent: Wednesday, September 4, 2024 7:23 PM
To: Klaus Darilion
Cc: bind-users@lists.isc.org
Subject: Re: Sporadic Timeouts after upgrading to bind9.20
Klaus,
is that recursive or authoritative? Anything unusual like RPZ or catz?
Try
Well from here all the IPv4 addresses for the tel.t-online.de servers are not
responding.
That won’t be helping things. Also the servers are generating invalid
negative responses.
The SOA record in the response is the QNAME rather than the owner of the zone.
Also waiting
an hour to retry on S
I’m on my phone, so this is a long shot, but you can try disabling the qname
minimization.
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 5. 9. 2024, at 19:45, Peter wrote:
>
On Thu, Sep 05, 2024 at 07:05:29PM +0200, Ondřej Surý wrote:
! It’s impossible to answer your question as you haven’t provided
! absolutely no information about your problem. Perhaps if you provide
! detailed information about nature of the problem, your DNS
! configuration, and your network config
> On our production name servers we have check every 30s if bind
> is alive by sending a SOA query to bind. Today I upgraded a few
> nodes from 9.18.x (x between 17 and 27) to 9.20.1 (Ubuntu 24.04
> with packages from ISC ppa).
>
> Since that, we have sporadic timeouts (3s). On the nodes with
> mor
It’s impossible to answer your question as you haven’t provided absolutely no
information about your problem. Perhaps if you provide detailed information
about nature of the problem, your DNS configuration, and your network
configuration, we might be able to help you.
Ondrej
--
Ondřej Surý — IS
Hi Klaus,
this exact configuration is described in the KB:
https://kb.isc.org/v1/docs/en/aa-00206
But my recommendation is actually to use a dual-stack proxy in front of `named
-4` and use the PROXYv2 protocol to interact with named.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and y
Thank you all for your assistance.
The issue has finally been resolved. It turns out I was running BIND in a
chroot jail, and the /var/tmp folder was missing within the chroot
environment. This was the cause of the AD update denials.
On Tue, Aug 20, 2024 at 3:27 PM Petr Špaček wrote:
> Hi Nagesh
Darilion, Head of Operations
nic.at GmbH, Jakob-Haringer-Straße 8/V
5020 Salzburg, Austria
From: Ondřej Surý
Sent: Wednesday, September 4, 2024 7:23 PM
To: Klaus Darilion
Cc: bind-users@lists.isc.org
Subject: Re: Sporadic Timeouts after upgrading to bind9.20
Klaus,
is that recursive or authoritative
Klaus,
is that recursive or authoritative? Anything unusual like RPZ or catz?
Try snapshoting the call stack with eu-stack and save the one when the timeout
happens.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to
On 16.08.24 19:55, Tim Maestas wrote:
You need to have the delegation in the parent in order for the forwarding
to kick in. It can be bogus, but it has to be there. You'll find the same
behavior when you're authoritative for the root zone; any type forwarded
zones will need to also have NS in the
I can definitely remember having a performance difference between my container
and a vm. I never bothered to research it any further and thought maybe it was
related to older cgroups implementation, oc, or older distro.
>
> By any chance have you measured the performance difference between GNU
By any chance have you measured the performance difference between GNU
libc and MUSL?
Best Regards,
Taavi
smime.p7s
Description: S/MIME Cryptographic Signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this softw
> On 2. 9. 2024, at 15:22, Devpt Calmarsoft wrote:
>
> strip binaries or not
Oh god, don’t ever do that if you ever want my help with debugging.
Stripping the symbols is a horrible practice that should be not be done. It’s
ok to have a detached symbols that can be installed later, but if you
Le 02/09/2024 à 15:00, Marc a écrit :
I think this will copy duplicates, duplicates increase still layer
size so you have 2x size of a default /usr
Alpine is so small that I did not notice that ! thanks !
so you can only copy individual files
You are right, extra files appear in the diff! I wa
>
> I think this will copy duplicates, duplicates increase still layer
> size so you have 2x size of a default /usr
>
> so you can only copy individual files
>
> You are right, extra files appear in the diff! I was thinking that the
> files already present would be discarded. Copying
On Behalf Of Devpt
Calmarsoft
Sent: Monday, 2 September 2024 12:25
To:bind-users@lists.isc.org
Subject: Re: Updated Docker images (9.18, 9.20, 9.21) - now based on
Alpine Linux
I forgot to specify the runtime dependency packages (fixed Dockerfile
attached), I am sorry.
This is still minimal change
: Monday, 2 September 2024 12:25
> To: bind-users@lists.isc.org
> Subject: Re: Updated Docker images (9.18, 9.20, 9.21) - now based on
> Alpine Linux
>
> I forgot to specify the runtime dependency packages (fixed Dockerfile
> attached), I am sorry.
> This is still minimal chan
I forgot to specify the runtime dependency packages (fixed Dockerfile
attached), I am sorry.
This is still minimal changes, and the result is now 101MB, which is
still an interesting improvement (371MB before changes). Note that when
building, the intermediate image is visible.
Le 02/09/2024 à
Le 27/08/2024 à 19:52, Ondřej Surý a écrit :
What’s the size difference for you?
I mean if someone wants to play with our Dockerfile and there’s a
significant reduction is size, I would be convinced. But in a world,
where a mobile application that does absolutely nothing has 4 GB, I
feel like
> Having said that, I wonder if people have some preference or even policy
> which mandates specific base image?
Yes. We're using a certified ubi8-minimal image for the finalized
docker by mandate and a bit of preference. Base image is 90M deployed
with BIND 9.18.29 is 258M (uncompressed). In t
Hi,
this is a follow-up to the previous email. The change in the repositories will
happen
approximately after 15:00 UTC (17:00 CEST, 08:00 PDT, 11:00 EDT). We will start
upgrading the packages shortly after the time and it will take some time for the
packages to be built and published.
This appl
On 27. 08. 24 20:18, Ondřej Surý wrote:
There’s also human wear. I would like to see a proof that it helps to halve the
size of the image before someone spends time on this. As usual, contributions
are welcome.
We are probably going to integrate the Docker with the main repository to build
ea
Ok, thanks. I see the logging now and I got this:
27-Aug-2024 19:53:19.449 general: error: could not configure root hints
from '/usr/share/dns/root.hints': file not found
Then I checked the container:
bind9-1:/var/log/bind# docker exec -it bind9 /bin/sh
/ # ls -lha /usr/share/dns/
ls: /usr/sh
There’s also human wear. I would like to see a proof that it helps to halve the
size of the image before someone spends time on this. As usual, contributions
are welcome.
We are probably going to integrate the Docker with the main repository to build
each future tag and so on, so we might look
>
> What’s the size difference for you?
>
> I mean if someone wants to play with our Dockerfile and there’s a
> significant reduction is size, I would be convinced. But in a world,
> where a mobile application that does absolutely nothing has 4 GB, I feel
> like 130 MB is on the low side of the s
What’s the size difference for you?
I mean if someone wants to play with our Dockerfile and there’s a significant
reduction is size, I would be convinced. But in a world, where a mobile
application that does absolutely nothing has 4 GB, I feel like 130 MB is on the
low side of the scale.
Ondre
>
> > On 27. 8. 2024, at 18:57, Marc wrote:
> >
> > Afaik apk del \ does not free up space still.
>
> Right. That was not really my intention though. I wanted to reduce
> the amount of cruft installed in the image. The less binary stuff
> around, the less possible attack surface.
>
> But apk
For what it's worth this is how we build our dockers, with a builder
and then the runner. IMO it's cleaner that way and not much more
complicated. We'll continue to roll our own though so no real dog in
this fight.
Peter
On Tue, Aug 27, 2024 at 1:28 PM Ondřej Surý wrote:
>
> > On 27. 8. 2024,
> On 27. 8. 2024, at 18:57, Marc wrote:
>
> Afaik apk del \ does not free up space still.
Right. That was not really my intention though. I wanted to reduce
the amount of cruft installed in the image. The less binary stuff
around, the less possible attack surface.
But apk --no-cache should w
> On 27. 8. 2024, at 18:47, Ondřej Surý wrote:
>
> But I think you are right. The default logging goes to the syslog and there's
> no syslog
> in the container. I'm thinking about appending -L /var/log/bind/default.log
> to the CMD
> part of the docker (so it can be easily overridden).
I've j
>
> Sure, it’s not secret:
>
> https://gitlab.isc.org/isc-projects/bind9-docker
>
> Branches with history…
>
Afaik apk del \ does not free up space still.
If you work with builder phase, you can probably shave of some MB's
1 # Version: 0.0.1 - 3proxy
2
3 #
4 # Stag
Hi Dan,
I'm using podman instead of docker as it allows me to run the containers
unprivileged,
but this works now:
podman run -it docker.io/internetsystemsconsortium/bind9:9.18 -g -c
/etc/bind/named.conf
and the container (named in the container) prints all the logs to the stderr.
But I think
This morning, I had several internetsystemsconsortium/bind9:9.18
containers update and none of them would launch properly, they just kept
restarting.
The containers do no logging at all, and I couldn't determine any root
cause. I tried disabling mount points, adjusting permissions, etc.
Nothi
Sure, it’s not secret:
https://gitlab.isc.org/isc-projects/bind9-docker
Branches with history…
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 27. 8. 2024, at 14:04, Mi
On Tuesday, August 27th, 2024 at 4:21 AM, Ondřej Surý wrote:
> the Docker images have been updated to use Alpine Linux as the base image
> and the bind9 binaries are now compiled from the source while building the
> Docker images. This is more in-line with the expected Docker (Podman)
> workfl
> On 27 Aug 2024, at 06:04, Havard Eidnes via bind-users
> wrote:
>
>> On Mon, Aug 26, 2024 at 06:05:19PM +0200, Havard Eidnes via bind-users wrote:
>>> Thanks. I found it, and it's more than a little embarassing.
>>>
>>> This is what you get when not building with --with-libxml2: an
>>> "un
> On Mon, Aug 26, 2024 at 06:05:19PM +0200, Havard Eidnes via bind-users wrote:
>> Thanks. I found it, and it's more than a little embarassing.
>>
>> This is what you get when not building with --with-libxml2: an
>> "un-rendered" xsl file as a result, in essence just the content
>> of bin/named/x
On Mon, Aug 26, 2024 at 06:05:19PM +0200, Havard Eidnes via bind-users wrote:
> Thanks. I found it, and it's more than a little embarassing.
>
> This is what you get when not building with --with-libxml2: an
> "un-rendered" xsl file as a result, in essence just the content
> of bin/named/xsl.c.
> If I was debugging this I would:
> - compared strace output from working and non-working server
I did parts of that, ref. that other message I sent.
> Unfortunately you are the only person who reported this problem and I
> can't reproduce it either, so it's probably up to you to find needle
> i
Hi Petr,
great that you mention where to look into the code, I'm not familiar
with it yet. This is certainly what I'm looking for, the search
algorithm for a client IP to find its view. The lab test depends on an
investment in a Supernic (and the appropriate chassis/Motherboard/PCI
architectu
BTW,
I got an off-line question how the chrooting is done in my case,
i.e. whether the "chroot" program is used, or the "-t" option to
BIND is used.
In my case it's the latter:
-t directory
This option tells named to chroot to directory after processing
the com
On 26. 08. 24 9:19, Havard Eidnes via bind-users wrote:
Looking a bit further, I find in the XML output:
Server Status
Boot time:
So no actual value? Is there a required post-processing step
whi
On 25. 08. 24 9:20, Greg Choules via bind-users wrote:
Regarding view selection, I don't know exactly how the code works or how
efficient it is. But certainly I have seen some configs with a lot of
views and they seem to function OK.
Views are matched one by one, you can have a look at functio
Hi,
and thanks for the suggestions.
This is not an issue of broken clocks, all the involved machines
run ntp and have good sync status traceable to at least a GPS clock.
This does however appear to have something to do with the
chroot'edness of this particular installation, and it's evident that
>> Hi Håvard.
>> Have you tried a different browser?
>
> Not yet. Will do tomorrow.
Latest Chrome on MacOS: just the same; it displays the raw XML
which isn't exactly user-friendly.
Regards,
- Håvard
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC
Looking a bit further, I find in the XML output:
Server Status
Boot time:
So no actual value? Is there a required post-processing step
which is omitted? I see xsl is mentioned both here and in the
style
Hi there,
On Mon, 26 Aug 2024, Greg Choules wrote:
On Sun, 25 Aug 2024 at 21:06, Havard Eidnes via bind-users <
I've started testing 9.20.x.
... firefox ... version 120.0... informs me ...
This XML file does not appear to have any style information
associated with it. The document tree i
Latest Chrome/Safari/Firefox on MacOS as well and it looks good for me. I
haven't needed to clear cookies or browsing data or anything, it just
worked.
My 9.20.0 is running locally on the Mac, installed via homebrew. Maybe try
that and see what you get?
Perhaps it's something to do with the enviro
On further reflection I suspect broken clocks. Named uses If-Modified-Since to
determine
whether to resend the style file. Named uses the server’s start time as the
modification time
in that calculation.
> On 26 Aug 2024, at 11:06, Mark Andrews wrote:
>
> We are probably not properly managin
We are probably not properly managing the style sheet versioning correctly.
Flushing
the browser’s cache when you install a new version of BIND should fix the
display problems.
As for collectd there are differences in which stats are collected. You a
probably
looking for something that is no
1 - 100 of 1473 matches
Mail list logo
