On 09/03/2023 21:25, Klaus Darilion via bind-users wrote:
[snip]
PS: Latest PowerDNS tries the NOTIFY source first. MAybe someone
knows how Knot and NSD behave?
Knot DNS only tries to refresh from primaries that sent the NOTIFY. It
doesn't even try the other configured primaries. However, if i
On 13/04/2023 17:17, David Carvalho via bind-users wrote:
Hi David,
Hello and thanks for the reply.
I enabled this repo in Oracle Linux 8 with: dnf copr enable isc/bind
Then I tried to install (dnf install isc-bind) but I got:
Error:
Problem: package isc-bind-1:2-3.el8.x86_64 requires isc-b
On 09/05/2023 22:23, Pacific wrote:
Hi Pacific,
Installing bind9 (9.18.14) on macOS Ventura (13.3.1) — install is
not creating a namedb directory nor can I find a boilerplate named.conf.
As far as remember, the bind install procedure doesn't create a named.conf.
--
Anand
--
Visit https://li
On 09/06/2023 17:26, Alessandro Vesely wrote:
Hi Alessandro,
Hi,
I have two WANs. As a leftover from the times when I had no IPv6
address, I was running named with -4 option. I just removed it a couple
of minutes ago. However, I still have IPv4 precedence in gai.conf:
precedence ::1/128
On 28/06/2023 20:44, Daniel Armando Rodriguez via bind-users wrote:
Hi Daniel,
[snip]
# ls -alh /etc/bind/zonas/
drw-r-S--- 2 bind bind 4,0K jun 28 14:55 .
drwxr-sr-x 3 root bind 4,0K jun 28 15:06 ..
-rwxr-xr-- 1 bind bind 323 ene 16 10:59 133.45.210.170.in-addr.arpa
-rwxr-xr-- 1 bind bind 3
On 29/06/2023 14:13, Daniel Armando Rodriguez via bind-users wrote:
[snip]
Error is not the same as before, I see it know (fresh eyes maybe)
Jun 29 08:42:37 web kernel: [5679658.761672] audit: type=1400
audit(1688038957.685:548): apparmor="DENIED" operation="mknod"
profile="named" name="/etc
similar records could
also be suppressed, but dig currently doesn't.
Do you think that dig should be adjusted to suppress cryptographic
material from other records such as TLSA, SSHFP, CDNSKEY, CDS, etc, and
the man page updated to reflect this?
Regards,
Anand Buddhdev
--
Visit https://
On 22/09/2023 15:03, Marco Davids (SIDN) via bind-users wrote:
Hi Marco,
It reminded me that that there is such thing as a .digrc file, that
perhaps not all of the readers are familiar with.
Mine has this content:
+bufsize=1232
+dnssec
+nocrypto
+multi
-t
It serves me well, mostly. Som
On 25/12/2023 02:56, Francisco Obispo via bind-users wrote:
Hi Francisco,
[snip]
fobispo@mail:~$ host -4 -C id.iq
id.iq has no SOA record
Nameserver 64.96.1.1:
id.iq has SOA record ns.tucowsregistry.net. ops.tucowsregistry.net.
1703469021 1800 900 604800 86400
Nameserver 64.96.2.1:
On 11/01/2024 12:58, trgapp16 via bind-users wrote:
Hi Mounika,
[snip]
-->With help of the private key i generated one file with name
"named.conf.tsigkeys" at
/etc/bind -
root@dhcpt:/etc/bind# cat named.conf.tsigkeys
key "my-tsig" {
algorithm "ECDSAP256SHA256";
secret "ESkrVALONh
s to hmac-md5 (documented in the nsupdate
man page).
Regards,
Anand Buddhdev
RIPE NCC
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ f
On 04/03/2024 13:56, Jiaming Zhang wrote:
Hi Jiaming,
Recently I was trying to upgrade bind from 9.16 to 9.18. However, running
`./configure` return an error stating the `libuv` was not found. I have this
library installed (version 1.41.1) via dnf, and can can find it using `rpm -ql`
which s
On 04/03/2024 14:06, Jiaming Zhang wrote:
Then I should download the source, there's no devel package for this one in the
repo.
That's not necessary. Oracle Linux keeps many of the -devel packages in
its "codeready_builder" repository, which is not enabled by default. As
root, you need to r
Hi John,
You can try something like:
dig +norec +opcode=notify soa @server
Regards,
Anand
On 19/03/2024 22:24, John Thurston wrote:
I can use dig to request a zone transfer:
dig AXFR foo.com
I am unable to find a simple way to craft a NOTIFY message. Can anyone
help me out?
--
Visit htt
Your logs show error messages about missing Kerberos credentials files.
Did you notice and investigate those errors, and compare the state with
your CentOS 7 system?
On 08/08/2024 14:23, Nagesh Thati wrote:
Hello Guys,
Any help is much appreciated.
Thanks
Nagesh
--
Visit https://lists.isc.or
On 13/09/2024 16:14, Steven Shockley wrote:
Is there a way to tell BIND to listen (and respond) on a specific
interface? I already have listen-on { 10.0.0.1; }; (vlan101 IP) in the
config with nothing else listening.
BIND will send the response with a source address of 10.0.0.1, and it
hand
On 17/02/2012 20:15, Gaurav kansal wrote:
Gaurav,
> I want to know how AKAMAI works
First of all, don't use so many question marks; one is enough. And use
it only if you're actually asking a question, not when stating something.
> May be this is not the right forum to ask but I am asking th
kes the
nserver: lines from them, and inserts the records into the appropriate
parent zones. Therefore domain objects are not merely informational;
they are necessary.
Regards,
Anand Buddhdev
RIPE NCC
___
Please visit https://lists.isc.org/mailman/listinf
or them when they are first added to the
configuration.
Regards,
Anand Buddhdev
RIPE NCC
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On 19/03/2012 18:49, hugo hugoo wrote:
> thanks for this quick answer.
> I am a liitle bit lost...
>
> What is the starting and ending SOA record?
>
> In the original zone, there is ony one SOA record...
The SOA record at the end signals the end of the zone transfer.
Regards,
Anand
stion doesn't
provide any useful information for anyone to even begin guessing at the
problem. First of all, learn how to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html
Next, try looking at the logs of your BIND server; perhaps it has logged
the re
On 21/03/2012 09:41, Matus UHLAR - fantomas wrote:
> maybe the admin set that up to force local servers using random ports,
> instead of 53, for outgoing requests. Nobody should use port 53 for
> _ougtoing_ requests.
You're wrong. A name server can use any source port from 1 up to 65535
for an ou
block it, the victim will not be able to
> talk to your name servers.
As Stéphane says, do not block the address. It's probably better to
rate-limit the address. You can do that on your server with iptables
(Linux) or ipfw (*BSD) or on your router.
Rega
ve any firewalls or router ACLs blocking DNS back to IPv6 addresses in
your network?
I also note that kingstonmass.org has delegation to 2 name servers in
the ORG zone, but 3 name servers at its apex. The additional name
server, mns01.domaincontrol.com, gives a REFUSED response to a query for
the do
no journal. Both your servers
should be setup as masters in this case. Journals are normally created
only when a zone is a slave, or receives dynamic updates.
Can you show us the configuration of this zone on both servers?
Anand Buddhdev
RIPE NCC
___
P
Hi Dustin,
"allow-query { localhost; }" limits queries to localhost. You need to
add your users' network(s) to that ACL.
On 13/04/2012 00:38, Dustin Moon wrote:
> Any Reason people could see why this config would not allow remote
> systems that can ping this server to do lookups on it?
>
>
> /
set of the given range (
> 10.0.0.2 for example ), yet when I configure that IP:
>
> listen-on { 10.0.0.2; };
>
> Bind won't listen on that interface:
>
> "named[15035]: not listening on any interfaces"
That
iple updates arrive within the same second, then BIND just adds
+1 to the existing serial number, so that for brief periods, the unix
time will be in the "future". However, as time advances, the serial
number will soon be in the past, allowing new updates to set the serial
back to curr
CNAME chain from
server B back to A to look up records in titi.be.
Regards,
Anand Buddhdev
RIPE NCC
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On 10/05/2012 17:20, Daniel Ryšlink wrote:
> What's the point of DNSSec when resolver administrators configure
> exceptions on regular basis? If you can't be sure when your resolver
> does or does not validate, why having signed zones in the first place?
> It's just seems to be another "shared ill
On 16/05/2012 21:52, Saif Ahmed wrote:
> Hi,
>
> We have multiple slaves serve our zone,
>
> Is it possible to configure different TSIG key for each slave to allow AXFR
> our zones.
>
> anyone could advice if yes and how to configured it.
Hi Saif,
You can use something like this in your co
named >/dev/null 2>&1 || true
> end script
>
> exec /usr/sbin/named -u bind
Replace this with "exec /usr/sbin/named -f -u bind"
> pre-stop exec rndc stop -p
>
> post-stop exec logger -p user.warning -t upstart-bind "bind stopped"
>
> e
On 26/10/2013 00:53, Michael Sinatra wrote:
> I usually maintain the latest BIND on my Mac using MacPorts. It looks
> like you can still do that on Mavericks, but there some work
> (http://www.ghostwheel.com/merlin/Personal/notes/2013/10/05/macports-on-mavericks/)
> you have to do--MacPorts doesn
Hi people,
I'm using BIND 9.9.5 with views. In one of my views, I have something
like this:
view name {
match-destinations {
192.0.2.1;
};
If I have a "listen-on port 65353 { 192.0.2.1; };" statement in the
options section, can I also get BIND to direct queries into this view
bas
On 30/04/2014 22:14, Ali Jawad wrote:
> Hi All
>
> I did compile latest stable 9.9.5 on Centos 6 and it worked just fine. What
> I need to do now is enable the geo ip patch. I have done it before for
> earlier versions, however for the latest Bind release the available patch
> is failing. And 9.
On 25/05/2014 16:58, micah wrote:
> zone "example.net" {
> type master;
> allow-transfer { key tsig.key.; };
Here's your mistake. You've written tsig.key, whereas your key is called
tsig-key. Those names don't match.
> also-notify { ip.address.here.x; };
> file "/
On 26/05/2014 01:53, Mark Andrews wrote:
Hi Mark,
> Actually that isn't the mistake as they are both run through
> dns_name_fromtext which will normalise them before comparison.
I didn't know that. Does this mean that dots and dashes are equivalent
or irrelevant in tisg key names?
Regards,
Anan
On 28/06/2014 10:38, Johannes Kastl wrote:
> Another idea I had was using stunnel to tunnel just one port from
> the home lan to the vserver. But I would need to tell bind to only
> use TCP, as stunnel is only able to handle TCP.
>
> Can I tell bind to only use TCP for zone transfers? Hmm, I'll g
On 09/07/2014 13:21, Reindl Harald wrote:
> dunno, but i perfer text-format anyways
>
> * masterfile-format text; * delete the zone file on the slave *
> restart the slave
Plain text zone files are fine if you have a small number of zones, or
small zones. But for servers with large numbers of zo
On 16/08/2014 04:55, Bill Christensen wrote:
> Interesting. I'm running BIND 9.10.0-P2. Apparently the package system
> I'm using (MacPorts) isn't updating the root servers file though.
>
> I'll report the problem there. Meantime, I'll download the recent one
> and see if that makes a differen
Hello people,
I've been trying to figure out how to use dig in a shell script to send
a bunch of queries, and then parse the output with awk. I have a file
called "myzones" containing the zones I want to query:
example.com
example.org
example.net
If I run:
dig @server -t soa +norec +noall +ques
On 17/09/2014 13:57, Mark Andrews wrote:
Hi Mark,
> awk '$5 == "status:" { rcode = $6 } $3 == "SOA" { print $1, rcode }'
So with "+noall +comments +question" and this bit of awk, I can get a
pretty list containing ";zone RCODE," pairs :)
Thanks!
Anand
__
Hi BIND developers,
I've just downloaded and build BIND 9.10.1, and I noticed something. The
size of the generated libdns.so.146.0.2 file is 2046056 bytes. In my
previous build of 9.10.0-P2, the size of libdns.so.142.2.2 is 6658892.
That's a massive reduction in size. Did you guys suddenly delete
On 24/09/2014 17:56, Evan Hunt wrote:
> On Wed, Sep 24, 2014 at 09:23:51AM +0200, Anand Buddhdev wrote:
>> I've just downloaded and build BIND 9.10.1, and I noticed something. The
>> size of the generated libdns.so.146.0.2 file is 2046056 bytes. In my
>> previous build
#x27;t (?)
Speaking as the operator of K-root, I can confirm that K allows zone
transfers. That's why this query works.
Regards,
Anand Buddhdev
RIPE NCC
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
-servers.net"? Or is there a better choice for
> the long term?
If you wanted your script to be robust, then you would program it with
the names of all 13 root name servers, and have it try the zone
transfers from a random server each time, and trying another one in case
of failure.
H
they don't understand, so it's the same with the EXPIRE and
SUBNET options as well.
Regards,
Anand Buddhdev
RIPE NCC
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users ma
On 22/01/15 23:30, Tommy Borginger wrote:
Hi Tommy,
> We get the following error during start of bind. The problem we
> suspect is that the machine or bind thinks the Danish and Swedish letter
> "ö" is the same.
>
> This is the error showing up in syslog:
>
> loading configuration from '/etc/bi
On 23/01/15 14:34, Job wrote:
> Hello,
>
> is there a way to reload a single VIEW (not a zone, but a view), for
> example when i change the match-clients directive?
>
> I notice that, on huge load servers, issuing "rndc reload" is very
> heavy for the machine.
reload is heavy because it tries t
I'm parsing BIND logs to extract the XFR size in bytes of a zone, and
was just bitten by this sequence:
02-Apr-2015 04:27:10.393 xfer-in: transfer of './IN' from
2001:67c:2e8:5::c100:c6#53: failed to connect: timed out
02-Apr-2015 04:27:10.393 xfer-in: transfer of './IN' from
2001:67c:2e8:5::c100:
r start services under certain condition. I don't have all the
URLs handy, but I'm sure you can search for all these things.
Regards,
Anand Buddhdev
RIPE NCC
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
in the global "options" area?
Finally, why is this setting defaulting to "yes"? If it's for BIND8
compatibility, isn't it time it defaulted to "no"?
Regards,
Anand Buddhdev
RIPE NCC
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
iEY
On 14/05/15 22:02, Bischof, Ralph F. (MSFC-IS40)[NICS] wrote:
Hi Ralf,
> symptoms I am seeing is that a dig command sends out several queries
> with EDNS and bufsize of 4096. The server on the other side of this
I think this is the pertinent point. You're testing with dig, but dig
doesn't fallba
how to debug zone transfer failures, and perhaps also tune BIND for more
resiliency in the face of poorly configured master servers.
Regards,
Anand Buddhdev
RIPE NCC
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
ide a hints file. BIND's built-in list is updated by ISC
whenever root name server addresses change, or when IPv6 addresses are
added, for example.
This makes your configuration a bit simpler, and you don't have to care
about keeping your hints file up to date.
Regards
On 17/06/15 15:00, Matus UHLAR - fantomas wrote:
Hi Matus,
> well, the hard-coded hints file changes whenever new BIND release gets out,
> while the bungled hints file may be updated by packagers or manually.
>
> I'd say that the bundled hints file is likely to be newer than the
> hard-coded one
ly.
So what could cause these SOA lookup failures in BIND on one server, but
not another? Could the developers tell me how BIND does SOA queries over
UDP, and is there any way to mimic this with dig?
Regards,
Anand Buddhdev
RIPE NCC
___
Please visit
On 13/07/15 21:31, Anand Buddhdev wrote:
> So what could cause these SOA lookup failures in BIND on one server, but
> not another? Could the developers tell me how BIND does SOA queries over
> UDP, and is there any way to mimic this with dig?
Oops. I just noticed Cathy Almond's res
On 24/07/15 17:52, Mark Elkins wrote:
> TSIG is a step towards better security. Rather learn how to use it than
> go backwards. I see TSIG as a step towards DNSSEC...
I also agree with this principle. At the RIPE NCC we've been trying to
get all the operators we provide secondary for to use TSIG.
On 03/08/15 16:50, Heiko Richter wrote:
Hi Heiko,
> Why use the "file" option at all on a slave?
If you don't use the "file" option on a slave, then BIND does not write
the zone to disk. This is okay for a small number of small zones. But if
you have many zones, or they are large, then you usual
On 09/08/15 02:31, Leandro wrote:
Hi Leandro,
> but after install
> yum install json-c
> it still complains about :
> checking for json library... configure: error: include/json{,-c}/json.h
> not found.
yum install json-c-devel
Regards,
Anand
___
Plea
On 26/10/15 13:50, Bhangui, Sandeep - BLS CTR wrote:
Hi Sandeep,
> At this point I am not clear whether this is an issue with our
> Internal Network or something beyond our control.
First question: have you looked at the BIND logs on your internal resolvers?
> A. The following link works fine f
On 06/12/15 06:59, Ejaz wrote:
Hi Ejaz,
> I have implemented new slave server and wanted to get all the 2000 zones
> from primary/master server to the new slave one. But zone file some time
> comes with empty records and sometimes appears as below, Any idea Would be
> highly appreciated.
You
On 10/12/15 00:32, blrmaani wrote:
Hi Blr,
> I would like to put 4 DNS masters behind a vip and have several
> slaves doing the zone transfer from the VIP-IP. Is this normal?
>
> The usual approach is to have slaves getting zone transfers from
> multiple masters. What is the disadvantage of havi
On 23/03/16 14:51, Tony Finch wrote:
>> With systemd the methodology isn't that BIND notifies other things that
>> it is up. It is that other things, if dependent upon BIND, have in
>> their systemd files a requirement that BIND be up before they start.
>
> Yes, but how does systemd know when BI
On 24/04/16 21:04, jaso...@mail-central.com wrote:
Hey Jason,
> checking with dig, it's NOT in 'TXT' where I expected it
>
> dig TXT example.net +short
> (empty)
You added a TXT record for the name test.example.net, but you're looking
for it at the name example.net. Of cours
On 25/04/16 17:59, Sean Son wrote:
Hi Sean Son,
> I know I emailed the list about compiling BIND on a SystemD distro earlier
> last month. This time I have a different question. After I compile BIND9 on
> CentOS 7 , how do I get it to start up at boot time and how do I restart
> it? I don't want
On 25/04/16 22:23, Ali Jawad wrote:
Hi Ali Jawad,
> I do have a very specific requirement for private/public zones and based on
> a user tool the users "hundreds in corporate environment" get either public
> or private zone, the tool simply writes to an ACL file, my problem is that
> the only way
Hi Jonathan,
If it's a /23, may I suggest creating two reverse zones, for each of the
/24s in that prefix? It's much simpler.
RFC 2317-style delegation, while possible for a /23, was designed for
IPv4 prefixes smaller than a /24.
Regards,
Anand Buddhdev
RIPE NCC
On 25/05/16 11:37
On 27/05/16 10:25, Harshith Mulky wrote:
Hi Harshith,
> If I have the following configuration in Bind server inside named.conf
>
> zone "e164.arpa" IN {
> type master;
> file "e164.arpa";
> };
>
> zone "1.e164.arpa" IN {
> type master;
> file "e164.arpa";
> };
>
On 16/09/16 09:06, Tom wrote:
Hi Tom,
> Using BIND 9.10.4-P2: I've a question about configuring DNS-RPZ and views:
> I configured view1 and view2. After configuring all rpz-zones in both
> views, I had errors like this (slave file in view2 is already in use
> from view1):
> config: error: /etc/na
Hi BIND developers,
We build our own RPMs of BIND, and ever since the 9.9 builds, we have
been setting -DISC_SOCKET_MAXEVENTS=256. This is based on advice we
received from someone at ISC.
Is this setting still relevant in BIND 9.16?
Regards,
Anand
___
On 20/02/2020 09:08, Ondřej Surý wrote:
Ah, thank you for this Ondrej! I've adjusted our spec file, and removed
the define.
> Hi Anand,
>
> on the contrary, we set tuning to large by default (it’s default or
> small now), so with the define you are actually setting it to lower value:
>
> #ifnde
Hi BIND developers,
The 9.16.1 release notes say:
"The system-provided POSIX Threads read-write lock implementation is now
used by default instead of the native BIND 9 implementation. Please be
aware that glibc versions 2.26 through 2.29 had a bug that could cause
BIND 9 to deadlock. A fix was re
Thank you for your swift and clear response Ondrej!
Regards,
Anand
On 18/03/2020 15:35, Ondřej Surý wrote:
> Hi Anand,
>
> yes, it is. The broken code was introduced in the glibc 2.26, and generally
> RedHat/CentOS/Fedora/Debian libc6 already has the required patches.
>
> Ubuntu 18.04 (and de
On 24/03/2020 20:44, Bhangui, Sandeep - BLS CTR via bind-users wrote:
Hi Sandeep,
[snip]
> As far as I can tell has the libuv library packageis installed on this
> RHEL 7.X machine.
>
> sh-4.2# rpm -qa | grep -i libuv
>
> libuv-1.34.0-1.el7.x86_64
This package contains just the runtime l
/dev/fd/42
and named-checkzone reads the "file" /dev/fd/42, getting the
decompressed data.
Regards,
Anand Buddhdev
RIPE NCC
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On 17/04/2020 17:02, Karl Pielorz wrote:
Hi Karl,
> I seem to remember we got 'bitten' by large memory use when moving from
> a previous version of bind - do you have 'max-cache-size' set in your
> config?
It's an authoritative-only server, so there is (almost) no caching involved.
Anand
__
On 21/04/2020 17:05, Petr Bena wrote:
Hi Petr,
> So when someone changes zone on A via nsupdate, NOTIFY and subsequent
> IXFR goes like this: A -> B -> C instead of:
This is just fine. There are many DNs setups organised like this. Your
configuration isn't unique or strange.
> What confuses me
On 01/06/2020 20:08, DeCaro, James John (Jim) CIV DISA FE (USA) via
bind-users wrote:
Hi Jim,
Installed BIND 9.16.3 and I discovered that the SMF dns/server is
trying to read named.conf from /usr/local/etc/:
"/usr/local/etc/named.conf: file not found". I am trying to figure
out how point name
On 08/06/2020 07:13, ShubhamGoyal wrote:
Hi Shubham,
Dear all,
I want to ask about bind DoH
Implementation by proxy server,
Is there any Documentation of DoH
Implementation.
Hi folks,
I'm running an authoritative server on BIND 9.16. It gets about 3500
q/s, of which around 200 q/s are over TCP. At least, this is what DSC
reports (DSC is a libpcap application sniffing traffic independent of BIND).
In my named.conf, I have set:
reserved-sockets 1000;
tcp-clients 9
On 16/06/2020 20:17, Tony Finch wrote:
Hi Tony,
16-Jun-2020 15:21:58.815 general: Accepting TCP connection failed: socket is
not connected
What does this log message mean?
I think this error comes from getpeername() and it can occur if the
connection is closed between accept() and getpeerna
On 09/07/2020 11:01, Duleep Thilakarathne wrote:
Hi Duleep,
I have configured bind with IPV6 support enabled. However bind does not
listen to IPV6 address. Any particular reason.is there any place to enable
IPV6 support other than named.conf.
Version : BIND 9.11.4-P1 (Extended Support Version)
On 09/07/2020 12:08, Adrian van Bloois wrote:
Hi Adrian,
Run "journalctl -u named" to see any systemd logs for this unit. Also
look in /var/log/messages to see what (if anything) BIND has logged to
syslog. Finally, you would help yourself and everyone else to help you
better if you show your
On 09/07/2020 12:56, Duleep Thilakarathne wrote:
Hi Duleep,
After starting BIND, can you examine its log entries? It should print
all the addresses it is binding to, eg:
09-Jul-2020 13:50:57.674 listening on IPv4 interface lo0, 127.0.0.1#53
09-Jul-2020 13:50:57.676 IPv6 socket API is incomple
On 09/07/2020 14:21, @lbutlr wrote:
Given a domain that is hosted and used for email and web, is an A
record for that domain actually required?
It's not *required*. But see below.
That is, if bob.tld is hosted by example.com can you simply have
NS ns1.example.com
NS ns2.exam
On 09/07/2020 16:06, Matthew Richardson wrote:
On a related issues there were (perhaps long ago) issues if the A record
for a domain had an SMTP server on it, where email could sometimes be
delivered to that A record rather than the MX. I had (again long ago:
10-15 years) actually seen this occ
On 22/07/2020 15:06, Josef Moellers wrote:
Hi Josef,
named complains about the missing file /etc/bind.keys if run chrooted:
unable to open '/etc/bind.keys' using built-in keys
What is the preferred way around this? Add "/etc/bind-keys" to
NAMED_CONF_INCLUDE_FILES?
Or just ignore the warning,
On 22/07/2020 15:30, Josef Moellers wrote:
Or just ignore the warning, and let BIND use its built-in keys.
If /etc/bind.keys contains some additional keys, this will not work ;-)
Sure, but what additional keys do you expect this file to contain? Are
you serving an alternate signed root zone
On 22/07/2020 16:51, Josef Moellers wrote:
It turns out that it is mainly the warning the partner is irritade about.
So, let me put the question the other way round: what would happen if we
*always* copied /etc/bind.keys to the chroot environment? If there would
be no harm, I could easily add t
f "tsig-keygen". You will find the
answer in there.
Regards,
Anand Buddhdev
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subsc
On 25/08/2020 16:29, Brad Stevenson wrote:
Hi Brad,
I would like to have the behavior of the reverse lookup responses to only
include the hostname, not the hostname with the reverse zone appended. So
for example:
# nslookup 192.168.2.206
206.2.168.192.in-addr.arpa name = server1.ctois.lo
On 05/11/2020 14:02, rams wrote:
Hi Ramesh,
> What is the latest bind version for Centos 7?
> Where we can download it?
"yum info bind" will give you all the information you need.
Regards,
Anand Buddhdev
___
Please visit https://lists
On 21/11/2020 21:53, upen wrote:
Hi Upen,
> Could you someone guide me to troubleshoot this further? Thank you for the
> list.
Your instance of BIND is probably logging to syslog. Look for these logs
(usually /var/log/messages), and see what BIND is logging. It may shed a
light on the problem.
one through an awk script to filter out these records, but
it would be nice if I could tell dig itself to suppress them.
Regards,
Anand Buddhdev
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC fund
Hey Daniel,
That's *exactly* what I was after! Thank you :)
On 07/12/2020 08:25, Daniel Stirnimann wrote:
> Hello Anand
>
> this works for me:
>
> dig -k KEY @PRIMARY ZONE +noall +answer +noidnout +onesoa AXFR
___
Please visit https://lists.isc.org/m
Hi Cameron,
We do something like this for our zones. In our zone repository, I have
a script called "checkzones". I can run it any time in my checkout of
the repository, and it checks all the zones for various things. For
example, it checks for implicit owner names, missing TTL, etc. It also
runs
Sure, Cameron. However, since it's no longer BIND-related, I'll email
you off-list.
Anand
On 08/12/2020 22:58, Cameron Banowsky wrote:
> Thank you Anand,
>
> Would it be possible to look at your script and gitlab-ci yaml? This is
> incredibly helpful. Thank you so much.
> Cameron Banowsky
> S
Hi Gaurav,
You can transfer the "in-addr.arpa" and "ip6.arpa" zones from these servers:
iad.xfr.dns.icann.org
lax.xfr.dns.icann.org
For the full list of zones provided by ICANN, check out this page:
https://www.dns.icann.org/services/axfr/
Regards,
Anand
On 12/12/2020 13:39, Gaurav Kansal wro
1 - 100 of 227 matches
Mail list logo