is there a known hack to extract keys from opendnssec/openhsm to use for
bind bitw inline-signing?
Assuming you mean SoftHSM (i/o openhsm), no, I don't think so, at least not
when using its default settings. (That is one of the main features of an HSM --
to keep the keys safe -- although there a
What is possible is to have BIND use PKCS#11 to use the keys stored in SoftHSM.
I should have added that a key rollover is possible from one to another. The
basic idea is to create new keypairs in BIND (dnssec-keygen) and then import
them key into SoftHSM for a rollover in OpenDNSSEC. Once that
You would probably need to attach your entire named.conf file (with
sensitive bits (keys and the like) redacted
named-checkconf -px
is your friend: prints out the named.conf and included files in canonical form
if no errors were detected and obscures shared secrets by replacing them with
str
is it possible to restrict dynamic dns updates to one domain?
I think 'name' is what you're after:
grant key-name name host1.example.de. A;
You will be aware that the type list can take multiple space-separated values.
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-u
I always was quite sure that Bind will request XFR from the Primary that sent
the NOTIFY.
my understanding has always been that the primaries are tried in configured
order.
Looking forward to hear which is actually correct. :)
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-
Have you checked whether there is a bind.*dnssec-utils package? I stumbled
across this with a RHEL-type Linux recently...
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptio
1. Everytime I restart the service, it seems all these files are recreated.
How did you observe this? Just by file timestamps or actual content? And just
to be sure to ask the obvious: you are not manually removing these files are
you? :)
-JP
--
Visit https://lists.isc.org/mailman/listi
I'd like to stop them from sending notifies when they transfer in a
zone. Neither "notify no;" nor "notify primary-only;" seems to do
it.
Maybe set `notify no' (or `notify explit') globally in options{} and then
enable notify on a case-by-case on statically configured zones on the
secondary?
I'm in the process of migrating a modest number of zones from one signer
(OpenDNSSEC) to another (Knot-DNS). (The KSKs are identical so that should not
be an issue for this question.)
Each of the signers have a catalog (manually maintained for ODS, automatically
for Knot) which is transferred
Any ideas?
is this the point at which I confess I've only now read about Change of
Ownership (coo) [1]?
-JP
[1] https://bind9.readthedocs.io/en/latest/chapter6.html#change-of-ownership-coo
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC fu
And yes, you can automate this with nsupdate to old and new catalog,
Brilliant, Petr, thank you.
I saw some of the loviest log messages this week during coo from k-catz to
t-catz:
zone t-catz/IN: transferred serial 10: TSIG 't'
catz: t-catz: reload start
catz: updating
Apr 30 05:33:48 keef named[7473]: catz: zone 'gshapiro.net' uses an invalid
primary (no IP address assigned)
Apr 30 05:33:48 keef named[7473]: catz: error "failure" while trying to
generate config for zone 'gshapiro.net'
The way I read this is it's complaining about `gshapiro.net', i.e. one of
1. since I use HSM(now is softhsm) to store the DNSSEC key, does it more
insecure to convert the key(s) from HSM to .private file with
dnssec-keyfromlabel ?
keys are not actually 'converted' with this utility; instead the .private file
links to the corresponding private (and typically unexportab
IPv6 PTR records are simply reversed.
easier said than done, for some of us. I use BIND's arpaname(1) utility which
does the work for me:
$ arpaname 2001:db8::1
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.B.D.0.1.0.0.2.IP6.ARPA
-JP
--
Visit https://lists.isc.org/mailman/listinfo/
After the first automated
name change, my zone file was unformatted. I lost the comments and more
than 500 occurrences of the ORIGIN parameter were inserted.
Configuring dynamic DNS updates on a zone means that named takes control over
how the zone file is (periodically) rewritten to disk. There
> For My internal DNS setup i want to create a internal root hint file .
> Should i follow the pattern of standard root hint file ?
Yes, create your own hints zone containing one or more NS RRsets with
their respective glue. Something along these lines:
.360 IN NS
> What is the starting and ending SOA record?
>
> In the original zone, there is ony one SOA record...
The "starting" SOA is the SOA in your zone. The final SOA is used to
indicate end-of-transfer and is a copy of the first; you can safely
ignore it or, as Michael pointed out, supress it.
> The question is: how to generate the name of a nzf file?
> Is there a tool or an easy way?
The code is in lib/dns/view.c
if (allow) {
char buffer[ISC_SHA256_DIGESTSTRINGLENGTH + sizeof(NZF)];
isc_sha256_data((void *)view->name, strlen(view->name), buffer)
> What is the best way to log DNSSEC failures in Bind without enforcing
> DNSSEC validation?
>
> That is I want to see what Bind would have rejected because of failed
> DNSSEC validation, but I do not want to return SERVFAIL to my client.
I don't think that is possible without modifying the clien
Augie,
> Is there a way to exclude a domain from DNSSEC validation, like
> Unbound's "domain-insecure"?
That is regrettably not possible at the moment, at least not in BIND
9.9.0.
The only (quite impracticable) workaround would be to define the zone
authoritatively yourself and populate it someh
> When the shared KSK needed to be rolled over, you would have to
> process DS records in the parents of your few dozen zones all at the
> same time.
*If* you want to roll the KSK, a.k.a. "when did you last roll your SSH
keys?" :-)
-JP
___
Pleas
> I was mistakenly thinking the KSK also had an expiration as the
> the ZSK does.
Keys don't expire; signatures (RRSIGs) do.
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users maili
> -%<-
> @ IN SOA localhost root@localhost. (
> 2012041100
> 7200
> 1800
> 1209600
>
> Comcast has taken a pragmatic view. I'm glad to see they've turned on
> validation, but I can see why they need to configure exceptions. Without
> being able to manage exceptions, large ISPs are not going to turn on
> validation.
Indeed, which brings on the question why BIND (still) doesn't have
> So how do we implement one? Create a separate caching server with DNSSEC
> validation turned off and forward all queries for the broken domain to it?
Unbound can be configured (on the fly) to ignore DNSSEC for individual
zones. From the unbound.conf(5) page:
domain-insecure:
Sets
> rd1.ramesh40finalround.com. 98400 INA 11.11.11.11
> rd1.ramesh40finalround.com. 96400 INA 12.12.12.12
> rd1.ramesh40finalround.com. 99 IN A 13.13.13.13
> rd1.ramesh40finalround.com. 1 INA 14.14.14.14
RFC 2181, section 5.2 specifies:
"the use
> > server 127.0.0.1
> > zone ccnr.biotechnology.
> > update add second 86400 in cname first
> > send
> update failed: NOTZONE
Have you tried specifying qualified names?
update add second.ccnr.biotechnology. 86400 in cname
first.ccnr.biotechnology.
-JP
__
Warren,
> I wrote a tool to do this a while back --
> http://code.google.com/p/dns-slave-expire-checker/
Cool stuff and very useful. I took it for a tiny spin, and here are my
EUR 0.02 :)
1. Doesn't seem to grok all RRtypes in slave zones, due probably to
missing functionality of dnspython;
> I need to understand the difference between configuring bind views and
> having multiple instances of bind. I have 5 network interfaces on my server
> and I want to have 2 instances of DNS server (just for testing) and I don't
> know which one to do ?
BIND views are powerful, but configuring the
>
> 2) When I tried a test master BIND in a VM, there was not enough entropy
>to generate DNSSEC keys.
Entropy has been discussed frequently on this list. As a quick
workaround, I recommend running http://www.issihosts.com/haveged/
-JP
___
> Probably nothing. I believe the default format for slave zones is now
> compiled rather than text. Remove all the zone files on the slave and
> reload it.
... after defining `masterfile-format text;' :-)
-JP
___
Please visit https://lists.isc
> We have a script that generates the zonefiles for bind. This script is
> working correct, i.e. the files are correctly generated and have no
> syntax errors. When adding e.g a CNAME to our database, the script
> generates a correct file, including this CNAME. BIND reloads this file
> with its cor
> The serialnumber in the SOA record is lower than the serial number BIND
> pretends to load in the logs. But why would BIND log to load the right
> zone, but use an old one?
Because it's loading the wrong file?
Have you (or somebody else) changed `directory' option or path to master
zone file?
> While it's always better to compile and install from the latest
> stable version, it's also nice to use their package management
> system especially when you have to deal with multiple systems.
Building BIND is easy; turning it into an installable RPM not so.
I highly recommend fpm [1] which mak
> > Building BIND is easy; turning it into an installable RPM not so.
> > I highly recommend fpm [1] which makes building an RPM trivial. :)
>
> Any advice or tricks for making a DEB for Ubuntu?
Yes: use fpm. :)
> So far my plan was to copy the source directory to each server and just
> run "ma
> Is it possible to configure my slave to receive zones using an
> specific interface from master?
Your slave's zone stanza looks like this:
zone "example.net" {
type slave;
file "...";
masters { 10.1.1.1; };
};
The `masters' statem
> Yes. That´s the problem. I have this statement defined, but it still
> try to connect using the wrong IP. Any ideas?
I misunderstood then. Try `transfer-source'.
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to uns
> That's really odd...
I note that on the master zone you have
allow-query { local; };
Does "local" contain the slave's address? It must be allowed to query
the SOA record of the zone to transfer.
-JP
___
Please visit https://l
> no A record, but if I log into my server, where I have:
Is your name server configured to use views? Looks to me as though a
view is "hiding" your answer.
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> 20-Jul-2012 15:26:40.181 config: error:
> /var/named/etc/namedb/conf/zone_0.conf:1529: zone 'x.net':
> already exists previous definition:
> /var/named/etc/namedb/conf/zone_0.conf:1529
> 20-Jul-2012 15:26:46.270 general: error: reloading configuration
> failed: failure
That looks very suspic
> I find it realy annoying, if I have ask every time the owner of the Slave,
> to add a new zone.
Assuming your version of BIND is new enough, look at `rndc addzone' with
which you can add and remove zones at run-time w/out having to edit
`named.conf'.
-JP
> Which mean, my DNS partner need his own rndc key which let him add/remove
> zones as slave?
You are the master. He is the slave. You have an rndc key for his slave
server, so that you can add a slave zone on his server. [Substitute
he/his by she/hers if required.]
And vice versa. :)
Grab a rec
> IIRC that will add the zone to the master, the question, as I heard it,
> was to add it to the slave server, to avoid disturbing the owner of
> the slave to manually editing the slave config.
With `rndc addzone' you specify whether you are adding a master or slave
zone, just as you would in na
> > Check the 'allow-transfer' option in your named.conf.
>
> I don't have this option. Should I include it?
If you want to provide zone transfers, you include it. If you don't,
leave it out. (You might also want to glance at BIND's Administrator's
Reference [ARM] while you're at it ...)
> After upgrade to Bind V9.9.1-P2:
> [root@localhost ~]# file /var/named/zzy4.com.dom
> /var/named/zzy4.com.dom: data
Use named-compilezone to convert from one to the other.
You can force the previous text-transfers by setting this option on a
per/zone or globally:
masterfile-format text
> They are currently being block from connecting to 443 since these
> servers are only DNS. Is there any reason for clients to connect to
> tcp 443 for any type of DNS resolution?
Sounds a bit as though your clients think the BIND box is a HTTP origin
server... I'd look into what programs they're
Chris,
> Can one use BIND 9.9 "inline signing"
> with the unsigned version provided by a DLZ interface?
there's no reason why you shouldn't be able to.
Your BIND 9.9 inline signer would AXFR from BIND DLZ without trouble,
but your signer won't be notified by DLZ; you'd have to "manually"
issue N
> YPYMAYTYP
Zero results from my favorite search engine -- congratulations. ;-)
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists
> I do as well, and this will be documented in the next version of this
> document.
I believe you've mentioned that here before. Several times. Today. ;-)
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
fr
> Thanks, Phil. Those were my thoughts as well. For the present,
> I'll write my own monitoring plugin to parse the XML data.
If you need some inspiration, I wrote a bit of C code [1] which does
that rather effectively. It doesn't do what you want, but it may get you
started. ;-)
-JP
> GitNamed is a project that manage name server by git. you can clone
> the git repo to any workstation, edit zone file, commit and push it.
> the data will push to the master and slave name server on the fly.
Very interesting; thanks for sharing.
I hear the Fedora Project does something along si
> Is there anything technically wrong with having a SOA MNAME field
> that isn't listed as a NS record?
Not at all; that works fine.
> The server listed as MNAME will host the zone and is authoritative
> for the zone, but out of latency concerns it isn't ideal to have
> other resolvers querying t
> Is using syslog a sane default for new installations or when using
> official vendor packages with their startup scripts?
I for one would not want to miss BIND9's logging to auto-rotated files:
file "/var/named/log/named.log" versions 10 size 5m;
Other than that, I'd say logging via
> Could "CLI utility" be man(1) and info(1)? :-)
It could, yes, but `b10-msg NNN` isn't going to break BIND 10's
development budget (I hope), and I feel it to be more practical than
scrolling through a man page with 900+ error-messages in it. ;)
But even a simple text file installed on the serve
Hello,
I'm seeing quite a number of messages like
xfer-out: debug 3: client 192.168.1.2#54688 (example.com): zone
transfer setup failed
BIND 9.9.2P1 here, configured with:
request-ixfr no;
transfer-format many-answers;
transfers-in 100;
transfers-per-ns
On Fri Jan 25 2013 at 13:45:58 CET, Ben Croswell wrote:
> A common issue is the secondary not being allowed to query the master for
> the SOA of the zone. Ensure the master has an allow-query that includes the
> secondary.
The BIND slave can query the PowerDNS master (for the SOA over UDP and
for
> Note that the log message related to outgoing zone transfers from named,
The shame! That's what I get for being at it 17 hours non-stop. I
overlooked the -out. Sorry and thank you, Tony.
-JP
___
Please visit https://lists.isc.org/mailman/listi
Hello,
we have a few BIND (9.9) slave servers, each slaving a couple of hundred
thousand small zones (a dozen records in each). A file included into
named.conf is periodically generated from a database, and named is
reconfigured (rndc reconfig) to load new slave zones.
I'm considering replacing t
Evan,
On Sun Jan 27 2013 at 00:10:28 CET, Evan Hunt wrote:
> Delzone just means delete the zone from named, not delete the zone file
> from the filesystem. (And I reckon we can do a good deal more harm by
> deleting files you wanted to keep than by leaving files for you to delete
> yourself...)
Evan,
On Sat Jan 26 2013 at 03:51:17 CET, Evan Hunt wrote:
> I'd love it if you'd try it, actually, find out how hard it is to modify
> your tools to use the new schema, and send feedback.
I think the XSL is broken (see attached patch), at least Chrome & Safari
say the document is empty and Fire
As a fan of BIND's statistics-server I was tempted to see if I could
reduce the size of the data (XML) named produces by adding an option to
produce JSON. The patch [1] (which is terribly quick and dirty) does that.
[1] https://gist.github.com/jpmens/4958763
Accessing the URI /json on named would
> I installed FreeBSD 9.1 on 3 virtually identical HP rack servers.
^^^
It seems this box is missing a Kerberos (krb5) library, but I don't know
what it's called on FreeBSD. Maybe compare a list of installed packages
on the servers and install what's
Shane,
> Yes, we had discovered and fixed this in the master branch (patch
> attached). Apologies for the brokenness!
I've applied that, and it does indeed look better, but not good enough :)
See screen shot [1]. No worries, though: I'll wait until you release
(and I'm more looking forward to yo
> That just means there's no data to graph yet. Send your server a few
> queries and try it again.
Duh. Didn't occur to me, because I was looking for the list of
authoritative zones served by named.
Other than that, the output looks very sexy.
(Are people really interested in the 'Tasks' list?
> I get this for all my secondaries for my reverse domain:
>
> client 63.68.132.50 view external: bad zone transfer request:
> '192-26.67.83.208.in-addr.arpa/IN': non-authoritative zone
> (NOTAUTH): 23 Time(s)
The zone is either not defined in the view the client is accessing,
and/or it wasn't lo
> Does our DNS-server support SPF-type records? Or do we put SPF-info in a
> TXT-record?
BIND has supported SPF records since 9.4 I think, so yes. Their
functionality is identical (i.e. define both if you want/need both)
name ttl class TXT text
name ttl class SPF
> { "text": "snipped" }
;-)
> Evan has merged this into master
I know -- he's kept me busy looking and testing, and it looks very good.
> and it will go out in 9.10, sometime
> later this year. (We're also putting it into our new subscription
> branch, which should be available for subscriptio
> how can I install bind as a named server after I have made my
> modification to it's source code without using "yum"
First you ./configure, specifying the options you want to use; pay
particular attention to installation paths. (The best way to determine
how your existing BIND was configured is
> how can I subscribe in bind-developer channel ? (bind9 version ),,,
> because I want to modify bind code
bind-workers ? [1]
-JP
[1] https://lists.isc.org/mailman/listinfo/bind-workers
___
Please visit https://lists.isc.org/mailman/listinfo/bi
> but getting rndc: 'addzone' failed: permission denied, nothing on the logs,
> only received control channel command 'addzone zone.local { type slave;
> file "slaves/zone.local"; masters { 172.31.199.154; }; };' even after rndc
> trace 99.
>
> allow-new-zones yes;
>
> tried with chmod 777 for /var
> carter bind # named-checkzone espersunited.com db.espersunited.com
> dns_master_load: db.espersunited.com:37: www.espersunited.com: CNAME and
> other data
> zone espersunited.com/IN: loading from master file db.espersunited.com
> failed: CNAME and other data
> zone espersunited.com/IN: not loaded
(*shamefaced*) Your message popped up as 'new' which is why I answered
before noticing it had been answered already. :(
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
> I'm sure it was not cheap.
Peanuts compared to their buying .app for $25m. [1] Here's a list of the
other TLDs they've got so far: [2]
> Brace yourself! There are many here now, and more coming.
The list of delegated strings [3] increases almost daily, yes. (And I
can't stop laughing.)
> 2001:67c:2e8:5::c100:c6#53: Transfer completed: 0 messages, 0 records, 0
>
> Is there any logic to this that I'm missing?
s/completed/failed/ on error cannot be particularly difficult to
implement.
-JP
___
Please visit https://lists.isc.org/m
Edward,
the subject of this message piqued my interest ;-)
> 17-Apr-2015 10:17:02.083 starting BIND 9.10.0 -g -c rfc5011.conf
Very ouch. Much pain. Lots frustration. Many hairpulls. Mucho crash. ;)
Upgrade to 9.10.2 [1] in which Evan fixes the CVE we discovered on
RFC5011 rolls and, thankfully,
> My lesson is - besides just working out the configuration - testing
> RFC5011 takes more patience than just about any other feature of
> DNS/DNSSEC. RFC5011 is the most wall-clock driven mechanism we have.
Yup. I learned that as well.
As a side note: can you imagine my surprise when, after wai
Mark,
> may want to add a "_dns-update._udp.example.net SRV" record pointing
> to the nameservers as someone convinced the router vendor(s) that
> this is how you do it
Is this a standard? Other than [1], which insinuates it's an Apple-only
thing, the Goog turns up only 55 hits for "_dns-update
> Change the filenames on the slave, or just don't have a "file" option
> in the slave zone configuration.
I was going to yell "TIL from Evan, that 'file' is optional for a
slave", but
/etc/named.conf:545: zone 'example.com': missing 'file' entry
This is on 9.10.3. Did I misunderstand y
> but I believe it's optional otherwise.
You are correct (of course). I had inline signing enabled.
For a non-signed zone I note the transfer indeed works without a 'file'
specification, and I note it's not stored on file anywhere (just in
core).
Thanks for clarifying.
-JP
_
> This might make you sad if you have lots of zones or large zones.
.. or even just want to look at what was transferred (whitout having to
recurse to a `dig axfr').
I see no reason to omit 'file' (except on a diskless slave ;-)
-JP
___
Please
Is there an echo in here?
More like an endless loop.
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo
I did not get this... am I posting this to wrong mailing list?
This has been discussed several times on this list within the past few weeks.
You should check the archives.
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-use
include /etc/nginx/conf.d/*.conf;
Bind seems to lack an equivalent syntax. That means that even if I copy
a self-contained zone file to the zones directory, I still have to
manually register the zone in the named.conf.local file.
That should be pretty trivial to template together with Ansible
I'm stumped. I have a zone which had a default $TTL of 86400 and I want to
reduce it to 3600. This is normally not a problem, but the TTL of the DNSKEY
RRset won't budge from 86400.
What is the correct method to change a zone's DNSKEY TTL when it's already been
signed with inline-signing yes; aut
Marc,
A stub zone tells BIND to load SOA and NS records from its masters {}.
(forwarders {} is, I belive, both useless and incorrect here.) From that
point onwards, your BIND will use the data in the stub to recursively
find answers to queries for that zone.
The forwarder on the other hand, instr
> Where can I find a description of what the variables at the end of the
> line in the query log mean? For example:
The full set is +SETDC
+ recursion requested (- no recursion)
S request is signed
E EDNS0 enabled
T TCP (else UDP)
D
> I'd like to reinforce what Chris said, and recommend the use of an
> internal root zone for networks/enterprises which have no public
> Internet connectivity
+1
> A lot of people seem to be scared by the prospect of setting up
> their own root zone.
It really isn't difficult, and I discuss th
> Now I want to do it right, but I don't see a way for nsupdate to do
> what httpd does: autodetection of client IP address for nsupdate of
> its A record.
>
> I can script something on the client end to get the IP address, but
> if possible I'd prefer autodetection, which would be OS- and
> s
> Over the years I wondered why public dynamic DNS services reinvented
> these wheels, with custom clients rather than using nsupdate. Now it
> makes sense.
How I wish they'd used a term other than "dynamic DNS" for their
services, though...
> While indeed, RFC 2136 had *me* cover
> While writing this, a compromise came to me. :) I can run forward
> zones as children of a single TLD, and use 168.192.in-addr.arpa. as
> parent for all my reverse zones. :)
If you're setting up your own DNS root server, you could sign that root
zone, have your clients enter that island of tru
Juergen,
> I use GSS-TSIG and the handbook says that in gss-tsig the content of the
> identity field ist the common secret which is the kerberos principal.
I believe you'll have to set `tkey-gssapi-credential' and `tkey-domain` for
this to work the way you want, though I do confess to not have a
> So I look for a way that I can say that all clients from EXAMPLE.TEST are
> allowed to update their own record (or whatever).
Sounds like a task for update-policy external [1], but note that that
requires updates to be sent via TCP and not UDP. [2]
-JP
[1]: https://lists.isc.org/piperm
> Mark my words. You will know the truth in future.
Ah: DNSSEC -- the guy is on topic.
-JP
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
> # host -t TXT _adsp._domainkey.federalreserve.gov
>
> bind dies with
>
> May 26 19:59:02 resolv04 named[8237]: buffer.c:285: REQUIRE(b->used + 1
> <= b->length) failed
> May 26 19:59:02 resolv04 named[8237]: exiting (due to assertion failure)
>
> This is reproducible and should only affected i
> This is reproducible and should only affected in 9.7.3.
For the record, the problem has been fixed:
http://www.isc.org/software/bind/advisories/cve-2011-1910
-JP
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailma
> I have a BIND 9.8.0-P2 server instance running on a production server. My
> firewall is showing repeated attempts by named.exe to connect to IP
> addresses in foreign countries on ports , 6667 and 6669 - common IRC
> ports used by worms/trojans/zombies.
Sounds like you're running an IRC bot.
> Does anyone else find the bind-users list to be very slow?
Yes, very. [Pressing 's'end at 09:54 CET]
-JP
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Evan,
> may find this information useful:
very useful and quite impressive.
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.is
> If Bind version of primary dns is "bind-libs-9.3.6-16.P1.el5" and for
> secondary dns "bind-9.5.0-29.b2.fc9.i386".
Something wrong there: "libs" vs. "server", but I assume you mean server
for both.
> Is it mandatory the same version for
> primary and secondary DNS.
Not unless you rely on a pa
> The last time there was a dns issue with usdoj.gov, it took about 3
> weeks for them to fix it.
Reeks of incompetence.
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing li
1 - 100 of 179 matches
Mail list logo