BIND 9.16.30 - $INCLUDE file in the rpz zone file not reloading content and dig not working

2023-03-16 Thread Nagesh Thati
Hi Team, I have configured a named with rpz, *options section has,* *response-policy {zone "rpz.local";} qname-wait-recurse no;* *Zone Section in named.conf,* *zone "rpz.local" {type master;file "/var/named/zones/masters/db.rpz.local";};* *Zone file conten

Re: BIND 9.16.30 - $INCLUDE file in the rpz zone file not reloading content and dig not working

2023-03-16 Thread Nagesh Thati
Thanks for the reply Fred Morris, Yes, even after serial number increment and reconfig and reload also not picking up the include file data. On Fri, Mar 17, 2023 at 2:45 AM Fred Morris wrote: > Hello > > On Thu, 16 Mar 2023, Nagesh Thati wrote: > > [...] > > When nam

Re: BIND 9.16.30 - $INCLUDE file in the rpz zone file not reloading content and dig not working

2023-03-17 Thread Nagesh Thati
g not working > > Thanks for the reply Fred Morris, > Yes, even after serial number increment and reconfig and reload also not > picking up the include file data. > > > On Fri, Mar 17, 2023 at 2:45 AM Fred Morris wrote: > >> Hello >> >> On Thu, 16 Mar 2023,

Re: BIND 9.16.30 - $INCLUDE file in the rpz zone file not reloading content and dig not working

2023-03-19 Thread Nagesh Thati
HI, I am still not able to reload the named with the $include file updated content. Any help would be appreciated. Thanks. On Fri, Mar 17, 2023 at 12:43 PM Nagesh Thati wrote: > Hi, > I tried syntax, but it didn't work. > Thanks. > > On Fri, Mar 17, 2023 at 11:41 AM Sa

Secure Active Directory Updates Failing on AlmaLinux 9 with ISC BIND 9.18.28

2024-08-06 Thread Nagesh Thati
Hello BIND Users, *Issue Description:* I'm experiencing an issue with secure Active Directory (AD) updates on an AlmaLinux 9 system using ISC BIND. Despite following the necessary configurations, I'm receiving error messages indicating that the requests from the AD server are not signed and encoun

Re: Secure Active Directory Updates Failing on AlmaLinux 9 with ISC BIND 9.18.28

2024-08-08 Thread Nagesh Thati
Hello Guys, Any help is much appreciated. Thanks Nagesh On Tue, Aug 6, 2024 at 7:11 PM Nagesh Thati wrote: > Hello BIND Users, > > *Issue Description:* > I'm experiencing an issue with secure Active Directory (AD) updates on an > AlmaLinux 9 system using ISC BIND. D

Re: Secure Active Directory Updates Failing on AlmaLinux 9 with ISC BIND 9.18.28

2024-08-20 Thread Nagesh Thati
at so a SELinux denial might be a problem as well. > > KRB5_TRACE environment variable might help with debugging, see "man > kerberos" and also check other environment variables and config files > listed there. > > Given that you have a working system I suggest you compa

Re: Secure Active Directory Updates Failing on AlmaLinux 9 with ISC BIND 9.18.28

2024-09-05 Thread Nagesh Thati
them line by > line to find the difference. > > Petr Špaček > Internet Systems Consortium > > > On 20. 08. 24 11:18, Nagesh Thati wrote: > > Hi, > > We have checked all the files related to krb and keytab, all files and > > their permissions are good. But still upd

Secure Active Directory updates and allow-update-forwarding issues

2021-01-19 Thread Nagesh Thati
Hi, I am getting update failed on master DNS appliance when I am using allow-update-forwading, *updating zone '_msdcs.example.com/IN ': update failed: rejected by secure update (REFUSED)* example.com is a active directory enabled zone which has one master and one slave

Re: Secure Active Directory updates and allow-update-forwarding issues

2021-01-19 Thread Nagesh Thati
Thanks Mark. On Tue, Jan 19, 2021 at 6:15 PM Mark Andrews wrote: > Forwarding is designed for TSIG and works for SIG(0). It doesn’t work for > GSS-TSIG. > > -- > Mark Andrews > > On 19 Jan 2021, at 22:23, Nagesh Thati wrote: > >  > Hi, > I am getting upda

named failed to resolve forwarding queries(with global forwarders specified with "forward only") when "server section statement" has forwarder IP

2021-11-23 Thread Nagesh Thati
Hi, I have a BIND master server(10.1.10.110) and slave server(Recursive, 10.1.10.120) and also a global forwarding to another server for non managed domains. Forwarding server(10.1.10.25) also a slave for example1.com and example2.com, which will get zone transfers from BIND slave server. Below i

Re: named failed to resolve forwarding queries(with global forwarders specified with "forward only") when "server section statement" has forwarder IP

2021-11-24 Thread Nagesh Thati
nk&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> On Wed, Nov 24, 2021 at 4:22 PM Tony Finch wrote: > Nagesh Thati wrote: > > > > Can anyone tell me why I am getting tsig errors and SERVFAIL errors for > > non managed zones? Wh

Classless reverse zones CNAME and PTR resolution issue

2022-10-31 Thread Nagesh Thati
Hello, I am facing an issue with CNAME and PTR records resolution issues when classless reverse zones are defined in the BIND 9.16.* version (Without recursion), but it used to work in 9.11.* version (Without recursion). Below example shows what reverse zones are created and how the dig output is g

Master/Slave communication not working if I use HMAC-SHA* algorithms when views are implemented

2016-10-13 Thread Nagesh Thati
Hi, Can anybody implemented master/slave communication with views and algorithm HMAC-SHA* algorithms. I tried with all the HMAC-SHA* algorithms it didn't work for me, only HMAC-MD5 algorithm worked for communication. If anybody has any idea please help me. Thanks. -- Thanks, Nagesh

Re: Round-robin

2018-01-24 Thread Nagesh Thati
You can use BIND's RRSET Order for this, http://www.zytrax.com/books/dns/ch7/queries.html#rrset-order On Wed, Jan 24, 2018 at 4:37 PM, gsi wrote: > Hello, > > I have 2 A records like this : > wwwA10.1.1.1 > wwwA10.1.1.2 > > When I request www, I got random answers

servfail-ttl 0; option in the named.conf global section is crashing the named (BIND 9.10.6)

2018-03-04 Thread Nagesh Thati
Hello, I have added a servfail-ttl 0; parameter in the named.conf file in the global section and restarted the named, but named is not coming up and I don't see any errors printing in the named.log. When I do a named-checkconf on named.conf it is giving error as UNKNOWN OPTION servfail-ttl. The ve

Re: servfail-ttl 0; option in the named.conf global section is crashing the named (BIND 9.10.6)

2018-03-04 Thread Nagesh Thati
Thanks Mark. From: bind-users on behalf of Mark Andrews Sent: Monday, March 5, 2018 11:51:06 AM To: Nagesh Thati Cc: bind-users@lists.isc.org Subject: Re: servfail-ttl 0; option in the named.conf global section is crashing the named (BIND 9.10.6) > On 5

Re: servfail-ttl 0; option in the named.conf global section is crashing the named (BIND 9.10.6)

2018-03-04 Thread Nagesh Thati
Thanks Cathy. From: bind-users on behalf of Cathy Almond Sent: Monday, March 5, 2018 11:53:44 AM To: bind-users@lists.isc.org Subject: Re: servfail-ttl 0; option in the named.conf global section is crashing the named (BIND 9.10.6) On 05/03/2018 05:50, Nagesh

Reverse lookup for classless networks

2018-12-27 Thread Nagesh Thati
Hello, I have been trying to make the reverse zones for the classless networks. I was able to create such zones by following an online guide. The guide says to create a reverse zone for a classless network as following, Network: *28.0.0.0/27 * Reverse Zone: *0-27.128.0.0.28.in-a

Re: Reverse lookup for classless networks

2018-12-27 Thread Nagesh Thati
Andrews > > On 27 Dec 2018, at 21:01, Nagesh Thati wrote: > > Hello, > I have been trying to make the reverse zones for the classless networks. I > was able to create such zones by following an online guide. The guide says > to create a reverse zone for a classless network as f

Classless Reverse Zones PTR Dig Format Issue

2019-02-06 Thread Nagesh Thati
Hello, I have created a network with *199.192.0.0/11 * and created 4 subnets with */13* mask in that network, Network: *199.192.0.0/11 : 192.199.in-addr.arpa*, Subnet1: *199.192.0.0/13 : 0-13.192.199.in-addr.arpa*, Subnet2: *199