On Fri, 2012-02-17 at 07:11 -0800, Chris Buxton wrote:
> Yes, it's quite possible to split named.conf into separate per-zone .conf
> files and then 'include' them back into named.conf. You can even put the list
> of include statements in a separate file, and then include that into
> named.conf.
On Sat, 2012-02-18 at 11:51 -0500, Jonathan Vomacka wrote:
> BIND Community Support,
>
> I am inquiring about how to setup a proper SPF record? I know there are
> SPF wizards/generators available but each seem to have a different
> "opinion" of what should be included and what should not be inc
On Sat, 2012-02-18 at 12:34 -0500, Jonathan Vomacka wrote:
> If someone uses a mobile device to send e-mail? Would ~all be better? I
Teach them to use smtp authentication using submission (port 587 stuff)
and it doesn't matter where they come from, so long as your MTA is
configured correctly of
On Sun, 2012-02-19 at 17:00 +0100, ml wrote:
>
> fakessh.eu descriptive text "spf2.0/pra ip4:46.105.34.177
> ip4:91.121.7.86 ?all"
> fakessh.eu descriptive text "v=spf1 ip4:46.105.34.177 ip4:91.121.7.86
> ?all"
>
Why did you bother with the record at all?
"Question mark" indicat
On Fri, 2012-02-24 at 11:02 -0500, Bill Owens wrote:
> I haven't heard of NS supporting DNSSEC, and there haven't been any good
> resources to find a registrar who *does*, but this popped up recently:
>
> http://www.icann.org/en/topics/dnssec/deploy-en.htm
>
> . . . and NS isn't on that list.
On Tue, 2012-03-06 at 08:23 +1100, Mark Andrews wrote:
> In message , hugo hugoo writes:
> >
> > Dear all,
> >
> > Can anyone help me with its experience on reverse dns for IPV6?
> > Presently, when we reverse an IPV4 subnet for clients, we configure all=
> > the reverse for the whole subnet.
On Fri, 2012-04-27 at 16:18 +0200, Benny Pedersen wrote:
>
>
What you did is just as bad
If you need a list moderator there are appropriate addresses to send
your messages to, directly to the list is NOT one of them
The information you desire can be obtained from
On Wed, 2012-10-10 at 18:44 +, Evan Hunt wrote:
> > BIND 9.7.7, 9.8.4 and 9.9.2 have "improved" OpenSSL error logging.
> > Unfortunately, our logs are now filling up with "RSA_verify failed"
> > messages.
>
> Yeah, oops, we made that one too noisy. You're not the first one
> who's noticed. :
Thanks Mark,
These changes have been committed for future patch releases?
Cheers
On Fri, 2012-10-12 at 12:16 +1100, Mark Andrews wrote:
>
> Just drop the log level to ISC_LOG_DEBUG(1) and recompile.
>
> Search for "sucessfully validated after lower casing" in lib/dns/dnssec.c
>
signat
On Tue, 2012-10-16 at 22:07 +0800, babu dheen wrote:
> Dear All,
>
> I am new to DNSSEC. I need your valuable help to understand and
> configure DNSSEC on my company Name servers.
>
> All users in our company using internal DNS server for name
> resolution. All internal DNS server are pointed t
On Tue, 2012-10-16 at 15:35 -0700, Alan Clegg wrote:
>
> You can still find it at ISC:
> http://www.isc.org/files/DNSSEC_in_6_minutes.pdf
>
> It is a bit long in the tooth. I'll be updating it soon to cover the work
> done by ISC in BIND 9.9
>
> All are welcome to propose titles for this n
On Thu, 2012-11-29 at 13:35 +0100, Carsten Strotmann wrote:
> Hello Alexander,
>
> Alexander Gurvitz writes:
>
> > Carsten,
> >
> > The script in my original question (it's in the P.S. at the bottom of
> > my first mail) seem to work for me.
>
> Ahh, thanks, my Emacs was hiding that :)
>
>
On Wed, 2012-12-05 at 09:13 +, Phil Mayers wrote:
> On 12/04/2012 06:35 PM, Barry S. Finkel wrote:
>
> > A question from the OP that has not yet been answered -
> > Make the zones masters on all servers.
>
> Surely not for RPZ? The whole point with RPZ is that you have one zone
> containing
On Wed, 2012-12-05 at 10:23 +0100, Daniele Imbrogino wrote:
> /etc/bind/named.conf.option
WTF is that file? it certainly is not an ISC named file.
if you are using some butchered to buggery distros file, please ask on
your distros mailing list
we are not to know what that file contains, or exp
6 10:50:09 ns1 named[9671]: sucessfully validated after lower
casing signer 'CO'
> --
> Shane Kerr
> ISC
>
> On Saturday, 2012-10-13 11:07:01 +1000,
> Noel Butler wrote:
> > Thanks Mark,
> >
> > These changes have been committed for future pa
Thanks Shane,
I have re-applied previous changes to source files and that has silenced
them again in meantime.
Cheers
Noel
On Thu, 2012-12-06 at 17:05 +0100, Shane Kerr wrote:
> Noel,
>
> On Thursday, 2012-12-06 11:03:24 +1000,
> Noel Butler wrote:
> > Hi Shane, Mark, Ev
On Mon, 2013-02-18 at 16:07 -0600, Lyle Giese wrote:
>
> Recently I moved this domain(lcrcomputer.net) to a registrar that
> suports DNSSEC and inserted the DS record for this domain. I checked
> DNSSEC via http://dnsviz.net and
> http://dnssec-debugger.verisignlabs.com. Both show DNSSEC is w
apparently you have no comprehension of OFF TOPIC
I stopped reading at about the half dozen words because you once again
went off on your OFF TOPIC rants.
But each to our own, you hate it, many stand by it, its only fools like
you who cant accept that, thats your problem not mine.
Given that y
On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote:
>
> I almost wouldn't bother with SPF records these days though, except that
> the code was already written.
>
# grep SPF maillog |grep -c '\-all'
2438
# grep SPF maillog |grep -c '\~all'
7509
since midnight Sunday...
looks like its wor
On Wed, 2013-03-13 at 19:33 -0700, Dave Warren wrote:
> On 3/13/2013 17:11, Noel Butler wrote:
>
> >
> > On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote:
> >
> > > I almost wouldn't bother with SPF records these days though, except th
On Thu, 2013-03-14 at 17:29 +1000, Noel Butler wrote:
> On Wed, 2013-03-13 at 19:33 -0700, Dave Warren wrote:
>
> > On 3/13/2013 17:11, Noel Butler wrote:
> >
> >
> > > On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote:
> > >
> > > >
> Vernon Schryver writes:
> > > to laziness, DNS is not rocket science, I'm sure given ARM and
> access to
> > > google, a 13yo kid could get at least the "basics" right.
> >
> > Laziness?--nonsense. Postel's Law and simple logic predict the
truth hurts eh.
Didn't see your original post, vi
On Mon, 2013-03-18 at 16:52 -0700, SM wrote:
> SPF RR type
Had a bit of a read of that thread, and the most noise comes from a guy
who should know better, but doesn't, Mr Kitterman repeatedly says "If
it's all so obvious that it makes sense to publish SPF records, why
aren't more people doing
On Mon, 2012-11-05 at 21:21 +1100, Mark Andrews wrote:
>
> Ignore them. They will be addressed in the next maintenance release.
>
it was, but now seems to have reared its ugly head again in 9.9.2-p2
Apr 1 12:20:35 fox named[589]: RSA_verify failed
Apr 1 12:20:35 fox named[589]: error:040
On Mon, 2013-04-01 at 15:03 +1100, Mark Andrews wrote:
> In message <1364786722.6226.2.camel@tardis>, Noel Butler writes:
> >
> > On Mon, 2012-11-05 at 21:21 +1100, Mark Andrews wrote:
> >
> >
> > >
> > > Ignore them. The
On Tue, 2013-04-02 at 14:16 -0700, Chris Buxton wrote:
> Can anyone explain this to me?
>
> If a name exists in the response policy, and also exists in the real Internet
> namespace, the value from the policy is returned. But if it doesn't exist out
> on the Internet, then the value is not retu
On Fri, 2013-04-05 at 08:51 +0200, Torsten Segner wrote:
> $TTL 43200
> @ IN SOA a.prim-ns.de. hostmaster.de.easynet.net. (
> 2012041802 ;
> 28800 ;
> 7200;
> 604800 ;
>
Sign them for longer, I typically use 90 days
On Thu, 2013-04-11 at 12:14 +, hugo hugoo wrote:
> Hello,
>
> Can anyone tell me why signatures in dnssec mut be renewed every 30
> days?
> What are the modifications made on a zone with a resign?
>
> Thanks in advance for the clarifications.
>
On Tue, 2013-04-30 at 22:07 +0100, Steven Carr wrote:
> You asked this question a few weeks ago.
>
> Patch BIND to include the RRL (Response Rate Limiting) patches
> (http://www.redbarn.org/dns/ratelimits), blackhole/ignore those
> clients requesting.
>
Many people will not compromise critical
On Tue, 2013-04-30 at 17:04 -0500, Pascal wrote:
> Dig 9.9 consistently gives me "FORMERR" against NetWare DNS servers.
> Previous versions worked fine. Suggestions on how to figure out if the
> bug is in Dig or NetWare?
>
> -Pascal
>
> O:\Documents and Settings\admin\dig\9.9.2-P2>dig www.
On Wed, 2013-05-08 at 13:59 -0400, Chip Marshall wrote:
> On 2013-05-08, Steven Carr sent:
> > Any chance someone can correct the settings on this mailing
> > list to reply to the list by default instead of the user
> > posting the message?
>
> I'd argue the settings are already correct. Having
On Wed, 2013-05-08 at 13:59 -0400, Chip Marshall wrote:
> On 2013-05-08, Steven Carr sent:
> > Any chance someone can correct the settings on this mailing
> > list to reply to the list by default instead of the user
> > posting the message?
>
> I'd argue the settings are already correct. Having
On Fri, 2013-06-28 at 13:57 -0400, Novosielski, Ryan wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> The short answer is "some software once cared." Does it still now, I'm
> not sure. But we do it.
SMTP does, IRC does
signature.asc
Description: This is a digitally signed messag
On Fri, 2013-07-12 at 16:31 +, Vernon Schryver wrote:
> Patches for both of those versions of RPZ speed improvements for some
> BIND9 releases can be with the BIND RRL patches by following the link
> labeled "Patch files for BIND9" on http://www.redbarn.org/dns/ratelimits
>
> Both of those
On Mon, 2013-07-22 at 02:51 -0400, Jason Hellenthal wrote:
> It's exactly as it says...
>
>
> Instead of
> ... TXT "SPF ..."
>
>
> You now do
>
>
> ... SPF "SPF ..."
>
>
Mark Andrews wrote:
No. It has a legacy SPF TXT record. It SHOULD have record of
type SPF as per RFC 4408.
Named w
On Mon, 2013-07-22 at 08:50 -0500, Barry S. Finkel wrote:
> > This was discussed here already, and imho this is anti-spf bullshit like
> > all those "spf breaks forwarding" FUD. The SPF RR is already here and is
> > preferred over TXT that is generik RR type, unlike SPF.
>
>
> It is not Fear, Un
On Sun, 2013-08-04 at 13:28 -0700, Eduardo Bonsi wrote:
> Hello Everyone,
>
> I have some questions about ipV6 transition and DNS configuration!
>
> I am preparing to make my transition to a dual stack ipv4, ipv6 and I
> have some concerns in regards to the security of the network since ipv6
>
On Sat, 2013-08-17 at 01:18 -0400, Alan Clegg wrote:
> On Aug 17, 2013, at 12:42 AM, LuKreme wrote:
>
> > [...] I could not get the slave to do anything other than post errors and
> > refuse to start. Usually they were along the lines of not being able to
> > bind to port 953 or of not being a
On Sun, 2013-08-18 at 17:36 -0600, LuKreme wrote:
> On 18 Aug 2013, at 14:06 , Dave Warren wrote:
>
> > Change the zones from master to slave in your named.conf? There really
> > isn't much more to it than that, assuming you have a new authoritative
> > master is already configured and serving
Hey Mark,
Looks like it might be a bug, *BUT* a client utils bug, so I think his
server is likely fine, he's panicking over what's reported not what's
actually going on, I'm sure its not the intended response to display so
I've just added bug rep on it, if you disagree, you can always nuke
it :)
On Thu, 2013-08-29 at 11:52 +1000, Noel Butler wrote:
> Hey Mark,
>
> Looks like it might be a bug, *BUT* a client utils bug, so I think
> his server is likely fine, he's panicking over what's reported not
> what's actually going on, I'm sure its not the int
version.
On Thu, 2013-08-29 at 13:09 +1000, Noel Butler wrote:
> On Thu, 2013-08-29 at 11:52 +1000, Noel Butler wrote:
>
> > Hey Mark,
> >
> > Looks like it might be a bug, *BUT* a client utils bug, so I think
> > his server is likely fine, he's panicki
Yeah, I went out for a bit, came back and fresh, decided to take another
look, I got no further than looking at my own confs and it clicked this
was an old bug, that _was_ fixed... I've updated my RT entry to reflect
that.
On Thu, 2013-08-29 at 07:47 +0100, Steven Carr wrote:
> I think the short
Barry,
On Thu, 2013-08-29 at 16:16 -0400, Barry Margolin wrote:
> In article ,
> Noel Butler wrote:
>
> > replying to ones self a few times in one day or a sign I need a break..
> > but...
> >
> > I think the issue is this
> >
> > Trying
On Thu, 2013-09-19 at 16:04 -0700, Michael McNally wrote:
> New versions of BIND are now available from http://www.isc.org/downloads
>
New Features 9.9.4
Added Response Rate Limiting (RRL) functionality to reduce the
effectiveness of DNS as an amplifier for reflected denial-of-service
On Thu, 2013-09-19 at 23:40 +, Evan Hunt wrote:
> On Fri, Sep 20, 2013 at 09:20:29AM +1000, Noel Butler wrote:
> > I have been using this since 9.9.4bx, and although documentation is/was
> > lacking at the time, so there might be a whitelisting somewhere , but in
> >
Hi Vernon,
On Thu, 2013-09-19 at 23:42 +, Vernon Schryver wrote:
> BIND RRL has had whitelisting for trusted DNS clients that send repeated
> DNS requests since early days, long before any version of BIND 9.9.4.
> Look for 'exempt-clients{address_match_list};' in either the ARM that
> comes w
On Fri, 2013-09-20 at 01:59 +, Vernon Schryver wrote:
> > From: Noel Butler
>
> > now, I never ran it as patches, my policy is only use official upstream
> > sources, so my first play around was with 9.9.3.b2 I think it was.
>
> BIND 9.9.4 and its immediately pr
Hi Shane,
On Fri, 2013-09-20 at 11:38 +0200, Shane Kerr wrote:
> Noel,
>
> On 2013-09-20 12:48:31 (Friday)
> Noel Butler wrote:
>
> > On Fri, 2013-09-20 at 01:59 +, Vernon Schryver wrote:
>
> > > > plenty of delayed mail - hostname lookup failures (mo
On Fri, 2013-09-20 at 14:12 +, Vernon Schryver wrote:
> > From: Shane Kerr
>
> > With a 50% packet loss and 3 retries you'll have about 1 in 16 lookups
> > fail, right? If you've got enough legitimate lookups going on to
> > trigger RRL then you're going to get lots of failures.
>
> If 6% i
On Mon, 2013-09-23 at 19:21 +, Vernon Schryver wrote:
> > > As a matter of interest, if one had a DNSBL with 5.5 million entries
> > > (i.e. 5.5 million IPs):
> > >
> > > 1) What needs to be done to rewrite that to a BIND zone?
> > > 2) What sort of machine would be required to load that zone
On Tue, 2013-09-24 at 13:40 +, Vernon Schryver wrote:
> > From: Noel Butler
>
> > We used to run our int bl on bind, it was a resource hog compared to
> > rbldnsd
> > But there is no way in hell, I'd run rbldnsd on anything else other
> > than a BL,
On 06/11/2013 18:52, babu dheen wrote:
Dear All,
I would like to integrate BIND DNS with Spamhaus Malware DB feed. But i
need clarity whether Spamhaus offers this feed for free or
subscription(cost) based?
If you want your local copy it will cost, and they charge like 20
counties of farms
On Fri, 2013-12-20 at 12:58 -0500, Thomas Schulz wrote:
>
> Well, we started with them back when they were the only company registering
> domain names. And up to now there were no problems (other than perhaps price).
>
and their highly unethical business practices, OK my experiences with
them
On 30/12/2013 22:17, Gaurav Kansal wrote:
> Hi Guys,
>
> In bind 9.9.4, Reponse-Rate Limit doesn't work until you configure bind with
> “—ENABLE-RRL” option.
>
> I was wondering why is it so ?
Because it can be detrimental to existing sites if configured wrongly,
its something not all si
OK here too.
On 03/05/2014 11:07, Evan Hunt wrote:
> On Fri, May 02, 2014 at 05:50:45PM -0700, mm half wrote:
>
>> I have downloaded bind-9.10.0.tar.gz from the ISC download site, imported in
>> the pgpkey2013.txt located at:
>> https://www.isc.org/downloads/software-support-policy/openpg
Hi,
U, since upgrade 9.9.5 to 9.10 every request to the name server is
spewing copious amounts of debug type data (thankfully I only upgraded
the one server)
named[23250]: received packet from 207.66.8.132#53 (no opt): ;;
->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20501 ;; flags:
On 04/05/2014 05:28, Jeremy C. Reed wrote:
It is at the "notice" severity level. The code says:
"We didn't get a OPT record in response to a EDNS query." and also says
"We need to drop/remove the logging here when we have more
experience."
Are you getting this debugging for EDNS-related probl
Not a BSD user, but are you running any sort of extra security
enforcement toolsets?
PIE is IIRC, Position Independent Executable.
On Fri, 2014-06-06 at 19:27 -0400, Rick Dicaire wrote:
> Hi folks, in trying to update bind 9.8.7_15 on freebsd 8.4, I get the
> following:
>
>
>
> ...
> ==
On Thu, 2014-06-05 at 12:18 -0400, Kevin Darcy wrote:
> Given the heated and bitter debates over the SPF record type (see
> http://www.ietf.org/mail-archive/web/dnsext/current/maillist.html,
> search "SPF", around August of last year), I'm thinking that "a couple
> years" probably translates i
On Sat, 2014-06-07 at 13:35 +1000, Edwardo Garcia wrote:
> Halo,
> in recent week we have see fill daemon_log of this errors, is way to
> fix?
> I do wrong?
>
>
you are doing nothing wrong, the idiot advertising fe80 is the one doing
it wrong
in the meantime you could add to your named.conf -
On 12/06/2014 08:04, mcna...@isc.org wrote:
In summary:
BIND 9.10.0-P2:
- fixes security issue CVE-2014-3859
- fixes issue from ISC Operational Notification of 4 June 2014
- includes other minor fixes
Michael,
Does this also address the crazy amount of logging (as previously
discussed here
On 12/06/2014 20:58, Tony Finch wrote:
Noel Butler wrote:
Does this also address the crazy amount of logging (as previously
discussed
here)?
If you mean the EDNS logging, that should be fixed in 9.10.1.
Tony.
Yes, this has been the talking point of town, for all wrong reasons
On 27/06/2014 12:32, Teerapatr Kittiratanachai wrote:
Dear List,
Yesterday I try to map a private IP address on Public DNS Server, but
some server, actually 1 server, doesn't show the answer. But the Rcode
is 0.
So I already removed that record for now. Is it possible to set DNS
server for not s
On 12/07/2014 11:08, Mark Andrews wrote:
The real problem is humans. They like to tinker with files (hence
the subject line). There really shouldn't be a reason for anyone
to need to read slave database files. They are there so named can
have the zone content when it starts up rather than hav
On 07/08/2014 06:03, Jared Empson wrote:
What our cache server receives:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38342
;; flags: qr ; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1280
;; QUESTION SECTION:
;losscontrol
list :)
On 07/08/2014 08:40, Reindl Harald wrote:
> Am 07.08.2014 um 00:33 schrieb Noel Butler:
>
>> Apart from stupid SOA values, losscontrol360.com seems OK
>
> OK? the failing NS query is caused by the errors below
> this domain only works by luck from time to time
>
so what about named's syslog entries, most commonly found in daemon log
On 21/08/2014 10:59, Len Conrad wrote:
> uname -a
> FreeBSD rns1..net 10.0-RELEASE
>
> named -v
> BIND 9.10.0-P2
>
> this is a recursive-only NS restricted allowing recursive queries from
> "ournetworks" ACL
>
>
you need an allow-query and ACL, eg:
Assuming for example your LAN ip range is 192.168.0.0/24, then you would
use
for simplicity, at top of named.conf:
acl "trust" { localhost; 192.168.0.0/24; };
then in...
options {
allow-query { trust; };
allow-query-cache { trust; };
..
' to
> bind-users-requ...@lists.isc.org
>
> You can reach the person managing the list at
> bind-users-ow...@lists.isc.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
> Today's Top
On 07/04/2015 17:07, Matus UHLAR - fantomas wrote:
> On 06.04.15 15:19, Noel Butler wrote:
>
>> you need an allow-query and ACL, eg:
>
> No. Don't play with allow-query if it is supposed to be authoritative for
> any zones (unless those zones are internal).
>
On 07/04/2015 17:15, G.W. Haywood wrote:
> Hi there,
>
> On Tue, 7 Apr 2015, bind-users-requ...@lists.isc.org wrote:
>
>> Message: 1
> [Snip 51 lines]
>
>> Message: 2
> [Snip 75 lines] Message: 1
[Snip 37 lines]
>> Message: 1
[Snip 45 lines]
>> Message: 2
[Snip 49 lines]
>> Messag
On 27/05/2015 07:00, Mike Hoskins (michoski) wrote:
> Hi folks,
>
> I've read about RRL with interest since its inception, but just now
> getting around to rolling it out. That is partially because we run a very
> small authoritative infrastructure serving mostly as Akamai EDNS origins.
> How
Hi,
No, not directly, there are things like webmin that used to let people
manage DNS, not sure how manageable though or if its even still
supported.
On 07/07/2015 19:26, Ejaz wrote:
> All.
>
> Dees bind support for web-based control panel? I need one that can
> automatically push updat
On 08/08/2015 01:23, Heiko Richter wrote:
> The "spf2.0/pra ?all" is SenderID, where "pra" forces the DMARC server
> to check only the Envelope-Sender against "v=spf1 mx -all". If you
> don't set that, SPF will always check both Envelope-From and Header-From.
>
>> Note that it's the SenderID
On 11/08/2015 07:59, Lawrence K. Chen, P.Eng. wrote:
> On 2015-08-10 16:49, Lawrence K. Chen, P.Eng. wrote:
>
>> Though I realize my error not recalling that there is a middle (neutral)
>> level, and which is more appropriate, since softfail is somewhere between
>> fail and neutral which is
On 05/09/2015 04:49, Reindl Harald wrote:
mostly people who are throwing as much as possible appliances and
firewalls in front of their machines doing that because missing
knowledge
and falling for some salesman's BS, the moment they sniff you have no
idea, they rub their hands together think
On 05/09/2015 05:00, Leandro wrote:
> Reindl , I agree with you.
> One Firewall should be enough.
> So, what you consider this firewall should do ?
> In my opinion:
> Block requests coming from a blacklist (Who will generate this list ?)
> Block denial of service requests. It needs to measure
On 05/09/2015 11:41, Mike Hoskins (michoski) wrote:
Actually, PIX had issues... I can attest to that, having administered
several Cisco-based networks including PIX years before I was "a Cisco
The biggest issues we really saw with PIX protected networks was in
early 2000's,
it used to bit
On 12/09/2015 00:54, David Ford wrote:
We are also one of those services that will reject mail if DNS records
don't line up sufficiently to a) satisfy RFC requirements for DNS and
b)
are clearly mismatched with your DNS A/MX/PTR/SPF and who you pretend
to
be in HELO/EHLO
Those two simple rule
On 06/02/2016 07:25, Olliver Schinagl wrote:
I have configured my ad zone as a 'regular' set of zones all pointing
to the same 'null' zone and the only problem I really have is that the
newer binds no longer allows you to to do that, point to the same null
poppycock
our caching resolver loads
On 06/02/2016 07:28, Olliver Schinagl wrote:
; BIND db file for ad servers - point all addresses to an invalid IP
$TTL864000 ; ten days
@ IN SOA ns0.example.net. hostmaster.example.net. (
2008032800 ; serial number YYMMDDNN
On 24/02/2016 09:13, Mathew Ian Eis wrote:
> Hi BIND,
>
> I've encountered (quite by accident) an interesting behavior in BIND with
> wildcard domains:
>
> The relevant configuration is a zone; e.g. bar.com, with what I'll call a
> "second level" wildcard host, e.g. *.foo.bar.com A 10.10.10.
On 15/06/2016 05:38, Ted Mittelstaedt wrote:
It seems some on the list are short on philosophy? Well here is
the actual philosophy and I'll apologize in advance that it won't fit
in a SMS message for those people unable to have deep thoughts more
complex than a SMS message. Hopefully you are
On 15/06/2016 10:29, Ted Mittelstaedt wrote:
On 6/14/2016 4:28 PM, Noel Butler wrote:
On 15/06/2016 05:38, Ted Mittelstaedt wrote:
It seems some on the list are short on philosophy? Well here is
the actual philosophy and I'll apologize in advance that it won't fit
in a SMS message
t is earlier than 9.11.4
>
> Has Ubuntu properly patched it for relevant security updates? Is it safe to
> run? Of course it will be missing the latest features and software defects
> (which I am exploring on a test server sing a version I compiled myself).
--
Kin
d DNS. Do we piggyback off an
> existing port and rely on its ubiquitous allowance on the internet or do we
> create a new port for it, where we can make a dedicated new protocol suite?
>
> On 5/2/20 5:03 PM, Reindl Harald wrote:
--
Kind Regards,
Noel Butler
o know whos going where, netflow tells
us a whole lot more anyway
--
Kind Regards,
Noel Butler
This Email, including attachments, may contain legally
privileged
information, therefore remains confidential and subject to copyright
protected under international law. You may
and we'll also
have no reason to list your netblock on RBL
no need to reply, just let it sink in, but since its failed to in over 5
years, i dont expect miracles.
On 03/05/2020 15:13, Reindl Harald wrote:
> Am 03.05.20 um 01:42 schrieb Noel Butler:
>
>> Dont waste your time
Whos idea was it to change to mailman?
I am geting notices saying subscription disabled because of bounces,
yet my mail server shows NO rejects to ISC and no failures for them
either
What gives?
___
bind-users mailing list
bind-users@lists.isc.org
http
Thanks Alan,
Would be nice if mailman included a reject reason/header :)
On Sat, 2009-01-17 at 22:48, Alan Clegg wrote:
> Noel Butler wrote:
> > I am geting notices saying subscription disabled because of bounces,
> > yet my mail server shows NO rejects to ISC and no failures
On Mon, 2009-01-19 at 01:56, Alan Clegg wrote:
> While off-topic to BIND, as a point of list management, I would like to
> present the following commentary:
>
> It seems that the previous mailing list software did no list "bounce
> management" what-so-ever. If an address was on the list, it w
On Tue, 2009-01-27 at 07:43, Danny Thomas wrote:
> Al Stu wrote:
> > So within the zone SMTP requirements are in fact met when the
> > MX RR is a CNAME.
> you might argue the line of it being OK when additional processing
> includes an A record.
>
In all the time its taken him to type his ran
On Tue, 2009-01-27 at 07:45, Tony Toews [MVP] wrote:
> Folks
>
> Warning - I know just enough about Bind to be dangerous. Which is why I'm
> asking.
>
> I just noticed that our small scale Bind server as a lot of the following
> lines.
>
> 26-Jan-2009 14:28:24.004 client 76.9.16.171#23101:
Hi Tony,
On Tue, 2009-01-27 at 09:35, Tony Toews [MVP] wrote:
> Noel Butler wrote:
>
> >This is not your config, so long as you are not answering thats fine.
>
> How do I know I'm not answering those?
>
Since your on win, I can't help you, but whatever your pa
On Tue, 2009-01-27 at 12:35, Tony Toews [MVP] wrote:
> "Tony Toews [MVP]" wrote:
>
> >>> How do I know I'm not answering those?
> >>>
> >>Since your on win, I can't help you, but whatever your packet monitor
> >>is, see if you are replying to their requests, even with a REFUSED
> >>response.
>
On Tue, 2009-01-27 at 13:16, Tony Toews [MVP] wrote:
> Noel Butler wrote:
>
> >Surely windows can block access to an inbound IP request from "some IP"
> >to local udp port 53 ?
>
> Not the firewall software built into Windows 2003 Server.
>
Gawd...
&
On Sat, 2009-01-31 at 16:55, Al Stu wrote:
> History is fraught with individuals or a few being ridiculed for putting
> forth that which goes against the conventional wisdom of the masses and so
You don't get to speak for anyone else but yourself, just because you
believe in your own trolling
in the lil pond.
I have not read your shit for over a week since I was busy, but you'll
never learn, IOW go cry to someone who might actually give a flying F.
you can not be that thick, the fact you are still trolling about it
indicates that exactly is what you are
> - Original
On Sun, 2009-02-01 at 04:05, Al Stu wrote:
> The basic argument that because it can be misused, abused, criminally
> exploited, etc., it should be abolished, not permitted, and deemed "illegal"
> by a group of people who should not have that authority, even though it has
> practical and benefic
1 - 100 of 146 matches
Mail list logo
