Re: Question about "too many records"

2024-08-01 Thread Tim Daneliuk
On 8/1/24 17:14, John Thurston wrote: After reading the CVE description, it isn't clear to me how the degraded performance is manifest. If 300 A-records exist for the name 'foo', do we expect: 1. queries for A-records for 'foo' will be slower than expected 2. all queries for 'foo' will be sl

Re: 9.18 horrendous

2024-08-23 Thread Tim Daneliuk
On 8/23/24 09:19, Marcus Kool wrote: The user was angry and ranted about named 9.18.x.  He did not rant about any developer or any member of your team.  Removing a user from this list is IMHO not the best way to treat an issue. Marcus Yes, but tone matters. It seems that world is now ful

Best Practices: Slaves And Split Horizon Masters

2015-08-21 Thread Tim Daneliuk
, -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this

Re: Best Practices: Slaves And Split Horizon Masters

2015-08-21 Thread Tim Daneliuk
formation and Technology Services (ITS) > rharo...@umich.edu <mailto:rharo...@umich.edu> > 734-647-6524 desk > > Exactly what I needed, thanks! -- -------- Tim Daneliuk tun...@tundraware.com PGP

More On Split Horizon & Slaves

2015-08-22 Thread Tim Daneliuk
I am still working through how to get this working but a little further steering would be helpful. I have a situation with a single domain "foo.com" That has both public facing and NATed internal addresses. That is, regardless of whether the host IP is visible in the outside world or not, its c

Re: More On Split Horizon & Slaves

2015-08-22 Thread Tim Daneliuk
On 08/22/2015 10:42 AM, /dev/rob0 wrote: > On Sat, Aug 22, 2015 at 09:53:31AM -0500, Tim Daneliuk wrote: > [ Two views, one zone name, different zone contents, > same master & slave: how to populate both views on the slave? ] > >> My sense is that I need to split the inte

Re: Help DNS

2015-08-23 Thread Tim Daneliuk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/23/2015 10:05 PM, Alan Clegg wrote: > Never, EVER use nslookup. Could you explain why? - -- - ---- Tim Daneliuk tun...@tundraware.com PGP Key: h

named.conf Default Location?

2016-01-12 Thread Tim Daneliuk
eeded anymore? ---- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs

Re: ISC considering a change to the BIND open source license

2016-06-13 Thread Tim Daneliuk
gt; Regards, > > Vicky Risk, > Product Manager > > Jeff Osborn, President of ISC, announcing we are considering this change at > RIPE72 in Copenhagen May 26th, https://ripe72.ripe.net/archives/video/206. +1 Long time bind user here and I heartily endorse this. -

Re: BIND 9.16.1 failing assertion

2020-04-16 Thread Tim Daneliuk
that borked our entire environment today. Shame on my for not testing in non-prod first :( Fell back to 9.14 on FreeBSD for now. -------- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ __

Question About Recursion In A Split Horizon Setup

2020-04-16 Thread Tim Daneliuk
nstance is jailed. Ideas? -- ---- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bin

Re: Question About Recursion In A Split Horizon Setup

2020-04-17 Thread Tim Daneliuk
On 4/17/20 7:26 AM, Bob Harold wrote: > > On Thu, Apr 16, 2020 at 7:17 PM Tim Daneliuk <mailto:tun...@tundraware.com>> wrote: > > We have split horizon setup and enable our internal and trusted hosts > to do things as follows: > >    

Re: Question About Recursion In A Split Horizon Setup

2020-04-17 Thread Tim Daneliuk
rd notation? (This is an IPV4 only environment). -- -------- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ Please visit https://lists.isc

Re: Question About Recursion In A Split Horizon Setup

2020-04-17 Thread Tim Daneliuk
On 4/17/20 10:17 AM, julien soula wrote: > On Fri, Apr 17, 2020 at 09:56:21AM -0500, Tim Daneliuk wrote: >> On 4/17/20 9:50 AM, Bob Harold wrote: >>> >>> Agree, that's odd, and not what the man page says.  Any chance that there >>> is some other DNS hel

Re: [Non-DoD Source] Re: BIND Masters and slaves

2020-06-15 Thread Tim Daneliuk
On 6/15/20 1:15 PM, Michael De Roover wrote: > Of course I could, but I do not feel like the effort to change nomenclature > is either beneficial or worth taking for granted the requests of some people > on Twitter - as the slave to peer authority I am - given how much it affects > documentation

How Zone Files Are Read

2020-12-16 Thread Tim Daneliuk
I ran into a situation yesterday which got me pondering something about bind. In this case, a single line in a zone file was bad. The devops automation had inserted a space in the hostname field of a PTR record. What was interesting was that - at startup - bind absolutely refused to load the zon

Re: How Zone Files Are Read

2020-12-16 Thread Tim Daneliuk
he would go to the A record of the zone which is in most > cases simply the wrong destination > I agree that in a master-slave topology, your argument makes sense. I this case, the server was a singleton responsible for a small virtual private netwo

Re: How Zone Files Are Read

2020-12-16 Thread Tim Daneliuk
On 12/16/20 12:25 PM, Timothe Litt wrote: > On 16-Dec-20 11:37, Tim Daneliuk wrote: >> I ran into a situation yesterday which got me pondering something about bind. >> >> In this case, a single line in a zone file was bad. The devops automation >> had inserted a space

Multiple IPs Associated With A Single Name

2016-09-29 Thread Tim Daneliuk
kind soul point me to a relevant explanation of how to do the hostname -> multiple IP mapping? Thanks, -- ---- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/

Re: Multiple IPs Associated With A Single Name

2016-09-29 Thread Tim Daneliuk
man-in-the-middle server? Or is this just a stupid idea? -- -------- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ Please visit

Re: Multiple IPs Associated With A Single Name

2016-09-29 Thread Tim Daneliuk
On 09/29/2016 04:18 PM, Tim Daneliuk wrote: > On 09/29/2016 02:08 PM, John Miller wrote: >> Hi Tim, >> >> AFAIK, multiple A records are the only way to return multiple IPs for >> a given FQDN. there are multiple A records for a given name, BIND >> will return all

Re: Multiple IPs Associated With A Single Name

2016-09-29 Thread Tim Daneliuk
On 09/29/2016 04:33 PM, Matthew Pounsett wrote: > > > On 29 September 2016 at 14:18, Tim Daneliuk <mailto:tun...@tundraware.com>> wrote: > > > What I am stuck on is this: Is there any simple (i.e., non-root) way > to write a client or otherwise configure

Re: Multiple IPs Associated With A Single Name

2016-09-29 Thread Tim Daneliuk
may make sense. I really appreciate everyone jumping in to help with this. -- -------- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ Please visit https://lists.isc.org/mai

Re: Multiple IPs Associated With A Single Name

2016-09-30 Thread Tim Daneliuk
/etc/resolv.conf or a local server on port 53? -------- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs

Re: Multiple IPs Associated With A Single Name

2016-09-30 Thread Tim Daneliuk
On 09/30/2016 10:12 AM, Reindl Harald wrote: > > Am 30.09.2016 um 16:22 schrieb Tim Daneliuk: >> On 09/29/2016 04:45 PM, Darcy Kevin (FCA) wrote: >>> Yeah, sure, just run it with your own special config file (with -c); in >>> that config file, set the listen-on to

Re: Multiple IPs Associated With A Single Name

2016-09-30 Thread Tim Daneliuk
tions with absurd regulations that do nothing but make things harder. The cheaters can probably still find a way if they really want to - it's just mildly harder. It's good for me though - it keeps me fully booking revenue :) -- ------

Re: Multiple IPs Associated With A Single Name

2016-09-30 Thread Tim Daneliuk
On 09/30/2016 12:46 PM, John Miller wrote: > On Fri, Sep 30, 2016 at 1:15 PM, Tim Daneliuk wrote: >> On 09/30/2016 11:17 AM, Hrant Dadivanyan wrote: >>> Won't port redirection work better then ? > >> get sudo for even limited access to things on their sandboxes

Multiple A Records - Followup Question

2016-10-02 Thread Tim Daneliuk
. Thanks, -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe

Re: SOA settings

2018-02-02 Thread Tim Daneliuk
On 02/02/2018 04:00 PM, Warren Kumari wrote: > It only takes a few 2678400 seconds to get into this habit - if you > are having a hard time adjusting, I'd recommend Kris Allen's seminal > work - https://www.youtube.com/watch?v=PwYnG2DGbPo I prefer this - (slightly NFSW): https://www.youtube.co

Bind > 9.12 Will Not Start On FreeBSD

2019-04-27 Thread Tim Daneliuk
ppreciated... -------- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ + named_enable=YES + named_program=/usr/local/sbin/named + named_conf=/usr/local/etc/namedb/named.conf + n

Re: Bind > 9.12 Will Not Start On FreeBSD

2019-04-27 Thread Tim Daneliuk
On 4/27/19 3:33 PM, Anand Buddhdev wrote: > On 27/04/2019 21:52, Tim Daneliuk wrote: > > Hi Tim, > >> Running: FreeBSD 11.2-STABLE #0 r345904 >> >> Bind 9.11 works fine. If I attempt to install 9.12 or greater, the >> installation succeeds but any attemp

Re: Bind > 9.12 Will Not Start On FreeBSD

2019-04-27 Thread Tim Daneliuk
On 4/27/19 5:33 PM, @lbutlr wrote: > On 27 Apr 2019, at 16:21, Tim Daneliuk wrote: >> Why is 9.12+ now suddenly so grumpy about who owns the files? Is this a >> recent fix to reduce the attack surface on files owned by root? > > Pretty sure. I thought it was mentioned in t

Re: Proposal to adopt a Code of Conduct for the list

2019-08-02 Thread Tim Daneliuk
On 8/2/19 1:31 PM, Victoria Risk wrote: > This list is a tremendously helpful and generous group that has provided > really invaluable assistance tl;dr Discuss the topic, not each other It's tragic this even has to be said ... ___ Please visit https:

Re: I am provoked by ISC for the 10 years statement that ISC refuse to fulfill (Re: DNSSEC setup for stealth master and multi slave/recursive - Multiple DS keys?)

2024-02-11 Thread Tim Daneliuk via bind-users
On 2/11/24 02:07, Ole Aamot wrote: "This whole “we support everything for 10 years” is just a sales pitch, not a something that can be fulfilled." – Ondřej Surý — ISC I realize that there was a whole kerfuffle here that I mercifully missed and have absolutely no interest in. But it did "pro

TXT & SPF Record Syntax

2021-02-28 Thread Tim Daneliuk via bind-users
I am trying to understand when the LHS of a TXT record needs to be terminated with '.'. For example, I see this one of the machines I am managing. The server in question is the zone authority for foo.com: foo.com. IN TXT "v=spf1 ... foo.com. IN SPF "v=spf1 ... something

Re: TXT & SPF Record Syntax

2021-02-28 Thread Tim Daneliuk via bind-users
On 2/28/21 5:52 PM, Mark Andrews wrote: > Domain names without a trailing period are relative to the current origin. > > Domain names with a trailing period are absolute. > > If you want to add the record > > foo.bar.example.com. TXT … > > and the current origin is example.com. You can en

Corrupted Slave Data?

2021-05-20 Thread Tim Daneliuk via bind-users
Running bind 9.16.15 on FreeBSD 11.4-STABLE. Master is out on a cloud server at Digital Ocean. Slave is on-premise. All on-prem LANs point to the slave instance. Running split horizon to keep nosey parkers out of our local DNS assignments. Recently - and for no obvious reason - the on-prem inst

Re: Corrupted Slave Data?

2021-05-20 Thread Tim Daneliuk via bind-users
On 5/20/21 8:43 AM, Anand Buddhdev wrote: > On 20/05/2021 15:30, Tim Daneliuk via bind-users wrote: > > Hi Tim, > >> Recently - and for no obvious reason - the on-prem instance stops resolving >> properly. The fix is to stop it, clear out the slave files, and restart. &g

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-10 Thread Tim Daneliuk via bind-users
ing, I've added this to my options stanza: dnssec-policy "default"; Then restarted named and now all the signing magic is taken care of for me for all zones? (I was not previously using signing.) TIA, -- -

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-10 Thread Tim Daneliuk via bind-users
of the signing work before (other than for master/slave). Could you kindly point me to something like "DS Record Creation And Implementation For Dummies"? Thanks, Tim Daneliuk tun...@tundraware.com PGP

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-10 Thread Tim Daneliuk via bind-users
ant to convey to my registrar? Other than this I see nothing that resembles a relevant response AND the COOKIE field does not show up if I do the dig from outside the zone. -- ---- Tim Da

Debug Approach Help?

2021-08-11 Thread Tim Daneliuk via bind-users
garbage may be implicated. We could use some help on an approach to debugging this. Having never had significant bind problems over 20 years of use, we literally have no named debugging experience... TIA, -- -------- Tim D

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-11 Thread Tim Daneliuk via bind-users
it. -- ---- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this softw

Re: Debug Approach Help?

2021-08-11 Thread Tim Daneliuk via bind-users
what may be happening. > > Richard. Perfect, will do, and thanks... -- ---- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ P

Tracking Down Odd bind Behavior

2021-08-14 Thread Tim Daneliuk via bind-users
.org/support Aug 14 17:07:03 ozzie named[32292]: Aug 14 17:07:03 ozzie named[32292]: command channel listening on 127.0.0.1#953 Aug 14 17:07:03 ozzie named[32292]: 14-Aug-2021 17:07:03.167 general: notice: all zones loaded Aug 14 17:07:03 ozzie

Re: Tracking Down Odd bind Behavior

2021-08-15 Thread Tim Daneliuk via bind-users
On 8/15/21 9:07 AM, G.W. Haywood via bind-users wrote: > Hi there, > > On Sun, 15 Aug 2021, Tim Daneliuk wrote: > >> I have a bind slave instance running on FreeBSD 13-STABLE.  Periodically >> (after >> a few days of perfect operation), it loses its ability to

Failing DNS Server Diagnostic Help Requested

2022-01-13 Thread Tim Daneliuk via bind-users
appreciated as well ... (We have a fair bit of other logging data to be examined, I just didn't want to spam the whole list with all that ...) -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.

Bind: Standard Ports And Non Standard Ports

2022-02-11 Thread Tim Daneliuk via bind-users
After some months of poking around, we are now certain that our so-called "Business" service from Comcast is compromising our DNS servers because of their execrable "Security Edge" garbage. (They are willing to remove this 'service' only if we are willing to incur a higher monthly recurring fe