Re: HIP record

2012-02-19 Thread Miek Gieben 
[ Quoting  at 10:51 on Feb 20 in "Re: HIP record..." ]
> The presence of white space is significant, not whether the whitespace
> is "" or " + " or even "".  You
> asked me if there was any difference between "" or
> " + " and there isn't.

Where is this specified? The closest I can find is 1035, but it 
only says:

( ) Parentheses are used to group data that crosses a line
boundary.  In effect, line terminations are not
recognized within parentheses.

Regards,
Miek Gieben


signature.asc
Description: Digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Assistance with SPF Records for BIND

2012-02-19 Thread Noel Butler 
On Sun, 2012-02-19 at 17:00 +0100, ml wrote:


> 
> fakessh.eu descriptive text "spf2.0/pra ip4:46.105.34.177 
> ip4:91.121.7.86 ?all"




> fakessh.eu descriptive text "v=spf1  ip4:46.105.34.177 ip4:91.121.7.86  
> ?all"
> 


Why did you bother with the record at all? 
"Question mark"  indicates you don't care and the remote should
bascially ignore it. 
Waste of time, please do some homework before making such foolish
recommendations





signature.asc
Description: This is a digitally signed message part
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: HIP record

2012-02-19 Thread Mark Andrews 

In message <20120219210232.gb6...@miek.nl>, Miek Gieben writes:
> [ Quoting  at 07:45 on Feb 20 in "Re: HIP record..." ]
> > > But I have another query then. Is there a difference between:
> > > 
> > > blah ( bla1
> > > bla2
> > > )
> > > 
> > > and:
> > > 
> > > blah ( bla1
> > >  bla2
> > > )
> > > 
> > > In other words: is the space significant in the second example?
> > 
> > no.
> 
> Ok, that's in line with RFC 1035. But I'm confused now, if that space is
> not significant, BIND should be able to correctly parse the HIP record
> as emailed before (and not try to recognize it as an ownername) ?

The presence of white space is significant, not whether the whitespace
is "" or " + " or even "".  You
asked me if there was any difference between "" or
" + " and there isn't.
 
And before you ask for named to be made to work with a base64 key
broken up arbitarially how many rendevous servers are there in this
example?

www IN  HIP ( 2 200100107B1A74DF365639CC39F1D578
  AwEA Abdx yhNu Sutc 5EMz xTs9 LBPC
  IkOF H8cI vM4p 9+Lr V4e1 9WzK 00+C
  I6zB CQTd tWsu xKbW Iy87 UOoJ TwkU
  s7lB u+Up r1gs Nrut 79ry ra+b SRGQ
  b1sl ImA8 YVJy uIDs j7kw zG7j nERN
  qnWx Z48A Wksk mdHa VDP4 Bcel rTI3
  rMXd XF5D QWER rSv1 RsV2 )

The examples can not be cut-and-pasted.  They need to have the
public key turned into a single string first.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named.conf splitting

2012-02-19 Thread Alan Clegg 
While not _exactly_ what was asked for, "rndc addzone" and "rndc
delzone" seem to be able to do what you want...

Just an idea..

AlanC
-- 
a...@clegg.com | 1.919.355.8851



signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: HIP record

2012-02-19 Thread Miek Gieben 
[ Quoting  at 07:45 on Feb 20 in "Re: HIP record..." ]
> > But I have another query then. Is there a difference between:
> > 
> > blah ( bla1
> > bla2
> > )
> > 
> > and:
> > 
> > blah ( bla1
> >  bla2
> > )
> > 
> > In other words: is the space significant in the second example?
> 
> no.

Ok, that's in line with RFC 1035. But I'm confused now, if that space is
not significant, BIND should be able to correctly parse the HIP record
as emailed before (and not try to recognize it as an ownername) ?

Regards,
Miek Gieben


signature.asc
Description: Digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: HIP record

2012-02-19 Thread Mark Andrews 

In message <20120219202216.ga17...@miek.nl>, Miek Gieben writes:
> [ Quoting  at 07:09 on Feb 20 in "Re: HIP record..." ]
> > Both records are malformed.  Remove the whitespace from the public key.
> >=20
> >The Public Key field is represented as the Base64 encoding [RFC4648]
> >of the public key.  The encoding MUST NOT contain whitespace(s) to
> >distinguish it from the Rendezvous Servers field.
> >=20
> > And you failed to read the note immediately above them.
> >=20
> >In the examples below, the public key field containing no whitespace
> >is wrapped since it does not fit in a single line of this document.
> 
> Thanks for your reply.
> 
> But I have another query then. Is there a difference between:
> 
> blah ( bla1
> bla2
> )
> 
> and:
> 
> blah ( bla1
>  bla2
> )
> 
> In other words: is the space significant in the second example?

no.

> grtz Miek
> 
> 
> --dDRMvlgZJXvWKvBx
> Content-Type: application/pgp-signature; name="signature.asc"
> Content-Description: Digital signature
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.11 (GNU/Linux)
> 
> iEYEARECAAYFAk9BWfgACgkQJYuFzziA0PajUgCgqJCMu6hyX2ws2UWGowHjuoEu
> RG0AnRAxsW0VGjF8V7L6FKs05GKtU7v7
> =uDBu
> -END PGP SIGNATURE-
> 
> --dDRMvlgZJXvWKvBx--
> 
> --===4591130730917447427==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> --===4591130730917447427==--
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: HIP record

2012-02-19 Thread Miek Gieben 
[ Quoting  at 07:09 on Feb 20 in "Re: HIP record..." ]
> Both records are malformed.  Remove the whitespace from the public key.
> 
>The Public Key field is represented as the Base64 encoding [RFC4648]
>of the public key.  The encoding MUST NOT contain whitespace(s) to
>distinguish it from the Rendezvous Servers field.
> 
> And you failed to read the note immediately above them.
> 
>In the examples below, the public key field containing no whitespace
>is wrapped since it does not fit in a single line of this document.

Thanks for your reply.

But I have another query then. Is there a difference between:

blah ( bla1
bla2
)

and:

blah ( bla1
 bla2
)

In other words: is the space significant in the second example?

grtz Miek



signature.asc
Description: Digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named.conf splitting

2012-02-19 Thread Michelle Konzack 
Hello Noel Butler,

Am 2012-02-18 11:25:10, hacktest Du folgendes herunter:
> If the OP is trying to avoid inline editing, does not the above become
> pointless?

Yes, and the wish of the OP is my wish too!

> Still requires inline editing to remove the
> include "/path/to/etc/zone1.conf", else named will have an error on
> reload.

Right

> Being involved in the apache discussion I think I see where he wants to
> do, but I'm not sure if bind works like that.

I like to see bind working like this  ;-)

> (/me   fires up dev box)
>   ...
> OK,  Nick, it will not do what you want.
> 
> Perhaps this is better off as a feature request, and, one that makes
> sound sense to me, although I include one hosts.conf file and put all
> entries in that and like most are very happy that way, if people are
> including singular zone files from another include file, it would make
> far better sense, less messy too (I think)

I think, the best would be the solution from apache, which  read  entire
directories if the include ends with a /.

How and where can I send this wish-list bug?

Thanks, Greetings and nice Day/Evening
Michelle Konzack

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux
   Internet Service Provider, Cloud Computing


itsystems@tdnet Jabber  linux4miche...@jabber.ccc.de
Owner Michelle Konzack

Gewerbe Strasse 3   Tel office: +49-176-86004575
77694 Kehl  Tel mobil:  +49-177-9351947
Germany Tel mobil:  +33-6-61925193  (France)

USt-ID:  DE 278 049 239

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: HIP record

2012-02-19 Thread Mark Andrews 

Both records are malformed.  Remove the whitespace from the public key.

   The Public Key field is represented as the Base64 encoding [RFC4648]
   of the public key.  The encoding MUST NOT contain whitespace(s) to
   distinguish it from the Rendezvous Servers field.

In message <20120219135619.ga24...@miek.nl>, Miek Gieben writes:
> Hello,
> 
> While playing with the HIP record I wanted to place some test records
> in a zone. I used the examples from RFC 5205 (Section 6.).

And you failed to read the note immediately above them.

   In the examples below, the public key field containing no whitespace
   is wrapped since it does not fit in a single line of this document.

 
> ;; Tests
> t  IN  HIP ( 2 200100107B1A74DF365639CC39F1D578
> AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p
> 9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ
> b1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D )
> =20
> t  IN  HIP ( 2 200100107B1A74DF365639CC39F1D578
> AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p
> 9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ
> b1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D
> rvs.example.com. )
> 
> Checking these with named-checkzone yields:
> 
> loading "evilquery.nl" from "evilquery.nl" class "IN"
> dns_rdata_fromtext: evilquery.nl:30: near '9+LrV4e19WzK00+CI6zBCQTdtWsu=
> xKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ': label too long
> dns_rdata_fromtext: evilquery.nl:35: near '9+LrV4e19WzK00+CI6zBCQTdtWsu=
> xKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ': label too long
> zone evilquery.nl/IN: loading from master file evilquery.nl failed: lab=
> el too long
> zone evilquery.nl/IN: not loaded due to errors.
> 
> This is with bind9.7.3. I think records are OK and bind should be able to p=
> arse
> them?
> 
>  grtz,
> 
> --
> Miek
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Assistance with SPF Records for BIND

2012-02-19 Thread ml 

to simply is better

my TXT record
~]$ host -t txt fakessh.eu 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

fakessh.eu descriptive text "spf2.0/pra ip4:46.105.34.177 
ip4:91.121.7.86 ?all"
fakessh.eu descriptive text "spf2.0/mfrom ip4:46.105.34.177 
ip4:91.121.7.86 ~all"
fakessh.eu descriptive text "v=spf1  ip4:46.105.34.177 ip4:91.121.7.86  
?all"



it is OK for all ISP


Le 2012-02-18 17:55, Sten Carlsen a écrit :

Hi

 I suggest to use the wizards or look in the RFC:
 http://www.ietf.org/rfc/rfc4408.txt [4]

 On 18/02/12 17:51, Jonathan Vomacka wrote:


BIND Community Support,

I am inquiring about how to setup a proper SPF record? I know there
are SPF wizards/generators available but each seem to have a
different "opinion" of what should be included and what should not
be included.

Let me give you a scenario of my setup, and hopefully someone can
help me out.

My domain is: test.com
My mailserver hostname is: mail.host.com which also has a MATCHING
PTR record
mail.host.com (for example) resolves to 50.1.1.1 and 50.1.1.1
resolves to mail.host.com

This is a STANDALONE mail server without any VIP's or load
balancing. There is however one additional host that will send out
mail from the domain but it wont be receiving mail, it will only be
used as an SMTP server attached to a website automailer... It only
generates error reports and sends them out... so technically it
isn't a full mail server but it will be sending (outbound only) mail
on behalf of the domain.

The additional host is: mail2.test.com which resolves to 50.2.2.2
and there is a Matching PTR.

These are the ONLY mail servers and IP addresses that will be
sending out mail from the test.com domain. Some websites say I
should use -all and others say -all will cause some MTA's to reject
and ~all is better to use even if those are the only two hosts
sending out mail.

Would you be able to assist with a solid SPF record?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users [1]
to unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org [2]
https://lists.isc.org/mailman/listinfo/bind-users [3]


--
Best regards

Sten Carlsen

No improvements come from shouting:
 "MALE BOVINE MANURE!!!"



Links:
--
[1] https://lists.isc.org/mailman/listinfo/bind-users
[2] mailto:bind-users@lists.isc.org
[3] https://lists.isc.org/mailman/listinfo/bind-users
[4] http://www.ietf.org/rfc/rfc4408.txt


--
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC2626742
 gpg --keyserver pgp.mit.edu --recv-key C2626742

 http://urlshort.eu fakessh @
 http://gplus.to/sshfake
 http://gplus.to/sshswilting
 http://gplus.to/john.swilting
 https://lists.fakessh.eu/mailman/
 This list is moderated by me, but all applications will be accepted
 provided they receive a note of presentation
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

HIP record

2012-02-19 Thread Miek Gieben 
Hello,

While playing with the HIP record I wanted to place some test records
in a zone. I used the examples from RFC 5205 (Section 6.).

;; Tests
t  IN  HIP ( 2 200100107B1A74DF365639CC39F1D578
AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p
9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ
b1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D )
 
t  IN  HIP ( 2 200100107B1A74DF365639CC39F1D578
AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p
9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ
b1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D
rvs.example.com. )

Checking these with named-checkzone yields:

loading "evilquery.nl" from "evilquery.nl" class "IN"
dns_rdata_fromtext: evilquery.nl:30: near 
'9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ': 
label too long
dns_rdata_fromtext: evilquery.nl:35: near 
'9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ': 
label too long
zone evilquery.nl/IN: loading from master file evilquery.nl failed: label 
too long
zone evilquery.nl/IN: not loaded due to errors.

This is with bind9.7.3. I think records are OK and bind should be able to parse
them?

 grtz,

-- 
Miek


signature.asc
Description: Digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users