Issues in configuring Bind 9.10 in CentOS 6.3 with --open-ssl
Dear Team, I am trying to configure Bind 9.10 version in CentOS 6.3 using the following options but getting an error as shown below. Option 1 - ./configure --with-geoip=/usr/local/share/GeoIP/ checking for libtool... no checking for Source Identity Token support... no checking for OpenSSL library... using OpenSSL from /usr/lib and /usr/include checking whether linking with OpenSSL works... no configure: error: Could not run test program using OpenSSL from /usr/lib and /usr/include. Please check the argument to --with-openssl and your shared library configuration (e.g., LD_LIBRARY_PATH). I have OpenSSL and openssl-devel package installed in my machine. Option 2- ./configure --with-geoip=/usr/local/share/GeoIP/ --with-openssl=/usr/include/openssl/ checking for sysconf... yes checking for libtool... no checking for Source Identity Token support... no checking for OpenSSL library... configure: error: /usr/include/openssl//include/openssl/opensslv.h not found I am not able to understand why it is appending the /include/openssl/ in my path as shown above. I have also try following option to play with path but didn't get success. Option 3- ./configure --with-geoip=/usr/local/share/GeoIP/ --with-openssl=/usr checking for libtool... no checking for Source Identity Token support... no checking for OpenSSL library... using OpenSSL from /usr/lib and /usr/include checking whether linking with OpenSSL works... no configure: error: Could not run test program using OpenSSL from /usr/lib and /usr/include. Please check the argument to --with-openssl and your shared library configuration (e.g., LD_LIBRARY_PATH). Pl. help me what should I do ??? Regards, Gaurav Kansal ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Issues in configuring Bind 9.10 in CentOS 6.3 with --open-ssl
On Fri, 2 May 2014, Gaurav Kansal wrote: checking for OpenSSL library... using OpenSSL from /usr/lib and /usr/include checking whether linking with OpenSSL works... no configure: error: Could not run test program using OpenSSL from /usr/lib and /usr/include. Please check the argument to --with-openssl and your shared library configuration (e.g., LD_LIBRARY_PATH). I have OpenSSL and openssl-devel package installed in my machine. The config.log debugging file should contain further details that may be used to troubleshoot this. Please look in config.log for lines around checking whether linking with OpenSSL works (and above ## Cache variables ## line).___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: RRL active by default?
On Thu, May 01, 2014 at 05:10:50PM -0500, Lawrence K. Chen, P.Eng.
wrote:
Does compiling in RRL mean its active, even without a rate-limit
{} control block?
No, and also note the your rate-limit {} stanza could be either in
your options {} statement, or in a view {} statement. The latter
replaces rather than supplements what you have in options.
The other day, I got reports some service is getting intermittent
lookup failures for our ldap server.
Why these appliances have to query DNS servers many times per
second to get the address of a record with a TTL of 1 day
Do you have them directly querying authoritative nameservers? Your
workaround, perhaps, is to have caching-only servers between your
appliances and your authoritative servers.
In looking at the logs, I saw messages about rate-limit of various
subnets. (but, only for the busiest 2 of 8 caching servers)
RRL should only be used on authoritative servers. Are you saying you
saw such logs from a named instance without a rate-limit stanza?
Indeed, that should not be so.
Starting when I first updated to 9.9.4-P1. Though both had said
they had stopped limiting responses by the time I looked.
Just in case, I threw in a
rate-limit {
exempt-clients { k-state; };
};
where k-state is the same acl used with allow-query {} and
allow-recursion {}.
There's also log-only yes; you might try.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: RRL active by default?
On Thu, 1 May 2014, Lawrence K. Chen, P.Eng. wrote:
Does compiling in RRL mean its active, even without a rate-limit {}
control block?
Only for the built-in Chaos _bind view (for id.server, authors.bind,
hostname.bind, and version.bind).
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Issues in configuring Bind 9.10 in CentOS 6.3 with --open-ssl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 2014-05-02 at 13:17 +0530, Gaurav Kansal wrote: I am trying to configure Bind 9.10 version in CentOS 6.3 using the following options but getting an error as shown below. You might try the centos source rpm linked at http://www.five-ten-sg.com/mapper/bind The bind-9.10.0-0.2.fc18.src.rpm builds with GeoIP on el5 and el6. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAlNjyvoACgkQL6j7milTFsFc+ACfQ0liApLFdR+eFs7/ADLfVPsJ TyYAnRn9+TGhb/AJRJ4OZGKtYKHTJb3h =l+xQ -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND 9.10 compilation problem for FreeBSD 6.x/7.x
Any problem has problem building BIND 9.10 for FreeBSD? We are using the same process that worked for building 9.9.4 to build 9.10 on FreeBSD 6.x/7.x but we are getting ld: invalid BFD target error. https://www.dropbox.com/s/jciafakcwu68p6f/build_bind.txt Snippet of the compilation log: gcc -I/home/tmp/bind9.25984/bind-9.10.0-build-freebsd-6-32/bind-9.10.0 -I../../../.. -I/home/tmp/bind9.25984/bind-9.10.0-build-freebsd-6-32/bind-9.10.0/lib/dns/include -I../../../../lib/dns/include -I/home/tmp/bind9.25984/bind-9.10.0-build-freebsd-6-32/bind-9.10.0/lib/isc/include -I../../../../lib/isc -I../../../../lib/isc/include -I../../../../lib/isc/unix/include -I../../../../lib/isc/nothreads/include -I../../../../lib/isc/x86_32/include -DFD_SETSIZE=15000 -DISC_SOCKET_MAXEVENTS=256 -O2 -I /home/tmp/bind9.25984/openssl-1.0.1g-freebsd-6-32/include -ggdb -fPIC -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -fno-strict-aliasing -c driver.c ld -ggdb -Wl,-rpath=/home/y/lib -Bshareable -x -o driver.so driver.o ld: invalid BFD target `-Wl,-rpath=/home/y/lib' *** Error code 1 Stop in /home/tmp/bind9.25984/bind-9.10.0-build-freebsd-6-32/bind-9.10.0/bin/tests/system/dlzexternal. *** Error code 1 Stop in /home/tmp/bind9.25984/bind-9.10.0-build-freebsd-6-32/bind-9.10.0/bin/tests/system. *** Error code 1 Stop in /home/tmp/bind9.25984/bind-9.10.0-build-freebsd-6-32/bind-9.10.0/bin/tests. *** Error code 1 Stop in /home/tmp/bind9.25984/bind-9.10.0-build-freebsd-6-32/bind-9.10.0/bin. *** Error code 1___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Issues in configuring Bind 9.10 in CentOS 6.3 with --open-ssl
Hi Jaremy, Config.log doesn't showing any useful data to troubleshoot this. configure:15007: result: no configure:15121: checking for sysconf configure:15121: gcc -o conftest -g -O2 -I/usr/local/share/GeoIP//include -D_GNU_SOURCE -I/usr/local/share/GeoIP//include conftest.c -lpthread -lm -lGeoIP -L/usr/local/share/GeoIP//lib 5 configure:15121: $? = 0 configure:15121: result: yes configure:15143: checking for libtool configure:15174: result: no configure:15267: checking for Source Identity Token support configure:15287: result: no configure:15338: checking for OpenSSL library configure:15436: error: /usr/include/openssl//include/openssl/opensslv.h not found ## ## ## Cache variables. ## Regards, Gaurav Kansal -Original Message- From: Jeremy C. Reed [mailto:jr...@isc.org] Sent: Friday, May 02, 2014 6:08 PM To: Gaurav Kansal Cc: bind-users@lists.isc.org Subject: Re: Issues in configuring Bind 9.10 in CentOS 6.3 with --open-ssl On Fri, 2 May 2014, Gaurav Kansal wrote: The config.log debugging file should contain further details that may be used to troubleshoot this. Please look in config.log for lines around checking whether linking with OpenSSL works (and above ## Cache variables ## line). ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Issues in configuring Bind 9.10 in CentOS 6.3 with --open-ssl
On Fri, 2 May 2014, Gaurav Kansal wrote: Config.log doesn't showing any useful data to troubleshoot this. configure:15338: checking for OpenSSL library configure:15436: error: /usr/include/openssl//include/openssl/opensslv.h not found You looked at config.log after you did a different ./configure run with the wrong --with-openssl=/usr/include/openssl/. You want to run ./configure without the --with-openssl switch. Then please look in config.log for lines around checking whether linking with OpenSSL works (and above ## Cache variables ## line). (You don't have the checking whether linking with OpenSSL works in this output.) ## ## ## Cache variables. ## ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Issues in configuring Bind 9.10 in CentOS 6.3 with --open-ssl
Hi Gaurav On Fri, May 02, 2014 at 01:17:40PM +0530, Gaurav Kansal wrote: --with-openssl=/usr/include/openssl/ --with-openssl should not point to the include directory, but to the prefix. Try --with-openssl=/usr or even just --with-openssl. checking for OpenSSL library... configure: error: /usr/include/openssl//include/openssl/opensslv.h not found ... as this error seems to confirm. Mukund pgpjAyMil0UXA.pgp Description: PGP signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bad performance from BIND 9.10 on RHEL 6.5
I was hoping that BIND 9.10 would outperform BIND 9.9.4b1 on RHEL 6.5 but I was surprised to see so much performance drop from BIND 9.10. We have been able to send test traffic with 180K qps against 9.9.4b1 without seeing query drops but with 9.10, the query drop rate was 18%. Both of the numbers were obtained with 16 UDP listeners and 24 workers on identical Sandybridge hardware with 24 CPU threads and 24G RAM. Default 12 UDP listeners setting with 9.10 is even worse; hence, 16 UDP listeners are used for apple-to-apple comparison. We compiled BIND 9.10 and 9.9.4b1 with the same configuration options. I also tried '--with-tuning=large' for 9.10 and that didn't really help in our test environment. I wonder what type of hardware ISC and test load used to test BIND 9.10. Are there adjustment need to be made for 9.10 to have it perform on par with 9.9.4b1?___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: RRL active by default?
Awww...I found messages about version.bind.
On 05/02/14 09:23, Jeremy C. Reed wrote:
On Thu, 1 May 2014, Lawrence K. Chen, P.Eng. wrote:
Does compiling in RRL mean its active, even without a rate-limit {}
control block?
Only for the built-in Chaos _bind view (for id.server, authors.bind,
hostname.bind, and version.bind).
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- SafeZone Ally
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
GSS-TSIG updates from Windows clients
Hi folks,
I'm trying to get our AD domain controllers to update our BIND 9.8.2
servers--specifically for the zone
_msdcs.lab.brandeis.edu.
I've got updates working in general: I can run kinit username@REALM (
johnmill-dns-t...@lab.brandeis.edu in this case), then successfully run
nsupdate -g from my desktop:
server dns-ext-dev1.lab.brandeis.edu
zone _msdcs.lab.brandeis.edu.
update add yourmom._msdcs.lab.brandeis.edu. 300 IN A 127.0.0.1
send
This works fine--I grab the necessary tickets from our domain controllers,
and BIND accepts my update.
My update-policy {} directive for the zone looks like:
update-policy {
grant johnmill-dnst...@lab.brandeis.edu zonesub ANY;
grant * zonesub ANY;
}
This is uber-lenient--I don't plan to leave things this way. but the
wildcard should allow anything with a pulse to update.
When I try to use Windows (the domain controller itself) to send updates,
the update first gets sent insecurely (which fails), then Windows attempts
secure authentication (and succeeds), but doesn't actually send a secured
update:
named[13861]: client 129.64.102.112#64501: UDP request
named[13861]: client 129.64.102.112#64501: using view '_default'
named[13861]: client 129.64.102.112#64501: request is not signed
named[13861]: client 129.64.102.112#64501: recursion not available
named[13861]: client 129.64.102.112#64501: update
named[13861]: client 129.64.102.112#64501: update '_
msdcs.lab.brandeis.edu/IN' denied
named[13861]: client 129.64.102.112#64501: send
named[13861]: client 129.64.102.112#64501: sendto
named[13861]: client 129.64.102.112#64501: senddone
named[13861]: client 129.64.102.112#64501: next
named[13861]: client 129.64.102.112#64501: endrequest
named[13861]: client @0x7f75640f6980: udprecv
named[13861]: client 129.64.102.112#52448: new TCP connection
named[13861]: client 129.64.102.112#52448: replace
named[13861]: clientmgr @0x7f7564003f98: createclients
named[13861]: clientmgr @0x7f7564003f98: recycle
named[13861]: client 129.64.102.112#52448: read
named[13861]: client 129.64.102.112#52448: TCP request
named[13861]: client 129.64.102.112#52448: using view '_default'
named[13861]: client 129.64.102.112#52448: request is not signed
named[13861]: client 129.64.102.112#52448: recursion not available
named[13861]: client 129.64.102.112#52448: query
named[13861]: failed gss_inquire_cred: GSSAPI error: Major = Unspecified
GSS failure. Minor code may provide more information, Minor = Success.
named[13861]: gss-api source name (accept) is AD-2K8-DEV1$@LAB.BRANDEIS.EDU
named[13861]: process_gsstkey(): dns_tsigerror_noerror
named[13861]: client 129.64.102.112#52448: send
named[13861]: client 129.64.102.112#52448: sendto
named[13861]: client 129.64.102.112#52448: senddone
named[13861]: client 129.64.102.112#52448: next
named[13861]: client 129.64.102.112#52448: endrequest
named[13861]: client 129.64.102.112#52448: read
named[13861]: client @0x7f7564104b70: accept
named[13861]: client 129.64.102.112#52448: next
named[13861]: client 129.64.102.112#52448: request failed: end of file
named[13861]: client 129.64.102.112#52448: endrequest
named[13861]: client 129.64.102.112#52448: closetcp
named[13861]: client 129.64.102.112#64230: UDP request
named[13861]: client 129.64.102.112#64230: using view '_default'
named[13861]: client 129.64.102.112#64230: request is not signed
named[13861]: client 129.64.102.112#64230: recursion not available
named[13861]: client 129.64.102.112#64230: query
named[13861]: client 129.64.102.112#64230: query '_
msdcs.lab.brandeis.edu/SOA/IN' approved
named[13861]: client 129.64.102.112#64230: send
named[13861]: client 129.64.102.112#64230: sendto
named[13861]: client 129.64.102.112#64230: senddone
named[13861]: client 129.64.102.112#64230: next
named[13861]: client 129.64.102.112#64230: endrequest
named[13861]: client @0x7f75640f6980: udprecv
named[13861]: client 129.64.102.112#63381: UDP request
named[13861]: client 129.64.102.112#63381: using view '_default'
named[13861]: client 129.64.102.112#63381: request is not signed
named[13861]: client 129.64.102.112#63381: recursion not available
named[13861]: client 129.64.102.112#63381: query
named[13861]: client 129.64.102.112#63381: query (cache) '
dns-ext-dev1.lab.brandeis.edu/A/IN' denied
named[13861]: client 129.64.102.112#63381: error
named[13861]: client 129.64.102.112#63381: send
named[13861]: client 129.64.102.112#63381: sendto
named[13861]: client 129.64.102.112#63381: senddone
named[13861]: client 129.64.102.112#63381: next
named[13861]: client 129.64.102.112#63381: endrequest
named[13861]: client @0x7f75640f6980: udprecv
named[13861]: client 129.64.99.24#21999: UDP request
named[13861]: client 129.64.99.24#21999: using view '_default'
named[13861]: client 129.64.99.24#21999: request is not signed
named[13861]: client 129.64.99.24#21999: recursion not available
named[13861]: client 129.64.99.24#21999: query
named[13861]: client 129.64.99.24#21999: query '_kerberos._tcp.dc._
msdcs.lab.brandeis.edu/SOA/IN'
Re: GSS-TSIG updates from Windows clients
See tkey-gssapi-credential quoted_string; tkey-gssapi-keytab quoted_string; grant ms-subdomain ; -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How does bind determine a query is duplicate?
I'm assuming it is a combination of host:port:query, but can anyone confirm that? -- --Matt ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
verifying bind-9.10.0 download
Hello, I have downloaded bind-9.10.0.tar.gz from the ISC download site, imported in the pgpkey2013.txt located at: https://www.isc.org/downloads/software-support-policy/openpgp-key/ , and can't seem to get any of the signature files to pass the verify test using gpg : gpg --import pgpkey2013.txt gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: key 189CDBC5: public key Internet Systems Consortium, Inc. (Signing key, 2013) codes...@isc.org imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) gpg --verify bind-9.10.0.tar.gz.asc bind-9.10.0.tar.gz gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: Signature made Tue Apr 29 16:12:28 2014 EDT using RSA key ID 189CDBC5 gpg: BAD signature from Internet Systems Consortium, Inc. (Signing key, 2013) codes...@isc.org gpg --verify bind-9.10.0.tar.gz.sha512.asc bind-9.10.0.tar.gz gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: Signature made Tue Apr 29 16:12:25 2014 EDT using RSA key ID 189CDBC5 gpg: BAD signature from Internet Systems Consortium, Inc. (Signing key, 2013) codes...@isc.org gpg --verify bind-9.10.0.tar.gz.sha256.asc bind-9.10.0.tar.gz gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: Signature made Tue Apr 29 16:12:26 2014 EDT using RSA key ID 189CDBC5 gpg: BAD signature from Internet Systems Consortium, Inc. (Signing key, 2013) codes...@isc.org I am sure its a user error mistake, but wanted to verify other bind users are able to verify the downloaded files correctly, before digging any deeper into the problem. If anyone has been able to verify the latest stable release using the posted keys, please let me know. Thanks, *The content of this message is my personal opinion only, and should not be construed as anything that has been through rigorous scrutiny of the professional groups who devote their life and work to the topics being discussed___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: verifying bind-9.10.0 download
On Fri, May 02, 2014 at 05:50:45PM -0700, mm half wrote: I have downloaded bind-9.10.0.tar.gz from the ISC download site, imported in the pgpkey2013.txt located at: https://www.isc.org/downloads/software-support-policy/openpgp-key/ , and can't seem to get any of the signature files to pass the verify test using gpg : gpg --verify bind-9.10.0.tar.gz.asc bind-9.10.0.tar.gz gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: Signature made Tue Apr 29 16:12:28 2014 EDT using RSA key ID 189CDBC5 gpg: BAD signature from Internet Systems Consortium, Inc. (Signing key, 2013) codes...@isc.org Works fine for me. Check the fingerprint on the tarball, it should be: SHA256(bind-9.10.0.tar.gz)= acc2f5cc58c121f927e02c23e7e3e2e4876139eaac4a9df71800d4a38917c887 -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: verifying bind-9.10.0 download
OK here too. On 03/05/2014 11:07, Evan Hunt wrote: On Fri, May 02, 2014 at 05:50:45PM -0700, mm half wrote: I have downloaded bind-9.10.0.tar.gz from the ISC download site, imported in the pgpkey2013.txt located at: https://www.isc.org/downloads/software-support-policy/openpgp-key/ [1] , and can't seem to get any of the signature files to pass the verify test using gpg : gpg --verify bind-9.10.0.tar.gz.asc bind-9.10.0.tar.gz gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html [2] for more information gpg: Signature made Tue Apr 29 16:12:28 2014 EDT using RSA key ID 189CDBC5 gpg: BAD signature from Internet Systems Consortium, Inc. (Signing key, 2013) codes...@isc.org Works fine for me. Check the fingerprint on the tarball, it should be: SHA256(bind-9.10.0.tar.gz)= acc2f5cc58c121f927e02c23e7e3e2e4876139eaac4a9df71800d4a38917c887 Links: -- [1] https://www.isc.org/downloads/software-support-policy/openpgp-key/ [2] http://www.gnupg.org/faq.html ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: RRL active by default?
On 05/02/14 09:23, Jeremy C. Reed wrote:
Only for the built-in Chaos _bind view (for id.server, authors.bind,
hostname.bind, and version.bind).
On Fri, 2 May 2014, Lawrence K. Chen, P.Eng. wrote:
Awww...I found messages about version.bind.
My workaround I use is like:
# for builtin tests do not rate-limit
# redefine chaos builtin zones
# can't redefine builtin view '_bind'
view _dnsbench_bind chaos {
recursion no;
notify no;
allow-new-zones no;
rate-limit {
responses-per-second 0;
};
zone version.bind chaos {
type master;
database _builtin version;
};
zone hostname.bind chaos {
type master;
database _builtin hostname;
};
zone authors.bind chaos {
type master;
database _builtin authors;
};
zone id.server chaos {
type master;
database _builtin id;
};
};
Or edit bin/named/config.c (you will quickly find the configuration) and
make and install.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
bin 9.10 verbose logging
Hi, U, since upgrade 9.9.5 to 9.10 every request to the name server is spewing copious amounts of debug type data (thankfully I only upgraded the one server) named[23250]: received packet from 207.66.8.132#53 (no opt): ;; -HEADER- opcode: QUERY, status: NOERROR, id: 20501 ;; flags: qr aa; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;dns2.osogrande.com.^I^IIN^I ;; AUTHORITY SECTION: osogrande.com.^I^I86400^IIN^ISOA^Idns1.osogrande.com. hostmaster.osogrande.com. 2002041909 14400 7200 604800 600 WTF ? Was debug left on in the final release source code? :) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
