Re: Inline signing fails dnsviz test.

2021-05-10 Thread Dan Egli via bind-users 
Okay, so I added the policy, and things MOSTLY look okay. But when I 
retake the verification test, I get errors about no RRSIGs found. What 
do I do to resolve that issue?


On 5/10/2021 12:38 PM, Tony Finch wrote:

Dan Egli  wrote:

Still not working for me. The dig doesn't report anything, and I don't HAVE a
keyfile since i'm using inline signing. Or does inline signing still require a
key to be generated?

Yes, you need to do your own key management with inline-signing using
dnssec-keygen. The new dnssec-policy feature can do automatic key
management for you.

Tony.


--
Dan Egli
From my Test Server



OpenPGP_0x11B7451DF2015959.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Inline signing fails dnsviz test.

2021-05-10 Thread Tony Finch 
Dan Egli  wrote:
>
> Still not working for me. The dig doesn't report anything, and I don't HAVE a
> keyfile since i'm using inline signing. Or does inline signing still require a
> key to be generated?

Yes, you need to do your own key management with inline-signing using
dnssec-keygen. The new dnssec-policy feature can do automatic key
management for you.

Tony.
-- 
f.anthony.n.finchhttps://dotat.at/
Lundy, Fastnet: Southwest 5 to 7, backing southeast 4 to 6 for a time.
Moderate or rough, occasionally very rough in southwest Fastnet.
Thundery rain. Good, occasionally poor.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Inline signing fails dnsviz test.

2021-05-10 Thread Dan Egli 

On 5/10/2021 12:17 PM, Tony Finch wrote:

Dan Egli  wrote:

Where do I get the DS record, since i'm using bind's inline signing?

Use the dnssec-dsfromkey tool, e.g. from a key file (make sure it's the
KSK file)

$ grep This Kcam.ac.uk.+013+32840.key
; This is a key-signing key, keyid 32840, for cam.ac.uk.
$ dnssec-dsfromkey -2 Kcam.ac.uk.+013+32840.key
cam.ac.uk. IN DS 32840 13 2 
2BDAF21907420CE792AF02B55071953BC2BDB64B5126710E12AF89F711322B85

or from your DNSKEY RRset (safest to run this on your primary to be sure
the keys aren't mangled)

$ dig cam.ac.uk dnskey | dnssec-dsfromkey -2 -f - cam.ac.uk
cam.ac.uk. IN DS 32840 13 2 
2BDAF21907420CE792AF02B55071953BC2BDB64B5126710E12AF89F711322B85

Tony.


Still not working for me. The dig doesn't report anything, and I don't 
HAVE a keyfile since i'm using inline signing. Or does inline signing 
still require a key to be generated? The walkthrough I was looking at 
didn't seem to indicate that.


 dig @localhost newideatest.site dnskey

; <<>> DiG 9.16.12 <<>> @localhost newideatest.site dnskey
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38832
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: f932880860047837010060997aea2f4ce09bf11a954c (good)
;; QUESTION SECTION:
;newideatest.site.  IN  DNSKEY

;; AUTHORITY SECTION:
newideatest.site.   120 IN  SOA newideatest.site. 
dan.newideatest.site. 5 120 240 604800 86400


;; Query time: 10 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mon May 10 12:26:50 MDT 2021
;; MSG SIZE  rcvd: 113

So, of course dnssec-dsfromkey does't work:

 dig @localhost newideatest.site dnskey | dnssec-dsfromkey -2 -f - 
newideatest.site

dnssec-dsfromkey: fatal: no DNSKEY RR for newideatest.site in input


--
Dan Egli
From my Test Server



OpenPGP_0x11B7451DF2015959.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: where are the testing docs ?

2021-05-10 Thread Ondřej Surý 
And I am saying all of this is a definition of off-topic, so please be nice to 
each other and stay on topic.

Dennis, we are going to accept a MR that would fix your case and not break 
anything else. You can either submit patch inline in the issue or you can ask 
and I can permit forking the project in ISC GitLab.

Ondřej
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel 
obligated to reply outside your normal working hours.

> On 10. 5. 2021, at 20:19, Paul Kosinski via bind-users 
>  wrote:
> 
> Actually, it's in keeping with the *original* definition of hacking!
> 
> 
>> On Sun, 9 May 2021 23:55:13 -0600
>> @lbutlr  wrote:
>> 
>>> On 06 May 2021, at 09:57, Dennis Clarke via bind-users 
>>>  wrote:
>>> I do NOT trust a build result where I had to go hacking into all the
>>> Makefiles just to get it to build. You install without doing testing?  
>> 
>> That's a very strange definition of "hacking". Setting makefile [preferences 
>> and options is not in and way "hacking".
>> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: where are the testing docs ?

2021-05-10 Thread Paul Kosinski via bind-users 
Actually, it's in keeping with the *original* definition of hacking!


On Sun, 9 May 2021 23:55:13 -0600
@lbutlr  wrote:

> On 06 May 2021, at 09:57, Dennis Clarke via bind-users 
>  wrote:
> > I do NOT trust a build result where I had to go hacking into all the
> > Makefiles just to get it to build. You install without doing testing?  
> 
> That's a very strange definition of "hacking". Setting makefile [preferences 
> and options is not in and way "hacking".
> 
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Inline signing fails dnsviz test.

2021-05-10 Thread Tony Finch 
Dan Egli  wrote:
>
> Where do I get the DS record, since i'm using bind's inline signing?

Use the dnssec-dsfromkey tool, e.g. from a key file (make sure it's the
KSK file)

$ grep This Kcam.ac.uk.+013+32840.key
; This is a key-signing key, keyid 32840, for cam.ac.uk.
$ dnssec-dsfromkey -2 Kcam.ac.uk.+013+32840.key
cam.ac.uk. IN DS 32840 13 2 
2BDAF21907420CE792AF02B55071953BC2BDB64B5126710E12AF89F711322B85

or from your DNSKEY RRset (safest to run this on your primary to be sure
the keys aren't mangled)

$ dig cam.ac.uk dnskey | dnssec-dsfromkey -2 -f - cam.ac.uk
cam.ac.uk. IN DS 32840 13 2 
2BDAF21907420CE792AF02B55071953BC2BDB64B5126710E12AF89F711322B85

Tony.
-- 
f.anthony.n.finchhttps://dotat.at/
Berwick upon Tweed to Whitby: South backing southeast, 3 to 5,
occasionally 6 at first. Slight or moderate becoming slight. Showers,
perhaps thundery later. Good occasionally moderate later.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Inline signing fails dnsviz test.

2021-05-10 Thread Dan Egli 
They do, and I had forgotten that. But I don't know where to get the DS 
record I'd place. I tried querying bind, but all I got back was 
someone's SOA record:


; <<>> DiG 9.16.12 <<>> @localhost ds eglifamily.name
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62605
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 8761a3c0b39eccab01006099729d88739143bbe8c230 (good)
;; QUESTION SECTION:
;eglifamily.name.   IN  DS

;; AUTHORITY SECTION:
name.   10794   IN  SOA ac1.nstld.com. 
info.verisign-grs.com. 1620669036 1800 900 604800 86400


;; Query time: 10 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mon May 10 11:51:25 MDT 2021
;; MSG SIZE  rcvd: 142

Where do I get the DS record, since i'm using bind's inline signing?

On 5/10/2021 3:29 AM, John W. Blue via bind-users wrote:

Hello Dan.

Does your registrar have the ability via a UI to place a DS record in 
the .name zone?


And if so, have you done that already?

John

Sent from Nine 

*From:* Dan Egli 
*Sent:* Monday, May 10, 2021 12:20 AM
*To:* bind-users@lists.isc.org
*Subject:* Inline signing fails dnsviz test.

I tried to setup inline signing on my DNS server, and after reading the
results from DNSVIZ, i'd say I was PARTIALLY successful, but there still
seems to be a lot missing.

You can check the status on dnsviz yourself with the names
eglifamily.name and newideatest.site. Both resulted in nearly identical
responses, wtih a lot of warning and some errors. A few of those errors
I could blame on my backup DNS provider. You get what you pay for and
they are free. But not everything could be blamed on them.

I've attached a PNG of the output. Hopefully it comes through.
Meanwhile, here's the zone statements from my named.conf:

view "standard" IN {
 zone "eglifamily.name" {
 type master;
 file "pri/eglifamily.zone";
 allow-query { any; };
 allow-transfer {
   108.61.224.67; 116.203.6.3; 107.191.99.111;
185.22.172.112; 103.6.87.125; 192.184.93.99; 119.252.20.56;
31.220.30.73; 185.34.136.178; 185.136.176.247; 45.77.29.133;
116.203.0.64; 167.88.161.228; 199.195.249.208; 104.244.78.122;
2605:6400:30:fd6e::3; 2605:6400:10:65::3; 2605:6400:20:d5e::3;
2a01:4f8:1c0c:8122::3; 2001:19f0:7001:381::3; 2a06:fdc0:fade:2f7::1;
2a00:dcc7:d3ff:88b2::1; 2a04:bdc7:100:1b::3;
2401:1400:1:1201::1:7853:1a5; 2604:180:1:92a::3; 2403:2500:4000::f3e;
2a00:1838:20:2::cd5e:68e9; 2604:180:2:4cf::3; 2a01:4f8:1c0c:8115::3;
2001:19f0:6400:8642::3;
 };
//  also-notify { 1.2.3.4; }; // none for now
 allow-update { trusted; };
 key-directory "/var/bind/pri/keys";
 auto-dnssec maintain;
 inline-signing yes;
 };

 zone "newideatest.site" {
 type master;
 file "pri/newideatest.zone";
 allow-query { any; };
 allow-transfer {
   108.61.224.67; 116.203.6.3; 107.191.99.111;
185.22.172.112; 103.6.87.125; 192.184.93.99; 119.252.20.56;
31.220.30.73; 185.34.136.178; 185.136.176.247; 45.77.29.133;
116.203.0.64; 167.88.161.228; 199.195.249.208; 104.244.78.122;
2605:6400:30:fd6e::3; 2605:6400:10:65::3; 2605:6400:20:d5e::3;
2a01:4f8:1c0c:8122::3; 2001:19f0:7001:381::3; 2a06:fdc0:fade:2f7::1;
2a00:dcc7:d3ff:88b2::1; 2a04:bdc7:100:1b::3;
2401:1400:1:1201::1:7853:1a5; 2604:180:1:92a::3; 2403:2500:4000::f3e;
2a00:1838:20:2::cd5e:68e9; 2604:180:2:4cf::3; 2a01:4f8:1c0c:8115::3;
2001:19f0:6400:8642::3;
 };
//  also-notify { 1.2.3.4; }; // none for now
 allow-update { trusted; };
 key-directory "/var/bind/pri/keys";
 auto-dnssec maintain;
 inline-signing yes;
 };

--

Dan Egli
 From my Test Server


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


--
Dan Egli
From my Test Server



OpenPGP_0x11B7451DF2015959.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list

Re: where are the testing docs ?

2021-05-10 Thread Dennis Clarke via bind-users 
On 5/10/21 01:55, @lbutlr wrote:
> On 06 May 2021, at 09:57, Dennis Clarke via bind-users 
>  wrote:
>> I do NOT trust a build result where I had to go hacking into all the
>> Makefiles just to get it to build. You install without doing testing?
> 
> That's a very strange definition of "hacking". Setting makefile [preferences 
> and options is not in and way "hacking".
> 

I realize you are being a jerk on purpose but regardless :

1) 9.11.26 builds perfectly out of the box with no issues

2) 9.11.27 fails to build with a bucket of undefined symbols

3) 9.11.28 fails to build in the same manner

4) 9.11.29 why waste my time looking here ?

5) 9.11.30 does not even exist ... please play again

6) 9.11.31 fails to build with a bucket of undefined symbols

7) dig around madly into 9.11.26 to see if *something* has gone
   wonky thereafter ... rebuild it and watch everything "just work"

8) change some compiler flags, look at the CPPFLAGS and begin
   digging into the Makefiles to see where things have gone bork

9) find that the Makefile in bin/tools is in fact bork bork bork

   10) compare the Makefile in bin/tools with the results from 9.11.26

   11) find possible bork botk bork and begin to hack in some silly
   edits to get past the bin/tools portion of this mess

   12) that works and now other things break, so begin a pile of sed
   and grep and awk and such over ALL the Makefiles everywhere and
   determine that in fact yes they are all borked slightly

I call all of those four days of work a pile of hack. On an old legacy
platform that no one wants to keep running anymore, and it just keeps
running and running. I don't know what you call it. I just say that
releases after 9.11.26 are borked. However only slightly and in places
no one would look at anyways.


-- 
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Update DNSSEC Zone

2021-05-10 Thread Tony Finch 
Peter Fraser  wrote:
>
> I am using bind-9.14.x and here are the DNSSEC related entries in the zone.
>
> auto-dnssec maintain;
> update-policy local;
> key-directory “zones/domain-keys”;

How you go about this depends on whether your configuration enables
`inline-signing` or not.

If it has inline-signing, you should see in the filesystem that each zone
file has .signed (and possibly .jnl) files alongside. You can update the
zone using

(edit the non-.signed zone file)
rndc reload

If it does not have inline-signing I prefer to use `nsupdate` to update
the zones, usually with my `nsdiff` or `nsvi` tools. Or you can,

rndc freeze
(edit the zone file)
rndc thaw

https://dotat.at/prog/nsdiff/

Tony.
-- 
f.anthony.n.finchhttps://dotat.at/
Biscay: Southwest 3 to 5 increasing 5 to 7. Rough, occasionally
moderate in east, becoming very rough in west. Thundery showers. Good,
occasionally poor.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Inline signing fails dnsviz test.

2021-05-10 Thread John W. Blue via bind-users 
Hello Dan.

Does your registrar have the ability via a UI to place a DS record in the .name 
zone?

And if so, have you done that already?

John

Sent from Nine

From: Dan Egli 
Sent: Monday, May 10, 2021 12:20 AM
To: bind-users@lists.isc.org
Subject: Inline signing fails dnsviz test.

I tried to setup inline signing on my DNS server, and after reading the
results from DNSVIZ, i'd say I was PARTIALLY successful, but there still
seems to be a lot missing.

You can check the status on dnsviz yourself with the names
eglifamily.name and newideatest.site. Both resulted in nearly identical
responses, wtih a lot of warning and some errors. A few of those errors
I could blame on my backup DNS provider. You get what you pay for and
they are free. But not everything could be blamed on them.

I've attached a PNG of the output. Hopefully it comes through.
Meanwhile, here's the zone statements from my named.conf:

view "standard" IN {
 zone "eglifamily.name" {
 type master;
 file "pri/eglifamily.zone";
 allow-query { any; };
 allow-transfer {
   108.61.224.67; 116.203.6.3; 107.191.99.111;
185.22.172.112; 103.6.87.125; 192.184.93.99; 119.252.20.56;
31.220.30.73; 185.34.136.178; 185.136.176.247; 45.77.29.133;
116.203.0.64; 167.88.161.228; 199.195.249.208; 104.244.78.122;
2605:6400:30:fd6e::3; 2605:6400:10:65::3; 2605:6400:20:d5e::3;
2a01:4f8:1c0c:8122::3; 2001:19f0:7001:381::3; 2a06:fdc0:fade:2f7::1;
2a00:dcc7:d3ff:88b2::1; 2a04:bdc7:100:1b::3;
2401:1400:1:1201::1:7853:1a5; 2604:180:1:92a::3; 2403:2500:4000::f3e;
2a00:1838:20:2::cd5e:68e9; 2604:180:2:4cf::3; 2a01:4f8:1c0c:8115::3;
2001:19f0:6400:8642::3;
 };
//  also-notify { 1.2.3.4; }; // none for now
 allow-update { trusted; };
 key-directory "/var/bind/pri/keys";
 auto-dnssec maintain;
 inline-signing yes;
 };

 zone "newideatest.site" {
 type master;
 file "pri/newideatest.zone";
 allow-query { any; };
 allow-transfer {
   108.61.224.67; 116.203.6.3; 107.191.99.111;
185.22.172.112; 103.6.87.125; 192.184.93.99; 119.252.20.56;
31.220.30.73; 185.34.136.178; 185.136.176.247; 45.77.29.133;
116.203.0.64; 167.88.161.228; 199.195.249.208; 104.244.78.122;
2605:6400:30:fd6e::3; 2605:6400:10:65::3; 2605:6400:20:d5e::3;
2a01:4f8:1c0c:8122::3; 2001:19f0:7001:381::3; 2a06:fdc0:fade:2f7::1;
2a00:dcc7:d3ff:88b2::1; 2a04:bdc7:100:1b::3;
2401:1400:1:1201::1:7853:1a5; 2604:180:1:92a::3; 2403:2500:4000::f3e;
2a00:1838:20:2::cd5e:68e9; 2604:180:2:4cf::3; 2a01:4f8:1c0c:8115::3;
2001:19f0:6400:8642::3;
 };
//  also-notify { 1.2.3.4; }; // none for now
 allow-update { trusted; };
 key-directory "/var/bind/pri/keys";
 auto-dnssec maintain;
 inline-signing yes;
 };

--

Dan Egli
 From my Test Server

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Deprecating BIND 9.18+ on Windows (or making it community improved and supported)

2021-05-10 Thread Ondřej Surý 
> On 10. 5. 2021, at 10:29, Richard T.A. Neal  wrote:
> 
> At this time I don't therefore believe that running BIND via WSL or WSL2 on 
> Windows Server is a viable reliable solution.

Thanks for the analysis.

The alternative is as I outlined in the first email, somebody needs to step up
and start maintaining the BIND 9.18+ Windows version properly. FTR the
“somebody” doesn’t have to do it with their own hands.

Using mingw-w64 to compile BIND 9.18+ instead of using MSVC would be also
accepted as a contribution.

Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Deprecating BIND 9.18+ on Windows (or making it community improved and supported)

2021-05-10 Thread Richard T.A. Neal 
I spent some time last week looking at options for running BIND under WSL on 
Windows Server. Unfortunately it doesn't presently look like a viable solution 
for the following reasons:

There are two versions of WSL: WSL1 and WSL2. Development has all but ceased on 
WSL1, but WSL1 is the only version that can be installed on Windows Server 2019.

Microsoft have not yet confirmed whether WSL2 will be available for Windows 
Server vNext (Windows Server 2022, or whatever they name it).

Even if WSL2 is made available for Windows Server 2022 it has some serious 
networking limitations: it uses NAT from the host, so your Linux instance gets 
a private 172.x.y.z style IP address, and that IP address is different every 
reboot. Proxy port forwarding must therefore be reconfigured on every reboot as 
well.

There has been mixed success getting WSL2 to work in bridged mode, but it is 
not supported by MS. I expect many/most Windows server admins would not want to 
run something in an unsupported configuration which may suddenly stop working 
following a Windows Update.

At this time I don't therefore believe that running BIND via WSL or WSL2 on 
Windows Server is a viable reliable solution.

Best,

Richard.

-Original Message-
From: Richard T.A. Neal 
Sent: 29 April 2021 6:41 pm
To: BIND Users 
Subject: RE: Deprecating BIND 9.18+ on Windows (or making it community improved 
and supported)


The WSL2 option is an interesting one and not something I'd ever considered.


Richard.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users