RHEL, Centos, Rocky, Fedora rpm 9.18.27
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZkjq8RUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsGcdACfW7MPuExfZza+zn/jNlBlDQSXg7UA nigu6WsOkIztjyHDY/KuJmx6TCEf =z8Wr -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.18.26
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZiAhLBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsH/TwCfRECCzSbMwWY4o32rzDT1X3b8kxMA nj9AgWAaoXYHW7AtfK7Ii57mrHkp =iSyg -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.18.25
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZf3WuxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHr2gCfYw4U1U1itN4N0USVhyfg1325YjMA nRpCW3TjF6RFMPWZgReI3QC9W2pt =LxDT -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.18.24
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZcuVihUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEkLwCdF0KogNOgy3cYPjPU7uV7nlC8TfQA n0bzi9A+vDq3rmi69k4zLi2QVSaG =OPRR -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
HEL, Centos, Rocky, Fedora rpm 9.18.21
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. This is my first 9.18 build. It seems to work for me. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZYeF+hUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsH6IgCfZ2X6pE9f2WGwqqIzcUMpXl0QnI8A nj/2N6vWXFKB5/rPuc6jb4E7rZIP =2pik -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.44
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZQsqkxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsF7uwCfYDqYBEqkKXSJNn+fOSWskg/+mtsA n0MmFNixc8j7pJChAItigVdQeouV =nb+i -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.42
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZJSPPxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHAogCbBb0MD0Tud7fZOkCCI87dDJhQRmQA n0s5fehk7/+Ab+NaVbSyTAs5Jg4Q =rblI -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.41
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZGT0FxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEktwCdEham4g5wCclROhytQwZUUMMcr4YA niY/4lQ8KjD0ZzWLeK3ZBS1UyM0p =ijRn -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.40
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZEHCuxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHkpwCfYSw+dDbpRtPjGLWttQV9f/q2vrgA oIpFLi3ouqws8qzO4L2wFySmg3Au =jn/E -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.38
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCY+0crBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsF67wCdHaasF+8opViaBwD1Rdeqe7OlbQgA njngltXenB/3cPlIii4C0mKaqJt8 =vL/d -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.37
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCY9Fm1hUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFozgCfb5FJRMhwKC0gnpa3T5l3ZUiunn4A nisHLUwfoJtp+xdgxSzVfm7OmXA8 =Ys4u -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.35
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCY3UAQRUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFO4ACfVz0vqb1HinaYn9utWWqzPpoM4uUA n32fCM2xymQZG8dTjuG2P48LHmI/ =Djxd -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse lookups not working when Internet connection failed.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, 2022-11-06 at 14:39 +0100, Matus UHLAR - fantomas wrote: > alternatively they can choose to 0/28.66.136.193.in-addr.arpa. or > 0-15.66.136.193.in-addr.arpa. > instead of 0-28.66.136.193.in-addr.arpa. or use $clientname.66.136.193.in-addr.arpa. as the intermediate zone which has a slight advantage when the same client has multiple disjoint parts of the same /24. -BEGIN PGP SIGNATURE- iHIEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCY2f41xUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHBXgCTByqT09Rrz54p7OjWMqOEmj3fnwCe LPnNvD9XwOCDCK94G4ui+uAd8Vc= =mnp9 -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.33
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYyvoWxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFzSACeKcDrYYkIYw3WoAtJPpQ5ni8HZf8A n3Qo5b9ywnGAeTBBvABuaYd5EB3v =qdVy -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.31
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYtt+aBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFaSwCdEPyf1klXiqmgm2ojBvIfJf5xo2kA n1lweraji+gMMaM73huz0OtwqY9X =6YDE -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Rocky, Fedora rpm 9.16.30
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYrHgRhUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFRpgCfU9/j2Hfbvvox+3IP8LQjFEknnIoA n3Wv0nFe5HVnbyJRd9NehqZ/1Ytw =Ei2A -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.28
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYmR19RUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsGC0ACfcaWaBYoTv2D7uYlfz3e9ebwEHEQA n2z3BmoYKfBT5RzrFMfsaTnKOFty =XWZq -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can an RPZ record be used for a non-existed domain?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2022-03-24 at 16:13 -0600, Grant Taylor via bind-users wrote: > But there seems to be a disconnect. > I was talking about adding a domain that is outbound.example.com. and > put the A / records in that domain's apex. Thus you are only > overriding outbound.example.com and nothing else in the example.com > domain. Yes, the disconnect was my brain. I will try to plug that back in. > We must have different experiences and / or have used different MTAs. > I've routinely been able to address one offs do to lack of PTR via > /etc/hosts entries. How do you do that in /etc/hosts? Suppose the mail arrives from a.b.c.d, and they have some name outbound.example.com A a.b.c.d, but d.c.b.a.in- addr.arpa does not exist. For some users, for some (possibly all) senders, we require that d.c.b.a .in-addr.arpa has some PTR record where the corresponding A record resolves back to a.b.c.d. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYjzxpxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHPYgCeNHTOSOzTq78dKjx6/WUyfJ2w8+kA nAqRrCYz72YZrMxyH7OYcP6VCM3R =l8G6 -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can an RPZ record be used for a non-existed domain?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2022-03-24 at 12:16 -0600, Grant Taylor via bind-users wrote: > What advantage does RPZ have in this case over just hosting the > domain(s) locally? In general, the domain exists with a bunch of existing names - www, mail, etc. We just need to add one more (outbound) and tie it to the ip address of their outbound mail server. I don't want to take over their entire domain. Rather than updating /etc/hosts on a bunch of customer mail servers, their dns server just zone transfers the rpz zone using notify/ixfr. And many times, their error is in an incorrect or missing PTR record, so /etc/hosts does not help there. I have many other cases where we do take over the entire domain, like princetonprivacystudy.orgA 127.0.0.2 *.princetonprivacystudy.org A 127.0.0.2 which makes any host name like abc.princetonprivacystudy.org appear to be listed on Zen. But this is one rpz file to maintain, rather than adding a few hundred zones to the dns servers. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYjznjBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsE8PwCeJRLLeGhQE9E51mreW3Yuq2g0Ig0A n29Nl0oy3X0503WD3h9Udg1rEBoW =DwNb -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can an RPZ record be used for a non-existed domain?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2022-03-24 at 16:48 +0100, Benny Pedersen wrote: > > Is it possible to add records for non-existing domains to the RPZ? I think so. > what is the point ? Presumably to create those domains locally. Of course the rest of the world won't see them. For example, I have some clients using a sendmail milter, which for some users requires matching forward/reverse dns. And there are some senders that just cannot seem to get that right. So we add 1.0.0.127.in-addr.arpaPTR outbound.example.com. outbound.example.com A 127.0.0.1 to force matching forward/reverse dns. But that creates the name outbound.example.com locally, where that name does not exist in the global name space. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYjyVrRUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEu8ACfWgB0gXmrfZrsLrZ2+3b/K+PYgDkA n18rhjSH1nRnxXepbbttXLr03FZS =mTOI -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.24
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYbpI/RUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsH6jACfd9vy+ex9uo4AFwXor8udHbE6h/AA njcgw5yiMORKWkVH15W7c7wEFlX4 =jY6P -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.23
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYZhCGhUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHbYQCgid1Ciok51XJZH5iXU026RdyJ1A0A oIcdWGTIn2d32PvHhK0gFlHgF/tR =/jph -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.22
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYXroixUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFq3QCfX8vJV6bueied+o0bwoS3Lk40n8gA n3JeOfVuP5BGPdrOld/FEssC11s9 =5vzM -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: force nameserver(bind) information exchanges with clients via tcp only
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2021-09-30 at 16:30 -0700, Fred Morris wrote: > https://github.com/m3047/tcp_only_forwarder So what exactly are the media devices doing to screw up dns resolution between the osx laptop and the local dns server? -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYVZWKBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsF72ACeKnKQUwq352DRaLSohoHlYNaYi80A ni0Ezvujqf9nhjDAgAHWuZb6pdiD =HipY -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.20
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYR1U5hUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHJlwCfencOcQ8pivhwufl3V5F6afdxk7AA n0l2RJtAx5af4H1lTm+4lbFWLgvJ =uYyp -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.18
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYNJIrRUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHxJgCgiT4kA7jfLZ0IPF7qtgLKAjGXNDQA n06lFr9x466DnE+E003Skl+LlZO7 =uHhm -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.17
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYMqYhBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEYgACeJssST9z3XssglZ/g9sgb0f0ixYwA njPtvTLlYWMCjd0NQA3Ruk9Bnse6 =He28 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Any interest in a write-up showing how to configure BIND 9.17x with DoH and LetsEncrypt?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, 2021-05-30 at 15:24 +, Richard T.A. Neal wrote: > Is there any interest in me writing this up as a web article, or has > everyone who's interested in DoH already got it running comfortably in > their test environment? I am interested. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYLOyzxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFMfACfcs9Ovcyvw6sHjmwz1wHuf9gPXzgA oIo0M0HeOogH88oih5+8Edv7TVGI =BvAs -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.16
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYK0cMxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHgOACdHD/vT82dCiVETeHyb7oyxxZ9LxYA oIIUlyYU+9yuFtQKjNd0SKI1Ljej =Tugz -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Preventing a particular type of nameserver abuse
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2021-04-14 at 12:58 -0400, Paul Kosinski via bind-users wrote: > Interesting, although we host different domains, in and from different > geographic areas, we got the same queries as yours on the same day, > with some at about the same time (we're EDT). > 13-Apr-2021 02:19:58.468 security: info: client 76.20.145.58#3074 > (sl): query (cache) 'sl/ANY/IN' denied > 13-Apr-2021 02:19:58.638 security: info: client 76.20.145.58#3074 > (sl): query (cache) 'sl/ANY/IN' denied These times are PDT (-0700) Apr 12 23:18:13 ns named[5091]: client @0x7fda540105b8 76.20.145.58#3074 (sl): view normal: query (cache) 'sl/ANY/IN' denied Apr 12 23:18:13 ns named[5091]: client @0x7fda540105b8 76.20.145.58#3074 (sl): view normal: query (cache) 'sl/ANY/IN' denied Apr 12 23:19:15 ns named[5091]: client @0x7fda540105b8 76.20.145.58#3074 (sl): view normal: query (cache) 'sl/ANY/IN' denied So either 76.20.145.58, or someone forging that source ip, made queries to servers in (+), (-0400), and (-0700) at the same time. Malware running on 76.20.145.58 is one explanation. Would the REFUSED replies carry enough information from the original query to be used as a covert communication channel into something listening on 76.20.145.58? vpn over dns query-refused replies? That seems a bit far-fetched. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYHcqsRUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEvgACgh6muAlNI6qk99Rd9sLaSp29IESQA njJo7E3ajD0Yw/ja7VOStNhgkxDd =tlQQ -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: FW: Preventing a particular type of nameserver abuse
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2021-04-13 at 22:42 +, Richard T.A. Neal wrote: > Yes, another individual & I were discussing this off-list today. We > wonder if those queries are from malware on infected hosts that are > trying to determine whether a given nameserver can be used in a > distributed reflection attack? The source IP is not spoofed (because > it wants to get the answer), so if it gets either "refused" or a > timeout then it knows that nameserver can't be used in the reflection > attack. But if it gets a response with data then it knows it *can* be > used in the reflection attack. That makes sense, but in that case the malware is badly written (what a surprise). In 28 hours a single dns server here saw 1182 such queries from 80.2.150.110 = cpc99574-brnt1-2-0-cust621.4-2.cable.virginm.net. I am now using the equivalent of fail2ban to firewall those clients. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYHY0yhUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEkYwCfT3lTQO8NIdgSkMvAS03QmrnixiUA n0IYWwS3qImFMByQzfUbWhK1v850 =D55z -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Preventing a particular type of nameserver abuse
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2021-04-13 at 22:32 +0200, Julien Salort wrote: > Reading this thread, I considered simply enabling the fail2ban > named-refused jail, but they advise against it because it would end > up > blocking the victim rather than the attacker. In the particular case of the .sl denied queries, I don't think these are forged queries from the attack victim. Something else is going on here. We see queries from systems like these, almost exclusively consumer endpoints: 142-197-133-231.res.spectrum.com. mta-162-154-195-235.kya.rr.com. mobile-166-173-63-176.mycingular.net. prg03s05-in-f193.1e100.net. prg03s05-in-f1.1e100.net. pool-173-79-59-79.washdc.fios.verizon.net. 174-30-51-96.wrbg.centurylink.net. c-174-53-75-253.hsd1.va.comcast.net. 174-081-062-250.res.spectrum.com. cpe-174-106-58-62.ec.res.rr.com. 192.sub-174-214-12.myvzw.com. stop-looking-at-drifteds-ip.gov. 252.243.53.179.d.dyn.claro.net.do. ip184-186-26-40.no.no.cox.net. dsl-187-193-200-41-dyn.prod-infinitum.com.mx. dsl-189-178-58-206-dyn.prod-infinitum.com.mx. customer-189-216-112-75.cablevision.net.mx. 189.223.57.66.dsl.dyn.telnor.net. 212-149-157-12.rev.dnaip.fi. It seems unlikely that someone is trying to attack those specific endpoints. Unless the attack is *very* widely distributed and they are actually attacking the ISP infrastructure. But in that case, this seems to be a simultaneous attack on almost every major ISP, which I find unlikely. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYHYHGhUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsG2xwCeNRKi5df2TdmaWyJQJhGCraf1UIoA n0zp1wmsrlc9yeDc/wXJCy8xBToC =Ir5g -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: 9.16.13 overwrote master files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Issue #2623 opened at gitlab. It appears to be tied to attempts to use the old journal format: zone local/IN/normal: retried using old journal format -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYHM0bhUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFhLACgicNwiEmrZonfJpM70v1NfHL1BVQA n2VuDBTqHCPKtGhZlRpMHPkUkN0H =kr0W -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: 9.16.13 overwrote master files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2021-03-30 at 15:45 +1100, Mark Andrews wrote: > can you add a "#" in front of "dnssec-policy" in bin/named/config.c > and see how that goes for you. That will comment out the default > 'dnssec-policy "none";'. I have not been able to reproduce this in a disposable centos 8 VM, using the same /etc/named.conf and /var/named contents from the production server. If I cannot make that work, I will try reproducing the error on the production server tomorrow. Once I get a reproducible scenario, I will try your above patch. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYGOI7xUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHU1QCgi6yeu2Yls19f/406zWLIoqo3/QMA nA4PFkv1wnI089pW+VFch454UoLg =hTUy -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
9.16.12 tries to read keys that it does not need?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 dns_dnssec_findmatchingkeys: error reading key file Kfive-ten- sg.com.+008+39376.private: permission denied Those key files are 0600 root:root. Bind should never need to read them since we are not doing in-line signing or key rotation within bind. That is just a log message - it does not seem to have any operational impact. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYGIZYBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEBoQCcD5Ohlvnf9NnLKLX7VRZKelM62akA n03DV9O+59R6CBUMlQz/0qdeyj8p =yFia -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: 9.16.13 overwrote master files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2021-03-29 at 12:54 +1100, Mark Andrews wrote: > What do you have in options? options { directory "/var/named"; allow-recursion { "friends"; }; dnssec-enable yes; dnssec-validation auto; bindkeys-file "/etc/named.bind.keys"; managed-keys-directory "/var/named/dynamic"; listen-on-v6 {any;}; ixfr-from-differences yes; max-journal-size 2m; notify yes; response-policy { zone "rpz.five-ten-sg.com";} qname-wait-recurse no; rate-limit { responses-per-second 500; errors-per-second50; nxdomains-per-second 500; qps-scale4000; exempt-clients { "friends"; }; }; max-recursion-queries 200; qname-minimization disabled; fetches-per-server 50; fetches-per-zone 50; server-id hostname; }; This is on Centos 8. I will setup a VM tomorrow for more testing on this. For now, reverted back to 9.16.12. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYGFRRxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFm/wCbBpzr/W/QdtUMG0hhstYcI1wpsBcA nRdv220ju0R0IIEgbLzfbXs8CjHX =+zDb -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
9.16.13 overwrote master files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I just updated from 9.16.12 to 9.16.13. zone "naturediscovery.org" { type master; file "named.naturediscovery.org"; }; 9.16.13 has overwritten the master file with the current zone contents, replacing the $INCLUDE statements with the contents of the included files. Is there some new config item to prevent this? -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYF+vMBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHjeQCfRQ9MOrPma6hoUpYycgb3zbTSVhUA n3GNG6lyTPbYZ4W2w8EVPrL7Ltra =5yyq -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.12
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYC6iThUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEOPACeLKD93PvGTa9ojIpjKJlZrnZdnUgA n0u6PUCxG79+jdCf/R2r2KQF/MFV =Dua7 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX9uRhRUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFpFACcD0YoVAshJ4tYIyOsjw3F1pwfmfcA nj9HeeYhGiwSy83yvWaPnrnqKn0g =M9z3 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.9
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX8APLhUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEA5gCfSJPL0ftRp+JlrMN4ppqBjWuyRV0A n18rY/9MAnQikEpvgEcfj3tbiP/M =dx29 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. Thanks to Espen Stefansen for spec updates, this should work on EL8 systems with ipa-client. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX5NsARUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsGoVwCfaoGeu4CdeRDC54nUndo7Z2AYv9wA n0P5tcKNUlUZmWX5WuguWkX6iqjD =H3Kf -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX2ToIhUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFmPQCghTw5xsvqr08dX5zn1/OemSQTVx0A nRaFiXPCbgfvwoWvH4suYP46v3kK =4xwB -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Do not cache certain domains
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2020-09-10 at 15:35 +0100, Ben Lavender wrote: > Anyone think they may know the answer to this? With the cooperation of the "certain domains" master servers, just slave the zones. The masters should be configured to send you notify messages on zone changes, so you always have the current authoritative contents. Of course, if you are trying to avoid caching google.com, that won't work. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX1o/ehUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFijgCeP/0k4923K9ha21b8SfFardvTYJYA njg5U3NImciTSJEZn1eMzsgtNuAY =4J6o -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: RHEL, Centos, Fedora rpm 9.16.6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2020-08-20 at 12:20 -0700, PGNet Dev wrote: > Are they otherwise unrelated? Mine are intended as an in-place replacement/update from the bind versions in RHEL/Centos 7 and 8. The same file layout, etc. This is as close as I can come to a hypothetical RHEL release of bind 9.16. I believe the ISC versions install into a different path to avoid clobbering the RHEL bind version. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX1LJChUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsGs9QCfbLu97Z5dhUORW2BdBcVt0K47cLsA nR3f6SHCRdnvSlRKknq7fKxoCu/J =MyMD -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Response Policy Zone: disabling "leaking" of lookups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2020-09-02 at 17:47 -0700, Fred Morris wrote: > how do I disable the (useless) resolution directed at upstream > servers? Isn't that just "qname-wait-recurse no;" -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX1BhpBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFe7gCfVN8JVwC8eQ5RExIYVJkOVf3Ywc4A n1pCBkinzCzqBH9IYlXfp5sNeNh1 =Zfin -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rpmbuild problem with 9.11.22 on Centos
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sat, 2020-08-29 at 19:06 +0100, Matthew Richardson wrote: > My guess (which may be wrong) is that something is wrong with the > line:- > %set_build_flags > in bind.spec. It looks like isc is depending on some rpm macros from epel yum install epel-rpm-macros -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCX0rARxUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsG3fACaA5uiRIRN5AU9Gpql+s4wcUqP9h0A n0Gv0z5a0GzUaV3/VEz9REtAOCSo =TQ+p -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXz7EtRUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsHXUwCffZxEKWp/Ssbw7cXJaBUPbmFvN6IA n27w8NdQ1K5MP3Y3lngDGTadE2N0 =KeXf -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXxiM4BUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsFMXACfRQPFj8FFws3T9jMtu8gAyvLbpgsA nAkTIEwuyRmsO1P+EVbuWL3E5nvL =Pvxd -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. geoip support is not available, since geoip2 is not available in the epel repositories. libuv is in the EL7 epel repository; for EL6 a link is included to a source rpm. SELinux needs a custom policy, link included. This also fixes the issue with running bind on a machine in enforcing mode under KVM. -BEGIN PGP SIGNATURE- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCXup3TRUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsGCwgCdFn4mIAyiGjV2bQP57V3Dpg4GdFkA n2gGvoSmrF214K0ckA7nqwnLO/bk =TITQ -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
9.16.3 make tests on centos 8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Trying to build on centos 8, all the tests except one pass. I get a failure in bin/tests/system/runtime/tests.sh I:runtime:checking that named logs an ellipsis when the command line is larger than 8k bytes (13) I:runtime:verifying that named switches UID (14) I:runtime:failed I:runtime:stopping servers Ignoring that, the resulting binary seems to run properly. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl7UFVoACgkQL6j7milTFsGlBgCeLdUaqE0wFBTaY23kmy2S3qJK bpcAn1rvKZ3B57CATYcPh7fZjYW0j2vm =D8F/ -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. geoip support is not available, since geoip2 is not available in the epel repositories. libuv is in the EL7 epel repository; for EL6 a link is included to a source rpm. SELinux needs a custom policy, link included. This also fixes the issue with running bind on a machine in enforcing mode under KVM. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl7EHicACgkQL6j7milTFsHbZACeLr0tA1Gr4i2/LNhMkRpw0Swj tyAAnjZbfku4d2rt81c2IZC45W/0FTLX =Qnja -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.16.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. geoip support is not available, since geoip2 is not available in the epel repositories. libuv is in the EL7 epel repository; for EL6 a link is included to a source rpm. SELinux needs a custom policy, link included. This also fixes the issue with running bind on a machine in enforcing mode under KVM. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl6h854ACgkQL6j7milTFsGK5ACfQWX+wNpzHH4u6JNHh51xXkSe QOUAn3jU9gvZMrztcO57agdTYB84sOJp =fw26 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: NAT and Question Section Mismatch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2020-04-21 at 14:08 -0400, John Wiles wrote: ;; ;; Question section mismatch: got 17.1.1.10.in-addr.arpa/PTR/IN tcpdump is your friend. Dump the outgoing packets from your home connection to see exactly what you are sending for: dig 3.32.162.72.in-addr.arpa ptr @72.162.32.4 +nodnssec +norecur Dump the incoming packets at your dns server to see what it is receiving for that command. Any differences are probably generated by the cisco. Dump the outgoing packets from your dns server, and the incoming packets at your home connection also. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl6fcKwACgkQL6j7milTFsHWLACffvw6WJlQecTYmUWQ0al6szXu GncAn05uTakguddRQfrb3QlhMdhVl2gB =hUGI -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind 9.16.2 on centos6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, 2020-04-19 at 09:07 +0200, Ondrej Sury wrote: > I would suggest starting with vanilla libuv from sources, or at least > review the patches the RPM applies on top of the RPM. There are none. That rpm is just a wrapper around the stock autoconf/automake stuff. > Also please be aware of https://gitlab.isc.org/isc- > projects/bind9/-/blob/v9_16/PLATFORMS.md I should have been more specific - when I said that Centos6 is still supported, I meant supported by Centos, not necessarily by ISC. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl6ceawACgkQL6j7milTFsFUzQCggH9/2MypmkUS1ZIpnbfaE85D ayQAn0dRzHOeNqgwAfKiTdfoWvYLbPo1 =pKY4 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind 9.16.2 on centos6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > Is this the same issue previously reported against 9.16.1? That was > apparently resolved by downgrading to libuv 1.35. In my case, I can > try > to upgrade to 1.35. Nope, libuv 1.35.0 does not change the crash. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl6bdZAACgkQL6j7milTFsFmnwCfZC0IxRYScs3qNSxDJ67q31qH 8n4AnRUFgWKhTeachVnl/yihhaz+sm6v =Qnan -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
bind 9.16.2 on centos6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Centos6, although old, is still supported, so it would be nice to get 9.16.2 running on that. This is my first attempt at building 9.16.x. I pulled the libuv source rpm from Centos7, made some minor changes to the spec file, and built libuv 1.34.0. Using that, bind 9.16.2 builds to an rpm and installs, but crashes on startup. (gdb) bt #0 0x0033772324f5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x003377233cd5 in abort () at abort.c:92 #2 0x7f2f5fba9cc4 in uv_async_send () from /usr/lib64/libuv.so.1 #3 0x7f2f5fdf6329 in isc_nm_pause (mgr=0x7f2f5f945010) at netmgr.c:322 #4 0x7f2f5fe06e07 in isc_task_beginexclusive (task0=) at task.c:1662 #5 0x0043613f in load_configuration ( filename=0x7f2f59eac770 "\030\307\060O/\177", server=0x7f2f5c0a8010, first_time=true) at ./server.c:8309 #6 0x0043a27d in run_server (task=, event=0x0) at ./server.c:9660 #7 0x7f2f5fe07b21 in dispatch (queuep=) at task.c:1152 #8 run (queuep=) at task.c:1344 #9 0x003c18807aa1 in start_thread (arg=0x7f2f59ead700) at pthread_create.c:301 #10 0x0033772e8c4d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 Is this the same issue previously reported against 9.16.1? That was apparently resolved by downgrading to libuv 1.35. In my case, I can try to upgrade to 1.35. The test in configure.ac in the bind source checks that the version of libuv is >= 1.0.0. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl6bZrgACgkQL6j7milTFsFDTQCfUw2AaohJDFUN1NljCf6RDs1X 6QsAn3Dh+4VK1t+k2f7mO/cNjPM+fvL9 =Ilbj -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Slow recursive query performance on Windows x64
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, 2020-01-19 at 21:54 -0500, Steve Farr via bind-users wrote: > Does anyone know of a functionality that replaced the now-obsolete > filter--on-v4? plugin query "filter-.so" { filter--on-v4 yes; }; -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl4lII0ACgkQL6j7milTFsEkNgCcDPjGp5r6X7wvC0MJUcW5rFUz V4sAn2WL6OOPWwGUyKpMyWo27+5hphqx =MrO2 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.14.8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl3VnVMACgkQL6j7milTFsGv4ACfZBdGLuzuSS+5n1+yU4XGlH3u HzYAnRN+vZ/lMhKo8b0bCp9ghAmjOyR2 =pK5T -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.14.7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl2qWNcACgkQL6j7milTFsF8BwCfYQAStqPziT2iCMWxyquxo/3n ezQAnjbs9g6x7f60lmg1lD79dHvkO16Q =Yg4K -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.14.6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl2Q8rYACgkQL6j7milTFsHbqQCfW4iTTxaJUcvuRphFj5ALnctC fjcAniCHtMwZSrTSbGExD4FklCgV2mG3 =+eHj -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: SERVFAIL when looking up TXT from particular domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2019-06-26 at 13:16 +, Dennis via bind-users wrote: > dig TXT cleanmail4.capgeminioutsourcing.nl @localhost dig TXT cleanmail4.capgeminioutsourcing.nl +nodnssec @ns1.capgeminioutsourcing.nl. ;; MSG SIZE rcvd: 124 dig TXT cleanmail4.capgeminioutsourcing.nl +dnssec @ns1.capgeminioutsourcing.nl. ;; MSG SIZE rcvd: 4931 Check your ability to receive fragmented ip packets. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl0UGRIACgkQL6j7milTFsFh1gCfcny3HFKDxUH8p9bxF6vVeSZm 0rIAn3rUK0pCmDeQeStpakHQaldlvoN8 =cOJV -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.14.3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAl0KrX8ACgkQL6j7milTFsFuyQCfZyov2lJnPYxKngKucU8eNw+z 1R4AnjS5lxvECD+d2FeHrgdjuvIyZmYx =ZJAX -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [External] Re: Request assistance configuring RPZ
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2019-05-29 at 09:05 -0400, David Bank wrote: > Re-reading the ARM, it seemed to me that I needed to add a After adding the zone and the response-policy statement to named.conf, I presume you did: rndc reconfig To test that you can: dig rpz.internal.local axfr @zurg That should dump the rpz zone, and verify that zurg is serving it. The response-policy should be in the global options. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlzuk4QACgkQL6j7milTFsEtgQCaA2gk7mvDO9jWYlAGTm+soYty aEcAn1L7goSEfLdCIBIChF8wklA4MRFA =q+pb -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: [External] Re: Request assistance configuring RPZ
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2019-05-28 at 13:13 -0400, David Bank wrote: > Perhaps I'm missing something, but I don't see how to make zurg reply > with 192.168/16 IPs for andy and sid, but correctly resolve the rest > of *.internal.local On zurg, add a new dns zone rpz.ncdot.gov $TTL 3600 rpz.ncdot.gov. IN SOA localhost. root.localhost. ( 2019052800 ; serial 3H ; refresh 1H ; retry 1W ; expiry 1H) ; minimum IN NS localhost. andy.internal.local IN A 192.168.10.10 sid.internal.local IN A 192.168.20.20 === Then in named.conf on zurg, add: === response-policy { zone "rpz.ncdot.gov";} qname-wait-recurse no; === On zurg, all other names in internal.local will get the normal processing, with answers via buzz. But when someone uses zurg to lookup andy.internal.local, it will reply with 192.168.10.10 without even asking buzz. An alternative rpz mechanism it to allow zurg to query buzz, and then have rpz rewrite the 10/8 address into 192.168/16. But if you have multiple names that map to the same 10/8 address, and you only want some of those names to resolve to 192.168/16, you will need to use the above mechanism, which I think is simpler anyway. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlzt+e4ACgkQL6j7milTFsGjuQCbBsxNHh26aEGfhXzh4muEFcyN a/UAn1w2mEs6WrUVjZ2oMMHA4MmDw+Fi =D5Yv -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.11.6-P1 build fails on Solaris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2019-04-26 at 10:41 +1000, Nick Edwards wrote: > lots of things failing in recent times, even with CentOS, mostly > because of openssl min version changes, and most recently even latest > releases wont build now because of a change in min python versions > *sigh*, i'm just going to leave it as is, thats all we can do. On centos, you might try https://www.five-ten-sg.com/mapper/bind -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlzJ9CoACgkQL6j7milTFsE83gCff5EeY09QUCkVYhODAvMRtY8g R0AAoIlzg8ejExYucdtPZoUcuMJUrGJR =pjpX -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
bind 9.14.1 qname-minimization
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The default for the qname-minimization option is relaxed, but with that, we cannot resolve the PTR for 142.136.234.134. dig -x 142.136.234.134 @localhost ; <<>> DiG 9.14.1 <<>> -x 142.136.234.134 @localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25604 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 19827bd99b1c2e4c9b3031d25cc38cd99291547909a1072a (good) ;; QUESTION SECTION: ;134.234.136.142.in-addr.arpa. IN PTR But a dig+trace works: dig -x 142.136.234.134 +trace 136.142.in-addr.arpa. 86400 IN NS ns1.twcable.com. 136.142.in-addr.arpa. 86400 IN NS ns2.twcable.com. 136.142.in-addr.arpa. 10800 IN NSEC137.142.in-addr.arpa. NS RRSIG NSEC 136.142.in-addr.arpa. 10800 IN RRSIG NSEC 5 4 10800 20190510203932 20190426193932 3402 142.in-addr.arpa. VYmReUU/xtnUrJnsiSpl+HUeHfAsbG9YyOMFz9bkvKkY7R/N2MmJbC0j 5eWk+S31Iyqj7tvTxYRXZHWUNLDhr87PeW+5IF0noETb3CRrjX9vC3ef NFyTR0K6Hz7Kd6fmc8qJJj0o9xthqZkdN2ugpoOzFi/AmswNKHo+Spmt GAM= ;; Received 322 bytes from 193.0.9.10#53(arin.authdns.ripe.net) in 138 ms 134.234.136.142.in-addr.arpa. 14400 IN PTR nce.mail.chartercom.com. 234.136.142.in-addr.arpa. 500 IN NS cdp-wn-tm-5-01.inf.twcable.com. ;; Received 135 bytes from 165.237.86.252#53(ns1.twcable.com) in 78 ms If we switch to qname-minimization disabled, we can resolve that: dig -x 142.136.234.134 @localhost ; <<>> DiG 9.14.1 <<>> -x 142.136.234.134 @localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27045 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: e576889a026393635adb613d5cc38d31b91f6bc06bca426d (good) ;; QUESTION SECTION: ;134.234.136.142.in-addr.arpa. IN PTR ;; ANSWER SECTION: 134.234.136.142.in-addr.arpa. 14400 IN PTR nce.mail.chartercom.com. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlzDjboACgkQL6j7milTFsEhjQCcCRniXDQZhyx/vXKnGplb5Qdw EW8Ani7w4bbl7Eq8nSxFF9fWyu9JKd+T =HJMK -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.14.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlzA/HQACgkQL6j7milTFsG5CgCfROG2P4f8SbtEA8GUWC6cv3rs zHAAn0vlcuF/cnCCITE7L58MM1vzsHLI =TlZp -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
9.14.0 filter-aaaa
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 view "normal" { plugin query "filter-.so" { filter--on-v4 yes; filter- { "brokenv6"; }; }; named-checkconf likes that, but named gets a segfault in filter-.so. Anyone using filter-.so in a working configuation? The log shows: Apr 14 17:15:18 ns named[29299]: mem.c:1795: INSIST(mpctx->allocated > 0) failed, back trace The backtrace in the log does not have debug info, but the Centos abort handler shows a bit more detail: libns.so(ns_query_start) -> libns.so -> libns.so -> filter-.so -> libisc.so(isc__mempool_put) -> libisc.so -> libc.so(abort) Anything obvious that I am doing incorrectly, before I rebuild this with debug symbols? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlyz0CQACgkQL6j7milTFsGgVQCffDMNYDku0nbB+nCRfVf53g9n kgUAn0Mw7wlNPODkp408l2VQCeoSeN0S =m1el -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.12.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlx0X4IACgkQL6j7milTFsGukwCfRSD9xFL5WHo0bZYi+6aOHBYY ZpoAnRKtRH72BxwO7rZS9Kc9se4muuNh =mDEd -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.12.3-P4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlx0X4IACgkQL6j7milTFsGukwCfRSD9xFL5WHo0bZYi+6aOHBYY ZpoAnRKtRH72BxwO7rZS9Kc9se4muuNh =mDEd -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dig @ipv6-address
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2018-11-29 at 15:26 -0500, Barry Margolin wrote: > But it also seems like it's using its own form of abbreviation, since > there aren't 8 hex fields before that. "man netstat" on centos6 -T --notrim Stop trimming long addresses. "man netstat" on centos7 --wide , -W Do not truncate IP addresses by using output as wide as needed. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlwAUNwACgkQL6j7milTFsH7dgCfe24daCifc5U3tykASPhIDldN /bgAn0uDW0ZXzMbMD6ikOxbFOeEbjRez =Pg10 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.12.2-P2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEUEAREKAAYFAlujy2cACgkQL6j7milTFsG/FgCXXEW71A92n5oOeMXP+K1F9kAt /wCbBG9PNwwkNXKFK0p9C7dfgASOCJg= =Me9e -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Frequent timeout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2018-09-11 at 14:19 -0400, Alex wrote: > This is when our 20mbs cable upstream link was saturated and resulted > in DNS query timeout errors. resulting in these SERVFAIL messages. Not specific to dns, but this looks like a bufferbloat problem, which is common with cable modems. When the upstream link is saturated, the buffers in the interface device (cable modem or possibly a standalone router) become full. If there is a lot of buffer space, the latency becomes very large, and that will cause many problems, including issues with dns. A partial fix is to prioritize small packets like dns queries and tcp acks, so they don't wait behind a large queue of full size packets. A more complete fix is switching to fq-codel queue discipline. google for bufferbloat for more details. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAluYDHMACgkQL6j7milTFsEqXwCffaR+fwcqpoEHPisw86Q49+Kw o0cAn0Q5LV1FXk2r1fiTqYZIlsa9xH3s =yp3H -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: [BIND] RE: KSK Rollover
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2018-09-06 at 20:58 +, Brent Swingle wrote: > I left all of the permissions the same and I think they should be > lenient enough: > [root@ns3 named]# ls -lh named.secroots > -rw-rw-rw-. 1 named named 0 Sep 6 13:52 named.secroots Does the 'named' user have write access to /var/named? The default redhat setup has /var/named as 0750, with /var/named/data as 0770. Also, the default redhat selinux config prevents named writing to /var/named. chmod 770 /var/named setsebool -P named_write_master_zones=true rndc secroots -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAluRnR8ACgkQL6j7milTFsF2FgCfSt7RIVrO8lK8izQlNn9TadPp F58Anj81TEmtg34Cpjhh3DqMWEQFUCxA =NwIr -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Frequent timeout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, 2018-09-02 at 21:54 -0400, Alex wrote: > Do you have any other ideas on how I can isolate this problem? Run tcpdump on the external ethernet connection. tcpdump -s0 -vv -i %s -nn -w /tmp/outputfile udp dst port domain -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAluNZQ0ACgkQL6j7milTFsHM0QCfTT9yW9h1IyxI2esJxg5DA3Oh 2XIAn2Td8+gFoNYspGlup+kwHCd0irlV =0+d4 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Frequent timeout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sat, 2018-09-01 at 23:45 -0400, Alex wrote: > (71.161.85.209.hostkarma.junkemailfilter.com): query failed (SERVFAIL) > (71.161.85.209.bl.score.senderscore.com): query failed (SERVFAIL) > When trying to resolve any of these manually, it just returns > NXDOMAIN. What does dig -4 71.161.85.209.hostkarma.junkemailfilter.com +trace +nodnssec show, and it is consistently NXDOMAIN? That ends here with: 71.161.85.209.hostkarma.junkemailfilter.com. 2100 IN A 127.0.0.3 71.161.85.209.hostkarma.junkemailfilter.com. 2100 IN A 127.0.1.1 ;; Received 93 bytes from 184.105.182.249#53(rbl1.junkemailfilter.com) in 20 ms > I also isolated a packet with the "server failure" information, but > I'm unable to figure out what the data means. Would someone be > interested in evaluating it for me? It's a 146-byte pcap file. > https://drive.google.com/open?id=1Ui893Lg61psZCR8I_9SJtNqs-Sil_br That is just the reply from bind to some other process running on the same machine, reporting the server failure. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAluMefIACgkQL6j7milTFsETsgCgiUbEZtaS2BnRHP4VPh4ycfhF UvwAnitRg/6OCRXvZsj9EJTygjol7M+u =2DAt -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Frequent timeout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2018-08-31 at 17:18 -0400, Alex wrote: > ../../../lib/dns/resolver.c:3927 for support.coxbusiness.com/A in After 4 seconds, I get SERVFAIL on that name. > ../../../lib/dns/resolver.c:3927 for dell.ns.cloudflare.com/A in That name resolves here very quickly. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAluLV+AACgkQL6j7milTFsGAhwCfYmXS+l5XK0dl8oMDniz/eVIn MXcAn0Com++6PPkec7Cb7GS6qvBjai8b =AnFC -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: SRV record not working
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2018-08-17 at 12:27 -0500, Thomas Strike wrote: > I need a 2nd pair of eyes on this one. Works for me. dig _minecraft._tcp.skyblock.mc-game.us srv ;; ANSWER SECTION: _minecraft._tcp.skyblock.mc-game.us. 300 IN SRV 0 5 25567 skyblock.mc- game.us. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlt3CPAACgkQL6j7milTFsHoywCfRQIVqUZnycWdYGdRupaSEWiU ZlsAn18No1vPczhoAURmolzbt3Z+I7PU =EQx5 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Need help on RPZ sever, bit urgent
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2018-08-10 at 13:17 +0530, Blason R wrote: > Nah I dont think that is the answer since you need a termination after > clause. Did you actually try the answer below? > On Fri, Aug 10, 2018 at 12:58 PM Vadim Pavlov wrote: > Should be: > response-policy {zone "whitelist.allow" policy passthru; > zone "malware.trap"; > zone "ransomwareips.block"; > } qname-wait-recurse no break-dnssec no; -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAltt65oACgkQL6j7milTFsF1fgCfYX/B4MaSrPqmoskfYvFAUQVV YfcAn2NO474pn6agGUmjjR49eq4+sw4Y =VwoG -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.12.2-P1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAltrXDoACgkQL6j7milTFsFHjwCeIIzxI2y9ih+Y7rJ2diq75m5Y 6uUAn13zQVUd1rFlT0b3UtFj/auFYp22 =SuIf -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Dropping queries from some well-known ports
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2018-08-03 at 20:00 +0200, Petr Mensik wrote: > 1. > https://gitlab.isc.org/isc- > projects/bind9/commit/05d32f6b0f6590ca22136b753309f070ce769000 If I am reading the code correctly, that commit implies that building bind with -DNS_CLIENT_DROPPORT=0 will disable that feature. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAltko7UACgkQL6j7milTFsHUtACfUT6pSUq0TIoHpQI6mN3LFGqv EGIAn2FZ/8xVzcI3Ewg/Latryo0Vxq05 =/+BG -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.12.1-P2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlr/TNkACgkQL6j7milTFsHqPQCfVCKLfx5wzLjm+UkCkJx2C6f1 AkwAnikf8H/hDq+yQJL+oVfoaQ3C9ffX =il2P -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Fwd: Facing weird issue with DNS-RPZ
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2018-04-25 at 19:30 +0530, Blason R wrote: > I tried that couple of times on CentOS and it fails :(. http://www.five-ten-sg.com/mapper/bind I just updated the instructions. It looks like the built-in tests (that are normally run as part of the build) require some IPv6. If you disabled IPv6, you should be able to build with "--define 'test 0'" Was there any other failure? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlrgzpYACgkQL6j7milTFsGMiQCgijHwoOI9VMhatAhuI/sOarmy izcAoIssuYMdqgGbsTit5crgq8SrKSWf =jvJE -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Fwd: Facing weird issue with DNS-RPZ
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2018-04-25 at 19:30 +0530, Blason R wrote: > I tried that couple of times on CentOS and it fails :(. http://www.five-ten-sg.com/mapper/bind I just updated the instructions. It looks like the built-in tests (that are normally run as part of the build) require some IPv6. If you disabled IPv6, you should be able to build with "--define 'test 0'" Was there any other failure? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlrgzpYACgkQL6j7milTFsGMiQCgijHwoOI9VMhatAhuI/sOarmy izcAoIssuYMdqgGbsTit5crgq8SrKSWf =jvJE -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2018-04-11 at 21:06 +, praveen via bind-users wrote: > Is an "A" record mandatory entry for top-level domain (zone) when > using DNSSEC, DKIM, SPF and DMARC configuration? No. I have zones with all of that, with no A record at the apex, and have not seen any interoperability problems. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlrOfYMACgkQL6j7milTFsEX3wCdEPzfLvv+AD7ya88VNZg9cfDk OJEAn3mmxOfAeW/AfJeyND5V2LoYj3dO =DF0y -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: EDNS, 9.12 and archives.gov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2018-04-11 at 11:28 -0700, Mark Boolootian wrote: > I'm wondering if anyone from this august group > can clue me in to how I might config around this > issue for the archives.gov servers (assuming that > is possible). // 9-11commission.gov. servers that don't understand edns options // dns-ad...@qwestip.net. // dig 9-11commission.gov. ns @63.150.72.5 +norecur +cookie // dig 9-11commission.gov. ns @63.150.72.5 +norecur +nocookie server 63.150.72.5 { send-cookie no; }; // 9-11commission.gov. servers that don't understand edns options // dns-ad...@qwestip.net. // dig 9-11commission.gov. ns @208.44.130.121 +norecur +cookie // dig 9-11commission.gov. ns @208.44.130.121 +norecur +nocookie server 208.44.130.121 { send-cookie no; }; // 9-11commission.gov. servers that don't understand edns options // dns-ad...@qwestip.net. // dig 9-11commission.gov. ns @2001:428::7 +norecur +cookie // dig 9-11commission.gov. ns @2001:428::7 +norecur +nocookie server 2001:428::7 { send-cookie no; }; // 9-11commission.gov. servers that don't understand edns options // dns-ad...@qwestip.net. // dig 9-11commission.gov. ns @2001:428::8 +norecur +cookie // dig 9-11commission.gov. ns @2001:428::8 +norecur +nocookie server 2001:428::8 { send-cookie no; }; -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlrOV5kACgkQL6j7milTFsHwXgCdGtc+HMAMopcL3OpGQDGkOFML WdgAoIAGfex0ROijOL0cHU3TfyJ2qB7J =AIXG -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.12.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlpx93oACgkQL6j7milTFsGfCACeLvDHoWvmTAGe28j/C7tIw99n eu4AoIN8klyuHs7cUaBFxXyTa9Kh61Ce =+St/ -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.11.2-P1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlnS18UACgkQL6j7milTFsGZfgCbBIUaYjY+AbTUz6X6xHJN4m1M tXgAniEvP2Nd/1IW+PBUXRSnJq716Whe =ILkA -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: head scratcher: nsupdate, Bind views, and TLSA record updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2017-10-31 at 17:16 -0700, Kevin via bind-users wrote: > $ dig TLSA _25._tcp.mail.thesandiegos.com @75.149.33.153 +dnssec > +short > > I'm really at a loss as to what's going on inside of Bind. dig TLSA _25._tcp.mail.thesandiegos.com @75.149.33.153 ;; AUTHORITY SECTION: _tcp.mail.thesandiegos.com. 3600 IN NS ns1._tcp.mail.thesandiegos.com. ;; ADDITIONAL SECTION: ns1._tcp.mail.thesandiegos.com. 3600 IN A 75.149.33.153 It looks like you have another intermediate zone, but it might not be delegated properly. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAln5RnoACgkQL6j7milTFsGkmACfdJpGYx5XXSBE9Ibxp7YunJMC 1Q0An1jrE9g5nxurHZwt4f4DIp5d9a9V =OjOR -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.11.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlnS18UACgkQL6j7milTFsGZfgCbBIUaYjY+AbTUz6X6xHJN4m1M tXgAniEvP2Nd/1IW+PBUXRSnJq716Whe =ILkA -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: botched KSK rollover
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > Sigh, it sure would be nice if I had a registrar with a means to > automate DS submission. You might want to look at gkg.net -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlmXBrwACgkQL6j7milTFsFd5QCfZMqbWV/Jd8vmrkaxFLMYWn+Q dF0AnApcuyYfxF+LTtG8Tg+6M1us6rWM =fAdr -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: "spare hosts" as personal DNS nameservers for 'mynew.org'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2017-07-12 at 16:21 -0500, b...@zq3q.org wrote: > OK, I'm ready to consider other registrars, any suggestions > would be appreciated. I like gkg.net - they have an API so you can automatically upload new DS records when you do DNSSEC key rollovers. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEUEAREKAAYFAllmtQwACgkQL6j7milTFsGcNQCdEMVMhDjbb/G++ors2jJgH5Yp zHsAl3mvhHy0EybJzoO1g0rF+lLvDuc= =/PA6 -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.11.1-P2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAllVdXcACgkQL6j7milTFsG/SQCggBDFBEwmgOb92nESct8cg3IS gOoAn2KXPunBCbmHxvcabF0LqXtcpCUU =y5IX -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.11.1-P1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlj6vdIACgkQL6j7milTFsHerACfQB+wrypAkmqxjX/4vw/PY5XG 8ikAnj4dMsb7tGUgHmKS6nBhVbn9PRol =gZHq -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Resolve specified DNS name in a caching-only name server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sat, 2017-05-27 at 09:11 +0800, Rui Mao wrote: > 1. Resolve test.a.com to 192.168.1.1 > 2. Still forward other *.a.com to outside DNS servers With bind, you have at least two choices. a) create test.a.com zone, so your server becomes authoritative for that name, and all names under it. You then control all names like *.test.a.com - queries for those won't be forwarded to the outside dns servers. b) use the bind RPZ feature to only override the test.a.com name. Other names such as *.test.a.com will still be forwarded to the outside dns servers. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlkpC5YACgkQL6j7milTFsEHYACfX/Hd595qrkgEWS6OtUGow63V T3wAnA5cGU1AyYOrEuW1vJhD+2g0Hgdk =DzaT -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Unable to build BIND 9.11.1 with dnstap support
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2017-05-04 at 18:01 +, greg.ra...@bt.com wrote: > I am trying to build BIND 9.11.1 on a CentOS 7 64-bit system, > including dnstap support. You might try my .spec file, extracted from the source rpm: http://www.five-ten-sg.com/util/bind-9.11.1-0.1.el6.src.rpm BuildRequires: GeoIP-devel, python-argparse, python-ply, perl-Net-DNS- Nameserver, fstrm-devel Requires: portreserve, GeoIP, GeoIP-update, python-argparse, python-ply, fstrm --with-tuning=large \ --with-geoip \ --with-python \ --with-dnstap \ Or just rebuild that source rpm on el7 with: rpmbuild --rebuild --define 'dist .el7' \ bind-9.11.1-0.1.el6.src.rpm -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlkLmzQACgkQL6j7milTFsHOzQCaAkDBZ2qWR7eUT8PkkOvV/JjP mWwAn08WZp8Pj01t8/DcntrWyWSslywG =swBT -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.11.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlj6vdIACgkQL6j7milTFsHerACfQB+wrypAkmqxjX/4vw/PY5XG 8ikAnj4dMsb7tGUgHmKS6nBhVbn9PRol =gZHq -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.11.0-P5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAljuy1oACgkQL6j7milTFsEeqgCfQh4Gka99/IOh7XkQ1+c0qmqI 3CYAnA57nHm/lo70n/BRG08moQJOEK24 =wN6v -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Unable to build BIND 9.11.0-P3 on RHEL 6.0 64-bit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > I am having trouble getting BIND 9.11.0-P3 to build on RHEL 6.0 > 64-bit. I am linking it with static OpenSSL (1.0.2j) and GeoIP > (1.6.6) libraries. Here are my configure options: First, openssl is already at 1.0.2k - I don't know if any of the 1.0.2k fixes can be triggered by bind. But when they fix the next bug and change to 1.0.2l, your bind will still be using the (at that point) known vulnerable 1.0.2j. http://www.five-ten-sg.com/util/openssl-1.0.2k-1.el6.src.rpm That is a rhel6 compatible openssl that should transparently update 1.0.1e to 1.0.2k. If you want to run a modern bind on rhel6, you might as well also run a modern openssl. You might also look at http://www.five-ten-sg.com/mapper/bind -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAljbNCAACgkQL6j7milTFsFB1gCZAShjl24NXhWd4tv4DDkqapM3 bf8Aniiu6Hip0h4HVW5jLavHcK/XyLo2 =UD6T -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RHEL, Centos, Fedora rpm 9.11.0-P3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlibpa8ACgkQL6j7milTFsFi5gCfSEhAyxLOEgFDY8aoSkuLnXvD dywAn3RVuHRJE9n5Oh0MOtwWY/7WUE0r =Hp3d -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users