Re: 9.18 horrendous
I agree. Banning them because you disagree with what they say ? You have shares in facebook ? TikTok ? Federal Govt ? On 2024-08-23 7:19 AM, Marcus Kool wrote: The user was angry and ranted about named 9.18.x. He did not rant about any developer or any member of your team. Removing a user from this list is IMHO not the best way to treat an issue. Marcus On 23/08/2024 13:31, Ondřej Surý wrote: I can understand your anger But I don’t. Let me be absolutely clear. There’s nothing in the world that would allow you to treat me, my team and the other list members like this. And there’s nothing in the world that would justify such behavior. The user in question has been removed from the list and banned. I would rather spent my energy on the users who treat other with respect than work around someone’s “anger”. Ondřej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
logging via named.conf
Is there an easy way in the named.conf logging to have ALL logging go to local2 ? I've created: logging { channel syslog-local2 { syslog local2; print-category yes; print-severity yes; }; category default { syslog-local2; }; category general { syslog-local2; }; category database { syslog-local2; }; category security { syslog-local2; }; --More--(44%) A lot of messages get to local2, but some things (like general.warning) don't get to local2, but still get to syslog messages. Is there an easy catch-all for ALL named logging ? Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: classless ptr setup
Thank you for this. I am familiar with the setup; I suppose that my question was unclear. Can the SAME named.conf handle BOTH the /24 cname assignments AND the /25 in-addr.arpa records. Which sounds like a dumb question, but I thought named may not like it. But I'll set it up and see if named complains (if at all). Thanks again. On 2014-01-20 11:00 AM, jo...@primebuchholz.com wrote: In your zone file for the class c (x.y.z), you'd create a delegation like this in the zone file: ; For 0-127 0/25 NS some.server. 0/25 NS some.other.server. 1 CNAME 1.0/25.z.y.x.in-addr.arpa. 2 CNAME 2.0/25.z.y.x.in-addr.arpa. ... ; For 128 on... 128/25 NS some.server. 128/25 NS some.other.server. 129 CNAME 129.128/25.z.x.y.in-addr.arpa. 130 CNAME 130.128/25.z.x.y.in-addr.arpa. ... ...then the servers you delegated to have this: named.conf: zone "0/25.z.y.x.in-addr.arpa" { ... ... } ...and in the zone file: 1 PTR some.host. ... as normal. HTH, -John From: Jim Pazarena To: bind-users@lists.isc.org Date: 01/20/2014 01:43 PM Subject:classless ptr setup Sent by:bind-users-bounces+johnh=primebuchholz@lists.isc.org I have a full /24, which I would like to separate into two /25's, and assign each half to two of my customers. The snag is that *I* maintain the DNS for each of these customers. Is it possible to create the classless setup within my system so that it starts with the /24 but can assign the two classless /25's ? If so, I am stumped on the setup. Any help would be appreciated. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Please consider the environment before printing this e-mail. This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is privileged, confidential and/or otherwise protected from disclosure. Dissemination, distribution or copying of this e-mail or the information herein by anyone other than the intended recipient, or an employee, or agent responsible for delivering the message to the intended recipient, is strictly prohibited. All contents are the copyright property of the sender. If you are not the intended recipient, you are nevertheless bound to respect the sender's worldwide legal rights. We require that unintended recipients delete the e-mail and destroy all electronic copies in their system, retaining no copies in any media. If you have received this e-mail in error, please immediately notify us by calling our Help Desk at (603) 433-1143, or e-mail to i...@primebuchholz.com. We appreciate your cooperation. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
classless ptr setup
I have a full /24, which I would like to separate into two /25's, and assign each half to two of my customers. The snag is that *I* maintain the DNS for each of these customers. Is it possible to create the classless setup within my system so that it starts with the /24 but can assign the two classless /25's ? If so, I am stumped on the setup. Any help would be appreciated. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
DNS format error
I see in my logs "DNS format error from 205.178.190.53#53 resolving excelwetsuits.com/MX for client 207.34.147.83#54521: invalid response" The client is *my* mail server IP. I am wondering is this error on MY side or their's ? It doesn't sound like it. If it's on their end.. how far should someone go to attempt to contact them to correct the issue? If it's on my end, I can't imagine what the issue may be. Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
authoritative rDNS
I set up a subnet on my server, complete with rdns, and ARIN has been adjusted for my two dns servers (ns.qcislands.net & ns2.qcislands.net) the subnet: 23.235.75.0/24 if you do a lookup of, for instance: 23.235.75.10 and bounce that nslookup off of other dns servers, SOME say: Authoritative answers can be found from: others, well, at least google 8.8.8.8 do not show anything as authoritative, altho the IP DOES resolve. I am curious if 8.8.8.8 isn't trying, or instead, am I missing something which 8.8.8.8 considers incomplete and therefore un-authoritative ? I just want to make sure my setup is accurate. Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
ARIN IP assignments
I have a client who has been assigned a /20 from ARIN. They asked me to help them with their DNS. The DNS for me is the easy part. except... ARIN has told them that you use the DNS to set up the routing so that the traffic for this /20 gets routed to the correct up-stream provider. Is this correct? If so, where in DNS do you set up routing. if it's not correct, what am I missing? I always thought DNS had 100% nothing to do with routing on the 'net. Boy am I confused. TIA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: reverse resolution failing
Jim Pazarena wrote, On 2013-02-07 9:31 AM: my named is 9.9.0 while it can resolve "webmail.acrodex.com" ( 139.142.184.10 ) it cannot reverse resolve 139.142.184.10 (example follows). However, if I do a simply nslookup using goodle DNS. nslookup 139.142.184.10 8.8.8.8 IT WORKS! So I have another domain which will not reverse resolve for me: mail.tysers.com which also appears to be: mail.tyser.co.uk 80.169.188.226 the IP, will not reverse resolve (for me) yet, once again, google (8.8.8.8) CAN RESOLVE IT. On my original post, Tony Finch advised "the nameservers for the target are very broken". But why is it that google can STILL resolve it? Do they have some special setting which pushes thru poorly configured DNS? Is there anything I can do to MY named to get this working? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
odd compile error in a lib
I installed FreeBSD 9.1 on 3 virtually identical HP rack servers. two of the servers compile bind 9.9.2-P1 as expected. One however dies because of a bunch of undefined references in a library file. a proper ./configure was issued, along with a make; on ALL 3! I am stumped, and would appreciate suggestions. Thanks, Jim export MAKE_SYMTABLE="yes"; export BASEOBJS="builtin.o client.o config.o control.o controlconf.o interfacemgr.o listenlist.o log.o logconf.o main.o notify.o query.o server.o sortlist.o statschannel.o tkeyconf.o tsigconf.o update.o xfrout.o zoneconf.o lwaddr.o lwresd.o lwdclient.o lwderror.o lwdgabn.o lwdgnba.o lwdgrbn.o lwdnoop.o lwsearch.ounix/os.o unix/dlz_dlopen_driver.o"; if [ X"/usr/bin/perl5" = X -o X"${MAKE_SYMTABLE:-}" = X ] ; thengcc -pthread -g -O2 -I/usr/local/include/libxml2 -I/usr/local/include -o named ${BASEOBJS} ${LIBS0} ../../lib/lwres/liblwres.a ../../lib/dns/libdns.a -lgssapi_krb5 -lcrypto ../../lib/bind9/libbind9.a ../../lib/isccfg/libisccfg.a ../../lib/isccc/libisccc.a ../../lib/isc/libisc.a -L/usr/local/lib -lxml2 -lz -L/usr/local/lib -liconv -lm -lreadline; else rm -f namedtmp0;gcc -pthread -g -O2 -I/usr/local/include/libxml2 -I/usr/local/include -o namedtmp0 ${BASEOBJS} ${LIBS0} ../../lib/lwres/liblwres.a ../../lib/dns/libdns.a -lgssapi_krb5 -lcrypto ../../lib/bind9/libbind9.a ../../lib/isccfg/libisccfg.a ../../lib/isccc/libisccc.a ../../lib/isc/libisc.a -L/usr/local/lib -lxml2 -lz -L/usr/local/lib -liconv -lm -lreadline || exit 1; rm -f named-symtbl.c named-symtbl.o; /usr/bin/perl5 ../../util/mksymtbl.pl -o named-symtbl.c namedtmp0 || exit 1; make named-symtbl.o || exit 1; rm -f namedtmp1;gcc -pthread -g -O2 -I/usr/local/include/libxml2 -I/usr/local/include -o namedtmp1 ${BASEOBJS} named-symtbl.o ${LIBS0} ../../lib/lwres/liblwres.a ../../lib/dns/libdns.a -lgssapi_krb5 -lcrypto ../../lib/bind9/libbind9.a ../../lib/isccfg/libisccfg.a ../../lib/isccc/libisccc.a ../../lib/isc/libisc-nosymtbl.a -L/usr/local/lib -lxml2 -lz -L/usr/local/lib -liconv -lm -lreadline || exit 1; rm -f named-symtbl.c named-symtbl.o; /usr/bin/perl5 ../../util/mksymtbl.pl -o named-symtbl.c namedtmp1 || exit 1; make named-symtbl.o || exit 1;gcc -pthread -g -O2 -I/usr/local/include/libxml2 -I/usr/local/include -o namedtmp2 ${BASEOBJS} named-symtbl.o ${LIBS0} ../../lib/lwres/liblwres.a ../../lib/dns/libdns.a -lgssapi_krb5 -lcrypto ../../lib/bind9/libbind9.a ../../lib/isccfg/libisccfg.a ../../lib/isccc/libisccc.a ../../lib/isc/libisc-nosymtbl.a -L/usr/local/lib -lxml2 -lz -L/usr/local/lib -liconv -lm -lreadline; /usr/bin/perl5 ../../util/mksymtbl.pl -o named-symtbl2.c namedtmp2; count=0; until diff named-symtbl.c named-symtbl2.c > /dev/null ; do count=`expr $count + 1` ; test $count = 42 && exit 1 ; rm -f named-symtbl.c named-symtbl.o; /usr/bin/perl5 ../../util/mksymtbl.pl -o named-symtbl.c namedtmp2 || exit 1; make named-symtbl.o || exit 1; gcc -pthread -g -O2 -I/usr/local/include/libxml2 -I/usr/local/include -o namedtmp2 ${BASEOBJS} named-symtbl.o ${LIBS0} ../../lib/lwres/liblwres.a ../../lib/dns/libdns.a -lgssapi_krb5 -lcrypto ../../lib/bind9/libbind9.a ../../lib/isccfg/libisccfg.a ../../lib/isccc/libisccc.a ../../lib/isc/libisc-nosymtbl.a -L/usr/local/lib -lxml2 -lz -L/usr/local/lib -liconv -lm -lreadline; /usr/bin/perl5 ../../util/mksymtbl.pl -o named-symtbl2.c namedtmp2; done ; mv namedtmp2 named; rm -f namedtmp0 namedtmp1 namedtmp2 named-symtbl2.c; fi /usr/local/lib/libgssapi_krb5.so: undefined reference to `krb5_ser_ccache_init' /usr/local/lib/libgssapi_krb5.so: undefined reference to `krb5_rd_rep_dce' /usr/local/lib/libgssapi_krb5.so: undefined reference to `krb5int_init_context_kdc' ... /usr/local/lib/libgssapi_krb5.so: undefined reference to `krb5_cc_set_config' /usr/local/lib/libgssapi_krb5.so: undefined reference to `krb5_auth_con_setuseruserkey' /usr/local/lib/libgssapi_krb5.so: undefined reference to `krb5_get_credentials_for_user' /usr/local/lib/libgssapi_krb5.so: undefined reference to `krb5_internalize_opaque' /usr/local/lib/libgssapi_krb5.so: undefined reference to `krb5_ser_pack_bytes' /usr/local/lib/libgssapi_krb5.so: undefined reference to `krb5_init_creds_set_password' /usr/local/lib/libgssapi_krb5.so: undefined reference to `krb5_free_tgt_creds' /usr/local/lib/libgssapi_krb5.so: undefined reference to `decode_krb5_ap_req' /usr/local/lib/libgssapi_krb5.so: undefined reference to `encode_krb5_ticket' /usr/local/lib/libgssapi_krb5.so: undefined reference to `krb5_auth_con_getkey_k' /usr/local/lib/libgssapi_krb5.so: undefined reference to `krb5_kt_client_default' /usr/local/lib/libgssapi_krb5.so: undefined reference to `krb5_authdata_get_attribute_types' *** [named] Error code 1 Stop in /u/qcinet/pgmr/FreeBSD/packages/bind/bind-9.9.2-P1/bin/named. *** [subdirs] Error code 1 Stop in /u/qcinet/pgmr/FreeBSD/packages/bind/bind-9.9.2-P1/
reverse resolution failing
my named is 9.9.0 while it can resolve "webmail.acrodex.com" ( 139.142.184.10 ) it cannot reverse resolve 139.142.184.10 (example follows). However, if I do a simply nslookup using goodle DNS. nslookup 139.142.184.10 8.8.8.8 IT WORKS! Can anyone suggest where I may be going wrong with this? my "dig" response follows. Many thanks! Jim mail# dig -x 139.142.184.10 ; <<>> DiG 9.9.0 <<>> -x 139.142.184.10 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49017 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;10.184.142.139.in-addr.arpa. IN PTR ;; Query time: 125 msec ;; SERVER: 207.34.147.93#53(207.34.147.93) ;; WHEN: Thu Feb 7 09:30:12 2013 ;; MSG SIZE rcvd: 56 mail# ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: slave nags that master is not authoritative
Jan-Piet Mens wrote, On 2011-11-23 12:21 AM: I have 1 domain name, and 1 reverse in-addr.arpa citires.ca and0-127.254.194.207.in-addr.arpa which my two slaves log that the master is "not authoritative" for I found the issue! I had TWO named.conf files for my slaves, one not being used any longer, and THAT'S the one I updated with these new entries. Sorry for the waste of bandwidth and your efforts, all! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: slave nags that master is not authoritative
Jan-Piet Mens wrote, On 2011-11-23 12:21 AM: I have 1 domain name citires.ca which my two slaves log that the master is "not authoritative" for Seen from here (.DE) the NS for citires.ca both refuse to answer queries, so they are indeed not authoritative: $ dig @ns.qcislands.net. citires.ca ns ;<<>> DiG 9.6-ESV-R4-P3<<>> @ns.qcislands.net. citires.ca ns they aren't answering, because they refused to load the zone from the master saying it wasn't authoritative. So they have nothing to offer you. I have them in the world view; along with about 60 other domains names. I am stumped! Thanks for the reply. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
slave nags that master is not authoritative
I have 1 domain name, and 1 reverse in-addr.arpa citires.ca and0-127.254.194.207.in-addr.arpa which my two slaves log that the master is "not authoritative" for I have plenty of rdns subnets, and 3 fractional subnets in that group so my copy & paste of this new /25 looks 100%. yet my slave doesn't like it. as to the newly registered citires.ca my slaves once again complain that my master isn't authoritative. I've entered new domains AND new rdns dozens of times. I simply cannot figure out if it os ME, or the registrar (domain name) or telco (rdns). Suggestions greatly appreciated. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: reverse delegation from Telco
Chris Buxton wrote, On 2011-11-03 10:57 PM: Everything is working as it should. Your servers (I'm guessing they're your servers) are responding authoritatively for the rewritten PTR record name. You're seeing a non-authoritative response because you're asking for the canonical PTR record name, for which your server is not authoritative (Telus' servers are). But the final part of the answer, from your zone '80-95.147.34.207.in-addr.arpa', is authoritative. I'm making the assumption that ns.qcislands.net and ns2.qcislands.net are yours. Regards, Chris Buxton BlueCat Networks yup, they're all mine. but that non-auth kinda bugs me, because for my 'full' /24 subnets, that never happens. And it's delegated from the same Telco (Telus) look at ns2.qcislands.net which cleanly resolves back and forth to 209.53.238.4 On Nov 3, 2011, at 10:42 PM, Jim Pazarena wrote: I've got a fractional subnet 207.34.147.80/28 (.240) To which my reverse always responds, but claims to be non-authoritative. Then it points AT MY DNS to be authoritative. I am unsure, but think it has something to do with way I have described my in-addr.arpa file. Would someone please offer suggestion as to the non-auth response for: 207.34.147.85 which is www.qcislands.net ? Thanks! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
reverse delegation from Telco
I've got a fractional subnet 207.34.147.80/28 (.240) To which my reverse always responds, but claims to be non-authoritative. Then it points AT MY DNS to be authoritative. I am unsure, but think it has something to do with way I have described my in-addr.arpa file. Would someone please offer suggestion as to the non-auth response for: 207.34.147.85 which is www.qcislands.net ? Thanks! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
ipv6 implementation in an ipv4 camp
I am curious if anyone can point out articles or deeper instructions regarding an implementation and launch of ipv6 in a fully ipv4 camp? If the upstream ISP still provides the end user an ipv4 number as a gateway, and the end user still has a /24 or /23 assigned by the ISP, need they be concerned with ipv6? would the ipv4 /23 subnet be 'translatable' to a corresponding ipv6 number? Any source documents would be greatly appreciated. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users