Re: ITS THE NUMBER OF CORES/THREADS

2021-07-23 Thread Peter via bind-users 

update on how to get bind to run with parameters for windows

make folder in C:\ named

make file called named.bat

in the bat file add:

sc start named -n 7

in services > ISC BIND recovery tab

first failure select run a program

check enable actions for stops with errors

in run program browse for named.bat

apply and now start the services.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ITS THE NUMBER OF CORES/THREADS

2021-07-23 Thread Peter via bind-users 
Yes I went in services and put in start parameters -n 7 and 9.16.19 
started however a bug in windows means it does not save the parameter at 
least I think it a bug so you have to manually put in -n 7 to start bind.



On 23/07/2021 7:53 pm, Ondřej Surý wrote:

Thanks, having such a simple reproducer is helpful.

Can you try if adding `-n 8` vs `-n 7` have the same effect?

Ondřej
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do 
not feel obligated to reply outside your normal working hours.


On 23. 7. 2021, at 20:31, Peter via bind-users 
 wrote:


 Well I reported it and we see what happens my main bind is not in a 
virtual machine I guess I cound disbale Hyper-Threading as a 
workaround...

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
unsubscribe from this list


ISC funds the development of this software with paid support 
subscriptions. Contact us at https://www.isc.org/contact/ for more 
information.



bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: ITS THE NUMBER OF CORES/THREADS

2021-07-23 Thread Peter via bind-users 
Well I reported it and we see what happens my main bind is not in a 
virtual machine I guess I cound disbale Hyper-Threading as a workaround...
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

ITS THE NUMBER OF CORES/THREADS

2021-07-23 Thread Peter via bind-users 
So after ALL that it was down to the number of cores/threads, anything 
more then 7 cores/threads and 9.16.19 WILL NOT RUN tested in avirtual PC.


Man what A BUG

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Sorry

2021-07-22 Thread Peter via bind-users 

I have come to the conclusion that I am being punished!

I have moved heaven and earth to get 9.16.19 to work and only seem to 
work on another old system Core™2 Duo that I installed win 7 activated 
it then upgrade to win10 only that system work with 9.16.19 on another 
system I remove NICs uninstalled/reinstalled MS visual C++ and then to 
top it off my new system for DNS got fully reinstalled! With 
MediaCreationTool21H1 win 10 did 9.16.19 work on that with a simple 
config that worked on my old Core™2 Duo? No I have wasted hours trying 
to work out why this problem is happening to me...and I can only think 
of one reason I am being punished and the dark side of me is saying that 
the dev have coded bind not to work on my system they know about...yes 
that is crazy but I'm out of ideals short from building another system 
and buy another win10 key.


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

New BIND 9.16.19 I think don't run with Intel VLANs

2021-07-21 Thread Peter via bind-users 
I have three PC's tested that all work fine on 9.16.15 or 9.17.12 with 
my Intel VLANs but 9.16.19 simply will not start.


Is this a new limitation for BIND on windows now? or a change that 
causes it not to run if it detects VLANs with the intel APP?


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: cmdns.dev.dns-oarc.net oddness with windows 10 and bind

2021-06-20 Thread Peter via bind-users 

Seems fine now they must of fixed the testing.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Windows support has been discontinued in BIND 9.17+ (Was: Important: A significant flaw is present in June BIND releases 9.16.17 and 9.17.14)

2021-06-19 Thread Peter via bind-users 
Well for the time being I give up I think something like this happen 
before many years ago, I'm sure someone will post having this iusse.


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Windows support has been discontinued in BIND 9.17+ (Was: Important: A significant flaw is present in June BIND releases 9.16.17 and 9.17.14)

2021-06-19 Thread Peter via bind-users 

I getnothing which means good? installed back to the default path.

C:\Program Files\ISC BIND 9\bin>named-checkconf

C:\Program Files\ISC BIND 9\bin>



On 19/06/2021 5:53 pm, Richard T.A. Neal wrote:


And what do you get when you run c:\BIND\named-checkconf ?

Richard.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Windows support has been discontinued in BIND 9.17+ (Was: Important: A significant flaw is present in June BIND releases 9.16.17 and 9.17.14)

2021-06-19 Thread Peter via bind-users 
My config runs fine on BIND 9.17.12 so its not the config I even install 
bind in C:\BIND with a VERY simple config that 9.17.12 runs that 9.16.18 
does not and I installed 9.16.18 on a vary new system it simply does not 
run.


named.conf

options {
    forward only;
    forwarders { 192.168.255.62;192.168.53.2; };
};

On 18/06/2021 11:33 pm, Richard T.A. Neal wrote:


The next Event Log entry on my system immediately after "using 1 UDP 
listener per interface" is:


loading configuration from 'C:\BIND\etc\named.conf'

(because that's my BIND installation folder obviously).

If I intentionally make a typo in any of my config files (eg 
named.conf, named.conf.options etc) and try and start the ISC BIND 
service I get:


Windows could not start the ISC BIND service on local computer.

Error 1067: The process terminated unexpectedly.

And that’s exactly the same error message that you’re getting.

Have you tried dropping to a command prompt and then running 
"named-checkconf" from within the "bin" subfolder of your BIND 
installation folder? That will tell you if it detects an error in any 
of your configuration files. I know you may not have changed them 
between upgrading from 9.16.12 to 9.16.18, but maybe there's something 
in there that BIND 9.16.12 was OK with but which 9.16.18 is not happy.


For example if I intentionally add a simple 'x' at the very end of my 
named.conf and then run C:\BIND\bin\named-checkconf I get:


C:\BIND\bin>named-checkconf

C:\BIND\etc\named.conf:8: unknown option 'x'

C:\BIND\etc\named.conf:8: unexpected token near end of file

Richard.

*From:*bind-users  *On Behalf Of 
*Peter via bind-users

*Sent:* 18 June 2021 5:49 pm
*To:* bind-users@lists.isc.org
*Subject:* Re: Windows support has been discontinued in BIND 9.17+ 
(Was: Important: A significant flaw is present in June BIND releases 
9.16.17 and 9.17.14)


It shows 17 information with the last showing "using 1 UDP listener 
per interface" maybe it don't like my intel VLAN's?



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Windows support has been discontinued in BIND 9.17+ (Was: Important: A significant flaw is present in June BIND releases 9.16.17 and 9.17.14)

2021-06-18 Thread Peter via bind-users 
It shows 17 information with the last showing "using 1 UDP listener per 
interface" maybe it don't like my intel VLAN's?


On 18/06/2021 5:21 pm, Richard T.A. Neal wrote:


When you say “in Application logs show fine” – how far does named 
actually get (if at all)? For example whenever I (re)start the “ISC 
BIND” service on my Windows server I get **loads** of entries in the 
Application log, starting with these three:


starting BIND 9.16.18 (Stable Release) 

running on Windows 10 0 build 17763 1879 for x64

[it’s actually Windows Server being misdetected as Windows 10, but the 
build numbers are correct]


built with 'with-tools-version=15.0 with-platform-toolset=v141 
with-platform-version=10.0.17763.0 with-vcredist=C:/Program\ Files\ 
(x86)/Microsoft\ Visual\ 
Studio/2017/BuildTools/VC/Redist/MSVC/14.16.27012/vcredist_x64.exe 
with-openssl=C:/OpenSSL with-libxml2=C:/libxml2 with-libuv=C:/libuv 
without-python with-system-tests x64'


Richard.



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Windows support has been discontinued in BIND 9.17+ (Was: Important: A significant flaw is present in June BIND releases 9.16.17 and 9.17.14)

2021-06-18 Thread Peter via bind-users 
I go back to BIND 9.17.12 and is starts fine install BIND 9.16.18 
changed log on to “local system account” like I have done for years go 
to start BIND get error 1067 in:


system logs

The ISC BIND service terminated unexpectedly. It has done this 1 
time(s). The following corrective action will be taken in 6 
milliseconds: Restart the service.


And in Application logs show fine

Maybe its just windows 10 pro? Or is it possible to have bind coded to 
no longer run in win 10?


On 18/06/2021 3:08 pm, Richard T.A. Neal wrote:

On 18/06/2021 2:48 pm, Peter wrote:


Even BIND9.16.18 will not run on windows 10 same error

I can't reproduce this error - I've just successfully upgraded from BIND 
9.16.15 to BIND 9.16.18 on my Windows (2019) server.

Do you see a more detailed error in Computer Management > Windows Logs > 
Application?

If your Application log is too busy you can also filter by event source "named" 
to remove some of the noise.

Richard.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Windows support has been discontinued in BIND 9.17+ (Was: Important: A significant flaw is present in June BIND releases 9.16.17 and 9.17.14)

2021-06-18 Thread Peter via bind-users 

Even BIND9.16.18 will not run on windows 10 same error

On 18/06/2021 2:21 pm, Ondřej Surý wrote:

Hi Peter,

the Windows support in 9.17 has been discontinued (as discussed on this very 
mailing list).
So, while technically the BIND 9.17.14/9.17.15 still includes the Windows 
binaries, the
code has been removed in the git repository, and the issue you are experiencing 
will not
get a fix. If you want to keep running BIND 9 on Windows, you will have to 
downgrade
to the lastest stable 9.16 release.

Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org


On 18. 6. 2021, at 14:46, Peter via bind-users  wrote:

Well I don't know about anyone else but BIND 9.17.14 did not want to start in 
win 10 “windows could not start the ISC BIND service on local computer Error 
1067: the process terminated unexpectedly.”
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Important: A significant flaw is present in June BIND releases 9.16.17 and 9.17.14

2021-06-18 Thread Peter via bind-users 
Well I don't know about anyone else but BIND 9.17.14 did not want to 
start in win 10 “windows could not start the ISC BIND service on local 
computer Error 1067: the process terminated unexpectedly.”

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

cmdns.dev.dns-oarc.net oddness with windows 10 and bind

2021-06-10 Thread Peter via bind-users 
So I redone my windows bind setup on a new system and this bug may never 
get fixed but I wanted to post the oddness of this bug.


Bind on New PC as servers 127.0.0.1 for dns on that system 
cmdns.dev.dns-oarc.net reports fine except for IPv6 test OK


I then have two PC's as clients to this DNS bind server 192.168.255.62 
and 192.168.53.2 the internet works fine DNS seems to work fine but 
testing at cmdns.dev.dns-oarc.net shows some failed tests for IPv4.


And it gets odder if on that PC I remove 192.168.255.62 and 192.168.53.2 
and put in 127.0.0.1 setup bind with forwarder only 192.168.255.62 and 
192.168.53.2 then run cmdns.dev.dns-oarc.net it shows as fine!


I just don't get it?

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: No more support for windows

2021-06-04 Thread Peter via bind-users 
Well its clearly not working so it needs to change just like DDNS is 
free but you can paid for a subscription thats easy to do or SSL is free 
for 90days but you have the option to pay easily for a year but that 
might not work for bind for windows so it needs to be a subscription to 
run it at least for windows so it can be supported. This would mean some 
type of activation that can't work on another system how thats done I 
don't know like what if the system its running on goes down and you have 
to put bind on another system how do you deal with that and so 
onmaybe if you do a year subscription of some amount you get 12 one 
time keys in a file that bind uses each month to valid your use and 
removes a key this list can be updated to add more keys as you extend 
the subscription so in the event the system dies you have some keys for 
a new system.


But I don't really see this happening would like to be proven wrong...

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

No more support for windows

2021-06-04 Thread Peter via bind-users 

On 04/06/2021 6:05 pm, John Thurston wrote:


On 6/4/2021 8:48 AM, Peter via bind-users wrote:

When people find out2024 is the year bind is no longer supported for
windows people aregoing to be upset this all seems to be done quietly
nothing posted on the the isc.org site about this just how many people
depend on bind for windows will be shocking.


And griping about the decision on the mailing list is annoying.

If you want to alter the decision, bring something new to the 
discussion. Funding to pay for the windows development team? 
Logistical support for the project?


Anything constructive will be better received than repeating "I don't 
like your decision".


Yes John Thurston I said about a subscription here which I guess will 
not happen if they made up thier mind its likly no going to happen.


Deprecating BIND 9.18+ on Windows (or making it community improved and 
supported (isc.org) 
<https://lists.isc.org/pipermail/bind-users/2021-June/104719.html>



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

No more support for windows

2021-06-04 Thread Peter via bind-users 
When people find out2024 is the year bind is no longer supported for 
windows people aregoing to be upset this all seems to be done quietly 
nothing posted on the the isc.org site about this just how many people 
depend on bind for windows will be shocking.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Deprecating BIND 9.18+ on Windows (or making it community improved and supported

2021-06-03 Thread Peter via bind-users 

Guess not even a subscription will not happen too.

I'm having to try and do Bind on ubuntu and it just will not let me edit 
files like named.conf unless you do some vodoo that I don't understand 
and even updating the bind like how? Windows no problem you want to edit 
a file no problem can't edit a file/folder because of permissions your a 
admin you can do that too. Bind is easy on windows.


On another note when you stop the bind service you get “windows could 
not stop ISC BIND service on local computer. Error 1067 the process 
terminated unexpectedly.” wonder if that be the last fix for 9.17.14.


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Deprecating BIND 9.18+ on Windows (or making it community improved and supported

2021-06-03 Thread Peter via bind-users 
Maybe they could release a bind for windows ever year with limited 
support? But I guess bind will still work long after its not supported 
which is the only good thing.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Deprecating BIND 9.18+ on Windows (or making it community improved and supported

2021-06-02 Thread Peter via bind-users 

Well that sucks no more bind for windows...:(

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

broken trust chain with my DNS setup

2021-03-09 Thread Peter via bind-users 

https://bridgemode.bounceme.net/DNS%20BIND%20setup2.txt

%ProgramFiles%\ISC BIND 9\bin run CMD rndc-confgen -a
folder managed-keys in ect

file rndc.conf in etc

include "C:\Program Files\ISC BIND 9\etc\rndc.key";

options {
default-key "rndc-key";
  default-server 127.0.0.1;
  default-port 953;
};

file named.root in etc
ftp.internic.net
file localhost in etc

$TTL 86400
@  IN  SOA   @  root (
 0   ; Serial
 8H  ; Refresh
 15M ; Retry
 1W  ; Expire
 1D) ; Minimum TTL
   IN   NS   @
   IN   A127.0.0.1
   IN      ::1

file 127.0.0.zone in etc

$TTL3D
@   IN  SOA localhost. root.localhost. (
1   ; serial
8H  ; refresh
2H  ; retry
4W  ; expiry
1D ); minimum
 IN   NS  localhost.
1IN   PTR localhost.

Main PC file named.conf in ect

acl private { 192.168.255.54; };
acl loopbackPC { 127.0.0.1; };
acl PClooplookup { 192.168.255.53;  };
acl bogusnets { 0.0.0.0/8; 10.0.0.0/8; 172.16.0.0/12;! 192.168.255.56;! 
192.168.255.55;! 192.168.255.54;! 192.168.255.53; 192.168.0.0/16; 
169.254.0.0/16; };
acl Rebinding { :::127.0.0.1/128; :::192.168.0.0/120; 
:::172.16.0.0/116; :::10.0.0.0/120; ::1/128; 127.0.0.0/24;0.0.0.0/8; 
10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; 169.254.0.0/16; };
options {
  version none;
  hostname none;
  server-id none;
  deny-answer-addresses { "Rebinding";} except-from { 
"private";"loopbackPC";"PClooplookup"; };
  directory "C:\Program Files\ISC BIND 9\etc";
  listen-on-v6 { ::1; };
  listen-on port 53 { 127.0.0.1; 192.168.255.56;192.168.255.55; };
  avoid-v4-udp-ports { 
53;67;68;69;533;445;500;135;137;138;139;546;547;1900;3702;4500;5000;5004;5005; 
};
  use-v4-udp-ports { range 1 65535; };
  avoid-v6-udp-ports { 
53;67;68;69;533;445;500;135;137;138;139;546;547;1900;3702;4500;5000;5004;5005; 
};
  use-v6-udp-ports { range 1 65535; };
  blackhole { bogusnets; };
//  dnssec-enable yes;
  managed-keys-directory "managed-keys";
  lame-ttl 0;
  max-recursion-depth 1000;
  max-recursion-queries 1000;
  resolver-query-timeout 3;
  querylog yes;
};
view private {
match-clients { private; };
// root zone
zone "." in { type hint; file "named.root";
};
// local direct zone
zone"localhost"   { type master; file "localhost";
};
// local reverse zone
zone"0.0.127.in-addr.arpa"{ type master; file "127.0.0.zone";
};
};
view loopbackPC {
match-clients { loopbackPC; };
forward only;
forwarders { 192.168.255.53; };
query-source address 192.168.255.56 port *;
// root zone
zone "." in { type hint; file "named.root";
};
// local direct zone
zone"localhost"   { type master; file "localhost";
};
// local reverse zone
zone"0.0.127.in-addr.arpa"{ type master; file "127.0.0.zone";
};
};
view PClooplookup {
match-clients { PClooplookup; };
// root zone
zone "." in { type hint; file "named.root";
};
// local direct zone
zone"localhost"   { type master; file "localhost";
};
// local reverse zone
zone"0.0.127.in-addr.arpa"{ type master; file "127.0.0.zone";
};
};

HTPC file named.conf in ect

acl lookup2backtoPC { 192.168.255.55; };
acl lookupbacktoPC { 192.168.255.56; };
acl bogusnets { 0.0.0.0/8; 10.0.0.0/8; 172.16.0.0/12;!  192.168.255.56;! 
192.168.255.55;! 192.168.255.54;! 192.168.255.53; 192.168.0.0/16; 
169.254.0.0/16; };
acl Rebinding { ! 192.168.255.253; :::127.0.0.1/128; 
:::192.168.0.0/120; :::172.16.0.0/116; :::10.0.0.0/120; ::1/128; 
127.0.0.0/24;0.0.0.0/8; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; 
169.254.0.0/16; };
options {
  version none;
  hostname none;
  server-id none;
  deny-answer-addresses { "Rebinding";} except-from { lookupbacktoPC; 
lookup2backtoPC; };
  directory "C:\Program Files\ISC BIND 9\etc";
  listen-on-v6 { ::1; };
  listen-on port 53 { 127.0.0.1; 192.168.255.54;192.168.255.53; };
  avoid-v4-udp-ports { 
53;67;68;69;53;533;445;500;135;137;138;546;547;1900;3702;4500;5000;5004;5005; };
  use-v4-udp-ports { range 1 65535; };
  avoid-v6-udp-ports { 
53;67;68;69;53;533;445;500;135;137;138;546;547;1900;3702;4500;5000;5004;5005; };
  use-v6-udp-ports { range 1 65535; };
  blackhole { bogusnets; };
//  dnssec-enable yes;
  lame-ttl 0;
  max-recursion-depth 1000;
  max-recursion-queries 1000;
  resolver-query-timeout 3;
  managed-keys-directory "managed-keys";
  querylog yes;
};
view "lookupbacktoPC" {
match-clients { lookupbacktoPC;};
forward only;
forwarders  { 192.168.255.55; };
query-source address 192.168.255.53 port *;
// root zone
zone "." in { type hint; file "named.root";
};
// local direct zone

broken trust chain with my DNS setup

2021-03-09 Thread Peter via bind-users 

Hi hope someone can help here is my setup on Bind 9.17.10.

https://bridgemode.bounceme.net/DNS%20BIND%20setup.html 



https://bridgemode.bounceme.net/DNS%20BIND%20setup2.txt

When working what happens is:

first lookup

Lookup by 127.0.0.1 on main PC then bind forwards to 192.168.255.53 from 
192.168.255.56 then HTPC by bind forwards to 192.168.255.55 from 
192.168.255.53 Main PC then does the recursion lookup in the given view/ACL


second lookup

Lookup by 192.168.255.53 on main PC from 192.168.255.55 then HTPC by 
bind forwards to 192.168.255.56 from 192.168.255.54 Main PC then does 
the recursion lookup in the given view/ACL


*issue*

What happens is this after many days of working fine:

querylog yes;

client @0227150F1FE8 127.0.0.1#55768 (community.zyxel.com): view 
loopbackPC: query failed (broken trust chain) for 
community.zyxel.com/IN/A at c:\builds\isc-private\bind9\lib\ns\query.c:7581


^This is from windows event viewer

Only way to fix is to restart bind on the main PC.

Thanks if you can help

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users