Only you can know what is “normal" for your configuration. Having more
that 1 TCP connection from a source at a time is not abnormal. There is
no requirement to use existing TCP connections for other queries.
> On 18 Feb 2022, at 08:45, Randy Bush wrote:
>
> for some reason lost in time, i
for some reason lost in time, i have the following in `/etc/ipfw.rules`
on a freebsd system running bind9
add allow tcp from any to me 53 limit src-addr 1 setup
add deny tcp from any to me 53
the results are
01000 48358531 6390772849 allow tcp from any to me 53 setup limit
You can’t do that with standard DNS software. It would be possible to write
custom software that would do exactly this. It’s possible that dnsdist proxy
might be able to do this kind of matching.
Also using “example.com” and being vague doesn’t help people that might want to
help you. Perhaps
On 2022-02-17 18:01, Reindl Harald wrote:
Am 17.02.22 um 17:36 schrieb Jakob Bohm via bind-users:
This is truly tragic, and quite counterproductive action by ISC.
no, it's just stop wasting time for things not really used in the real
production world
Messing about with docker virtualization
Am 17.02.22 um 18:51 schrieb muha...@plciq.com:
I understood that, now, I have another issue. The main domain the is used in the zone (
zone "example.com" ) don't resolve to anything and I want it to be resolved
from 8.8.8.8, while the sub-domains still resolve from my DNS as specified in
Hi
I understood that, now, I have another issue. The main domain the is used in
the zone ( zone "example.com" ) don't resolve to anything and I want it to be
resolved from 8.8.8.8, while the sub-domains still resolve from my DNS as
specified in the zone record file.
Muhanad Abdullah
Am 17.02.22 um 18:47 schrieb Paul Kosinski via bind-users:
On Thu, 17 Feb 2022 15:26:35 +0100
Ondřej Surý wrote:
...
This is part of the problem - debugging on Windows is extremely painful and
requires expertise with extremely high learning curve.
I wonder if difficult debugging is
On Thu, 17 Feb 2022 15:26:35 +0100
Ondřej Surý wrote:
...
> This is part of the problem - debugging on Windows is extremely painful and
> requires expertise with extremely high learning curve.
>
> --
> Ondřej Surý — ISC (He/Him)
I wonder if difficult debugging is deliberate -- it would
On Thu, Feb 17, 2022 at 3:34 AM muhanad wrote:
> I have a main domain ( aa.example.com) with hunderds of subdomains (
> bb.aa.example.com). I made a wildcard record to forward all subdomains (bb.)
> to a list of addresses in round-robin fashion. The problem I am fscing is
> the wildcard is
You have to run the debug-enabled code as a service otherwise you will
get nowhere. It's complicated and it's time consuming to set up right.
Danny
On 2/17/22 12:30 PM, Jakob Bohm via bind-users wrote:
I know this, and I am quite familiar with low level debugging
techniques on Windows, though
I know this, and I am quite familiar with low level debugging techniques
on Windows, though my favorite tool for the job was ruined by
unfortunate business decisions to bundle it with irrelevant software
that would be needed only in a completely different license count, if at
all.
I could
Am 17.02.22 um 17:36 schrieb Jakob Bohm via bind-users:
This is truly tragic, and quite counterproductive action by ISC.
no, it's just stop wasting time for things not really used in the real
production world
Messing about with docker virtualization inside an already virtual
machine
Jakob,
> On 17. 2. 2022, at 17:31, Jakob Bohm via bind-users
> wrote:
>
> This is truly tragic, and quite counterproductive action by ISC.
quite the contrary, this is very productive action by ISC as it allows the
development team
to focus on the things that really matter. The time spent on
This is truly tragic, and quite counterproductive action by ISC.
Messing about with docker virtualization inside an already virtual
machine seems like a recipe for disaster. And given the way you suggest
it, I suspect you mean running a Linux binary under the WSL layer which
is not available in
This is truly tragic, and quite counterproductive action by ISC.
On 2022-02-17 15:27, Danny Mayer wrote:
As the original developer of the Windows version of bind9, I can tell
you that ISC has removed support for the WIndows version from their
newer versions of the code and there are other
I can short-cut that a little! :) A 1067 error is always the Windows
named service failing to start. The reasons behind it are much harder to
figure out. I've seen these over the years but I don't know off the top
of my head why.
Danny
On 2/17/22 9:26 AM, Ondřej Surý wrote:
Log isn’t going
As the original developer of the Windows version of bind9, I can tell
you that ISC has removed support for the WIndows version from their
newer versions of the code and there are other changes that would need a
lot of work to catch back up. Since BIND9 is under continuous
development you'd be
Log isn’t going to help here if named is crashing. Getting a backtrace or
anything that closely resembles one would help. Running debug build under MSVS
would help. Or doing git bisect and pinpoint the breakage to a commit or at
least Merge commit would help.
This is part of the problem -
ndor that's providing a
free service.?? But enough polite requests might help.
Perhaps further discussion of this belongs elsewhere...it seems to be
wandering from BIND.
Timothe Litt
ACM Distinguished Engineer
--
This communication may not represent the ACM or my em
On 2022-02-12 01:06, Richard T.A. Neal wrote:
I run BIND on Windows as well but I've been unable to upgrade to 9.16.25 - I get an error
stating "Error Validating Account. Unable to install service using this
account.". So I'm presently running 9.16.21.
What are the last few things in the
On 17-Feb-22 04:06, G.W. Haywood wrote:
Hi Grant,
On Thu, 17 Feb 2022, Grant Taylor wrote:
Please clarify if you are talking about DNSSEC for your own zone that
they are doing secondary transfers of or if you are talking about
DNSSEC for the IPv6's reverse DNS namespace that they delegate to
On 2022-02-12 09:01, Greg Choules wrote:
> "...to use a traditional VPN solution such as DNSSEC ..."
DNSSEC is not a VPN service. It is regular, unencrypted DNS on port 53,
or whichever port you choose - see the manuals and KB articles for how
to configure non-standard ports. DNSSEC adds
Fortunately (or unfortunately), the existing port of the 9.16.x bind
code to Windows is built with Microsoft tools (MSVC2019) and contains
its own handling of differences between Windows and Unix.
If a maintainer stepped up to maintain the source for a port, I could
compile it locally for our
Ok , this is one issue solved ; I have another issue.
The main domain from previous ( example.com ) needs to be forwarded to the
internet and resolved normally, and with current configuration when I
do nslookup from inside the NDS server it resolves normally , the problem is
with client machines
Hi Grant,
On Thu, 17 Feb 2022, Grant Taylor wrote:
Please clarify if you are talking about DNSSEC for your own zone that
they are doing secondary transfers of or if you are talking about DNSSEC
for the IPv6's reverse DNS namespace that they delegate to you.
Ah, good point Grant.
The
On 17.02.22 11:08, muhanad wrote:
Hello allI have a main domain (aa.example.com) that have hundereds of
sub-domain ( bb.aa.example.com). I am setting a wildcard in the record
file for the main domain so it forwards all subdomains to a number of
addresses in a round-roben fashion( the record
Hello allI have a main domain ( aa.example.com) with hunderds of subdomains (
bb.aa.example.com). I made a wildcard record to forward all subdomains (bb.) to
a list of addresses in round-robin fashion. The problem I am fscing is the
wildcard is forwarding anything towards the the IP ( example
Hello allI have a main domain (aa.example.com) that have hundereds of
sub-domain ( bb.aa.example.com). I am setting a wildcard in the record file for
the main domain so it forwards all subdomains to a number of addresses in a
round-roben fashion( the record as follows "* IN A 192.168.1.x )
28 matches
Mail list logo