Re: Development version of BIND 9 - 9.21.10 with meson build system

msg330001.html Yes, that was me updating the package to 0.15.3. :) > 2. Configure BIND 9 > LDFLAGS="$ORIGIN/../lib" > PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH meson setup build > --wipe -Dtracing=disabled -Dnamed-lto=off > >> Surely that RPATH i

Re: Development version of BIND 9 - 9.21.10 with meson build system

An update after finally having installed BIND 9.21.10 in /usr/local on this host: $ dig xx.no. ns dig: Undefined PLT symbol "isc__lib_initialize" (symnum = 12) $ type dig dig is a tracked alias for /usr/local/bin/dig $ ldd /usr/local/bin/dig ldd: /usr/local/bin/dig: invalid E

Re: Different signed serial numbers

ke NATted addresses", you also replace the internal NS records with the external ones? Nick. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.

Re: Different signed serial numbers

you also updating those?) Nick. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.

Re: GeoIP need all files?

earch & development, security and business department On 9/23/25 08:17, Herman Brule via bind-users wrote: Hi, my env is VPS, qemu VM. See attached file for full config and full log. it's debian 12 amd64. Then systemd. Herman Jacques Roger BRULE Main developer of Supercopier/Ultracopier/C

Re: GeoIP need all files?

linux, it could be permissions higher in the tree, it could be that you are checking the file on a different server than bind is running. All these things are possible. Ondrej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated

GeoIP need all files?

open GeoIP2 database '/usr/share/geoip/GeoIP2-ISP.mmdb' (status 1) 22-Sep-2025 12:03:58.800 unable to open GeoIP2 database '/usr/share/geoip/GeoIP2-Domain.mmdb' (status 1) root@vps-50e17238:~# ls -l /usr/share/geoip/GeoIP2-Country.mmdb -rw-r--r-- 1 bind bind 9791801 Sep 14

rndc showzone?

Hi, I'm trying to extend my personal "rndc subcommand" reportoire, and for this particular problem we're seeing, "rndc showzone" would have been useful. However, in our cases, both with BIND 9.18.39 and BIND 9.20.13 that command just completes with the messa

Re: Development version of BIND 9 - 9.21.10 with meson build system

>> # meson install -C build-dir >> errors out when I have BIND 9.20 already installed in /usr/local >> with >> ERROR: Destination '/usr/local/bin/named-compilezone' already exists >> and is not a symlink > > I noticed this when replacing pre-meson 9.2

RHEL, Rocky, Fedora rpm 9.20.13

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies

BIND 9.20.12 - dnstap - RPZ - DNS-collector - Elasticsearch

Hi Folks, I just wonder if I am missing something ;-) I am currently running a POC for RPC Logging into Elasticsearch and just wonder why I can’t see any "rpz QNAME NODATA” in Elasticsearch? I am running BIND 9.20.12 as recursive resolvers -> dnstap -> DNS-collector -> Elast

I need to learn more about BIND DNS server to pass my job interview next Monday

Subject: I need to learn more about BIND DNS server to pass my job interview next Monday Good day from Singapore, I need to learn more about BIND DNS server to pass my job interview next Monday. I have received an email from a cybersecurity company/employer in Singapore today. Below is a

Re: BIND 9.20.12 - dnstap - RPZ - DNS-collector - Elasticsearch

is a concept not a record type. It indicates that the name is correct but there are no records of the requested type. -- Mark Andrews El 12 sept 2025, a las 0:34, Wolfgang Riedel via bind-users escribió:  Hi Folks, I just wonder if I am missing something ;-) I am currently running a POC for

Re: I need to learn more about BIND DNS server to pass my job interview next Monday

On Sunday, September 14th, 2025 at 4:36 PM, Benny Pedersen via bind-users wrote: > Marc skrev den 2025-09-14 10:13: > > > Why don't you chat a bit with AI. My impression is that AI is good at > > teaching you what you want to know. Quite often it messes up, but fo

Re: I need to learn more about BIND DNS server to pass my job interview next Monday

On Sun, Sep 14, 2025 at 10:42:45AM +0200, Benny Pedersen via bind-users wrote a message of 23 lines which said: > mx.junc.eu (amavis); dkim=neutral reason="invalid (public key: not > available)" header.d=i header.b="YUOrfkQZ"; dkim=fail (2048-bit key) > reason=&q

Re: I need to learn more about BIND DNS server to pass my job interview next Monday

ds → Knot DNS or NSD Which is a good opportunity to remind the OP that the interview is about DNS, not BIND. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.

RE: I need to learn more about BIND DNS server to pass my job interview next Monday

> Mr. Turritopsis Dohrnii Teo En Ming > > Targeted Individuals Singapore > > GIMP = Government-Induced Medical Problems > > 14 Sep 2025 Sunday 4.00 PM Singapore Time > > > > On Thursday, September 11th, 2025 at 10:52 PM, Turritopsis Dohrnii Teo > > En Ming teo.en.m...@pro

Re: I need to learn more about BIND DNS server to pass my job interview next Monday

Benny Pedersen via bind-users skrev den 2025-09-14 10:35: Marc skrev den 2025-09-14 10:13: Why don't you chat a bit with AI. My impression is that AI is good at teaching you what you want to know. Quite often it messes up, but for broader knowledge acquirement it should do fine.

Re: I need to learn more about BIND DNS server to pass my job interview next Monday

en AI, since AI is not that inteligent, i will keep neutral where AI is very badly -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.

Re: I need to learn more about BIND DNS server to pass my job interview next Monday

Individuals Singapore GIMP = Government-Induced Medical Problems 14 Sep 2025 Sunday 4.00 PM Singapore Time On Thursday, September 11th, 2025 at 10:52 PM, Turritopsis Dohrnii Teo En Ming wrote: > Subject: I need to learn more about BIND DNS server to pass my job interview > next

Specifying "max-cache-size default;" causes core-dump

Hi list. I've tried to raise a new issue for BIND on https://gitlab.isc.org/isc-projects/bind9/-/issues but unfortunately when I click "Create issue", it pops up a banner saying: /Your issue has been recognized as spam. Please, change the content or solve the reCAPTCHA to pro

Re: NXDomain reply after LAN IP response from forwarder for zone

Hello. What version of BIND are you running? By default, BIND will attempt to perform DNSSEC validation, which is probably why you're seeing the DS query. See here for more information on validation and DNSSEC in general: https://bind9.readthedocs.io/en/latest/dnssec-guide.html#dnssec-valid

Re: I need to learn more about BIND DNS server to pass my job interview next Monday

And you want to do this by Monday? Well good luck. Here are some resources you might start with: https://bind9.readthedocs.io/en/stable/index.html https://kb.isc.org/v1/en https://www.oreilly.com/library/view/dns-and-bind/0596100574/ The book is getting a bit old now, but makes handy reading

Re: I need to learn more about BIND DNS server to pass my job interview next Monday

On Saturday, September 13th, 2025 at 10:28 PM, Danjel Jungersen via bind-users wrote: > On 12-09-2025 08:32, Turritopsis Dohrnii Teo En Ming via bind-users wrote: > >> I am 47 years old as of 12 Sep 2025. I hope I am not getting too old to >> learn! I understand th

Re: I need to learn more about BIND DNS server to pass my job interview next Monday

On 12-09-2025 08:32, Turritopsis Dohrnii Teo En Ming via bind-users wrote: I am 47 years old as of 12 Sep 2025. I hope I am not getting too old to learn! I understand the ability to learn deteriorates with age / aging. Congratulations! I hope the same, I'm 2 years older ;-) And the ab

Re: I need to learn more about BIND DNS server to pass my job interview next Monday

On Friday, September 12th, 2025 at 2:06 AM, Benjamin Smith wrote: > This is a dream response, and it seems that you got this off you're just > honest with them about where you are and what you're doing! > > I note that they don't ask about bind, but DNS and DHCP. S

Re: I need to learn more about BIND DNS server to pass my job interview next Monday

seful to deploy it in my > home network — specifically ISC’s products because they (especially BIND) are > the de facto industry standard. Being fairly easy to use (as far as server > software goes), and being not very resource-intensive, makes it perfect for a > home lab. And bec

Re: I need to learn more about BIND DNS server to pass my job interview next Monday

.com/library/view/dns-and-bind/0596100574/ Thank you for the links to learning resources. Regards, Mr. Turritopsis Dohrnii Teo En Ming Targeted Individuals Singapore > The book is getting a bit old now, but makes handy reading anyway. > > Hope that helps. > Greg > > On Thu, 11

Re: Development version of BIND 9 - 9.21.10 with meson build system

So... I got some hints elsewhere. In my case I need $ meson setup build-dir -Dtracing=disabled $ meson compile -C build-dir However, install still errors out: # meson install -C build-dir errors out when I have BIND 9.20 already installed in /usr/local with ERROR: Destination '/usr/

Re: Forward first showing odd behavior BIND 9.11.36-RedHat-9.11.36-16.el8_10.4 (Extended Support Version)

ot deliberately unreliable or likely to fail. Hope that helps. Cheers, Greg On Fri, 5 Sept 2025 at 19:30, Reynolds, David wrote: > Greetings all, > > > > I stumbled across an oddity in BIND that may be due to my ignorance or > some other environmental factor. > > >

Re: Development version of BIND 9 - 9.21.10 with meson build system

Thanks for the suggestions! I did a local upgrade of userspace-rcu to 0.15.3, and then BIND 9.21.11 configured and built. But turning back to the original question: $ meson setup build-dir $ meson compile -C build-dir gets me the equivalent of configure make But what gets me the equivalent

Re: Development version of BIND 9 - 9.21.10 with meson build system

> Does > https://bind9.readthedocs.io/en/latest/chapter10.html#building-bind-9 > help? Yes, it gets me a bit further. The current stumbling block is that the configury system can't find liburcu-common (despite finding the other rcu libs), seemingly that's because the pkg-c

Re: Development version of BIND 9 - 9.21.10 with meson build system

> as previously announced, the BIND 9.21 (development branch) has > changed the build system from venerable autotools to meson > build system. If you build BIND 9 from sources now would be a > good time to try building the development version from sources > and report any issues

Re: Bind forwards DNS requests even though forwarding is disabled.

Hi Sascha. I have a few questions. 1) Are you sure BIND is forwarding? Is that the term you mean to use? Please can you take a binary packet capture (pcap, not copy/paste of terminal output) that shows what the BIND server is doing and send that, You may have disabled global forwarding but

Re: Bind forwards DNS requests even though forwarding is disabled.

. We will also need to know IP addresses on the server on which BIND is running and its routeing table. This is because, in your BIND config, you have not specified a query-source address, so BIND will use the address of the outgoing interface, whatever that is. Regarding recursion. I see you hav

Bind forwards DNS requests even though forwarding is disabled.

Hello, I have a Bind server running for a private Samba AD. The server is used exclusively for internal name resolution, an Adguard container is used for requests to the WAN. To enable this, forwarding is disabled on the Bind DNS (primary DNS). Unfortunately, I have noticed that the Bind DNS has

Re: Bind forwards DNS requests even though forwarding is disabled.

First of all, thank you for your quick response. In this case, “forwarding” may be somewhat of a misplaced term. What I want to achieve, and what has been working for over 5 years, is for BIND DNS to act as the primary DNS for DNS queries relating to intranet name resolution (Samba AD), and for

DNS over HTTPS in a multi-hoseted environment

from JEsus Christ is WEll done Good and Faithful servant -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-u

Re: DNSSEC policy using wrong directory?

Mike skrev den 2025-08-24 03:50: I just set up `dnssec-policy default;` in my zones. Now I'm seeing error messages like: general: error: /etc/bind/good-with-numbers.com.signed.jnl: create: permission denied Well, yeah, that's a read-only file system. options { direc

meson - rpath and chroot

I am struggling a little to adapt to meson on linux. I noticed in https://www.mail-archive.com/bind-users@lists.isc.org/msg35684.html that rpath was removed from the bind build. Now I know why my binaries could not find their libraries (I edited meson.build to re-add rpath). Am I the only end

Re: dnssec

Hello Renzo. There is no point spending time answering these questions for a version of BIND that is now obsolete. As I suggested in your other post, follow the instructions in the KB article and install 9.20. After that, if you still have questions, come back. Please also read the documentation

Re: define zone

nes, in named.rfc1912.zones file I > should to add "127.in-addr.arpa" and "255.in-addr.arpa" zones ? > > Il giorno gio 7 ago 2025 alle ore 14:24 Greg Choules < > gregchoules+bindus...@googlemail.com> ha scritto: > >> Hi again, Renzo. >> >&g

Re: define zone

Hi again, Renzo. 1) Regarding root hints, the explicit hint zone has not been necessary in BIND for many years as the hints are built-in. This applies if your resolver is doing recursion. But if you are doing global forwarding - with "forward only;" as well - then "zone ".&quo

Re: configure bind in chroot jail

> From: bind-users on behalf of Greg Choules > via bind-users > Reply to: Greg Choules > Date: Wednesday 6 August 2025 at 20:06 > To: Renzo Marengo > Cc: "bind-users@lists.isc.org" > Subject: Re: configure bind in chroot jailenzo. The Linux distros packag

Re: configure bind in chroot jail

Hi Renzo. The Linux distros package their own versions of BIND, which they obtain from ISC and patch over the years, hence it is almost guaranteed to not be the latest. That may be OK for you. But see here for how to install it directly if you choose: https://kb.isc.org/docs/isc-packages-for-bind

Re: ISC-Bind Cache preserveration

Hello, you could configure Bind at remote locations as secondaries for your internal domains, so that they have a copy of the zone locally. Other, non-internal domains probably don't matter while WAN isn'

ISC-Bind Cache preserveration

Good Afternoon, We're using ISC-Bind (v 9.16.45) out at remote locations to serve as part of local DNS service in the event of a WAN outage. However we are faced with the possibility that we might also suffer a power outage at these locations, and would have power restored before the WAN.

Re: confgiure bind files and after run chroot script ?

Hi Renzo. Firstly, please ditch 9.16, it's end of life and take a look at the latest 9.20 Secondly, you didn't respond to points made in your other post about chroot; i.e. why you think you need it. Cheers, Greg On Tue, 5 Aug 2025 at 12:52, Renzo Marengo wrote: > to configure Bi

Re: configure bind in chroot jail

Hi Renzo. This is not intended to sound negative. But why are you stuck on chroot? What benefit do you think it will bring you? It used to be the case (many years ago) that if you started BIND as root, it ran as root and chroot made sense then. But not anymore. It starts with some privilege, to

Re: configure bind in chroot jail

Have you looked here: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_networking_infrastructure_services/assembly_setting-up-and-configuring-a-bind-dns-server_networking-infrastructure-services They have a short mentioning of chroot. :-) Danjel On 7/31/2025 9

Re: configure bind in chroot jail

version 6 "some time" ago. //Danjel On 7/31/2025 8:58 AM, Renzo Marengo wrote: Thank you very much but my issue is to understand what first step I have to do, considering that the following rpm are just installed: bind.x86_64 bind-chroot.x86_64 bind-dnssec-doc.noarch bind-dnssec-ut

Re: configure bind in chroot jail

On 7/30/2025 1:11 PM, Renzo Marengo wrote: I want to install latest rpm of Bind (9.16.23-31) for Oracle Linux 9 to create only cache DNS server which is running in chroot jail. I installed several Bind packages included bind-chroot. What document do you suggest me to follow to configure bind

Re: BIND from brew on OSX - Crash

Have you tried bind in the latest macOS beta versions? James. > On 24 Jul 2025, at 5:00 pm, stuart--- via bind-users > wrote: > > Hi, > > This is mostly just me wondering if this is just a "me" issue or whether this > is endemic of BIND on OSX. > > I

BIND from brew on OSX - Crash

Hi, This is mostly just me wondering if this is just a "me" issue or whether this is endemic of BIND on OSX. I use BIND as distributed by brew.sh on OSX (14.7.6, M2 Pro) for local testing of various things and ran into an issue last week. When I configured BIND to listen on an alte

Re: DNSSEC validation broken trust July 22-23rd time.nist.gov

Hi, DNSviz is showing the issue very clearly so it was not on your side https://dnsviz.net/d/time.nist.gov/aID54g/dnssec/ regards Julian Panke Ursprüngliche Nachricht Am 24.07.25 00:18 schrieb J Doe : > Hi, > > I have a small mail server that is using: BIN

Re: suggetsed distro for Bind

ualization platform, so there’s full access to the underlying hardware. -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. On 23. 7. 2025, at 15:10, Carlos Horowicz via bind-users wrote

Re: suggetsed distro for Bind

and small with alpine linux I'd like to migrate from bind 9.11 lo last version. This service is acting as cache dns server and It' running on Centos 7 server, what Linux distro do you suggest me for new Bind?-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: 127/8 weirdness & entertainment for fun & profit.

Crist Clark writes: > Note that is all Linux-specific behavior. BSD-derived stacks are generally > different, e.g. FreeBSD and MacOS. They do not respond to addresses that > aren’t explicitly assigned to an interface. You cannot bind an address not > assigned to an interface. I

Re: BIND doesn't listen to other loopback addresses

https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/li

Re: BIND doesn't listen to other loopback addresses

Bagas Sanjaya writes: > Here in my case, I was expecting BIND to listen to 127.0.0.53 as > separate address, just like in similar applications (systemd-resolved, > dnsdist, etc). You do need to add the address to an interface, but you don't need to add a new dummy interface.

Re: 127/8 weirdness & entertainment for fun & profit.

New-Subject: host vs subnet routes Old-Subject: BIND doesn't listen to other loopback addresses On 7/6/25 1:02 AM, Ondřej Surý wrote: The IPv4 loopback is actually quite weird in this regard that 127.0.0.1/8 is assigned by everything in 127/8 automagically works without explicit ad

Re: BIND doesn't listen to other loopback addresses

https://bind9.readthedocs.io/en/stable/reference.html#namedconf-statement-automatic-interface-scan Note the phrase "...and supported by the operating system...". Linux capabilities must also be enabled (i.e. not *disabled* at build time) for BIND to be able to keep scanning as addresse

Re: question about resolving of AAAA amazoses.com

Hello and many thanks for the quick all-answering response! Thanks for Greg as well, I leave it to Petr's answer then :-) Am 04.07.2025 um 10:13 schrieb Petr Špaček: On 04. 07. 25 9:56, Florian Piekert via bind-users wrote: Hello all, I frequently have this in my logs May  4 14:29:16

Re: question about resolving of AAAA amazoses.com

Hi Florian. Well since you mention it, may we see your BIND configuration? Also "named -V", please and, if you can, a packet capture (preferably binary pcap, not just a few lines of tcpdump output) showing what your server is doing at the time you see these messages in the logs. Cheers

question about resolving of AAAA amazoses.com

feedback-smtp.us-east-1.amazonses.com/ for 127.0.0.1#44099: Name us-east-1.amazonses.com (SOA) not subdomain of zone feedback-smtp.us-east-1.amazonses.com -- invalid response and was wondering IF there is a misconfiguration on my bind? My guess is no, but I thought I'd better as

Re: Significant memory usage

“countless” reports there were not that many of them actually. How many zones can a bind instance handle realistically? Internally, we are testing BIND 9 with 1M small zones and it works just fine. What happened was that 9.20 introduced a new database backend called QP that replaced venerable custom

Re: Server crash on receiving query

Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. On 5. 11. 2024, at 11:58, James L. Brown via bind-users wrote:  On 2 Nov 2024, at 3:14 am, Scott Bradner wrote: I have the same proble

Re: Significant memory usage

g My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. On 1. 7. 2025, at 20:40, OwN-3m-All wrote: Also, 127.0.0.1 (localhost) needs to be returned for these hosts, not a NXDOMAIN response. Would that impact it? -- Vis

Re: Significant memory usage

s On 01/07/2025 19:27, OwN-3m-All wrote: >>  Apologies if I misunderstood your setup. I’ve also encountered memory issues in recent BIND versions — BIND 9.18.33 on Debian 12 is a tremendous beast, capable of handling millions of QPS — but after reducing logging (including DNSTAP) and disa

Re: Significant memory usage

Hello there, I’m not a BIND developer either, but I was intrigued when you mentioned /millions of zone entries/. Are you referring to millions of individual zones, rather than consolidating entries into a single RPZ zone? Apologies if I misunderstood your setup. I’ve also encountered memory

Re: Is there any method/config to pass through rcode refused

is any config or method to achieve > that. > > > > Thanks, > > Neil Nie > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contac

Re: dnssec/obsolete dns keys removal - how to?

On 21/06/2025 05:16, Florian Piekert via bind-users wrote: Hello, wow, that did the trick. I didn't think of this at all. It -after all- appeared to be VERY obvious. I don't know why I overlooked this possibilty. THANK YOU! Am 20.06.2025 um 19:03 schrieb Crist Clark: Do you have

Re: dnssec/obsolete dns keys removal - how to?

Hello, wow, that did the trick. I didn't think of this at all. It -after all- appeared to be VERY obvious. I don't know why I overlooked this possibilty. THANK YOU! Am 20.06.2025 um 19:03 schrieb Crist Clark: Do you have a .signed file that BIND created? To be 100%, shutdown n

dnssec/obsolete dns keys removal - how to?

deleted those files somewhen in between while trying. After a while I got a correct working setup (using the default *facepalm*). Although I have then successfully managed to get the correct key setup into the DS with the root tld zones, I have mysterious DNSKEY entries on my bind installations

Problem with latest Docker image

ternal defaults: failure (But I'm not sure what I did to generate the named.run file, and I haven't been able to recreate it) I'm not using any geo capability that I know of. I haven't changed anything in my bind config files in quite some time, and it's always worked up

Re: Significant memory usage

ket I/O Statistics ++ 191596 UDP/IPv4 sockets opened 169 TCP/IPv4 sockets opened 191580 UDP/IPv4 sockets closed 777 TCP/IPv4 sockets closed 41 UDP/IPv4 socket bind failures 43 UDP/IPv4 socket conn

Re: Significant memory usage

10:46 PM, Philip Prindeville via bind-users > wrote: > > I read: > > https://bind9.readthedocs.io/en/v9.20.9/reference.html#namedconf-statement-max-cache-size > > and it doesn’t explain the notation for . > > > > >> On Jun 8, 2025, at 10:39 PM, Ondřej Sur

Re: Significant memory usage

ybe GB is the only unit it groks. >> >> >> Jun 8 22:31:52 OpenWrt named[19145]: /etc/bind/named.conf:42: expected >> integer and optional unit or percent near ‘1536MB’ >> >> Nope: >> >> Jun 8 22:32:48 OpenWrt named[19609]: /etc/bind/named.conf:

Re: Significant memory usage

Maybe GB is the only unit it groks. Jun 8 22:31:52 OpenWrt named[19145]: /etc/bind/named.conf:42: expected integer and optional unit or percent near ‘1536MB’ Nope: Jun 8 22:32:48 OpenWrt named[19609]: /etc/bind/named.conf:43: expected integer and optional unit or percent near ‘2GB'

Re: Significant memory usage

Jun 8 22:22:10 OpenWrt named[15142]: /etc/bind/named.conf:42: expected integer and optional unit or percent near '1638MB' > On Jun 8, 2025, at 10:17 PM, Ondřej Surý wrote: > > Yes, there's no math involved, it just honors the limit. > > FTR you can als

Re: Significant memory usage

im) > ond...@isc.org > > My working hours and your working hours may be different. Please do not feel > obligated to reply outside your normal working hours. > >> Here’s my statistics-channel output: >> >> -- Visit https://lists.isc.org/mailman/listinfo/bind-us

Re: Significant memory usage

for your purposes. > > Ondrej > -- > Ondřej Surý — ISC (He/Him) > > My working hours and your working hours may be different. Please do not feel > obligated to reply outside your normal working hours. > >> On 9. 6. 2025, at 5:45, Philip Prindeville >> wrote: >> &

Re: Significant memory usage

that talk to a small number of external hosts). It’s computing the max-cache-size that I’ve set: Jun 8 21:34:08 OpenWrt named[8106]: /etc/bind/named.conf:42: 'max-cache-size 10%' - setting to 171MB (out of 1714MB) but no idea where the 1741MB that it is basing that off of is coming f

Re: Significant memory usage

t’s going on with just output of named -V. > > I would suggest to recompile names with jemalloc enabled and then use > jemalloc profiling to see where the memory goes. > > See https://www.isc.org/blogs/2023-BIND-memory-management-explained/ for more > details (search for

Re: Significant memory usage

> On Jun 8, 2025, at 3:07 PM, Philip Prindeville via bind-users > wrote: > > > >> On May 21, 2025, at 3:38 PM, Ben Scott wrote: >> >> - Original Message - >>> From: "Philip Prindeville via bind-users" >>> To: "

Re: Significant memory usage

> On May 21, 2025, at 3:38 PM, Ben Scott wrote: > > - Original Message - >> From: "Philip Prindeville via bind-users" >> To: "bind-users" >> Sent: Sunday, May 18, 2025 5:20:59 PM >> Subject: Significant memory usage > >>

Re: Significant memory usage

> On May 21, 2025, at 3:38 PM, Ben Scott wrote: > > - Original Message - >> From: "Philip Prindeville via bind-users" >> To: "bind-users" >> Sent: Sunday, May 18, 2025 5:20:59 PM >> Subject: Significant memory usage > >>

Re: QNAME minimisation question

root trust anchor)                  -b address[#port]   (bind to source address/port) etc... The rest I don't know, yet. Hope that helps, Greg Thanks Greg. On Wed, 4 Jun 2025 at 07:46, Nick Tait via bind-users wrote: I've done a bit more testing on this, and it seems like if you u

Significant Throughput Drop in BIND 9.20.8 for Batch DNS Updates – Seeking Community Insights and Solutions

Hello BIND Community, I am writing to report a significant performance drop observed after upgrading from BIND 9.18.30 to BIND 9.20.8 . We are running BIND in a batch data processing environment where large volumes of dynamic DNS updates are pushed periodically. Under 9.18.30, our system

Re: QNAME minimisation question

[#port] (bind to source address/port) etc... The rest I don't know, yet. Hope that helps, Greg On Wed, 4 Jun 2025 at 07:46, Nick Tait via bind-users < bind-users@lists.isc.org> wrote: > Hi Stace. > > The transport protocol used to ask the question is (or should be) > inde

Re: QNAME minimisation question

ot;;; WARNING: using internal name server mode: '@8.8.8.8' will be ignored" On 03/06/2025 22:36, Stacey Marshall wrote: On 3 Jun 2025, at 10:29, Nick Tait via bind-users wrote: But I also noticed that delv only makes A queries (not ), and even if I specify "-6" on t

Re: QNAME minimisation question

isit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/lis

Re: QNAME minimisation question

On 02/06/2025 23:30, Petr Špaček wrote: In short, with an empty cache, BIND will exceed pre-configured limit on number of queries it can do. This is protection from various attacks which misuse DNS to attack itself. Thanks for the explanation! This particular recursive query doesn't

Re: QNAME minimisation question

re force to set the value off or disabled, because bind finds something "strange" in the zone cut response. dig ns +dnssec 90.45.in-addr.arpa @127.0.0.1 ; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> ns +dnssec 90.45.in-addr.arpa @127.0.0.1 ;; global options: +cm

QNAME minimisation question

Hi list. I've been investigating a failure that I noticed in my DNS logs. I know the issue is related to QNAME minimisation, but rather than just turning it off (to make the problem go away), I'm trying understand whether BIND is doing exactly what it is expected to do? I can rep

Re: Dns tunnel detection/prevention

rent things. -- Grant. . . . -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-

Re: Dns tunnel detection/prevention

On 5/22/25 9:23 AM, Karol Nowicki via bind-users wrote: Does ISC Bind software by native has any dns tunneling prevention embedded ? I don't think there is anything that I would describe that way. But there may be some rate limiting option(s) that you could use to at least cripple usin

Re: 3Rd Follow Up - Re: My Introduction and current issues

-08.braze.com.cdn.cloudflare.net A 5b57 > 1053 20.772813 102.767751 2.350603 184.184.184.10 8.8.8.8 48067 Q > sdk.iad-08.braze.com.cdn.cloudflare.net A ae45 > 1054 20.773441 102.768379 0.000628 184.184.184.7 184.184.184.10 - - - ICMP > - Destination unreachable (Port unreachable) but don

Dns tunnel detection/prevention

Does ISC Bind software by native has any dns tunneling prevention embedded ?  Thanks  Wysłane z Yahoo Mail do iPhone -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us

Re: 3Rd Follow Up - Re: My Introduction and current issues

- - ICMP > - Destination unreachable (Port unreachable) but don't know which packet > this is in response to. > 1055 20.773879 102.768817 0.000438 184.184.184.10 184.184.184.80 32337 R > sdk.iad-08.braze.com A 2e9e Response to 1032 > > Note that the BIND server at ...10 makes lots

  1   2   3   4   5   6   7   8   9   10   >