On 2022-05-17 09:50, Tony Finch wrote:
I think "master" and "slave" is actively misleading, because the DNS
protocol does not allow a master to tell a slave to do anything. (The
closest is NOTIFY which is a hint not a command.)
Furthermore, who serves whom? It is the "master" which serves zone
On 2022-02-11 10:24, Jakob Bohm via bind-users wrote:
As ISC has apparently announced that it will no longer maintain the
code for running bind on Windows operating systems, and that this is
now up to the community, is there a community group that has stepped
up to the task?
I haven't seen anyb
On 2021-05-13 09:41, Software Info wrote:
Wow. Thanks so much for all the responses. Really appreciate it. They
made me truly realize that a lot on the info on the net may be either
incomplete or just old. I understand a bit better now.
I added the line inline-signing yes;
inline-signing is not
ot shutting out
input, as we did settle this through the mailing list. :)
The README.md has to be reviewed and fixed, but I guess you don’t need
to fill the issue for this.
Thank you for the reply, Ondřej, much appreciated.
On 16. 5. 2021, at 21:50, Chuck Aurora wrote:
... and sorry, I mis
I was about to reply to some other post on this list, when I
needed to look something up to be sure about it, and I looked in
my local OS (Slackware) documentation directory for the BIND 9
ARM. It's there in what appears to be a format for the Sphinx
documentation builder, but no longer shipped i
On 2021-04-30 07:20, Sainik Biswas via bind-users wrote:
I need some help setting up a recursive nameserver for my internal
network using BIND 9. The recursive name server is not resolving any
domains.
I am running the BIND 9 package from the ppa:isc/bind repo.
BIND Version Number: 9.16.15
OS
On 2021-04-14 04:38, Gaurav Kansal wrote:
Is there a way, by which we can log denied statement w.r.t. view
somewhere in logging ?
The thing is, your view did not deny anything. Your non-.IN client
simply does not match the match-clients list for that view.
On 14/04/21 1:48 am, ma...@isc.org
On 2021-04-07 03:59, Marki wrote:
To elaborate a little bit on that... Indeed that is how it works,
unfortunately. When you start using forwarders or stubs, recursion
needs to be enabled because you're no longer looking for your own
authoritative data only.
A stub or static-stub zone would not
My guess comes from a hint in Tony's post,
On 2021-03-17 07:51, Tony Finch wrote:
17-Mar-2021 12:36:28.812 general: info: zone cam.ac.uk/IN/main:
notify from 2001:630:212:8::d:aa#43432: serial 1615984588
17-Mar-2021 12:20:36.985 general: info: zone cl.cam.ac.uk/IN/main:
notify
On 2021-02-28 17:52, Mark Andrews wrote:
Domain names without a trailing period are relative to the current
origin.
Domain names with a trailing period are absolute.
snip
On 1 Mar 2021, at 10:41, Tim Daneliuk via bind-users
wrote:
I am trying to understand when the LHS of a TXT record ne
On 2020-12-01 10:25, Karl Pielorz wrote:
--On 1 December 2020 at 10:14:50 -0600 Chuck Aurora
wrote:
On 2020-12-01 04:43, Karl Pielorz wrote:
So, as the original person that posted the question :)
My question still stands (I'd never presumed this was valid traffic)
-
what I'm
On 2020-12-01 04:43, Karl Pielorz wrote:
So, as the original person that posted the question :)
My question still stands (I'd never presumed this was valid traffic) -
what I'm trying to find out if buried within the trove of stats
produced by 'rndc stats' is there any counter, that counts:
"
No
On 2020-11-05 07:36, Bob Harold wrote:
On Thu, Nov 5, 2020 at 7:00 AM Michael De Roover
wrote:
On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote:
A good secondary offloads your server noticeably, and
keeps the domain alive in case of temporary failures.
AFAIK, authoritative slave se
On 2020-10-20 10:34, Borja Marcos wrote:
On 20 Oct 2020, at 17:28, Rick Dicaire wrote:
On Tue, Oct 20, 2020 at 10:17 AM wrote:
Dear BIND-Users,
Does someone has an idea, which log I have to activate.
While everything Borja says below, and what Kevin said in the other
subthread, is absolutel
/me catching up on earlier parts of this thread,
On 2020-10-15 11:42, alcol alcol wrote:
A DNS server can exist if you follow NIC instractions.
Mainly have you a leased line ever on? primary DNS can't be down or
NIC could down your domain.
Then you have to install and configure it. Better a fe
On 2020-10-16 06:05, Sami Ait Ali Oulahcen via bind-users wrote:
I've been looking for a way to implement this on nft or through
firewalld, but couldn't find anything comprehensive.
So if it does get updated, please let us know :)
It won't be by me, for more than one reason (I am no longer at
s.
If you're just a small operator, you're mostly unlikely to be bitten
in this way. But then you never know when you could be "slashdotted",
so it's better to be safe than to be surprised by a DoS.
On Thu, 2020-10-15 at 20:42 -0500, Chuck Aurora wrote:
Absolutely right; I w
On 2020-10-15 14:38, sth...@nethelp.no wrote:
I would run a firewall even for BIND alone on a box in case the box
gets compromised through BIND. Allowing remote access and DNS, then
dropping everything else as the general firewall policy should be
pretty straightforward. But with the IP on this p
On 2020-09-30 16:42, Karol Nowicki via bind-users wrote:
Does somebody has experience with setup /etc/dnscache/env/IP to
configure multiple Ips of network interfaces ?
I believe I might have done that in A.D. 2003. I don't recommend
using unsupported, unmaintained software, especially in such
On 2020-07-07 20:57, Victoria Risk wrote:
A while ago we created a KB article with tips on how to improve your
performance with our Kea dhcp server. The tips were fairly obvious to
our developers and this was pretty successful. We would like to do
something similar for BIND, provide a dozen or so
On 2020-07-01 00:55, Harshith Mulky wrote:
Is there an automatic way we could use reloading the zone files
rather than using rndc reload or named restart?
Within named, no. Furthermore a restart of named for changed zone
data was never a good idea. Likewise, "rndc reload" only makes sense
wh
On 2020-06-25 04:10, Techs-yama wrote:
Hi, bind forks !
I'm a spoon, not a fork! :)
[snip]
and How do you have any recommended statistics items to check by
rndc stats.
I don't know what you are looking for, but I would recommend NOT
using rndc stats:
https://kb.isc.org/docs/aa-00769
_
On 2020-06-18 06:41, Ondřej Surý wrote:
Jukka and others,
I would prefer if we didn’t scold people for typos on the mailing list.
The typo
in the message had no impact on the question itself, and here, we are
trying
to build community that’s welcoming to newcomers to the wonderful world
of DN
On 2020-05-02 14:35, Reindl Harald wrote:
Am 02.05.20 um 21:31 schrieb Chuck Aurora:
On 2020-05-02 13:23, Erich Eckner wrote:
Will there be client-side DoT/DoH support in bind, too? E.g. will my
recursive (or forwarding) resolver be able to resolve upstream dns
via
Well, a recursive
On 2020-05-02 13:23, Erich Eckner wrote:
Will there be client-side DoT/DoH support in bind, too? E.g. will my
recursive (or forwarding) resolver be able to resolve upstream dns via
Well, a recursive resolver cannot use DoT/DoH for iterative queries to
authoritative NS servers, unless authoritat
On 2020-05-02 11:32, Michael De Roover wrote:
Interesting, I wasn't aware of that. Until now I subscribed to the
whole business-only IP idea the whole time. I never thought that ISP's
or other mail servers would allow this (though granted, mine doesn't
discriminate either). Meanwhile Microsoft st
On 2020-04-23 14:16, Sarah Newman wrote:
What should happen when for a given domain:
- The domain resolves via TCP but not UDP - UDP for this domain had no
response at all.
- That authoritative nameserver hosts other domains, and those domains
resolve via UDP.
Do you have an example for this?
On 2020-04-20 10:33, Warren Kumari wrote:
On Sat, Apr 18, 2020 at 12:52 PM Tony Finch wrote:
@lbutlr wrote:
>
> Is it possible to batch update all the domains? Looking at nsupdate it
> looks like I have to step through and do every domain individually.
An UPDATE request can change many recor
On 2020-04-17 11:40, Tim Daneliuk wrote:
On 4/17/20 10:17 AM, julien soula wrote:
On Fri, Apr 17, 2020 at 09:56:21AM -0500, Tim Daneliuk wrote:
On 4/17/20 9:50 AM, Bob Harold wrote:
'dig' should tell you what address it used, at the bottom of the
output - what does it say?
;; Query time: 0
On 2020-03-19 14:53, Rick Dicaire wrote:
Hi folks, I have found that new dependencies for 9.16 prevent it
being able to build on Slackware linux 14.2 (no ply or libuv).
(Yes I'm aware I can do the additional steps of downloading,
compiling, installing the deps, but that's not the point)
FWIW bo
On 2020-03-16 10:50, I wrote the opposite of what I meant:
Usually there is need for restarting named(8)
--^ no
in normal operation.
I mean, typically anything you will want/need to do is best done by
means of rndc commands.
___
Plea
On 2020-03-16 08:48, ShubhamGoyal wrote:
I installed bind version 9.14.11 by tar file . it is working okk.
i tried
1. systemctl restart named
2. /etc/rc.d/init.d/bind restart
3. service named restart
But I do not able to restart service.
systemctl / service and friends are questions f
On 2020-03-14 12:03, Axel Rau wrote:
it seems, the dynamic update protocol does not allow things like
_acme-challenge.some-host.some.domain
TXT "tR0VhMRfb4v5WsctEgoD3aWNRJ73n2wqn9hlTPE9pA0"
because there is no zone
some-host.some.domain
I am pretty sure that is not correct, but we ca
On 2019-12-16 13:13, Roberto Carna wrote:
I have a primary and a secondary BIND9 DNS servers, working as master
/ slave with zone transfers between them.
Primary/master and secondary/slave are concepts which apply only to
authoritative servers, and in this case you are talking about these
serve
On 2019-12-07 08:24, Elimar Riesebieter wrote:
is it possible to have one key pair for DNSSEC to sign subdomains in
different zonefiles?
IIUC how it works, the generation of a key pair includes the zone name,
so no, I do not think it is possible. Also, and more to the point,
there's no benefit
On 2019-11-25 02:36, Mark Andrews wrote:
You don’t as Microsoft has not implemented TSIG.
You could, perhaps, switch the Microsoft nameserver for BIND named.
On 25 Nov 2019, at 18:52, Mundile wrote:
How do I accomplish zone transfers (Master and Slave) between Master
Linux Nameserver and
On 2019-10-23 18:14, Mik J via bind-users wrote:
Hi,
I know that the RPZ functionality aims to block/redirect/log DNS
queries from the inner network.
What about the authoritative DNS facing the Internet ?
I receive some spam, I get probed on my webservers etc.
Many of these annoiyances start w
y exploitable due to its
use of gethostbyname().
We therefore recommend that BIND operators who are using DLZ, if they
are using the contributed MySQL module, should take immediate action to
upgrade their glibc to fix the GHOST vulnerability.
--
Chuck Aurora : ISC Software Support : chu...@
38 matches
Mail list logo
