:39:02
/usr/local/sbin/named -U4 -u named -c /usr/local/etc/namedb/named.conf
I am still in the process of figuring out my predecessor's custom setup...
-Oorspronkelijk bericht-
Van: Thomas Hungenberg
Verzonden: dinsdag 9 juli 2024 14:52
Aan: Lee ; Tom Marcoen (EXT)
; bind-users
I observe the same behaviour. I have similar output for TCP/53 on the loopback
and public IP addresses. The IP addresses and port numbers are the same, but
the fd (file descriptors?) are different. I assumed different threads of the
same process.
# named -V | grep ^BIND
BIND 9.18.26 (Extended
Hi Ondrej
I've created the issue:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3885
Best regards,
Tom
On 2/21/23 14:24, Ondřej Surý wrote:
Tom,
the ADB (Address DataBase) responsible for caching the delegations had been
heavily refactoring in 9.19 branch, I think the best course
D-9.18.12 regarding
lookups after flushing the name "ns2.comtronic.ch"?
- BIND-9.19.10 does A and lookups after flushing the name
"ns2.comtronic.ch", where BIND-9.18.12 only queries for A records
Many thanks for any hints.
Best regards,
Tom
--
Visit https://
Hi Aram
Thanks a lot for your quick response. I've tested with 9.18.10 which
definitely solved this issue and XoT for catalog-zones is now working fine.
Best regards,
Tom
On 1/9/23 16:38, Aram Sargsyan wrote:
Hello Tom,
I see you are using BIND 9.18.9, can you retry with the latest
o properly "speak" XoT?
btw: Using dig for transferring the zone from the primary with XoT and
TSIG is working fine:
$ dig @192.168.1.1 -k /tmp/key +tls +onesoa axfr example.ch
Many thanks in advance,
Tom
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe fro
On 11/30/22 09:27, Borja Marcos wrote:
On 30 Nov 2022, at 08:20, Tom wrote:
Hi list
Regarding ARM 9.18.9
(https://bind9.readthedocs.io/en/v9_18_9/reference.html#namedconf-statement-edns-udp-size):
"The named now sets the DON’T FRAGMENT flag on outgoing UDP packets."
Tested
set on the IP header (true for TCP, but never seen for UDP).
Which circumstands or which queries enforces BIND9 to set the "DF"-flag
on outgoing UDP-based packets?
Any hints for this?
Thanks a lot.
Tom
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscr
restart facility
rate-limit. Please attach the log which contains the real cause of failure,
e.g. by using:
# journalctl -u bind9
--
Tom Krizek
OpenPGP_0x01623B9B652A20A7.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
--
Visit https://lists.isc.org
On 10/26/22 13:13, Tom wrote:
On 10/26/22 10:19, Matthijs Mekking wrote:
Thanks for this. It probably should be removed from the docs at this
point.
When introducing dnssec-policy, my goal was to reduce the dozens of
DNSSEC related configuration options that are scattered throughout
okup
$ dig @resolver +short -x 2a02:1368:6000::cafe
static-2a02-1368-6000--cafe.cust.swissbackbone.net.
# Forward-Lookup ()
$ dig @resolver +short
static-2a02-1368-6000--cafe.cust.swissbackbone.net.
2a02:1368:6000::cafe
Best regards,
Tom
On 10/27/22 19:23, Marco wrote:
Am 27.10.202
On 10/26/22 10:19, Matthijs Mekking wrote:
Thanks for this. It probably should be removed from the docs at this point.
When introducing dnssec-policy, my goal was to reduce the dozens of
DNSSEC related configuration options that are scattered throughout
named.conf and contain them in one
On 8/17/22 06:45, Tom wrote:
On 8/17/22 02:27, Evan Hunt wrote:
On Tue, Aug 16, 2022 at 05:28:19PM +0200, Tom wrote:
Using BIND-9.18.5 as a recursive server:
What's the reason, that BIND answers with the additional section for the
the following query where for example Knot resolver
On 8/17/22 02:27, Evan Hunt wrote:
On Tue, Aug 16, 2022 at 05:28:19PM +0200, Tom wrote:
Using BIND-9.18.5 as a recursive server:
What's the reason, that BIND answers with the additional section for the
the following query where for example Knot resolver and also PowerDNS
resolver doesn't add
e: 4 msec
;; SERVER: 10.100.102.21#53(test) (UDP)
;; WHEN: Tue Aug 16 17:14:21 CEST 2022
;; MSG SIZE rcvd: 120
Any hints why BIND adds the additional section while other resolvers
doesn't? Is there an option in BIND to behave like Knot/PDNS?
Many thanks.
Regards,
Tom
--
Visit https://lists.is
On 11.05.22 11:26, Mark Andrews wrote:
Signature-refresh determines when the RRSIGs will be replaced by looking at the
expiration time and working backwards. New RRSIGs are generate Using
signature-interval.
Ah, perfect. Thx.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to
600;
nsec3param iterations 0 optout no salt-length 0;
};
Many thanks for hints/explanations.
Best regards,
Tom
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us
Hi Tony
Many thanks for your explanation!
Tom
On 10.05.22 10:46, Tony Finch wrote:
Tom wrote:
I'm wondering about the value of the "Length"-field in the dnssec-policy
state-file output, which results in "Length: 256" for domains, which are
signed with algorithm
in on "dnsviz.net" (ZSK or KSK), which results in "Key
Length: 512".
# state file
$ grep Length Karcademics.ch.+013+19238.state
Length: 256
# The ZSK/KSK for this domain on "dnsviz.net"
Key Length: 512
What's the difference between this both values?
Many thanks.
Tom
Hi Matthijs
Perfect, thank you for this information and clarifying this.
Best regards,
Tom
On 14.02.22 09:59, Matthijs Mekking wrote:
Hi Tom,
The lifetime is applied to new keys, so when the ZSK is rolled the
lifetime of the successor key should be 60 days.
I have considered applying
8 2022)
DNSKEYChange: 20220211092418 (Fri Feb 11 10:24:18 2022)
ZRRSIGChange: 20220211092418 (Fri Feb 11 10:24:18 2022)
DNSKEYState: omnipresent
ZRRSIGState: rumoured
GoalState: omnipresent
Any hints for this?
Many thanks.
Best regards,
Tom
--
Visit https://lists.isc.org/mailman/listinfo/bind-users
Hi Matthijs
I've tried several times to reproduce this behavior..., dnssec-policy
always does his job. I did not currently succeed in reproducing the
behavior. I will make a few more attempts and otherwise inform you.
Thank you.
Best regards,
Tom
On 29.11.21 10:56, Matthijs Mekking wrote
without recreating a new KSK?
I assume, that disabling DNSSEC completely and creating a new ZSK/KSK
will work, but in the case now, I already have the mentioned KSK (61416).
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/list
log?
Many thanks.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact
Hi Matthijs
Thank you for your explanation.
The documentation says, that "any record encountered with a TTL higher
than max-zone-ttl is capped at the maximum permissible TTL value".
Is the documentation wrong here?
Thank you.
Kind regards,
Tom
On 21.09.21 09:47, Matthijs Mek
3cprtWPAOwEuUvaiV5DKYWxhJHrdU6FL7Jk2+aNavOao
lTzQMKev2OF6TqPhXXfaHANIz+tiVhZaeaDCDagkSA== )
...
...
What do I misunderstand here?
Many thanks for a hint.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsu
com.db.jnl
Is this intentional or possibly a bug?
Many thanks.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact u
: expected
serial 2021050100, got 2021050300
03-May-2021 00:20:28.532 general: error: zone example.com/IN:
dns_journal_compact failed: unexpected error
Thank you.
Kind regards,
Tom
On 01.05.21 08:52, Mark Andrews wrote:
Named should automatically correct this error. The journal version was no
s.bind.jnl.
Any hints about this error?
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact u
Hi,
at my work place we have a three resolver setup in /etc/resolv.conf.
We had sometimes, though rarely, response times for DNS like 14000ms,
due to the fact that the *first* listed resolver is down for maintenance
reasons. The application we test this with is Oracle/TNSPing.
As a mitigation we
Hey all,
Just wondering here, why switching from CentOS to Debian or building BIND
from sources? What is wrong with migrating to CentOS Stream? Why would that
be so much worse than using Debian?
Regards,
Tom
On Sat, 19 Dec 2020 at 00:25, G.W. Haywood via bind-users <
bind-users@lists.isc.
;, meaning
"no limit" (see
the ARM for version 9.16.8 on page 73).
[1]: https://kb.isc.org/docs/aa-00994
[2]: https://conference.apnic.net/data/37/apricot-2014-rrl_1393309768.pdf
Best regards,
Tom
On Fri, 27 Nov 2020 at 08:00, Onur GURSOY wrote:
>
> Hello Everyone,
>
> Bind9
Thank you for your valuable feedback. It is much appreciated.
On Fri, 20 Nov 2020 at 19:37, Reindl Harald wrote:
>
> Am 08.11.20 um 14:44 schrieb Timothe Litt:
>
>
> I'm amazed that this thread has persisted for so long on this list of
> knowledgeable people
>
>
> me too, i would understand
Having at least two name servers is not a requirement by the RFC standards
but which TLD allows for only one NS server to be given when hou register a
domain?
On Sat, 7 Nov 2020 at 16:53, Kevin A. McGrail wrote:
> On 11/7/2020 10:15 AM, Reindl Harald wrote:
>
>
>
; Ale
Is it not a requirement to have at least two authoritative name
servers? I believe all TLDs require at least two name servers but I
must be mistaking as no one pointed this out yet.
Regards,
Tom
___
Please visit https://lists.isc.org/mailman/list
recursion? Is there a better way with not enabling recursion
(perhaps with views) to accomplish this?
Many thanks for any hints.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC
1638 (Thu Apr 9 08:16:38 2020)
example.com. 60 IN DNSKEY 257 3 13
uV/NtPZSL1fmO3FAi4pZCcbTl19iD3SizgVcDXGJEl1g4l/cHUGvVl33
3cx2cODA6RUj55pZa77g1VBtFBXByg==
Any hints, why in this case the dnssec-policy mechanism doesn't publish
the CDS/CDNSKEY records?
Many thanks.
Kind regards,
Tom
Hi Mark
Heureka..., that did the trick. The zone is inline signed and after I
added the already existing DNSKEY records in the raw zone file, the
CDS/CDNSKEY deletion record was accepted and the zone was loaded.
Many thanks.
Kind regards,
Tom
On 21.02.20 21:08, Mark Andrews wrote
IN CDS 0 0 0 00
@ IN CDNSKEY 0 3 0 AA==
SCHNAPP
21-Feb-2020 08:13:40.939 general: error: zone example.com/IN (unsigned):
CDS/CDNSKEY consistency checks failed
21-Feb-2020 08:13:40.939 zoneload: error: zone example.com/IN
(unsigned): not loaded due to errors.
17:31:25.381 zoneload: error: zone example.com/IN
(unsigned): not loaded due to errors.
In which version will this issue be fixed?
Many thanks.
Kind regards,
Tom
On 11.01.20 08:48, Mark Andrews wrote:
Open a ticket saying “CDS/CDNSKEY not handled when performing constancy checks
for this?
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
here I can configure a zone-wide exception for
"qname-minimization" in a (pseudo)-way like this:
zone "gracenote.com." { qname-minimization off; };
What's the best way to "enable" resolution for the mentioned zone
thanks for any hints/ideas.
Kind regards,
Tom
On 11.03.19 09:14, Tom wrote:
Hi list
We're sometimes receiving the same error as described in
https://gitlab.isc.org/isc-projects/bind9/issues/256 after reloading BIND.
zone example.com/IN (signed): receive_secure_serial: unchanged
What does this
, that DNSSEC is working fine, but the error is confusing.
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
NSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;org. IN DNSKEY
...
...
Any hints for this behavior?
Many thanks.
Tom
___
Please visit https://lists.isc.or
Perfect.., many thanks for your hints.
Tom
On 29.01.19 16:33, Tony Finch wrote:
Tom wrote:
We're running BIND-9.12.3-P1 on our authoritative servers and we have the same
behavior with 0-ttl with a invalid soa-query. Is this bind-specific? Why does
an invalid soa-record responds with 0-ttl
P1 on our authoritative servers and we have
the same behavior with 0-ttl with a invalid soa-query. Is this
bind-specific? Why does an invalid soa-record responds with 0-ttl in the
authority-section?
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On 16.01.19 08:08, Evan Hunt wrote:
On Wed, Jan 16, 2019 at 07:02:05AM +0100, Tom wrote:
$ dig +norec -4 @ns3.example.com www.mydomain.net
; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> +norec -4 @ns3.example.com
www.mydomain.net
; (1 server found)
;; global opt
3
In both authoritative configurations I've set "minimal-responses no;",
but on 9.12.3-P1, no additional section comes back.
Thank you.
Kind regards,
Tom
On 15.01.19 19:15, Evan Hunt wrote:
On Tue, Jan 15, 2019 at 02:40:51PM +0100, Tom wrote:
After migrating from 9.11.x to 9.12.3-P1
hy this happens when
"minimal-responses no;" is configured.
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Sat, Jan 5, 2019 at 10:06 Warren Kumari wrote:
> On Sat, Jan 5, 2019 at 7:06 AM Tom Browder wrote:
>
>> I have two remote servers: (1) one with one
>>
> ...
> Question: Can I use one or both servers as authoritative bind dns servers,
>> or should I ge
for that purpose?
If they are usable, is it preferable to have a unique IP instead of sharing
with other services?
Thanks, and Happy New Year!
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
Hi Daniel
Thank you for your feedback. This could be a solution.
It seems, that unbound can do this (not verified) and BIND-RPZ can't do
this actually:
https://serverfault.com/questions/18748/overriding-some-dns-entries-in-bind-for-internal-networks
Any plans for BIND?
Tom
On 12.11.18 08
addresses from your databases. These often occur because the
customer no longer has the email address they originally gave you (or they had
a typo in what they gave you).
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Tom
Sent: Thursday, November
Fore example "example.com" and "*.example.com" are blacklisted. I would
like to return a real ip address for special query types like MX or TXT,
but not for A or .
Tom
On 08.11.18 16:44, Barry Margolin wrote:
In article ,
Tom wrote:
Hi all
Is there a way to ov
Hi all
Is there a way to override/rewrite QTYPE (ex. MX) with RPZ? If no, is
this planned in future releases of BIND?
Regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
umpdb" nevertheless the
TTL in the form of "serve-stale" is shown (even if the
serve-stale-status = off)?
Thank you.
Tom
On 23.10.18 10:25, Michał Kępień wrote:
After querying my resolver for "testbla11.example.com", I receive a NXDOMAIN
response with a minimum-ttl (in the s
e "rndc
dumpdb"-output I have a value for 605082.
Any hints?
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
htt
Hi people, I have two BIND 9.10.3 servers with DNSSEC validation enabled,
one in one client and the other in another client.
Both BIND have the same configuration lines relative to DNSSEC validation:
dnssec-validation auto;
dnssec-enable yes;
and both has the current and future key in
te new
log files.
...or you use "copytruncate", so the file will be copied and the other
stuff (compress, rotate 180, etc..) and then truncated, so BIND has
still the same filedescriptors open, but the logfile is rotated :-).
This way, you don't need to "rndc reconfig"
, to force BIND automatically to renew the RRSIGs?
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailma
ups.
I've tested with simple iptables-rules on my resolver, which are
blocking outbound-connections to one or more authoritative servers of a
zone for simulating the "lame-servers"-behavior.
Any explanation or hints for this (mis)-behavior?
Thank you.
Kind regards,
Tom
On 01/09/2018 05:11 PM, Tony Finch wrote:
Tom <tomtux...@gmail.com> wrote:
Slip is set to "0" (always drop). After stopping the flood, I'm immediately
able to query the same record (www.example.com) with a positive answer. Does
the "window 5;" or "window 30;&
On 01/09/2018 02:49 PM, Tony Finch wrote:
Tom <tomtux...@gmail.com> wrote:
If I set the "responses-per-second 5;" and the "window 30;", then begin
flooding (the responses are correctly dropped), then stop flooding, then
querying the nameserver from the same source
60
or 3600.
Any hints / explanation for the behavior of the "window"-value?
Many thanks.
Tom
On 01/05/2018 07:27 PM, Tony Finch wrote:
Tom <tomtux...@gmail.com> wrote:
Could someone explain the problem here? Why do I never have to wait longer
than about 5s until I'm able to q
Why do I never have to wait
longer than about 5s until I'm able to query the nameserver from the
unique client with the same query again?
Many thanks.
Kind regards,
Tom
On 03/27/2017 11:33 AM, Tony Finch wrote:
Tom <tomtux...@gmail.com> wrote:
Can someone explain the behaviour of
bout 60-65
seconds later, after I've stopped the "test"-attack (confirmed multiple
times..)?
My rate-config:
rate-limit {
responses-per-second 5;
slip 0;
window 5;
};
Many thank
il.example.com.
> @ IN TXT "v=spf1 mx -all"
Thanks, Matus.
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
rs with bind. But
that is down the road a bit. This a hobby and I can only put so much time
in with each kitchen pass!
Thanks.
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing lis
On Wed, Aug 23, 2017 at 17:25 Alan Clegg wrote:
> Now you broke the A record. Get rid of the trailing dot.
>
Done.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
On Wed, Aug 23, 2017 at 2:28 PM, Tom Browder <tom.brow...@gmail.com> wrote:
...
> I have a single remote server with one IP address (142.54.186.2) I am using
> it to host multiple, independent domains. I am working on configuring a
> single postfix instance to serve mail for all do
On Wed, Aug 23, 2017 at 2:58 PM, John Miller <johnm...@brandeis.edu> wrote:
> Hi Tom,
>
> You'll want to change your MX records to point to the name, rather
> than the IP, of your mail server. Note that your MX target does _not_
> have to be in the same domain as the
On Wed, Aug 23, 2017 at 2:54 PM, Alan Clegg <a...@clegg.com> wrote:
> MX record needs a name and not an IP address. Beyond that, seems fine.
Thanks, Alan.
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscr
On Wed, Aug 23, 2017 at 3:01 PM, <wbr...@e1b.org> wrote:
> MX records cannot point to an IP address. try this:
>
> x.tld MX 10 x.tld.
Thanks, William!
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
e address resolves to)'
...
> You don’t have an SOA record, or NS records. Those are also required,
I should have been a little clearer about the DNS server: I'm using
Namecheap so some things like SOA and NS records are done using their
entry form.
I'll change the MX record
ain look look appropriate:
# For each domain X.TLD:
X.TLD. INA 142.54.186.2.
*.X.TLD.IN CNAME X.TLD.
X.TLD. INMX 10 142.54.186.2.
X.TLD. INTXT "v=spf1 mx -all"
Thanks.
With
On Sat, Jul 22, 2017 at 04:06 Alberto Colosi <al...@hotmail.com> wrote:
> as just said inside previous mail
>
> ever if you edit some , you should understand
>
Thanks for your help and good links, Alberto.
-Tom
___
Please visit htt
On Fri, Jul 21, 2017 at 3:46 PM, Tom Browder <tom.brow...@gmail.com> wrote:
> How does one install bind9 from source and set it up to work with systemd?
>
> I copied a bind9.service file from a Debian 9 package installation but
> I think it's more complicated than that.
So
How does one install bind9 from source and set it up to work with systemd?
I copied a bind9.service file from a Debian 9 package installation but
I think it's more complicated than that.
Thanks.
-Tom
___
Please visit https://lists.isc.org/mailman
ts of a caching
> NS, but if you need to run BIND anyway
I meant to say I intend to run as an authoritative DNS server for my
personal domains.
I assume Reindl's answer is still valid.
BTW, anything special I need for the bind service file?
On Wed, Jul 19, 2017 at 05:42 Reindl Harald <h.rei...@thelounge.net> wrote:
> Am 19.07.2017 um 12:37 schrieb Tom Browder:
> > I want to host my own DNS servers, but I need the master to share Bind
> > with other services, specifically Apache 2.4, Postfix 3.3, and Mailma
,
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Hi
Can someone explain the behaviour of "window" in the rate-limit-context?
I've tried "responses-per-second 10; window 3;" and had the same results
as "responses-per-second 10; window 5;".
Any simple explanation for the "window"-di
the reason, that it isn't necessary to run modern version of bind
in a jail?
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.o
the slave-zone again...just for the view2.
Thank you.
Tom
On 09/16/2016 12:22 PM, Tony Finch wrote:
Anand Buddhdev <ana...@ripe.net> wrote:
In newer versions of BIND, you cannot share a writable file in different
views. This is a bad configurtion, and newer versions of BIND reject it
/malware.rpz.spamhaus.org': already in use: /etc/named/named.conf:259
Is there a way to support RPZ in views? I want to achieve that
Customer01 (view01) should have different RPZ-options than Customer02
(view02) using the same RPZ-Files.
Thank you.
Kind regards,
Tom
se
"on-the-fly", whose zone is configured as "slave"? Because we use
configured some third-party-rpz-zones, the soa-record is predefined...
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users t
Hi Mukund
Many thanks for your hint. In fact named was compiled with
"--enable-querytrace". After recompiling 9.10.4-P2 without querytrace,
the log looks good.
Kind regards,
Tom
On 09/06/2016 09:32 AM, Mukund Sivaraman wrote:
Hi Tom
On Tue, Sep 06, 2016 at 07:37:50AM +0200,
Is there a workaround/configuration-directive not to log every request
with this "error"? One way would be using BIND 9.9.9-P2 (because this
code was added in 9.10.x...), but I would prefer 9.10.x.
Kind regards,
Tom
On 08/31/2016 03:05 PM, Tony Finch wrote:
Tom <tomtux...@gma
n able to find it again.
On today's Internet, you want your mail server to EHLO with a name
> that has matching forward and reverse DNS with the server's IP. If
> you don't, you look unnecessarily like a spambot.
...
A very good reason, indeed!
Thanks again.
Best regards,
-Tom
_
the names I use for the IPv4 records.
Thanks for your always helpful advice.
Best regards,
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc
On Tuesday, August 30, 2016, Woodworth, John R <
john.woodwo...@centurylink.com> wrote:
>
> I have a slightly unorthodox view on this which may even offer a bit more
>
> security. The answers are listed below inline.
>
> ...
Thanks, Jo
- perhaps
> the address range in which your local machine is to be allocated its
> address?
>
Thanks, Cathy.
Best regards
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing li
Sorry...wrong post. After a little bit more testing, the errors are
still appearing. The masterfile-format didn't solved the errors
Thank you,
Tom
On 08/30/2016 08:20 AM, Tom wrote:
Hi list
After some more troubleshooting, I was able to locate the problem:
- One Spamhaus-Zone-File
file-format map;" for this zone, then the error
disappered.
Any hints for this behaviour?
Kind regards,
On 08/30/2016 06:53 AM, Tom wrote:
Hi list
Using self-compiled latest bind (9.10.4-P2):
I have a bind-setup with activated response-policy-zones. For *each*
client-forward-query, w
107b0a8700 (yahoo.com/A): rpz_rewrite_name: mismatched
summary data; continuing
...
...
The client receives the right response, dns-rpz is also working, but I'm
suspicious about the errors mentioned above. Any hints?
Thanks a lot.
Kind regards,
Tom
On Saturday, August 27, 2016, Lyle <l...@lcrcomputer.net> wrote:
> On 08/27/16 10:54, Tom Browder wrote:
>
> https://calomel.org/dynamic_dns_ddns.htmlMy plan is to have two
>
> 2. Can I use rndc from my local host which doesn't have a fixed ip address?
>
> ...
&
them to insert the
> records you think necessary including your mail server's host name.
>
Thanks, Lyle!
Best regards,
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-user
On Saturday, August 27, 2016, Warren Kumari <war...@kumari.net> wrote:
> On Saturday, August 27, 2016, Tom Browder <tom.brow...@gmail.com
> <javascript:_e(%7B%7D,'cvml','tom.brow...@gmail.com');>> wrote:
>
>> My plan is to have two remote, authoritative name ser
On Saturday, August 27, 2016, /dev/rob0 <r...@gmx.co.uk> wrote:
> On Sat, Aug 27, 2016 at 10:47:36AM -0500, Tom Browder wrote:
> > I do not control 3-octet networks but need reverse mapping for my
> > mail server.
>
> Discuss that with your ISP or netblock owner.
...
1 - 100 of 141 matches
Mail list logo