Correct.
On Fri, 28 Jun 2024, 12:54 Renzo Marengo, wrote:
> Ok very veri interesting,and about this doubt?
>
> etc/resolv.conf in bind server is used only from client services ? E.g.
> ping tool
> I think bind9 dns service doesn't contact any /etc/resolv.conf, right?
>
>
Hi again Renzo.
In general, BIND (and other resolvers) make non-recursives (aka iterative)
queries to authoritative servers, such as the roots and others.
- Clients (laptops etc.) make recursive queries to the DCs. If the DCs know
the answer they respond immediately; no forwarding needed
Hi Renzo.
You're welcome.
1) Correct. You don't need forwarding for a simple resolver. Take a look at
the meaning of the RD flag in the BIND protocol header. This should help
you understand the difference between recursive and non-recursive queries.
2) No. See 1)
3) Yes. For a standard resolver
Hi Renzo.
Thank you for that. The hints look OK. A bit old, but they will work.
The first thing I would advise you to do as a matter of priority is to
upgrade BIND.
9.11 has been end-of-life for a few years and there have been many security
fixes since then. 9.18.27 is the current version.
You
Hi Renzo.
Ah OK, I had it the wrong way round. AD DNS needs to resolve names in the
Internet on behalf of its clients, so it forwards to BIND.
In that case, two questions:
1) What version of BIND are you running? You can get this with "named -V"
2) What is in the file "named.ca&qu
Hi Renzo.
Firstly, please can we see your BIND configuration and have the actual AD
domain name.
Secondly, BIND, or any other recursive DNS server, does not 'forward' to
the root servers, unless you have configured it explicitly to do so, which
would be a bad idea and not work anyway
I think you’ve given me exactly what was needed.
>
>
>
> Brian
>
>
>
> *From:* Greg Choules
> *Sent:* Wednesday, June 26, 2024 12:29 PM
> *To:* Cuttler, Brian R (HEALTH)
> *Cc:* bind-users
> *Subject:* Re: rolling my own hints file
>
>
>
> Yo
was needed.
Brian
From: Greg Choules
Sent: Wednesday, June 26, 2024 12:29 PM
To: Cuttler, Brian R (HEALTH)
Cc: bind-users
Subject: Re: rolling my own hints file
You don't often get email from
gregchoules+bindus...@googlemail.com<mailto:gregchoules+bindus...@googlemail.com>.
Learn why t
Hi Brian.
Yes, you can define your own hint zone and tell BIND to use it. The
contents (I called the file "db.root" but the name is your choice) could be
as simple as:
@ 300 IN A 127.0.0.3
@ 300 IN NS @
which says for this zone (which will be called ".", coming next) the
Running Bind 9.18.18 on Ubuntu 22.04
We would like to use root servers within our organization rather than the
actual root servers.
I updated the hints file with the names and IPs of our servers, but we seem to
still access the official root servers.
Wondering how I ignore the internal/build
Hi Sami.
If you can, I would set up a new BIND (test) server running the current
code - 9.18.27 - next to your current production system and compare how
they behave: current code uses NS queries for qmin rather than _... A
queries. There may still be failures, but this would allow you to pinpoint
in this case it means
successfully got an answer for the question that was originally being
pursued. In this context, a negative answer is still a successful
resolution, unlike timeout or servfail from auths or various other
failures.
--
tale
--
Visit https://lists.isc.org/mailman/listinfo/bi
No, I haven’t run BIND on Solaris in years – this question is regarding the
EPEL repos that ISC provides that can be used by CentOS and RHEL. I just
mentioned Solaris because there were no binary releases back then, and to thank
ISC since it’s a lot easier to install BIND from the EPEL
We’ve been using the ISC BIND 9 COPR repositories at
https://copr.fedorainfracloud.org/coprs/isc/ for a few years now, but I had a
question – is there a planned date to update the “bind-esv” channel to provide
BIND 9.18 rather than BIND 9.16? Since 9.16 is now EOL we’ve switched to using
eflect that:
> https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9092/diffs
>
> Petr Špaček
> Internet Systems Consortium
>
> On 06. 06. 24 21:01, Michael Paoli via bind-users wrote:
> > Ah, thanks!
> >
> > Yeah, that's what I was looking to
on the mailing list archive:
https://www.mail-archive.com/bind-users@lists.isc.org/msg34359.html
Ged, I'll forward the email headers to you privately, but I trust you'll
find that they support the explanation offered below.
Thanks again everyone who took the time to respond. :-)
Nick.
On 07/06
o match the
relay's rDNS. "
In the header of the mail I find
Received: from mgptr-132-188.piano.io (mgptr-132-188.piano.io
[159.135.132.188])
[...]
From: Mallorca Zeitung
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of t
Hi list.
I received the email below, which on the face of it looks pretty bogus
(especially since this supposed 'list' email is personalised with my
name). But the message headers show that this email was relayed to my MX
server from the same MTA that relays legitimate emails from the
bind
rg/isc-projects/bind9/-/blob/main/doc/misc/dnssec-policy.default.conf
>
> On Thu, Jun 6, 2024 at 8:19 AM Michael Paoli via bind-users
> wrote:
>>
>> dnssec-policy default - where/how to determine what all its settings are?
>> Documentation
>> doc/bind9-doc/arm
:
bind9 1:9.18.24-1
bind9-doc 1:9.18.24-1
and also ISC BIND 9.18.24 source and 9.18.27 source and documentation.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us
Hello!
Am 2024-06-04 15:28, schrieb Greg Choules:
Hi Thomas.
Firstly, I doubt you actually need to kill and restart `named`.
Flushing the cache would probably work, either all of it or just
selected names.
Secondly, take a packet capture of this happening and analyse what
BIND is really doing
Hi Thomas.
Firstly, I doubt you actually need to kill and restart `named`. Flushing
the cache would probably work, either all of it or just selected names.
Secondly, take a packet capture of this happening and analyse what BIND is
really doing, in Wireshark.
- If it shows up that certain NS
Am 2024-06-04 09:50, schrieb Matus UHLAR - fantomas:
On 03.06.24 18:46, Thomas Barth via bind-users wrote:
Should I perhaps ask the mail user to unsubscribe from this website
due to troubles of bad configuration?
yeah I guess you should, their DNS servers are pretty much messed up
On 4/06/2024 12:44 am, Thomas Barth via bind-users wrote:
unfortunately, today I had to restart bind9 for the third time in an
attempt to send a newsletter to get rid the communication error,
although with a query response of 1800 msecs. Is it possible to
configure bind9 so that a public DNS
Could you send the email from another account (which doesn't use your DNS
server)? It's not too hard to set up a free account with services like Outlook,
Yahoo or (if desperate) Gmail.
On Mon, 03 Jun 2024 18:46:40 +0200
Thomas Barth via bind-users wrote:
> Hello,
>
> I cannot
Hello,
I cannot send them an email to inform about a dns problem. The mail gets
stuck in the queue.
postqueue -p
(Host or domain name not found. Name service error for name=mx.renr.es
type=A: Host not found, try again)
r...@mallorcazeitung.es
Bind
domain and bind9 for everything else? Because dig
@9.9.9.9 s1._domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es always works
with a good response.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support
h autoconf and cross-compilation w/ MUSL?
I wanted to do a bump on bind to pick up this fix:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
Thanks,
-Philip
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software
://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
ing (found it on a website), but the first
attempt resulted in an error. I'm a bit too exhausted now, as I've been
sitting in front of the PC all week and now need to take a break.
mkdir /var/log/named
chown bind:root /var/log/named
chmod 0750 /var/log/named
nano /etc/bind/named.conf.loca
oes not exist (which is obvious), and nothing exists
below that node either. See RFC 8020.
Regards,
- Håvard
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https:
Sorry did not spend too much time thinking about this but if you are checking
DKIM should that be a TXT query instead of an A record?
John
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Thomas
Barth via bind-users
Sent: Friday, May 31, 2024
he Postfix journal I can read:
May 30 13:40:50 mx1 postfix/smtpd[257112]: warning: timeout talking to
proxy localhost:10024
May 30 13:40:50 mx1 postfix/smtpd[257112]: proxy-reject: END-OF-MESSAGE:
451 4.3.0 Error: queue file write error; ...
My settings in /etc/
Hi Brian.
We're going to need some details please, like for starters:
- What's the domain being queried?
- A network diagram showing where your BIND server is and what it's
forwarding to.
- IP addresses of everything.
- A packet capture (binary pcap format, not a snippet or a screenshot) from
your
My bad - I'd mailed this mistakenly to an individual and not the list.
---
I am currently running BIND 9.18.18-0ubuntu0.22.04.2-Ubuntu.
I am sometimes seeing that I don't have resolution for some FQDN in forwarder
zones.
Usually it works, sometimes I don't get resolution. Interesting I failed
You did look at the
descriptions of all of the categories?
https://bind9.readthedocs.io/en/stable/reference.html#namedconf-statement-category
OpenPGP_signature.asc
Description: OpenPGP digital signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds th
he logging function itself._
Should the trace level of 99 generate more information in the logs for
the update function than I am observing?
-Erik
OpenPGP_signature.asc
Description: OpenPGP digital signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this
Eagle-Eye Cherry - Save Tonight (youtube.com)
<https://www.youtube.com/watch?v=Nntd2fgMUYw>
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.i
Hello Mark & List,
Thank you for responding, I'm running bind-9.18.26-1.fc40.x86_64 and
using nsupdate 9.16.27-Debian to send the updates, using rndc Version:
9.18.26.
I'm issuing commands through rndc to set the trace level to 99 -> "rndc
trace 99". rndc seems to work
grades were seamless.
Really wondering how to get debug level logs on this module.
On 5/24/24 11:31 AM, John Thurston wrote:
named-conf -px
OpenPGP_signature.asc
Description: OpenPGP digital signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
nts?
I'm running BIND 9.18.26 (Extended Support Version) from Fedora 40.
The updates and keys had been working correctly until the update to
Fedora 40/BIND 9.18.26
The issues I'm experiencing are only applying to a single key &
update-policy line, other TSIG's are working corr
ist, FWIW. :)
Best regards,
- Håvard
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
b
> I frontend DoH and DoT traffic with nginx and use that for
> analytics/statistics.
Thanks, but I think that violates the KISS principle.
Regards,
- Håvard
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this so
> Doesn't dig already offer DoT using +tls and DoH using +https?
You're right, it does.
I need to sort out my $PATH...
Regards,
- Håvard
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid supp
Doesn't dig already offer DoT using +tls and DoH using +https ?
Don Friesen
-Original Message-
From: bind-users On Behalf Of Ondrej Surý
Sent: Wednesday, May 22, 2024 8:09 AM
To: Havard Eidnes
Cc: bind-users@lists.isc.org
Subject: Re: Make dig and nslookup DNSSEC aware?
[EXTERNAL
Hi,
I recently had reason to enable BIND 9.18.27 to do DoT and DoH
(done via unbound earlier), and it all appears to work well so
far.
I have configured
statistics-channels {
inet 127.0.0.1 port 8053 allow { 127.0.0.1; };
inet port 8053 allow { blah; };
};
The former
validating
recursive resolver does; watch for the 'ad' flag from one such
instead?
Regards,
- Håvard
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc
y from the "knot"
name server is able to do DoT and DoH (the latter only if
configured to use libnghttp2), and in my case that was the
shorter path to the goal of having a CLI tool to do DoT and DoH
testing.
Regards,
- Håvard
--
Visit https://lists.isc.org/mailman/listinfo/bind-user
No idea what OS or product.
This is a compile, as in build the binary, or a daemon run issue?
For myself I have an Ubuntu base and am running IND 9.18.x. Not locally
compiled.
I have found journalctl, systemctl, bind logs and /usr/bin/named-checkconf and
named-checkzone to be very useful
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
https://www.five-ten-sg.com/mapper/bind contains links to the source
rpm, and build instructions. This .src.rpm contains a .tar.gz file with
the ARM documentation, so the rpm rebuild process does not need sphinx-
build and associated dependencies
On 18/05/2024 09:11, J Doe wrote:
Hello,
When using RPZ with BIND 9.18.27 and rpz-ip, can any CIDR prefix be used
or must they be either: /8, /16, /24, /32 for IPv4 ?
For example, if I want to block records with an A address of
192.168.10.1, I know I can write:
32.1.10.168.192.rpz-ip
a generic target for all subdomains as each entity
> has its own target for SRV entries.
>
> -----Message d'origine-
>
> De : bind-users bind-users-boun...@lists.isc.org De la part de Matus
> UHLAR - fantoms
> Envoyé : mardi 14 mai 2024 15:58
> À : bind-users@lists
Hello,
I use bind (stock from alma 9.3) as a nameserver for a webhosting server
with webmin/virtualmin.
If I install BIND via copr (RHEL9 and derivatives only offer 9.16 instead of
9.18 - I want to experiment with DoT for opportunistic TLS between
nameservers, upcoming standard <ht
On 01.05.2024 01:33, Mark Andrews wrote:
On 1 May 2024, at 03:32, Lee wrote:
On Mon, Apr 29, 2024 at 11:40 PM Walter H. wrote:
On 29.04.2024 22:19, Lee wrote:
On Sun, Apr 28, 2024 at 2:18 AM Walter H. via bind-users
wrote:
something that I replied to and got this in response:
Error Icon
On 29.04.2024 22:19, Lee wrote:
On Sun, Apr 28, 2024 at 2:18 AM Walter H. via bind-users
wrote:
something that I replied to and got this in response:
Error Icon
Message blocked
Your message to Walter.H@[..snip..] has been blocked. See technical
details below for more information
|Try these four
|
|
|
|fail01.dnssec.works|
|fail02.dnssec.works|
|fail03.dnssec.works|
|fail04.dnssec.works|
and then with +cd and note the difference;
On 28.04.2024 08:17, Walter H. via bind-users wrote:
On 27.04.2024 16:54, Lee wrote:
On Sat, Apr 27, 2024 at 9:50 AM Walter H. via bind
dear admin:
now, i use bind-9.18-21, i want to use ecs client subnet function; but i
don't know how to configure it, and i don't get method from google
please give me some example,or document , or google links to learn about
it ;
thanks!
Yang
395096...@qq.com--
Visit https
On 27.04.2024 16:54, Lee wrote:
On Sat, Apr 27, 2024 at 9:50 AM Walter H. via bind-users
wrote:
# host dnssec-analyzer.verisignlabs.com
dnssec-analyzer.verisignlabs.com is an alias for
dnssec-analyzer-gslb.verisignlabs.com.
dnssec-analyzer-gslb.verisignlabs.com has address 209.131.158.42
& this in the bind errors_log file:
$ grep dnssec-analyzer.verisignlabs.com named-errors.log | tail -1
26-Apr-2024 19:28:37.600 query-errors: info: client @0x7f384488e3c0
127.0.0.1#47121 (dnssec-analyzer.verisignlabs.com): query failed
(failure) for dnssec-analyzer.verisignlabs.com/IN/ at que
advertises itself as authoritative
> for 85.191.131.in-addr.arpa
Yep. Both of the resolveable NSes ns102.click-network.com and
fs838.click-network.com claim authority over 191.131.in-addr.arpa,
which they don't have according to the parent zone DNS delegations.
Regards,
- Håvard
--
address for 'ns102.click-network.com': not found
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users
Hi.
In BIND, since 9.11, there is an option/view statement called
"minimal-any", which defaults to "no". That might be what you're after.
Cheers, Greg
On Sat, 20 Apr 2024 at 17:29, Amaury Van Pevenaeyge <
avanpevenae...@outlook.fr> wrote:
> Hello everyone,
&
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
https://www.five-ten-sg.com/mapper/bind contains links to the source
rpm, and build instructions. This .src.rpm contains a .tar.gz file with
the ARM documentation, so the rpm rebuild process does not need sphinx-
build and associated dependencies
On 17/04/2024 11:41, John Thurston wrote:
I'm seeing strange behavior with a BIND 9.18.24 resolver and
dnssec-failed.org.
With no dnssec-validation line (or with "dnssec-validation auto") in
the .conf, querying for www.dnssec-failed.org returns SERVFAIL, as
expected . . until
Hi Crist.
Firstly, DNS servers do not make recursive queries, unless they have been
configured to forward.
Secondly, please start a packet capture on your server (save to disc, so
you can analyse it later in Wireshark) then start BIND and make some test
queries to your server. Look at what your
queries
Hope that helps.
Greg
On Thu, 28 Mar 2024 at 06:15, Crist Clark wrote:
> I am upgrading and redeploying some authoritative-only BIND servers. Two
> questions about some fine points:
>
> What to set 'dnssec-validation'? Just let it default to 'auto?' There is
> no need or
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Jan
> Schaumann via bind-users
> Gesendet: Dienstag, 26. März 2024 14:44
> An: bind-users@lists.isc.org
> Betreff: Re: [OFF-TOPIC] Question about ClouDNS (and others') ALIAS records
>
> Karl Auer
Es.
Fortunately, nowadays we have a proper solution for
this problem (which -- bringing it back on-topic :-)
-- bind supports): SVCB / HTTPS records (RFC9460).
However, adoption of those records is still lacking,
with clients behaving inconsistently and services not
offering them widely yet.
-Jan
--
ve, it still receives updates from the master. The
> transfer on the master is as follows:
>
> allow-transfer {192.168.56.157;};
>
> also-notify {192.168.56.157;};
>
> notify explicit;"
>
>
>
> PS. BIND version : 9.16.48
>
>
>
> Regards Sami
>
> Orange
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
https://www.five-ten-sg.com/mapper/bind contains links to the source
rpm, and build instructions. This .src.rpm contains a .tar.gz file with
the ARM documentation, so the rpm rebuild process does not need sphinx-
build and associated dependencies
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Arsen
> STASIC
> Gesendet: Donnerstag, 21. März 2024 08:47
> An: Petr Špaček
> Cc: bind-users@lists.isc.org
> Betreff: Re: Crafting a NOTIFY message from the command line?
>
> * Petr Špače
in my virtual environment? I think I know how DNSSEC
> works, but if you also have any clarification to offer, I'd be delighted to
> hear from you. My BIND server runs on an Ubuntu22.04 Jammy Jellyfish VM.
>
> Thanks in advance for your help.
> --
> Visit https://lists.isc.org
"|
I couldn't help noticing that when you ran dnssec-dsfromkey you
referenced this directory: /usr/home/dns/Fixed
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact u
the "forwarders" statement because "sub.example.com <http://sub.example.com>" has been delegated away.
- Do you really want to be forwarding to your hidden primary anyway?
- Why are two different servers both authoritative for
"100.168.192.in-addr.arpa"? That's asking
statement because "
sub.example.com" has been delegated away.
- Do you really want to be forwarding to your hidden primary anyway?
- Why are two different servers both authoritative for
"100.168.192.in-addr.arpa"? That's asking for trouble.
Hope that helps.
Greg
On M
work. I have a feeling the forwarding
only works specific zones. and you can't combine two of the same
"names" into one. Am I correct and in order for PTR records to work I
need to get them into a single file?
--
Taavi Ansper
taavi.ans...@cyber.ee
--
Visit https://lists.isc
e "example.com" zone.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
atter of combining them.
On Fri, 1 Mar 2024 at 21:11, Nick Tait via bind-users <
bind-users@lists.isc.org> wrote:
> On 02/03/2024 03:42, Mike Mitchell via bind-users wrote:
>
> Our networking team is in the habit of entering the IP address of every
> network interface o
On 02/03/2024 03:42, Mike Mitchell via bind-users wrote:
Our networking team is in the habit of entering the IP address of every
network interface on a router under one name. The very first address
entry is their out-of-band management interface. "rrset-order fixed" is
used on th
ctions take too long and there
must be a network error.
Mike Mitchell
-Original Message-
From: bind-users On Behalf Of Ondrej Surý
Sent: Thursday, February 29, 2024 4:40 PM
To: BIND Users Mailing List
Subject: fixed rrset ordering - is this still a thing?
EXTERNAL
Hey,
BIND 9 supports a
e and load to consider. Might your tweaked responses just
> send clients to a nearby but tragically overloaded server?
>
> My preference would be to let those people whose job it is to think
> about this stuff - which, reading this list, clearly they do - get on
> with their job.
>
On Fri, Mar 1, 2024 at 12:38 AM Matt Nordhoff wrote:
> On Thu, Feb 29, 2024 at 9:40 PM Ondřej Surý wrote:
> > Hey,
> >
> > BIND 9 supports a fixed rrset ordering (that is keeping the order of the
> > RRSets from the zone file). It has to be configured
> > a
On Thu, Feb 29, 2024 at 9:40 PM Ondřej Surý wrote:
> Hey,
>
> BIND 9 supports a fixed rrset ordering (that is keeping the order of the
> RRSets from the zone file). It has to be configured
> at the compile time, it takes more memory (to record that order) and it's a
> #ifdef a
ufacturers are available), match all port 53, set DSCP to an
appropriate value for *your* network and prioritise/police as appropriate
in the core.
Cheers, Greg
On Thu, 29 Feb 2024 at 09:00, Wolfgang Riedel via bind-users <
bind-users@lists.isc.org> wrote:
> Hi Folks,
>
> OK let
ps://docs.libuv.org/en/v1.x/udp.html
>
> On 28. 02. 24 13:50, Balazs Hinel (Nokia) via bind-users wrote:
>> Hi,
>> I am working on a product in Nokia, and we currently use BIND provided by
>> Rocky Linux 8 with security patches. Recently the requirement came that we
>&
Hi,
I am working on a product in Nokia, and we currently use BIND provided by Rocky
Linux 8 with security patches. Recently the requirement came that we should
upgrade to at least 9.16. During the testing of this version we realized that a
feature we used, DSCP, has stopped working. Reading
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Carsten
...
> It would be nice to have a "dry-run" mode in BIND 9, where BIND 9 would
> report steps it would do because of "dnssec-policy", but will not execute the
> changes.
If this Bind
Hi Ondřej,
> On 27. Feb 2024, at 16:43, Ondřej Surý wrote:
>
> Carsten, could you please fill a feature request in the GitLab?
Done, #4606.
Greetings
Carsten
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the de
Hi Jim,
> On 27. Feb 2024, at 16:39, Jim P. via bind-users
> wrote:
>
> There should also be an option to display the current configuration in
> specific detail to easily create a new KASP (side question: why does DNS
> need a new acronym?)
The term “KASP” for “Key-and-s
On Tue, 2024-02-27 at 16:06 +0100, Carsten Strotmann via bind-users
wrote:
> It would be nice to have a "dry-run" mode in BIND 9, where BIND 9
> would report steps it would do because of "dnssec-policy", but will
> not execute the changes.
**This** ^^^
There should
ches the current keys, but they
haven't (for one reason or other, it happens for me, despite working a lot with
DNSSEC and BIND 9).
It would be nice to have a "dry-run" mode in BIND 9, where BIND 9 would report
steps it would do because of "dnssec-policy", but will not execut
On 27/02/2024 13:22, Michael Sinatra wrote:
On 2/26/24 13:41, Al Whaley wrote:
Originally (under the above command) RR records for DNSSEC were
maintained by bind, but the ZSK and KSK keys were maintained by me.
This command is being discarded. I understand that bind "sort of"
: It has an
algorithm 13 DS record, is correctly signed with algorithm 13, but is
also signed using algorithm 8 with signatures that expired a year
ago(!).
<https://dnsviz.net/d/paste.debian.net/ZczXYw/dnssec/>
Other resolvers, and older versions of BIND, ignore the bad/irrelevant
signatures a
Hello,
I configured Bind 9.18.12 as slave DDNS with dynamic updates from DHCP (ISC
DHCP 4.4)
running on the same server (Ubuntu 22.04 server)
When I run "named-checkconf named.conf", I get the following error
"named.conf:2018: option 'allow-update' is not allowed
n/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
marcodavids | Matrix: @marco:sidnlabs.nl
Nostr: 11ed01ff277d94705c2931867b8d900d8bacce6f27aaf7440ce98bb50e02fb34
OpenPGP_signature.asc
Description: OpenPGP digital signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this softwa
is some
kind of windows server.
Is this something to worry about? This kind of logging popped up since
upgrading the secondary to 9.18.24.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
https://www.five-ten-sg.com/mapper/bind contains links to the source
rpm, and build instructions. This .src.rpm contains a .tar.gz file with
the ARM documentation, so the rpm rebuild process does not need sphinx-
build and associated dependencies
: bind-users On Behalf Of Andy Smith
Sent: Tuesday, February 13, 2024 6:46 AM
To: bind-users@lists.isc.org
Subject: Re: Answers from subzone even when superzone has a delegation elsewhere
[You don't often get email from a...@strugglers.net. Learn why this is
important at https://aka.ms
Andy, You do also have the A record glue for elsewhere.example.com in the
example.com zone, right? Just checking.
Don Friesen
-Original Message-
From: bind-users On Behalf Of Andy Smith
Sent: Tuesday, February 13, 2024 6:23 AM
To: bind-users@lists.isc.org
Subject: Answers from
1 - 100 of 1780 matches
Mail list logo