On Mon, 23 May 2022, 21:52 Lefteris Tsintjelis via bind-users,
mailto:bind-users@lists.isc.org>> wrote:
I must be missing something. Any ideas why does it fail? Everything
seems normal. Works well with Windows 2016. Downgrading to 9.16
works again.
--
Visit https://lists.i
I must be missing something. Any ideas why does it fail? Everything
seems normal. Works well with Windows 2016. Downgrading to 9.16 works again.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support
On 5/23/22 4:30 AM, Nux wrote:
Hi,
Does anyone know whether it's possible to generate with Bind these kind
of A records automatically on the authoritative side, similar to
services like xip.io or nip.io? Eg:
127.0.0.1.nip.io -> 127.0.0.1
name.127.0.0.1.nip.io -> 127.0.0.1
and so
/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Does anyone know whether it's possible to generate with Bind these
kind of A records automatically on the authoritative side
BIND has DLZ, Dynamically Loadable Zones, which is an extension which allows
zone data to be retrieved from basically anywhere. DLZ are loadable modules
written in
few days.
Meanwhile I think the problem with 9.18 was a different one: we use bind as
"distribution" name server with several hughe zones. So XFR from customer in,
and XRF out to 20+ slaves. When we upgraded to 9.18, suddenly the slaves (Bind,
Nsd...) needed longer to update their zo
Can you please provide some commands whose output you are interested? I want to
collect the statistics for 9.16 before updating to 9.18.
Thanks
Klaus
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Petr
> Špacek
> Gesendet: Mittwoch, 18. Mai 2022 18:20
>
I remember we had similar issues with 9.18 (isc ppa packages) and hence wen't
back to 9.16. But I can not remember the details.
regards
Klaus
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Ondrej
> Surý
> Gesendet: Mittwoch, 18. Mai 2022 08:37
> A
I am ridiculed by an ISC member for using a reserved domain according to
For the record, assuming you mean me, I am not affiliated with the gold folk at
ISC.
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this
Suppose I was working on a problem for Barclays Bank
In that case I would think Barclays Bank's Platinum Enterprise BIND Support
contract would cover answering such questions.
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC fund
set- files when signing a zone
manually/semi-automatically. If you are signing with, say, autodnssec-maintain,
then no dsset- file is created and you use dnssec-dsfromkey to determine the DS
which you then submit to your parent zone.
-JP
--
Visit https://lists.isc.org/mailman/listinf
ave been deprecating.
>
> In the context of BIND9, it seems that 'primary/secondary' is less clear
> than master/slave.
>
> My understanding is that it is possible to have a standalone BIND server
> that is running as a 'master' yet acting as a 'secondary
On 16/05/22 21:34, Matthijs Mekking wrote:
Hi Nik,
On 16-05-2022 07:49, Nick Tait via bind-users wrote:
Hi there.
Ever since I updated my BIND configuration to use the new
dnssec-policy feature (a year or so ago) my KSK/CSK rollovers have
been a complete shambles. My problems stem from the
s or are adding or removing zones frequently?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Hi there.
Ever since I updated my BIND configuration to use the new dnssec-policy
feature (a year or so ago) my KSK/CSK rollovers have been a complete
shambles. My problems stem from the inference (based documentation and
examples) that running "rndc dnssec -checkds published" tells
| die
smime.p7s
Description: S/MIME Cryptographic Signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
econdary' is less clear than
> master/slave.
>
> My understanding is that it is possible to have a standalone BIND server that
> is running as a 'master' yet acting as a 'secondary' for a particular domain.
> In this context, secondary doesn't necessari
On 13/05/22 09:02, Grant Taylor via bind-users wrote:
On 5/12/22 2:41 PM, Nick Tait via bind-users wrote:
This sounds like exactly the sort of use case for Response Policy Zones:
How are you going to have RPZ return different addresses for different
clients? Are you suggesting use different
Hi folks,
I have finally resolved my issue with docker interface.I had to delete my
Ubuntu and install a brand new Centos on my server.Now everything works as
expected.
Cheers
Em sábado, 7 de maio de 2022 06:23:32 GMT+1, Nick Tait via bind-users
escreveu:
On 7/05/2022 1:38 am, MaurÃ
his to come
> into play with a packet ~1k).
> >
> > I hope some of that is useful.
> > Cheers, Greg
> >
> > On Fri, 13 May 2022 at 17:07, Philip Prindeville <
> philipp_s...@redfish-solutions.com> wrote:
> > After rebooting my OpenWRT router with Bind 9.18.1
llowed at all, check if
something is doing IP fragmentation (though I wouldn't expect this to come
into play with a packet ~1k).
I hope some of that is useful.
Cheers, Greg
On Fri, 13 May 2022 at 17:07, Philip Prindeville <
philipp_s...@redfish-solutions.com> wrote:
> After reboot
On 5/12/22 2:41 PM, Nick Tait via bind-users wrote:
This sounds like exactly the sort of use case for Response Policy Zones:
How are you going to have RPZ return different addresses for different
clients? Are you suggesting use different RPZs with different contents
for different clients
On 13/05/2022 12:30 am, Angus Clarke wrote:
Does bind have some simple way to respond differently based on source
address but on a per record basis? Or perhaps include a baseline zone
in a view and separately include differences for that view - something
like this perhaps?
Hi Angus.
This
On 5/12/22 6:30 AM, Angus Clarke wrote:
Hello
Hi,
With bind (and others) it seems that DNS views are the way to go,
Before stepping up to views I'd stop to ask the question, would
returning multiple IPs in a preferred sort order suffice?
BIND has the ability to sort RRs differ
On 5/11/22 2:19 PM, Bob Harold wrote:
Not sure who set it up, but my DHCP servers have for some zones:
zone x.y.z.in-addr.arpa
{
primary 10.2.3.4;
}
I'm assuming that is BIND's named.conf syntax.
Which I believe overrides the MNAME lookup.
Doesn't that just tel
org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ddress, thus clients try to perform the
dynamic update to the closest instance of the anycast / (pseudo) MName
server.
Aside: Years ago, BIND secondaries would happily forward such dynamic
updates the real primary MName server.
Further aside: The last time I looked, MS-DNS ADI zones wo
@mail.mil
james.j.decaro3@mail.smil.mil
-Original Message-
From: Michał Kępień
Sent: Monday, May 9, 2022 7:53 AM
To: DeCaro, James John (Jim) CIV DISA FE (USA)
Cc: bind-users@lists.isc.org; Mcallister, Reginald CTR DISA FE (USA)
Subject: Re: [URL Verdict: Neutral][Non-DoD Source] Re
th
> the proxy traffic that this same gateway was generating and found a
> solution by using TPROXY feature of the squid proxy, which exposes the real
> internal client IP address at the WAN traffic which can later be NATed.
>
> Thanx for any ideas,
> Alex
> --
> Visit htt
, but it had some sort of personal
> significance (and wasn't privacy invasive).
>
> I've always wondered if there was a real-world use case.
Displaying traceroute results on an actual geographical map?
But I guess that didn't ever really catch on.
Regards,
- Håvard
--
AppArmor stupids for some people which are really hard to diagnose).
Is there a way to put all the keymgr logging into a different debug stream?
Ideally, I think I need it emailed to me daily :-)
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds
er to edit my zones with vi/emacs/sshfs/tramp.
For that reason, I have them g+w, group bind, and my login is in the
"bind" group, and my user id can rndc reload.
2) I've historically had a perl script that updated the SERIAL in place,
based upon MMDDLL, where XX was Ho
On 7/05/2022 1:38 am, Maurà cio Penteado via bind-users wrote:
I added the A-record "ns1 IN A 172.17.0.1" to my zone-file as
suggested and it seems that the order fixed the issue.
Now my Bind9 clients are getting ip 192.168.0.10 favorably.
Hi Mauricio.
I don't think anyone
statistics for 172.17.0.1: Packets: Sent = 4, Received = 4, Lost = 0
(0% loss),
= (Em sexta-feira, 6 de maio de 2022 14:38:37 GMT+1, MaurÃcio Penteado via
bind-users escreveu:
Hi folks,
Thank you for the reply.
I added the A-record "ns1 IN A 172.17.0.1" to my zo
de 2022 21:44:50 GMT+1, Nick Tait via bind-users
escreveu:
On 6/05/2022 7:51 am, Grant Taylor via bind-users wrote:
On my Bind9 server, I have the following zone-files:
forward.example.lan.db:
ns1 IN A 192.168.0.10
ns1 IN fe80::f21f:afff:fe5
On 6/05/2022 7:51 am, Grant Taylor via bind-users wrote:
On my Bind9 server, I have the following zone-files:
forward.example.lan.db:
ns1 IN A 192.168.0.10
ns1 IN fe80::f21f:afff:fe5d:be90
I don't see the 2nd, Docker (?), address; 172.17.0.1, in the
On 5/5/22 1:35 PM, Maurà cio Penteado via bind-users wrote:
Hi folks,
Hi,
Thank you for the reply.
:-)
Unfortunately, I did not understand how I am supposed to add multiple
A-records for the same name to the zone-file to fix this issue.
Based on your first message, you already have
, advise.
Em quinta-feira, 5 de maio de 2022 17:26:24 GMT+1, Grant Taylor via
bind-users escreveu:
On 5/5/22 9:01 AM, Reindl Harald wrote:
> by not add multiple A-records for the same name to the zone-file
> BIND don't know about docker on it's own
Another option woul
org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On 5/5/22 9:01 AM, Reindl Harald wrote:
by not add multiple A-records for the same name to the zone-file
BIND don't know about docker on it's own
Another option would be to leverage BIND's ability to sort A records
based on configured preference (in the config file, not the zo
Summary
Docker0 interface is being resolved and DNS Clients cannot deal with the
address.
BIND version used
BIND 9.18.1-1ubuntu1-Ubuntu (Stable Release)
Steps to reproduce
On a fresh Ubuntu 22.04 Server install and set Bind9 up. After that install
docker.
What is the current behavior
wrote:
> Hello,
>
> If we see this on our DNS server logs (BIND 9.11):
>
> 04-May-2022 12:55:37.675 edns-disabled: info: success resolving '
> sour.woinsta.com/A' (in 'woinsta.com'?) after disabling EDNS
>
> - are we correct to say that with BIND 9.16, t
I tried this utility and got the following message: gnutls-cli: command not
found...
Thank you
V/R
Jim DeCaro
-Original Message-
From: Ondřej Surý
Sent: Thursday, April 28, 2022 5:15 PM
Cc: DeCaro, James John (Jim) CIV DISA FE (USA) ;
bind-users@lists.isc.org; Mcallister, Reginald
d.org
* start date: Nov 30 00:00:00 2021 GMT
* expire date: May 11 19:03:32 2022 GMT
* common name: download.copr.fedorainfracloud.org
* issuer: CN=DoD WCF Signing CA 2,OU=WCF PKI,OU=DoD,O=U.S. Government,C=US
> GET /results/isc/bind/epel-7-x86_64/repodata/repomd.xml HTTP/1.1
>
On 2/05/2022 8:13 pm, Reindl Harald wrote:
you want 127.0.0.1 act as your resolver no matter what
Well, not always... If your local BIND service isn't a recursive
resolver
irrelevant in context of this topic and worth exactly the same as
saying "if you don't use bind at all&
ional Airport"
with more at https://jpmens.net/2020/10/04/airports-of-the-world/
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/co
On 1/05/2022 9:13 pm, Reindl Harald wrote:
Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users:
I'm not 100% sure, but I wonder if disabling systemd-resolved may
create issues if, for example, you are using netplan with
systemd-networkd as the renderer? E.g. Will it still be possib
an anybody please give an example to explain what
this is trying to say?
Thanks,
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/cont
t. Please do
not feel obligated to reply outside your normal working hours.
On 22. 4. 2022, at 17:20, Randy Bush wrote:
sudo systemctl disable systemd-resolved.service
sudo service systemd-resolved stop
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this
(Jim) CIV DISA FE (USA)
Cc: bind-users@lists.isc.org; Mcallister, Reginald CTR DISA FE (USA)
Subject: [URL Verdict: Neutral][Non-DoD Source] Re: Attempting to configure an
ISC BIND repository on Red Hat Linux 7.9
All active links contained in this email were disabled. Please verify the
ident
Modified the repo file to mimic the repo data provided from the isc web site
verbatim:
[copr:copr.fedorainfracloud.org:isc:bind]
name=Copr repo for bind owned by isc
baseurl=https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-$basearch/
type=rpm-md
skip_if_unavailable=True
]
name=Corp repo for bind owned by isc
baseurl=https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-x86_64/
skip_if_unavailable=True
gpgcheck=0
enabled=1
enabled_metadata=1
type=rpm-md
---same result.
V/R
Jim DeCaro
DISA
Systems Administrator
Windows and Unix/Linux Server Operations
# yum-config-manager --add-repo
https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-$basearch/
--Results in the file:
/etc/yum.repos.d/download.copr.fedorainfracloud.org_results_isc_bind_epel-7-_.repo
Content of the repo file is
james.j.decaro3@mail.mil
james.j.decaro3@mail.smil.mil
-Original Message-
From: Anand Buddhdev
Sent: Thursday, April 28, 2022 11:06 AM
To: DeCaro, James John (Jim) CIV DISA FE (USA) ;
bind-users@lists.isc.org
Cc: Mcallister, Reginald CTR DISA FE (USA)
Subject: [URL Verdict: Neutral
Dnf is not available. Therefore using yum
Linux Red Hat 7.9 virtual machine on VMware, has internet connectivity
Set up local repository in
/etc/yum.repos.d/download.copr.fedorainfracloud.org_results_isc_bind_epel-8-_.repo:
[copr:copr.fedorainfracloud.org:isc:bind]
name=Copr repo for bind
I am working on shutting down a site which has an isc-bind server that is
master for a domain and subnet which will exist elsewhere once the site is
closed. The few remaining systems don't warrant such a server. My goal is to
merge what remains of the domain/subnet into an existing s
Phone: 974-1599
[cid:f96c691b-14fb-43c3-81bb-27c0801dd170]
From: Ondřej Surý
Sent: Monday, April 25, 2022 10:37 AM
To: King, Harold Clyde (Hal)
Cc: bind-users
Subject: Re: getting answers from DNS queries
> I asked this last week, but I didn't an answer.
Probably bec
rator
Office of Information Technology
Shared Services
The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:00350bec-9764-4740-8d61-e8bec49334bc]
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC
f39b
God will not fix the vessel which insists it isn't broken. -unknown Beware
https://mindspring.com
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
https://www.five-ten-sg.com/mapper/bind contains links to the source
rpm, and build instructions. This .src.rpm contains a .tar.gz file with
the ARM documentation, so the rpm rebuild process does not need sphinx-
build and associated dependencies
That's not in my version of bind-9.16.23.
Thanks anyway!
--
Hal King - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services
The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:d0cf86b5-1da2
Hal King - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services
The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:fe5c07f5-ef0a-4dd8-a8d0-f22481933b6b]
--
Visit https://lists.isc.org/mailman/listinf
]
From: Larry Rosenman
Sent: Wednesday, April 20, 2022 9:56 AM
To: King, Harold Clyde (Hal)
Cc: bind-users
Subject: Re: Reading secondary PTR files
You don't often get email from l...@lerctr.org. Learn why this is
important<http://aka.ms/LearnAboutSenderIdentificatio
b
--
Hal King - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services
The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599
[cid:36fbaf98-8bc3-4d0b-8a9a-8eeade380eaa]
--
Visit https://lists.isc.org/mailman/lis
Good points, thanks.
-Original Message-
From: Reindl Harald
To: bind-users@lists.isc.org
Sent: Mon, Apr 18, 2022 12:41 am
Subject: Re: Bind and systemd-resolved
Am 18.04.22 um 07:26 schrieb Leroy Tennison via bind-users:
> When I attempt “dig -t AXFR office.example.com
Thanks, had looked at 'man dig' but had assumed (oops) that only the items
listed under the various OPTIONS headings were available in .digrc. Glad to
learn that @ can also be used (confirmed with testing).
-Original Message-
From: Ondřej Surý
To: Leroy Tennison
Cc:
When I attempt “dig -t AXFR office.example.com -k Kexample_dns.+157+18424.key”
on the DNS server (Bind 9.11) sudoed to root I get:
;; Couldn't verify signature: expected a TSIG or SIG(0); Transfer failed.
This is an Ubuntu 18.04 system and /etc/systemd/resolved.conf has DNS=127.0.0.1
sinc
(although everybody expects security to be for free)
regards
Klaus
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Andrew
> P.
> Gesendet: Donnerstag, 14. April 2022 14:23
> An: bind-users@lists.isc.org
> Betreff: Why did my DNS bill go up?
>
> Gree
ache systems.
--
Dave
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-use
> On Apr 13, 2022, at 12:00 AM, Grant Taylor via bind-users
> wrote:
>
> This Message Is From an External Sender
> This message came from outside your organization.
> On 4/12/22 7:18 PM, Duchscher, Dave J via bind-users wrote:
> > We are dropping this configurat
sehr sehr sehr langer Text 50"
"das ist ein langer, sehr sehr sehr langer Text 50" "das ist ein langer, sehr
sehr sehr langer Text300"
URIIN URI 10 1 "ftp://ftp1.example.com/public";
WKS IN WKS 1.1.1.1 TCP ( smtp discard rpc )
Von: bind-u
On 4/12/22 7:18 PM, Duchscher, Dave J via bind-users wrote:
We are dropping this configuration and looking at doing something else.
I'm sorry to hear that.
We have had intermittent issues with Slack, Microsoft, and a growing
list of domains. Even have one that consistently fails.
Ar
termittent issues
with Slack, Microsoft, and a growing list of domains. Even have one that
consistently fails. I am just posting this as a caution to others that
you may have problems with DNSSEC validation in this configuration.
--
Dave
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to
away from the signed file (O've been using ALG 13 for a couple of years.
--
"Are you pondering what I'm pondering?"
"Yes, Brain, I think so, but do nuts go with pudding?"
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
com/>
Twitter: @ekgermann
Telegram || Signal || Skype || Phone +1 {dash} 419 {dash} 513 {dash} 0712
GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
> On Apr 10, 2022, at 4:40 AM, @lbutlr wrote:
>
> I have an several domains setup in bind, all with
each time your signatures expire. Do you have set some
kind of reminder to remind you?
I would try DNSSEC guide [1] with bind 9.16 or more recent. It
provides a policy inside named. It depends on what version do
you have. Even 9.11 can maintain signatures [2] and r
and salt - achieved by setting
NSEC3PARAM to 1 0 0 - .
Regards,
Danilo
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for mo
Hello,
I implemented DNSSEC for my personal domain a good while ago with an
older Bind and back then, I used RSASHA1-NSEC3-SHA1 algorithm, which by
now is not recommended... So I'm going to change the algorithm, probably
to ECDSAP256SHA256, which should also be NSEC3 capable.
Sin
low-recursion { any; };
allow-query-cache { any; };
dnssec-validation auto;
};
--
Dave
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.or
On 3/25/22 09:37, The Doctor via bind-users wrote:
On Fri, Mar 25, 2022 at 11:49:54AM +0100, Borja Marcos wrote:
Following up on this subject, looks like there were substantial changes to the
build process for 9.18.1? The port maintainers
seem to be having a hard time with it.
You got that
d up and so are some libraries
and man pages.
> Cheers,
>
>
>
>
>
> Borja.
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
On 3/24/22 4:34 PM, Carl Byington via bind-users wrote:
Yes, the disconnect was my brain. I will try to plug that back in.
;-)
We've all had those days. Most of us will have them again.
How do you do that in /etc/hosts?
It's been a while, so I'm relying on memory, a.k
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2022-03-24 at 16:13 -0600, Grant Taylor via bind-users wrote:
> But there seems to be a disconnect.
> I was talking about adding a domain that is outbound.example.com. and
> put the A / records in that domain's apex.
On 3/24/22 3:50 PM, Carl Byington via bind-users wrote:
In general, the domain exists with a bunch of existing names - www,
mail, etc. We just need to add one more (outbound) and tie it to the
ip address of their outbound mail server. I don't want to take over
their entire domain.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2022-03-24 at 12:16 -0600, Grant Taylor via bind-users wrote:
> What advantage does RPZ have in this case over just hosting the
> domain(s) locally?
In general, the domain exists with a bunch of existing names - www,
mail, etc. We jus
On 3/24/22 10:02 AM, Carl Byington via bind-users wrote:
I think so.
Agreed.
Presumably to create those domains locally. Of course the rest of
the world won't see them.
1.0.0.127.in-addr.arpaPTR outbound.example.com.
outbound.example.com A 127.0.0.1
What advantage
UcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsEu8ACfWgB0gXmrfZrsLrZ2+3b/K+PYgDkA
n18rhjSH1nRnxXepbbttXLr03FZS
=mTOI
-END PGP SIGNATURE-
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.i
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
?
servfail or a missing ad-bit?
Daniel
On 18.03.22 15:25, lejeczek via bind-users wrote:
Hi guys
how to troubleshoot that?
...
18-Mar-2022 14:17:41.725 warning: EVP_VerifyFinal failed
(verify failure)
18-Mar-2022 14:17:41.725 info: error:0398:digital
envelope routines::invalid digest:crypto/evp
valid signature found
...
I'd imagine must some up-the-chain servers doing something
there - my local 'bind' does not point/use any specific
forwarders.
many thanks, L.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the deve
Reindi, thanks for the explanation, I do manually edit the zones because we
don’t make many DNS changes these days and I usually do named-checkzone but I
missed that this time, although I did reload that problematic zone with rndc
reload and saw no errors. I do have bind restarting once a week
Neverminded, I was able to traceback my steps and realize a fat fingered a
DNS entry in one of the zones, added two periods to an authoritative zone’
s DNS record, causing bind to fail to start. The concerning issue was there
was no error on the logs at all, making it hard to figure out the issue
Hi, I realize this is related to Centos, but all the sudden chroot bind
failed to start up with any meaningful errors.
Anyone know what might be the issue here? I have no clues on that the issue
is.
Paul
Job for named-chroot.service failed because the control process exited with
error code
yone else seen this?
Thanks,
Andy
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
b
bout which clients are sending these queries
and go on a hunt. Perhaps the clients are misconfigured, or just being
'playful'!
Some useful reading might be these articles and others in the KB.
https://kb.isc.org/docs/bind-best-practices-authoritative
https://kb.isc.org/docs/bind-best-prac
infinitum, unless you tell it otherwise.
> There is an implicit hierarchy as to how queries are dealt with. It arises
> because BIND can be both recursive AND authoritative simultaneously, so
> there has to be some way to choose how to go about responding to incoming
> queries. Using dyn
On 3/1/22 5:35 AM, Matus UHLAR - fantomas wrote:
you are right, forwarding queries requires recursion.
Thank you for the confirmation Matus. :-)
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users
ive and / or cache), then it's
recursion setting comes into play.
If I'm mistaken, please correct me.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds th
Thanks Ondrej….will check on that.
From: Ondřej Surý
Sent: Thursday, February 24, 2022 1:29 PM
To: Bhangui, Sandeep - BLS CTR
Cc: bind-users@lists.isc.org
Subject: Re: Errors loading Named ( 9.16.26) on RHEL 7.9
CAUTION: This email originated from outside of BLS. DO NOT click links or open
.
Thanks
Sandeep
Feb 24 11:28:08 cpdnsquar01v named[72797]: starting BIND 9.16.26 (Extended
Support Version)
Feb 24 11:28:08 cpdnsquar01v named[72797]: running on Linux x86_64
3.10.0-1160.53.1.el7.x86_64 #1 SMP Thu Dec 16 10:19:28 UTC 2021
Feb 24 11:28:08 cpdnsquar01v named[72797]: built with
701 - 800 of 1372 matches
Mail list logo