Re: AXFR from Windows 2008R2 failing after upgrading to 9.18

On Mon, 23 May 2022, 21:52 Lefteris Tsintjelis via bind-users, mailto:bind-users@lists.isc.org>> wrote: I must be missing something. Any ideas why does it fail? Everything seems normal. Works well with Windows 2016. Downgrading to 9.16 works again. -- Visit https://lists.i

AXFR from Windows 2008R2 failing after upgrading to 9.18

I must be missing something. Any ideas why does it fail? Everything seems normal. Works well with Windows 2016. Downgrading to 9.16 works again. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support

Re: Dynamic A records similar to nip.io or xip

On 5/23/22 4:30 AM, Nux wrote: Hi, Does anyone know whether it's possible to generate with Bind these kind of A records automatically on the authoritative side, similar to services like xip.io or nip.io? Eg: 127.0.0.1.nip.io -> 127.0.0.1 name.127.0.0.1.nip.io -> 127.0.0.1 and so

Re: Dynamic A records similar to nip.io or xip

/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Dynamic A records similar to nip.io or xip

Does anyone know whether it's possible to generate with Bind these kind of A records automatically on the authoritative side BIND has DLZ, Dynamically Loadable Zones, which is an extension which allows zone data to be retrieved from basically anywhere. DLZ are loadable modules written in

AW: High memory consumption in bind 9.18.2

few days. Meanwhile I think the problem with 9.18 was a different one: we use bind as "distribution" name server with several hughe zones. So XFR from customer in, and XRF out to 20+ slaves. When we upgraded to 9.18, suddenly the slaves (Bind, Nsd...) needed longer to update their zo

AW: AW: High memory consumption in bind 9.18.2

Can you please provide some commands whose output you are interested? I want to collect the statistics for 9.16 before updating to 9.18. Thanks Klaus > -Ursprüngliche Nachricht- > Von: bind-users Im Auftrag von Petr > Špacek > Gesendet: Mittwoch, 18. Mai 2022 18:20 >

AW: High memory consumption in bind 9.18.2

I remember we had similar issues with 9.18 (isc ppa packages) and hence wen't back to 9.16. But I can not remember the details. regards Klaus > -Ursprüngliche Nachricht- > Von: bind-users Im Auftrag von Ondrej > Surý > Gesendet: Mittwoch, 18. Mai 2022 08:37 > A

Re: Only one DS key comes back in query

I am ridiculed by an ISC member for using a reserved domain according to For the record, assuming you mean me, I am not affiliated with the gold folk at ISC. -JP -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this

Re: Only one DS key comes back in query

Suppose I was working on a problem for Barclays Bank In that case I would think Barclays Bank's Platinum Enterprise BIND Support contract would cover answering such questions. -JP -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC fund

Re: Only one DS key comes back in query

set- files when signing a zone manually/semi-automatically. If you are signing with, say, autodnssec-maintain, then no dsset- file is created and you use dnssec-dsfromkey to determine the DS which you then submit to your parent zone. -JP -- Visit https://lists.isc.org/mailman/listinf

Fwd: Request to use "Canonical/Mirror"

ave been deprecating. > > In the context of BIND9, it seems that 'primary/secondary' is less clear > than master/slave. > > My understanding is that it is possible to have a standalone BIND server > that is running as a 'master' yet acting as a 'secondary

Re: why did it take 26 hours for DSState to change to omnipresent?

On 16/05/22 21:34, Matthijs Mekking wrote: Hi Nik, On 16-05-2022 07:49, Nick Tait via bind-users wrote: Hi there. Ever since I updated my BIND configuration to use the new dnssec-policy feature (a year or so ago) my KSK/CSK rollovers have been a complete shambles. My problems stem from the

Re: per record responses based on originating IP

s or are adding or removing zones frequently? -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

why did it take 26 hours for DSState to change to omnipresent?

Hi there. Ever since I updated my BIND configuration to use the new dnssec-policy feature (a year or so ago) my KSK/CSK rollovers have been a complete shambles. My problems stem from the inference (based documentation and examples) that running "rndc dnssec -checkds published" tells

Re: per record responses based on originating IP

| die smime.p7s Description: S/MIME Cryptographic Signature -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

Re: Request to use "Canonical/Mirror"

econdary' is less clear than > master/slave. > > My understanding is that it is possible to have a standalone BIND server that > is running as a 'master' yet acting as a 'secondary' for a particular domain. > In this context, secondary doesn't necessari

Re: per record responses based on originating IP

On 13/05/22 09:02, Grant Taylor via bind-users wrote: On 5/12/22 2:41 PM, Nick Tait via bind-users wrote: This sounds like exactly the sort of use case for Response Policy Zones: How are you going to have RPZ return different addresses for different clients?  Are you suggesting use different

Re: Bind9 Server conflicts with docker0 interface

Hi folks, I have finally resolved my issue with docker interface.I had to delete my Ubuntu and install a brand new Centos on my server.Now everything works as expected. Cheers Em sábado, 7 de maio de 2022 06:23:32 GMT+1, Nick Tait via bind-users escreveu: On 7/05/2022 1:38 am, MaurÃ

Re: Bind failures following update/reboot w/ 9.18.1

his to come > into play with a packet ~1k). > > > > I hope some of that is useful. > > Cheers, Greg > > > > On Fri, 13 May 2022 at 17:07, Philip Prindeville < > philipp_s...@redfish-solutions.com> wrote: > > After rebooting my OpenWRT router with Bind 9.18.1

Re: Bind failures following update/reboot w/ 9.18.1

llowed at all, check if something is doing IP fragmentation (though I wouldn't expect this to come into play with a packet ~1k). I hope some of that is useful. Cheers, Greg On Fri, 13 May 2022 at 17:07, Philip Prindeville < philipp_s...@redfish-solutions.com> wrote: > After reboot

Re: per record responses based on originating IP

On 5/12/22 2:41 PM, Nick Tait via bind-users wrote: This sounds like exactly the sort of use case for Response Policy Zones: How are you going to have RPZ return different addresses for different clients? Are you suggesting use different RPZs with different contents for different clients

Re: per record responses based on originating IP

On 13/05/2022 12:30 am, Angus Clarke wrote: Does bind have some simple way to respond differently based on source address but on a per record basis? Or perhaps include a baseline zone in a view and separately include differences for that view - something like this perhaps? Hi Angus. This

Re: per record responses based on originating IP

On 5/12/22 6:30 AM, Angus Clarke wrote: Hello Hi, With bind (and others) it seems that DNS views are the way to go, Before stepping up to views I'd stop to ask the question, would returning multiple IPs in a preferred sort order suffice? BIND has the ability to sort RRs differ

Re: Determining Which Authoritative Sever to Use

On 5/11/22 2:19 PM, Bob Harold wrote: Not sure who set it up, but my DHCP servers have for some zones: zone x.y.z.in-addr.arpa {     primary 10.2.3.4; } I'm assuming that is BIND's named.conf syntax. Which I believe overrides the MNAME lookup. Doesn't that just tel

Re: Determining Which Authoritative Sever to Use

org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Determining Which Authoritative Sever to Use

ddress, thus clients try to perform the dynamic update to the closest instance of the anycast / (pseudo) MName server. Aside: Years ago, BIND secondaries would happily forward such dynamic updates the real primary MName server. Further aside: The last time I looked, MS-DNS ADI zones wo

RE: [URL Verdict: Neutral][Non-DoD Source] Re: Attempting to configure an ISC BIND repository on Red Hat Linux 7.9

@mail.mil james.j.decaro3@mail.smil.mil -Original Message- From: Michał Kępień Sent: Monday, May 9, 2022 7:53 AM To: DeCaro, James John (Jim) CIV DISA FE (USA) Cc: bind-users@lists.isc.org; Mcallister, Reginald CTR DISA FE (USA) Subject: Re: [URL Verdict: Neutral][Non-DoD Source] Re

Re: DNS traffic tracking

th > the proxy traffic that this same gateway was generating and found a > solution by using TPROXY feature of the squid proxy, which exposes the real > internal client IP address at the WAN traffic which can later be NATed. > > Thanx for any ideas, > Alex > -- > Visit htt

Re: Supporting LOC RR's

, but it had some sort of personal > significance (and wasn't privacy invasive). > > I've always wondered if there was a real-world use case. Displaying traceroute results on an actual geographical map? But I guess that didn't ever really catch on. Regards, - Håvard --

Re: understanding keymgr handling of KSK

AppArmor stupids for some people which are really hard to diagnose). Is there a way to put all the keymgr logging into a different debug stream? Ideally, I think I need it emailed to me daily :-) -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds

understanding keymgr handling of KSK

er to edit my zones with vi/emacs/sshfs/tramp. For that reason, I have them g+w, group bind, and my login is in the "bind" group, and my user id can rndc reload. 2) I've historically had a perl script that updated the SERIAL in place, based upon MMDDLL, where XX was Ho

Re: Bind9 Server conflicts with docker0 interface

On 7/05/2022 1:38 am, Maurà cio Penteado via bind-users wrote: I added the A-record "ns1  IN  A  172.17.0.1" to my zone-file as suggested and it seems that the order fixed the issue. Now my Bind9 clients are getting ip 192.168.0.10 favorably. Hi Mauricio. I don't think anyone

Re: Bind9 Server conflicts with docker0 interface

statistics for 172.17.0.1:    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), = (Em sexta-feira, 6 de maio de 2022 14:38:37 GMT+1, Maurício Penteado via bind-users escreveu: Hi folks, Thank you for the reply. I added the A-record "ns1  IN  A  172.17.0.1" to my zo

Re: Bind9 Server conflicts with docker0 interface

de 2022 21:44:50 GMT+1, Nick Tait via bind-users escreveu: On 6/05/2022 7:51 am, Grant Taylor via bind-users wrote: On my Bind9 server, I have the following zone-files: forward.example.lan.db: ns1     IN      A           192.168.0.10 ns1     IN          fe80::f21f:afff:fe5

Re: Bind9 Server conflicts with docker0 interface

On 6/05/2022 7:51 am, Grant Taylor via bind-users wrote: On my Bind9 server, I have the following zone-files: forward.example.lan.db: ns1     IN      A           192.168.0.10 ns1     IN          fe80::f21f:afff:fe5d:be90 I don't see the 2nd, Docker (?), address; 172.17.0.1, in the

Re: Bind9 Server conflicts with docker0 interface

On 5/5/22 1:35 PM, Maurà cio Penteado via bind-users wrote: Hi folks, Hi, Thank you for the reply. :-) Unfortunately, I did not understand how I am supposed to add multiple A-records for the same name to the zone-file to fix this issue. Based on your first message, you already have

Re: Bind9 Server conflicts with docker0 interface

, advise. Em quinta-feira, 5 de maio de 2022 17:26:24 GMT+1, Grant Taylor via bind-users escreveu: On 5/5/22 9:01 AM, Reindl Harald wrote: > by not add multiple A-records for the same name to the zone-file > BIND don't know about docker on it's own Another option woul

Re: Transitioning to new algorithm for DNSSEC

org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind9 Server conflicts with docker0 interface

On 5/5/22 9:01 AM, Reindl Harald wrote: by not add multiple A-records for the same name to the zone-file BIND don't know about docker on it's own Another option would be to leverage BIND's ability to sort A records based on configured preference (in the config file, not the zo

Bind9 Server conflicts with docker0 interface

Summary Docker0 interface is being resolved and DNS Clients cannot deal with the address. BIND version used BIND 9.18.1-1ubuntu1-Ubuntu (Stable Release) Steps to reproduce On a fresh Ubuntu 22.04 Server install and set Bind9 up. After that install docker. What is the current behavior

Re: success resolving xxx after disabling EDNS

wrote: > Hello, > > If we see this on our DNS server logs (BIND 9.11): > > 04-May-2022 12:55:37.675 edns-disabled: info: success resolving ' > sour.woinsta.com/A' (in 'woinsta.com'?) after disabling EDNS > > - are we correct to say that with BIND 9.16, t

RE: [URL Verdict: Neutral][Non-DoD Source] Re: Attempting to configure an ISC BIND repository on Red Hat Linux 7.9

I tried this utility and got the following message: gnutls-cli: command not found... Thank you V/R Jim DeCaro -Original Message- From: Ondřej Surý Sent: Thursday, April 28, 2022 5:15 PM Cc: DeCaro, James John (Jim) CIV DISA FE (USA) ; bind-users@lists.isc.org; Mcallister, Reginald

RE: [URL Verdict: Neutral][Non-DoD Source] Re: Attempting to configure an ISC BIND repository on Red Hat Linux 7.9

d.org * start date: Nov 30 00:00:00 2021 GMT * expire date: May 11 19:03:32 2022 GMT * common name: download.copr.fedorainfracloud.org * issuer: CN=DoD WCF Signing CA 2,OU=WCF PKI,OU=DoD,O=U.S. Government,C=US > GET /results/isc/bind/epel-7-x86_64/repodata/repomd.xml HTTP/1.1 >

Re: Bind and systemd-resolved

On 2/05/2022 8:13 pm, Reindl Harald wrote: you want 127.0.0.1 act as your resolver no matter what Well, not always... If your local BIND service isn't a recursive resolver irrelevant in context of this topic and worth exactly the same as saying "if you don't use bind at all&

Re: Supporting LOC RR's

ional Airport" with more at https://jpmens.net/2020/10/04/airports-of-the-world/ -JP -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/co

Re: Bind and systemd-resolved

On 1/05/2022 9:13 pm, Reindl Harald wrote: Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users: I'm not 100% sure, but I wonder if disabling systemd-resolved may create issues if, for example, you are using netplan with systemd-networkd as the renderer? E.g. Will it still be possib

Confused by parental-source documentation

an anybody please give an example to explain what this is trying to say? Thanks, Nick. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/cont

Re: Bind and systemd-resolved

t. Please do not feel obligated to reply outside your normal working hours. On 22. 4. 2022, at 17:20, Randy Bush wrote:    sudo systemctl disable systemd-resolved.service    sudo service systemd-resolved stop -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this

RE: [URL Verdict: Neutral][Non-DoD Source] Re: Attempting to configure an ISC BIND repository on Red Hat Linux 7.9

(Jim) CIV DISA FE (USA) Cc: bind-users@lists.isc.org; Mcallister, Reginald CTR DISA FE (USA) Subject: [URL Verdict: Neutral][Non-DoD Source] Re: Attempting to configure an ISC BIND repository on Red Hat Linux 7.9 All active links contained in this email were disabled. Please verify the ident

RE: [URL Verdict: Neutral][Non-DoD Source] Re: Attempting to configure an ISC BIND repository on Red Hat Linux 7.9

Modified the repo file to mimic the repo data provided from the isc web site verbatim: [copr:copr.fedorainfracloud.org:isc:bind] name=Copr repo for bind owned by isc baseurl=https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-$basearch/ type=rpm-md skip_if_unavailable=True

RE: [URL Verdict: Neutral][Non-DoD Source] Re: Attempting to configure an ISC BIND repository on Red Hat Linux 7.9

] name=Corp repo for bind owned by isc baseurl=https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-x86_64/ skip_if_unavailable=True gpgcheck=0 enabled=1 enabled_metadata=1 type=rpm-md ---same result. V/R Jim DeCaro DISA Systems Administrator Windows and Unix/Linux Server Operations

RE: [URL Verdict: Neutral][Non-DoD Source] Re: Attempting to configure an ISC BIND repository on Red Hat Linux 7.9

# yum-config-manager --add-repo https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-$basearch/ --Results in the file: /etc/yum.repos.d/download.copr.fedorainfracloud.org_results_isc_bind_epel-7-_.repo Content of the repo file is

RE: [URL Verdict: Neutral][Non-DoD Source] Re: Attempting to configure an ISC BIND repository on Red Hat Linux 7.9

james.j.decaro3@mail.mil james.j.decaro3@mail.smil.mil -Original Message- From: Anand Buddhdev Sent: Thursday, April 28, 2022 11:06 AM To: DeCaro, James John (Jim) CIV DISA FE (USA) ; bind-users@lists.isc.org Cc: Mcallister, Reginald CTR DISA FE (USA) Subject: [URL Verdict: Neutral

Attempting to configure an ISC BIND repository on Red Hat Linux 7.9

Dnf is not available. Therefore using yum Linux Red Hat 7.9 virtual machine on VMware, has internet connectivity Set up local repository in /etc/yum.repos.d/download.copr.fedorainfracloud.org_results_isc_bind_epel-8-_.repo: [copr:copr.fedorainfracloud.org:isc:bind] name=Copr repo for bind

Merging DNS servers

I am working on shutting down a site which has an isc-bind server that is master for a domain and subnet which will exist elsewhere once the site is closed.  The few remaining systems don't warrant such a server.  My goal is to merge what remains of the domain/subnet into an existing s

Re: getting answers from DNS queries

Phone: 974-1599 [cid:f96c691b-14fb-43c3-81bb-27c0801dd170] From: Ondřej Surý Sent: Monday, April 25, 2022 10:37 AM To: King, Harold Clyde (Hal) Cc: bind-users Subject: Re: getting answers from DNS queries > I asked this last week, but I didn't an answer. Probably bec

getting answers from DNS queries

rator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:00350bec-9764-4740-8d61-e8bec49334bc] -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC

DNSSEC

f39b God will not fix the vessel which insists it isn't broken. -unknown Beware https://mindspring.com -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us

RHEL, Centos, Fedora rpm 9.16.28

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies

Re: How can I tell if a quiry is answered or denied

That's not in my version of bind-9.16.23. Thanks anyway! -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:d0cf86b5-1da2

How can I tell if a quiry is answered or denied

Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:fe5c07f5-ef0a-4dd8-a8d0-f22481933b6b] -- Visit https://lists.isc.org/mailman/listinf

Re: Reading secondary PTR files

] From: Larry Rosenman Sent: Wednesday, April 20, 2022 9:56 AM To: King, Harold Clyde (Hal) Cc: bind-users Subject: Re: Reading secondary PTR files You don't often get email from l...@lerctr.org. Learn why this is important<http://aka.ms/LearnAboutSenderIdentificatio

Reading secondary PTR files

b -- Hal King - h...@utk.edu Systems Administrator Office of Information Technology Shared Services The University of Tennessee 103c5 Kingston Pike Building 2309 Kingston Pk. Knoxville, TN 37996 Phone: 974-1599 [cid:36fbaf98-8bc3-4d0b-8a9a-8eeade380eaa] -- Visit https://lists.isc.org/mailman/lis

Re: Bind and systemd-resolved

Good points, thanks. -Original Message- From: Reindl Harald To: bind-users@lists.isc.org Sent: Mon, Apr 18, 2022 12:41 am Subject: Re: Bind and systemd-resolved Am 18.04.22 um 07:26 schrieb Leroy Tennison via bind-users: > When I attempt “dig -t AXFR office.example.com

Re: Bind and systemd-resolved

Thanks, had looked at 'man dig' but had assumed (oops) that only the items listed under the various OPTIONS headings were available in .digrc.  Glad to learn that @ can also be used (confirmed with testing). -Original Message- From: Ondřej Surý To: Leroy Tennison Cc:

Bind and systemd-resolved

When I attempt “dig -t AXFR office.example.com -k Kexample_dns.+157+18424.key” on the DNS server (Bind 9.11) sudoed to root I get: ;; Couldn't verify signature: expected a TSIG or SIG(0); Transfer failed. This is an Ubuntu 18.04 system and /etc/systemd/resolved.conf has DNS=127.0.0.1 sinc

AW: Why did my DNS bill go up?

(although everybody expects security to be for free) regards Klaus > -Ursprüngliche Nachricht- > Von: bind-users Im Auftrag von Andrew > P. > Gesendet: Donnerstag, 14. April 2022 14:23 > An: bind-users@lists.isc.org > Betreff: Why did my DNS bill go up? > > Gree

Re: DNSSEC and forwarding

ache systems. -- Dave -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-use

Re: DNSSEC and forwarding

> On Apr 13, 2022, at 12:00 AM, Grant Taylor via bind-users > wrote: > > This Message Is From an External Sender > This message came from outside your organization. > On 4/12/22 7:18 PM, Duchscher, Dave J via bind-users wrote: > > We are dropping this configurat

AW: all resource record types and examples

sehr sehr sehr langer Text 50" "das ist ein langer, sehr sehr sehr langer Text 50" "das ist ein langer, sehr sehr sehr langer Text300" URIIN URI 10 1 "ftp://ftp1.example.com/public"; WKS IN WKS 1.1.1.1 TCP ( smtp discard rpc ) Von: bind-u

Re: DNSSEC and forwarding

On 4/12/22 7:18 PM, Duchscher, Dave J via bind-users wrote: We are dropping this configuration and looking at doing something else. I'm sorry to hear that. We have had intermittent issues with Slack, Microsoft, and a growing list of domains. Even have one that consistently fails. Ar

Re: DNSSEC and forwarding

termittent issues with Slack, Microsoft, and a growing list of domains. Even have one that consistently fails. I am just posting this as a caution to others that you may have problems with DNSSEC validation in this configuration. -- Dave -- Visit https://lists.isc.org/mailman/listinfo/bind-users to

Signatures expired?

away from the signed file (O've been using ALG 13 for a couple of years. -- "Are you pondering what I'm pondering?" "Yes, Brain, I think so, but do nuts go with pudding?" -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

Re: Adding a new domain with DNSSEC

com/> Twitter: @ekgermann Telegram || Signal || Skype || Phone +1 {dash} 419 {dash} 513 {dash} 0712 GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1 > On Apr 10, 2022, at 4:40 AM, @lbutlr wrote: > > I have an several domains setup in bind, all with

Re: Changing the DNSSEC algorithm

each time your signatures expire. Do you have set some kind of reminder to remind you? I would try DNSSEC guide [1] with bind 9.16 or more recent. It provides a policy inside named. It depends on what version do you have. Even 9.11 can maintain signatures [2] and r

Re: Changing the DNSSEC algorithm

and salt - achieved by setting NSEC3PARAM to 1 0 0 - .     Regards,   Danilo -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for mo

Changing the DNSSEC algorithm

Hello, I implemented DNSSEC for my personal domain a good while ago with an older Bind and back then, I used RSASHA1-NSEC3-SHA1 algorithm, which by now is not recommended... So I'm going to change the algorithm, probably to ECDSAP256SHA256, which should also be NSEC3 capable. Sin

DNSSEC and forwarding

low-recursion { any; }; allow-query-cache { any; }; dnssec-validation auto; }; -- Dave -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.or

Re: Problems building bind 9.18.1 on FreeBSD

On 3/25/22 09:37, The Doctor via bind-users wrote: On Fri, Mar 25, 2022 at 11:49:54AM +0100, Borja Marcos wrote: Following up on this subject, looks like there were substantial changes to the build process for 9.18.1? The port maintainers seem to be having a hard time with it. You got that

Re: Problems building bind 9.18.1 on FreeBSD

d up and so are some libraries and man pages. > Cheers, > > > > > > Borja. > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions.

Re: Can an RPZ record be used for a non-existed domain?

On 3/24/22 4:34 PM, Carl Byington via bind-users wrote: Yes, the disconnect was my brain. I will try to plug that back in. ;-) We've all had those days. Most of us will have them again. How do you do that in /etc/hosts? It's been a while, so I'm relying on memory, a.k

Re: Can an RPZ record be used for a non-existed domain?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2022-03-24 at 16:13 -0600, Grant Taylor via bind-users wrote: > But there seems to be a disconnect. > I was talking about adding a domain that is outbound.example.com. and > put the A / records in that domain's apex.

Re: Can an RPZ record be used for a non-existed domain?

On 3/24/22 3:50 PM, Carl Byington via bind-users wrote: In general, the domain exists with a bunch of existing names - www, mail, etc. We just need to add one more (outbound) and tie it to the ip address of their outbound mail server. I don't want to take over their entire domain.

Re: Can an RPZ record be used for a non-existed domain?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2022-03-24 at 12:16 -0600, Grant Taylor via bind-users wrote: > What advantage does RPZ have in this case over just hosting the > domain(s) locally? In general, the domain exists with a bunch of existing names - www, mail, etc. We jus

Re: Can an RPZ record be used for a non-existed domain?

On 3/24/22 10:02 AM, Carl Byington via bind-users wrote: I think so. Agreed. Presumably to create those domains locally. Of course the rest of the world won't see them. 1.0.0.127.in-addr.arpaPTR outbound.example.com. outbound.example.com A 127.0.0.1 What advantage

Re: Can an RPZ record be used for a non-existed domain?

UcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsEu8ACfWgB0gXmrfZrsLrZ2+3b/K+PYgDkA n18rhjSH1nRnxXepbbttXLr03FZS =mTOI -END PGP SIGNATURE- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.i

Survey on DNS resolver operations and DNSSEC

-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org

Re: paypal.com DNSKEY no valid signature found

? servfail or a missing ad-bit? Daniel On 18.03.22 15:25, lejeczek via bind-users wrote: Hi guys how to troubleshoot that? ... 18-Mar-2022 14:17:41.725 warning: EVP_VerifyFinal failed (verify failure) 18-Mar-2022 14:17:41.725 info: error:0398:digital envelope routines::invalid digest:crypto/evp

paypal.com DNSKEY no valid signature found

valid signature found ... I'd imagine must some up-the-chain servers doing something there - my local 'bind' does not point/use any specific forwarders. many thanks, L. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the deve

RE: Chroot Bind failed to start

Reindi, thanks for the explanation, I do manually edit the zones because we don’t make many DNS changes these days and I usually do named-checkzone but I missed that this time, although I did reload that problematic zone with rndc reload and saw no errors. I do have bind restarting once a week

RE: Chroot Bind failed to start

Neverminded, I was able to traceback my steps and realize a fat fingered a DNS entry in one of the zones, added two periods to an authoritative zone’ s DNS record, causing bind to fail to start. The concerning issue was there was no error on the logs at all, making it hard to figure out the issue

Chroot Bind failed to start

Hi, I realize this is related to Centos, but all the sudden chroot bind failed to start up with any meaningful errors. Anyone know what might be the issue here? I have no clues on that the issue is. Paul Job for named-chroot.service failed because the control process exited with error code

named log gaps/pause

yone else seen this? Thanks, Andy -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list b

Re: Access denied Bind9

bout which clients are sending these queries and go on a hunt. Perhaps the clients are misconfigured, or just being 'playful'! Some useful reading might be these articles and others in the KB. https://kb.isc.org/docs/bind-best-practices-authoritative https://kb.isc.org/docs/bind-best-prac

Re: Forwarding zone, setup

infinitum, unless you tell it otherwise. > There is an implicit hierarchy as to how queries are dealt with. It arises > because BIND can be both recursive AND authoritative simultaneously, so > there has to be some way to choose how to go about responding to incoming > queries. Using dyn

Re: Forwarding zone, setup

On 3/1/22 5:35 AM, Matus UHLAR - fantomas wrote: you are right, forwarding queries requires recursion. Thank you for the confirmation Matus. :-) -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature -- Visit https://lists.isc.org/mailman/listinfo/bind-users

Re: Forwarding zone, setup

ive and / or cache), then it's recursion setting comes into play. If I'm mistaken, please correct me. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds th

RE: Errors loading Named ( 9.16.26) on RHEL 7.9

Thanks Ondrej….will check on that. From: Ondřej Surý Sent: Thursday, February 24, 2022 1:29 PM To: Bhangui, Sandeep - BLS CTR Cc: bind-users@lists.isc.org Subject: Re: Errors loading Named ( 9.16.26) on RHEL 7.9 CAUTION: This email originated from outside of BLS. DO NOT click links or open

Errors loading Named ( 9.16.26) on RHEL 7.9

. Thanks Sandeep Feb 24 11:28:08 cpdnsquar01v named[72797]: starting BIND 9.16.26 (Extended Support Version) Feb 24 11:28:08 cpdnsquar01v named[72797]: running on Linux x86_64 3.10.0-1160.53.1.el7.x86_64 #1 SMP Thu Dec 16 10:19:28 UTC 2021 Feb 24 11:28:08 cpdnsquar01v named[72797]: built with

<    3   4   5   6   7   8   9   10   11   12   >