Mark Andrews wrote:
> While it will speed up things slightly it won’t avoid the issue as TTLs
> vary.
Oh, duh, I should have thought of that. Thanks for pointing it out :-)
Tony.
--
f.anthony.n.finch http://dotat.at/ - I xn--zr8h punycode
Fisher, German
While it will speed up things slightly it won’t avoid the issue as TTLs vary.
--
Mark Andrews
> On 11 Mar 2018, at 05:30, Tony Finch wrote:
>
> Evan Hunt wrote:
>>
>> In 9.12.1 and the other upcoming maintenance releases, we've just reverted
>> the change to
On Sat, Mar 10, 2018 at 06:30:41PM +, Tony Finch wrote:
> I have said this already so I'm at risk of being a bore, but it would be
> super cool if BIND could make use of the DS records (or PNEs) it gets in
> referrals, instead of re-fetching them during validation. It should
> provide a nice
Evan Hunt wrote:
>
> In 9.12.1 and the other upcoming maintenance releases, we've just reverted
> the change to validator.c that caused the problems. (That turns out to have
> the exact same effect as your patch does.)
Great, that will please my user, and I can use NTAs to work
On 10 March 2018 at 04:08, Matus UHLAR - fantomas wrote:
> Cathy Almond wrote:
>>
>>> The rs.dns-oarc.net zone is broken because it returns a CNAME for
>>> queries at the apex.
>>>
>>
> On 09.03.18 15:23, Tony Finch wrote:
>
>> I just got a problem report from
Cathy Almond wrote:
The rs.dns-oarc.net zone is broken because it returns a CNAME for
queries at the apex.
On 09.03.18 15:23, Tony Finch wrote:
I just got a problem report from a user who has a few personal domains
with CNAME at apex that used to work (or at least appeared to
On Fri, Mar 09, 2018 at 03:23:33PM +, Tony Finch wrote:
> Alternatively, maybe the patch below is OK? (Based on Nick @ NNEX's
> observation.) My idea is that if we have been chasing a CNAME (so are at
> risk of deadlock) but we are looking for a DS (so we will query the
> parent) we can go
Cathy Almond wrote:
>
> [snip]
>
> validating rs.dns-oarc.net/CNAME: checking existence of DS at
> 'rs.dns-oarc.net'
> validating rs.dns-oarc.net/CNAME: continuing validation would lead to
> deadlock: aborting validation
> validating rs.dns-oarc.net/CNAME: deadlock found
-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Cathy
Almond
Sent: Tuesday, February 27, 2018 4:29 AM
To: bind-users@lists.isc.org
Subject: Re: Issue running "dig txt rs.dns-oarc.net" on 9.12
On 22/02/2018 16:44, NNEX Support wrote:
> I'm sorry to keep replying to myself
On 22/02/2018 16:44, NNEX Support wrote:
> I'm sorry to keep replying to myself but I believe I've found the line of
> code that is causing this issue. Looking at validator.c, in the
> check_deadlock function, 9.12.0rc1 says:
>
> ...
>
> if (parent->event != NULL &&
>
I'm sorry to keep replying to myself but I believe I've found the line of code
that is causing this issue. Looking at validator.c, in the check_deadlock
function, 9.12.0rc1 says:
...
if (parent->event != NULL &&
parent->event->type == type &&
-Original Message-
From: NNEX Support
Sent: Thursday, February 22, 2018 8:21 AM
To: 'bind-users@lists.isc.org'
Subject: RE: Issue running "dig txt rs.dns-oarc.net" on 9.12
Just wanted to follow up 9.12.1b1 fixes this issue for me.
Than
Just wanted to follow up 9.12.1b1 fixes this issue for me.
Thanks,
-Nick
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
[…]
If you want to understand why your resolver is failing, again I'd have a look
at the 'resolver' log channel. It should have some detail about what's
resulting in the SERVFAIL message.
[…]
I took a look at the ‘resolver’ log channel. I didn’t find any useful
information there, just:
The DNS-OARC reply size tester doesn't work with versions of BIND that
are 9.10 and newer. This is because of the new probing process that we
implemented that should be more resilient. But it does unfortunately
'break' getting sane results from the DNS-OARC reply size tester.
On 27 January 2018 at 19:11, Matthew Pounsett wrote:
> The only thing I can think of that has changed in that time, which has
> ever caused me query issues, is the addition of DNS cookies in the default
> query. Some broken authoritative servers will incorrectly respond with
On 27 January 2018 at 16:24, NNEX Support wrote:
> Good thought but no luck, it doesn’t matter how many times I run “dig txt
> rs.dns-oarc.net” or how long I wait it continues to SERVFAIL until I run
> "dig txt rs.dns-oarc.net +trace" Interestingly I've found that running
>
Good thought but no luck, it doesn’t matter how many times I run “dig txt
rs.dns-oarc.net” or how long I wait it continues to SERVFAIL until I run "dig
txt rs.dns-oarc.net +trace" Interestingly I've found that running "dig txt
dns-oarc.net +trace" isn't enough to fix it, I actually have to run
On 26 January 2018 at 16:23, NNEX Support wrote:
> I'm sure I'm doing something wrong, but for the life of me I can't figure
> out what. I'm running named 9.12 in a simple recursive setup (built from
> source on CentOS 7).
>
>
[...]
> When I try to run "dig txt
I'm sure I'm doing something wrong, but for the life of me I can't figure out
what. I'm running named 9.12 in a simple recursive setup (built from source on
CentOS 7).
In named.conf I've set:
dnssec-enable yes;
dnssec-validation auto;
When I try to run "dig txt rs.dns-oarc.net"
20 matches
Mail list logo