> And since we don’t want these following the full recursion out to the
> internet, root hints are intentionally disabled (we’re hoping for at least
> some data hygiene by using these specific forwarders).
That's forward only.
> Setting it to ‘forward only’ resolved the issue.
See above.
> Do
Hi David.
I find your configuration a bit bizarre because you say you don't want
recursion, yet you have both "recursion yes;" and "forward first;' (which
is the default anyway, so this statement is redundant).
"recursion yes;" says to attempt recursion unless something else (like
forwarding) say
of
make install
?
An attempt with (as root, as I'm expecting root-only-writable
destination directories to be touched):
# meson install -C build-dir
is not entirely successful. For some reason the build system
decides to re-do parts of the build, and parts of it now
complains, and it s
On 03. 09. 25 14:53, Havard Eidnes wrote:
Does
https://bind9.readthedocs.io/en/latest/chapter10.html#building-bind-9
help?
Yes, it gets me a bit further.
The current stumbling block is that the configury system can't
find liburcu-common (despite finding the other rcu libs),
seemingly that's be
Uh oh, I wrote this before I checked the meson.build:
We actually should have the workaround in meson too:
## userspace-rcu
urcu_dep = [dependency('liburcu-cds', version: '>=0.10.0')]
if rcu_flavor == 'membarrier'
config.set('RCU_MEMBARRIER', true)
urcu_dep += dependency('liburcu', versio
Well, we had this workaround for urcu << 0.13 in configure.ac,
but I would suggest that you should rather use the latest urcu
release instead of adding the workaround back to meson.build.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Pleas
> Does
> https://bind9.readthedocs.io/en/latest/chapter10.html#building-bind-9
> help?
Yes, it gets me a bit further.
The current stumbling block is that the configury system can't
find liburcu-common (despite finding the other rcu libs),
seemingly that's because the pkg-config file for that libr
On 03. 09. 25 12:31, Havard Eidnes via bind-users wrote:
as previously announced, the BIND 9.21 (development branch) has
changed the build system from venerable autotools to meson
build system. If you build BIND 9 from sources now would be a
good time to try building the development version from
> as previously announced, the BIND 9.21 (development branch) has
> changed the build system from venerable autotools to meson
> build system. If you build BIND 9 from sources now would be a
> good time to try building the development version from sources
> and report any issues you find to our Git
No, the forwarding is disabled if the forwarding list is empty. What you can
probably do is to create a sinkhole address on the localhost (with DROP
firewall rule) and forward to that. However, why not just disable recursion or
properly forward to the AdGuard DNS server instead? Both are perfect
You still have the "forward only;" and "forwarders" statements. Would
commenting those out make a difference?
--
Best regards
Sten Carlsen
Don't be impressed with unintelligible stuff said condescendingly .
-- Radia Perlman.
> On 2 Sep 2025, at 20.12, Ondřej Surý wrote:
>
> https://bind
Hi Sascha.
I have a few questions.
1) Are you sure BIND is forwarding? Is that the term you mean to use?
Please can you take a binary packet capture (pcap, not copy/paste of
terminal output) that shows what the BIND server is doing and send that,
You may have disabled global forwarding but recursio
https://bind9.readthedocs.io/en/v9.20.12/reference.html#namedconf-statement-forwarders
> The default is the empty list (no forwarding).
^^^ you've effectively disabled forwarding.
You haven't described precisely what are you trying to achieve, but you
probably want to disable recursion?
https:
Hello again and thank you for the background.
Firstly, tcpdump. I would recommend a command like this, run in a separate
terminal window just before you make some test queries in another window:
sudo tcpdump -v -i any -c 1 -w port 53
The -c is a safety net to make sure it stops, should you
First of all, thank you for your quick response.
In this case, “forwarding” may be somewhat of a misplaced term.
What I want to achieve, and what has been working for over 5 years,
is for BIND DNS to act as the primary DNS for DNS queries relating to
intranet name resolution (Samba AD),
and for A
On 01. 09. 25 21:37, Adam Burns wrote:
I'm trying to debug some dynamic update zones (using SIG0 keys) after a
BIND version upgrade, and I'm hoing someone on this list can give advice
on potential root cause or at least suggestions on how to debug ...
FTR info on root cause is in the Release No
Upgrade to 9.20. Some computational denial of service fixes involving SIG(0)
where not
back ported to 9.18 but rather the path was just disabled.
> On 2 Sep 2025, at 05:37, Adam Burns wrote:
>
> Hi all,
>
> I'm trying to debug some dynamic update zones (using SIG0 keys) after a BIND
> versio
could see them.
-Steve
-Original Message-
From: Mark Andrews
Sent: Wednesday, August 27, 2025 8:19 PM
To: Steve Gladden
Cc: bind-users@lists.isc.org
Subject: Re: Trying simple NS delegation for a subdomain * I cannot get it to
load/work.
> On 28 Aug 2025, at 10:01, Steve
, 2025 9:30 PM
To: bind-users@lists.isc.org
Subject: Re: Trying simple NS delegation for a subdomain * I cannot get it to
load/work
Read the post from Mark Andrews again.
To check whether or not the “local” zone has the delegation loading correctly,
recursion MUST be turned off when submitting
All good!
I'm up & running now.
And learned some stuff.
-Steve
-Original Message-
From: bind-users On Behalf Of Steve Gladden
Sent: Wednesday, August 27, 2025 9:51 PM
To: Robert McDonald (Bob) ; bind-users@lists.isc.org
Subject: RE: Trying simple NS delegation for a subd
Oh sweet, I'll try that!
-sg
-Original Message-
From: bind-users On Behalf Of Robert
McDonald (Bob)
Sent: Wednesday, August 27, 2025 9:30 PM
To: bind-users@lists.isc.org
Subject: Re: Trying simple NS delegation for a subdomain * I cannot get it to
load/work
Read the post from
fix it.
From: Al
Sent: Wednesday, August 27, 2025 9:14 PM
To: Steve Gladden
Subject: Re: Trying simple NS delegation for a subdomain * I cannot get it to
load/work.
chatgpt was pretty coherent for once:
That message comes from BIND (named) when it tries to resolve a domain and gets
a
Read the post from Mark Andrews again.
To check whether or not the “local” zone has the delegation loading correctly,
recursion MUST be turned off when submitting the query. In the dig command add
the switch +norecurse (or just +norec). That will get rid of the SERVFAIL
response.
Start there.
add the record.
This has me stuck as I can’t add the zone on the remote system, AND I can’t
simply add the NS record on my local system.
Thanks.
-Steve
From: Al
Sent: Wednesday, August 27, 2025 8:13 PM
To: Steve Gladden
Subject: Re: Trying simple NS delegation for a subdomain * I cannot g
> On 28 Aug 2025, at 10:01, Steve Gladden wrote:
>
> Hi this is my first post ever.
> I’m stuck on a very simple task that I have not been able to get it to work.
> I have done this in the past with older versions of BIND but it has been
> quite a while.
>
> I’m trying to delegate to a
Well, this:
https://mailman.mit.edu/pipermail/kerberos-announce/2025q3/thread.html#208
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 26. 8. 2025, at 14:51, Pe
On Tue, Aug 26, 2025 at 02:02:46PM +0200, Petr Špaček wrote:
! On 26. 08. 25 13:24, Petr Špaček wrote:
! > On 26. 08. 25 12:31, Peter 'PMc' Much wrote:
! > > Out of recvsoa
! > > recvgss()
! > > recvgss creating rcvmsg
! > > show_message()
! > > recvmsg reply from GSS-TSIG query
! > > ;; ->>HEADER<
On Tue, Aug 26, 2025 at 02:34:34PM +0200, Ondřej Surý wrote:
! Hmm, given the recent f^Hhiccup in mit krb5, I would suggest to try less
recent version and/or report this to upstream.
Ondrej, I am not familiar with these. Do You have a link or two?
As one might have noticed I am not yet familiar
Hmm, given the recent f^Hhiccup in mit krb5, I would suggest to try less recent
version and/or report this to upstream.
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 25. 8. 20
On 26. 08. 25 13:24, Petr Špaček wrote:
On 26. 08. 25 12:31, Peter 'PMc' Much wrote:
Out of recvsoa
recvgss()
recvgss creating rcvmsg
show_message()
recvmsg reply from GSS-TSIG query
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41256
;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0,
On 26. 08. 25 12:31, Peter 'PMc' Much wrote:
Out of recvsoa
recvgss()
recvgss creating rcvmsg
show_message()
recvmsg reply from GSS-TSIG query
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41256
;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;5466
Hi Michal,
glad to read You!
On Tue, Aug 26, 2025 at 08:50:51AM +0200, Michał Kępień wrote:
! So it looks like krb5 is unable to process the initial GSS-API token
! sent by nsupdate - something inside krb5 returns the
! KRB5_CRYPTO_INTERNAL error code.
!
! Could you perhaps start named with th
On 26. 08. 25 9:25, Daniel Marquez-Klaka wrote:
I recently upgraded from Deb12 to Deb 13 and thereby from bind
9.18.33-1deb to 9.20.11-4deb.
While in former version everything was running as expected I observed a
(to me) strange behavior between bind9.20.11-4-deb and Windows Server
2016, Versio
Hi Robert,
You could install Windows Subsystem for Linux (WSL) and a Linux
distribution of your choice and you should be able to run bind-tools.
cheers
arsen
* Ondřej Surý [2025-08-25 20:19 (+0200)]:
> Nope, no plans for Windows release. Of rather, there is a plan to not release
> anything on
Hi Peter,
> This is the error:
> -
> recvmsg reply from GSS-TSIG query
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4885
> ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;3478577972.sig-conr-e.int
Nope, no plans for Windows release. Of rather, there is a plan to not release
anything on Windows in the future.
FTR new releases work fine on Mac and are available from homebrew or macports.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please d
forwarders?
I don't find a way to do this
-Message d'origine-
De : Mark Andrews
Envoyé : samedi 23 août 2025 22:55
À : DEMBLANS Mathieu
Cc : bind-users@lists.isc.org
Objet : Re: forwarders order
It is smoothed RTT. Forwarders however have highly variable RTT as the records
usu
Mark Andrews wrote:
> Just put the zone file somewhere named can do that.
OK, thanks, that works. I see you answer this every few years.
For secured environments, it'd be better if BIND copied the file over to the
working directory itself. In a typical OCI/Docker image, the configuration
will b
When you use dnssec-policy named updates the zone content. It then wants to
write the updated zone content back out. It does this by writing a temporary
file and when that is complete atomically switching that file with the old zone
file. Just put the zone file somewhere named can do that.
--
I should have mentioned that `managed-keys.bind{,.jnl}` are written
(correctly) to /var/cache/bind. So the `directory` option is doing its job,
just not for the `dnssec-policy` journals.
But `Kgood-with-numbers.com.*` *are* going into /var/cache/bind, so
`dnssec-policy` is getting that part corr
And the corresponding option:
https://bind9.readthedocs.io/en/stable/reference.html#namedconf-statement-journal
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 24. 8. 2025, at
https://bind9.readthedocs.io/en/stable/chapter6.html#the-journal-file
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 24. 8. 2025, at 3:54, Mike wrote:
>
> I just set up `dnss
Mike skrev den 2025-08-24 03:50:
I just set up `dnssec-policy default;` in my zones. Now I'm seeing
error
messages like:
general: error: /etc/bind/good-with-numbers.com.signed.jnl: create:
permission denied
Well, yeah, that's a read-only file system.
options {
directory "/var/cache
It is smoothed RTT. Forwarders however have highly variable RTT as the records
usually needs
to be looked up from the authoritative servers so what you end up measuring is
RTT +
resolution time. RRsets expire at the same time on both the local caching
server and the
forwarders.
> On 21 Aug 2
he bind build. Now I know why my binaries could not
> find their libraries (I edited meson.build to re-add rpath). Am I the only
> end-user who still uses --prefix ?
>
> I also noticed that the new bind is missing chroot support; I cannot find any
> mention of this change in
I'm starting to notice peculiarities of the Kubernetes + Calico + Istio
environment that the server is running in. Haven't determined if that's the
cause yet. But Istio adds iptables nat rules *into the container* that
affect port 53 communication. IDK how it affects it yet, but I raised it on
t
Doug Freed wrote:
> It would be helpful if we could see your actual BIND configuration
Thanks for replying. Attached.
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
acl internals { localhost; /* internal CIDRs */; }; // internal systems
options {
version
On 8/20/25 12:27, Mike wrote:
I set up BIND9 9.20 as a container in a Kubernetes cluster so that it could
provide DNS services for all of my internal systems, via an "internal" view.
Currently it also provides authoritative responses for some secondary servers
in a hidden master configuration, bu
Hey all,
let me highlight the one change we’ve backported from the development branch:
https://bind9.readthedocs.io/en/v9.20.12/changelog.html
The adaptive strategy for memory allocation prepared by Alessio. This backport
should significantly reduce the memory use for deployments with many smal
On 18 Aug 2025, at 14:24, Ondřej Surý wrote:
> Hi Stacey,
>
> I am not sure if I fully understand your question, but I'll try to answer...
>> On 18. 8. 2025, at 15:17, Stacey Marshall wrote:
>>
>> For production does the cmocka option need to be disabled, -Dcmocka=disabled?
>> A cursory look sugg
Hi Stacey,
I am not sure if I fully understand your question, but I'll try to answer...
> On 18. 8. 2025, at 15:17, Stacey Marshall wrote:
>
> For production does the cmocka option need to be disabled, -Dcmocka=disabled?
> A cursory look suggests it is only used within the test code.
> I note th
On 4 Aug 2025, at 17:31, Stacey Marshall wrote:
The 9.21 test framework has an additional requirement on CMocka, from
README.md
Unit tests are implemented using the CMocka unit testing framework.
To build
them, use the option `-Dcmocka=enabled`. Execution of unit tests is
done by the
meson'
Hello Renzo.
There is no point spending time answering these questions for a version of
BIND that is now obsolete. As I suggested in your other post, follow the
instructions in the KB article and install 9.20. After that, if you still
have questions, come back.
Please also read the documentation a
Hi.
1a correct
1b no because you have disabled recursion
1c OK But as I said, if you also have "forward only;" (recommended) it
won't try to recurse, so hints are irrelevant.
2 Your choice. Use packet captures to see what queries CS is receiving and
deal with them appropriately. Tuning must be you
Hi Greg,
Thanks for your help.
1) Just so I'm clear, if I made this configuration:
global forwarding DISABLED
zone "." MISSING
recursion ENABLE
a- server would contact root servers because hints are bulti-in, right ?
b- with same configuration with recursion DISABLED, server would
conta
Hi again, Renzo.
1) Regarding root hints, the explicit hint zone has not been necessary in
BIND for many years as the hints are built-in. This applies if your
resolver is doing recursion. But if you are doing global forwarding - with
"forward only;" as well - then "zone "." {" is pointless anyway.
> From: bind-users on behalf of Greg Choules
> via bind-users
> Reply to: Greg Choules
> Date: Wednesday 6 August 2025 at 20:06
> To: Renzo Marengo
> Cc: "bind-users@lists.isc.org"
> Subject: Re: configure bind in chroot jailenzo. The Linux distros packag
Hi Renzo.
The Linux distros package their own versions of BIND, which they obtain
from ISC and patch over the years, hence it is almost guaranteed to not be
the latest. That may be OK for you. But see here for how to install it
directly if you choose: https://kb.isc.org/docs/isc-packages-for-bind-9
Hi greg,
I'm replacing old DNS virtual server with old Bind with new one.
So I thought to build the same box with the same chroot which gives me jail
environment where *Bind is not able to access system files or outside data.*
But your words are making me think...*if you say it's not necessary.*
I
No.
If you want robustness secondary every internal zone in your recursive servers.
At the minimum secondary the zones at the top of every internal namespace.
Set up also-notify so they stay up to date on changes.
--
Mark Andrews
> El 6 ago 2025, a las 5:34, Michael Mullig via bind-users
Am 05.08.2025 um 19:33:55 Uhr schrieb Michael Mullig via bind-users:
> We're using ISC-Bind (v 9.16.45) out at remote locations to serve as
> part of local DNS service in the event of a WAN outage. However we
> are faced with the possibility that we might also suffer a power
> outage at these loca
Hello,
you could configure Bind at remote
locations as secondaries for your internal domains, so that they
have a copy of the zone locally.
Other, non-internal domains probably
don't matter while WAN isn't working.
> From: "Renzo Marengo"
> Sent: Wednesday, July 30, 2025 7:11:02 AM
> I want to install latest rpm of Bind (9.16.23-31) for Oracle Linux 9 to create
> only cache DNS server which is running in chroot jail.
> I installed several Bind packages included bind-chroot.
> What document do you suggest me
Hi Renzo.
Firstly, please ditch 9.16, it's end of life and take a look at the latest
9.20
Secondly, you didn't respond to points made in your other post about
chroot; i.e. why you think you need it.
Cheers, Greg
On Tue, 5 Aug 2025 at 12:52, Renzo Marengo wrote:
> to configure Bind 9.16.23-RH in
Your DNS client needs to use HTTP/2-without-TLS, not plain HTTP/1.
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 4. 8. 2025, at 18:53, Metin Akin wrote:
>
>
> Hi all,
>
>
On 16 Jul 2025, at 19:35, Ondřej Surý wrote:
> Hi,
>
> as previously announced, the BIND 9.21 (development branch) has changed the
> build
> system from venerable autotools to meson build system. If you build BIND 9
> from sources
> now would be a good time to try building the development versio
To add to what Greg says..
On Fri, 1 Aug 2025, Greg Choules via bind-users wrote:
I would suggest that, if you are really worried about losing control of a
process, or it being used for remote access to your machine, or
something (are either of these why you think you need chroot?) you should
e
Hi Renzo.
This is not intended to sound negative. But why are you stuck on chroot?
What benefit do you think it will bring you? It used to be the case (many
years ago) that if you started BIND as root, it ran as root and chroot made
sense then. But not anymore. It starts with some privilege, to sca
Have you looked here:
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_networking_infrastructure_services/assembly_setting-up-and-configuring-a-bind-dns-server_networking-infrastructure-services
They have a short mentioning of chroot.
:-)
Danjel
On 7/31/2025 9:
Also anything that causes the operating system to crash should be reported to
the operating system vendor. There should be nothing that an application can
do that can cause an operating system to crash. Named is just an application
as far as the operating system is concerned. One of the prim
Casey, we have reports that this has been fixed in the very latest update of
the macOS.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 31. 7. 2025, at 18:43, Casey Decc
> On Jul 31, 2025, at 2:16 AM, Petr Špaček wrote:
>
> On 30. 07. 25 22:24, Casey Deccio wrote:
>>> On Jul 24, 2025, at 1:00 AM, stuart--- via bind-users >> us...@lists.isc.org> wrote:
>>>
>>> This is mostly just me wondering if this is just a "me" issue or whether
>>> this is endemic of BIND o
On 30. 07. 25 22:24, Casey Deccio wrote:
On Jul 24, 2025, at 1:00 AM, stuart--- via bind-users us...@lists.isc.org> wrote:
This is mostly just me wondering if this is just a "me" issue or
whether this is endemic of BIND on OSX.
I use BIND as distributed by brew.sh on OSX (14.7.6, M2 Pro) fo
Perhaps the question that you should explore first would be “Why?” and not “How?”. Then perhaps you should define what you are trying to achieve and ask yourself if it still make sense and what is the current state of art.I believe that dropping caps and having properly set up selinux (or AppArmor)
On Debian I installed bind9 bind9utils and bind9-doc
Edited configuration, restarted services.
Nothing was changed or enabled besides what is mentioned below.
Sorry for not being able to help more, have not used redhat or related,
for more years than I like to remember ;-)
I remember using ve
Thank you very much but my issue is to understand what first step I have to
do, considering that the following rpm are just installed:
bind.x86_64
bind-chroot.x86_64
bind-dnssec-doc.noarch
bind-dnssec-utils.x86_64
bind-libs.x86_64
bind-license.noarch
bind-utils.x86_64
e.g.
chroot folder structure
Could you open an issue on GitLab?
https://gitlab.isc.org/isc-projects/bind9/-/issues
If you could provide a coredump from the assertion failure, that may
help Engineering track this down more easily.
Thanks!
-Doug Freed
Hi Doug,
Thanks, I've gone ahead and done that:
https://gitlab.isc.org/
On 7/30/25 15:39, Chris Fairfield wrote:
Hi all,
I'm hoping to get some guidance into an unusual Assertion Failure we're
encountering.
We're in the process of migrating our DNS Servers to Ubuntu-based hosts,
and as part of that we're also migrating to using tsig keys to help
manage our int
> On Jul 24, 2025, at 1:00 AM, stuart--- via bind-users
> wrote:
>
> This is mostly just me wondering if this is just a "me" issue or whether this
> is endemic of BIND on OSX.
>
> I use BIND as distributed by brew.sh on OSX (14.7.6, M2 Pro) for local
> testing of various things and ran into
On 7/30/2025 1:11 PM, Renzo Marengo wrote:
I want to install latest rpm of Bind (9.16.23-31) for Oracle Linux 9
to create only cache DNS server which is running in chroot jail.
I installed several Bind packages included bind-chroot.
What document do you suggest me to follow to configure bind in
Hi,
I am not aware of a specific guide for doing this. There is
information in the ARM however:
- https://bind9.readthedocs.io/en/latest/chapter7.html#chroot-and-setuid
- https://bind9.readthedocs.io/en/latest/manpages.html#cmdoption-named-t
- https://bind9.readthedocs.io/en/latest/manpages.html#
Hi Julian,
Ok, thanks. It slipped my mind to use DNSviz - thank you for mentioning it.
- J
On 7/24/25 01:19, Julian Panke wrote:
Hi,
DNSviz is showing the issue very clearly so it was not on your side
https://dnsviz.net/d/time.nist.gov/aID54g/dnssec/
regards
Julian Panke
Urspr
Mark Andrews wrote:
> This is consistent with dns64 being configured with a prefix of
> 2607:f0b0:f::/96. Have you been playing around with dns64?
Yes. I do use exactly that!
I didn't connect that ::babe:f00d was within that /96 when I put my dns64 there.
So this is a synthesized rever
This is consistent with dns64 being configured with a prefix of
2607:f0b0:f::/96.
Have you been playing around with dns64?
> On 23 Jul 2025, at 15:19, Michael Richardson wrote:
>
>
> obiwan-[~](3.3.8) mcr 10027 %dig @nic.sandelman.ca -x 2607:f0b0:f::babe:f00d
> ptr
> ;; ANSWER SECTION:
> d.
On Thu, 24 Jul 2025, Michael Richardson wrote:
> nic.sandelman.ca. is also authoritatively serving:
> 0.0.0.0.0.0.0.0.0.0.0.0.f.0.0.0.0.b.0.f.7.0.6.2.ip6.arpa. 86400 IN SOA
> . . 0 28800 7200 604800 86400
> 0.0.0.0.0.0.0.0.0.0.0.0.f.0.0.0.0.b.0.f.7.0.6.2.ip6.arpa. 0 IN NS .
> T
Have you tried bind in the latest macOS beta versions?
James.
> On 24 Jul 2025, at 5:00 pm, stuart--- via bind-users
> wrote:
>
> Hi,
>
> This is mostly just me wondering if this is just a "me" issue or whether this
> is endemic of BIND on OSX.
>
> I use BIND as distributed by brew.sh on OS
Hi,
DNSviz is showing the issue very clearly so it was not on your side
https://dnsviz.net/d/time.nist.gov/aID54g/dnssec/
regards
Julian Panke
Ursprüngliche Nachricht
Am 24.07.25 00:18 schrieb J Doe :
> Hi,
>
> I have a small mail server that is using: BIND 9.20.11 and
On Wed, 23 Jul 2025, Michael Richardson wrote:
When I ask from the IETF123 network:
;; SERVER: 31.130.231.0#53(31.130.231.0) (UDP)
;; ANSWER SECTION:
d.0.0.f.e.b.a.b.0.0.0.0.0.0.0.0.0.0.0.0.f.0.0.0.0.b.0.f.7.0.6.2.ip6.arpa. 7200
IN PTR nic.sandelman.ca.
which is entirely correct.
Probably 3
Well I meant you can run docker containers inside a vm with qemu
emulated hardware, that'd be the bad scenario ...you're right containers
on bare-metal have full visibility of the Instruction set
On 23/07/2025 15:19, Ondřej Surý wrote:
Docker/Podman is just a container, not *-virtualization pla
bind-users
> or, via email, send a message with subject or body 'help' to
> bind-users-requ...@lists.isc.org
>
> You can reach the person managing the list at
> bind-users-ow...@lists.isc.org
>
> When replying, please edit your Subject line so it
Docker/Podman is just a container, not *-virtualization platform, so there’s
full access to the underlying hardware.
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 23. 7. 2025,
On 23/07/2025 15:10, Renzo Marengo wrote:
Thank you very much, I verified and I'm interesting to:
Red Hat Enterprise Linux / CentOS / AlmaLinux 8, 9
what do I think about Oracle Linux 9 ? It' based on RedHat code.
It will work just fine as any other RHEL fork.
--
Visit https://lists.isc.org/
Then maybe rocky. CentOS is not the same any more. Although for just bind it
does not matter that much
> Thank you very much, I verified and I'm interesting to:
>
> Red Hat Enterprise Linux / CentOS / AlmaLinux 8, 9
>
> what do I think about Oracle Linux 9 ? It' based on RedHat code.
>
>
>
Thank you very much, I verified and I'm interesting to:
Red Hat Enterprise Linux / CentOS / AlmaLinux 8, 9
what do I think about Oracle Linux 9 ? It' based on RedHat code.
Il giorno mer 23 lug 2025 alle ore 15:05 Ondřej Surý ha
scritto:
> It would be best to pick something from a list of sup
I’m not sure if a container will pass through the CPU instruction set
required to leverage hardware acceleration on newer (or even not-so-new)
Intel processors. In KVM, for example, you have to enable it explicitly.
One way to check for supported instructions is:
grep -o -w 'aes\|sha_ni\|pclmu
It would be best to pick something from a list of supported platforms:
https://bind9.readthedocs.io/en/v9.20.11/chapter2.html#supported-platforms
And then cross-check it with list of ISC provided packages (Fedora, RHEL-like,
Debian, Ubuntu) if you want a base system that changes less often.
Or
Maybe consider running it in a container and keeping nice and small with alpine
linux
>
> I'd like to migrate from bind 9.11 lo last version.
> This service is acting as cache dns server and It' running on Centos 7
> server, what Linux distro do you suggest me for new Bind?
--
Visit https://lis
On 9 Jul 2025, at 14:02, Niall O'Reilly wrote:
> I'm baffled by something strange I came across yesterday, and would
> appreciate an injection of clue.
This seems to have been a case of PEBKAB.
Apologies for the noise.
Niall
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscr
On 10 Jul 2025, at 16:25, Ondřej Surý wrote:
> current stable release (9.20) and the previous stable 9.18 is in the "deep
> freeze" mode
> where we only fix critical or security bugs
Gosh, I hadn't appreciated that 9.18 was in the freezer, time does fly.
- https://www.isc.org/download/ states it
Hi Andreas,
I'll also provide feedback to you here. We very much appreciate bug reports
like this,
where the submitter puts an effort to diagnose, describe and (possibly) fix the
issue.
Thank you for that. Unfortunately, this particular issue has been already fixed
in the
current stable release
1 - 100 of 2232 matches
Mail list logo
