Re: intermittent resolution

2635 bytes from 2610:20:8000:8c00::237#53(ns-e.noaa.gov) in 311 ms > On Oct 30, 2013, at 5:24 PM, Mark Andrews wrote: > > >=20 > > IF YOU WANT HELP SPECIFY THE FAILING DOMAIN NAME. YES I AM = > SHOUTING > >=20 > > This report is like saying you have a p

Re: [External] Re: intermittent resolution

sers mailing list > >> bind-users@lists.isc.org > >> https://lists.isc.org/mailman/listinfo/bind-users > > > > ___ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri > be from this lis

Re: Message parser reports malformed message packet

failed: connection refused. > > > I don't know where to start to solve this issue. Using my Internet > provider's DNS I got a positive answer. > > Could you please help me solve this issue? > > > Thanks in advance. > _______ > P

Re: Message parser reports malformed message packet

0 IN NS ns1.locaweb.com.br. > >> tasker.com.br. 86400 IN NS ns2.locaweb.com.br. > >> tasker.com.br. 86400 IN NS ns3.locaweb.com.br. > >> ;; Received 153 bytes from 200.160.0.10#53(200.160.0.10) in 34 ms > >> > >> ;; Warning: Message parser reports malf

Re: Message parser reports malformed message packet

t https://lists.isc.org/mailman/listinfo/bind-users to unsubscri= > be from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 47

Re: Recursive DNS server cannot resolve the reverse zone records from my IPv6 private network

.3.2.e.3.e.0.0.c.f.ip6.arpa" into a slave zone and transfer the contents from the other server. Add this server as a nameserver to the zone or configure the master to send this server notify messages when the zone changes. Presumably the existing master zone is just a empty zone which i

Re: dns not resolving

thers > required > server1INA192.168.1.50 > server2INA192.168.1.51 > www IN A192.168.1.51 > > This seems simple enough. I'm running dig from the primary DNS server > itself and I'm thinking I should be able to get an answer

Re: Can I have Inbound load balancing achieved with below settings

ng this in pure DNS does not. > > > Joe Yao > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-user

Re: Can I have Inbound load balancing achieved with below settings

In message , Barry Mar golin writes: > In article , > Mark Andrews wrote: > > > No, there is no such requirement. The browsers are just BROKEN if > > they don't try all the offered addresses. All browsers we were > > written after RFC 1123 was published. >

Re: Can I have Inbound load balancing achieved with below settings

In message <661ca5ab225cad04bdcc3831c6964...@tux.org>, Joseph S D Yao writes: > On 2013-11-13 16:44, Mark Andrews wrote: > ... > > RFC 1123 (October 1989) applies to all applications on all hosts. > > Note "SHOULD" and "until". > ... > >

Re: Listen queue overflow

prevent or correct > this properly? You can tune tcp-listen-queue in named.conf. The current default is 10. > Thanks! > > -Vinny > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___

Re: Non-recursive nameserver response to DS request

the zone cam.ac.uk, which of course is true.] > > -- > Chris Thompson > Email: c...@cam.ac.uk > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.i

Re: Allow recursion for esternal resources in a authoritative zone on a "not open" dns server

> 20090 Milanofiori Assago (Mi) - Italia > Phone +39 0282476279 (20279 Voip) > Fax +39 0282476815 > > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind

Re: Allow recursion for esternal resources in a authoritative zone on a "not open" dns server

In message , Barry Margolin writes: > In article , > Mark Andrews wrote: > > > In message > > , > > "Chiesa Stefano" writes: > > > I'd like to know if there is a way to tell to BIND "if the external > > > resource is in a

Re: Recursive DNS server cannot resolve the reverse zone records from my IPv6 private network

gt; > > None of these matches the target of your query, so the result is > > NXDOMAIN. > > Anything else would be strange. > > > > If you need the server to return some other result for this query, you > > must place the

Re: dig 9.9.[234] unable to do zone transfers from MS windows Domain Controllers

rtium, Inc. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- M

Re: any news/info re: RPZ2+RRL patches for bind 9.9.4-P1?

;9.9.4-P1-rpz2+rl.13269.14". > JenL > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://li

Re: dig 9.9.[234] unable to do zone transfers from MS windows Domain Controllers

00 00 00 -pa5.ilabs.. > > 00 00 00 6f 6d 00...om. Again the end of the SRV record is corrupted. Similarly the space is correct for a record ending in .hpl.h

Re: any news/info re: RPZ2+RRL patches for bind 9.9.4-P1?

In message <1385152907.15717.50929393.189b3...@webmail.messagingengine.com>, je n...@promessage.com writes: > Hi Mark, > > On Thu, Nov 21, 2013, at 06:14 PM, Mark Andrews wrote: > > Did you try applying rpz2+rl-9.9.4-P1.patch to 9.9.4-P1? > > No, not yet. Having had

Re: script - automatic change A record

A 1.2.3.5 send EOF else nsupdate << EOF update del host.example.net A update add host.example.net 30 A 1.2.3.4 update add host.example.net 30 A 1.2.3.5 send EOF fi sleep 60 done -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117

Re: Forward zone giving SERVFAIL

her than cop out with NOTIMP or REFUSED which just cause recursive servers to move onto the next listed server and eventually return SERVFAIL to the client. Mark > Anyone have any ideas? > > Thanks, > Neil > > -- > Neil Aggarwal, (972) 834-1565 > We lend money to investors to buy or refinanc

Re: dig ignores +notcp when doing IXFR (DiG 9.5.0-P2)

5-Dec-2013 13:11:35.681 client ::1#55802 (dv.isc.org): view external: query: dv.isc.org IN IXFR -ET (::1) 05-Dec-2013 13:11:49.664 client ::1#50513 (dv.isc.org): view external: query: dv.isc.org IN IXFR -E (::1) -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2

Re: dig ignores +notcp when doing IXFR (DiG 9.5.0-P2)

In message , Matthew Pounsett writes: > > On 2013-12-04, at 21:22 , Mark Andrews wrote: > > > > > The options are processed left to right so the +notcp has to be > > after the ixfr=. > > There are two reasons I don't understand why this is the case. >

Re: dig ignores +notcp when doing IXFR (DiG 9.5.0-P2)

In message <2e1626be-94f8-44e8-a73c-6521c44ba...@conundrum.com>, Matthew Pounsett writes: > > On 2013-12-05, at 01:37 , Mark Andrews wrote: > > > > >>> Note, named will for the use of TCP in its UDP response. > > > > s/for/force/ > >

Re: rndc addzone, global allow-new-zones, 'file not found'

azone/IN: not loaded due > to errors. > Dec 11 10:01:15 named[21120]: addzone failed; reverting. > > From my understanding, though, the relevant configuration options should > allow creating new zones on the fly? > > Any hints? (I'm a bit wary of wading through the code.)

Re: rndc addzone, global allow-new-zones, 'file not found'

In message <20131211120707.11028b38@loki>, Tobias Wolter writes: > > On Wed, 11 Dec 2013 22:01:02 +1100 > Mark Andrews wrote: > > > create the initial zone contents and put it in master/metazone.zone. > > Thanks, I feared that that was a necessary

Re: rndc refresh fails for signed zones

> ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1

Re: DDNS update forwarding

isit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Aus

Re: Re: missing ‘additional section’

of > additional data. > > I hope this helps. > > Niall OReilly And as the NS records are sent that means that the zone content is incomplete. If you were not using DLZ, named would have rejected the zone as there were no address records for the nameservers. --

Re: Adding DS records

ORITY: 5, ADDITIONAL: 3 You don't test for dnssec support by requesting rrsigs. Nameservers can return rrsigs without supporting dnssec. You test for dnssec support by doing a request for something else with "do=1" set (+dnssec) and seeing if rrsig, nsec/nsec3/ds r

Re: Unable to transfer IPv4 reverse zone

I think this has got to the point of running named in the foreground with debugging on the master. named -g -d 100 This will log everything to stderr. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: key type change causing errors

f you don't want the zone to be treated as insecure you need to ensure that DS records for the new algorithm are published and all of the old DS RRsets have expired from cachess before you start to remove the old DS records. Before you publish the new DS records you need to ensure that all cac

Re: Slowing down bind answers ?

sers to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: rndc addzone gets permission denied

It is trying to create a .nzf (new zone file) file in the working directory. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org

Re: dumping master file: tmp-xxx: open: permission denied

info/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma

Re: specifics of downgrading from rpz2 (3rd party patch) -> rpz1 (in Bind release) ?

In message , pgndev writes: > On Mon, Jan 13, 2014 at 2:15 PM, Mark Andrews wrote: > > Why does the *need* to be info as the existing patches works other > > than for the version file which for the fix by hand is pretty > > obvious or you can just leave it as it is in 9.9

Re: How to deny update of statically assgined a/ptr records?

you add prerequisites to the update request to say only add the records if there are no records of the given type. DHCPD does this by default. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org __

Re: transfer signed zone

ple.com.db= > ";    masters {10.0.20.22; }; >};logging {    = > channel dnssec { &= > nbsp;  file "dnssec" versions 10 size 500k; >&n= > bsp;   severity debug 3;  &= > nbsp; print-category no; >&n= > bsp;   print-sever

Re: Insecurity proof failed resolving newsletter.postbank.de - but why?

ng southeast, 4 or 5, occasionally 6 at first. > Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, > occasionally poor at first. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe

Re: "Recursive no;" implications?

; from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: Need help debugging my zone file

rter bind # Yep, the zone file contains a detectable error so named has refused to load it. This is required behaviour from RFC 1034/1035. Mark > SERVFAIL. What am I missing? > _______ > Please visit https://lists.isc.org/mail

Re: Variable SOAs in negative responses

es. > TIA and all that, > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/lis

Re: Variable SOAs in negative responses

; source of mind-boggling amounts of shit when you least expect it. > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org

Re: How to query the "incoming" serial of a zone while inline signing

/lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742

Re: source address problem

gt; bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please vi

Re: SERVFAIL @google

t https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 47

Re: changing NSEC3 salt

e to come up with a random > number. So, its totally non-random...so all I did was take the hex for > two (well-known) letters...for my salt. Since the salt is 'public', > I'll say it. my salt is "KS", or "4b53". > > So now to think

Re: changing NSEC3 salt

numeration. You only change the salt and use a non zero interations if you care about offline enumeration. Optout gives them 1 in x delegations with a NSEC3 record compared to every delegation with a NSEC record. They already know that most of the names in the zone are known. Somewhere around 1 in 1

Re: Trouble building bind with Openssl support

s referenced --with-openssl=. I used gcc on the solaris 9 > system but now we are going through sun studio cc for the build. > > Any help would be greatly appreciated as I expect it is something fairly simp > le I am overlooking. > > Rick. > -- Mark Andrews,

Re: bind-9.9.5 regression test error

/random as well the sources of randomness differ so it is difficult to know apriori if the test will work or not. The random device can also be changed through named.conf. It is nice to see "make test" being run by someone other than us. Mark -- Mark Andrews, ISC 1 Seymo

Re: Plugins for bind9

ouldn't need to change the query id. > Pavel -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-us

Re: Monitoring Zonefiletransfer

always reach expireation time. and i get a lot of > critical messages and a few hours/minutes before expireation it does the > update. Choose sane SOA values. refresh and retry << expire > i hope you can guide me a bit and tell m

Re: cache_dump.db format and meaning

isit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHO

Re: dig +sigchase looping

as expired > > ize: 14px;"> > > > ize: 14px;"> > Any particular reason this should be expected or is it bug worthy (or fixed= > in 9.9.5, as I didn=92t see anything in the change log referring to it)? div> > ize: 14px;"> > =97 > Raymond Walker > &

Re: Configure error - openSSL. Mac OS X

Go back to the orginal configure args and post the errors from config.log. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org

Re: Configure error - openSSL. Mac OS X

ferror (f) || fclose (f) != 0; ; return 0; } So I would do that by hand. gcc -o conftestconftest.c ./conftest If that fails open a bug report with Apple. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742

Re: Configure error - openSSL. Mac OS X

In message , James Brown wri tes: > > On 11 Mar 2014, at 2:15 pm, Mark Andrews wrote: > > > > > The first thing is that configure has decided that we are cross > > compiling which is because the simple executable did not run. > > > > configure:3472:

Re: Configure error - openSSL. Mac OS X

Mark Andrews writes: > > In message , James Brown w > ri > tes: > > > > On 11 Mar 2014, at 2:15 pm, Mark Andrews wrote: > > > > > > > > The first thing is that configure has decided that we are cross > > > compiling which is because the

Re: Configure error - openSSL. Mac OS X

In message <54602b24-14d9-42b4-ad2e-55adf4805...@bordo.com.au>, James Brown wri tes: > > On 11 Mar 2014, at 4:09 pm, Mark Andrews wrote: > > > > > I didn't think I would need to say "save the contents of the program to > > conftest.c". > >

Re: Internal clients' queries for "myhostname." get sent to forwarders. Why?

mail. This reduced problems once people got used to it. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo

Re: How to create a fake root server?

> >> > > > > ___ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > > unsubscribe from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://list

Re: Update Security

t;D" i= > s in the allow-udates ACL on "A" (and not "B" or "= > C") the updates from "D" will be applied.=A0 However an upda= > te from "E" presented to "B" or "C" will be f= > orwarded but not processed. > Is this correct?Bob > > --001a

Re: bind tools on windows wait forever

sit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871

Re: bind tools on windows wait forever

I would so that you only have a single version on the system. That said only dig, host and nslookup tickle this bug so you could get away with not upgrading. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma

Re: Bind 9.9.1 forward zone "local"

".local" is reserved for mDNS. I would say stop trying to use ".local" in the DNS. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org __

Re: Bind 9.9.1 forward zone "local"

In message <53324030.1080...@hireahit.com>, Dave Warren writes: > On 2014-03-25 16:16, Mark Andrews wrote: > > ".local" is reserved for mDNS. I would say stop trying to use ".local" in > > the DNS. > > While true, I don't think it will hel

Re: High recursive client counts

if there are too many. It also drops duplicates where the source port and address are duplicated. Named still has to reply to all the clients which is why they are on the recursing list. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742

Re: DNS64 and DNSSEC - AD bit not set (RFC 6147)

gt; Thanks, > Tom > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org >

Re: DNS64 and DNSSEC - AD bit not set (RFC 6147)

In message , Tom Lanyon wri tes: > On 27 Mar 2014, at 14:48, Mark Andrews wrote: > > No. If the answer is secure and DO=1 then it won't synthesis. > > > > RFC 6147 just gets DO and CD semantics completely wrong. The WG > > wanted there to be signaling that

Re: Problems with auto-dnssec maintain on BIND 9.9.5 (latest patch, FreeBSD)

Rylink > System Administrator > > Dial Telecom a. s. > Kikova 36a/237 > 186 00 Praha 3, esk Republika > Tel.:+420.226204627 > daniel.rysl...@dialtelecom.cz > --- > www.dialtelecom.cz > Dial Telecom, a.s. > Jednodue se pipojte > ------

Re: High recursive client counts

domains when > Internet connection is down. Slave the local zones is the simplest solution. > -- > Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator > For: Enterprise Server Technologies (EST) -- & SafeZone Ally > _______ > Please visit https://lists.isc.org/

Re: socket error on ipv6 link local

uilt with > > '--enable-rrl' > > > > > > > > > > > > Thanks, Paul > > > > > > > > > > > > > > ___ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to

Re: Example of classless reverse-lookup zone

e escaped. Also how do you expect anyone to solve the rest of your problems when you don't give a example and you don't give the real names involved. We are not mind readers. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742

Re: Example of classless reverse-lookup zone

out the rdata content if the owner name ends in "in-addr.arpa" or "ip6.arpa". Mark > On Mon, Apr 7, 2014 at 7:08 PM, Mark Andrews wrote: > > > > > You should read all the error messages. > > > > dns_rdata_fromtext: junk:3: near 'i...@exa

Re: All, do bind9.9.5 support edns0-client-subnet?

server and recursive server. No. edns0-client-subnet will require a significant re-write of the resolver and cache to support. This is currently unfunded work. > thanks. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742

Re: Cross compile bind failing, vis3 ???

(cd $i; make DESTDIR="/blah/blah/bind-9.9.5-S1/lib" all ) || exi > t 1; \ > fi; \ > done > make: Fatal error: Command failed for target 'subdirs' > " > > Does bind not support Vis 3 architecture? > -- Mark Andrews, ISC 1 Seymour St., Dunda

Re: Promoting a slave to master gives syntax error

e' > '--with-libtool' '--enable-shared' '--enable-static' > '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' > '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl'

Re: Cross compile bind failing, vis3 ???

s3 -mt -m64" ./configure --with-openssl=/usr/local/ssl --enab > le-full-report --without-gost --exec-prefix=/usr > --libexecdir=/usr/lib/libexec --includedir=/usr/include > > Even after I edit the configure script to have cross_compile=yes, it still > responds with no during the config

Re: How to disable DNSSEC/EDNS for lwresd

gt; Regards, > -- > Tomas Hozza > Software Engineer - EMEA ENG Developer Experience > > PGP: 1D9F3C2D > Red Hat Inc. http://cz.redhat.com > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-u

Re: GSS-TSIG updates from Windows clients

See tkey-gssapi-credential ; tkey-gssapi-keytab ; grant ms-subdomain ; -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please

Re: BIND 9.10 compilation problem for FreeBSD 6.x/7.x

yne, Northwest Dogger: Southerly or > southwesterly 4 or 5. Slight or moderate. Showers. Good, occasionally > moderate. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org

Re: bind 9.10.0 xfer test failing

recently. If you roll back Net::DNS to version 0.72 the test should succeed. "ans" needs to be rewritten in parts to work with the with the new Net::DNS. > - J=F8rgen Thomsen > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri= > be from

Re: BIND 9.10.0 is now available

.isc.org/isc/bind9/9.10.0 ftp://ftp.isc.org/isc/bind9/9.10.0 Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/li

Re: RPZ and www.rackspace.com

erif">www.rackspace.com ize=2 face="sans-serif">. >             IN     >  A > > > ;; ANSWER SECTION: > face="sans-serif">www.rackspace.com t size=2 face="sans-serif">. >      298     IN      CNAME   > face="sans-serif

Re: Point domain name of my zone to name in somebody else's zone?

gt; = > > > bind-users@lists.isc.org <mailto:bind-users@lists.isc.org> > > = > > > https://lists.isc.org/mailman/listinfo/bind-users > > = > > > = > > > = > > > = > > > = > > > __

Re: No-Sync-at-Slave

out > > May 7 21:43:31 ns2 named[1381]: [ID 873579 daemon.error] transfer of > 'domain.com/IN' from 212.93.192.4#53: failed to connect: timed out > > > > > > Any one's help would be highly appreciated thanks in advance. > > > &

Re: Point domain name of my zone to name in somebody else's zone?

is impossible, but I would > hazard a guess that since DNAMEs already return a matching CNAME and > nothing explodes, the problems would be minor and limited in scope. > > -- > Dave Warren > http://www.hireahit.com/ > http://ca.linkedin.com/in/davejwarren > > >

Re: Point domain name of my zone to name in somebody else's zone?

In message <536c0392.3020...@hireahit.com>, Dave Warren writes: > On 2014-05-08 15:09, Mark Andrews wrote: > > In message <536bcced.8060...@hireahit.com>, Dave Warren writes: > >> On 2014-05-08 07:45, Barry Margolin wrote: > >>> In article , > >&

Re: Bind 9.10 64 bit

sion preserving data. Install the 64 bit version. 9.10.0 changes the default install location so you may want to move your data across. x86: CSIDL_PROGRAM_FILESX86 x64: CSIDL_PROGRAM_FILES -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PH

Re: bin 9.10 verbose logging

> > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/list

Re: Slave zone intermittently not refreshing

ribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___

Re: isc domain lookup

;Thanks for your help > ns-serif;font-size:12px;line-height:18px"> =3D"font-family:'Helvetica Neue',Arial,Helvetica,sans-serif;font-si= > ze:12px;line-height:18px">Y.E. > ns-serif;font-size:12px;line-height:18px">=C2=A0 > > --001

Re: About the prefetch function within bind 9.10.

If there is a query in that 9 second window then named will make a query to repopulate the cache. If there is not a query then the records will expire. You only want to prefetch records that are being queried for regularly. On 18/05/2014, at 17:18, Hongyi Zhao wrote: > What do you mean by s

Re: Handling of expired RRSIG records - ise.gov

se.gov and th > e date on the SOA RRSIG record is indeed in the future. > > How is BIND deciding it is okay to return the A and MX records, and that this > is not some sort of DNS replay attack? > > > > > > ___ > Please visit

Re: bind 9.10..0-P1 rndc: 'retransfer' failed: not found; other rndc commands are ok

; parse message > rndc: 'retransfer' failed: not found > > I've looked around online, and 'retransfer' seems to still be a valid > command. > > What's wrong with my usage of retransfer? >

Re: bind 9.10..0-P1 rndc: 'retransfer' failed: not found; other rndc commands are ok

finding the zone? Presumably it is not a slave or a stub. retransfer is only applicable to slave and stub zones. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-u

Re: TSIG afxr failed while receiving responses: REFUSED

esponses: REFUSED > 21-May-2014 09:34:12.068 transfer of 'example.net/IN' from ip.address.of.mast > er#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.080 secs (0 byte > s/sec) > > and I see on the master: > > 21-May-2014 16:34:12.031 client ip.address.of.slave#4

Re: TSIG afxr failed while receiving responses: REFUSED

key"; }; > > }; > _______ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark

Re: TSIG afxr failed while receiving responses: REFUSED

In message <5382eb30.6040...@ripe.net>, Anand Buddhdev writes: > On 26/05/2014 01:53, Mark Andrews wrote: > > Hi Mark, > > > Actually that isn't the mistake as they are both run through > > dns_name_fromtext which will normalise them before comparison. >

Re: KSK signing all records; NSEC3 algorithm status?

--- > > iQEcBAEBCAAGBQJThTt4AAoJEKBsj+IM0duFFq4IAJ+dn1+0Vkm7XnN+r70QDWmD > fgEN0G9D72TRJ0lYqkd19W/qwctfKDkCUaTt3BIjRwBDV3bQXxqLQkXxH7jWFNXK > czZEEm6mOKCQWcBEKAMtfWM5cGKGAjSjfvbA2ZOAvuUIkDfYN0s4kcWYFTre7Zyk > SSnZi909xs1ZPiuz447dmUBr3gg5wNJAuUNiNJJP9DHriu6542DdRzUtbu3zmABG > rBAjS/bud

<    1   2   3   4   5   6   7   8   9   10   >