Re: Architecture Questions

2014-05-28 Thread Mark Andrews
Thanks, > > Josh > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-

Re: Bad performance from BIND 9.10 on RHEL 6.5

2014-05-28 Thread Mark Andrews
users > > > > ___ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri > be from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.

Re: KSK signing all records; NSEC3 algorithm status?

2014-05-28 Thread Mark Andrews
In message <20140528151909.ga66...@redoubt.spodhuis.org>, Phil Pennock writes: > On 2014-05-28 at 13:02 +1000, Mark Andrews wrote: > > In message <20140528012734.ga55...@redoubt.spodhuis.org>, Phil Pennock > > writes: > > > The registrar for my zone "

Re: Reply Code 0x8083 vs 0x8080

2014-05-29 Thread Mark Andrews
users > > > > > > > > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.o

Re: Reply Code 0x8083 vs 0x8080

2014-05-29 Thread Mark Andrews
made a "." query. Named returns the query it was asked. It it pointless to return anything else as the client is supposed to check and discared answers that don't match. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Au

Re: Reply Code 0x8083 vs 0x8080

2014-05-30 Thread Mark Andrews
In message <1401433477.99469.yahoomail...@web121601.mail.ne1.yahoo.com>, Jiann- Ming Su writes: > > > > > On Friday, May 30, 2014 12:34 AM, Mark Andrews wrote: > > > > > In message > <1401424053.51486.yahoomail...@web121604.mail.ne1

Re: RPZ and www.rackspace.com

2014-05-30 Thread Mark Andrews
in several different DNS zones. > > > > > > www.domain.com NSns1.domain1.com > > > NSns2.domain2.com > > > NS ns3.domain3.net . > > > > > > These are the most frustrating as there is really nothing &

Re: stub zones

2014-06-02 Thread Mark Andrews
d between zones stubs provided a method to keep the delegation data up to date. This is no longer supported as it can lead to stale data in slaves which isn't in any master due to timing issues. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 211

Re: SPF RR type

2014-06-05 Thread Mark Andrews
ransition from TXT to SPF. i.e. publish a RFC and hope people follow it. It takes years to do transitions like this. TXT to SPF was actually ramping up but that is now water under the bridge. > * - Mark doubtless feels differently. > -- Mark Andrews

Re: Bad owner name on hidden primary

2014-06-09 Thread Mark Andrews
ad owner name (check-names)" In the past > (pre hidden primary) they did not fail. > > In the past we have not used the `check-names' option, so behavior should > be default... > odd since the default behavior is to fail for master zones. > > Could this hav

Re: tsig-key

2014-06-10 Thread Mark Andrews
>>HEADER<<- opcode: QUERY, status: NOTAUTH, id: 15607 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;dv.isc.org.IN AXFR ;; TSIG PSEUDOSECTION: transfer. 0 ANY

Re: Bad owner name on hidden primary

2014-06-10 Thread Mark Andrews
In message , Raymond Drew Walker writes: > On 6/9/14, 9:05 PM, "Mark Andrews" wrote: Input error > > > > > >In message , Raymond Drew Walker > >writes: > >> > >> Apologies, > >> > >> Our workaround was act

Re: Default query type of dig

2014-06-25 Thread Mark Andrews
Can this easily be done (I did not find a > switch for .digrc nor another option) or is there a source code change > needed? > > Thanks > Teddy -t Note this will also affect -x -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2

Re: Using a DynDNS hostname in master-statement for a bind slave?

2014-06-27 Thread Mark Andrews
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia P

Re: daemon warning

2014-07-01 Thread Mark Andrews
y reason for starting as root. Read your OS's documentation. For FreeBSD i have the following in /etc/sysctl.conf security.mac.portacl.port_high=1023 net.inet.ip.portrange.reservedlow=0 net.inet.ip.portrange.reservedhigh=0 security.mac.portacl.suser_exempt=1 security.mac.portacl.rules=uid:53:tcp:53,uid:53:

Re: problem with NS record resolution

2014-07-02 Thread Mark Andrews
empty */ }; }; Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-use

Re: problem resolving ardownload.adobe.com --enable-sit harmful?

2014-07-03 Thread Mark Andrews
//lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742

Re: Doub about bind9 configuration

2014-07-06 Thread Mark Andrews
ists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871

Re: problem resolving ardownload.adobe.com

2014-07-07 Thread Mark Andrews
ags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;ardownload.wip4.adobe.com.INA > > ;; ANSWER SECTION: > ardownload.wip4.adobe.com. 300INCNAME > ardownload.adobe.com

Re: eia.gov chokes on edns options

2014-07-09 Thread Mark Andrews
sH/bgCfbDb2WinhfC6mY4epKr5rlro/ > l3wAnREhW3tJptOhBDB+02V/BoiseAdv > =oJ7i > -END PGP SIGNATURE- > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-us

Re: DLV dnssec setup

2014-07-10 Thread Mark Andrews
info/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma..

Re: DLV dnssec setup

2014-07-10 Thread Mark Andrews
cp +norec dig com @198.41.0.4 +dnssec +tcp +norec dig dnskey org +dnssec @199.19.56.1 +ignore +norec dig dnskey org +dnssec @199.19.56.1 +tcp +norec -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INT

Re: DLV dnssec setup

2014-07-11 Thread Mark Andrews
In message , Wolfgang Rosenauer writes: > On Fri, Jul 11, 2014 at 1:32 AM, Mark Andrews wrote: > > > > Then all of the following should succeed. Please let the > > list know how you go. > > > > dig soa . @198.41.0.4 +norec > >

Re: own IPv6 zones but no IPv6 uplink

2014-07-11 Thread Mark Andrews
27;ve been using HE for the last 12 years. Just about every application he is running is trying IPv6 then after getting network unreachable going on to try IPv4. For the record it isn't the zone. It's enabling IPv6 locally without having a working upstream link. You would get that messag

Re: Caching Nameserver and BIND RPM Compatibility

2014-07-11 Thread Mark Andrews
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NS

Re: slave zone files unreadable

2014-07-11 Thread Mark Andrews
ontent. If we could get people away from wanting to use a editor on master files directly we would. The practice is highly error prone even for experts. > -- > Barry Margolin > Arlington, MA > ___ > Please visit https://lists.isc.org/m

Re: problem registering DS records with EDUCAUSE, sanity check please

2014-07-14 Thread Mark Andrews
me records are generated by dnssec-dsfromkey. Yet, when I try to > register these DS records with EDUCAUSE, their system claims they cannot > find a matching key in our published zone. > > Does anybody see anything out of place? Fortunately, the key is not > scheduled to be used until 2015, so there's plenty of time

Re: problem registering DS records with EDUCAUSE, sanity check please

2014-07-14 Thread Mark Andrews
In message <20140715004923.gg31...@bender.unx.csupomona.edu>, "Paul B. Henson" writes: > On Tue, Jul 15, 2014 at 10:19:10AM +1000, Mark Andrews wrote: > > > The new key does not sign the DNSKEY RRset. > [...] > > Make sure the DNSKEY RRset is signed with t

Re: Does bind read /etc/hosts?

2014-07-15 Thread Mark Andrews
ind to access /etc/hosts fist? > > Thanks, > Guanghua No. getaddrinfo, gethostbyname etc. however may access /etc/hosts, NIS, mDNS, DNS and other databases. You need to read the documentation that comes with your system for how to control these. Mark -- Mark Andrews, ISC 1 Seymour S

Re: BIND 9.10.0-P2 prefetch problem

2014-07-15 Thread Mark Andrews
OA flbflb-= > gtm-qydc.intuit.com. hostmaster.flb.intuit.com. 2014022110 10800 3600 60480= > 0 86400  MsoNormal>Flushing the cache fixes the problem. Disabling prefetch prevents= > the problem from happening.  = > ; <= > b>Tedd >= >

Re: problem registering DS records with EDUCAUSE, sanity check please

2014-07-15 Thread Mark Andrews
e child a validating > client might consider the zone bogus and refuse to resolve it. There has to a working combination of DS/DNSKEY/RRSIG for each DNSSEC algorithm listed in the DS RRset. DS records without a matching DNSKEY or matching RRSIG cause validators to do more work. -- Mark Andr

Re: Can someone please translate entries from query.log file?

2014-07-15 Thread Mark Andrews
ul-2014 16:24:34.100 queries: XX / > 206.117.120.84/129.118.117.206.in-addr.arpa/PTR/IN > > I'm running BIND 8.2.4 on Solaris 8 > > root@bmw:/export/home/dns # in.named -v > in.named BIND 8.2.4 Tue Jul 13 06:04:59 PDT 2004 > Generic Patch-5.8-July 2004 >

Re: Does bind read /etc/hosts?

2014-07-15 Thread Mark Andrews
, it does not even seem to access /etc/hosts. But someone > tells > > > me Bind can access /etc/hosts first. Can you pls tell me how to > config > > > Bind to access /etc/hosts fist? > > > > > > Thanks, > > > Guanghua > > > > No.

Re: Does bind read /etc/hosts?

2014-07-15 Thread Mark Andrews
n the other hand has no bind-like > zonefiles Neither dnsmasq nor named read /etc/hosts. Both can be used to override data from outside. They just have different configuration methods. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742

Re: Does bind read /etc/hosts?

2014-07-15 Thread Mark Andrews
Ok, I stand corrected. That said both named and dnsmasq as well as other products can override data from outside. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: unable to obtain neither an IPv4 nor an IPv6 dispatch

2014-07-16 Thread Mark Andrews
-horizon configuration. I would appre= > ciate any help. > > > --089e013a044a72db8004fe551784-- > > --===1218088129802327245== > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Content-Disposition: inlin

Re: newsrss.bbc.net.uk slightly broken?

2014-07-18 Thread Mark Andrews
YEARECAAYFAlPJg6wACgkQL6j7milTFsEROgCdHomLrHWP8tdMD6uIBR4Q0iJi > IlEAoIKUYHGxBhGPxe97tGzJdpPKlZ/T > =7y62 > -END PGP SIGNATURE- > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > fro

Re: Bind and ZSK-Rollovers: Changing salt automatically?

2014-07-24 Thread Mark Andrews
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 98

Re: named memory usage

2014-07-25 Thread Mark Andrews
ist > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___

Re: Bind 9.9.5 high CPU and when will Bind9.8 EOL?

2014-07-26 Thread Mark Andrews
) to get the fix. As time goes on it becomes "please reproduce with a current release" Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please v

Re: Reload BIND to listen on additional interface?

2014-07-31 Thread Mark Andrews
and does that? Does a rndc > reconfig tell BIND to newly bind to the interfaces? > > Thanks in advance. > > Regards, > Johannes Use BIND 9.10. It uses the routing socket to detect interface coming and going and will automatically rescan the list of interfaces and rebuild th

Re: Reload BIND to listen on additional interface?

2014-07-31 Thread Mark Andrews
9.10 also has "rndc scan" for platforms without a routing socket or if you want to do it manually. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma.

Re: BIND and listening on interfaces

2014-08-01 Thread Mark Andrews
6_pktinfo then we bind to every interface. If named is only listening on a subset of interface we bind to each interface so that the one can run multiple instances and also so that the correct ICMP messages are emitted. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Au

Re: Metazones or Something Else?

2014-08-05 Thread Mark Andrews
nt. Anything you say will be misquoted, > then used against you. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https:

Re: ISP caching server setup

2014-08-06 Thread Mark Andrews
WER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;losscontrol360.com. IN A > > ;; ANSWER SECTION: > losscontrol360.com. 586 IN A 74.208.98.80 > > ;; Query time: 174 msec > ;; SERVER: 8.8.8.8#53(8.8.8.8) > ;; WHEN: Wed Aug 6 16:01:

Re: bind 9.10-P2 dnssec keys management

2014-08-07 Thread Mark Andrews
gned with new key. No. Once a key is activated it will be used to sign rrsets as they fall due for re-signing. Named does NOT walk the zone and re-sign every rrset. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: m

Re: rndc zonestatus meaning

2014-08-07 Thread Mark Andrews
e timestamps in the RRSIGs. In the example above the NSEC record for ns.example.com is the next RRset that needs to be re-signed. > 6. Where can I get more information about DNSSec of Bind 9.10-P2 > beside BIND 9 Administrator Reference Manual because personally, I think > it does

Re: recursive lookups for UNSECURE names fail if dlv.isc.org is unreachable and dnssec-lookaside is 'auto'

2014-08-26 Thread Mark Andrews
o2JbNejoFd1gj0WTNphlL2tSoE > QECltLCbCHSZj8vo7dOoN9kusRKSuKi9rP0Lp/DXCDvhqJ+Woq8y5cgvkLRT5snA > lgR3hfc44Rc9Tp4K6NoLX7pBVt1nWRWp4hFyJUuZ5B0qXWMCNyBioeNSe2yIFowE > uV33TazpImavG4qXUjwV1f4EXSgjuSzEUUn2sAm9LdD6knMAOYPpCXw203mtSCan > +JoXUcwxN+gZHEQaMSBoTsw7DxZS8NVtfdMxrvpL+Ro+LTzs3CJZioc

Re: recursive lookups for UNSECURE names fail if dlv.isc.org is unreachable and dnssec-lookaside is 'auto'

2014-08-26 Thread Mark Andrews
In message <53fc827e.7090...@redhat.com>, Tomas Hozza writes: > > On 08/26/2014 02:27 PM, Mark Andrews wrote: > > Why would you expect them to succeed? > > Because validation using root servers and authoritative servers proved > that the domain is intentionally uns

Re: dnssec automatic signing

2014-08-28 Thread Mark Andrews
The next node to be signed is based on RRSIG expire times. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo

Re: dnssec automatic signing

2014-08-28 Thread Mark Andrews
gering record. > Sincerely, > > Mr.Jittinan Suwanrueangsri -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/lis

Re: .prod issues

2014-09-05 Thread Mark Andrews
t away with it until the introduction of prod. Your machine names are host.prod.mydomain.com not host.prod. Stick to unqualified + search list and fully qualified. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742

Re: Two domains reporting errors

2014-09-09 Thread Mark Andrews
.tld:16: ignoring out-of-zone data (www.bt.tld) > zone dw.tld/IN: has 0 SOA records > zone dw.tld/IN: has no NS records You are trying load the bt.tld zone into dw.tld. Fix named.conf. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742

Re: Two domains reporting errors

2014-09-09 Thread Mark Andrews
fix named.conf because that is where the error is. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinf

Re: A record of domain name must be name server ?

2014-09-11 Thread Mark Andrews
e admins will remember to do > it; many won't). No, it's more like formalising existing practice. Universal adoption would be a long time off but there is a large existing base of MTA's that will do the right thing. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, N

Re: Promoting slave to master DNS server with dynamic updates

2014-09-11 Thread Mark Andrews
** > This e-mail, attachments included, is intended solely for the addressees= > and should be considered as confidential.Should you receive this messa= > ge by error, please notify the sender immediately and destroy this e-mail a= > nd

Re: BIND 9.10.1rc2 won't build on FreeBSD 10-STABLE

2014-09-12 Thread Mark Andrews
hieu Arnold > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrew

Re: nsupdate, semicolon, backslash

2014-09-12 Thread Mark Andrews
ng of comment introducer. A backslash says the next character is a literal except when that character is a digit in which case it the start of \DDD which is the decimal value or the character. THe RHS below is without the master file escaping "\h\e\l\l\o\;\*" -> hello;*

Re: BIND 9.10.1rc2 won't build on FreeBSD 10-STABLE

2014-09-12 Thread Mark Andrews
> -.SUFFIXES: .py > -.py: > - cp -f $< $@ > - chmod +x $@ > - > > -- > Evan Hunt -- e...@isc.org > Internet Systems Consortium, Inc. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-user

Re: nsupdate, semicolon, backslash

2014-09-13 Thread Mark Andrews
gt; So, I have to do more troubleshooting about this case. > > Thanks for your help > Zeppi -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visi

Re: Change in behaviour regarding ndots and searchlist

2014-09-15 Thread Mark Andrews
x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) > 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYT > HE. > -- Terry Pratchett, The Fifth Elephant > ___ > Please visit https:/

Re: Parsing dig output consistently

2014-09-17 Thread Mark Andrews
lines showing me the RCODE and the question, which I can match up > and determine whether a server is returning NOERROR, REFUSED or SERVFAIL > for a given zone. Is this possible? > > Regards, > > Anand > ___ > Please visit https://list

Re: BIND NXDOMAIN

2014-09-23 Thread Mark Andrews
ooverride.com.au > > *.nxreturn.com.au > > > > Is this possible? If not a modification to query.c is the only option. > > Has anyone got a src patch for this feature? > > > > Thanks > > Neil > > > > > > -- Mark Andrews, ISC 1 Seymour St.

Re: BIND NXDOMAIN {REP=5.1}

2014-09-25 Thread Mark Andrews
doesn't work as that is not how DNS wildcards work. Mark > -Original Message- > From: Mark Andrews [mailto:ma...@isc.org] > Sent: Tuesday, 23 September 2014 9:49 AM > To: Neil > Cc: bind-us...@isc.org > Subject: Re: BIND NXDOMAIN {REP=5.1} > > > You jus

Re: Putting weird characters into zone files ?

2014-09-27 Thread Mark Andrews
ere is no way to escape a wildcard in the DNS. As for the exclamation point just enter it. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users

Re: Maximum DNS packet size?

2014-09-29 Thread Mark Andrews
is list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___

Re: Wildcard oddity

2014-09-29 Thread Mark Andrews
___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valle

Re: Diagnostic help part 2

2014-10-01 Thread Mark Andrews
_ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Sey

Re: Question about swupdl.adobe.com

2014-10-09 Thread Mark Andrews
END PGP SIGNATURE- > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/list

Re: multiple zones in single file, nsupdate and "ignoring out-of-zone data" as result

2014-10-16 Thread Mark Andrews
out-of-zone da= > ta".which is the correct way to maintain sev= > eral zones with fully identical data, but with possibility to use nsupdate = > to it? > > --089e013a0bc62a812c0505888e93-- > > --===3034082043946855899== > Content-Type: text/plain; charset="

Re: BIND listen backlog too small

2014-10-16 Thread Mark Andrews
2fd63cf5 (Mark Andrews 2003-04-10 02:16:11 + 279) tcp-listen-queue ; -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https

Re: Digging to the final IP

2014-10-20 Thread Mark Andrews
sit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri= > be from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9

Re: Again question about edns (like swupdl.adobe.com)

2014-10-22 Thread Mark Andrews
In message <01cfede3$241ccca0$6c5665e0$@ids.it>, "IDS Submit" writes: > > Good morning, > > with www.acer.it I have the same problem as swupdl.adobe.com > > NXDOMAIN with bind 9.10 but NOERROR with Google DNS > > I have re

Re: DLV verify issue

2014-10-23 Thread Mark Andrews
yet. The maintainer of those libraries is aware of the issue. Yes, it does actually check the DNSKEY records. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Pl

Re: numerous nsec3 bad cache hits

2014-10-29 Thread Mark Andrews
_____ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valle

Re: DANE record rejected by named-checkzone

2014-11-04 Thread Mark Andrews
icMIHVXk/EeEJ1Y7W6vdbwBDJ8M2s= > =CVi6 > -END PGP SIGNATURE- > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org

Re: Replacing certain records in a zone

2014-11-05 Thread Mark Andrews
ers to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___

Re: Glue records for secondary NS

2014-12-05 Thread Mark Andrews
ve SNAME. Copy > the names into SLIST. Set up their addresses using local data. It may > be the case that the addresses are not available. The resolver has many > choices here; the best is to start parallel resolver processes looking > for the addresses while continuing onward with the add

Re: DNS: how to verify glue NS records?

2014-12-05 Thread Mark Andrews
With all this said a RFC 2317 parent really should let their zone be transfered as the child zone administrator needs a local copy of the zone for when their external link goes down. If they do not have a local copy then reverse lookups will fail once the cached CNAME records expire. If your I

Re: DNS: how to verify glue NS records?

2014-12-05 Thread Mark Andrews
In message <548223dd.2050...@mail.ru>, Alexei Malinin writes: > On 12/05/14 23:33, Mark Andrews wrote: > > ... > > With all this said a RFC 2317 parent really should let their zone > > be transfered as the child zone administrator needs a local copy > > of the

Re: rndc flushname not working

2014-12-09 Thread Mark Andrews
I see what, what troubleshoot > steps should I take diagnose the issue? Dump the DB? > > Frank > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://li

Re: rndc stop hangs, named stuck at FUTEX WAIT

2014-12-13 Thread Mark Andrews
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=c4abb197160a74f7cd4ad23ebc63fbe0194010ab -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please

Re: Bind's handling of lame nameservers

2014-12-16 Thread Mark Andrews
We tried to check aa for just this reason but there are to many broken authoritative servers which just don't set "aa=1" on all the servers for the zone that we had to back the code change out. I would just use a server clause to mark nameserver as bogus. Mark -- Mark Andrews, I

Re: Unable to get AAAA for www.revk.uk from some of our servers

2014-12-23 Thread Mark Andrews
QUERY, status: NOERROR, id: 34333 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4 > > ;; QUESTION SECTION: > ;www.revk.uk. IN > > ;; ANSWER SECTION: > www.revk.uk.3600IN CNAME ghs.google.com. > ghs.goog

Re: Unable to get AAAA for www.revk.uk from some of our servers

2014-12-23 Thread Mark Andrews
the comment. For responses from signed zones you will also see NSEC / NSEC3 records in the comments as well as RRSIG. NXRRSET (No Such RRset). NXDOMAIN (No Such Domain). > Working server shows this in the dump: > ; authanswer > ghs.l.google.com. 287 AAAA 2607:f8b0:4001:c08::

Re: Unable to get AAAA for www.revk.uk from some of our servers

2014-12-23 Thread Mark Andrews
172800 IN NS ns3.google.com. > google.com. 172800 IN NS ns4.google.com. > ;; Received 170 bytes from 2001:503:a83e::2:30#53(a.gtld-servers.net) in 150 > ms > > ;; connection timed out; no servers could be reached > ==

Re: RPZ zone defined in a view

2015-01-07 Thread Mark Andrews
mentation wrong or is it a bug in the RPZ implementation? > > Thanks! > > Regards, > -- > Tomas Hozza > Software Engineer - EMEA ENG Developer Experience > > PGP: 1D9F3C2D > Red Hat Inc. http://cz.redhat.com >

Re: FYI: adobe.com GSLB DNS servers choking on "nsid"

2015-01-13 Thread Mark Andrews
__ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley,

Re: long lived tcp

2015-01-21 Thread Mark Andrews
In message <00b101d035f0$ff0d76c0$fd286440$@aliyun.com>, "RunxiaWan" writes: > > Hi everyone, > I am writing to ask if bind support long lived tcp connection which can be > reused by multiple transactions? Named has always supported multiple queries over TCP sockets.

Re: Swedish and Danish "ö" conflicts with eachother

2015-01-22 Thread Mark Andrews
.no" {= > type slave; masters {193.14.90.50;}; file "/etc/bind/db/dr=F6mpor.no&= > quot;;}; >   > Any ideas what may cause this?<= > o:p> > > > > > --_000_517c9484d8744da88841ab30944c5e60jonintexh13portslocal_-- > > --===0

Re: is this "normal" if not what to do about it?

2015-01-26 Thread Mark Andrews
> ___ > Please visit href="https://lists.isc.org/mailman/listinfo/bind-users";>https://lists.isc.org/mailman/listinfo/bind-users > to unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > href="https://lists.is

Re: local changes to a domain

2015-01-28 Thread Mark Andrews
up http://some-rbl.com";>some-rbl.com a>.=A0 If so, how might I do this in bind? =A0Tha= > nks.Michael Grant > > --001a11c37edc38927d050dbea1c9-- > > --===3081766438372111301== > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Conten

Re: Allowing recursive queries of 'static-stub' zones

2015-01-29 Thread Mark Andrews
rsion should help you for > > both cases, you don't need to specify allow-query. > > I guess, I want the first case... > > > > Enrico > ___ > Please visit https://lists.isc.org/mailman/listi

Re: problem loading dynamic zone

2015-01-29 Thread Mark Andrews
rent config and > directory protections? Look at the SE-Linux config. https://deepthought.isc.org/article/AA-00320/0/Why-cant-named-update-slave-zone-database-files-slave-journal-files-and-master-zones-from-journals-.html -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, A

Re: sporatic, noaa.gov SERVFAIL

2015-01-29 Thread Mark Andrews
t; ;; SERVER: 10.120.11.107#53(10.120.11.107) ;; WHEN: Thu Jan 29 11:53:59 CST 2 > 015 ;; MSG SIZE rcvd: 45 > > > bb > > Brad Bendily > System Administrator > Northrop Grumman Corporation > Louisiana Dept. of > Children and Family Services > brad.bend...@

Re: local changes to a domain

2015-01-29 Thread Mark Andrews
d be to use a bogus domain like .local. or > maybe part of .localhost. > > rbl.local. DNAME 1234-1234-1234.some-rbl.com. > > Michael Grant -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: sporatic, noaa.gov SERVFAIL

2015-01-29 Thread Mark Andrews
M=3D > > ;; ADDITIONAL SECTION: > ns-e.noaa.gov.86400 IN A 140.90.33.237 > ns-mw.noaa.gov. 86400 IN A 140.172.17.237 > ns-nw.noaa.gov. 86400 IN A 161.55.32.2 > ns-e.noaa.gov.86400 IN

Re: bad zone not loaded

2015-02-03 Thread Mark Andrews
E_ZONE_CHECKING" = yes in order that > BIND starts. > > > Thanks in advance for your feedback, -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org __

Re: [DNSSEC] BIND validates but not Unbound: who is right?

2015-02-16 Thread Mark Andrews
d. It is NOT to check if every signing rule has been followed. If the rules have not been followed then validation will fail for some clients. If the validator only supports algorithm 5 then you get secure. (You have a matching DNSKEY (5/36778) + RRSIG that you can verify.) If the validator onl

Re: [DNSSEC] BIND validates but not Unbound: who is right?

2015-02-16 Thread Mark Andrews
In message <20150216212821.ga27...@nic.fr>, Stephane Bortzmeyer writes: > On Tue, Feb 17, 2015 at 07:34:37AM +1100, > Mark Andrews wrote > a message of 171 lines which said: > > > The validator is *not* supposed to *check* if the zone has been > > signed with

<    2   3   4   5   6   7   8   9   10   11   >