Thanks,
>
> Josh
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-
users
> >
> > ___
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri
> be from this list
> >
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.
In message <20140528151909.ga66...@redoubt.spodhuis.org>, Phil Pennock writes:
> On 2014-05-28 at 13:02 +1000, Mark Andrews wrote:
> > In message <20140528012734.ga55...@redoubt.spodhuis.org>, Phil Pennock
> > writes:
> > > The registrar for my zone "
users
> >
> >
> >
> >
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.o
made a "." query.
Named returns the query it was asked. It it pointless to return
anything else as the client is supposed to check and discared answers
that don't match.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Au
In message <1401433477.99469.yahoomail...@web121601.mail.ne1.yahoo.com>, Jiann-
Ming Su writes:
>
>
>
> > On Friday, May 30, 2014 12:34 AM, Mark Andrews wrote:
> > >
> > In message
> <1401424053.51486.yahoomail...@web121604.mail.ne1
in several different DNS zones.
> > >
> > > www.domain.com NSns1.domain1.com
> > > NSns2.domain2.com
> > > NS ns3.domain3.net .
> > >
> > > These are the most frustrating as there is really nothing
&
d between zones stubs provided a method to keep
the delegation data up to date. This is no longer supported as it
can lead to stale data in slaves which isn't in any master due to
timing issues.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 211
ransition from TXT to SPF.
i.e. publish a RFC and hope people follow it.
It takes years to do transitions like this. TXT to SPF was actually
ramping up but that is now water under the bridge.
> * - Mark doubtless feels differently.
>
--
Mark Andrews
ad owner name (check-names)" In the past
> (pre hidden primary) they did not fail.
>
> In the past we have not used the `check-names' option, so behavior should
> be default...
> odd since the default behavior is to fail for master zones.
>
> Could this hav
>>HEADER<<- opcode: QUERY, status: NOTAUTH, id: 15607
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dv.isc.org.IN AXFR
;; TSIG PSEUDOSECTION:
transfer. 0 ANY
In message , Raymond Drew Walker writes:
> On 6/9/14, 9:05 PM, "Mark Andrews" wrote:
Input error
>
>
> >
> >In message , Raymond Drew Walker
> >writes:
> >>
> >> Apologies,
> >>
> >> Our workaround was act
Can this easily be done (I did not find a
> switch for .digrc nor another option) or is there a source code change
> needed?
>
> Thanks
> Teddy
-t
Note this will also affect -x
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
P
y reason for starting as root.
Read your OS's documentation.
For FreeBSD i have the following in /etc/sysctl.conf
security.mac.portacl.port_high=1023
net.inet.ip.portrange.reservedlow=0
net.inet.ip.portrange.reservedhigh=0
security.mac.portacl.suser_exempt=1
security.mac.portacl.rules=uid:53:tcp:53,uid:53:
empty */ };
};
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-use
//lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742
ists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871
ags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;ardownload.wip4.adobe.com.INA
>
> ;; ANSWER SECTION:
> ardownload.wip4.adobe.com. 300INCNAME
> ardownload.adobe.com
sH/bgCfbDb2WinhfC6mY4epKr5rlro/
> l3wAnREhW3tJptOhBDB+02V/BoiseAdv
> =oJ7i
> -END PGP SIGNATURE-
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-us
info/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma..
cp +norec
dig com @198.41.0.4 +dnssec +tcp +norec
dig dnskey org +dnssec @199.19.56.1 +ignore +norec
dig dnskey org +dnssec @199.19.56.1 +tcp +norec
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INT
In message
, Wolfgang Rosenauer writes:
> On Fri, Jul 11, 2014 at 1:32 AM, Mark Andrews wrote:
> >
> > Then all of the following should succeed. Please let the
> > list know how you go.
> >
> > dig soa . @198.41.0.4 +norec
> >
27;ve been using HE for the
last 12 years.
Just about every application he is running is trying IPv6 then after
getting network unreachable going on to try IPv4.
For the record it isn't the zone. It's enabling IPv6 locally without
having a working upstream link. You would get that messag
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NS
ontent.
If we could get people away from wanting to use a editor on master
files directly we would. The practice is highly error prone even
for experts.
> --
> Barry Margolin
> Arlington, MA
> ___
> Please visit https://lists.isc.org/m
me records are generated by dnssec-dsfromkey. Yet, when I try to
> register these DS records with EDUCAUSE, their system claims they cannot
> find a matching key in our published zone.
>
> Does anybody see anything out of place? Fortunately, the key is not
> scheduled to be used until 2015, so there's plenty of time
In message <20140715004923.gg31...@bender.unx.csupomona.edu>, "Paul B. Henson"
writes:
> On Tue, Jul 15, 2014 at 10:19:10AM +1000, Mark Andrews wrote:
>
> > The new key does not sign the DNSKEY RRset.
> [...]
> > Make sure the DNSKEY RRset is signed with t
ind to access /etc/hosts fist?
>
> Thanks,
> Guanghua
No.
getaddrinfo, gethostbyname etc. however may access /etc/hosts, NIS,
mDNS, DNS and other databases. You need to read the documentation
that comes with your system for how to control these.
Mark
--
Mark Andrews, ISC
1 Seymour S
OA flbflb-=
> gtm-qydc.intuit.com. hostmaster.flb.intuit.com. 2014022110 10800 3600 60480=
> 0 86400 MsoNormal>Flushing the cache fixes the problem. Disabling prefetch prevents=
> the problem from happening. =
> ; <=
> b>Tedd >=
>
e child a validating
> client might consider the zone bogus and refuse to resolve it.
There has to a working combination of DS/DNSKEY/RRSIG for each
DNSSEC algorithm listed in the DS RRset. DS records without a
matching DNSKEY or matching RRSIG cause validators to do more work.
--
Mark Andr
ul-2014 16:24:34.100 queries: XX /
> 206.117.120.84/129.118.117.206.in-addr.arpa/PTR/IN
>
> I'm running BIND 8.2.4 on Solaris 8
>
> root@bmw:/export/home/dns # in.named -v
> in.named BIND 8.2.4 Tue Jul 13 06:04:59 PDT 2004
> Generic Patch-5.8-July 2004
>
, it does not even seem to access /etc/hosts. But someone
> tells
> > > me Bind can access /etc/hosts first. Can you pls tell me how to
> config
> > > Bind to access /etc/hosts fist?
> > >
> > > Thanks,
> > > Guanghua
> >
> > No.
n the other hand has no bind-like
> zonefiles
Neither dnsmasq nor named read /etc/hosts. Both can be used to
override data from outside. They just have different configuration
methods.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742
Ok, I stand corrected. That said both named and dnsmasq as well
as other products can override data from outside.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
-horizon configuration. I would appre=
> ciate any help.
>
>
> --089e013a044a72db8004fe551784--
>
> --===1218088129802327245==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inlin
YEARECAAYFAlPJg6wACgkQL6j7milTFsEROgCdHomLrHWP8tdMD6uIBR4Q0iJi
> IlEAoIKUYHGxBhGPxe97tGzJdpPKlZ/T
> =7y62
> -END PGP SIGNATURE-
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> fro
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 98
ist
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
) to get the fix. As time goes on it becomes "please
reproduce with a current release"
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please v
and does that? Does a rndc
> reconfig tell BIND to newly bind to the interfaces?
>
> Thanks in advance.
>
> Regards,
> Johannes
Use BIND 9.10. It uses the routing socket to detect interface coming
and going and will automatically rescan the list of interfaces and
rebuild th
9.10 also has "rndc scan" for platforms without a routing socket
or if you want to do it manually.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma.
6_pktinfo then we bind to every interface.
If named is only listening on a subset of interface we bind to each
interface so that the one can run multiple instances and also so
that the correct ICMP messages are emitted.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Au
nt. Anything you say will be misquoted,
> then used against you.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https:
WER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;losscontrol360.com. IN A
>
> ;; ANSWER SECTION:
> losscontrol360.com. 586 IN A 74.208.98.80
>
> ;; Query time: 174 msec
> ;; SERVER: 8.8.8.8#53(8.8.8.8)
> ;; WHEN: Wed Aug 6 16:01:
gned with new key.
No. Once a key is activated it will be used to sign rrsets as they
fall due for re-signing. Named does NOT walk the zone and re-sign
every rrset.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: m
e timestamps in the RRSIGs. In the example above the NSEC
record for ns.example.com is the next RRset that needs to be
re-signed.
> 6. Where can I get more information about DNSSec of Bind 9.10-P2
> beside BIND 9 Administrator Reference Manual because personally, I think
> it does
o2JbNejoFd1gj0WTNphlL2tSoE
> QECltLCbCHSZj8vo7dOoN9kusRKSuKi9rP0Lp/DXCDvhqJ+Woq8y5cgvkLRT5snA
> lgR3hfc44Rc9Tp4K6NoLX7pBVt1nWRWp4hFyJUuZ5B0qXWMCNyBioeNSe2yIFowE
> uV33TazpImavG4qXUjwV1f4EXSgjuSzEUUn2sAm9LdD6knMAOYPpCXw203mtSCan
> +JoXUcwxN+gZHEQaMSBoTsw7DxZS8NVtfdMxrvpL+Ro+LTzs3CJZioc
In message <53fc827e.7090...@redhat.com>, Tomas Hozza writes:
>
> On 08/26/2014 02:27 PM, Mark Andrews wrote:
> > Why would you expect them to succeed?
>
> Because validation using root servers and authoritative servers proved
> that the domain is intentionally uns
The next node to be signed is based on RRSIG expire times.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo
gering
record.
> Sincerely,
>
> Mr.Jittinan Suwanrueangsri
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/lis
t away with it until the introduction
of prod.
Your machine names are host.prod.mydomain.com not host.prod.
Stick to unqualified + search list and fully qualified.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742
.tld:16: ignoring out-of-zone data (www.bt.tld)
> zone dw.tld/IN: has 0 SOA records
> zone dw.tld/IN: has no NS records
You are trying load the bt.tld zone into dw.tld. Fix named.conf.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742
fix named.conf because that is where the error is.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinf
e admins will remember to do
> it; many won't).
No, it's more like formalising existing practice. Universal adoption
would be a long time off but there is a large existing base of MTA's
that will do the right thing.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, N
**
> This e-mail, attachments included, is intended solely for the addressees=
> and should be considered as confidential.Should you receive this messa=
> ge by error, please notify the sender immediately and destroy this e-mail a=
> nd
hieu Arnold
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrew
ng of comment introducer.
A backslash says the next character is a literal except when that
character is a digit in which case it the start of \DDD which is
the decimal value or the character.
THe RHS below is without the master file escaping
"\h\e\l\l\o\;\*" -> hello;*
> -.SUFFIXES: .py
> -.py:
> - cp -f $< $@
> - chmod +x $@
> -
>
> --
> Evan Hunt -- e...@isc.org
> Internet Systems Consortium, Inc.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-user
gt; So, I have to do more troubleshooting about this case.
>
> Thanks for your help
> Zeppi
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visi
x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
> 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYT
> HE.
> -- Terry Pratchett, The Fifth Elephant
> ___
> Please visit https:/
lines showing me the RCODE and the question, which I can match up
> and determine whether a server is returning NOERROR, REFUSED or SERVFAIL
> for a given zone. Is this possible?
>
> Regards,
>
> Anand
> ___
> Please visit https://list
ooverride.com.au
>
> *.nxreturn.com.au
>
>
>
> Is this possible? If not a modification to query.c is the only option.
>
> Has anyone got a src patch for this feature?
>
>
>
> Thanks
>
> Neil
>
>
>
>
>
>
--
Mark Andrews, ISC
1 Seymour St.
doesn't
work as that is not how DNS wildcards work.
Mark
> -Original Message-
> From: Mark Andrews [mailto:ma...@isc.org]
> Sent: Tuesday, 23 September 2014 9:49 AM
> To: Neil
> Cc: bind-us...@isc.org
> Subject: Re: BIND NXDOMAIN {REP=5.1}
>
>
> You jus
ere is no way to escape a wildcard in the DNS.
As for the exclamation point just enter it.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users
is list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valle
_
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Sey
END PGP SIGNATURE-
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/list
out-of-zone da=
> ta".which is the correct way to maintain sev=
> eral zones with fully identical data, but with possibility to use nsupdate =
> to it?
>
> --089e013a0bc62a812c0505888e93--
>
> --===3034082043946855899==
> Content-Type: text/plain; charset="
2fd63cf5 (Mark Andrews 2003-04-10 02:16:11 + 279)
tcp-listen-queue ;
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https
sit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri=
> be from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9
In message <01cfede3$241ccca0$6c5665e0$@ids.it>, "IDS Submit" writes:
>
> Good morning,
>
> with www.acer.it I have the same problem as swupdl.adobe.com
>
> NXDOMAIN with bind 9.10 but NOERROR with Google DNS
>
> I have re
yet. The maintainer of those libraries is aware of the issue. Yes,
it does actually check the DNSKEY records.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Pl
_____
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valle
icMIHVXk/EeEJ1Y7W6vdbwBDJ8M2s=
> =CVi6
> -END PGP SIGNATURE-
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
ers to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
ve SNAME. Copy
> the names into SLIST. Set up their addresses using local data. It may
> be the case that the addresses are not available. The resolver has many
> choices here; the best is to start parallel resolver processes looking
> for the addresses while continuing onward with the add
With all this said a RFC 2317 parent really should let their zone
be transfered as the child zone administrator needs a local copy
of the zone for when their external link goes down. If they do not
have a local copy then reverse lookups will fail once the cached
CNAME records expire.
If your I
In message <548223dd.2050...@mail.ru>, Alexei Malinin writes:
> On 12/05/14 23:33, Mark Andrews wrote:
> > ...
> > With all this said a RFC 2317 parent really should let their zone
> > be transfered as the child zone administrator needs a local copy
> > of the
I see what, what troubleshoot
> steps should I take diagnose the issue? Dump the DB?
>
> Frank
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://li
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=c4abb197160a74f7cd4ad23ebc63fbe0194010ab
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please
We tried to check aa for just this reason but there are to many
broken authoritative servers which just don't set "aa=1" on all the
servers for the zone that we had to back the code change out.
I would just use a server clause to mark nameserver as bogus.
Mark
--
Mark Andrews, I
QUERY, status: NOERROR, id: 34333
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4
>
> ;; QUESTION SECTION:
> ;www.revk.uk. IN
>
> ;; ANSWER SECTION:
> www.revk.uk.3600IN CNAME ghs.google.com.
> ghs.goog
the comment. For responses
from signed zones you will also see NSEC / NSEC3 records in the
comments as well as RRSIG.
NXRRSET (No Such RRset).
NXDOMAIN (No Such Domain).
> Working server shows this in the dump:
> ; authanswer
> ghs.l.google.com. 287 AAAA 2607:f8b0:4001:c08::
172800 IN NS ns3.google.com.
> google.com. 172800 IN NS ns4.google.com.
> ;; Received 170 bytes from 2001:503:a83e::2:30#53(a.gtld-servers.net) in 150
> ms
>
> ;; connection timed out; no servers could be reached
> ==
mentation wrong or is it a bug in the RPZ implementation?
>
> Thanks!
>
> Regards,
> --
> Tomas Hozza
> Software Engineer - EMEA ENG Developer Experience
>
> PGP: 1D9F3C2D
> Red Hat Inc. http://cz.redhat.com
>
__
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley,
In message <00b101d035f0$ff0d76c0$fd286440$@aliyun.com>, "RunxiaWan" writes:
>
> Hi everyone,
> I am writing to ask if bind support long lived tcp connection which can be
> reused by multiple transactions?
Named has always supported multiple queries over TCP sockets.
.no" {=
> type slave; masters {193.14.90.50;}; file "/etc/bind/db/dr=F6mpor.no&=
> quot;;};
>
> Any ideas what may cause this?<=
> o:p>
>
>
>
>
> --_000_517c9484d8744da88841ab30944c5e60jonintexh13portslocal_--
>
> --===0
> ___
> Please visit href="https://lists.isc.org/mailman/listinfo/bind-users";>https://lists.isc.org/mailman/listinfo/bind-users
> to unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> href="https://lists.is
up http://some-rbl.com";>some-rbl.com a>.=A0 If so, how might I do this in bind? =A0Tha=
> nks.Michael Grant
>
> --001a11c37edc38927d050dbea1c9--
>
> --===3081766438372111301==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Conten
rsion should help you for
> > both cases, you don't need to specify allow-query.
>
> I guess, I want the first case...
>
>
>
> Enrico
> ___
> Please visit https://lists.isc.org/mailman/listi
rent config and
> directory protections?
Look at the SE-Linux config.
https://deepthought.isc.org/article/AA-00320/0/Why-cant-named-update-slave-zone-database-files-slave-journal-files-and-master-zones-from-journals-.html
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, A
t; ;; SERVER: 10.120.11.107#53(10.120.11.107) ;; WHEN: Thu Jan 29 11:53:59 CST 2
> 015 ;; MSG SIZE rcvd: 45
>
>
> bb
>
> Brad Bendily
> System Administrator
> Northrop Grumman Corporation
> Louisiana Dept. of
> Children and Family Services
> brad.bend...@
d be to use a bogus domain like .local. or
> maybe part of .localhost.
>
> rbl.local. DNAME 1234-1234-1234.some-rbl.com.
>
> Michael Grant
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
M=3D
>
> ;; ADDITIONAL SECTION:
> ns-e.noaa.gov.86400 IN A 140.90.33.237
> ns-mw.noaa.gov. 86400 IN A 140.172.17.237
> ns-nw.noaa.gov. 86400 IN A 161.55.32.2
> ns-e.noaa.gov.86400 IN
E_ZONE_CHECKING" = yes in order that
> BIND starts.
>
>
> Thanks in advance for your feedback,
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
__
d. It is NOT to
check if every signing rule has been followed. If the rules have
not been followed then validation will fail for some clients.
If the validator only supports algorithm 5 then you get secure.
(You have a matching DNSKEY (5/36778) + RRSIG that you can verify.)
If the validator onl
In message <20150216212821.ga27...@nic.fr>, Stephane Bortzmeyer writes:
> On Tue, Feb 17, 2015 at 07:34:37AM +1100,
> Mark Andrews wrote
> a message of 171 lines which said:
>
> > The validator is *not* supposed to *check* if the zone has been
> > signed with
601 - 700 of 2423 matches
Mail list logo
