Using Wildcards in Subdomain Records
Hello allI have a main domain (aa.example.com) that have hundereds of sub-domain ( bb.aa.example.com). I am setting a wildcard in the record file for the main domain so it forwards all subdomains to a number of addresses in a round-roben fashion( the record as follows "* IN A 192.168.1.x ) the issue I am facing is the wildcard forwards any subdomain regardless wether it is a true subdomain ( bb.aa.example.com ) or it is not a true subdomain ( xx.bb.aa.example.com ) QQQSent from my Galaxy<>-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Issue Using Wildcards for Subdimain Redirecing
Hello allI have a main domain ( aa.example.com) with hunderds of subdomains ( bb.aa.example.com). I made a wildcard record to forward all subdomains (bb.) to a list of addresses in round-robin fashion. The problem I am fscing is the wildcard is forwarding anything towards the the IP ( example , "cc.bb." which is not a vaild subdomain). How can I limit that so it will only forwards ( bb.aa.example.com) and drops any invalid subdomains ( cc.bb.aa.example.com ).Note: aa, bb, and cc being any arbitary value.Regards Muhanad Abdullah Sent from my Galaxy-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Using Wildcards in Subdomain Records
On 17.02.22 11:08, muhanad wrote: Hello allI have a main domain (aa.example.com) that have hundereds of sub-domain ( bb.aa.example.com). I am setting a wildcard in the record file for the main domain so it forwards all subdomains to a number of addresses in a round-roben fashion( the record as follows "* IN A 192.168.1.x ) the issue I am facing is the wildcard forwards any subdomain regardless wether it is a true subdomain ( bb.aa.example.com ) or it is not a true subdomain ( xx.bb.aa.example.com ) These are subdomains too. And this is how wildcards work, you can't change it. If you don't like it, you'll have to list all records. if there are the same records with multiple addresses, you can define wildcard.example.com. A 192.0.2.1 A 192.0.2.2 A 192.0.2.3 bb.aa.example.com. CNAME wildcard.example.com. cc.aa.example.com. CNAME wildcard.example.com. etc. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. LSD will make your ECS screen display 16.7 million colors -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ipv6 adoption
Hi Grant, On Thu, 17 Feb 2022, Grant Taylor wrote: Please clarify if you are talking about DNSSEC for your own zone that they are doing secondary transfers of or if you are talking about DNSSEC for the IPv6's reverse DNS namespace that they delegate to you. Ah, good point Grant. The reverse zones are delegated to us but they aren't signed. -- 73, Ged. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: bind-users Digest, Vol 3907, Issue 3
Ok , this is one issue solved ; I have another issue. The main domain from previous ( example.com ) needs to be forwarded to the internet and resolved normally, and with current configuration when I do nslookup from inside the NDS server it resolves normally , the problem is with client machines when they use my DNS the main domain ( example .com, aa.example.com) don't reply back and the nslookup shows no results. Below are the zone config. $TTL604800 @ IN SOA ns1.plciq.com. root.plciq.com. ( 602172022 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns1.plciq.com ns1 IN A 192.168.1.1 * IN A 192.168.1.5 * IN A 192.168.1.6 * IN A 192.168.1.7 -Original Message- From: bind-users On Behalf Of bind-users-requ...@lists.isc.org Sent: Thursday, February 17, 2022 3:00 PM To: bind-users@lists.isc.org Subject: bind-users Digest, Vol 3907, Issue 3 Send bind-users mailing list submissions to bind-users@lists.isc.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.isc.org/mailman/listinfo/bind-users or, via email, send a message with subject or body 'help' to bind-users-requ...@lists.isc.org You can reach the person managing the list at bind-users-ow...@lists.isc.org When replying, please edit your Subject line so it is more specific than "Re: Contents of bind-users digest..." Today's Topics: 1. Re: Using Wildcards in Subdomain Records (Matus UHLAR - fantomas) 2. Re: ipv6 adoption (G.W. Haywood) -- Message: 1 Date: Thu, 17 Feb 2022 10:02:59 +0100 From: Matus UHLAR - fantomas To: bind-users@lists.isc.org Subject: Re: Using Wildcards in Subdomain Records Message-ID: Content-Type: text/plain; charset=iso-8859-2; format=flowed On 17.02.22 11:08, muhanad wrote: >Hello allI have a main domain (aa.example.com) that have hundereds of >sub-domain ( bb.aa.example.com). I am setting a wildcard in the record >file for the main domain so it forwards all subdomains to a number of >addresses in a round-roben fashion( the record as follows "*? IN? A >192.168.1.x ) the issue I am facing is the wildcard forwards any >subdomain regardless wether it is a true subdomain ( bb.aa.example.com >) or it is not a true subdomain ( xx.bb.aa.example.com ) These are subdomains too. And this is how wildcards work, you can't change it. If you don't like it, you'll have to list all records. if there are the same records with multiple addresses, you can define wildcard.example.com. A 192.0.2.1 A 192.0.2.2 A 192.0.2.3 bb.aa.example.com. CNAME wildcard.example.com. cc.aa.example.com. CNAME wildcard.example.com. etc. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. LSD will make your ECS screen display 16.7 million colors -- Message: 2 Date: Thu, 17 Feb 2022 09:06:45 + (GMT) From: "G.W. Haywood" To: bind-users@lists.isc.org Subject: Re: ipv6 adoption Message-ID: <9d13a6b-d52-fc51-ed31-46b314f1...@jubileegroup.co.uk> Content-Type: text/plain; format=flowed; charset=US-ASCII Hi Grant, On Thu, 17 Feb 2022, Grant Taylor wrote: > Please clarify if you are talking about DNSSEC for your own zone that > they are doing secondary transfers of or if you are talking about DNSSEC > for the IPv6's reverse DNS namespace that they delegate to you. Ah, good point Grant. The reverse zones are delegated to us but they aren't signed. -- 73, Ged. -- Subject: Digest Footer ___ ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- End of bind-users Digest, Vol 3907, Issue 3 *** -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Is there a community product maintaining Windows support?
Fortunately (or unfortunately), the existing port of the 9.16.x bind code to Windows is built with Microsoft tools (MSVC2019) and contains its own handling of differences between Windows and Unix. If a maintainer stepped up to maintain the source for a port, I could compile it locally for our own systems, as I happen to also be a software developer using bind to support that activity. I know that there is a project that builds a 3rd party installer for the Windows port (I currently use the simple upstream install utility that is included in the ISC binary download), and I was hoping that maybe someone from that installer project could extend it to also maintain the port itself. On 2022-02-11 18:02, Ted Mittelstaedt wrote: I just became a maintainer on the apcupsd project. I don't know if bind for windows is built like apcupsd is, by using mingw32 but unfortunately there's problems with the mingw32 project these days, it's gone through a lot of transitions. Getting a working build environment for apcupsd at least, requires using pretty old versions of mingw. No doubt I'm going to be jumped on for saying so but I know for apcupsd I've got a -lot- of work to do to get it up to speed. There are some people out there who have built their own mingw32/mingw64 binaries that are separate from the ones "officially" distributed which might be an avenue. My guess the ISC developer who was spearheading this port moved on to other things and ISC can't find someone who wants to get involved in this and I can understand why. There is an interesting article on this problem here: https://increment.com/open-source/the-rise-of-few-maintainer-projects/ I would ask you this Jakob - would you trust a windows binary of bind that you compiled? I've got years of history participating on the apcupsd project. When I start submitting changes to it, the users of it have that trust automatically from that history. They won't worry if they download a binary from sourceforge that I built that it's going to gun their system. I'm a public figure in OSS besides that - people may like me or think I'm an asshole - but they know I'm a real person who has a rep. to maintain. I've got a business, federal and state tax ID's, a published phone number, multiple domain names I've owned for years. I can't run and hide. You can probably review the bind mailing list and dig out less than 100 names of people who have been on it, regularly posting, for the last decade. If none of those people step up to create a fork - then the windows port is effectively going to be dead I'm afraid. Nobody is going to trust "some dude" with zero history who sets up on github and forks bind and posts a windows binary for downloading just because he says it's gold. Would you? Trust a production system to that? OSS got it's start by making the CODE available, NOT BINARIES. Users like you were expected to be completely happy with the fact that the code was even there at all and it compiled. You do your own building. Not knowing how to run a compiler is no excuse. The Internet has tons of tutorials on it. You want a bind for windows - build it yourself. That's the can-do attitude that OSS started with. I remember the first time I ever downloaded an real OSS code and built it myself. It was rzsz - zmodem code for windows. Back in the BBS days, really. That's the only way you got that binary. It was a total gas and I was hooked. Don't deny yourself the same pleasure. Ted On 2/11/2022 8:24 AM, Jakob Bohm via bind-users wrote: As ISC has apparently announced that it will no longer maintain the code for running bind on Windows operating systems, and that this is now up to the community, is there a community group that has stepped up to the task? Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind: Standard Ports And Non Standard Ports
On 2022-02-12 09:01, Greg Choules wrote: > "...to use a traditional VPN solution such as DNSSEC ..." DNSSEC is not a VPN service. It is regular, unencrypted DNS on port 53, or whichever port you choose - see the manuals and KB articles for how to configure non-standard ports. DNSSEC adds extra records to provide checks that answers are genuine. Oops, typo, I meant IPSEC. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ipv6 adoption (HE & DNSSEC)
On 17-Feb-22 04:06, G.W. Haywood wrote: Hi Grant, On Thu, 17 Feb 2022, Grant Taylor wrote: Please clarify if you are talking about DNSSEC for your own zone that they are doing secondary transfers of or if you are talking about DNSSEC for the IPv6's reverse DNS namespace that they delegate to you. Ah, good point Grant. The reverse zones are delegated to us but they aren't signed. Yes, the issue with HE is that while they will delegate reverse zones to you, they don't accept DS records. So you can sign your zones, but there is no signature chain to the root. Before ISC retired DLV, it was possible to use that path - and I did. But unfortunately that ship has sailed. dnsviz shows that HE hasn't signed its reverse zone. That would be a prerequisite to DNSSEC for zones it delegates to customers, as would be a mechanism for submitting DS records to HE. The issue has been open for (almost) 12 years. I haven't seen any updates from HE since the incoherent reply in the thread at https://forums.he.net/index.php?topic=890.msg22055#msg22055 It's rather difficult to exert pressure on a vendor that's providing a free service. But enough polite requests might help. Perhaps further discussion of this belongs elsewhere...it seems to be wandering from BIND. Timothe Litt ACM Distinguished Engineer -- This communication may not represent the ACM or my employer's views, if any, on the matters discussed. OpenPGP_signature Description: OpenPGP digital signature -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Windows 9.16.25 fails to start (1067 Terminated unexpectedly)
On 2022-02-12 01:06, Richard T.A. Neal wrote: I run BIND on Windows as well but I've been unable to upgrade to 9.16.25 - I get an error stating "Error Validating Account. Unable to install service using this account.". So I'm presently running 9.16.21. What are the last few things in the Application Event Log (Source: named) before it terminates? Richard. -Original Message- From: bind-users On Behalf Of Jakob Bohm via bind-users Sent: 11 February 2022 12:19 pm To: bind-users Subject: Windows 9.16.25 fails to start (1067 Terminated unexpectedly) Dear list, When recently trying to upgrade some secondary-only authoritative servers running on Windows machines, I found that Bind 9.16.25 (x86_64) binaries from isc.org failed to completely startup, causing Windows to report that "1067 The process terminated unexpectedly.", with 0 process exit code. Attempting to up the debug level all the way to "-d 100" failed to log a reason, but downgrading to the 9.16.21 binaries resumed operation. Is there a known issue and workaround for this, or is there any additional information to extract? The latest in the log (I directed it to a file, as the Event Viewer wrapping in the port was badly done) were the mentioned fetch of ./NS etc. interspersed with zone loading messages for default zones (I temporarily commented out the real zones to shorten the config, but it still failed). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Using Wildcards in Subdomain Records
ithub and forks > bind and posts a windows binary for downloading just because he says > it's gold. > Would you?? Trust a production system to that? > > OSS got it's start by making the CODE available, NOT BINARIES. Users > like you were expected to be completely happy with the fact that the > code was even there at all and it compiled.?? You do your own building. > Not knowing how to run a compiler is no excuse.? The Internet has tons > of tutorials on it. > > You want a bind for windows - build it yourself.? That's the can-do > attitude that OSS started with.? I remember the first time I ever > downloaded an real OSS code and built it myself.? It was rzsz - zmodem > code for windows.? Back in the BBS days, really.? That's the only way > you got that binary.? It was a total gas and I was hooked.? Don't deny > yourself the same pleasure. > > Ted > > > On 2/11/2022 8:24 AM, Jakob Bohm via bind-users wrote: >> As ISC has apparently announced that it will no longer maintain the >> code for running bind on Windows operating systems, and that this is >> now up to the community, is there a community group that has stepped >> up to the task? >> Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- Message: 3 Date: Thu, 17 Feb 2022 13:50:00 +0100 From: Jakob Bohm To: bind-users@lists.isc.org Subject: Re: Bind: Standard Ports And Non Standard Ports Message-ID: Content-Type: text/plain; charset=utf-8; format=flowed On 2022-02-12 09:01, Greg Choules wrote: > > "...to use a traditional VPN solution such as DNSSEC?..." > DNSSEC is not a VPN service. It is regular, unencrypted DNS on port 53, > or whichever port you choose - see the manuals and KB articles for how > to configure non-standard ports. DNSSEC adds extra records to provide > checks that answers are genuine. Oops, typo, I meant IPSEC. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- Message: 4 Date: Thu, 17 Feb 2022 08:00:55 -0500 From: Timothe Litt To: bind-users@lists.isc.org Subject: Re: ipv6 adoption (HE & DNSSEC) Message-ID: Content-Type: text/plain; charset="utf-8"; Format="flowed" On 17-Feb-22 04:06, G.W. Haywood wrote: > Hi Grant, > > On Thu, 17 Feb 2022, Grant Taylor wrote: > >> Please clarify if you are talking about DNSSEC for your own zone that >> they are doing secondary transfers of or if you are talking about >> DNSSEC for the IPv6's reverse DNS namespace that they delegate to you. > > Ah, good point Grant. > > The reverse zones are delegated to us but they aren't signed. > Yes, the issue with HE is that while they will delegate reverse zones to you, they don't accept DS records.? So you can sign your zones, but there is no signature chain to the root. Before ISC retired DLV, it was possible to use that path - and I did.? But unfortunately that ship has sailed. dnsviz shows that HE hasn't signed its reverse zone.? That would be a prerequisite to DNSSEC for zones it delegates to customers, as would be a mechanism for submitting DS records to HE. The issue has been open for (almost) 12 years.? I haven't seen any updates from HE since the incoherent reply in the thread at https://forums.he.net/index.php?topic=890.msg22055#msg22055 It's rather difficult to exert pressure on a vendor that's providing a free service.?? But enough polite requests might help. Perhaps further discussion of this belongs elsewhere...it seems to be wandering from BIND. Timothe Litt ACM Distinguished Engineer -- This communication may not represent the ACM or my employer's views, if any, on the matters discussed. -- next part -- An HTML attachment was scrubbed... URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220217/2a2c2c60/at tachment-0001.htm> -- next part -- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220217/2a2c2c60/at tachment-0001.sig> -- Message: 5 Date: Thu, 17 Feb 2022 15:07:47 +0100 From: Jakob Bohm To: bind-users@lists.isc.org Subject: Re: Windows 9.16.25 fails to start (
Re: Windows 9.16.25 fails to start (1067 Terminated unexpectedly)
Log isn’t going to help here if named is crashing. Getting a backtrace or anything that closely resembles one would help. Running debug build under MSVS would help. Or doing git bisect and pinpoint the breakage to a commit or at least Merge commit would help. This is part of the problem - debugging on Windows is extremely painful and requires expertise with extremely high learning curve. -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 17. 2. 2022, at 15:08, Jakob Bohm via bind-users > wrote: > > >> On 2022-02-12 01:06, Richard T.A. Neal wrote: >> I run BIND on Windows as well but I've been unable to upgrade to 9.16.25 - I >> get an error stating "Error Validating Account. Unable to install service >> using this account.". So I'm presently running 9.16.21. >> >> What are the last few things in the Application Event Log (Source: named) >> before it terminates? >> >> Richard. >> >> -Original Message- >> From: bind-users On Behalf Of Jakob Bohm >> via bind-users >> Sent: 11 February 2022 12:19 pm >> To: bind-users >> Subject: Windows 9.16.25 fails to start (1067 Terminated unexpectedly) >> >> Dear list, >> >> When recently trying to upgrade some secondary-only authoritative servers >> running on Windows machines, I found that Bind 9.16.25 (x86_64) binaries >> from isc.org failed to completely startup, causing Windows to report that >> "1067 The process terminated unexpectedly.", with 0 process exit code. >> Attempting to up the debug level all the way to "-d 100" >> failed to log a reason, but downgrading to the 9.16.21 binaries resumed >> operation. >> >> Is there a known issue and workaround for this, or is there any additional >> information to extract? >> >> > The latest in the log (I directed it to a file, as the Event Viewer wrapping > in the port was badly done) were the mentioned fetch of ./NS etc. > interspersed with zone loading messages for default zones (I temporarily > commented out the real zones to shorten the config, but it still failed). > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Is there a community product maintaining Windows support?
As the original developer of the Windows version of bind9, I can tell you that ISC has removed support for the WIndows version from their newer versions of the code and there are other changes that would need a lot of work to catch back up. Since BIND9 is under continuous development you'd be in a constant race to keep up. It's not worth the effort. I have recommended that you use the docker image version of BIND9 and run that on your Windows box. Danny On 2/17/22 7:42 AM, Jakob Bohm via bind-users wrote: Fortunately (or unfortunately), the existing port of the 9.16.x bind code to Windows is built with Microsoft tools (MSVC2019) and contains its own handling of differences between Windows and Unix. If a maintainer stepped up to maintain the source for a port, I could compile it locally for our own systems, as I happen to also be a software developer using bind to support that activity. I know that there is a project that builds a 3rd party installer for the Windows port (I currently use the simple upstream install utility that is included in the ISC binary download), and I was hoping that maybe someone from that installer project could extend it to also maintain the port itself. On 2022-02-11 18:02, Ted Mittelstaedt wrote: I just became a maintainer on the apcupsd project. I don't know if bind for windows is built like apcupsd is, by using mingw32 but unfortunately there's problems with the mingw32 project these days, it's gone through a lot of transitions. Getting a working build environment for apcupsd at least, requires using pretty old versions of mingw. No doubt I'm going to be jumped on for saying so but I know for apcupsd I've got a -lot- of work to do to get it up to speed. There are some people out there who have built their own mingw32/mingw64 binaries that are separate from the ones "officially" distributed which might be an avenue. My guess the ISC developer who was spearheading this port moved on to other things and ISC can't find someone who wants to get involved in this and I can understand why. There is an interesting article on this problem here: https://increment.com/open-source/the-rise-of-few-maintainer-projects/ I would ask you this Jakob - would you trust a windows binary of bind that you compiled? I've got years of history participating on the apcupsd project. When I start submitting changes to it, the users of it have that trust automatically from that history. They won't worry if they download a binary from sourceforge that I built that it's going to gun their system. I'm a public figure in OSS besides that - people may like me or think I'm an asshole - but they know I'm a real person who has a rep. to maintain. I've got a business, federal and state tax ID's, a published phone number, multiple domain names I've owned for years. I can't run and hide. You can probably review the bind mailing list and dig out less than 100 names of people who have been on it, regularly posting, for the last decade. If none of those people step up to create a fork - then the windows port is effectively going to be dead I'm afraid. Nobody is going to trust "some dude" with zero history who sets up on github and forks bind and posts a windows binary for downloading just because he says it's gold. Would you? Trust a production system to that? OSS got it's start by making the CODE available, NOT BINARIES. Users like you were expected to be completely happy with the fact that the code was even there at all and it compiled. You do your own building. Not knowing how to run a compiler is no excuse. The Internet has tons of tutorials on it. You want a bind for windows - build it yourself. That's the can-do attitude that OSS started with. I remember the first time I ever downloaded an real OSS code and built it myself. It was rzsz - zmodem code for windows. Back in the BBS days, really. That's the only way you got that binary. It was a total gas and I was hooked. Don't deny yourself the same pleasure. Ted On 2/11/2022 8:24 AM, Jakob Bohm via bind-users wrote: As ISC has apparently announced that it will no longer maintain the code for running bind on Windows operating systems, and that this is now up to the community, is there a community group that has stepped up to the task? Enjoy Jakob -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Windows 9.16.25 fails to start (1067 Terminated unexpectedly)
I can short-cut that a little! :) A 1067 error is always the Windows named service failing to start. The reasons behind it are much harder to figure out. I've seen these over the years but I don't know off the top of my head why. Danny On 2/17/22 9:26 AM, Ondřej Surý wrote: Log isn’t going to help here if named is crashing. Getting a backtrace or anything that closely resembles one would help. Running debug build under MSVS would help. Or doing git bisect and pinpoint the breakage to a commit or at least Merge commit would help. This is part of the problem - debugging on Windows is extremely painful and requires expertise with extremely high learning curve. -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. On 17. 2. 2022, at 15:08, Jakob Bohm via bind-users wrote: On 2022-02-12 01:06, Richard T.A. Neal wrote: I run BIND on Windows as well but I've been unable to upgrade to 9.16.25 - I get an error stating "Error Validating Account. Unable to install service using this account.". So I'm presently running 9.16.21. What are the last few things in the Application Event Log (Source: named) before it terminates? Richard. -Original Message- From: bind-users On Behalf Of Jakob Bohm via bind-users Sent: 11 February 2022 12:19 pm To: bind-users Subject: Windows 9.16.25 fails to start (1067 Terminated unexpectedly) Dear list, When recently trying to upgrade some secondary-only authoritative servers running on Windows machines, I found that Bind 9.16.25 (x86_64) binaries from isc.org failed to completely startup, causing Windows to report that "1067 The process terminated unexpectedly.", with 0 process exit code. Attempting to up the debug level all the way to "-d 100" failed to log a reason, but downgrading to the 9.16.21 binaries resumed operation. Is there a known issue and workaround for this, or is there any additional information to extract? The latest in the log (I directed it to a file, as the Event Viewer wrapping in the port was badly done) were the mentioned fetch of ./NS etc. interspersed with zone loading messages for default zones (I temporarily commented out the real zones to shorten the config, but it still failed). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S.https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Is there a community product maintaining Windows support?
This is truly tragic, and quite counterproductive action by ISC. On 2022-02-17 15:27, Danny Mayer wrote: As the original developer of the Windows version of bind9, I can tell you that ISC has removed support for the WIndows version from their newer versions of the code and there are other changes that would need a lot of work to catch back up. Since BIND9 is under continuous development you'd be in a constant race to keep up. It's not worth the effort. I have recommended that you use the docker image version of BIND9 and run that on your Windows box. Danny On 2/17/22 7:42 AM, Jakob Bohm via bind-users wrote: Fortunately (or unfortunately), the existing port of the 9.16.x bind code to Windows is built with Microsoft tools (MSVC2019) and contains its own handling of differences between Windows and Unix. If a maintainer stepped up to maintain the source for a port, I could compile it locally for our own systems, as I happen to also be a software developer using bind to support that activity. I know that there is a project that builds a 3rd party installer for the Windows port (I currently use the simple upstream install utility that is included in the ISC binary download), and I was hoping that maybe someone from that installer project could extend it to also maintain the port itself. On 2022-02-11 18:02, Ted Mittelstaedt wrote: I just became a maintainer on the apcupsd project. I don't know if bind for windows is built like apcupsd is, by using mingw32 but unfortunately there's problems with the mingw32 project these days, it's gone through a lot of transitions. Getting a working build environment for apcupsd at least, requires using pretty old versions of mingw. No doubt I'm going to be jumped on for saying so but I know for apcupsd I've got a -lot- of work to do to get it up to speed. There are some people out there who have built their own mingw32/mingw64 binaries that are separate from the ones "officially" distributed which might be an avenue. My guess the ISC developer who was spearheading this port moved on to other things and ISC can't find someone who wants to get involved in this and I can understand why. There is an interesting article on this problem here: https://increment.com/open-source/the-rise-of-few-maintainer-projects/ I would ask you this Jakob - would you trust a windows binary of bind that you compiled? I've got years of history participating on the apcupsd project. When I start submitting changes to it, the users of it have that trust automatically from that history. They won't worry if they download a binary from sourceforge that I built that it's going to gun their system. I'm a public figure in OSS besides that - people may like me or think I'm an asshole - but they know I'm a real person who has a rep. to maintain. I've got a business, federal and state tax ID's, a published phone number, multiple domain names I've owned for years. I can't run and hide. You can probably review the bind mailing list and dig out less than 100 names of people who have been on it, regularly posting, for the last decade. If none of those people step up to create a fork - then the windows port is effectively going to be dead I'm afraid. Nobody is going to trust "some dude" with zero history who sets up on github and forks bind and posts a windows binary for downloading just because he says it's gold. Would you? Trust a production system to that? OSS got it's start by making the CODE available, NOT BINARIES. Users like you were expected to be completely happy with the fact that the code was even there at all and it compiled. You do your own building. Not knowing how to run a compiler is no excuse. The Internet has tons of tutorials on it. You want a bind for windows - build it yourself. That's the can-do attitude that OSS started with. I remember the first time I ever downloaded an real OSS code and built it myself. It was rzsz - zmodem code for windows. Back in the BBS days, really. That's the only way you got that binary. It was a total gas and I was hooked. Don't deny yourself the same pleasure. Ted On 2/11/2022 8:24 AM, Jakob Bohm via bind-users wrote: As ISC has apparently announced that it will no longer maintain the code for running bind on Windows operating systems, and that this is now up to the community, is there a community group that has stepped up to the task? Enjoy Jakob Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users
Re: Is there a community product maintaining Windows support?
This is truly tragic, and quite counterproductive action by ISC. Messing about with docker virtualization inside an already virtual machine seems like a recipe for disaster. And given the way you suggest it, I suspect you mean running a Linux binary under the WSL layer which is not available in any Nadela-free version of Windows. So I guess I will have to port the other software on the machine to Linux a little earlier than previously planned. On 2022-02-17 15:27, Danny Mayer wrote: As the original developer of the Windows version of bind9, I can tell you that ISC has removed support for the WIndows version from their newer versions of the code and there are other changes that would need a lot of work to catch back up. Since BIND9 is under continuous development you'd be in a constant race to keep up. It's not worth the effort. I have recommended that you use the docker image version of BIND9 and run that on your Windows box. Danny On 2/17/22 7:42 AM, Jakob Bohm via bind-users wrote: Fortunately (or unfortunately), the existing port of the 9.16.x bind code to Windows is built with Microsoft tools (MSVC2019) and contains its own handling of differences between Windows and Unix. If a maintainer stepped up to maintain the source for a port, I could compile it locally for our own systems, as I happen to also be a software developer using bind to support that activity. I know that there is a project that builds a 3rd party installer for the Windows port (I currently use the simple upstream install utility that is included in the ISC binary download), and I was hoping that maybe someone from that installer project could extend it to also maintain the port itself. On 2022-02-11 18:02, Ted Mittelstaedt wrote: I just became a maintainer on the apcupsd project. I don't know if bind for windows is built like apcupsd is, by using mingw32 but unfortunately there's problems with the mingw32 project these days, it's gone through a lot of transitions. Getting a working build environment for apcupsd at least, requires using pretty old versions of mingw. No doubt I'm going to be jumped on for saying so but I know for apcupsd I've got a -lot- of work to do to get it up to speed. There are some people out there who have built their own mingw32/mingw64 binaries that are separate from the ones "officially" distributed which might be an avenue. My guess the ISC developer who was spearheading this port moved on to other things and ISC can't find someone who wants to get involved in this and I can understand why. There is an interesting article on this problem here: https://increment.com/open-source/the-rise-of-few-maintainer-projects/ I would ask you this Jakob - would you trust a windows binary of bind that you compiled? I've got years of history participating on the apcupsd project. When I start submitting changes to it, the users of it have that trust automatically from that history. They won't worry if they download a binary from sourceforge that I built that it's going to gun their system. I'm a public figure in OSS besides that - people may like me or think I'm an asshole - but they know I'm a real person who has a rep. to maintain. I've got a business, federal and state tax ID's, a published phone number, multiple domain names I've owned for years. I can't run and hide. You can probably review the bind mailing list and dig out less than 100 names of people who have been on it, regularly posting, for the last decade. If none of those people step up to create a fork - then the windows port is effectively going to be dead I'm afraid. Nobody is going to trust "some dude" with zero history who sets up on github and forks bind and posts a windows binary for downloading just because he says it's gold. Would you? Trust a production system to that? OSS got it's start by making the CODE available, NOT BINARIES. Users like you were expected to be completely happy with the fact that the code was even there at all and it compiled. You do your own building. Not knowing how to run a compiler is no excuse. The Internet has tons of tutorials on it. You want a bind for windows - build it yourself. That's the can-do attitude that OSS started with. I remember the first time I ever downloaded an real OSS code and built it myself. It was rzsz - zmodem code for windows. Back in the BBS days, really. That's the only way you got that binary. It was a total gas and I was hooked. Don't deny yourself the same pleasure. Ted On 2/11/2022 8:24 AM, Jakob Bohm via bind-users wrote: As ISC has apparently announced that it will no longer maintain the code for running bind on Windows operating systems, and that this is now up to the community, is there a community group that has stepped up to the task? Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion messag
Re: Is there a community product maintaining Windows support?
Jakob, > On 17. 2. 2022, at 17:31, Jakob Bohm via bind-users > wrote: > > This is truly tragic, and quite counterproductive action by ISC. quite the contrary, this is very productive action by ISC as it allows the development team to focus on the things that really matter. The time spent on Windows build doesn’t come free, and after several calls nobody stepped up neither with offer to do the work or pay for the work. Open source and free software doesn’t mean that the open source maintainers have to work for free, only that you can use the results for without paying royalties. This is a huge difference. ISC would not drop the Windows support if it would mean we could make BIND 9 better. But it’s the exact opposite - we can make BIND 9 better for most people because we have dropped the Windows support and don’t have to worry about the compatibility layers and weird quirks of the Windows SDK. Also we are not actively rejecting the idea of having Windows port - and I think I pretty much explained the conditions the ISC would accept the Windows port in the previous emails. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Is there a community product maintaining Windows support?
Am 17.02.22 um 17:36 schrieb Jakob Bohm via bind-users: This is truly tragic, and quite counterproductive action by ISC. no, it's just stop wasting time for things not really used in the real production world Messing about with docker virtualization inside an already virtual machine seems like a recipe for disaster nobody said that when you already have a virtualization infracstructure the far better question is why you did install named on a windows guest to begin with BTW: docker is *not* virtualization and i would *always* install any containers inside virtual machines because on production hardware the only thing which belongs to bare-metal is the hypversior (yes, there are *very few* expections, contgainers are non of them) why? because there is redundancy, hot migration, backup-infrastructure and so on - the only usecase for containers is lightweight isolation for the few cases a systemd-unit with proper namespaces and cgroups isn't enough -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Windows 9.16.25 fails to start (1067 Terminated unexpectedly)
I know this, and I am quite familiar with low level debugging techniques on Windows, though my favorite tool for the job was ruined by unfortunate business decisions to bundle it with irrelevant software that would be needed only in a completely different license count, if at all. I could probably set up a debugging scenario with a private compilation (to get debug symbols) and an artificial installation of more recent toolchain to work with the official ISC build instructions, though I strongly suspect a clean process exit with a return code of 0 (Depending, how good Windows is at capturing the return code of the exited product). But I was hoping there was a way to find out directly, such as an option to make the entire startup sequence non-parallel and verbose, thus revealing the exact point of failure. On 2022-02-17 17:15, Danny Mayer wrote: I can short-cut that a little! :) A 1067 error is always the Windows named service failing to start. The reasons behind it are much harder to figure out. I've seen these over the years but I don't know off the top of my head why. Danny On 2/17/22 9:26 AM, Ondřej Surý wrote: Log isn’t going to help here if named is crashing. Getting a backtrace or anything that closely resembles one would help. Running debug build under MSVS would help. Or doing git bisect and pinpoint the breakage to a commit or at least Merge commit would help. This is part of the problem - debugging on Windows is extremely painful and requires expertise with extremely high learning curve. -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. On 17. 2. 2022, at 15:08, Jakob Bohm via bind-users wrote: On 2022-02-12 01:06, Richard T.A. Neal wrote: I run BIND on Windows as well but I've been unable to upgrade to 9.16.25 - I get an error stating "Error Validating Account. Unable to install service using this account.". So I'm presently running 9.16.21. What are the last few things in the Application Event Log (Source: named) before it terminates? Richard. -Original Message- From: bind-users On Behalf Of Jakob Bohm via bind-users Sent: 11 February 2022 12:19 pm To: bind-users Subject: Windows 9.16.25 fails to start (1067 Terminated unexpectedly) Dear list, When recently trying to upgrade some secondary-only authoritative servers running on Windows machines, I found that Bind 9.16.25 (x86_64) binaries from isc.org failed to completely startup, causing Windows to report that "1067 The process terminated unexpectedly.", with 0 process exit code. Attempting to up the debug level all the way to "-d 100" failed to log a reason, but downgrading to the 9.16.21 binaries resumed operation. Is there a known issue and workaround for this, or is there any additional information to extract? The latest in the log (I directed it to a file, as the Event Viewer wrapping in the port was badly done) were the mentioned fetch of ./NS etc. interspersed with zone loading messages for default zones (I temporarily commented out the real zones to shorten the config, but it still failed). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S.https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Windows 9.16.25 fails to start (1067 Terminated unexpectedly)
You have to run the debug-enabled code as a service otherwise you will get nowhere. It's complicated and it's time consuming to set up right. Danny On 2/17/22 12:30 PM, Jakob Bohm via bind-users wrote: I know this, and I am quite familiar with low level debugging techniques on Windows, though my favorite tool for the job was ruined by unfortunate business decisions to bundle it with irrelevant software that would be needed only in a completely different license count, if at all. I could probably set up a debugging scenario with a private compilation (to get debug symbols) and an artificial installation of more recent toolchain to work with the official ISC build instructions, though I strongly suspect a clean process exit with a return code of 0 (Depending, how good Windows is at capturing the return code of the exited product). But I was hoping there was a way to find out directly, such as an option to make the entire startup sequence non-parallel and verbose, thus revealing the exact point of failure. On 2022-02-17 17:15, Danny Mayer wrote: I can short-cut that a little! :) A 1067 error is always the Windows named service failing to start. The reasons behind it are much harder to figure out. I've seen these over the years but I don't know off the top of my head why. Danny On 2/17/22 9:26 AM, Ondřej Surý wrote: Log isn’t going to help here if named is crashing. Getting a backtrace or anything that closely resembles one would help. Running debug build under MSVS would help. Or doing git bisect and pinpoint the breakage to a commit or at least Merge commit would help. This is part of the problem - debugging on Windows is extremely painful and requires expertise with extremely high learning curve. -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. On 17. 2. 2022, at 15:08, Jakob Bohm via bind-users wrote: On 2022-02-12 01:06, Richard T.A. Neal wrote: I run BIND on Windows as well but I've been unable to upgrade to 9.16.25 - I get an error stating "Error Validating Account. Unable to install service using this account.". So I'm presently running 9.16.21. What are the last few things in the Application Event Log (Source: named) before it terminates? Richard. -Original Message- From: bind-users On Behalf Of Jakob Bohm via bind-users Sent: 11 February 2022 12:19 pm To: bind-users Subject: Windows 9.16.25 fails to start (1067 Terminated unexpectedly) Dear list, When recently trying to upgrade some secondary-only authoritative servers running on Windows machines, I found that Bind 9.16.25 (x86_64) binaries from isc.org failed to completely startup, causing Windows to report that "1067 The process terminated unexpectedly.", with 0 process exit code. Attempting to up the debug level all the way to "-d 100" failed to log a reason, but downgrading to the 9.16.21 binaries resumed operation. Is there a known issue and workaround for this, or is there any additional information to extract? The latest in the log (I directed it to a file, as the Event Viewer wrapping in the port was badly done) were the mentioned fetch of ./NS etc. interspersed with zone loading messages for default zones (I temporarily commented out the real zones to shorten the config, but it still failed). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S.https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Enjoy Jakob -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Issue Using Wildcards for Subdimain Redirecing
On Thu, Feb 17, 2022 at 3:34 AM muhanad wrote: > I have a main domain ( aa.example.com) with hunderds of subdomains ( > bb.aa.example.com). I made a wildcard record to forward all subdomains (bb.) > to a list of addresses in round-robin fashion. The problem I am fscing is > the wildcard is forwarding anything towards the the IP ( example , "cc.bb." > which is not a vaild subdomain). How can I limit that so it will only > forwards ( bb.aa.example.com) and drops any invalid subdomains ( > cc.bb.aa.example.com ). > > Note: aa, bb, and cc being any arbitary value. With a standard BIND zone, you can't. Wildcards match multiple labels. That goes to the earliest days of the DNS, https://www.rfc-editor.org/rfc/rfc1034#section-4.3.3. You'd need a specialized handler to do this. -- tale -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Windows 9.16.25 fails to start (1067 Terminated unexpectedly)
On Thu, 17 Feb 2022 15:26:35 +0100 Ondřej Surý wrote: ... > This is part of the problem - debugging on Windows is extremely painful and > requires expertise with extremely high learning curve. > > -- > Ondřej Surý — ISC (He/Him) I wonder if difficult debugging is deliberate -- it would certainly make harder the reverse engineering of software from Microsoft and others who build on top of Windows. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Windows 9.16.25 fails to start (1067 Terminated unexpectedly)
Am 17.02.22 um 18:47 schrieb Paul Kosinski via bind-users: On Thu, 17 Feb 2022 15:26:35 +0100 Ondřej Surý wrote: ... This is part of the problem - debugging on Windows is extremely painful and requires expertise with extremely high learning curve. I wonder if difficult debugging is deliberate -- it would certainly make harder the reverse engineering of software from Microsoft and others who build on top of Windows for sure not that way you only stop script kiddies but not people with knowledge needed anyways to do reverse engineering -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Issue Using Wildcards for Subdimain Redirecing
Hi I understood that, now, I have another issue. The main domain the is used in the zone ( zone "example.com" ) don't resolve to anything and I want it to be resolved from 8.8.8.8, while the sub-domains still resolve from my DNS as specified in the zone record file. Muhanad Abdullah -Original Message- From: tale Sent: Thursday, February 17, 2022 8:47 PM To: muhanad Cc: bind-users Subject: Re: Issue Using Wildcards for Subdimain Redirecing On Thu, Feb 17, 2022 at 3:34 AM muhanad wrote: > I have a main domain ( aa.example.com) with hunderds of subdomains ( > bb.aa.example.com). I made a wildcard record to forward all subdomains (bb.) > to a list of addresses in round-robin fashion. The problem I am fscing is > the wildcard is forwarding anything towards the the IP ( example , "cc.bb." > which is not a vaild subdomain). How can I limit that so it will only > forwards ( bb.aa.example.com) and drops any invalid subdomains ( > cc.bb.aa.example.com ). > > Note: aa, bb, and cc being any arbitary value. With a standard BIND zone, you can't. Wildcards match multiple labels. That goes to the earliest days of the DNS, https://www.rfc-editor.org/rfc/rfc1034#section-4.3.3. You'd need a specialized handler to do this. -- tale -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Issue Using Wildcards for Subdimain Redirecing
Am 17.02.22 um 18:51 schrieb muha...@plciq.com: I understood that, now, I have another issue. The main domain the is used in the zone ( zone "example.com" ) don't resolve to anything and I want it to be resolved from 8.8.8.8, while the sub-domains still resolve from my DNS as specified in the zone record file. than you need the subdomains in own zone-files and don't delegate them in the public view BTW: stop talking about "be resolved from 8.8.8.8" when the terminology is private and public views -Original Message- From: tale Sent: Thursday, February 17, 2022 8:47 PM To: muhanad Cc: bind-users Subject: Re: Issue Using Wildcards for Subdimain Redirecing On Thu, Feb 17, 2022 at 3:34 AM muhanad wrote: I have a main domain ( aa.example.com) with hunderds of subdomains ( bb.aa.example.com). I made a wildcard record to forward all subdomains (bb.) to a list of addresses in round-robin fashion. The problem I am fscing is the wildcard is forwarding anything towards the the IP ( example , "cc.bb." which is not a vaild subdomain). How can I limit that so it will only forwards ( bb.aa.example.com) and drops any invalid subdomains ( cc.bb.aa.example.com ). Note: aa, bb, and cc being any arbitary value. With a standard BIND zone, you can't. Wildcards match multiple labels. That goes to the earliest days of the DNS, https://www.rfc-editor.org/rfc/rfc1034#section-4.3.3. You'd need a specialized handler to do this. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Is there a community product maintaining Windows support?
On 2022-02-17 18:01, Reindl Harald wrote: Am 17.02.22 um 17:36 schrieb Jakob Bohm via bind-users: This is truly tragic, and quite counterproductive action by ISC. no, it's just stop wasting time for things not really used in the real production world Messing about with docker virtualization inside an already virtual machine seems like a recipe for disaster nobody said that when you already have a virtualization infracstructure the far better question is why you did install named on a windows guest to begin with Because it is leased VMs at commercial cloud providers, which implies an economic benefit to reuse a single VM for multiple daemons. BTW: docker is *not* virtualization and i would *always* install any containers inside virtual machines because on production hardware the only thing which belongs to bare-metal is the hypversior (yes, there are *very few* expections, contgainers are non of them) To me, containers are a simplified virtualization technology that shares the kernel and kernel state, virtualizing only the user space. That it is marketed with contrary words means nothing. why? because there is redundancy, hot migration, backup-infrastructure and so on - the only usecase for containers is lightweight isolation for the few cases a systemd-unit with proper namespaces and cgroups isn't enough So back to Linux-exclusive concepts, indicating this is all about using the Linux build with a Linux-on-windows layer, Hence my preference to reverse the order and go for a pure (and cheaper) Linux VM. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Issue Using Wildcards for Subdimain Redirecing
You can’t do that with standard DNS software. It would be possible to write custom software that would do exactly this. It’s possible that dnsdist proxy might be able to do this kind of matching. Also using “example.com” and being vague doesn’t help people that might want to help you. Perhaps if you start using real domain and describing what you need to achieve instead of how you want to do that would be a good start. Step back and describe why are you doing things like this. Ondrej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 17. 2. 2022, at 18:52, muha...@plciq.com wrote: > > Hi > > I understood that, now, I have another issue. The main domain the is used in > the zone ( zone "example.com" ) don't resolve to anything and I want it to be > resolved from 8.8.8.8, while the sub-domains still resolve from my DNS as > specified in the zone record file. > > Muhanad Abdullah > > > -Original Message- > From: tale > Sent: Thursday, February 17, 2022 8:47 PM > To: muhanad > Cc: bind-users > Subject: Re: Issue Using Wildcards for Subdimain Redirecing > >> On Thu, Feb 17, 2022 at 3:34 AM muhanad wrote: >> I have a main domain ( aa.example.com) with hunderds of subdomains ( >> bb.aa.example.com). I made a wildcard record to forward all subdomains (bb.) >> to a list of addresses in round-robin fashion. The problem I am fscing is >> the wildcard is forwarding anything towards the the IP ( example , "cc.bb." >> which is not a vaild subdomain). How can I limit that so it will only >> forwards ( bb.aa.example.com) and drops any invalid subdomains ( >> cc.bb.aa.example.com ). >> >> Note: aa, bb, and cc being any arbitary value. > > With a standard BIND zone, you can't. Wildcards match multiple labels. That > goes to the earliest days of the DNS, > https://www.rfc-editor.org/rfc/rfc1034#section-4.3.3. > > You'd need a specialized handler to do this. > -- > tale > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
freebsd ipfw question
for some reason lost in time, i have the following in `/etc/ipfw.rules` on a freebsd system running bind9 add allow tcp from any to me 53 limit src-addr 1 setup add deny tcp from any to me 53 the results are 01000 48358531 6390772849 allow tcp from any to me 53 setup limit src-addr 1 :default 01100165225 9379997 deny tcp from any to me 53 is this about normal? randy -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: freebsd ipfw question
Only you can know what is “normal" for your configuration. Having more that 1 TCP connection from a source at a time is not abnormal. There is no requirement to use existing TCP connections for other queries. > On 18 Feb 2022, at 08:45, Randy Bush wrote: > > for some reason lost in time, i have the following in `/etc/ipfw.rules` > on a freebsd system running bind9 > >add allow tcp from any to me 53 limit src-addr 1 setup >add deny tcp from any to me 53 > > the results are > >01000 48358531 6390772849 allow tcp from any to me 53 setup limit > src-addr 1 :default >01100165225 9379997 deny tcp from any to me 53 > > is this about normal? > > randy > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
