Re: dnssec-policy default - where/how to determine what all its settings are?
Hello, and thank you for reaching out. I agree this was poorly documented. In recent versions you can use command `named -C` which prints out default configuration, including the default DNSSEC policy. I'm going to update documentation to reflect that: https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9092/diffs Petr Špaček Internet Systems Consortium On 06. 06. 24 21:01, Michael Paoli via bind-users wrote: Ah, thanks! Yeah, that's what I was looking to find: https://github.com/isc-projects/bind9/blob/main/doc/misc/dnssec-policy.default.conf https://gitlab.isc.org/isc-projects/bind9/-/blob/main/doc/misc/dnssec-policy.default.conf Alas, not in the ISC distribution tarballs, and the documentation refers to doc/misc/dnssec-policy.default.conf without indicating where to find that. On Thu, Jun 6, 2024 at 8:31 AM Andrew Latham wrote: I took a quick look * https://github.com/isc-projects/bind9/blob/main/doc/misc/dnssec-policy.default.conf * https://gitlab.isc.org/isc-projects/bind9/-/blob/main/doc/misc/dnssec-policy.default.conf On Thu, Jun 6, 2024 at 8:19 AM Michael Paoli via bind-users wrote: dnssec-policy default - where/how to determine what all its settings are? Documentation doc/bind9-doc/arm/reference.html#dnssec-policy-default https://bind9.readthedocs.io/en/v9.18.27/reference.html#dnssec-policy-default says: A verbose copy of this policy may be found in the source tree, in the file doc/misc/dnssec-policy.default.conf But I'm not finding that in source nor elsewhere. There doesn't even seem to be an rndc command that can list defined dnssec-policy sets that are in place, nor that can list how they're configured. This information should be much more visible/findable, so ... where is it? I'm sure it must be present somewhere in the source, but haven't easily located it by searching. Shouldn't be necessary to run debugging to track down where this is and where in the source it comes from. So ... where does one find it? I've been looking at Debian BIND9 packages: bind9 1:9.18.24-1 bind9-doc 1:9.18.24-1 and also ISC BIND 9.18.24 source and 9.18.27 source and documentation. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: MDLZ user activation
Hi there, On Fri, 7 Jun 2024, Nick Tait wrote: ... Happy to share all the mail headers ... On the face of your description, this sounds like a spammer who has slightly more skill than usual. Another explanation is that you might have been targeted specifically, which could be more worrying. Do you work in a position which could be expected to attract the attention of criminals? Do you think you might have upset someone? I'd like to see the headers, or better the entire mail. Please feel free to send privately. Don't be surprised if the message is rejected. I'll see it anyway. :) -- 73, Ged. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: MDLZ user activation
Am 07.06.2024 um 10:58:27 Uhr schrieb G.W. Haywood: > On the face of your description, this sounds like a spammer who has > slightly more skill than usual. The spammer simply used the name in From: after the Nick posted tothe list) (Nick Tait via bind-users) and the mail address (bind-users@lists.isc.org) as the recipient. I assume this was accidentally sent to the list and not Nick himself, but this is just a guess. > I'd like to see the headers, or better the entire mail. Please feel > free to send privately. They are publicly posted on the list. Message-ID: <6661e181d6fce_20e3f8fc856fcec65140...@sidekiq-frequent-fd-poduseast1-free-blue-fc47b6fff-n44lb.mail> If you need it, I can forward it to you. -- Gruß Marco Send unsolicited bulk mail to 1717750707mu...@cartoonies.org -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: MDLZ user activation
I got one of those mails too, your explanation is correct. Nothing sofisticated here. -- Best regards Sten Carlsen No improvements come from shouting: "MALE BOVINE MANURE!!!" > On 7 Jun 2024, at 12.11, Marco Moock wrote: > > Am 07.06.2024 um 10:58:27 Uhr schrieb G.W. Haywood: > >> On the face of your description, this sounds like a spammer who has >> slightly more skill than usual. > > The spammer simply used the name in From: after the Nick posted tothe > list) (Nick Tait via bind-users) and the mail address > (bind-users@lists.isc.org) as the recipient. > > I assume this was accidentally sent to the list and not Nick himself, > but this is just a guess. > >> I'd like to see the headers, or better the entire mail. Please feel >> free to send privately. > > They are publicly posted on the list. > > Message-ID: > <6661e181d6fce_20e3f8fc856fcec65140...@sidekiq-frequent-fd-poduseast1-free-blue-fc47b6fff-n44lb.mail> > > If you need it, I can forward it to you. > > -- > Gruß > Marco > > Send unsolicited bulk mail to 1717750707mu...@cartoonies.org > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Problem with a certain domain
Am 2024-06-06 18:35, schrieb Matus UHLAR - fantomas: if the problem happens again, you can call 'rndc dumpdb' to dump named's cache and see all records your named remembers about mallorcazeitung.es and epi.es perhaps they can help to explain why named can't resolve anything. Yes, it always happens when the mail is checked against the DNS block list. In the journal I can read: Jun 07 14:30:26 mx1 named[118262]: success resolving 'mallorcazeitung.es.multi.uribl.com/A' after disabling qname minimization due to 'ncache nxdomain' Jun 07 14:30:26 mx1 named[118262]: success resolving '212.132.135.159.dnsbl.sorbs.net/A' after disabling qname minimization due to 'ncache nxdomain' Jun 07 14:30:28 mx1 named[118262]: success resolving 'www-cdn-lb-tf.gslb.prensaiberica.net/A' after disabling qname minimization due to 'ncache nxdomain' Jun 07 14:30:28 mx1 named[118262]: success resolving 'caching.c354.edge2befaster.net/A' after disabling qname minimization due to 'ncache nxdomain' Jun 07 14:30:28 mx1 named[118262]: success resolving 'aec01.euc.edgetcdn.net/A' after disabling qname minimization due to 'ncache nxdomain' Jun 07 14:30:28 mx1 named[118262]: success resolving 'aec01.eug.edgetcdn.net/A' after disabling qname minimization due to 'ncache nxdomain' Jun 07 14:30:28 mx1 named[118262]: success resolving '161.237.127.79.zen.spamhaus.org/A' after disabling qname minimization due to 'ncache nxdomain' Jun 07 14:30:28 mx1 named[118262]: success resolving '129.211.127.79.zen.spamhaus.org/A' after disabling qname minimization due to 'ncache nxdomain' Jun 07 14:30:28 mx1 named[118262]: success resolving '209.44.199.138.zen.spamhaus.org/A' after disabling qname minimization due to 'ncache nxdomain' Jun 07 14:30:40 mx1 named[118262]: shut down hung fetch while resolving 's1._domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es/TXT' Jun 07 14:30:43 mx1 named[118262]: shut down hung fetch while resolving '_adsp._domainkey.newsletter.mallorcazeitung.es/TXT' [...] Jun 07 14:32:05 mx1 postfix/smtpd[193761]: warning: timeout talking to proxy localhost:10024 Jun 07 14:32:05 mx1 postfix/smtpd[193761]: proxy-reject: END-OF-MESSAGE: 451 4.3.0 Error: queue file write error; from= [...] Jun 07 14:32:05 mx1 postfix/cleanup[193820]: 77BB2202612: message-id= Jun 07 14:32:05 mx1 opendkim[691]: 77BB2202612: no signing table match for 'schlagzei...@newsletter.mallorcazeitung.es' Jun 07 14:32:10 mx1 opendkim[691]: 77BB2202612: key retrieval failed (s=s1, d=mg-esp-prod-eu-eu.mallorcazeitung.es): 's1._domainkey.mg-esp-prod-eu-eu.mallorcazeitung.es' query timed out A found an explanation for "shut down hung fetch" in your list archiv "This usually means there's a circular dependency somewhere in the resolution or validation process. For example, we can't resolve a name without looking up the address of a name server, but that lookup can't succeed until the original name is resolved. The two lookups will wait on each other for ten seconds, and then the whole query times out and issues that log message." I'm trying to work around the problem by whitelisting the address in Spamassassin so it doesn't check against the DNS blocklists. But unfortunately that doesn't work at the moment. nano /etc/spamassassin/local.cf whitelist_from_rcvd schlagzei...@newsletter.mallorcazeitung.es piano.io Spamassassin Doc "Use this (whitelist_from_rcvd) to supplement the whitelist_from addresses with a check against the Received headers. The first parameter is the address to whitelist, and the second is a string to match the relay's rDNS. " In the header of the mail I find Received: from mgptr-132-188.piano.io (mgptr-132-188.piano.io [159.135.132.188]) [...] From: Mallorca Zeitung -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: MDLZ user activation
Hi there, On Fri, 7 Jun 2024, Marco Moock wrote: Am 07.06.2024 um 10:58:27 Uhr schrieb G.W. Haywood: > On the face of your description, this sounds like a spammer who has > slightly more skill than usual. The spammer simply used the name in From: after the Nick posted tothe list) (Nick Tait via bind-users) and the mail address (bind-users@lists.isc.org) as the recipient. I assume this was accidentally sent to the list and not Nick himself, but this is just a guess. > I'd like to see the headers, or better the entire mail. Please feel > free to send privately. They are publicly posted on the list. Message-ID: ]...] If you need it, I can forward it to you. Thank you, but for forensic purposes I'd rather have the text from the horse's mouth, so to speak. -- 73, Ged. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: MDLZ user activation
Thanks everyone for your responses. Obviously I overlooked the most simple explanation, which turned out to be what actually occurred. In hindsight, I should have checked the mailing list archive before assuming that there was something more sinister going on. FYI Here is the original email on the mailing list archive: https://www.mail-archive.com/bind-users@lists.isc.org/msg34359.html Ged, I'll forward the email headers to you privately, but I trust you'll find that they support the explanation offered below. Thanks again everyone who took the time to respond. :-) Nick. On 07/06/2024 22:10, Marco Moock wrote: Am 07.06.2024 um 10:58:27 Uhr schrieb G.W. Haywood: On the face of your description, this sounds like a spammer who has slightly more skill than usual. The spammer simply used the name in From: after the Nick posted tothe list) (Nick Tait via bind-users) and the mail address (bind-users@lists.isc.org) as the recipient. I assume this was accidentally sent to the list and not Nick himself, but this is just a guess. I'd like to see the headers, or better the entire mail. Please feel free to send privately. They are publicly posted on the list. Message-ID: <6661e181d6fce_20e3f8fc856fcec65140...@sidekiq-frequent-fd-poduseast1-free-blue-fc47b6fff-n44lb.mail> If you need it, I can forward it to you. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
named -C, ...: Re: dnssec-policy default - where/how to determine what all its settings are?
Excellent, thanks, looks like that very well covers it (and also the "insecure" policy too). And https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9092/diffs looks good ... including Suzanne Goldlust's additional suggestions too. Thanks! On Fri, Jun 7, 2024 at 1:08 AM Petr Špaček wrote: > > Hello, > > and thank you for reaching out. I agree this was poorly documented. > > In recent versions you can use command `named -C` which prints out > default configuration, including the default DNSSEC policy. > > I'm going to update documentation to reflect that: > https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9092/diffs > > Petr Špaček > Internet Systems Consortium > > On 06. 06. 24 21:01, Michael Paoli via bind-users wrote: > > Ah, thanks! > > > > Yeah, that's what I was looking to find: > > https://github.com/isc-projects/bind9/blob/main/doc/misc/dnssec-policy.default.conf > > https://gitlab.isc.org/isc-projects/bind9/-/blob/main/doc/misc/dnssec-policy.default.conf > > Alas, not in the ISC distribution tarballs, > > and the documentation refers to > > doc/misc/dnssec-policy.default.conf > > without indicating where to find that. > > > > On Thu, Jun 6, 2024 at 8:31 AM Andrew Latham wrote: > >> > >> I took a quick look > >> > >> * > >> https://github.com/isc-projects/bind9/blob/main/doc/misc/dnssec-policy.default.conf > >> * > >> https://gitlab.isc.org/isc-projects/bind9/-/blob/main/doc/misc/dnssec-policy.default.conf > >> > >> On Thu, Jun 6, 2024 at 8:19 AM Michael Paoli via bind-users > >> wrote: > >>> > >>> dnssec-policy default - where/how to determine what all its settings are? > >>> Documentation > >>> doc/bind9-doc/arm/reference.html#dnssec-policy-default > >>> https://bind9.readthedocs.io/en/v9.18.27/reference.html#dnssec-policy-default > >>> says: > >>> A verbose copy of this policy may be found in the source tree, in the > >>> file doc/misc/dnssec-policy.default.conf > >>> But I'm not finding that in source nor elsewhere. > >>> There doesn't even seem to be an rndc command that can list > >>> defined dnssec-policy sets that are in place, nor that > >>> can list how they're configured. This information should be much more > >>> visible/findable, so ... where is it? I'm sure it must be present > >>> somewhere in the source, but haven't easily located it by searching. > >>> Shouldn't be necessary to run debugging to track down where this is > >>> and where in the source it comes from. So ... where does one find it? > >>> > >>> I've been looking at Debian BIND9 packages: > >>> bind9 1:9.18.24-1 > >>> bind9-doc 1:9.18.24-1 > >>> and also ISC BIND 9.18.24 source and 9.18.27 source and documentation. > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
