Re: Debug Level Logs in BIND 9.18.16 Despite Debug Level Set to 0

2025-02-09 Thread Ondřej Surý 
I can't reproduce the issue.

$ cat named.conf
logging {
channel named {
file "named.log" versions 10 size 100M;
severity dynamic;
print-category yes;
print-severity yes;
print-time yes;
};
category default {
named;
};
};

I've run named and it is logging into the file:

$ wc -l named.log
882 named.log

$ tail named.log
10-Feb-2025 08:31:38.554 lame-servers: info: REFUSED unexpected RCODE resolving 
'ns2.wirenet.com.ar//IN': 190.52.32.3#53
10-Feb-2025 08:31:38.554 lame-servers: info: REFUSED unexpected RCODE resolving 
'ns2.wirenet.com.ar/A/IN': 190.52.32.3#53
10-Feb-2025 08:31:38.558 lame-servers: info: REFUSED unexpected RCODE resolving 
'ns1.wirenet.com.ar//IN': 190.52.32.3#53
10-Feb-2025 08:31:38.886 lame-servers: info: success resolving 
'a-0.19-a30f7000.c070081.1518.19d4.3ea1.410.0.tzin1lvkubqbfgzgrbj44qlek5.avqs.mcafee.com/A'
 after disabling qname minimization due to 'ncache nxdomain'
10-Feb-2025 08:31:38.974 lame-servers: info: success resolving 
'a.c-0.19-a309a081.c870082.1518.19d4.3ea1.210.0.gprbcpw39smc9azb9c4cbskdkq.avqs.mcafee.com/A'
 after disabling qname minimization due to 'ncache nxdomain'
10-Feb-2025 08:31:39.014 resolver: info: shut down hung fetch while resolving 
'mail.trak.spb.ru/A'
10-Feb-2025 08:31:39.274 lame-servers: info: SERVFAIL unexpected RCODE 
resolving 'breath.net/A/IN': 202.31.186.53#53
10-Feb-2025 08:31:39.362 lame-servers: info: REFUSED unexpected RCODE resolving 
'www.vinculame.com/A/IN': 208.91.198.79#53
10-Feb-2025 08:31:39.522 lame-servers: info: REFUSED unexpected RCODE resolving 
'ad.yieldmanager.com/A/IN': 162.251.87.166#53
10-Feb-2025 08:31:39.626 lame-servers: info: REFUSED unexpected RCODE resolving 
'kriss.re.kr/MX/IN': 134.75.30.1#53

but there are no debug lines:

$ grep debug named.log

Whatever you are doing, it looks like your local configuration / operations 
problem.

Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org

My working hours and your working hours may be different. Please do not feel 
obligated to reply outside your normal working hours.

> On 10. 2. 2025, at 6:37, Nagesh Thati  wrote:
> 
> Hello All,
> Any help on this is much appreciated.
> Thanks
> Nagesh.
> 
> On Tue, Jan 28, 2025 at 11:27 AM Nagesh Thati  wrote:
> Hi,
> Thank you for your prompt response.
> I configured the logging severity as dynamic to allow me to change the 
> severity level at any time using the rndc command. I have also reviewed the 
> release notes for all versions released after BIND 9.18.16, but I did not 
> find any bug fixes related to debug logging in any of those releases.
> Thanks,
> Nagesh
> 
> On Tue, Jan 28, 2025 at 11:12 AM Ondřej Surý  wrote:
> I wonder…. What do you think that
> 
> severity dynamic;
> 
> does in your configuration file and why you have it configured? Have you read 
> the documentation on the logging in the ARM?
> 
> Also - don’t run old versions of BIND 9, you are almost 20 versions behind 
> the latest 9.18 release, that’s year an half of bug fixes and security issues 
> remedies.
> 
> Ondrej
> --
> Ondřej Surý — ISC (He/Him)
> 
> My working hours and your working hours may be different. Please do not feel 
> obligated to reply outside your normal working hours.
> 
> > On 28. 1. 2025, at 6:32, Nagesh Thati  wrote:
> > 
> > severity dynamic;
> 

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Debug Level Logs in BIND 9.18.16 Despite Debug Level Set to 0

2025-02-09 Thread Nagesh Thati 
Hello All,
Any help on this is much appreciated.
Thanks
Nagesh.

On Tue, Jan 28, 2025 at 11:27 AM Nagesh Thati  wrote:

> Hi,
>
> Thank you for your prompt response.
>
> I configured the logging severity as dynamic to allow me to change the
> severity level at any time using the rndc command. I have also reviewed
> the release notes for all versions released after BIND 9.18.16, but I did
> not find any bug fixes related to debug logging in any of those releases.
> Thanks,
> Nagesh
>
> On Tue, Jan 28, 2025 at 11:12 AM Ondřej Surý  wrote:
>
>> I wonder…. What do you think that
>>
>> severity dynamic;
>>
>> does in your configuration file and why you have it configured? Have you
>> read the documentation on the logging in the ARM?
>>
>> Also - don’t run old versions of BIND 9, you are almost 20 versions
>> behind the latest 9.18 release, that’s year an half of bug fixes and
>> security issues remedies.
>>
>> Ondrej
>> --
>> Ondřej Surý — ISC (He/Him)
>>
>> My working hours and your working hours may be different. Please do not
>> feel obligated to reply outside your normal working hours.
>>
>> > On 28. 1. 2025, at 6:32, Nagesh Thati  wrote:
>> >
>> > severity dynamic;
>>
>>
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Primary/Secondary

2025-02-09 Thread Carsten Strotmann via bind-users 
Hi,

On 9 Feb 2025, at 7:35, Michael De Roover wrote:

> I for
> one look forward to seeing what people from various parts of the world have 
> to say about
> it.

I've been teaching DNS for over 30 years now, and I have always been uneasy 
using the old terms. I've used to "dance around" them, mentioning them once and 
using different terms all along in the training. That was not good for the 
students, it was confusing.

I was glad when RFC 8499 (and 
https://datatracker.ietf.org/doc/html/draft-knodel-terminology ) came along. It 
solved a big problem for me personally, and I do not want go back using the old 
terms.

(for context: I'm from Germany)

Greetings

Carsten Strotmann
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

BIND DNS Server on Windows

2025-02-09 Thread Turritopsis Dohrnii Teo En Ming via bind-users 
Subject: BIND DNS Server on Windows

Good day from Singapore,

Can I install WinBIND on Windows 10 and Windows 11? The following guide 
mentioned installation of WinBIND on Windows Server only.

Link: https://www.winbind.org/installing-bind-on-windows/

Thank you.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individuals in Singapore
GIMP = Government-Induced Medical Problems
9 Feb 2025 Sunday





-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: BIND DNS Server on Windows

2025-02-09 Thread Richard T.A. Neal 
That's my site! 😊

Whilst functional please bear in mind that BIND is no longer developed or 
supported on Windows so I really don’t recommend doing so. You should install 
it on a Linux system as intended, or alternatively in WSL (Windows SubSystem 
for Linux).

One major drawback with WSL is that there doesn't seem to be a way to assign it 
a static IP - i.e. your WSL BIND server will change IP address every time (it's 
a private routed address that will need a Windows Firewall NAT rule to be 
reached from other machines on your network).

https://www.isc.org/download/

Best,
Richard.

-Original Message-
From: bind-users  On Behalf Of Turritopsis 
Dohrnii Teo En Ming via bind-users
Sent: 09 February 2025 10:52 am
To: bind-users@lists.isc.org
Subject: BIND DNS Server on Windows

Subject: BIND DNS Server on Windows

Good day from Singapore,

Can I install WinBIND on Windows 10 and Windows 11? The following guide 
mentioned installation of WinBIND on Windows Server only.

Link: https://www.winbind.org/installing-bind-on-windows/

Thank you.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individuals in Singapore
GIMP = Government-Induced Medical Problems
9 Feb 2025 Sunday





-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Primary/Secondary

2025-02-09 Thread Michael De Roover 
On Sunday, February 9, 2025 11:45:52 AM CET Carsten Strotmann via bind-users 
wrote:
 
> I've been teaching DNS for over 30 years now, and I have always been uneasy
> using the old terms. I've used to "dance around" them, mentioning them once
> and using different terms all along in the training. That was not good for
> the students, it was confusing.
> 
> I was glad when RFC 8499 (and
> https://datatracker.ietf.org/doc/html/draft-knodel-terminology ) came
> along. It solved a big problem for me personally, and I do not want go back
> using the old terms.
> 
> (for context: I'm from Germany)
> 
> Greetings
> 
> Carsten Strotmann

Hi Carsten, I appreciate your input! I like seeing teacher input like that, my 
own teacher (Gitte, wherever you are) will likely never participate here.

It's understandable that you're uneasy with these old terms, and I appreciate 
that you're able to express that here, including to me. I could've been one of 
your students too, who would've appreciated your direct takes on it. Whether 
that is something to be reflected onto tuition as a whole, you know better than 
I do. But if 8499 and its terminology gives you and your students a basis to 
build upon, that's wonderful!

Perhaps this would be as good of an email as any to express that I once walked 
the corridors with this teacher, where she bemoaned a colleague of hers that 
would unnecessarily ask her for advice and then claim it as his own. It left 
her very disappointed every time, to the point of complaining about it to 
yours truly.

If you want to make it in this industry, _do it yourself_. Don't rely on 
others to do it for you. Even as a mere student in that course, I saw so many 
peers leave after the first month because they thought it was little more than 
LAN parties. That is _not_ what this field is about! It's about network 
engineering first, entertainment four-hundred-and-fifteenth!

Anyway, (forwarded) rants aside.. that's what it's going to be for me today. 
Vielen dank!

-- 
Met vriendelijke groet,
Michael De Roover

Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org


-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Primary/Secondary

2025-02-09 Thread Mark Elkins via bind-users 
I attended my first DNS Training course presented by Bill Manning at 
ICANN Rio de Janeiro March 2003.
In December 2004, ICANN came to Cape Town - and Johan Ihrén (now 
Stenstam) and Bill Manning taught DNS together.


Anyway, we (UniForum S.A. - now ZARC) started presenting DNS Training in 
South Africa in 2006 to local ISPs. We were the folk that managed the 
CO.ZA registry and people were saying we didn't know how to do DNS - so 
what better than to have international folk that taught the subject!


Since about 2008, I have been partnering Johan in DNS Training - 
primarily in Johannesburg and Cape Town.

The two courses are now "Intro DNS" and "Advanced DNS (including DNSSEC)".
Initially, I guess, we used the old terms - but that quickly changed to 
Primary and Secondary. The old terms used to occasionally catch me out 
at times, especially in my own configurations... and all this happened 
in South Africa!

The "old terms" are now somewhat forgotten.

On 2025/02/09 12:45, Carsten Strotmann via bind-users wrote:

Hi,

On 9 Feb 2025, at 7:35, Michael De Roover wrote:


I for
one look forward to seeing what people from various parts of the world have to 
say about
it.

I've been teaching DNS for over 30 years now, and I have always been uneasy using the old 
terms. I've used to "dance around" them, mentioning them once and using 
different terms all along in the training. That was not good for the students, it was 
confusing.

I was glad when RFC 8499 (and 
https://datatracker.ietf.org/doc/html/draft-knodel-terminology ) came along. It 
solved a big problem for me personally, and I do not want go back using the old 
terms.

(for context: I'm from Germany)

Greetings

Carsten Strotmann

--

Mark James ELKINS  -  Posix Systems - (South) Africa
m...@posix.co.za   Tel: +27.826010496 
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za 




-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND DNS Server on Windows

2025-02-09 Thread Marco Moock 
Am 09.02.2025 um 10:51:35 Uhr schrieb Turritopsis Dohrnii Teo En Ming
via bind-users:

> Can I install WinBIND on Windows 10 and Windows 11? The following
> guide mentioned installation of WinBIND on Windows Server only.

Should work, give it a try.

-- 
Gruß
Marco
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Primary/Secondary

2025-02-09 Thread Michael De Roover 
On Sunday, February 9, 2025 12:54:53 PM CET Michael De Roover wrote:
> Perhaps this would be as good of an email as any to express that I once
> walked the corridors with this teacher-

Not sure to which extent this will be necessary, but by this I meant my own 
teacher Gitte. I should really learn to think before I write...

-- 
Met vriendelijke groet,
Michael De Roover

Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org


-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND DNS Server on Windows

2025-02-09 Thread Michael De Roover 
On Sunday, February 9, 2025 12:07:48 PM CET Richard T.A. Neal wrote:
> That's my site! 😊

That is incredible!
 
> One major drawback with WSL is that there doesn't seem to be a way to assign
> it a static IP - i.e. your WSL BIND server will change IP address every
> time (it's a private routed address that will need a Windows Firewall NAT
> rule to be reached from other machines on your network).
 
Please do note that WSL is merely a subset of Hyper-V networking, regardless 
of your Windows release. It is possible to assign bridge networking in 
Windows' virtualization suite, as well as NAT networking. Whichever one is 
chosen in the end, is an exercise left to the reader.

Either way, I have used massgrave.dev to make my Windows 10 installation 
Enterprise, and used it to create various Hyper-V machines. One of those is a 
gateway machine that connects to Hyper-V's "Default Switch", which then routes 
to another switch I was able to name "internal.switch.ideapad.lan". It goes 
without saying that this switch is internal, and therefore network-agnostic.

Lastly, there is another switch that is named external.switch.ideapad.lan. 
This is what my wired interface is bridged into. I no longer use this 
interface/switch, but it does still exist nonetheless. That allows for direct 
connections into the host network, on a switch level. However, it is only 
available for wired networking. Unfortunately, this appears to be a physical 
limit. Perhaps it's possible to mitigate this with hostapd voodoo, but I have 
yet to master that myself.

-- 
Met vriendelijke groet,
Michael De Roover

Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org


-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users