Hello,
I am a new user in bind9.
I have setup my DNS server with port 53, port 443 (DoH), and port 853 (DoT).
And now, in my logging file of `queries` category, one query example shows as
below:
26-Nov-2024 03:55:41.524 queries: info: client @0x7f21ba9b3000
111.11.11.109#61713 (ust.hk
I upgraded our DNS servers when the 9.18.28 release came out, and ran into a
problem today that I wanted to know if anyone else had seen or had any
suggestions about how to debug.
We have our DNS configured in a hidden primary configuration, where the primary
has internal and external views
l?u=https-3A__kb.isc.org_docs_cve-2D2024-2D4076&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=z2wPjQ7Pj0Dh9Bc02avjPawaCkKA3fdgEZ2ztpWVH3Y&e=>
A summary of significant changes in the ne
No, I haven’t run BIND on Solaris in years – this question is regarding the
EPEL repos that ISC provides that can be used by CentOS and RHEL. I just
mentioned Solaris because there were no binary releases back then, and to thank
ISC since it’s a lot easier to install BIND from the EPEL
We’ve been using the ISC BIND 9 COPR repositories at
https://copr.fedorainfracloud.org/coprs/isc/ for a few years now, but I had a
question – is there a planned date to update the “bind-esv” channel to provide
BIND 9.18 rather than BIND 9.16? Since 9.16 is now EOL we’ve switched to using
the
Exactly the same
El 28 de junio de 2023 6:50:26 p. m. GMT-03:00, Mark Andrews
escribió:
>The *exact* same error, word for word, or a different permission denied?
>
>> On 29 Jun 2023, at 06:35, Daniel Armando Rodriguez via bind-users
>> wrote:
>>
>> Ho
s://bind9.readthedocs.io/en/v9.18.16/dnssec-guide.html
>
>--
>Ondřej Surý — ISC (He/Him)
>
>My working hours and your working hours may be different. Please do not feel
>obligated to reply outside your normal working hours.
>
>> On 22. 6. 2023, at 20:43, Daniel A. Rodrig
I wonder if it's mandatory make a manual deployment prior to an automated setup.--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact
Just changed the dirt, sorry for the noise
El 22 de junio de 2023 1:25:57 p. m. GMT-03:00, "Ondřej Surý"
escribió:
>Which would not be a problem. But we can’t help the OP without the config
>(named-checkconf -px)
>
>--
>Ondřej Surý — ISC (He/Him)
>
>My working h
Okay, so if I'm interpreting this correctly. When the new alg 14 KSKs
were created and then the zone was signed (either automatically or via a
command) there was probably only a valid alg 8 ZSK available. As a
result bind used the alg 14 KSK as a defacto CSK and singed the zone
RRSets dir
I've still got a couple of
other domains where it is doing it wrong. Is there some kind of timeout
or maintenance that gets run automatically that might have fixed the
issue? I've tried running an "rndc sign" command on the domains several
times.
Timothy A. Holtzen
Campus Netwo
I've had an issue with my key rotation process on a couple of zones. I
believe I've resolved that issue but it appears to me in several cases
the KSKs rather than being used to sign the ZSK are being used to sign
the zone records directly.
https://dnsviz.net/d/testmenwu.com/dnssec/?rr=
Armando Rodriguez via bind-users < bind-users@lists.isc.org> wrote: Was
wondering If would be possible to setup a forwarding scheme just for some
subdomains, I emphasize the fact that master is publicly accesible and current
need is to locally resolv a bunch of subdomains of the same zone. I
I attach a picture to best describe where I'm standed at.
https://i.postimg.cc/x8PKnz53/ejemplo-com.png
Currently disabled the SH setup to let just an authoritative DNS for
local resolution. Following the example, any request made from PC1 to
sys4/sys5/sys6 have no issues. However, if such
Hi there,
Currently have a public DNS up & runnin' but, due to brand new
location, there's a need to add local resolution.
With that in mind, first idea was to deploy a split horizon setup.
Sadly just local resolution works so far. Double check config but
currently I'm stuck
Weird.
Thoughts are:
Bad software? What we call ratware.
UDP/TCP Firewall issues?
Regards,
KAM
On 5/7/2021 1:32 PM, Kevin Kretz wrote:
I see occasional series of queries like this, from within my network
and among disparate types of host (linux, windows):
If there's a host c
For me, I run one locally per data center with forwarders, etc. defined
but for a "How to spin up your own mail server", I would likely just
keep it to one per mail server.
For someone more advanced, DNS is lightweight and anti-spam is very
heavy. So anything you can save on
difference does an on host
instance of BIND make vs across the LAN to another host in the same
site make?
I absolutely agree that a /local/ /to/ /the/ /network/ caching DNS
server is a boon for email. -- Definitely avoid simply relying on
big 3rd party resolvers across the Internet.
Agreed on the
Very nice. This was also posted on Postfix's list but nice to hear
firsthand reports as I just read it.
Two minor notes to continue the project that you might consider:
#1 bind for a local caching DNS query server and change resolve.conf to
127.0.0.1 for the best RBL performance.
#
I have been banging my head against the wall regarding this very topic and then
found this thread from last week. I’m also looking for a solution to this
problem, and wondered if anyone may have some suggestions (including potential
alternatives).
My situation is due to a security requirement
On 11/7/2020 10:15 AM, Reindl Harald wrote:
>
> https://tools.ietf.org/html/rfc1537
> Common DNS Data File Configuration Errors
>
> 6. Missing secondary servers
>
> > It is required that there be a least 2 nameservers
> > for a domain.
>
> --
On 11/7/2020 9:04 AM, Reindl Harald wrote:
> first: there *is* a requirement of a secondary nameserver
> https://www.iana.org/help/nameserver-requirements
Does that requirement apply to the use-case? Based on the first
sentence, "These are the technicals tests we perform for delegation
> Do a web search for "secondary dns provider" and "backup dns provider"
>
I just wanted to comment that there is no "requirement" to run a
secondary DNS server. It's certainly best practice and should be
considered. However, the goal of having two DN
On 10/15/2020 2:50 PM, Jason Long via bind-users wrote:
> Yes.
> In the panel of domain name registrar I can enter something like
> "NS1.example.net" and an IP address.
> I want to host the host t DNS server myself.
Oh yes, you will also need a domain name register that
On 10/15/2020 1:00 PM, Stephane Bortzmeyer wrote:
> He said that the DNS server has a public IP address so port forwarding
> is probably not necessary.
Firewalls are cheap and the level of effort to run a bastion host are
significant.
I'd recommend port forwarding as a nec
one
> server and same goal?
> The Internet DNS server for my goal is "Authoritative DNS" ?
Recommend you setup a linux box with BIND or something installed behind
a firewall.
Port forward port 53 for protocols TCP AND UDP to your internal IP address.
Set up bind to respond to
On 10/15/2020 12:36 PM, Jason Long via bind-users wrote:
> I have a question about launching a DNS server with CentOS for hosting
> a web server. Excuse me, if my question is so basic and funny. I need
> expert advice about it.
> I registered a domain name for my web site and in the
Well, if it works for other zones, it's unlikely to be an OS problem unless
that zone was built in the system using an older version that did things
slightly differently and now it can't be removed because of that difference.
Have you tried comparing a working zone that can be delete
There are a LOT of possibilities why this isn't working. The first two things
I'd check is trying this action again as root (if you're not already) to make
sure this action isn't trying something that's DAC prohibited and checking the
SELinux / AppArmor log (if you&#
Mohammed,
I think you might be unaware that .link is a TLD itself.
Some thoughts: You can just create dummy unresolvable domains for these
domains if you have centralized DNS. If you don't you'll have to block
at a proxy. If you don't have that, perhaps you have a firewal
On 9/7/2020 4:03 PM, Greg Rivers wrote:
> On Monday, 7 September 2020 17:46:47 CDT L. A. Walsh wrote:
>> First I'll see some server name:
>>
>> 05-Sep-2020 15:30:23.374 queries: info: client @0x7fbcb804e720
>> 127.0.0.1#36542 (PeerSrv.org): view inte
I am having some queries that I wouldn't think I'd have:
I have a split-view ipv4-only named 9.11.2 server that is run with the
"-4" switch, yet I see attempted queries in my queries log. I have it
set as authoritative for the internal domain (though technically I think
i
On 4/15/2020 3:09 AM, Klaus Darilion wrote:
> I do not complain about the version number, but of the name.
>
> And in my opinion it is not sane to call a service/package httpd if the name
> of the software is Apache.
For me, adding the version number can make sense if there is an
Thank you for the feedback, Tony. I think a better understanding of what's
going on under the hood will prove useful in both designing my operational
management strategy as well as just talking me down off the ledge. :) Much
obliged. :)
Scott
From:
Thanks for the feedback, Bob. This is encouraging news. I think now I need to
do some testing to see what works best for my application.
Scott
From: Bob Harold
Sent: February 26, 2020 9:02 AM
To: Mark Andrews
Cc: Scott A. Wozny ; bind-users@lists.isc.org
Thanks very much for the feedback. I clearly have more research to do. :)
Scott
From: Mark Andrews
Sent: February 25, 2020 6:38 PM
To: Scott A. Wozny
Cc: bind-users@lists.isc.org
Subject: Re: NS failover as opposed to A record failover
> On 26 Feb 2
I know this isn’t a question ABOUT BIND, per se, but I think is still a
question bind-users might have an answer to. I’ve seen various failover
questions on the list, but nothing that talks specifically about NS records (at
least nothing in the last decade), so I thought I’d inquire here.
I’m
utlr
Cc: bind-users
Subject: Re: Advice on balancing web traffic using geoip ACls
On Feb 23, 2020, at 6:57 AM, @lbutlr
mailto:krem...@kreme.com>> wrote:
On 22 Feb 2020, at 18:25, Scott A. Wozny
mailto:sawo...@hotmail.com>> wrote:
I’m setting up hot-hot webserver clusters hosted on
t; may not be in the interest of your clients - suppose
their locations are skewed?
In any case, this seems like a lot of work - including committing to ongoing
maintenance - for not much gain.
Consider setting up an anycast address - let the network do the work. This
will route to the s
b traffic using geoip ACls
On 22 Feb 2020, at 18:25, Scott A. Wozny wrote:
> I’m setting up hot-hot webserver clusters hosted on the west and east coasts
> of the US and would like to use Bind 9.11.4
I’d consider changing that version. While Bind 9.11 *is* still supported, it is
EOL at
.11.4-9.P2. I assume
someone is backporting critical patches as I'm not getting complaints from a
credentialed OpenVAS scan, but I appreciate your caution about the version I'm
using and MaxMind GeoIP.
You also make a good point about the delta between round-robin and geoIP being
r
most to do is set up my ACLs to use
the longitude parameter in the city DB and send traffic less than X (let's say
-85) to a zone file that prioritizes the west coast servers and those greater
than X to the east coast servers. However, when I look through the 9.11.4 ARM
it doesn’t includ
On Mon, Jan 6, 2020 at 3:16 PM MEjaz wrote:
> 1. My primary name server, /etc/named.conf, and here am forcing transfer
> to only few trusted servers, as mentioned in the below clause.
> transfers-out 2000;
> allow-transfer {212.119.93.5;213.230.0.10; 212.119.93.10; 212.119.92.6;};
> 2. second
n both 212.119.92.5 and 212.119.93.5?
> Thanks in advance for your assistance. Do you think that should I take look
> from our network side for the MTU size??
It's somewhat harder to check for temporary errors.
The easiest way, since you say that this is a "test", is to
named[25563]: zone kalam.com.sa/IN: transferred serial
> 2019434245
Are you cutting out some logs?
If yes, please include all logs for the zone (kalam.com.sa) and the
master (212.119.92.5)
>
> Therefore, I wanted to know. How to force secondary/slave Name server to
> update/refre
Bob,
I get no real latency doing this, previously I was pinging the GTLD with the
high latency from the query and I was not seeing any latency with ping, thus
why I emailed the list.
Currently doing a dig +trace on comcast.net sees no issues, but per my emails
below, there was high latency
7;dns101.comcast.net': no more" so I doubt
it's a dig version issue.
Paul
;; Received 239 bytes from 192.5.6.30#53(192.5.6.30) in 32 ms
net.172800 IN NS k.gtld-servers.net.
net.172800 IN NS b.gtld-servers.net.
ne
This is not really a Bind issue, but can anyone else confirm latency when
querying Comcast from the root down? I ask because this morning some of our
customers
Could not email @comcast addresses, looked at the mail server and domain not
found. I suspect my cache for Comcast timeout and when my
I have a VPS and requested my webhost to fix reverse DNS for my domain &
IP. They responded by telling me to provide them with the records I want.
I found the following response to someone's question on the *Net*:
Many ISPs will put in CNAME records with values th
You could ask the registrar/root domain admins to point those domains
somewhere other than your server; or just delete them from the root
servers at their perogative. You might want to give your ex-customer a
final warning beforehand as to your intent. It might spur them into
actionand maybe
I've informed the selective service (sss.gov) of the issue. They have
supposedly passed it on to their "web support group". We will see if
anything happens but I'm not holding my breath. At least a government
agency should have more influence to get qwest to fix the
e the domain is properly signed and valid. I get the following
in the log when validation fails.
Jan 19 09:26:20 stout named[11872]: dnssec: debug 3: validating
sss.gov/A: starting
Jan 19 09:26:20 stout named[11872]: dnssec: debug 3: validating
sss.gov/A: attempting insecurity proof
Jan 19 09:
> Install and run haveged... The problem is your system doesn't have enough
> entropy
This was clearly the problem. I built a new test server with haveged installed,
and the bind9 completed ECDSAP256SHA256 signing in 5 seconds. I used 9.11.1
this time since it was just rel
> Install and run haveged... The problem is your system doesn't have enough
> entropy in the processor or maybe it's a VM but either way there is not
> enough entropy to produce random seeds which is why it is taking so long.
Thanks, David. The system is a Microsoft Azure
I'm testing a bind9 v11.1.0-P5 server signing 8 small zones de novo with
ECDSAP256SHA256. The process takes about 12 hours to complete vs. signing with
RSASHA256, which is almost immediate, but signing is ultimately successful. The
server is running Ubuntu 16.04 LTS with current patch
we will be removing ISU.DNS.NORTHERNLIGHTS.GIGAPOP.NET (a
server located at the UMN) and will be installing a server at UIowa (that will
be named DNS-3.IASTATE.EDU).
The new IPv4 addresses for the new external name servers will be:
DNS-1.IASTATE.EDU 129.186.67.129
On Fri, Jan 27, 2017 at 7:20 PM, Wolfgang Riedel wrote:
> Just wonder if there is some agreed guidance on what steps I SHOULD take
> to get bind-9.11.0-P2 successfully build on Debian 9.0?
>
>
The generic recommendation on debian would probably be 'use whatever the
distro comes with, as they main
works & Communications
IT Services, Iowa State University of Science and Technology
> On Oct 31, 2016, at 11:35 AM, Stephen Pape wrote:
>
> Hello all,
>
> I have bind configured with a single TLD (.foo), and inside that are
> records for a large number of subdomains (machine1.a.foo,
I haven't found a good explanation of that this log entry means:
Oct 20 14:41:47 dns-s named[8311]: zone student.iastate.edu/IN/in (signed):
receive_secure_serial: bad database
I've found 58 log entires for this just in the last 90 minutes. Nothing before
that in the last 9 days.
thousands queries per day which is not a big deal, but it
continues to query the old severs for days after the TTL's on the
delegation has expired. Hence the reason it stuck out and I started
looking at it.
I could only find sales email addresses listed for the "ISC Domain
Surve
querying the
slave directly and it never occurred to me that the info I was getting back
might be cached info, I should of looked at the flags :(. Well it turns out
I accidently commented out a huge portion of the named.conf file by mistake
with the */ /*, I didn't close the commented section corr
Yes there is.
p
From: Casey Deccio [mailto:ca...@deccio.net]
Sent: Thursday, July 28, 2016 10:39 AM
To: Paul A
Cc: Tony Finch ; bind-us...@isc.org
Subject: Re: getting not authoritative with some notifies
On Thu, Jul 28, 2016 at 10:34 AM, Paul A mailto:ra...@meganet.net> >
Yes on both server and the slave and primary are listed on the NS RR. I'm
really at a loss here, the zone updates on the slave but I keep getting that
message.
Paul
-Original Message-
From: Tony Finch [mailto:d...@dotat.at]
Sent: Thursday, July 28, 2016 6:20 AM
To: Paul A
Cc: bi
I have an issue I can't seem to figure out, when I make a zone change on the
master server it sends out notifies to the slave, the slave updates the zone
once it sees the notify but I get this in the logs.
named[7062]: client xx.xx.64.2#51056: received notify for zone 'xxx: not
aut
On 2016-07-05 at 15:26:31 Tony Finch wrote:
> There is a third option:
>
> 3) Maintain zone files with a text editor, and use inline-signing mode
> to get named to sign them.
>
> For option 3 you don't want an update-policy clause.
OK, that's actually the behavior
On 2016-07-04 at 15:44:32 Tony Finch wrote:
> In most cases it is best to either use `nsupdate` exclusively, or
> directly edit the master file, but not a mixture of the two. If you
> are using `nsupdate` then there is no need for inline-signing.
>From the responses i received
hehehe,
http://www.zytrax.com/books/dns/ch7/hkpng.html#max-ncache-ttl
i found zytrax site is really helpful
Regards
-Renald-
- Original Message -
From: "John W. Blue"
To: "A. Renald Niswady" , "blrmaani"
Cc: comp-protocols-dns-b...@isc.org
Se
a greater
value. This statement may be used in view or a global options clause.
Regards,
A. Renald Niswady
[NOC-System] Orion Cyber Internet
PT Orion Cyber Internet
Gedung Cyber Lt. 1 Jl. Kuningan Barat No. 8, Jakarta Selatan 12710
Telp: 021 5265566 - Fax: 021 6280883
Homepage: http
reverse delegation
On 14.10.15 10:11, Paul A wrote:
>Niall my problem is the name server that delegated the reserve does look up
the record correctly.
>
>I have this in the zone,
>
>DNAME 0/24
>;;
> delegate to server
>;;
>0/24NS ns.som
.orei...@ucd.ie]
Sent: Tuesday, October 13, 2015 6:29 PM
To: Paul A
Cc: bind-users@lists.isc.org
Subject: Re: dname reverse delegation
On Tue, 13 Oct 2015 21:40:30 +0100,
Paul A wrote:
>
> I have a few /24 that I want to delegate using DNAME.
Are you expecting to save yourself trouble
I have a few /24 that I want to delegate using DNAME.
Lets says I have 192.168.13.0/24 how would I go about doing reserve on the
forwarding server using DNAME.
Currently on the forwarding server I have
NS ns.isp.com
;;
DNAME 0/24
Something seems to have changed on my network setup
(windows workstation using a linux-server for internet-interaction
including DNS running bind).
For some reason when I look up a local host name,
'myputer' I can't get it to return an addr,
and instead it appears to b
On Fri, Jan 30, 2015 at 9:07 AM, WXR <474745...@qq.com> wrote:
> Is there any reverse proxy software for dns , which can do load
> balance、cache for dns service, just like squid for http service?
>
>
What functionality do you need that can't be provided by bind? e.g.
https://www.safaribooksonline
How does the max-recursion-queries counter interact with DNSSEC validation
and RPZ validation? Are the queries for these checks included in the
max-recursion-queries count or are they in a separate queue?
Why I am asking:
I've been running through my test of the new code and getting
What are you using this for?
If it's part of a script, it might be easier to just use gethostbyname. For
example, in php: http://php.net/manual/en/function.gethostbyname.php ,
Returns the IPv4 address or a string containing the unmodified hostname on
failure.
--
Fajar
On Mon, Oct 20, 20
On Thu, Aug 7, 2014 at 10:39 AM, Robert Moskowitz wrote:
> I have a server that is only running bind 9.8.2 (Centos 6.5). It has 2Gb
> memory and free reports ~1.7Gb used.
>
> I am looking at replacing this server with an armv7 board running Redsleeve
> (until Centos 7 is out and s
On Wed, Jul 16, 2014 at 9:55 AM, Mark Andrews wrote:
>
> In message <53c5e714.5080...@thelounge.net>, Reindl Harald writes:
>> > Can the LDNS return 10.10.10.1 defined in the /etc/hosts to the
>> > client?
>> > maybe some special configuration in named can support this feature
>>
>> wrong tool -
To my question of how many more are lurking out there. It looks
like quite a few. I am not sure we are going to be able to continue with
RPZ's and NSDNAME's.
xserv.dell.com is my newest main stream web site having the
issue.
I is behaving the s
Rack Space appears to have fixed the issue."dig
www.wip.rackspace.com NS" now returns NO DATA instead of NXDOMAIN.
I wonder how many more are lurking out there.
We are still getting a trickle in of complaints about slowness and
failures that appear to
On Fri, May 9, 2014 at 5:36 PM, Tony Finch wrote:
>
> Edward DeLargy wrote:
>
> > I just want to verify that 9.9.5 can be compiled in AIX
>
> The README says:
>
> Building
>
> BIND 9 currently requires a UNIX system with an ANSI C compiler,
>
second of each other.
dig www.wip.rackspace.com
www.wip.rackspace.com. 30 IN A 173.203.44.116
dig www.wip.rackspace.com NS
(NXDOMAIN)
dig www.wip.rackspace.com
(NXDOMAIN)
I think this is another case of miss configured load balancers.
Shouldn't the NS record l
No, *rackspace* appears nowhere in our RPZ feeds save the new
entry that works around the issue. This entry excludes it from hitting
the RPZ zone with the NSDNAME records via a PASSTHRU line a earlier RPZ
zone.
David A. Evans
Enterprise IP/DNS Management
Network Infrastructure
We have just enabled RPZ with some NSDNAME checks and are seeing
an issue resolving www.rackspace.com.
The first lookup is successful and returns both the CNAME and the
A record. The second query, within a second of the first, will only
return the CNAME. It will only return
Thank you Mark for all your help in the mail list. I will try this instead,
so is this happening when an link local client is trying to query my server?
paul
-Original Message-
From: Mark Andrews [mailto:ma...@isc.org]
Sent: Tuesday, April 01, 2014 5:03 PM
To: Paul A
Cc: ca35763+b
, April 01, 2014 4:35 PM
To: bind-users@lists.isc.org
Subject: RE: socket error on ipv6 link local
I'm getting the same errors with bind-9.10.0b2.
Just a guess but I think it's related to using a HE IPv6 Tunnel and the
updated root servers.
On Tue, 1 Apr 2014, Paul A wrote:
> Date: Tu
So Kevin what your saying is someone using my dns created a record with
fe80::? I was under the impression that bind what trying to listen on that
subnet.
Thanks Paul
From: bind-users-bounces+razor=meganet@lists.isc.org
[mailto:bind-users-bounces+razor=meganet@lists.isc.org] On
Hi, I have been using bind 9.9.4 for awhile suddenly looking at the looks I
see lots of socket.c errors. Looking at this it seems that bind is
complaining about the link local ipv6 address , I enabled ipv6 awhile back
and I just noticed this.
Apr 1 13:05:32 ns1 named[18769]: connect(fe80::#53)
" ]; then
/etc/init.d/named restart >/dev/null 2>&1;
...
Regards,
Harald
--
Karlsruhe Institute of Technology (KIT)
ATIS - IT Infrastruture and Services, Faculty of Computer Science
Harald A. Irmer
IT Manager / Computer Networks Group
Am Fasanengarten 5
Building 50.34
76131 Ka
Thank you Cathy already informed me of that. it works with the patch.
-Original Message-
From: Jeremy C. Reed [mailto:jr...@isc.org]
Sent: Tuesday, November 26, 2013 12:20 PM
To: Paul A
Cc: bind-us...@isc.org
Subject: Re: caps compiling error
Please see
https://kb.isc.org/article/AA
@lists.isc.org
Subject: Re: caps compiling error
On 26/11/2013 16:56, Paul A wrote:
> Yeah I have compline Bind on that machine many times currently I'm on
> BIND 9.8.4-P2.
>
> Not sure what header file is missing.
>
> -Original Message-
> From: bind-u
Sent: Tuesday, November 26, 2013 11:34 AM
To: bind-users@lists.isc.org
Subject: Re: caps compiling error
On Tue, Nov 26, 2013 at 10:17:11AM -0500, Paul A wrote:
> I was trying to upgrade BIND and suddenly ran into this error with
> both version of bind I was upgrading to.
>
> I tried
I was trying to upgrade BIND and suddenly ran into this error with both
version of bind I was upgrading to.
I tried to compile, bind-9.9.4 and bind-9.8.6-P1 and I get a caps error, I
search the mailing archives and the web but didn't find much on this. As
anyone run into this and know
-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/bind-users
or, via email, send a message with subject or body 'help' to
bind-users-requ...@lists.isc.org
You can reach the person managing the list at
Is it possible for one to configure BIND or any DNS implementation for the
cloud?
I was forced to search for this forum because the exigences of my situation
necessitates a cloud. But yet, in a cloud:
1. I cannot be systems administrator, even if, I don't know yet, if the compa
Making some assumptions about where your dig queries are being sent, I would
say it looks like the Squid is simply failing its DNS lookup (for whatever
reason), then the Squid system is retaining a 5 minute negative cache. If
this is true, then the question would become why does the Squid
On Mon, Aug 19, 2013 at 9:22 PM, Samuel Lentz wrote:
> Thanks. It looks to be good. I did find this once and thought is was to
> good to be true. But after verifying the code is the same, I will be using
> this for further updates.
>
> I understand that CentOS if suppose to be a c
>> Based on a Microsoft tech support case that I opened, the only way to fix
>> this was to turn off EDNS ("dnscmd /config /EnableEDnsProbes 0").
>> This also seems to have been fixed in Windows Server 2012.
> What a bummer, this essentially stops anyone from using
> Perhaps someone who has a Windows 2008 R2 domain can go ahead and confirm
> this, but so far the only way I can see to mitigate this issue is either:
> 1. Disable EDNS on Windows 2008 R2 (which essentially disables the ability to
> accept DNSSEC based responses) or 2. Disable DN
> Looking at this further, it appears when EDNS is turned on in the Windows
> 2008 R2 DNS server (default, accepting DNSSEC responses), resolution fails
> occasionally with a SERVFAIL when NODATA is returned to BIND (i.e. 0 answers
> with a status code of NOERROR.)
I'm usi
>> The brackets were wrong and we should have checked that obj was true.
> The patch you provided makes the log message go away. The bind9 service
> appears to be working normally, and named-checkconf produces no output.
> Thanks. Jeff.
FYI. The patch for /lib/bind9/check.c provided earlier in
1 - 100 of 307 matches
Mail list logo
