s come and go and interfaces go
up and down. This behaviour will be recorded in the log.
Hope that helps.
Cheers, Greg
On Sun, 6 Jul 2025 at 06:21, Bagas Sanjaya wrote:
> On Sun, Jul 06, 2025 at 11:52:35AM +1000, Mark Andrews wrote:
> > Listen-on is an acl. The interface table is scanne
Hi Florian.
Well since you mention it, may we see your BIND configuration? Also "named
-V", please and, if you can, a packet capture (preferably binary pcap, not
just a few lines of tcpdump output) showing what your server is doing at
the time you see these messages in the logs.
Cheers
FUSED?
Cheers, Greg
On Tue, 1 Jul 2025 at 09:06, Neil Nie (NSB)
wrote:
> Hi,
>
>
>
> I found that bind9 (as forwarder) always overwrite rcode refused to rcode
> servfail. For one use-case, the dns client wants to get original rcode
> (like refused). Please advise if there
[#port] (bind to source address/port)
etc...
The rest I don't know, yet.
Hope that helps, Greg
On Wed, 4 Jun 2025 at 07:46, Nick Tait via bind-users <
bind-users@lists.isc.org> wrote:
> Hi Stace.
>
> The transport protocol used to ask the question is (or should be)
> inde
n Bind9 and install Unbound in its place. There seem to be a
> lot more configuration options that might help me with the problems I am
> having. Problems I never had with Windows Server 2003.
>
>
> Thanks anyway and take care of yourselves. I'm outta here.
>
> On 2025-05-1
>From the correct alias this time!
On Mon, 19 May 2025 at 22:46, Greg Choules
wrote:
> Your router (or your ISP behind it) is losing a lot of traffic. Here is a
> timeline of frames with explanations of each, which would have been so much
> simpler if you hadn't tried to
I was beaten to it!
It's called QNAME minimisation and is specified here:
https://datatracker.ietf.org/doc/html/rfc9156
In BIND it can be disabled with this statement:
https://bind9.readthedocs.io/en/v9.20.8/reference.html#namedconf-statement-qname-minimization
Hope that helps, Greg
On Th
others on this list would disagree with me, but
that's just my 2p.
Cheers, Greg.
On Sat, 10 May 2025, 13:43 , wrote:
> On 2025-05-10 02:03, Greg Choules wrote:
>
> @Danilo you are correct, the contents of /etc/resolv.conf are not set by
> BIND and BIND itself does not use them. B
to
understand the behaviour you are seeing.
Cheers, Greg
On Sat, 10 May 2025 at 06:01, Danilo Godec via bind-users <
bind-users@lists.isc.org> wrote:
> On 10.05.2025 05:29, bi...@clearviz.biz wrote:
>
> >Also check /etc/resolv.conf and see what address(es) is/are listed
e box. You don't need to forward to
Google and Cloudflare at all.
Hope you find that useful.
Cheers, Greg
On Fri, 9 May 2025 at 23:58, wrote:
> Howdy all!. My name is Arnold, and I'm new to both Bind9 and to the Bind
> user's list. I'm hoping to contribute my findings o
this application to
rethink their delivery mechanism. so that the requirement for one_name ==
multiple IPs goes away.
/soapbox
If you absolutely *must* do this, some actual examples would help please,
rather than generalisations.
Cheers, Greg
On Mon, 14 Apr 2025 at 20:05, Marek Kozlowski
wrote:
r request and the primary uses that to select
the correct zone from the appropriate view. End clients/stub resolvers
don't typically use keys.
I hope this helps.
Cheers, Greg
On Mon, 14 Apr 2025 at 14:12, Marek Kozlowski
wrote:
> :-)
>
> There are 4 name servers for my domain: two
e external source of truth. That is, keep the
engine that is gathering, sorting, processing and ultimately maintaining
the database that *is* the source of truth separate from the thing that is
handling queries in real time.
/soapbox.
Cheers, Greg
On Fri, 21 Mar 2025 at 07:32, Mónika Kiss wr
Please keep your replies on-list.
This should help you understand its purpose:
https://datatracker.ietf.org/doc/rfc9156/
Cheers, Greg
On Mon, 31 Mar 2025 at 11:12, Champion Xie wrote:
> Thank you for your information
> by the way how to implement QNAME minimisation with domain names st
improvements, bug and
security fixes.
cheers, Greg
On Mon, 31 Mar 2025 at 10:47, Champion Xie wrote:
>
> [root@rancher03 ~]# dig @localhost www.baidu.com a
>
> ; <<>> DiG 9.14.12 <<>> @localhost www.baidu.com a
> ; (2 servers found)
> ;; global opt
a look at is BIND’s GeoIP support, described
here: https://bind9.readthedocs.io/en/latest/chapter7.html#access-control-lists
here:
https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-geoip-directory
and here: https://kb.isc.org/docs/aa-00971
I hope that helps.
Cheers
Sending from the correct alias this time!
On Sun, 16 Mar 2025 at 09:03, Greg Choules
wrote:
> Thank you.
> The problem is that named is running as user "bind" but that user
> doesn't have file system permissions to create and write to files (the .jnl
> and .jbk files
Hi Danjel.
Please send "ls -al" of both "/etc/bind" and "/etc/bind/zones"
Thanks, Greg
On Sat, 15 Mar 2025 at 16:32, Danjel Jungersen via bind-users <
bind-users@lists.isc.org> wrote:
> I'm so sorry, but I have to trouble you guys again.
>
Hi Duan.
Firstly, please upgrade to the latest BIND as 9.11 is very old now and has many
security flaws that will not be fixed because it is obsolete.
Secondly, after you have upgraded try it again and if the problem still exists,
come back here.
Cheers, Greg
> On 13 Mar 2025, at 09:23, D
by it retrying.
Thanks, Greg
On Tue, 4 Mar 2025 at 07:03, Neil Nie (NSB)
wrote:
> Hi,
>
>
>
> I found that bind9 can retry for variant error rcode, which is very
> helpful. But there is one specific case for ANY response with rcode
> refused, retry from bind9 is not expected.
at discuss anycast
generally.
Does that help?
Cheers, Greg
On Tue, 25 Feb 2025 at 13:12, Karol Nowicki via bind-users <
bind-users@lists.isc.org> wrote:
> Hello Everyone
>
> Do we have any official recommendation /rfc to choice network for anycast
> vips which we need to adverti
t;ask them" behaviour, then maybe OK. But beware the possible future problem
of dangling CNAMEs, where the domain they redirect to has expired and been
bought by someone else with darker purposes in mind.
FTR, CNAME records *cannot* co-exist with any other record type of the same
name.
Cheers, Greg
hich must end with a semicolon.
ecs 10.56.21.236/30;
Match another ACL called "ecs", but that term should be followed by a
semicolon, and it's not.
This is why it fails. Add that semicolon and try again.
I hope that helps.
Cheers, Greg
On Thu, 20 Feb 2025 at 02:44, Du
upload it here if
you wish or just open it in Wireshark and follow the conversations and
their timeline.
It is almost certainly a DNSSEC problem though, as Mark says.
Hope that helps.
Cheers, Greg
On Wed, 19 Feb 2025 at 10:22, Danjel Jungersen via bind-users <
bind-users@lists.isc.org> wrote:
Hi.
Is this a question about BIND, or Unbound?
Note the name of the list.
On Fri, 14 Feb 2025 at 16:36, Rainer Duffner wrote:
> Hi,
>
> I have a setup where I have a BIND resolver behind an unbound resolver.
>
> The reason is that when I originally set this up, there was no way to
> integrate an
In that case, something's not right. Please send your "named.conf".
Cheers, Greg
On Thu, 6 Feb 2025 at 14:52, Cuttler, Brian R (HEALTH) <
brian.cutt...@health.ny.gov> wrote:
> Greg,
>
>
>
> Yes, I did remove that stanza and restart the daemon, clean shutd
ed terms and we
shouldn't be using them.
In DNS terms, for me, a "primary" has the single source of truth for data
in zones and a "secondary" transfers a temporary copy of that data from a
primary, or from another secondary (though daisy chain secondaries at your
peril). All a
ot;named.conf" in full
- The output from the command "named -V"
Cheers, Greg
On Wed, 5 Feb 2025 at 17:13, Cuttler, Brian R (HEALTH) <
brian.cutt...@health.ny.gov> wrote:
> Greg,
>
>
>
> I did a spectacular sloppy job with the hints file.
>
> Just realized
Hi Michal.
Please share your configuration and the zone file so that we can see what
you are trying to do.
Thanks, Greg
On Wed, 29 Jan 2025 at 08:28, Michal Bednář wrote:
> Hello,
> i try too make domain record map.domain.tld . I cannot make this in bind9.
> Map is probably keyword
> On 24 Jan 2025, at 21:32, Lee wrote:
>
> On Fri, Jan 24, 2025 at 3:27 PM Greg Choules wrote:
>>
>>
>>> On 24 Jan 2025, at 19:07, Lee wrote:
>>>
>>> On Mon, Jan 20, 2025 at 4:55 AM Petr Špaček wrote:
>>>>
>>>> On 15
> On 24 Jan 2025, at 19:07, Lee wrote:
>
> On Mon, Jan 20, 2025 at 4:55 AM Petr Špaček wrote:
>>
>> On 15. 01. 25 19:55, Lee wrote:
>>> On Wed, Jan 15, 2025 at 11:55 AM Ondřej Surý wrote:
On 14. 1. 2025, at 16:56, Lee wrote:
In other words, should I submit a bug report to the D
ld be slower since it requires disc access?
Unless hosts is cached?. Honestly, I don't know the answer to that one.
If the client is remote it won't go anywhere near hosts, so it might be
useful to have localhost in DNS anyway?
My 2p.
Cheers, Greg
On Tue, 14 Jan 2025 at 11:56, Rober
a
different box.
Try it and see. Personally I would use different addresses for DNS and DHCP
service, just to make it easy to know which is which.
I'm sure there will be many opinions :)
Cheers, Greg
On Wed, 8 Jan 2025 at 15:35, Karol Nowicki via bind-users <
bind-users@lists.isc.or
Hi Roberto.
Instead of defining "." as type "static-stub" you should define it as type
"mirror". This shows you how:
https://bind9.readthedocs.io/en/v9.18.32/reference.html#namedconf-statement-type%20mirror
Cheers, Greg
On Fri, 27 Dec 2024 at 21:41, Roberto Braga
Thus clients need to be SVCB/HTTPS-aware
and ask the right question. So they are not a magic replacement for CNAME.
Why do these people want you to alias your entire zone to them anyway?
I hope that helps.
Christmas cheers, Greg.
On Tue, 24 Dec 2024 at 14:39, Cuttler, Brian R (HEALTH) via bind-
sequent queries will go to your system DNS.
May I ask why you want to use +trace at all?
Try using Wireshark to see what's actually going on.
Hope that helps.
Greg
On Wed, 18 Dec 2024 at 19:47, Cuttler, Brian R (HEALTH) <
brian.cutt...@health.ny.gov> wrote:
> Greg,
>
>
>
Good idea, Brian. People should test more.
Hope it goes well. Packet captures and Wireshark are your friends.
Cheers, Greg
On Tue, 10 Dec 2024 at 15:25, Cuttler, Brian R (HEALTH) <
brian.cutt...@health.ny.gov> wrote:
> Greg,
>
>
>
> I have a test server I will enable th
And my point is that you just don't need that hint zone definition at
all, especially using custom NS in an environment such as this. Maybe try
commenting it out and see if it makes any difference.
Greg
On Tue, 10 Dec 2024 at 14:48, Cuttler, Brian R (HEALTH) <
brian.cutt...@health.ny.go
condary zones instead.
Cheers, Greg
On Tue, 10 Dec 2024 at 14:22, Cuttler, Brian R (HEALTH) <
brian.cutt...@health.ny.gov> wrote:
> Greg,
>
>
>
> Thank you.
>
>
>
> Replacing the db.cache file seems to work for replacing the root servers,
> I saw traffic shift t
, whatever they are, and one of the first
things a resolver does when it starts receiving queries is to update the
set of roots in a process known as root priming.
So, genuinely private networks aside, there is no reason to maintain your
own hints file and therefore hint zone.
Cheers, Greg
On Tue, 10 Dec
hint zone is to define custom roots for a private
network that is *completely* isolated from the Internet. Your corporate
network does not meet that criterion because your corporate DNS servers
will be answering names from the Internet. Therefore, lose the hint zone.
I hope that helps.
Greg
On
he "example.com" forward zone, as I said before.
Lastly, if you are on 9.18, DNSSEC validation will be enabled in auto mode
by default. This means that the server will attempt to validate every
response it receives. This is too much to go into now, but just be aware
that it is happening.
o forward
and fails, then it will recurse. I would recommend you add "forward only"
for consistent behaviour. Then it either works, or it doesn't and you can
fix that.
Lastly, root hints haven't been necessary for a very long time as they are
now built in (unless you are running a
Hi Kees.
I would upgrade to 9.18 and not spend time trying to diagnose 9.16, which is
not supported anymore. If the same problem occurs on 9.18 (latest), please let
us know.
I hope that helps.
Greg
> On 3 Dec 2024, at 10:36, Kees Bakker via bind-users
> wrote:
>
> Hi,
>
&
there is no zone matching the QNAME,
the server will forward back to itself, but since the new source address
does not match "DE" it will ignore that view and go to "default" instead.
I hope that helps.
Cheers, Greg
On Sun, 1 Dec 2024 at 17:13, Dimitry Bansikov wrote:
My bad. I spotted that afterwards.
On Thu, 28 Nov 2024 at 13:48, Anand Buddhdev wrote:
> On Tue, 26 Nov 2024 at 09:40, Greg Choules via bind-users <
> bind-users@lists.isc.org> wrote:
>
> Hi Greg,
>
> Running "named-checkconf -p" will print your entire nam
built-in zone already exists or is
active (covered by a forward-only forwarding declaration) and does not
create an empty zone if either is true.
If you are global forwarding, where are you forwarding to?
Regarding querylog: if you find it useful and it's not hurting, leave it
on. If you don't
ou have querylog enabled. Is that intentional? On
a personal/lab server it's not a concern. But on a busy production server
it will kill performance.
- You have zero automatic empty zones, suggesting that you disabled them.
Again, is that intentional?
Cheers, Greg
On Mon, 25 Nov 2024 at 02:07
Hi again.
In that case, Mark's guess was correct: ECS is only available in the
subscription edition. To get this you must be a paying support customer of
ISC. See this page for details: https://www.isc.org/support/
I hope that helps.
Cheers, Greg
On Sun, 24 Nov 2024 at 07:25, Duan Duan <
Hi.
Please can you clarify what you mean and what you're trying to achieve?
EDNS support generally has existed in all versions of BIND for many years.
Cheers, Greg
On Sat, 23 Nov 2024 at 15:43, 从今以后 via bind-users
wrote:
> Hey ,guys
>
> How do I make my bind recursively support
and be retrying anyway.
I hope that helps.
Greg
> On 8 Nov 2024, at 10:20, Pedro García Segura wrote:
>
> Hello,
>
> Recently we had a Internet outage that lasted for a few hours and quickly
> filled the recursive clients quota (set at 1000) since most internet-bound
> re
Hi Bob.
See if this article helps any first, before we get into configs:
https://kb.isc.org/docs/the-umbrella-feature-in-detail
Cheers, Greg
> On 16 Oct 2024, at 14:55, Robert Mankowski
> wrote:
>
> I recently implemented a forward only BIND server for home. I was forwarding
doesn't and you already published your
DS in the parent, then no big deal. The CDS and CDNSKEY will just sit in
your zone and you don't have to do anything with them.
Does that help?
Cheers, Greg
On Wed, 2 Oct 2024 at 10:58, Danilo Godec via bind-users <
bind-users@lists.isc.org>
lver<>world
traffic.
Is that what you wanted to know?
Cheers, Greg
On Fri, 13 Sept 2024 at 15:14, Steven Shockley
wrote:
> On 9/12/2024 9:20 PM, Steven Shockley wrote:
> > I'll try to run some tcpdumps inbound and outbound tomorrow, traffic
> > should be pretty light.
>
o with the environment in which you have BIND
installed, or the particular build parameters.
Cheers, Greg
On Mon, 26 Aug 2024 at 07:49, Havard Eidnes wrote:
> >> Hi Håvard.
> >> Have you tried a different browser?
> >
> > Not yet. Will do tomorrow.
>
> Latest Chrom
Firefox.
I can't reproduce your issue, sorry.
Cheers, Greg
On Sun, 25 Aug 2024 at 21:06, Havard Eidnes via bind-users <
bind-users@lists.isc.org> wrote:
> Hi,
>
> I'm mostly running BIND 9.18.x, and have configured statistics
> publishing via
>
> statistics-channe
view selection, I don't know exactly how the code works or how
efficient it is. But certainly I have seen some configs with a lot of views
and they seem to function OK.
What sort of QPS are each of your servers handling?
Cheers, Greg
On Sun, 25 Aug 2024 at 05:27, Grant Taylor via bin
w has its own cache, hence the need
for a lot of RAM.
I would try it out on a lab server first.
Hope that helps.
Cheers, Greg
On Fri, 23 Aug 2024 at 20:43, Carlos Horowicz via bind-users <
bind-users@lists.isc.org> wrote:
> Hello List,
>
> an ISP has brought a case where several cu
nt of that domain to
another resolver that can get the answer for it?
Hope that helps.
Cheers, Greg
On Tue, 20 Aug 2024 at 21:28, John Thurston
wrote:
> We are asked to forward queries for foo.example.com to a set of private
> resolvers. So we have something like this in ou
/bind9/
When you are on current code, see if you need to ask the question again. I
think you won't.
Cheers, Greg
On Mon, 19 Aug 2024 at 09:45, 秋林峻祐 wrote:
>
> ***
> このメールの添
Hi Gabe.
Prefetch still exists; reference here:
https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-prefetch
Hope that helps.
Greg
On Tue, 23 Jul 2024 at 17:36, Gabe Loyer wrote:
> In searching for documentation I can only find something for prefetch in
> 9.10,
best to ignore it. We will document this properly!
-n sets the number of event loops. You can tweak this manually if you find that
the autodetected value is not suitable for your environment and usage.
I hope that helps.
Greg
> On 10 Jul 2024, at 15:43, Thomas Hungenberg via bind-us
its files?
- How much RAM does the server have and how much of that is BIND using?
I would recommend reading the ARM section on the journal. The log message
itself comes from "zone.c"
Cheers, Greg
On Mon, 8 Jul 2024 at 12:18, Kees Bakker via bind-users <
bind-users@lists.isc.org>
I have a similar setup, and I do it the way that Greg Choules suggests.
I could probably dig up the exact way I have BIND configured, but the
function is like this:
Clients query the non-AD BIND servers, for *all* queries. For the AD zone,
we use something like this; Our first level domain, lets
t zone.
Compare this with how it's done in the Internet hints file:
.360 IN NSA.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 360 A 198.41.0.4
A.ROOT-SERVERS.NET. 360 2001:503:BA3E::2:30
Hope that helps.
Greg
On Mon, 1 Jul 20
;
> Thanks again
>
> Il giorno ven 28 giu 2024 alle ore 13:10 Greg Choules <
> gregchoules+bindus...@googlemail.com> ha scritto:
>
>> Hi again Renzo.
>>
>> In general, BIND (and other resolvers) make non-recursives (aka
>> iterative) queries to authoritative
ftware.
Cheers, Greg
On Fri, 28 Jun 2024 at 11:58, Renzo Marengo wrote:
> Hi Greg again! :)
>
> > 1) This should help you understand the difference between recursive and
> non-recursive queries.
> I read about recursive and iterative query but I think A.B.C.D server
> shou
s have and only move them
to production when you are certain.
Cheers, Greg
On Fri, 28 Jun 2024 at 07:14, Renzo Marengo wrote:
> Hi greg,
> I thank you again for your suggestions.
>
> >A.B.C.D is the address of this server?
> yes, It's the Bind server
>
> I read severa
ache so that it
doesn't have to make them again for some time.
There are many good books and articles available online to explain the
basics of DNS. The BIND ARM (distributed with BIND and also available
online) is the reference manual for BIND itself.
I hope that helps.
Greg
On Fri, 28 Jun
ot;?
For a long time (which is why I need to know the version) BIND has had the
Internet root hints built in, so you don't need a hint zone anymore. Unless
you are defining different roots for some reason. Hence why I need to know
the contents of that file.
Thanks, Greg
On Thu, 27 Jun 202
using non-recursive queries - and using that data to construct answers for
its clients.
I hope that helps.
Cheers, Greg
On Thu, 27 Jun 2024 at 12:02, Renzo Marengo wrote:
> I have Active Directory domain ( 'mydomain.it' ) with 8 domain
> controllers to manage 8000 computers. Every Dom
.readthedocs.io/en/latest/reference.html#namedconf-statement-minimal-responses
Cheers, Greg
On Wed, 26 Jun 2024 at 17:55, Cuttler, Brian R (HEALTH) <
brian.cutt...@health.ny.gov> wrote:
>
>
> Greg, David,
>
>
>
> Thanks, much easier than what I thought it would be.
>
> I have
is
the same name and its IP is 127.0.0.3, which happens to be another instance
of BIND I have running. Your file would contain the names and IPs of your
internal roots.
In the config, define the hint zone like this:
zone "." {
type hint;
file "db.root";
};
That should be al
better which domains are the problematic ones.
Packet captures are always good for showing exactly what servers send and
what they get back. There's no hiding in Wireshark!
Cheers, Greg
On Wed, 26 Jun 2024 at 07:45, wrote:
> Hello
> Thank you for your response. I have configur
stand what the
problem is first and to do that, gather data (pcaps and logs) that can be
used to paint a picture of what's really happening.
Cheers, Greg
On Tue, 4 Jun 2024 at 13:01, Thomas Barth via bind-users <
bind-users@lists.isc.org> wrote:
> Am 2024-06-04 09:50, schrieb Mat
shot) from
your BIND server showing both client->server and server->forwarder DNS
traffic, crucially capturing the moment this issue occurs.
- dig results from your making test queries.
It may sound like a lot of detail, but the devil... as they say.
Cheers, Greg
On Wed, 29 May 2024 at 21
Odd numbers (9.17, 9.19…) are the development versions. Even numbers (9.18,
9.20 - soon…) are the production versions, based on the odd-numbered version
before.
So 9.18.27 (currently) would be the one to go for.
Cheers, Greg
> On 22 May 2024, at 16:53, Robert Wagner wrote:
>
&
om. CNAME imap-tcp-service.example.com.
and so on.
Cheers, Greg
On Thu, 16 May 2024 at 11:43, Niall O'Reilly wrote:
> On 14 May 2024, at 15:20, DEMBLANS Mathieu wrote:
>
> A part of the subdomains are managed by us, others subdomains by an other
> entity.
> So we can't
latest
version, which is 9.18.26 (you can see in your screenshot).
I hope that helps.
Greg
> On 28 Apr 2024, at 08:42, Yang <395096...@qq.com> wrote:
>
>
>
> is v.9.18.21 below this reference
>

>
>
>
> Yang
> 395096...@qq.com
>
Hello.
Do you mean 9.18-S1?
> On 28 Apr 2024, at 08:06, Yang via bind-users
> wrote:
>
>
> dear admin:
> now, i use bind-9.18-21, i want to use ecs client subnet function; but i
> don't know how to configure it, and i don't get method from google
> please give me some example,or document
Hi.
In BIND, since 9.11, there is an option/view statement called
"minimal-any", which defaults to "no". That might be what you're after.
Cheers, Greg
On Sat, 20 Apr 2024 at 17:29, Amaury Van Pevenaeyge <
avanpevenae...@outlook.fr> wrote:
> Hello everyone,
validation
will hurt you in future, or maybe even right now. My advice would be to
enable it, look at packet captures, ask questions and understand it, rather
than disable it because you don't think you need it.
Cheers, Greg.
On Sun, 31 Mar 2024 at 08:07, Crist Clark wrote:
> Thanks so
quot;, which requires some
thinking about the intent. Whereas "I would like to permit none" (for me
anyway) is clearer and less ambiguous.
As for why authoritative servers need to make queries at all, please take a
look at this article.
https://kb.isc.org/docs/why-does-my-authoritative-se
y.
You probably also don't need also-notify {192.168.56.157;}; if the
secondary has an NS record in the zones it will be transferring, which it
should.
Hope that helps.
Greg
On Mon, 25 Mar 2024 at 11:34, wrote:
> Hello community,
>
> I'm trying to configure a DNS slave serv
Hi Amaury.
You should be able to do this by defining your own trust anchors. This
should explain what you need:
https://bind9.readthedocs.io/en/latest/dnssec-guide.html#trusted-keys-and-managed-keys
Have fun.
Greg
On Sat, 16 Mar 2024 at 13:38, Amaury Van Pevenaeyge <
avanpevenae...@outlook
ers" statement because "
sub.example.com" has been delegated away.
- Do you really want to be forwarding to your hidden primary anyway?
- Why are two different servers both authoritative for
"100.168.192.in-addr.arpa"? That's asking for trouble.
Hope that he
Please don't encourage using "search" in resolv.conf or the Windows
equivalent. Search domains make queries take longer, impose unnecessary
load on resolvers and make diagnosis of issues harder because, when users
say "it doesn't work" you have no idea what it was that didn't work.
I tried using s
2nd $beverage consumed.
I have never liked sortlist since I inherited it 16 years ago in my
previous job.
For me it suffers from at least one fundamental problem:
- If a client, say at location "1", is given a bunch of sorted A records
with the server at location "1" first, what does the client do
r manufacturers are available), match all port 53, set DSCP to an
appropriate value for *your* network and prioritise/police as appropriate
in the core.
Cheers, Greg
On Thu, 29 Feb 2024 at 09:00, Wolfgang Riedel via bind-users <
bind-users@lists.isc.org> wrote:
> Hi Folks,
>
> OK
need.
primaries also-notified {a.b.c.d; e.f.g.h;};
...
zone "example.com {
type primary;
file "db.example.com";
# apply the primaries list (or lists) to the also-notify statement.
also-notify {also-notified;};
};
I hope that helps.
Cheers, Greg
On Thu, 8 Feb 2024 at 21:55,
+norecurse
dig @172.16.0.254 pc1.reseau1.lan A +norecurse
dig @172.16.0.254 pc1.reseau1.lan +norecurse
Now stop the packet capture on the auth server and send all the information.
The reason for using @ with dig is to eliminate the stub
resolver on pc1 itself.
Thanks, Greg
On Wed, 17 Jan
DER<<- opcode: QUERY, status: NOERROR, id: 2379
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
==
So unless I'm missing something I don't see your problem.
Cheers, Greg
On Mon, 15 Jan 2024 at 15:24, wrote:
&g
are running the digs?
- the file "/etc/resolv.conf" on "pc1"
Please also re-send the digs with full output.
When you send information, please send it as text, not screenshots.
Thanks, Greg
On Sun, 14 Jan 2024 at 22:04, Michel Diemer via bind-users <
bind-users@lists.isc.
amed' processes running that they were
not aware of, which *might* cause problems if they are trying to use the
same data files.
Cheers, Greg
On Tue, 19 Dec 2023 at 08:26, wrote:
> I found there was a db.ynu.edu.cn.intranet.jnl beside db.ynu.edu.cn.intranet,
> I tried to remove it, then
neath this
point will be swallowed by the server, e.g. "a.b.c.d.e.f.reseau1.lan" will
all return NXDOMAIN +AA=1
What behaviour do you think you would like to see?
Looking at another part of your config, you should not need this at all:
options {
forwarders {8.8.8.8;};
...
};
If your
I really wouldn't recommend that.
If you have to, create exceptions for domains that won't validate correctly
by using the "validate-except {..." statement.
In parallel with that, encourage people with broken domains to fix them,
which makes life better for all of us.
Cheers,
ith your
own problem.
Cheers, Greg
On Tue, 12 Dec 2023 at 00:48, Blason R wrote:
> Oh I forgot to tell you that. This is BIND RPZ and all the queries are
> recursive.
>
> Dig output just dies out and does not spit anything.
>
> And this specifically i noticed with .gov and .gov.in d
first. I see no reason to
suspect BIND at the moment.
Cheers, Greg
On Mon, 20 Nov 2023 at 17:40, legacyone via bind-users <
bind-users@lists.isc.org> wrote:
> This might show the problem even more on two interfaces WAN side and LAN
> you can see 192.168.53.19 ask for routerp
em is difficult if you only have snippets of information
to work from.
Cheers, Greg
On Mon, 20 Nov 2023 at 13:48, legacyone via bind-users <
bind-users@lists.isc.org> wrote:
> Now its not working fast again! I don't know now must be Teamviewer DNS
> delaying replies causing windows bi
ely. Zones like "
internal-www.example.com", "internal-mail.example.com" and what have you
are fine because they are more specific than the general "example.com",
queries for which will just fall through to the outide world along with any
other name.
That was a bit of
1 - 100 of 228 matches
Mail list logo
