4.0.0, which would be doing
lookups for DKIM, DMARC.
Has anyone noticed anything similar ? It only seems to happen with the
socialinnovation.ca domain.
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this soft
his category of errors set to: severity info. Should
I increase this or are there other ways to determine why resolution is
sometimes REFUSED ?
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software wi
meter in: named.conf, as
Petr had mentioned. Bumping it from the default of 100 to 120 and
repeating the test allows my resolver to return all the A records.
Thank you for the warning of potential DoS ... I am thinking that a
small increase on a server that doesn't get/generate a huge of e-ma
thing else ?
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc
en a query that times out
versus a query that hangs ?
In both cases, I would think these queries are hitting a time limit and
are stopped by BIND, but the fact that there are two different log
entries makes me wonder if there's more to this.
Thanks,
- J
--
Visit https://lists.isc.org/mailma
On 2024-05-17 19:37, Nick Tait via bind-users wrote:
On 18/05/2024 09:11, J Doe wrote:
Hello,
When using RPZ with BIND 9.18.27 and rpz-ip, can any CIDR prefix be used
or must they be either: /8, /16, /24, /32 for IPv4 ?
For example, if I want to block records with an A address of
in the cloud with excellent connectivity, I don't do
anything special with my firewall and I do not run any software that
would mutate the DNS data over port 53.
What could be causing the cookie to not be received from this particular
server over a number of days ?
Thanks,
- J
--
Visit
.
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
On 2024-05-05 20:47, Mark Andrews wrote:
On 6 May 2024, at 07:38, J Doe wrote:
Hello,
I run BIND 9.18.26 as a recursive, validating resolver. In my logs, I
noticed the following:
01-May-2024 00:52:49.689 lame-servers: info: truncated TCP response
resolving 'www.ipfire.
ffic being truncated
and/or rejected via firewalls or middle-boxes that enforce limits on
expected packet size (I believe one of the goals of a recent Flag Day
was to address these configs), but what would lead to truncated TCP
traffic in the context of DNS ?
Thanks,
- J
--
Visit https://lists.isc.o
arpa/dnssec/>
Hi Josh,
Ok, sounds good!
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bin
e got it now - thanks for you explanation!
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users ma
7;s listed ?
Secondly, I'm still not entirely sure what the phrasing "chase DS
servers" means. I am aware of the DS RR type.
As a side-note: I believe the "lame-servers" here is a function of me
configuring QNAME minimization to "relaxed".
Thanks,
- J
Hello,
I run BIND 9.18.26 as a recursive, validating resolver. In my logs, I
noticed the following:
22-Apr-2024 19:25:59.614 lame-servers: info: chase DS servers
resolving '180.96.34.in-addr.arpa/DS/IN': 216.239.34.102#53
What does "chase DS servers" mean ?
T
ificance of logging the URL and why does this happen in
only some cases ?
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contac
'ns1.zdns.google/A'
As this is logged at "info" level, I presume it doesn't do any harm, but
has anyone run into this with this particular Google domain ? I have
seen it over a number of weeks.
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to un
On Fri, 2023-05-26 at 16:51 +0530, Shailendra Gautam wrote:
> Does bind provide any way to manage(add,update,delete) resource
> records
> with HTTP API, like powerdns?
Not TTBOMK. It does have an API for managing RRs but that is using RFC
2136 and not HTTP.
> I currently use zonefiles to store D
s://bind9.readthedocs.io/en/v9_18_9/reference.html#namedconf-statement-category
On Wed, Dec 7, 2022 at 8:25 PM Mik J via bind-users
wrote:
>
> Hello Daren,
>
> The entire message is
> client @0x53eda9122d0 172.16.11.2#48171 (example.org): query: example.org IN
> A -E(0)DC (1.2.3.4) [ECS 192
g it).
https://bind9.readthedocs.io/en/v9_18_9/reference.html#logging-block-grammar
On Wed, Dec 7, 2022 at 7:42 PM Mik J via bind-users
wrote:
>
> Hello,
> I see logs like [ECS 192.168.2.0/24/0] but I don't understand what is the
> last /0 part.
> Where can I get an explanation ?
&
Hello,
I see logs like [ECS 192.168.2.0/24/0] but I don't understand what is the last
/0 part.
Where can I get an explanation ?
Regards
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscript
On 2022-08-25 18:04, Greg Choules wrote:
Hi again J.
If I understand correctly, you want to enable querylog on a busy
recursive server permanently, rotate the files once a day and don't care
if you lose some logs because the number of queries on a busy day
generates more data tha
On 2022-08-25 16:46, Richard T.A. Neal wrote:
Hi J,
I'm coming a little late to the party on this one and I think you might
struggle to do rotation based on both date/time *and* file size, but I use
logrotate to rotate all of my BIND logs daily, keeping 31 days of logs. And
you'l
On 2022-08-25 04:52, Anand Buddhdev wrote:
On 25/08/2022 05:23, J Doe wrote:
Hello J Doe,
I was wondering if anyone could provide feedback on whether the
following: newsyslog.conf file is correct to allow for daily log
rotation for my Bind 9.16.30 logs ?
My currently logging settings in
On 2022-08-25 03:05, Greg Choules wrote:
Hello J
What is it you're actually trying to achieve here?
Cheers, Greg
Hi Greg,
I'm looking to have my: queries.log (which logs all the queries my Bind
9.16.30 recursive resolver resolves), rotated at the end of the day and
I'd like
| true"
So settings:
Log path: My Bind is running in chroot
File mode:0640
Log count:7 (1 per day)
Size limit: none
Frequency:$D0 (daily)
Flags:z to compress
Binary: rndc (instead of pkill)
Is this correct ?
Thank you,
- J
--
V
nssec clientnon dnssec
client
You don’t want the second recursive server to spend all its time re-asking
queries that will fail validation
On 29 Apr 2022, at 11:24, J Doe wrote:
Hi,
I am configuring an RPZ for a validating resolver. I read in the BIND 9.18.2
ARM that there is a boolean op
te.
This would mean that: break-dnssec yes:
...only breaks DNSSEC validation for evil.com because it is re-written
...does NOT break DNSSEC validation for sites _NOT_ in RPZ that use
DNSSEC (ie: ietf.org).
Is that correct ?
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bin
On Apr 13, 2022, at 10:08 AM, Nicholas Miller
wrote:
>
> I believe this is the option you are looking for:
>
> validate-except { domain.example; };
Thanks but that doesn't fix our problem. We use it to fix the
problematic domains for now but that is a temporary solution. There
is always
> On Apr 13, 2022, at 12:00 AM, Grant Taylor via bind-users
> wrote:
>
> This Message Is From an External Sender
> This message came from outside your organization.
> On 4/12/22 7:18 PM, Duchscher, Dave J via bind-users wrote:
> > We are dropping this configurat
On 2022-03-30 02:23, Evan Hunt wrote:
On Wed, Mar 30, 2022 at 12:16:05AM -0400, J Doe wrote:
I have a question about the bind.keys file and what happens when it is
not available.
[...]
** If I don't have bind.keys in my BIND directory but have:
dnssec-validation auto in my named.con
On Mar 30, 2022, at 4:43 PM, Tony Finch wrote:
>
> > We have an internal DNS server that we would like to forward its
> > outgoing queries to a main DNS server that connects to the outside world
> > and is doing DNSSEC validation. The problem is that the DNSSEC
> > validation doesn't work for qu
We have an internal DNS server that we would like to forward its outgoing
queries to a main DNS server that connects to the outside world and is doing
DNSSEC validation. The problem is that the DNSSEC validation doesn't work for
queries from the internal DNS server. Doing DNSSEC validation on
oes a lookup and performs DNSSEC validation,
validation works ? Or do I still need to download bind.keys from [1] ?
Thanks for your help,
- J
Sources:
[1] https://www.isc.org/bind-keys/
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC fund
I am trying to do some testing of an IPv6-only network here using some
nat64 to reach the "legacy" :-) IPv4 Internet. My network is currently
dual-stack.
I have dns64 query mapping working, but I am still seeing some clients
that I am trying to test with (that still have IPv4 addresses until the
On Sun, 2022-02-20 at 08:16 +1100, Mark Andrews wrote:
>
> EDNS is hop by hop. There is no copying by any compliant server.
Fair enough. I thought it was a long shot.
Cheers,
b.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the developme
On Sat, 2022-02-19 at 19:02 +0100, Matus UHLAR - fantomas wrote:
>
> what's the point of this setup?
> BIND can resolve by itself perfectly and you wouldn't rely on 3rd
> party
> service
Except that it cannot do EDE, as I already said in my original message.
Cheers,
b.
signature.asc
Descri
I have a BIND9 server configured as a resolver for the local network to
forward all requests to 1.1.1.1. Given that that 1.1.1.1 includes
(RFC8914) EDE EDNS options in it's responses, can I configure the BIND
resolver to forward those EDNS options in it's response to the client?
While I know BIND
Hello,
How can I check which variables are loaded in memory and considered as active.
For example, I would like to check that the value of lame-ttl is 0In my
named.conf configuration file I haveinclude "myconf.conf";
lame-ttl 600;
And in the myconf.conf file I havelame-ttl 0;
So how can I make su
servers don't let queued
messages grow older than one day".
Out of curiosity, what servers have you encountered that no longer use
the five day cutoff ?
Thanks,
- J
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to uns
Hey all,
Just wondering here, why switching from CentOS to Debian or building BIND
from sources? What is wrong with migrating to CentOS Stream? Why would that
be so much worse than using Debian?
Regards,
Tom
On Sat, 19 Dec 2020 at 00:25, G.W. Haywood via bind-users <
bind-users@lists.isc.org> wr
Hey Onur,
I would guess it depends on your setup and how many traffic you
receive. [1] gives
as an example a value of 10 responses per second, which I would say is
a good place
to start. [5] gives a value of 5 responses per second and I get the
impression that
that is the value used by the F roo
Thank you for your valuable feedback. It is much appreciated.
On Fri, 20 Nov 2020 at 19:37, Reindl Harald wrote:
>
> Am 08.11.20 um 14:44 schrieb Timothe Litt:
>
>
> I'm amazed that this thread has persisted for so long on this list of
> knowledgeable people
>
>
> me too, i would understand that
Having at least two name servers is not a requirement by the RFC standards
but which TLD allows for only one NS server to be given when hou register a
domain?
On Sat, 7 Nov 2020 at 16:53, Kevin A. McGrail wrote:
> On 11/7/2020 10:15 AM, Reindl Harald wrote:
>
>
> https://tools.ietf.org/html/rfc1
First of all, sorry that I cannot reply within the thread, I was not
yet a member of the mailing list when those emails were sent.
> On Thu 15/Oct/2020 18:57:16 +0200 Jason Long via bind-users wrote:
> >
> > Excuse me, I just have one server for DNS and that tutorial is about
> > secondary
> > DN
Hello,
My cache is 100MB and I'd like to know how many records can fit inside.I
suppose that it depends on the record: isc.org is 7 characters and shorter than
http://www.example.com
And it probably depends on the type and adress.
So which size would isc.org A 1.1.1.1 be ?
I ask my question beca
I'm really not sure about what the name of this feature I am going to
describe would be. I would probably call it an "overlay view". But I
am sure there are better names.
Imagine I have a BIND 9 server for the following network topology:
Network 1
192.168.1.0/24 -
-o .libs/stats.o
"stats.c", line 300: undefined symbol: val
cc: acomp failed for stats.c
*** Error code 1
Changing line 300 to "value", it then compiles just fine.
Regards
On 12/21/19 08:35, Wieland, Jeffrey J. wrote:
Compiling with Solaris Studio 12.2 and Oracle Studio 12.4, I
Compiling with Solaris Studio 12.2 and Oracle Studio 12.4, I get
the following error:
libtool: compile: /opt/solstudio12.2/bin/cc -m32 -L/opt/openssl-1.1/lib
-R/opt/openssl-1.1/lib -D_STDC_C99= -mt
-I/opt/src/sys/bind/sun4u/bind-9.11.14 -I../.. -I./unix/include
-I./pthreads/include -I./noatomi
Hello Chuck,Thank you for this clarification.I get your point and it makes
sense.Regards
Le jeudi 24 octobre 2019 à 05:38:03 UTC+2, Chuck Aurora a
écrit :
On 2019-10-23 18:14, Mik J via bind-users wrote:
Hi,
> I know that the RPZ functionality aims to block/redirect/log
Hello,
I know that the RPZ functionality aims to block/redirect/log DNS queries from
the inner network.
What about the authoritative DNS facing the Internet ?
I receive some spam, I get probed on my webservers etc.Many of these
annoiyances start with a DNS query.
What is mydomain.org ? My DNS ans
ew, modify some zones, import, export I'm not sure that would be
possible.
Le jeudi 24 octobre 2019 à 00:44:36 UTC+2, Reindl Harald
a écrit :
Am 24.10.19 um 00:35 schrieb Mik J via bind-users:
> Efficient IP uses bind (+ nsd/unbound) as the DNS server.
>
> One major differ
Hello,
Efficient IP uses bind (+ nsd/unbound) as the DNS server.
One major difference between Efficient IP and bind is when you want to delegate
the zone configuration to users and groups. I think it's called role based
management.So let's say you want team1 to have read/write access to the zone
e e-mail is rejected.
I think the major difficulty I was running into was trying to have DNS RPZ do
everything.
Thank you for the pointer to the RPZ mailing list - I will be joining that
shortly
Regards,
- J
> On Aug 25, 2019, at 12:54 PM, m3047 wrote:
>
> Clarification on what D
Hello,
I have a basic question regarding RPZ on Bind 9.11.x.
Is it possible to re-write a response on a reverse lookup ? For instance, if I
considered example.com a “bad domain”, can I write a RPZ policy so that a
reverse lookup of IP’s that map to example.com fails or is blocked ?
I know I c
Hello,
I tried to understand how to use Spamhaus as a RPZ provider but without any
success.
I'll use the non commercial service at least for some time because I have a few
servers and one or two users, the trafic is very low.
What I thought I should do first is be able to dig axfr the spamhaus
Hello,
I'm also an Openbsd user
I see you used CC can you try with GCC ?
I hope that will help
Le samedi 27 avril 2019 à 22:56:25 UTC+2, paranoid sysadmin
a écrit :
I have begun work on upgrading a group of OpenBSD boxes that are used at a
bunch of small sites as a "network services"
Jaco Lesch via bind-users wrote:
>
>
> Both BIND 9.11.5-P4 and 9.11.6 build fine with the following configure
> settings:
> ./configure --prefix=/opt/local --libdir=/opt/local/lib/dns/sparcv9 \
> --sysconfdir=/etc \
> --localstatedir=/var \
> --with-randomdev=/dev/random \
Hello Bob, Tony,
Thank you for your answers, I'm going to study this topic.
Regards
Le mercredi 6 février 2019 à 21:11:59 UTC+1, Bob Harold
a écrit :
On Wed, Feb 6, 2019 at 1:03 PM Mik J via bind-users
wrote:
Hello,
I would like to know how do you manage reverse zones and t
Hello,
I would like to know how do you manage reverse zones and the 10.x.x.x zone
particularly.
I can see three choices:- One global 10.in-addr.arpa zone- Many /24 zones
1.1.10.in-addr.arpa zone- Something in between
One global zone:The problem is that I end having a very populated zone and if
s
Hello,
I tried to dissociate roles and have:- 1 set of authoritative master/slave
server- 1 set of recursive servers
For a zone that I owned, the "recursive" servers forwards the request to the
authoritative server. Otherwise the server resolves the query directly on the
Internet.The authoritati
After recently improving the tracking of errors coming from commands
running from scripts, we found that a large number of “rndc reconfig”
requests (about 15-20% of all requests) error out with exit status 1
and the message:
rndc: ‘reconfig' failed: unexpected end of input
The “unexpected end of
I saw a zone check on intodns.com shows,
Stealth NS records were sent:
ns2.xxx.com
ns1.xxx.com
So what's a stealth NS record?
thanks.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
My server once ran about 200,000 zones on a VPS with 4GB RAM, 2 vCores,
BIND powered.
Running tests against them is good.
https://www.nominum.com/measurement-tools/
On 2018/3/28 星期三 AM 10:54, Blason R wrote:
Hi,
Is there any DNS sizing guide available? I have created a sinkhole
server which
On Wed, 2018-01-17 at 10:45 -0500, Brian J. Murrell wrote:
> I have a BIND (9.9.4)[1] server that runs well most of the time, but
> periodically it will start returning SERVFAIL for very high-level
> domains such as *.google.com, *.gstatic.com, *.github.com, etc. It
> seems to
On Tue, 2018-01-23 at 09:53 -0700, Grant Taylor via bind-users wrote:
>
> Could you try disabling DDNS updates for a little while?
That's effectively what I have done.
I set up a second server configuration running new zone on a different
IP address and pointed the DHCP server at it so that the
On Tue, 2018-01-23 at 13:38 +0100, Reindl Harald wrote:
>
> pretty sure it's possible and likely not much different than the
> unbound-sample below which asks a rbldnsd on port 1043 on the same
> machine
>
> stub-zone:
> name: "zone-name."
> stub-addr: 127.0.0.1@1053
This all falls apart be
On Tue, 2018-01-23 at 13:38 +0100, Reindl Harald wrote:
>
> pretty sure it's possible and likely not much different than the
> unbound-sample below which asks a rbldnsd on port 1043 on the same
> machine
>
> stub-zone:
> name: "zone-name."
> stub-addr: 127.0.0.1@1053
That's the sort of path
Here's a new most interesting data point.
All of these outages happen right after a DHCP client connect and sends
a DDNS update to BIND.
It would be an interesting experiment to isolate the zone that receives
DDNS updates for the DHCP clients onto a separate server to see if that
makes this probl
On Mon, 2018-01-22 at 12:45 +, Tony Finch wrote:
>
> lame-servers is also a log category, and tends to be quite noisy
> about
> various problems :-)
Turns out I do already have lame server logging enabled. I.e.:
20-Jan-2018 12:01:37.053 lame server resolving 'backup-ns.yn.cninfo.net' (in
'
On Mon, 2018-01-22 at 16:10 +, Tony Finch wrote:
>
> You should make sure it is enabled, because there are vital clues in
> those
> log lines :-)
But they will only occur if there is some lameness with the ns[1-
4].google.com records and that will already be reported with lame:n in
the "fetch
On Mon, 2018-01-22 at 12:04 +, Tony Finch wrote:
>
> The thing to look out for is the minutes before the outage starts -
> see
> what kind of failures you get.
So, taking this approach, looking for the first occurrence of just any
one of the names ns[1-4].google.com prior to the A/ querie
On Mon, 2018-01-22 at 12:45 +, Tony Finch wrote:
>
> They'll have a log category of edns-disabled.
But if the problem were EDNS, would it be so intermittent and always
fixable by rndc reload?
> But, looking through the
> code, if this is leading to lameness you will also get lame-servers
> l
On Mon, 2018-01-22 at 12:04 +, Tony Finch wrote:
>
> That indicates that it has already marked the servers as lame, so the
> packet trace isn't going to tell you what caused the lameness.
OK.
> The thing to look out for is the minutes before the outage starts -
> see
> what kind of failures
OK. I now have named trace logging
http://brian.interlinx.bc.ca/named.run.log
and a packet dump:
http://brian.interlinx.bc.ca/dns-packets.txt
that demonstrates how BIND is getting .com referrals from the root
servers when doing a query for www.google.com and then doing nothing
with those refer
On Fri, 2018-01-19 at 15:22 +, Tony Finch wrote:
>
> You don't have any weird middleboxes between your resolver and the
> Internet, do you?
I don't believe so. Not entirely sure what "weird middleboxes" refers
to in this context though. And by resolver are you referring to my
BIND9 server o
On Fri, 2018-01-19 at 14:54 +, Tony Finch wrote:
>
> Those responses look like referrals from the root servers to the .com
> servers;
Ahhh. Right. That makes sense.
> I would expect you to see `named` repeating the queries as it
> follows the iterative resolution algorithm.
Indeed. I wil
On Thu, 2018-01-18 at 17:46 +, Tony Finch wrote:
> Brian J. Murrell wrote:
> > On Thu, 2018-01-18 at 15:41 +, Tony Finch wrote:
> > >
> > > The default is 10 minutes - try reducing it and see if the outage
> > > becomes shorter.
> >
> &
On Thu, 2018-01-18 at 15:41 +, Tony Finch wrote:
>
> Does the time to recovery correspond to the lame-ttl setting?
I am not sure. I'm not always aware of when it starts. I guess if I
am running a trace level permanently the log would tell me though.
> The default
> is 10 minutes - try redu
I have a BIND (9.9.4)[1] server that runs well most of the time, but
periodically it will start returning SERVFAIL for very high-level
domains such as *.google.com, *.gstatic.com, *.github.com, etc. It
seems to happen most frequently with Google domains, but I wonder if
that is just a reflection o
Thank you Bob for your answer.I continued to search and saw rfc1912 page 4It's
much higher than I first thought
Le mercredi 3 janvier 2018 à 20:05:57 UTC+1, Bob Harold
a écrit :
On Wed, Jan 3, 2018 at 1:57 PM, Mik J via bind-users
wrote:
Hello,
I would like to have
Hello,
I would like to have your thoughts about what should be the best values for
refresh, retry, expire and negative cache.
In my case I have 2 DNS which are hosted in 2 different locations. These
location are near one another (100km). The latency is very low and packet is
0.I configured a lot
Thank you very much Mark for your quick answer
Le Vendredi 18 août 2017 13h46, Mark Andrews a écrit :
In message <1744062904.346000.1503053675...@mail.yahoo.com>, Mik J via
bind-users writes:
> Hello,
> Do you know where I can find the signification of DNS syslog messag
Hello,
Do you know where I can find the signification of DNS syslog messages ?
client x.x.x.x#64111 (webmail.google.NET): query: webmail.google.NET IN +
(y.y.y.y)=> I'm looking for the signification of the +
client z.z.z.z#39953 (www.mydomain.org): query: www.mydomain.org IN A -ED
(y.y.y.y)=
e A
> C > BWith forward {} the global forward will be short circuited for foo.com
and below resulting in a path of A > B
On May 12, 2017 11:56 AM, "Mik J" wrote:
Thank you Ben for your answer
My server uses a global forwarding
I don't understand what you wrote"If it
forward{} turns off global forwarding for that branch
of the tree.
On May 12, 2017 9:27 AM, "Mik J via bind-users"
wrote:
Hello,
If my DNS is master/slave for a zone, why would I want it to use forwarders.
In other terms why would I wantzone "mydomain.com"
{
typ
Hello,
If my DNS is master/slave for a zone, why would I want it to use forwarders.
In other terms why would I wantzone "mydomain.com"
{
type master;
file "zones/master/com/mydomain.com";
allow-update { acl; };
};
Instead of (forwarders {};)zone "mydomain.com"
{
typ
zones that
were "working" were using a different algorithm and so it didn't mismanage
those.
Sorry for troubling you. However your information did help me locate the
problem.
Thanks
Jay
On 31 March 2017 at 00:17, J T wrote:
> Please ignore the * in the copy pasted rec
Please ignore the * in the copy pasted records. It seems the list converts
color text to be *TEXT* hehe
On 31 March 2017 at 00:11, J T wrote:
> Hi Mark,
>
> Thank you for responding. What do you mean by zone apex?
>
> If we assume one of the domains that fails to be se
EC' or 'IN NSEC3PARAM' records ?
Jay
On 30 March 2017 at 23:02, Mark Andrews wrote:
>
> In message f5pug3...@mail.gmail.com>, J T writ
> es:
> > Hi,
> >
> > I have 5 signed zones ( 2 x .email, 2 x .com and 1 x .co.uk ).
> >
> > I us
Hi,
I have 5 signed zones ( 2 x .email, 2 x .com and 1 x .co.uk ).
I used Webmin to do the heavy lifting of signing/resigning etc.
Only 2 of the 5 zones are recognised as (DNSSEC Signed) by BIND on
restart/zone application and that fact is reported in the system logs.
I’m trying to work out why
Barry: "Also, if there are no delegation records for the subdomain, the parent
server believes it's authoritative for them, despite having forwarders
configured."
I don't understand what you just wrote above. Are you saying I need to do both
delegation and forwarding on my authoritative server
Hello,
I would like to check if my understanding is correct regarding delegation and
forward
Delegation: I want to delegate the administrative tasks to someone else for one
subdomainsubdomain1.mydomain.orgI'll specify the NS of that
subdomain1.mydomain.org in my mydomain.org zone fileThe other p
Hello,
From my personnal experience I would add
* Check if you have monitoring in place, you might want to monitor all types of
queries and error messages.
* Since you have external and internal DNS then there might be firewalls
between them, check if the flows are opened and prepare a test plan
Hello,
I'm logging queries
channel queries_file {
file "/var/log/queries.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
category queries { queries_file; };
And queries that are not allowed
channel "dns_s
Hello,
I have a bind DNS that is authoritative for many zones and that same system is
also forwarding.I plan to split these two functions on two different systems.
Have some of you done this task ? Do you have any guidelines or advices ?
I'm thinking about migrating the forwarding functionality to
Thank you guys for your answers.
Le Mardi 3 mai 2016 16h09, Barry Margolin a écrit :
In article ,
Mik J wrote:
> Hello Mark,
> Thank you for your answer. I'm not sure I've understood everything but I'll
> read it numerous times if necessary.I have ACLs so
o correct the servers or remove the
delegations."You mean this one "x.204.99.116.in-addr.arpa" which appeared in my
logs ?
Regards
Le Mardi 3 mai 2016 13h30, Mark Andrews a écrit :
In message <353379836.10168122.1462272936427.javamail.ya...@mail.yahoo.com>, Mi
k J
Hello,
In my named.log I can see a lot of SERVFAIL/REFUSED unexpected RCODE messages.
Most of the time someone tries to resolve a PTR
I can see an average of 10 messages per second like these
May 3 10:46:26 dns named[7228]: REFUSED unexpected RCODE resolving
'x.204.99.116.in-addr.arpa/PTR/IN': 2
Hi
How to configure a DNS server as public DNS server like google's 8.8.8.8 server
Help me to clear out these problem
Thank you
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bi
Trying to follow an example I found of manually verifying a name's
DNSSEC records I did the following:
# dig . DNSKEY | grep -Ev '^($|;)' > root.keys
# dig +sigchase +trusted-key=./root.keys www.eurid.eu. A
That resulted in some errors but more importantly the following in my
syslog:
Mar 23 08:1
1 - 100 of 192 matches
Mail list logo
