000 3600 36000 3600
from server 2a01:238:43a1:8d00:3d66:3e7:a956:2430 in 283 ms.
SOA theater.piekert.de. floppy.floppy.org. 2025061905 18000 3600 36000 3600
from server 81.169.217.236 in 280 ms.
SOA theater.piekert.de. floppy.floppy.org. 2025061905 18000 3600 36000 3600
from server 81.169
root trust anchor)
-b address[#port] (bind to source address/port)
etc...
The rest I don't know, yet.
Hope that helps, Greg
Thanks Greg.
On Wed, 4 Jun 2025 at 07:46, Nick Tait via bind-users
wrote:
I've done a bit more testing on this, and it seems like if you u
o be good if it queried for both by
default -- i.e. if neither -4 or -6 were specified?)
Can anyone advise whether this something I should raise a bug report for?
Nick.
P.S. Using +ns also causes delv to ignore a server specified with the @
option, and in this case it logs a message like: &qu
On 03/06/2025 22:06, Petr Špaček wrote:
I've created
https://gitlab.isc.org/isc-projects/bind9/-/issues/5351
so we can improve logging. Your input on what sort of information is
useful would be much appreciated.
Thanks very much for that. I've added a comment. :-)
--
Visit https://lists.isc.or
ted answer. FYI My
packet capture shows that the total number of queries transmitted on the
wire was 46, which sounds about right considering that the root zone
queries are answered from the mirror zone (and therefore don't appear in
the packet capture).
Thanks again for helping to solve m
When this is set to strict, BIND follows the QNAME minimization
algorithm to the letter, as specified in RFC 7816.
Setting this option to relaxed causes BIND to fall back to normal
(non-minimized) query mode when it receives either NXDOMAIN or other
unexpected responses (e.
today).
resolved uses a loopback address which is not bound to an interface
(at least that's my experience, which may or may not reflect some
reality which has been manufactured today).
Nick, I'll ask before the fold: how do I explicitly bind 127.0.0.53 to
the lo interface before systemd sta
to an interface
(at least that's my experience, which may or may not reflect some
reality which has been manufactured today).
Nick, I'll ask before the fold: how do I explicitly bind 127.0.0.53 to
the lo interface before systemd starts?
I'm not sure why you would even want to do that?
enderer in netplan).
o The "resolvectl" utility feels like a sibling to the other
systemd utilities like "systemctl", "journalctl", etc.
Nick.
P.S. I hope I'm not (re-) starting some sort of holy war. That is not my
intention, and I'm definitely /
secondary server could
inadvertently end up transferring the zone from the public view in spite
of having signed the zone transfer request with one of the private keys.
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the developme
Now I've also come across this draft from the IETF's Network WG, might be relevant? But it seems like it's been published in 2021 and is still a draft. Not sure how "standard" that is in IETF lingo, but it does seem interesting.https://www.ietf.org/archive/id/draft-dickson-dprive-adot-auth-06.htmlI
servers.
5. Authoritative DNS servers SHOULD recognize localhost names as
special and handle them as described above for caching DNS
servers.
To me this seems like a pretty clear endorsement for inclusion of the
wildcard entry "*.localhost." in db.local?
On 15/01/2025 4:56 am, Lee wrote:
Should bind answer when asked for an A record for random.name.localhost?
If so, does the ISC ship a db.local with a wildcard - eg.
--- cut here ---
@ IN NS localhost.
@ IN A 127.0.0.1
@ IN ::1
* IN
tro,
but can be changed by modifying /etc/nsswitch.conf.
* I'm not sure about Android.
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.
e
".local." domain names resolved using mDNS instead of DNS, then this is
the wrong solution? You'd be better off starting with how name
resolution is configured on the clients.
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
I
the split?
(BTW just check that example.com ZSK lifetime is long enough to implement all
this before you start.)
Nick.
> On 10 Dec 2024, at 10:12 PM, Petr Špaček wrote:
>
> Hello Chris.
>
> My take is that the *will* be some sort of breakage even if you do everything
> r
t-data" on Ubuntu) - to eliminate those
warnings.
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more informatio
Hi Jeff.
This is a good starting point for setting up primary and secondary servers:
https://bind9.readthedocs.io/en/stable/chapter3.html#authoritative-name-servers
Nick.
> On 19 Nov 2024, at 7:44 AM, Marco Moock wrote:
> Am Mon, 18 Nov 2024 19:03:55 +0100
> schrieb Jean-François
at
way you can configure BIND to use the /var/lib version (and it has
permissions to create the signed version of the zone in the same
directory), and you can manually edit the zone file in /etc/bind (along
with all your non-DNSSEC zones).
Nick.
--
Visit https://lists.isc.org/mailman/listinf
Remember that when you update a zone you need to increase the serial number (in
SOA record) and tell BIND to reload the zone - e.g. run “rndc reload”.
Nick.
> On 15 Nov 2024, at 6:30 PM, Blason R wrote:
>
> Even I tried that but still no luck
>
> $TTL 180
> @
172.1.xx.xx
app.hubspot.comCNAME wg.custom.block.
Hi Blason.
If you want app.hubspot.com to return NXDOMAIN response, try changing
the CNAME target to "." - i.e.:
app.hubspot.comCNAME .
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs
est, please update the zone using nsupdate, then try running this command:
dig yer.at +nssearch
This will query the SOA record on all of the authoritative name servers
for the domain. Hopefully this will show you which name servers aren't
getting updated when the zone data changes, and (if I
or all records, and/or the negative response caching TTL (5th
parameter in the SOA record)?
Nick.
On 3/11/2024 11:28 pm, Hans Mayer via bind-users wrote:
Dear All,
I am running BIND 9.18.32-dev (Extended Support Version)
running on Linux x86_64 6.1.0-25-amd64 #1 SMP PREEMPT_DYNAMIC Deb
type master;
file "db.test.com";
};
I would like to have DNSSEC active on both domains, but since they are
sharing a file, Bind complains about it.
If you are using Linux, I'd suggest looking at using filesystem links so
that you can have separate files that share the same c
the mailing list archive:
https://www.mail-archive.com/bind-users@lists.isc.org/msg34359.html
Ged, I'll forward the email headers to you privately, but I trust you'll
find that they support the explanation offered below.
Thanks again everyone who took the time to respond. :-)
Nick.
e link), or the email below is bogus
and they have exploited the list MTA to distribute spam?
Can anyone shed any light on this? Happy to share all the mail headers
if that helps?
Thanks,
Nick.
On 07/06/2024 04:19, gustavojavi...@gmail.com wrote:
Hi Nick Tait via bind-users,
A new MDLZ a
specific recursive resolver. See:
https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-type%20forward
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions
:
22.1.10.168.192.rpz-ip IN CNAME .
Thanks,
- J
Hi J.
Yes you can specify a CIDR network length that isn't on an 8-bit boundary.
In your example the /22 network address for 192.168.10.1 is actually
192.168.8.0, so you'd specify:
22.0.8.168.192.rpz-ip IN CNAME .
Nick.
--
V
ce(s) and then rerun your test?
If you have just a single process listening on port 53, then I'd suggest
using "tail -f" to watch your BIND logs (or syslog?) while you are
running your test, to see what is going on from the recursive resolver's
point of view? Hopefully you'
"|
I couldn't help noticing that when you ran dnssec-dsfromkey you
referenced this directory: /usr/home/dns/Fixed
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Cont
On 02/03/2024 11:36, Greg Choules wrote:
Please don't encourage using "search" in resolv.conf or the Windows
equivalent. Search domains make queries take longer, impose
unnecessary load on resolvers and make diagnosis of issues harder
because, when users say "it doesn't work" you have no idea w
rts of the network to resolve the unqualified name
"firewall1" differently. E.g. If you "ssh firewall1" from a management
host it could expand that to firewall1./management/.example.com?
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this l
ll-overs,
you may need to run rndc commands to tell BIND when DS records are
added/removed -- but that is possibly what you already do with auto-dnssec?
Of course in life there are no absolute guarantees, so you should back
up your configuration and make a plan to mitigate the impacts in the
understand (and agree) that this behaviour makes the most sense,
given my confusion based on the documentation, I wonder if the
documentation could be made clearer? E.g. Add the sentence: "In the case
where the primaries option specifies a TSIG key, it is not necessary for
the received NOTI
ng dnssec-policy you
should be able to change the algorithm and Bind should do a graceful roll-over?
Just make sure everything is “omnipresent” in your state files (in the keys
directory) first.
Nick. --
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this lis
have been many improvements in BIND's support for DNSSEC
over the last few years, so if this is a server that you've inherited,
it is probably worth reviewing the DNSSEC configuration options to see
if it can be improved?
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-
On 7/12/2023 9:05 am, Nick Tait via bind-users wrote:
I could be wrong, but based on the output above it looks like the
current TTL is 0, which means that doing this should provide immediate
relief.
Sorry it looks like the DNS server on the Wi-Fi network I'm connected to
has done some
: Thu Dec 07 09:01:33 NZDT 2023
;; MSG SIZE rcvd: 80
I could be wrong, but based on the output above it looks like the
current TTL is 0, which means that doing this should provide immediate
relief.
Add a new DS record once you've fixed your KSK issues.
Nick.
--
Visit https:
rom my configuration, to avoid
potential issues in future versions of BIND?
Thanks,
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact
On 20/11/2023 1:00 pm, Peter wrote:
It's tricky. One problem is these are slave zones, they are
authoritative and do not work well with DNSSEC.
I'm curious... What issues did you have with these zones and DNSSEC? I
would have expected that the signed zones should just work?
Nick.
e?
Anyway, I remembered seeing "ZRRSIGState: rumoured" in your ZSK state
file before you initiated your ZSK roll-over, and so I suspect that all
your issues stem from the fact that not everything was omnipresent
before you initiated the roll-over?
Nick.--
Visit https://lists.isc.org/mai
Unfortunately, redesigning the internal zone is way beyond the scope of
what I can do, but thanks for the info.
On 04/11/2023 13:40, Greg Choules wrote:
Hi Nick.
First question, does the internal zone *have* to keep the same name?
As has been said already, this is a fairly common setup done
As on other replies, a different internal zone is a huge project for the
company, not a quick win, unfortunately.
On 04/11/2023 08:55, Michael Richardson wrote:
Given VPNs, RemoteAccess and the like, I strongly recommend against split-DNS
configurations. They were great ideas in 1993, when all
ink I have any chance of pushing this through. Also DNSMasq does not
support replication (but it could be scripted). I could look for other
solutions but I doubt I would get anywhere in the company.
I'll spend some time investigating option F, thanks.
Nick
On 04/11/2023 02:03, Nick Tait
s
it is almost certainly something that you will have no control over.
E.g. It could be something bogus on a web page that these devices have
all accessed?
Nick.
On 4/11/23 11:30, J Doe wrote:
Hello,
On a Bind 9.18.19 server configured as a recursive resolver, I
sometimes see URL's be
Hi Nick.
Your current set-up sounds like a fairly common configuration. And
depending on your requirements there are a number of options that you
might consider.
But let's start with requirements: I've made some assumptions - please
advise if I've got any of this wrong?:
On 03/11/2023 20:07, Marco M. wrote:
Am 03.11.2023 um 19:54:32 Uhr schrieb Nick Howitt:
How do you mean remove the zone information?
In your /etc/bind are configuration files.
Look for named.conf* and find those that include zones:
zone "f.8.1.1.0.7.1.0.1.0.a.2.ip6.arpa" {
t
On 03/11/2023 19:30, Marco M. wrote:
Am 03.11.2023 um 19:18:49 Uhr schrieb Nick Howitt via bind-users:
Can the bind-internal not be made to caching only and not
authoritative? If so, how?
Of course it can, simply remove the zone configuration, but it will
then cache the records from the
tlook for Android <https://aka.ms/AAb9ysg>
*From:* bind-users on behalf of Nick
Howitt via bind-users
*Sent:* Friday, November 3, 2023 1:58:51 PM
*To:* bind-users@lists.isc.org
*Subject:* Re: How should I configure i
On 03/11/2023 18:06, Marco M. wrote:
Am 03.11.2023 um 17:58:51 Uhr schrieb Nick Howitt via bind-users:
On 03/11/2023 17:54, Marco M. wrote:
Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:
My problem is the use of external IP's duplicated between the
internal and ext
On 03/11/2023 17:54, Marco M. wrote:
Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:
My problem is the use of external IP's duplicated between the
internal and external masters for some IPs/FQDNs which I want to get
rid of.
Implement IPv6 and get rid of the old
On 03/11/2023 17:17, Marco M. wrote:
Am 03.11.2023 um 15:51:32 Uhr schrieb Nick Howitt via bind-users:
As this site is externally accessible as well, we also have to put an
identical entry in bind-external so we end up having many identical
entries in bind-internal and bind-external.
It seems
their resolver. I was hoping I could set something like
recursion=true in bind-internal and recursion=false on bind-external,
only in my configs for BIND 9.9.6-P1, it is not set at all so I am not
sure how it is configured as authoritative.
Nick
On 2023-11-03 16:01, Andrew Latham wrote:
* T
hen go out to either bind-external or the domain
host's DNS to get the answer from the authoritative servers and then
there is no need to maintain external IPs in bind internal.
TIA,
Nick
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the dev
27;t stick around.
I can only assume that the reason you have rumoured state is because you
are trying to roll your ZSK to soon after the previous ZSK rollover?
Have you checked the various timing settings in the KASP definition?
Nick.
On 30/09/23 11:32, Nick Tait via bind-users wrote:
On 2
<https://bind9.readthedocs.io/en/latest/manpages.html#cmdoption-rndc-arg-dnssec>/.
where 12345 and 54321 are the key tags of the successor and
predecessor key, respectively./
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds t
g-dnssec>/./
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.is
t specific DS records
are published and/or withdrawn.
Nick.
On 11/09/23 23:52, Björn Persson wrote:
Hello, I'm trying to configure automatic KSK (or CSK) rollover. I'm
confused about how to poll securely for DS records.
Section 5.1.2.1 of the BIND 9 Administrator Reference Manual sa
Hi Dulux-Oz.It looks like the router between the primary and secondary DNS
servers is performing NAT on the packets it is forwarding between those
subnets?It would make your life much simpler if you can turn that off? I.e only
NAT packets going out to the Internet/your ISP?Nick
Hi Matthias.It looks like nobody solved your /original/ problem? If you are
still looking for an answer it might help if you posted some logs? The people
on this list are good at interpreting any errors you're seeing. :-)Nick.
Original message From: Matthias Fechner
Date:
f working it out for itself?
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind
the sub zone configuration (i.e. from 4.4.4.4)
below. What do the zone stanza in the config file, and the zone file
itself look like?
3. What answer do you get if you try: *dig @4.4.4.4 **fish.hub soa
+norecurse*
Nick.
On 10/05/23 16:07, bindu...@thegeezer.net wrote:
Howdy
I'm strug
ameter in the SOA record, so that the
secondaries poll the primary more frequently?
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/conta
recall that
without these, if the parent zone is DNSSEC-signed and doesn't use the
OPT-OUT feature, then a DNSSEC-validating resolver (e.g. running "delv"
tool) would complain when querying names in the internal zone.)
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind
th/to/file";
allow-query { any; };
notify no;
};
NB: In all my examples "192.0.2.2" is the primary (master) and
"192.0.2.1" is the secondary (slave).
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the d
192.0.2.1 key "external.example.com"; };
};
};
The secondary server would need a similar match-clients set-up so that
it associated the notify with the correct view (based on key). And as
I'm sure you know it would also need a "primaries" (or "masters"
chive.com/bind-users@lists.isc.org/msg28526.html
Just make sure you aren't using an ancient version of BIND! :-)
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact
DOMAIN (i.e. same as suggested by Evan Hunt) rather than returning a
bogus IP address.
FWIW I haven't experienced any issues with youtube, so I wonder whether
one of these differences could be the cause of your CPU usage issue?
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users
something that would
work within the inline-signing framework. But perhaps I was being overly
optimistic?
I've decided I'll stick with manual KSK roll-overs for now... :-)
Thanks again.
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this
ound the bottom of the zone
(where they are not authoritative), but never in between.
The terminology is a bit confusing, but it boils down to this: The NS
records for the zone must be included in the zone itself, and also in
the parent zone.
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bi
, can BIND be configured to poll a child zone for
CDS/CDNSKEY records, and automatically add corresponding DS records into
a zone that it controls?
If this isn't on the radar already, I'll be happy to submit an
enhancement request?
Thanks,
Nick.
--
Visit https://lists.isc.org/mai
Hi Carsten.I've been running split views with a DNSSEC zone using dnssec-policy
for at least a couple of years.I'm using a CSK (i.e. combined KSK+ZSK) and
haven't yet worked out the best way to automate key rollover wrt DS in parent
zone, so my key rollovers are manual currently. Consequently I'
On 14/02/23 05:39, adrien sipasseuth wrote:
"You configure parental agents and named will check which DS’s are
published. Named won’t complete the
roll until it knows the new DS is published."
=> what is parental agent ? i don't find this term in Bind
documentation. From what I understand, you
On 9/02/23 05:17, adrien sipasseuth wrote:
so it works BUT I need to know more than 48h in advance that the
rollover is starting to submit the new KSK to my registar.
How can I set this up if it's not with "public-safety"?
If it was me, I'd set the KSK to not roll-over automatically, and
inste
the internal machines continue to use the public address, but the
packets don't actually get routed out to the Internet.
Nick.
On 7/02/23 19:45, Matthias Fechner wrote:
Hi Darren, Hi Nick,
at first thanks a lot for your answer.
I see that I have not explained my use-case detailed
#x27;ve glossed over the details of replicating
the two different copies of the zone to your secondary DNS servers, but
the general idea is to have the secondaries use different TSIG
signatures for transferring each copy, and have the "match-clients" use
the TSIG key to figure out which
ecursive query includes the AD flag (but
not the AA flag).
It could actually work without the static-stub zone, but I prefer to
keep this to stop the /resolver/ view from sending the queries to a
different (authoritative) server.
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-u
wever the obvious drawback of this approach would seem to be that the
resolver will only check one of the parent NSs for the DS record,
whereas if you explicitly specify all the NSs in parental-agents, then
they all get checked?
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-use
16
aren't the same, what is the actual problem you are trying to solve?
i.e. Why does it matter if the A record is or isn't returned in a
/non-recursive/ query for "spectrum.cern.ch"?
Nick.
On 28/10/22 01:28, Veronique Lefebure wrote:
Well,
So here a bit more details.
Sorry,
file "db.drop.ip.dtq";
primaries { deteque-primary; };
notify explicit;
also-notify { nick-secondary-deteque; };
allow-transfer { nick-nameservers-private; };
allow-query { nick-nameservers-private; loopback-net
validation doesn't occur. i.e. The behaviour
you described above is how it is supposed to work.
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at http
nd if so try turning that function
off to see if the problem goes away?Nick.
Original message From: salma smaoui
Date: 22/09/22 11:18 PM (GMT+12:00) To: bind-users@lists.isc.org Subject:
Dnssec issues
Hello All,
We are facing some resolution problems on a CENTOS resolver t
DNSSEC=yes
DNSStubListener=no
After editing the configuration run "sudo systemctl restart
systemd-resolved".
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
x27;ve got that wrong?
Thanks,
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-user
On 16/05/22 21:34, Matthijs Mekking wrote:
Hi Nik,
On 16-05-2022 07:49, Nick Tait via bind-users wrote:
Hi there.
Ever since I updated my BIND configuration to use the new
dnssec-policy feature (a year or so ago) my KSK/CSK rollovers have
been a complete shambles. My problems stem from the
y configuration management by
means of a single set of data which can be deployed to all
authoritative servers - I don't think the RPZ solution proposed by
Nick achieves that.
That being said, can RPZ-CLIENT-IP be a subnet? I don't think it can.
Hi Angus.
Thanks for clarifying. Based on
his: Is it expected that the DSState won't change
until 26 hours after the "rndc dnssec -checkds published" command is
run? And if so why does it take so long?
Thanks,
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC fund
On 13/05/22 09:02, Grant Taylor via bind-users wrote:
On 5/12/22 2:41 PM, Nick Tait via bind-users wrote:
This sounds like exactly the sort of use case for Response Policy Zones:
How are you going to have RPZ return different addresses for different
clients? Are you suggesting use different
sounds like exactly the sort of use case for Response Policy Zones:
https://bind9.readthedocs.io/en/v9_18_2/reference.html#response-policy-zone-rpz-rewriting
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software
suggested that you add that address to your zone file?
My suggestion was to simply update the SOA serial number.
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Cont
;ve done that, run "sudo rndc reload" on your the primary DNS
server for the zone (or alternatively restart BIND), and see if that
makes a difference?
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this sof
oid statements like "no matter what" because it
makes an assumption that everyone has the same goal.
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at http
On 1/05/2022 9:13 pm, Reindl Harald wrote:
Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users:
I'm not 100% sure, but I wonder if disabling systemd-resolved may
create issues if, for example, you are using netplan with
systemd-networkd as the renderer? E.g. Will it still be possib
an anybody please give an example to explain what
this is trying to say?
Thanks,
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/cont
quot;resolvectl status" to see current settings.
Thanks,
Nick.
On 23/04/22 03:50, Ondřej Surý wrote:
I think you also might want to mask the service:
https://fedoramagazine.org/systemd-masking-units/
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be differen
lots of things failing in recent times, even with CentOS, mostly because of
openssl min version changes, and most recently even latest releases wont
build now because of a change in min python versions *sigh*, i'm just going
to leave it as is, thats all we can do.
On Fri, Apr 26, 2019 at 5:05 AM
On Tue, Oct 25, 2016 at 7:14 AM, Reindl Harald
wrote:
>
>
>
> this is a public mailing list - so what!
>
> when someone don't yet get the connection between nameservers, webserver
> and ip-addresses he is not ready to connect public servers and that's
> completly independent of the fact you ra el
On Tue, Oct 25, 2016 at 7:11 AM, Reindl Harald
wrote:
>
> i don't understand your question
>>
>>
>> Since you have NOTHING to do with ISC or even remotely with bind, if you
>> dont understand , LEAVE IT TO SOMEONE WHO DOES
>>
>
> and YOU have something to do with ISC?
> i doubt!
>
> since i m
On Tue, Oct 25, 2016 at 12:42 AM, Reindl Harald
wrote:
>
>
>
>>
> don't get me wrong but that question shows that you are not ready to run a
> public dns server - there is no "local" or
>
when you make statements like that to be sure you include the fact you have
NOTHING to do with ISC or bind.
On Tue, Oct 25, 2016 at 12:11 AM, Reindl Harald
wrote:
> identical like the first one
>
> Which IP should be use?
>>
>
> i don't understand your question
>
>
Since you have NOTHING to do with ISC or even remotely with bind, if you
dont understand , LEAVE IT TO SOMEONE WHO DOES
but you just cant
1 - 100 of 122 matches
Mail list logo
