Michael,
thank You very much for this message! it came at the right time
and it is truly inspiring! I missed that.
On Fri, Mar 28, 2025 at 01:59:02AM +0100, Michael De Roover wrote:
! > So, while I am not strictly against regulation, the bottomline question
! > appears to be: how do we manage
On Sun, Feb 02, 2025 at 02:45:08PM -0500, Paul Kosinski via bind-users wrote:
! On Sat, 1 Feb 2025 14:47:35 +
! Marc wrote:
!
! "You have to get the bigger picture. Everything requires regulation otherwise
big tech is going to fuck you. There are enough examples out there."
!
! The even big
Thanks a lot, folks!
The problem is solved - I put a "checksum" module between the
firewall and the "nat" module (I have netgraph[1] modules), and that
works now as expected.
Apparently, when NAT-rewriting the address of a /locally created/
packet, at the time of rewriting the checksum has not
On Mon, Feb 24, 2025 at 10:01:49PM +0100, Peter 'PMc' Much wrote:
! Packets do arrive, but are ignored.
! The local firewall is switched to pass-thru.
!
! I don't know what else could selectively swallow packets without
! notice.
Okay, I figured it out.
tcpdump was friendly enou
Hi,
I started to get these messages, when some secondary tries to fetch
a zonefile from a primary. So I looked into it -
The primary is running:
# ps ax | grep named
13667 - IsJ 0:00.39 /usr/local/sbin/named -n 1 -u bind -c
/usr/local/etc/namedb/named.conf
It has ports configured:
On Tue, Feb 18, 2025 at 07:20:26PM -0500, Michael Richardson wrote:
! There is also https://www.rfc-editor.org/info/rfc9632.
!
! This document specifies how to augment the Routing Policy Specification
! Language (RPSL) inetnum: class to refer specifically to geofeed
! comma-separated values
On Tue, Feb 18, 2025 at 09:48:02PM +, Andrew Pavlin wrote:
! Think about it. Who _has_ to know your physical/geographical address
and its associated Internet address block to provide you with Internet
service? Your ISP!
Question: is an ISP legally oblidged to divulge their customer's
locations
On Tue, Feb 18, 2025 at 08:48:15PM +0100, Michael De Roover wrote:
! Hi all,
!
! > It may be inside DNS, or it may be elsewhere, I do not know. There
! > is a DNS "LOC" record, but that doesn't seem to be used anymore. It
! > seems to be something else. But what, and where?
! I find it a shame tha
On Tue, Feb 18, 2025 at 09:51:51PM +0100, Michael De Roover wrote:
! On Tuesday, February 18, 2025 9:38:58 PM CET Peter 'PMc' Much wrote:
! > Then they make a business of selling my own information back to me -
! > and I would like to know how they do that.
!
! Hehe.. about that.
On Tue, Feb 18, 2025 at 08:04:28PM +0100, Marco Moock wrote:
! Am 18.02.2025 um 18:50:31 Uhr schrieb Peter 'PMc' Much:
!
! > Consideration:
! >Since every /64 in IPv6 carries it's own distinct geolocation info,
! >there must be somewhere a database
Consideration:
Since every /64 in IPv6 carries it's own distinct geolocation info,
there must be somewhere a database of -quick average- 2^64 =
18446744073709551616 records.
I'm currently trying to figure out where that database is located.
It may be inside DNS, or it may be elsewhere, I
On Wed, Jan 29, 2025 at 03:43:23PM +, Marcus Kool wrote:
! I participated in the survey and think it is good to also have a
! public discussion.
I tried to, but got the impression that the target audience is
rather commercial providers of infrastructure services, like
domain registrars and dns
On Tue, Jan 14, 2025 at 10:47:35PM +0100, Emmanuel Fusté wrote:
! localhost is defined as a (local) hostname of the loopback interface, not a
! domain name.
Where would that be defined? Because, what You state is a
contradiction in itself: a hostname is a designation of the metal
(or virtual, now
On Thu, Dec 26, 2024 at 04:53:51AM -0500, Darren Ankney wrote:
! Hi,
!
! It seems to me that the HTTPS/SVCB records describe where and how a
! service is available (could be several IPv4 and IPv6 addresses as well
! as several ports). It does nothing to select how a client might
! connect to the
Folks,
recent messages here mentioned some HTTPS and SVCB RRs.
This is completely news to me, so I gave it some read.
Then I found that these new tools are supposed to provide (IPv4 and
IPv6) addresses, which seems to me as rather strange from a
logical viewpoint.
Normally, the addresses to be
maintained manually
(I didn't find anybody listening to CDNSKEY yet) and I have
two KSK for high-availability, and the third is currently introduced
or retiring (the rollover scheme works for RFC 5011 also).
cheerio,
PMc
!
! > On 29 Nov 2024, at 13:54, Peter 'PMc' Much
Hi,
I just noticed my dns-signer recently started to create some
invalid signings - the two red arrows in here:
https://dnsviz.net/d/daemon.contact/Z0ka0A/dnssec/
There is a history, one can go back and see these weren't present
in March '24 and earlier.
The problem is, I didn't change an
Hi Blason,
Your configuration looks correct, though BIND will try to resolve the
"wg.custom.block"
through your forwarders.
What reply do you get from:
dig @172.1.254.243 custom.block soa
/Peter
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
On Mon, Oct 14, 2024 at 06:10:20AM -0700, Steve Rikli wrote:
! On Mon, Oct 14, 2024 at 07:19:06AM +0200, Peter wrote:
! > On Sun, Oct 13, 2024 at 10:55:52PM +0100, Niall O'Reilly wrote:
! > ! FYI only. I've submitted a [bug report][] to the FreeBSD Bugzilla.
! >
! > ! Afte
On Mon, Oct 14, 2024 at 11:26:58AM +0100, Niall O'Reilly wrote:
! On 14 Oct 2024, at 6:19, Peter wrote:
!
! > I cannot reproduce:
!
! Thanks. I've been made aware, off list, of people who can.
Interesting.
I for my part do normally not link dig against protobuf at all:
$ pkg in
On Sun, Oct 13, 2024 at 10:55:52PM +0100, Niall O'Reilly wrote:
! FYI only. I've submitted a [bug report][] to the FreeBSD Bugzilla.
! After upgrading to 1.4.1_6, I see:
!
! ```
! grab(maint)$ uname -a
! FreeBSD grab.no8.be 14.1-RELEASE-p5 FreeBSD 14.1-RELEASE-p5 GENERIC amd64
! grab(maint)$ pkg
me".
The default setting is "serial-update-method increment;"
For more details, see:
https://bind9.readthedocs.io/en/v9.18.30/reference.html#namedconf-statement-serial-update-method
/Peter
From: "Burn Zero"
To: "bind-users"
Sent: Thursday, 26 September
e" default setting is 100.
https://downloads.isc.org/isc/bind9/9.18.30/doc/arm/html/reference.html#namedconf-statement-max-records-per-type
The "max-types-per-name" default setting is 100.
https://downloads.isc.org/isc/bind9/9.18.30/doc/arm/html/reference.html#namedconf-statement-max-t
On Fri, Sep 06, 2024 at 09:12:51PM +0200, Ondřej Surý wrote:
! Now the question remains - why? I don’t really see a reason for this
! behavior from where I tested it, so what is the traffic between your
! recursor and the Internet during the time this happens?
Well, I can see why - but I don't kno
On Fri, Sep 06, 2024 at 08:05:18PM +0200, Ondřej Surý wrote:
! Try using running `named -d 9 (plus other existing args)` to see why there
are 31+ queries. There must be something wonky going on.
!
Alright. "-d 9" does nothing.
Changing the named.conf does something:
channel named_log {
On Fri, Sep 06, 2024 at 12:55:20PM -0400, Bob Harold wrote:
! Recently (2024/9/21) I ran into an issue that might be similar. Due to
! DDoS attacks that use complicated lookups to make DNS servers do extra
! work, to slow them down, some recent DNS server software has tightened the
! amount of 'wo
This one was accidentially not sent to the list, sorry!
On Thu, Sep 05, 2024 at 08:04:37PM +0200, Ondřej Surý wrote:
! I’m on my phone, so this is a long shot, but you can try disabling the qname
minimization.
Thank You for the suggestion, I can try this occasionally. Rather
I'd prefer to figure
On Thu, Sep 05, 2024 at 07:05:29PM +0200, Ondřej Surý wrote:
! It’s impossible to answer your question as you haven’t provided
! absolutely no information about your problem. Perhaps if you provide
! detailed information about nature of the problem, your DNS
! configuration, and your network config
I have complaints about network malfunction. From the logs I can see
that a device which always regained network access within ~40 seconds,
now takes 1-2 hours to recover, and this happening almost daily.
There is a possible alignment between the start of the malfunction
and an upgrade from 9.16 t
a significant effort to do what we are doing and
happy to contribute but just to note we have no objections to how ISC
is doing it and appreciate that these are being produced. I use them
anytime my custom ones are not available.
Peter
>
> Alpine is popular for small images, but is it good
For what it's worth this is how we build our dockers, with a builder
and then the runner. IMO it's cleaner that way and not much more
complicated. We'll continue to roll our own though so no real dog in
this fight.
Peter
On Tue, Aug 27, 2024 at 1:28 PM Ondřej Surý wrote:
>
The DS for the new key is only rumored. I believe you want a `rndc
dnssec -checkds -key 48266 published` and maybe another to withdraw
the 50277 key.
Peter
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with
On Tue, Jun 25, 2024 at 04:41:54PM +0200, Stephane Bortzmeyer wrote:
! On Tue, Jun 25, 2024 at 04:22:40PM +0200,
! Peter wrote
! a message of 16 lines which said:
!
! > Jun 25 16:18:31 conr named[4725]: lame-servers:
! >info: success resolving 'bar.foo.isc.org/A'
On Tue, Jun 25, 2024 at 07:00:51AM +1000, Mark Andrews wrote:
! It’s just a false positive when the result is NXDOMAIN. Because
> people forget to put delegating NS records in parent zones when both
> are served by the same server the lookups continue on NXDOMAIN. There
> is an issue to address thi
On Fri, Jun 21, 2024 at 04:58:55PM +0200, Stephane Bortzmeyer wrote:
! On Fri, Jun 21, 2024 at 07:03:14AM +,
! 65;6800;1c Michael Batchelder wrote
! a message of 59 lines which said:
!
! > You'll need to fix these zones so that the response is NOERROR rather than
NXDOMAIN.
!
! Yes and, if
, different view), and>
! > that one basically says, this is bogus.
! >
! > Case 3:
! > ---
! > Jun 19 18:28:48 conr named[24481]: lame-servers:
! >info: success resolving
! >
'1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.1.0.0.3.2.f.1.0.7.4.0.1.0.0
On Wed, Jun 19, 2024 at 10:33:41PM +0200, Stephane Bortzmeyer wrote:
! On Wed, Jun 19, 2024 at 10:15:48PM +0200,
! Peter wrote
! a message of 32 lines which said:
!
! > today I happened to look into a named.log, and found it full of
! > qname minimization messages.
!
! Which message?
rvers" happen do be
some of my own? What do I do then?
Because I've seen through the proceedings, and I do not yet see
the error.
cheerio,
Peter
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software wi
On Wed, May 29, 2024 at 12:20:09PM +0200, Matus UHLAR - fantomas wrote:
! > On Tue, May 28, 2024 at 09:09:20PM +0200, Marco Moock wrote:
! > > rinetd manages 2 separate connections and should work with PMTUD.
!
! On 28.05.24 22:17, Peter wrote:
! > I'm wondering how it would. Th
On Tue, May 28, 2024 at 09:09:20PM +0200, Marco Moock wrote:
> Am 28.05.2024 um 18:48:38 Uhr schrieb Peter:
>
> > On Tue, May 28, 2024 at 12:25:03PM +0200, Marco Moock wrote:
>
> > > > Now we add an IPv6 address for 'myhost'. But portforwarding
> >
On Tue, May 28, 2024 at 12:25:03PM +0200, Marco Moock wrote:
! Am 28.05.2024 um 12:00:09 Uhr schrieb Peter:
!
! > if I understand corrently, the use of CNAME is just a convenience
! > and no technical feature, right?
!
! It is technical because the query is redirected to the domain lis
Hello,
if I understand corrently, the use of CNAME is just a convenience
and no technical feature, right?
In lots of examples on the net, a zonefile for a domain might contain
things similar to this:
@ORIGIN example.com.
..
myhost A1.2.3.4
www CNA
ther DNS and setup views there, but that doesnt work either as all
requests now come from IP of the DC and so the ACLs wont match.
Any ideas how I can accomplish this?
Peter
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of t
On Sun, May 05, 2024 at 06:15:13PM +0200, Luca vom Bruch via bind-users wrote:
! Hello,
!
! I use bind (stock from alma 9.3) as a nameserver for a webhosting server
! with webmin/virtualmin.
!
! If I install BIND via copr (RHEL9 and derivatives only offer 9.16 instead of
! 9.18 - I want to experi
};
zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; };
zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; };
include "/var/lib/samba/bind-dns/named.conf";
};
view vpn {
match-clients { vpn; };
On Mon, Mar 04, 2024 at 03:43:48PM +0100, Ondřej Surý wrote:
! > On 4. 3. 2024, at 14:55, Peter wrote:
! >
! > I don't find it really surprizing that XFR would contain "multiple
! > RRSIG entries".
!
! Unfortunately, this is obviously surprising to the vendor of the s
Hi folks,
a few days ago I apparently lost the beneficence of my zone feeds,
and XFR started to get into timeout.
Looking at the usual culprits I then found this:
DNS Response containing multiple DNSSEC RRSIG Entries (Algorithm
14) - Possible CVE-2023-50387 Activity
[Classification: De
7200 3600
604800 86400
Nameserver 2001:67c:1bd4:8080::10:
jiscd.sk has SOA record ns1.gov.sk. gov.sk. 2024022800 7200 3600
604800 86400
Nameserver 195.49.191.162:
jiscd.sk has SOA record ns1.gov.sk. gov.sk. 2024022800 7200 3600
604800 86400
Kind Regards Peter
On 29/02/2024 15.20
On Mon, Nov 20, 2023 at 03:30:13PM +1300, Nick Tait via bind-users wrote:
! On 20/11/2023 1:00 pm, Peter wrote:
! > It's tricky. One problem is these are slave zones, they are
! > authoritative and do not work well with DNSSEC.
!
! I'm curious... What issues did you have with
ke this.
!
! I'm wondering whether there's a more elegant way. Like "secondary-hint" zones.
! Have I overlooked something?
Maybe. As You can see, it can be done, but it's a bit weird -
I got the fancy that I want to have all six-way in one running image. ;)
(Originally I just
Hello DNS enthusiasts and other developers,
After four earlier successful and packed DNS devrooms, we are happy to
announce a half-day DNS devroom at FOSDEM 2024.
As with the previous events, we hope to host talks anywhere from
hardcore protocol stuff, to practical sessions for programmers that a
Hi Richard,
FYI: The BIND 9.19.12 Release Notes contain the following:
Removed Features
...
Zone type delegation-only, and the delegation-only and root-delegation-only
statements,
have been removed. Using them is a configuration error.
...
Kind Regards Peter
Hi,
In July last year I asked about a problem with an IP telephone
mis-handling the DNS responses (and got the clear answer that the
telephone is to blame).
I quote my original message here:
On Wed, Jul 13, 2022 at 01:06:13PM +0200, Peter wrote:
! My Telco has removed the A record for their
` on Linux) that goes to
your local system.
0.0.0.0 is not the right DNS response here, or almost anywhere. NXDOMAIN
likely fits better.
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
t
I had the named process fail this past weekend on two secondaries running BIND
9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13. It seems that logrotate.d is calling
the following script at the time of the failure.
/var/named/data/named.run {
missingok
su named named
create 0644 named named
On Wed, Mar 15, 2023 at 09:34:40PM +, MAYER Hans wrote:
!
!
! Dear All,
!
! dnstab is a great feature to analyse the details what’s going on. But I think
there is room for improvement.
!
! I write the data to a file and once a day I do a log rotate.
! With "dnstab-read FILE | grep IP“ I ge
On Tue, Jan 17, 2023 at 05:28:57PM -0600, E R wrote:
! I am planning on implementing the current version of BIND to replace the
! aging, undocumented authoritative servers I inherited. I want to hide the
! primary server on our internal network and have two secondary servers be
! publicly availabl
On Thu, Dec 29, 2022 at 03:43:35PM -0500, Timothe Litt wrote:
! So much like DNSSEC itself, the technology is there, but the will to use it
! everywhere it's needed is not.
Timothy, thank You for the update. I agree to Your viewpoints, and we
have seen mostly the same with IPv6. Apparently it nee
On Thu, Dec 29, 2022 at 09:17:26AM -0500, Timothe Litt wrote:
! (Manual processes
! are error-prone. That getting registrars to adopt CDS/CDNSKEY - RFC7344 -
! has been so slow is unfortunate.)
Seconded. Do You have information about this moving at all? Because to
me it looks very much like dead
Is there any good source of documentation on containerizing an authoritative
BIND instance in a Kubernetes cluster?
The main part I’m trying to grasp is how to dynamically horizontally scale the
cluster and keep the BIND notify process working between the containers.
Thanks,
Peter
--
Visit
from the EOL BIND 9.11
branch to the BIND 9.16 branch read the following document:
https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-911-to-916
--
Peter Davies
ISC Support
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the
On Tue, Sep 13, 2022 at 12:24:15PM +0200, Petr Špaček wrote:
! On 12. 09. 22 15:49, Peter wrote:
! > On Mon, Sep 12, 2022 at 03:01:38PM +0200, Petr Špaček wrote:
! > ! My testing did not uncover anything problematic.
! > !
! > ! Versions:
! > ! fstrm 0.6.1-1
! > ! protobuf 21.5-
On Mon, Sep 12, 2022 at 03:01:38PM +0200, Petr Špaček wrote:
! My testing did not uncover anything problematic.
!
! Versions:
! fstrm 0.6.1-1
! protobuf 21.5-1
! protobuf-c 1.4.1-1
!
!
! A procedure which works:
! - start BIND configured with
! options {
! dnstap { all; };
! dnstap-o
On Mon, Sep 12, 2022 at 12:27:25PM +0200, Borja Marcos wrote:
! I am not sure this is intended behavior, or maybe I should file a bug.
!
! I am doing some tests with dnstap and bind (9.18.6 now but I see the same
behavior with older 9.18 versions). I am using
! dnstap-go.
!
! I have configured
I don’t mean to hijack the thread, but I think this is related. I also use the
BIND python modules. In particular, I'm using it to update my catalog zones as
described here: https://kb.isc.org/docs/aa-01401
This document has several references to BIND 9.18 without any mention of the
BIND python
I see a two-fold issue with DNSSEC:
1. The wide-spread tutorials seem to explain a key rollover as an
exceptional activity, a *change* that is infrequently done. And
changes, specifically the infrequent ones, bring along the
possibility of failure, mostly due to human error.
I don't s
On Wed, Aug 03, 2022 at 04:49:35PM +1000, Mark Andrews wrote:
! Additionally authoritative servers for a zone are supposed to answer queries
with RD=1 set with RA=0 if the client is not being offered recursion. REFUSED
is the wrong answer of the query name involves zones you serve. Only if you a
On Tue, Aug 02, 2022 at 02:04:22PM -0400, Timothe Litt wrote:
! On 02-Aug-22 13:18, Peter wrote:
! > On Tue, Aug 02, 2022 at 11:54:02AM -0400, Timothe Litt wr
On Tue, Aug 02, 2022 at 11:16:15PM +0200, Michael De Roover wrote:
! For my servers I'm using iptables rules to achieve ratelimiting. They
! look as follows:
! -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -m recent --
! update --seconds 600 --hitcount 4 --name DEFAULT --mask 255.255.255.2
On Tue, Aug 02, 2022 at 11:54:02AM -0400, Timothe Litt wrote:
!
! On 02-Aug-22 11:09, bind-users-requ...@lists.isc.org wrote:
!
! > | Before your authoritative view, define a recursive view with the internal
! > ! zones defined as static-stub, match-recursive-only "yes", and a
! > ! server-addre
On Tue, Aug 02, 2022 at 05:51:28AM -0400, Timothe Litt wrote:
! You can get the AD flag set, with a bit of extra work. I've done this for
! years.
Thanks for Your message, Timothe.
After investigating the matter, I had figured out a similar approach -
but didn't know if this is a recommended or
problem continues.
Thanks so much for your help!
From: Greg Choules
Date: Monday, August 1, 2022 at 6:21 PM
To: White, Peter
Cc: bind-users@lists.isc.org
Subject: Re: Bind 9.11/RHEL7 Server Freezes FUTEX_WAKE_PRIVATE
CAUTION: This email originated from outside of Penguin Random House. Please be
I’m running BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 (Extended Support
Version) on RHEL 7 in a chroot jail.
As of late, at times running some rndc commands are causing my server to lock
up. It’s usually an “rndc addzone” that triggers the issue. I’ll also mention
that I have recently started
again. (Obviousely there can be many other reasons for a
temporary outage.)
The plan is now to put this on hold until it appears at annoying daytimes
again, and ideally obtain a kind of VoIP-proxy or PBX to put in between.
-- PMc
! > On 13. 7. 2022, at 13:18, Peter wrote:
! >
! >
! > My Telc
On Wed, Jul 13, 2022 at 09:22:17PM +1000, Mark Andrews wrote:
! The client is supposed to lookup missing address records.
Now that's clear and short. Thank You very much, Mark!
! Complain to the supplier of the phone that they have a defective product.
I still have to see a linux plastic box wit
My Telco has removed the A record for their VoIP server, and now has
only SRV data there - which seems not to work properly.
The SRV data contains various services (SIP via UDP, TCP, secure
TCP, whatever), and these get individual expiry counters in the
caching resolver.
So when a telephone send
Hi @all,
the reference manual says something about scoped ipv6 addresses,
so I might assume they are understood and useable. But maybe either
I did misunderstand something, or something is wrong here:
My configuration:
listen-on-v6 port 53{ fe80::2%lo0;
On Thu, Jun 02, 2022 at 08:23:27AM +1000, Mark Andrews wrote:
! Thanks.
!
! INDENT is being addressed.
!
! Can you add an issue on https://gitlab.isc.org/ for the view name in dnstap?
Bad luck for me, my login does actually work there - so I probably
have to... ;)
Done, it says #3391.
-- PMc
Hi,
this is broken in 916 (and apparently 918 also).
Consequentially, output from dnstap gets unreadable (invalid YAML)
when using dynamic zone updates.
PATCH
--- lib/dns/message.c.orig 2022-05-10 11:02:21.0 +0200
+++ lib/dns/message.c 2022-
he traffic is and getting
a better idea of who is responsible for generating it and why.
In my opinion, in the absence of knowing what the problem is,
experimenting with stuff like rate limiting or blocking is unlikely
to solve the problem.
Regards,
Peter Coghlan.
--
Visit https://lists.isc.org/mail
here in dealing with the subject
of malicious, bogus queries etc.
Regards,
Peter Coghlan.
>
> --
>
> Hal King - h...@utk.edu
> Systems Administrator
> Office of Information Technology
> Shared Services
>
> The University of Tennessee
> 103c5 Kingston Pike Buildin
For those of you that may not be on the -announce list, I
would like to make you aware of the following:
https://lists.isc.org/pipermail/bind-announce/2022-January/001205.html
--
Peter Davies
Support Engineer
Internet Systems Corporation
pet...@isc.org
001 650-423-1460
On Sun, Nov 21, 2021 at 06:51:13PM +0100, Sten Carlsen wrote:
! As far as I am aware - and what I have always done - the normal
| thing to do is to use a hints file. Lately the hints are built-in,
| so nothing is really needed.
Ah. Well, I have here a named.conf.sample file that comes with the
dis
Hija,
I finally found the cause of the error! As soon as I stop slaving
the root-zones and instead use the (configured or compiled-in)
hint-file, the error stops.
The actual error-condition (zone is not loaded) then becomes
obvious, because this RFC-5011 action happens very early, before
any
On Mon, Nov 15, 2021 at 09:14:19AM +0100, Ondřej Surý wrote:
! > On 15. 11. 2021, at 3:41, Peter wrote:
! >
! >
Hi all,
I continuousely happen to see this message:
> local0.warn named[2291]:
> dnssec: warning: managed-keys-zone: Failed to create fetch for DNSKEY update
I see it on different nameservers, at different sites, with and
without views, with and without IPv6, and I see it every time when
named
tps://lists.dns-oarc.net/pipermail/dns-operations/2021-September/021362.html
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC fu
ld be
interested to know what the experts think bind might have made of this
traffic had it not been filtered out. I have included some of the more
usual probes before and after the more interesting traffic for context.
Regards,
Peter Coghlan.
09:50:12.36 207.244.251.243.41020 > 192.168.80.24.53:
Hi,
my servers fail to query the upstream servers with these errors:
rate-limit: debug 99: rrl=0x0, HAVECOOKIE=0, result=DNS_R_SERVFAIL,
fname=0x8027a5450(0), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0),
RRL_CHECKED=0
The operator of the upstream servers says it is due to a configuration
mis
On Fri, Aug 06, 2021 at 07:22:32AM +0200, sth...@nethelp.no wrote:
! > ! I tried to use this recommendation, https://kb.isc.org/docs/aa-00206,
! > ! marking all IPv6 addrs as bogus, but it does not make a difference in
! > ! behaviour.
! >
! > Update: Actually there is a difference if this recomme
On Thu, Aug 05, 2021 at 11:53:35PM +0200, Peter wrote:
! I tried to use this recommendation, https://kb.isc.org/docs/aa-00206,
! marking all IPv6 addrs as bogus, but it does not make a difference in
! behaviour.
Update: Actually there is a difference if this recommended
configuration is present
Hi all,
first off: I do not have IPv6 physical connectivity yet, but I would
like to run a nameserver nevertheless.
Sadly, it seems that without IPv6 connectivity, half of the queries
fail, in a random fashion.
There is no clue in the logfile about any reason for this behaviour,
only so much
update on how to get bind to run with parameters for windows
make folder in C:\ named
make file called named.bat
in the bat file add:
sc start named -n 7
in services > ISC BIND recovery tab
first failure select run a program
check enable actions for stops with errors
in run program browse
reproducer is helpful.
Can you try if adding `-n 8` vs `-n 7` have the same effect?
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do
not feel obligated to reply outside your normal working hours.
On 23. 7. 2021, at 20:31, Peter via bind-users
Well I reported it and we see what happens my main bind is not in a
virtual machine I guess I cound disbale Hyper-Threading as a workaround...
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds th
So after ALL that it was down to the number of cores/threads, anything
more then 7 cores/threads and 9.16.19 WILL NOT RUN tested in avirtual PC.
Man what A BUG
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from thi
I have come to the conclusion that I am being punished!
I have moved heaven and earth to get 9.16.19 to work and only seem to
work on another old system Core™2 Duo that I installed win 7 activated
it then upgrade to win10 only that system work with 9.16.19 on another
system I remove NICs unins
I have three PC's tested that all work fine on 9.16.15 or 9.17.12 with
my Intel VLANs but 9.16.19 simply will not start.
Is this a new limitation for BIND on windows now? or a change that
causes it not to run if it detects VLANs with the intel APP?
Seems fine now they must of fixed the testing.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.o
Well for the time being I give up I think something like this happen
before many years ago, I'm sure someone will post having this iusse.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the d
1 - 100 of 311 matches
Mail list logo