Re: Unable to start Bind on a fresh RHEL 8.6 system with enforcing SELinux

Am 10.06.22 um 17:07 schrieb Sandro: On 10-06-2022 16:02, Reindl Harald wrote: come on! the OP clearly stated the only problem is the "PIDFile" line in the systemd-unit and so what named writes or not is completly irrelevant "PIDFile" for systemd has nothing to do with

Re: Unable to start Bind on a fresh RHEL 8.6 system with enforcing SELinux

Am 10.06.22 um 15:56 schrieb Sandro: On 10-06-2022 15:27, Reindl Harald wrote: Am 10.06.22 um 15:22 schrieb Sandro: On 10-06-2022 12:53, Reindl Harald wrote: if it would be useful my "ExecReload=/usr/bin/kill -HUP $MAINPID" won't work for nearly 10 years without "PIDF

Re: Unable to start Bind on a fresh RHEL 8.6 system with enforcing SELinux

Am 10.06.22 um 15:22 schrieb Sandro: On 10-06-2022 12:53, Reindl Harald wrote: if it would be useful my "ExecReload=/usr/bin/kill -HUP $MAINPID" won't work for nearly 10 years without "PIDFile" (no i won't use and configure rndc - keep it simple) That's

Re: Unable to start Bind on a fresh RHEL 8.6 system with enforcing SELinux

RestrictSUIDSGID=yes *From:* bind-users on behalf of Reindl Harald *Sent:* Friday, 10 June 2022 12.53 *To:* bind-users@lists.isc.org *Subject:* Re: Unable to start Bind on a fresh RHEL 8.6 system with enforcing SELinux

Re: Unable to start Bind on a fresh RHEL 8.6 system with enforcing SELinux

Am 10.06.22 um 10:52 schrieb Søren Andersen: I've installed a fresh BIND on a RHEL 8.6 system with enforcing SElinux, and when I try to start BIND with the provided systemd unit file it just waits and timeout, and also logs these errors in /var/log/message Jun 10 10:09:25 systemd[1]: isc-bin

Re: Problem resolving a domain

Am 13.05.22 um 15:16 schrieb Rainer Duffner: Thanks for the hints! It does indeed work with these settings. The problem is also that google and quad9 and most of the rest of the internet seem to be able to resolve it the real problem is that they are working around it - if not the stupid

Re: Hell breaks loose in the afternoon with format error from X.X.X.X#53 resolving ./NS: non-improving referral

Am 06.05.22 um 12:24 schrieb Ted Mittelstaedt: On 5/6/2022 12:45 AM, Reindl Harald wrote: in the past our CISCO ISP router with "DNS ALG" even rewrote zone transfers and invented a zero TTL for each and every CNAME it saw Probably doing that to retaliate for dynamic DNS

Re: Hell breaks loose in the afternoon with format error from X.X.X.X#53 resolving ./NS: non-improving referral

Am 06.05.22 um 08:19 schrieb Bjørn Mork: Mark Andrews writes: It’s a long known issue with so called “Transparent” DNS proxies/accelerators/firewalls. Iterative resolvers expect to talk to authoritative servers. They ask questions differently to the way they do when they talk to a recursiv

Re: Bind9 Server conflicts with docker0 interface

Am 05.05.22 um 16:05 schrieb Maurà cio Penteado via bind-users: What is the current behavior? Nslookup from a DNS Client workstation  should not get docker0 ip addrees of the Bind9 Server PC. |nslookup ns1.example.lan Server: UnKnown Address: fe80::f21f:afff:fe5d:be90 Name: ns1.exampl

Re: Bind and systemd-resolved

Am 01.05.22 um 23:54 schrieb Nick Tait via bind-users: On 1/05/2022 9:13 pm, Reindl Harald wrote: Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users: I'm not 100% sure, but I wonder if disabling systemd-resolved may create issues if, for example, you are using netplan with sy

Re: Bind and systemd-resolved

Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users: I'm not 100% sure, but I wonder if disabling systemd-resolved may create issues if, for example, you are using netplan with systemd-networkd as the renderer? E.g. Will it still be possible to pick up DNS servers from IPv6 router advertis

Re: Bind and systemd-resolved

Am 18.04.22 um 07:26 schrieb Leroy Tennison via bind-users: When I attempt “dig -t AXFR office.example.com -k Kexample_dns.+157+18424.key” on the DNS server (Bind 9.11) sudoed to root I get: ;; Couldn't verify signature: expected a TSIG or SIG(0) ; Transfer failed. This is an Ubuntu 18.04 s

Re: Periodic SERVFAIL for TLD .BY

Am 02.04.22 um 20:30 schrieb Dzmitry Shykuts: I have read every post and am very grateful to everyone who took part in the discussion. It's good when the server is configured correctly, but here you have to use crutches for the whole .BY zone. This has never happened in my 20 years of expe

Re: Periodic SERVFAIL for TLD .BY

Am 02.04.22 um 19:47 schrieb Dzmitry Shykuts: I have some questions about this situation. What causes this "address fetching loop"? Maybe it's a bug/future in the BIND software? Misconfigured .BY zone and its servers? Problem with root servers or TLD? Why does my server have this problem, but

Re: Chroot Bind failed to start

unattended in the middle of the night (besides a weekly restart without any reason is questionable as you see it's only asking for trouble) -Original Message- From: bind-users On Behalf Of Reindl Harald Sent: Tuesday, March 15, 2022 10:01 AM To: bind-users@lists.isc.org Subject: Re: C

Re: Chroot Bind failed to start

Am 15.03.22 um 14:37 schrieb Paul Amaral via bind-users: Neverminded, I was able to traceback my steps and realize a fat fingered a DNS entry in one of the zones,  added two periods to an authoritative zone’s DNS record, causing bind to fail to start. The concerning issue was there was no err

Re: Chroot Bind failed to start

Am 15.03.22 um 14:08 schrieb Paul Amaral via bind-users: Hi, I realize this is related to Centos, but all the sudden chroot bind failed to start up with any meaningful errors. you need to debug this terrible "ExecStartPre" where the package maintainer was too lazy to include a script file in

Re: Access denied Bind9

Am 08.03.22 um 02:44 schrieb Ritah Mulinde: Hi Guys Just got my primary and secondary name servers  running. However, when i reload rdnc and tail the syslogs all i get is "(.xx.com ): query (cache) '.xx.com/A/IN ' denied" because on a au

Re: Issue Using Wildcards for Subdimain Redirecing

Am 17.02.22 um 18:51 schrieb muha...@plciq.com: I understood that, now, I have another issue. The main domain the is used in the zone ( zone "example.com" ) don't resolve to anything and I want it to be resolved from 8.8.8.8, while the sub-domains still resolve from my DNS as specified in th

Re: Windows 9.16.25 fails to start (1067 Terminated unexpectedly)

Am 17.02.22 um 18:47 schrieb Paul Kosinski via bind-users: On Thu, 17 Feb 2022 15:26:35 +0100 Ondřej Surý wrote: ... This is part of the problem - debugging on Windows is extremely painful and requires expertise with extremely high learning curve. I wonder if difficult debugging is de

Re: Is there a community product maintaining Windows support?

Am 17.02.22 um 17:36 schrieb Jakob Bohm via bind-users: This is truly tragic, and quite counterproductive action by ISC. no, it's just stop wasting time for things not really used in the real production world Messing about with docker virtualization inside an already virtual machine seem

Re: ipv6 adoption

Am 16.02.22 um 14:25 schrieb Mark Tinka: On 2/16/22 14:38, Andrew Baker via bind-users wrote: Firstly, we are running bind 9.11 on Debian 10 hosts. * Is it worth use upgrading to Debian 11 to get the newer version of bind? I don't run Linux, but shouldn't it be possible to just upg

Re: "make test" not working?

Am 02.02.22 um 08:23 schrieb Josef Moellers: On 01.02.22 17:54, Reindl Harald wrote: Am 01.02.22 um 15:28 schrieb Josef Moellers: Just for the record: Thanks, Ondřej, for pushing my nose onto the fact that the test should be run as a non-privileged user. really *nothing* should run as

Re: "make test" not working?

Am 01.02.22 um 15:28 schrieb Josef Moellers: Just for the record: Thanks, Ondřej, for pushing my nose onto the fact that the test should be run as a non-privileged user. really *nothing* should run as root, especially not building software - doing so and even rpmbuild no longer can assure t

Re: your mail

l the time -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Reindl Harald Sent: Saturday, January 15, 2022 9:44 PM To: bind-users@lists.isc.org Subject: Re: your mail Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe

Re: your mail

Am 16.01.22 um 04:39 schrieb John W. Blue via bind-users: /diverging tangent I don't want to diminish any contribution to the good of the cause that anyone is willing to make but ... I am not going to stop top posting. Personally, commentary about top posting is so 1997. Perhaps it is also

Re: what is wrong with DNS name 'covid19booster.healthservice.ie' ? : Google : what is Google's secret DNS service ?

Am 09.01.22 um 12:57 schrieb Jason Vas Dias: Thanks Fred - Though really all I am trying to do is ensure I can access all public DNS names, which my experience shows me I cannot, using my ISP's name-servers. It seems there is a Hidden Google Internet that I cannot access unles

Re: what is wrong with DNS name 'covid19booster.healthservice.ie' ? : Google : what is Google's secret DNS service ?

Am 08.01.22 um 19:26 schrieb Jason Vas Dias: Yes, of course I can just access the website, now I know the IP address . That is not the point. My point is that public service websites, which provide vital public health services , on which people's lives and human rights depend , should NOT be

Re: DNS cache poisoning - am I safe if I limit recursion to trusted local networks?

Am 30.12.21 um 09:07 schrieb Danilo Godec via bind-users: On 29. 12. 21 19:24, tale wrote: On Wed, Dec 29, 2021 at 5:31 AM Danilo Godec via bind-users wrote: I have an authoritative DNS server for a domain, but I was also going to use the same server as a recursive DNS for my internal networ

Re: Nice new logging feature

in 9.16 here and i doubt Fedora has backports for this" On 12/20/21 17:39, Reindl Harald wrote: Am 20.12.21 um 17:32 schrieb Petr Menšík: Hi Borja, In fact there is ancient patch [1] still applied to Fedora builds, which hides some lame servers warnings. It makes some lame servers ca

Re: Nice new logging feature

egory config {default_log;}; category queries {default_log;}; category notify {default_log;}; category database {default_log;}; category rate-limit {rate_limit_log;}; category lame-servers {lame_servers_log;}; category query-errors {query_errors_log;}; }; On 12/16/21 13:15, R

Re: Millions of './ANY/IN' queries denied

Am 16.12.21 um 15:29 schrieb Andrew P.: Reindl Harald writes: Am 16.12.21 um 14:56 schrieb Andrew P.: Reindl Harald writes: Am 16.12.21 um 14:22 schrieb Andrew P.: You don't understand what kind of blacklist I want; I want to blacklist the domain name being asked for, so I don

Re: Millions of './ANY/IN' queries denied

Am 16.12.21 um 14:56 schrieb Andrew P.: Reindl Harald writes: Am 16.12.21 um 14:22 schrieb Andrew P.: You don't understand what kind of blacklist I want; I want to blacklist the domain name being asked for, so I don't answer for it. I'm not looking to blacklist forged

Re: Nice new logging feature

Am 16.12.21 um 14:49 schrieb Borja Marcos: On 16 Dec 2021, at 13:15, Reindl Harald wrote: Am 16.12.21 um 10:02 schrieb Borja Marcos: Hi, I am trying 9.17 at home and I just noticed a very useful new lame-servers log message: 2021-12-16T08:08:20.505Z lame-servers: timed out resolving

Re: Millions of './ANY/IN' queries denied

would help in this case not responding won't help anyways because the request and the processing is done violate the protocol won't gain much, the hammering requests still continue, the load continues and all you do is making DNS a gambling machine On 16. 12. 2021, at 14:28, Reindl

Re: Millions of './ANY/IN' queries denied

rease* the load by retries on the client don't get me wrong but you need to understand the implications of what you are doing - for DOS attacks "Response Rate Limiting" was invented and for non-DOS requests there isn't any valid reason to take action __

Re: Millions of './ANY/IN' queries denied

st of all known ISP resolvers for endusers - game over, you blacklisted the world ________ From: bind-users on behalf of Reindl Harald Sent: Wednesday, December 15, 2021 8:44 AM To: bind-users@lists.isc.org Subject: Re: Millions of './ANY/IN' queri

Re: Nice new logging feature

Am 16.12.21 um 10:02 schrieb Borja Marcos: Hi, I am trying 9.17 at home and I just noticed a very useful new lame-servers log message: 2021-12-16T08:08:20.505Z lame-servers: timed out resolving ’stupiddomain.com/ANY/IN': X.Y.Z.T#53 I haven’t seen this on 9.16. Are there any plans to inclu

Re: Millions of './ANY/IN' queries denied

Am 15.12.21 um 15:01 schrieb John Kristoff: Would I be doing a bad thing by using fail2ban to block these IPs? This might be dangerous. If someone spoofs a well formed UDP query that does what the above does and you block it, what if the spoofed source is something you don't want blocked?

Re: Millions of './ANY/IN' queries denied

Am 15.12.21 um 14:33 schrieb Andrew P.: So why isn't there a way to tell BIND not to respond to queries for which it clearly is not authoritative (such as these attack vectors)? Since no legitimate resolver would be asking a non-authoritative server for information, why should his (or my) pu

Re: host your subdomain on your own ?

Am 13.11.21 um 17:20 schrieb Grant Taylor via bind-users: On 11/13/21 9:07 AM, Reindl Harald wrote: * he needs the delegation because lack of control Maybe I've lost context, but I thought the overall theme of the thread was delegating to a private IP address "Because I mi

Re: host your subdomain on your own ?

Am 13.11.21 um 17:00 schrieb Grant Taylor via bind-users: On 11/13/21 12:59 AM, Reindl Harald wrote: i doubt that any ISP out there would delegate to a private address and when your bind is asked over it's public IP a view won't work ISP's willingness to do something is a

Re: host your subdomain on your own ?

Am 13.11.21 um 08:59 schrieb Reindl Harald: Am 13.11.21 um 08:16 schrieb Erich Eckner: On Sat, 13 Nov 2021, Reindl Harald wrote: i mean when it's private and not www why does the world need to know about the subdomain? Because I might not be able to control nor have input into

Re: host your subdomain on your own ?

Am 13.11.21 um 08:16 schrieb Erich Eckner: On Sat, 13 Nov 2021, Reindl Harald wrote: i mean when it's private and not www why does the world need to know about the subdomain? Because I might not be able to control nor have input into local-private bind(s) and thus... clients/nod

Re: host your subdomain on your own ?

Am 12.11.21 um 18:55 schrieb lejeczek via bind-users: On 12/11/2021 17:14, Reindl Harald wrote: wouldn't it be easier to setup two different subdomains in which case you don't need delegation at all - your local named would hist the internal subdomain and doing recursion for every

Re: host your subdomain on your own ?

Am 12.11.21 um 17:48 schrieb lejeczek via bind-users: Hi guys. I'm looking to setup my subdomin in-house and I'm hoping for some wise advises from experts, it's my first foray into this thus go easy on me please. zone.top - is hosted by a public registrar priv.zone.top - I want to delegat

Re: named service suddenly fails to start

Am 04.11.21 um 21:11 schrieb Grant Taylor via bind-users: On 11/4/21 1:27 PM, Bruce Johnson via bind-users wrote: named-checkconf -z revealed a name had been entered with underscores. The person responsible has been sacked. (not really, merely reminded no underscores are allowed in A records

Re: named service suddenly fails to start

Am 04.11.21 um 20:27 schrieb Bruce Johnson via bind-users: On Nov 4, 2021, at 12:01 PM, Bruce Johnson > wrote: This morning our server started failing to reload or start. checking the status reveals not a lot of info: systemctl status named-chroot ● named

Re: named service suddenly fails to start

Am 04.11.21 um 20:01 schrieb Bruce Johnson via bind-users: This morning our server started failing to reload or start. checking the status reveals not a lot of info: systemctl status named-chroot ● named-chroot.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd

Re: Query on issue#2389 BIND 9.16.10

Am 19.10.21 um 00:46 schrieb raf: On Mon, Oct 18, 2021 at 01:02:07PM +0200, Reindl Harald wrote: Am 18.10.21 um 12:57 schrieb Rajnish Kamboj via bind-users: Upgrading to latest release will fix the issue lesson to learn: report issues after you made sure you are using the latest

Re: Query on issue#2389 BIND 9.16.10

Am 18.10.21 um 12:57 schrieb Rajnish Kamboj via bind-users: Upgrading to latest release will fix the issue lesson to learn: report issues after you made sure you are using the latest version which probably would fix it Can you also help us with scenarios as to why this issue is occurring?

Re: Bind doesn't stop contacting global ROOT DNS servers after commenting(#) the the root hint zone in named.conf

Am 02.08.21 um 17:28 schrieb Ramesh: Hello, I commented the root hint zone section(default) in the named.conf file to stop bind from communicating to the global root DNS servers and it should only use the internal forwarders available in the options{} section. |#zone "." IN { # type hint;

Re: bind-chroot is not re-positioning my forward and reverse tables

Am 28.06.21 um 00:44 schrieb ToddAndMargo via bind-users: On 6/27/21 3:40 PM, ToddAndMargo via bind-users wrote: On 6/26/21 7:31 PM, ToddAndMargo via bind-users wrote: On 6/24/21 9:00 PM, ToddAndMargo via bind-users wrote: The goal is to have bind-chroot do its thing mount --bind https://

Re: Managing localhost

Am 25.06.21 um 03:22 schrieb Grant Taylor via bind-users: Tony's statements surprised me enough that I shaved them for later deep read and pondering.  That time has now come. On 6/21/21 11:00 AM, Tony Finch wrote: That advice is out of date: nowadays you should not put any localhost entries

Re: do I need to configure a Caching Server

t do named it's job as it does out-of-the-box as said below On 2021-06-19 01:14, Reindl Harald wrote: Am 18.06.21 um 20:28 schrieb techli...@phpcoderusa.com: I am building a home PHP hosting server for learning.  I have a commercial connection to the Internet so no blocked ports and my

Re: Origin of reverse lookup

no meaning saying same things as me Why do you look at the speck that is in your brother's eye and don't notice the beam that is in your eye? *From:* bind-users on behalf of Reindl Harald *Sent:* Saturday,

Re: Origin of reverse lookup

-------- *From:* bind-users on behalf of Reindl Harald *Sent:* Saturday, June 19, 2021 12:36 PM *To:* bind-users@lists.isc.org *Subject:* Re: Origin of reverse lookup Am 19.06.21 um 12:10 schrieb alcol alcol: ISP Have is a normale DNS zone as forward o

Re: Origin of reverse lookup

Am 19.06.21 um 12:10 schrieb alcol alcol: ISP Have is a normale DNS zone as forward ones they does not offer remote mainteining as you should own all subnet class and are directly downloaded from iana if I remember well. ptr zones are the same way delegated as any other zones if somethin

Re: Origin of reverse lookup

Am 19.06.21 um 01:17 schrieb techli...@phpcoderusa.com: I had my ISP configure a reverse lookup years ago.  They say they no longer offer that service and there is no reverse lookup for my IP. don't matter unless you try to send mails from your machine I keep running into this old reverse lo

Re: do I need to configure a Caching Server

Am 18.06.21 um 20:28 schrieb techli...@phpcoderusa.com: I am building a home PHP hosting server for learning.  I have a commercial connection to the Internet so no blocked ports and my ISP allows servers. unless you are hosting a authoritative zone aka domain on your nameserver it don't mat

Re: My FC33->FC34 bind-chroot upgrade notes

Am 17.06.21 um 21:43 schrieb ToddAndMargo via bind-users: On 6/17/21 3:12 AM, Reindl Harald wrote: however, in the real world just write "sudo command" is the best you can do - for the average user it's complete and leaves no questions for power users which don't like

Re: My FC33->FC34 bind-chroot upgrade notes

Am 17.06.21 um 07:43 schrieb Todd Chester via bind-users: On 6/16/21 2:52 PM, Reindl Harald wrote: Does this alteration at the top make it any clearer? Note: at the command prompt, I use the following terminology:     # means run as root     $ means run as user Inside a

Re: How do I identify if bind9 is using 4 cores?

Am 17.06.21 um 05:32 schrieb Manish Rane: Hi Team, I have BIND 9.16.17-Ubuntu on ubuntu and have 4 cores. I have configured  more /etc/default/bind9 OPTIONS="-n 4" And then restarted the services. How do I verify if bind9 has spawned 4 processes and distributed among those? it's threaded

Re: My FC33->FC34 bind-chroot upgrade notes

Am 16.06.21 um 20:31 schrieb ToddAndMargo via bind-users: On 6/16/21 2:16 AM, Reindl Harald wrote: Am 16.06.21 um 09:31 schrieb ToddAndMargo via bind-users: ... # means root $ means user ... Sometimes, in your configuration file extracts, you use '#' meaning 'this line is

Re: My FC33->FC34 bind-chroot upgrade notes

Am 16.06.21 um 09:31 schrieb ToddAndMargo via bind-users: ... # means root $ means user ... Sometimes, in your configuration file extracts, you use '#' meaning 'this line is a comment'.  I guess this is a write-up for a novice. The non-novices here have overlooked it, but I'm much closer to t

Re: Need Help with BIND9

Am 15.06.21 um 10:31 schrieb Reindl Harald: Am 14.06.21 um 22:37 schrieb techli...@phpcoderusa.com: keiththewebguy.com [1]. does not actually have the two nameservers required though that is not the problem. (ns1 and ns2 have same IP) I have a VPS that runs Plesk and there is only one

Re: Need Help with BIND9

Am 14.06.21 um 22:37 schrieb techli...@phpcoderusa.com: keiththewebguy.com [1]. does not actually have the two nameservers required though that is not the problem. (ns1 and ns2 have same IP) I have a VPS that runs Plesk and there is only one name server so for every domain I have hosted on

Re: Need Help with BIND9

Am 12.06.21 um 14:30 schrieb Matus UHLAR - fantomas: On 11.06.21 18:19, Sten Carlsen wrote: From my place I resolve both to: 98.191.108.149 keiththewebguy.com. does not actually have the two nameservers required though that is not the problem. (ns1 and ns2 have same IP) BIND seems to work

Re: No more support for windows

Am 05.06.21 um 19:15 schrieb Ondřej Surý: Folks, I would appreciate if we can say on the topic. Specifically, I consider this rhetorical discussion on the meaning of the word “portable” neither useful to the subscribers of this list nor productive. besides that - i didn't hear a serious rea

Re: Deprecating BIND 9.18+ on Windows (or making it community improved and supported

Am 03.06.21 um 20:12 schrieb Danny Mayer via bind-users: I don't speak for ISC but it's important to understand that support of an operating system costs money and unless a company or organization is willing to step up with money it cannot be expected to continue support. There was originall

Re: Unable to start name

Am 09.04.21 um 08:07 schrieb rams: Apr 09 05:19:38  named[1354]: generating session key for dynamic DNS Apr 09 05:19:38 named[1354]: could not create /var/run/named/session.key Apr 09 05:19:38 named[1354]: failed to generate session key for dynamic DNS: permi...ied /var/run point to /run whi

Re: underscore in A or PTR records

Am 17.02.21 um 10:41 schrieb ONRUBIA AVILES Carlos (CCS/MST): Matus, What do you mean with " absolutely no, but since underscore is not valid in hostname as per rfc1123, I don't recomment you to use it in hostnamed" ? _ is not allowed in hostnames I tried with the following configuration

Re: underscore in A or PTR records

Am 17.02.21 um 09:50 schrieb ONRUBIA AVILES Carlos (CCS/MST): Hello, Thanks for these clarifications. The issue we face is that a telecom provider ask us to implement a PTR record with a name like "example_try.net" point out to that provider it's a bad idea and that they should know that!

Re: Checking if my DNS server are active

Am 12.02.21 um 15:21 schrieb The Doctor via bind-users: Hello, On of my machines in Running Centos 7 / CPanel. It says my primary and secondary DNS are not active intern or public nameservers? query-source address 192.168.81.1 port 53; don't do that! listen-on {192.168

Re: Choosing A records based on hosts' load?

Am 18.01.21 um 10:04 schrieb Marek Kozlowski: :-) On 1/18/21 9:59 AM, Reindl Harald wrote: Am 18.01.21 um 09:49 schrieb Marek Kozlowski: I believe that such a solution (read to install) should exist. Unfortunately I don't know the magic keywords to find it: I have a group of hosts

Re: Choosing A records based on hosts' load?

Am 18.01.21 um 09:49 schrieb Marek Kozlowski: :-) I believe that such a solution (read to install) should exist. Unfortunately I don't know the magic keywords to find it: I have a group of hosts with different IPs offering the same services. I'm able to install some agents on them for mon

Re: Serial number question..

Am 17.12.20 um 19:56 schrieb Bruce Johnson: Someone updated out name server and messed up the serial number on the primary; as a result our secondaries are not updating properly. Primary: bruces-Mac-Mini:~ johnson$ dig @elixir.pharmacy.arizona.edu -t SOA +noall +answer pharmacy.arizona.edu

Re: How Zone Files Are Read

Am 16.12.20 um 19:18 schrieb Tim Daneliuk: On 12/16/20 11:36 AM, Reindl Harald wrote: where did i give the advice "don't fail"? please read my repsonse again! * the zone fails on the master * the zone is still available on the slaves * so the error isn't fatal * bu

Re: How Zone Files Are Read

Am 16.12.20 um 18:26 schrieb Gregory Sloop: This isn't, IMO, very useful as a response to the OP. let that decide the OP To sum up the response; "It's better to never fail!" Yes, that seems pretty obvious. It *would* be better to never fail. Way, way better. But the big problem in life

Re: How Zone Files Are Read

Am 16.12.20 um 17:37 schrieb Tim Daneliuk: I ran into a situation yesterday which got me pondering something about bind. In this case, a single line in a zone file was bad. The devops automation had inserted a space in the hostname field of a PTR record. What was interesting was that - at s

Re: RRL outcome on legitimate traffic...

Am 01.12.20 um 17:15 schrieb Karl Pielorz: --On 1 December 2020 at 08:24:50 -0600 Lyle Giese wrote: You need to look at the reply named sends when it trips and starts limiting UDP traffic source from a given IP address.  It tells the requestor to try again using TCP instead of UDP. So if t

Re: Bind stats - denied queries?

Am 30.11.20 um 20:01 schrieb Marc Roos You assume incorrectly that every such log entry is from spoofed traffic. every relevant one, yes This is about correct logging. Even if it is spoofed, logging the correct spoofed address is better than logging a range (that include ip's that are mayb

Re: Bind stats - denied queries?

Am 30.11.20 um 11:12 schrieb Marc Roos: Are newer version of bind still logging like this Nov 30 10:10:02 ns0 named[1303]: rate-limit: info: limit responses to 3.9.41.0/24 Nov 30 10:10:02 ns0 named[1303]: rate-limit: info: limit responses to 35.177.154.0/24 Nov 30 10:10:02 ns2 named[1241]:

Re: Bind stats - denied queries?

the source of dns amplification is *always* spoofed because it's by design the IP of the victim and not the offender the goal of dns amplification is to flood the connection of the victim until no regular traffic is possible the same /24 is sharing the same line and so it doesn't make sense i

Re: Two copies of recent posts

Am 26.11.20 um 03:01 schrieb Mark Andrews: The message that generated this thread had the following: To: upendra.gan...@gmail.com Cc: bind-users , BIND Users Note the 2 different addresses for bind-users. Both where delivered to lists.isc.org in a single SMTP transaction as you noted (ESMT

Re: Two copies of recent posts

Am 25.11.20 um 04:46 schrieb Jim Popovitch via bind-users: On Tue, 2020-11-24 at 22:22 -0500, Paul Kosinski wrote: My reading of the headers (below) does *not* suggest "Reply All". Rather, they show that mx.pao1.isc.org sent/forwarded the email once, and it was received by lists.isc.org once

Re: Two copies of recent posts

Am 23.11.20 um 04:58 schrieb Jim Popovitch via bind-users: On Sun, 2020-11-22 at 21:56 -0500, Paul Kosinski via bind-users wrote: I've been getting two identical copies of recent posts to this list... Me too, but it's because of people hitting reply-all thinking that they are replying to th

Re: [External] Re: How can I launch a private Internet DNS server?

Am 08.11.20 um 14:44 schrieb Timothe Litt: I'm amazed that this thread has persisted for so long on this list of knowledgeable people me too, i would understand that on the spamassassin list but not here and what i *really* don't understand is jumping into the thread with "I just wanted

Re: How can I launch a private Internet DNS server?

first: there *is* a requirement of a secondary nameserver https://www.iana.org/help/nameserver-requirements Am 07.11.20 um 14:21 schrieb alcol alcol: you can't run a sec. srv. from your own. You need some action from ADMIN-C or TECH-C yeah, someone needs to tell the registry the nameservers th

Re: How can I launch a private Internet DNS server?

Am 05.11.20 um 20:04 schrieb Michael De Roover: On Thu, 2020-11-05 at 11:27 -0600, Chuck Aurora wrote: On 2020-11-05 07:36, Bob Harold wrote: You appear to have confused 'secondary' authoritative servers with a second 'resolver'. Authoritative servers - listed in the NS records - are used by

Re: [External] Re: How can I launch a private Internet DNS server?

Am 07.11.20 um 15:36 schrieb Kevin A. McGrail: On 11/7/2020 9:04 AM, Reindl Harald wrote: first: there *is* a requirement of a secondary nameserver https://www.iana.org/help/nameserver-requirements Does that requirement apply to the use-case? Based on the first sentence, "These ar

Re: How can I launch a private Internet DNS server?

Am 06.11.20 um 13:25 schrieb Tom J. Marcoen: First of all, sorry that I cannot reply within the thread, I was not yet a member of the mailing list when those emails were sent. On Thu 15/Oct/2020 18:57:16 +0200 Jason Long via bind-users wrote: Excuse me, I just have one server for DNS and t

Re: How can I launch a private Internet DNS server?

Am 05.11.20 um 12:59 schrieb Michael De Roover: On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote: A good secondary offloads your server noticeably, and keeps the domain alive in case of temporary failures. AFAIK, authoritative slave servers are only used when the master is confirm

Re: Domain Control Validation

it makes no sense what you ask for why would you point with your whole webserver to geocerts? a CNAME is what it is - and it can't exist with other revord types so you can't have a CNAME for www.example.com and at the same time a A-record or MX Am 30.10.20 um 18:11 schrieb Khuu, Linh Contracto

Re: How can I launch a private Internet DNS server?

Am 16.10.20 um 11:34 schrieb Michael De Roover: Interesting article, thanks for sharing this! I'm slightly confused about some things in it though. Does this mean that any traffic will be put on the connection tracker and be treated as stateful unless we use CT --notrack, or can the kernel mak

Re: CNAME restrictions

Am 04.08.20 um 19:34 schrieb Matus UHLAR - fantomas: > On 04.08.20 17:29, Leroy Tennison wrote: >> I have a situation where, due to the system's location (IP subnet), >> its DNS >> name is ..datavoiceint.com.  We have a >> certificate for *.datavoiceint.com which we prefer to use > > wildcard in

Re: Debian/Ubuntu: Why was the service renamed from bind9 to named?

Am 23.07.20 um 06:28 schrieb Ted Mittelstaedt: > But truthfully you are proving my point.  The simple fact is that bind > will compile WITHOUT using a FreeBSD port.  Linux is 10 times worse > because they aren't even including the c compiler or development tools > anymore.  that's nonsense and

Re: Debian/Ubuntu: Why was the service renamed from bind9 to named?

Am 20.07.20 um 19:45 schrieb Ted Mittelstaedt: > On 7/17/2020 11:35 AM, John W. Blue wrote: >> Speaking about things to be annoyed over .. >> >> I am still ticked that FreeBSD dropped BIND from the distribution for >> something called unwinding or whatever it is. >> > > I'm not happy that happen

Re: issue of Amplification attack

Am 12.07.20 um 06:23 schrieb ShubhamGoyal: > Dear sir, > Thank you  for give me answer for my previous > question,  Sir now we are suffer from amplification attack so is there > any method in bind to stop DNS Amplification attack. > I am thinking to stop or drop ANY type queries from our DNS Recu

Re: [DoD Source -- ssshhhh Top Secret] Re: Dumb Question is an A or AAAA record required?

Am 09.07.20 um 17:20 schrieb Michael De Roover: > On 7/9/20 5:03 PM, Reindl Harald wrote: >> but it still has nothing to do with your domain by definition, the PTR >> could be anything > Of course it can be, they're completely separate name spaces. However > would it

  1   2   3   4   5   >