SL is that there doesn't seem to be a way to assign it
a static IP - i.e. your WSL BIND server will change IP address every time (it's
a private routed address that will need a Windows Firewall NAT rule to be
reached from other machines on your network).
https://www.isc.org/download/
Hi Ralph,
I don't believe this is presently possible but it's being considered for future
development. Please see the following Issue Ticket for more details:
https://gitlab.isc.org/isc-projects/bind9/-/issues/2748
Best,
Richard.
From: bind-users On Behalf Of Bischof, Ralph
F.
Hi Florian,
This feature doesn’t yet exist but is tentatively planned for the 9.19.x
timeframe. You can see more about it here:
https://gitlab.isc.org/isc-projects/bind9/-/issues/2748
Best,
Richard.
From: bind-users On Behalf Of Ritterhoff,
Florian
Sent: Wednesday, August 2, 2023 7:43 AM
To
Thanks Ondrej, that's a really good suggestion to run named-checkconf when
doing upgrades.
Richard.
-Original Message-
From: Ondřej Surý
Sent: Tuesday, July 11, 2023 9:33 AM
To: Richard T.A. Neal ; ML BIND Users
Subject: Re: Unable to upgrade BIND v9.19.11 on Ubuntu without
Thanks Peter, I shall pay more attention to those release notes next time! 😊
Best,
Richard.
-Original Message-
From: Peter Davies
Sent: Tuesday, July 11, 2023 9:25 AM
To: Richard T.A. Neal
Cc: bind-users@lists.isc.org
Subject: Re: Unable to upgrade BIND v9.19.11 on Ubuntu without
b.isc.org/docs/aa-01526
It was indeed this line that caused all the problems, REM'ing it out has fixed
it:
category delegation-only { auth_servers_log; default_debug; };
Thanks again for your help Darren,
Richard.
-Original Message-----
From: Darren Ankney
Sent: Monday, July 10,
o start BIND Domain Name Server.
Would someone be kind enough to let me know what other info I can provide so
this can be troubleshooted?
Thanks,
Richard.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this softwar
Hello,
I have gss-tsig running for authenticating dynamic DNS update requests for a small MIT Kerberos realm, which is working fine. Is it possible to further use gss-tsig for zone transfers instead of shared keys?
Thanks,
Richard
--
Visit https://lists.isc.org/mailman/listinfo/bind-users
o any recommended improvements to this process.
Otherwise, good luck!
Best,
Richard.
-Original Message-
From: bind-users On Behalf Of Bruce Johnson
via bind-users
Sent: 03 January 2023 9:32 pm
To: bind-users@lists.isc.org
Subject: Email migration and MX records
We’re making an O365 tenant switc
orted or what the roadmap is for deprecating the
ability to hand-edit these files for DNSSEC-enabled zones.
Once again many thanks for taking the time to provide feedback and advice, I
really appreciate it. I'll take any further comments off-list.
Best,
Richard.
--
Visit https://lists.i
made any
errors in terminology or fundamental DNSSEC concepts. My guide doesn't (yet!)
touch on key rollover nor trust anchors, and to be honest I don't presently
understand either of those topics, so that'll be the focus of a future update.
Best,
Richard.
--
Visit https://lists.isc
nd bind
daily
dateext
missingok
notifempty
rotate 31
sharedscripts
postrotate
/usr/sbin/rndc reconfig > /dev/null 2>/dev/null || true
endscript
}
#-
Best,
Richard.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs
Limiting which
is explained here:
https://downloads.isc.org/isc/bind9/9.16.31/doc/arm/html/reference.html#response-rate-limiting
I don't recall if BIND 9.11 supports that feature, but even if it does you
should really be upgrading to 9.16.31 anyway (the latest Current-Stable, ESV).
Hi Roberto,
You need to prefix it with “a:” to indicate that this is an A-record, i.e.:
a:relay.company.com
Best,
Richard.
From: bind-users On Behalf Of Greg Choules
via bind-users
Sent: 08 July 2022 4:45 pm
To: Roberto Carna
Cc: ML BIND Users
Subject: Re: Can't modify an existin
here (scroll down
to section 4.2.16.19):
https://downloads.isc.org/isc/bind9/9.18.2/doc/arm/html/reference.html
Best,
Richard.
From: bind-users On Behalf Of Jeff Sumner
Sent: 20 April 2022 9:25 pm
To: King, Harold Clyde (Hal) ; bind-users
Subject: Re: How can I tell if a quiry is answere
e: named)
before it terminates?
Richard.
-Original Message-
From: bind-users On Behalf Of Jakob Bohm via
bind-users
Sent: 11 February 2022 12:19 pm
To: bind-users
Subject: Windows 9.16.25 fails to start (1067 Terminated unexpectedly)
Dear list,
When recently trying to upgrade
Having text files makes editing easier, but you still want to keep the
slaves the same - making the identical edit multiple times is some work,
but may not actually happen depending on circumstances (people make
mistakes)
I like to make all the servers 'masters' - so whoever has the highest
serial
Ondřej Surý said:
> Hi Richard,
> this is not the case.
> slack.com botched their DS/DNSKEY deployment (there’s a thread on
> dns-operations about it).
Thanks for the correction, my mistake. Apologies for the list spam!
Richard.
___
chain) for app.slack.com/IN/A at
query.c:7658
There’s a little more info about the LetsEncrypt issue at the following two
links (not my site):
https://scotthelme.co.uk/lets-encrypt-old-root-expiration/
and
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
Richard
Hello!
We recently re-addressed some of our external-facing cache servers into a new
network and discovered that our IPs appear to be blackholed going to certain
third-party auth servers, either intentionally or unintentionally. Our
workaround while we sort through these issues is implementing
I agree! BIND 9.16.21 is working just fine for me on Windows Server 2019 with
either 8 or 12 vCPUs.
Thanks, ISC BIND team.
Richard.
From: Sami Leino
Sent: 17 September 2021 8:49 am
To: Richard T.A. Neal ; bind-us...@isc.org
Subject: VS: BIND 9.16.19 or any version newer than 9.16.15 does not
ad standard
practice for named.conf to reference named.conf.options (and others). So if
BIND were to read named.conf, see that it was still being asked to read
named.conf.options, it could stop there and say "yep, I've already read that
file. Nothing more to do here".
Best,
Richa
came up
with this workaround in the ticket referenced above, and I've confirmed that it
works on an 8-core test VM that I created:
C:\> sc start named -n 7
Best,
Richard.
From: Sami Leino
Sent: 08 September 2021 8:13 am
To: Richard T.A. Neal ; bind-us...@isc.org
Subject: VS: BIND 9.
Hi Sami,
Could you try changing the number of vCPUs to either 6, 7, 9, or 10 and see if
it then starts OK? If that works then you can either leave it like that or we
can help you with a way to have BIND run a specific number of vCPU cores while
you put the VM back to 8 vCPUs.
Best,
Richard
t it's at least a starting point.
Best,
Richard.
From: bind-users On Behalf Of Sami Leino
Sent: 18 August 2021 10:56 am
To: bind-us...@isc.org
Subject: BIND 9.16.19 or any version newer than 9.16.15 does not start on
Windows Server 2019
Hello,
Our NS3.qnet.fi which is Windows Server 2019
) and then start looking through those logs the
next time your on-prem slave stops resolving.
Once you spot any errors in the look you can post them here on the list and
others will try and help explain what may be happening.
Richard.
-Original Message-
From: bind-users On Behalf O
-and-usage
> [3]: https://kb.isc.org/docs/aa-01386
There’s also the following guide if you’re starting from scratch:
https://www.isc.org/blogs/doh-talkdns/
Richard.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
f
investigate it. It doesn’t impact me I’m afraid because my Windows BIND servers
are all 2 vCPU virtual machines – I find that’s plenty enough resource to run
BIND for me.
https://gitlab.isc.org/isc-projects/bind9/-/issues
Best,
Richard.
From: bind-users On Behalf Of Peter via
bind-users
Sent
.
Best,
Richard.
From: bind-users On Behalf Of Peter via
bind-users
Sent: 21 July 2021 9:34 pm
To: bind-users@lists.isc.org
Subject: New BIND 9.16.19 I think don't run with Intel VLANs
I have three PC's tested that all work fine on 9.16.15 or 9.17.12 with my Intel
VLANs but 9.16.19 simpl
-bind-zone.html
So you're essentially telling DNS clients that the value provided for
mail.{your-fqdn} is only valid for 60 seconds. As you say, a cheap load
balancing attempt!
Best,
Richard.
-Original Message-
From: bind-users On Behalf Of Bruce Johnson
Sent: 25 June 2021 6:56 pm
To:
want to continue pursuing this.
Sorry that I couldn’t be of more help,
Richard.
From: bind-users On Behalf Of Peter via
bind-users
Sent: 19 June 2021 7:48 pm
To: bind-users@lists.isc.org
Subject: Re: Windows support has been discontinued in BIND 9.17+ (Was:
Important: A significant flaw is
And what do you get when you run c:\BIND\named-checkconf ?
Richard.
From: bind-users On Behalf Of Peter via
bind-users
Sent: 19 June 2021 3:41 pm
To: bind-users@lists.isc.org
Subject: Re: Windows support has been discontinued in BIND 9.17+ (Was:
Important: A significant flaw is present in
tion 'x'
C:\BIND\etc\named.conf:8: unexpected token near end of file
Richard.
From: bind-users On Behalf Of Peter via
bind-users
Sent: 18 June 2021 5:49 pm
To: bind-users@lists.isc.org
Subject: Re: Windows support has been discontinued in BIND 9.17+ (Was:
Important: A significant
isual\
Studio/2017/BuildTools/VC/Redist/MSVC/14.16.27012/vcredist_x64.exe
with-openssl=C:/OpenSSL with-libxml2=C:/libxml2 with-libuv=C:/libuv
without-python with-system-tests x64'
Richard.
From: bind-users On Behalf Of Peter via
bind-users
Sent: 18 June 2021 3:51 pm
To: bind-users@lis
gt; Windows Logs >
Application?
If your Application log is too busy you can also filter by event source "named"
to remove some of the noise.
Richard.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
demonstrates using sudo to achieve this.
Best,
Richard.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://
instead use DNSSEC.
DOH/DOT and DNSSEC are two completely different things meant for two completely
different DNS functions – there is no overlap.
Best,
Richard.
From: bind-users On Behalf Of Walter H. via
bind-users
Sent: 12 June 2021 11:23 am
To: bind-users@lists.isc.org
Subject: Re: DOH or DOT
with specific
advice of course).
Best,
Richard.
From: bind-users On Behalf Of Gary Chang
Guang-Ruei
Sent: 10 June 2021 5:56 am
To: bind-users@lists.isc.org
Subject: How to setup DNS on virtual machine
Hi,
I have installed bind 9.16.16 on a windows 10 virtual machine, my question is
how do I
must therefore be reconfigured on every reboot as
well.
Personally I'm comfortable with the decision that's been made and I understand
the logic. Saddened, like saying goodbye to an old friend, but comfortable.
Richard.
___
Please visit https
named.conf.options to reference a different certificate, and then run
“rndc reconfig”
Run the openssl command again and you will see that the certificate has indeed
changed to the new one you specified in named.conf.options.
Best,
Richard.
From: bind-users On Behalf Of Eric Germann
via bind
indows just so that I can help out
anyone who subsequently downloads and installs BIND for Windows between now and
its end-of-support date.
Best,
Richard.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
9.17 will be backported into 9.16 and thus
receive official support?
Easy example: DNS over HTTPS which I believe was initially hoped to be
backported into BIND 9.16 around the April/May timeframe this year.
Thanks,
Richard.
-Original Message-
From: bind-users On Behalf Of Ondrej Surý
To everyone who expressed an interest in this: my write-up has now been
published on the ISC Blog:
https://www.isc.org/blogs/doh-talkdns/
Thanks to Ondrej, Artem, Suzanne and Vicky for critiquing and reposting.
Best,
Richard.
___
Please visit https
recursive resolver offering DNS over HTTPS using a
LetsEncrypt certificate.
Is there any interest in me writing this up as a web article, or has everyone
who's interested in DoH already got it running comfortably in their test
environment?
Best.
Ri
e reliable solution.
Best,
Richard.
-Original Message-----
From: Richard T.A. Neal
Sent: 29 April 2021 6:41 pm
To: BIND Users
Subject: RE: Deprecating BIND 9.18+ on Windows (or making it community improved
and supported)
The WSL2 option is an interesting one and not something I'd
ot; but Windows Server 2008 R2 is of course long
out-of-support from Microsoft unless you happen to have an Extended Support
Agreement with them. How feasible is it for you to upgrade your Windows BIND
servers to Windows Server 2012 R2 or higher?
Richard.
From: bind-users
mailto:bind-users-boun
I'm running BIND 9.16.15 fine on Windows Server Standard 2019. What do you see
in the Event Viewer > Application log?
There'll be lots of entries in there of course, so just filter by Source
"named" and look for any Critical, Error, or Warning messages.
Richard.
From: b
e most likely outcome, I
would at least like to offer to be the maintainer of the "BIND 9 on Windows via
WSL2" documentation, but only if we can come up with a catchier name 😊
Richard.
-Original Message-
From: bind-users On Behalf Of Ondrej Surý
Sent: 29 April 2021 12:36 pm
To
colleagues) have tried to reach Ron Aitchison by mail and other
> communication means, but no success.
Unfortunately I don't but if anyone is able to make contact with Ron I'd be
very happy to offer to host an archive of the site at no cost.
Best,
Richard.
__
rver) that is either the source IP or the spoofed target.
Best,
Richard.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
yet to come up with any other explanation so am always open to any
plausible causes.
Best,
Richard.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with pa
ommendation. By blocking traffic to the
victim (which is what I'm doing by blocking traffic from the spoofed Source IP,
because no inbound traffic means no outgoing replies) then I'm helping to
protect the victim, or at least prevent my server being used in the reflection
e. the malicious actor is potentially trying to get
your DNS server to participate in a DDOS DNS attack against a third party. So
by dropping those requests at the firewall I'm helping to ensure that my BIND
server isn't a participant in that attack.
Richard.
s for installing and
maintaining BIND on Windows.
My thanks to Vicky for also including links to my site on the BND resources
page of the ISC website.
https://www.winbind.org
Any feedback from fellow BIND on Windows users would be warmly welcomed,
obviously off-l
the community. And who knows, perhaps
that means there'll eventually be up to THREE of us running BIND on Windows!
Best,
Richard
rich...@richardneal.com
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from t
I just got into a disagreement with a couple of people on this. I’m sure this
won’t be much different.
My feeling is that we’re dealing with software and things here and not people.
A Master is simply an authoritative source in this context. It has nothing to
do with enslaving human beings.
Olsen, Richard
William (Rick) CTR (US)
Sent: Friday, March 25, 2016 9:59 AM
To: bind-users@lists.isc.org
Subject: [Non-DoD Source] Build with GEOIP
I'm trying to configure the GEOIP option in to our bind build. I have the
free GeoIP databases for initial testing. Can anyone point me to a
walkth
I'm trying to configure the GEOIP option in to our bind build. I have the free
GeoIP databases for initial testing. Can anyone point me to a walkthrough or
give me the required steps. I've read the stuff I can find on ISC and it talks
about using the --with-geoip config option and states:
"BIND
I'm looking into the GEOIP functionality but we are in the 9.9 release tree.
I don't see in it in the documentation but wanted to check here incase I'm
just missing it.
smime.p7s
Description: S/MIME cryptographic signature
___
Please visit https://li
Hi all,
Having heard about recursion, is there a way of getting BIND to make recursive
DNS requests to the A.B.C.D and E.F.G.H DNS servers?
Thanks,
Richard Thomas.
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Matus
are differing results in different BIND
environments please?
Also, if there is a way of configuring BIND to always work the way it's been
observed for company 2), please could someone let me know.
Many thanks in advance.
Richard Thomas.
[http://www.the-logic-group.com/images/TLG_Logo.jpg]
Thanks. We'll try this, otherwise I guess I'll just build a separate binary
with RRL disabled.
-Original Message-
From: Jeremy C. Reed [mailto:jr...@isc.org]
Sent: Tuesday, August 19, 2014 11:15 AM
To: Olsen, Richard William (Rick) CTR DISA PEO-MA (US)
Cc: bind-users@lis
Is there a runtime switch or config option to disable RRL. The bind 9.9.5-S1 by
default included the RRL enable but we would like to run test with and without
the RRL active.
Rick.
smime.p7s
Description: S/MIME cryptographic signature
___
Please visi
de
Even after I edit the configure script to have cross_compile=yes, it still
responds with no during the configuration.
-Original Message-
From: Mark Andrews [mailto:ma...@isc.org]
Sent: Monday, April 28, 2014 12:05 PM
To: Olsen, Richard William (Rick) CTR DISA PEO-MA (US)
Cc: bind-users@
We have a remote site that we are providing a bind package for. They want a
targeted build and sent us the compile options as
-xtarget=T3 -xarch=sparcvis3 -xchip=ultraT3 -xcache=8/16/4:6144/64/24
The build system is using Sun Studio 12.3 cc on T5140 (UtltraSPARC-T2+
hardware running Solaris 1
eers
marty
On 3 Apr 2014, at 17:57, Olsen, Richard William (Rick) CTR DISA PEO-MA (US)
wrote:
> We are trying build out bind for a remote site. When I use the prefix option
> so that I can put it all where I can package it, it hardcodes the prefix into
> the named binary for severa
We are trying build out bind for a remote site. When I use the prefix option so
that I can put it all where I can package it, it hardcodes the prefix into the
named binary for several items. How do I get around that. The hardcoded entries
are for rndc.key, name.conf, session.key, named.pid, lwre
We have been trying to build bind using with-openssl=PATH and not have it
require the full openssl install on the destination system. We had this setup
and running when we were building on solaris 9 using bind-9.9.2 up through
bind-9.9.4-P2. Now we are building on a Solaris 10 system (remote sys
Reading different pages I have seen that you needed to use --enable-rrl as a
configuration option but it is not in the S3 release. So is it the default or
not available in the S3. The public release does have a rrl option.
Rick.
smime.p7s
Description: S/MIME cryptographic signature
___
with .gov domains, but I commented out "dnssec-enable yes" in
my named.conf and it didn't help.
--
Richard
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-
ing any parameter on a heavily used system, you might want
to look at the typical system vital statistics after tweaking the value
and looking at how any of those things (cpu, mem, disk i/o, network i/o,
general load, etc) may now be trending differently after a day/week.
Richard
On 3/15/20
the 9.[2-7].x releases and see there have been some fixes to code
related to notifies and zone transfers.
Is it safe to say a busy BIND 9.5.x slave performing lots of zone
transfers retrieves zones (from a master) more timely than a similarly
busy 9.2.x slave?
Regards,
Richard
The i
tion; ...]
[ zone_statement; ...]
};
Do some perusing of the Administrator's Reference Manual (ARM). You
might find the information in there quite useful.
Regards,
Richard
Prabhat Rana wrote:
Hi Nuno,
Thanks for the response. However, I don't own the authoritative servers. And
the
Hello self,
I just figured this out.
I had to add:
foo.com. IN NS reg.
to db.root.
Regards,
-j
On Thu, 2009-08-13 at 08:41 -0500, Josh Richard wrote:
> Hello bind-users,
>
> bind 9.3.4, Debian
>
> goal:
> resolve any.dns.name -> 1.2.3.4, unless queries are for
ng -> 1.2.3.4).
Seems like what I have done should work. I am concerned the wildcard
'*' is the issue -- the forwarders should be consulted as the match is
more specific correct?
Any ideas are greatly appreciated.
Regards,
Josh Richard
signature.asc
Description: This is a digitally si
60 IN SOA 3dns0.pwg.lastminute.com.
hostmaster.
3dns0.pwg.lastminute.com. 4 10800 3600 604800 60
;; Query time: 51 msec
;; SERVER: 213.86.177.189#53(213.86.177.189)
;; WHEN: Mon Jul 27 11:01:16 2009
;; MSG SIZE rcvd: 132
Can anyone shed some light on this? I'm having tr
On Wed, 20 May 2009 14:56:20 +1000 Mark Andrews wrote:
>
> In message <200905200158.n4k1wmzv006...@edge.twig.com>, Richard Doty writes:
> > I am running bind 9.5.0, and have a dynamic zone with two ZSK set
> > up in the pre-publish manner - one ZSK is "published"
make a dynamic update to the zone, bind signs the updated
record with both ZSKs. That makes sense because bind has no way
to tell the two ZSKs apart.
So I guess my question is - does pre-publish work with dynamic update?
If so, how is it configured?
Thanks,
Richard.
___
can't find any suggestion of that
in the code. Maybe I'm looking in the wrong place.
How do you manage your nsupdate keys?
Thanks,
Richard.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
79 matches
Mail list logo
