Re: 127/8 weirdness & entertainment for fun & profit.

Crist Clark writes: > Note that is all Linux-specific behavior. BSD-derived stacks are generally > different, e.g. FreeBSD and MacOS. They do not respond to addresses that > aren’t explicitly assigned to an interface. You cannot bind an address not > assigned to an interface. I

Re: BIND doesn't listen to other loopback addresses

https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/li

Re: BIND doesn't listen to other loopback addresses

Bagas Sanjaya writes: > Here in my case, I was expecting BIND to listen to 127.0.0.53 as > separate address, just like in similar applications (systemd-resolved, > dnsdist, etc). You do need to add the address to an interface, but you don't need to add a new dummy interface.

Re: 127/8 weirdness & entertainment for fun & profit.

New-Subject: host vs subnet routes Old-Subject: BIND doesn't listen to other loopback addresses On 7/6/25 1:02 AM, Ondřej Surý wrote: The IPv4 loopback is actually quite weird in this regard that 127.0.0.1/8 is assigned by everything in 127/8 automagically works without explicit ad

Re: BIND doesn't listen to other loopback addresses

https://bind9.readthedocs.io/en/stable/reference.html#namedconf-statement-automatic-interface-scan Note the phrase "...and supported by the operating system...". Linux capabilities must also be enabled (i.e. not *disabled* at build time) for BIND to be able to keep scanning as addresse

Re: question about resolving of AAAA amazoses.com

Hello and many thanks for the quick all-answering response! Thanks for Greg as well, I leave it to Petr's answer then :-) Am 04.07.2025 um 10:13 schrieb Petr Špaček: On 04. 07. 25 9:56, Florian Piekert via bind-users wrote: Hello all, I frequently have this in my logs May  4 14:29:16

Re: question about resolving of AAAA amazoses.com

Hi Florian. Well since you mention it, may we see your BIND configuration? Also "named -V", please and, if you can, a packet capture (preferably binary pcap, not just a few lines of tcpdump output) showing what your server is doing at the time you see these messages in the logs. Cheers

question about resolving of AAAA amazoses.com

feedback-smtp.us-east-1.amazonses.com/ for 127.0.0.1#44099: Name us-east-1.amazonses.com (SOA) not subdomain of zone feedback-smtp.us-east-1.amazonses.com -- invalid response and was wondering IF there is a misconfiguration on my bind? My guess is no, but I thought I'd better as

Re: Significant memory usage

“countless” reports there were not that many of them actually. How many zones can a bind instance handle realistically? Internally, we are testing BIND 9 with 1M small zones and it works just fine. What happened was that 9.20 introduced a new database backend called QP that replaced venerable custom

Re: Server crash on receiving query

Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. On 5. 11. 2024, at 11:58, James L. Brown via bind-users wrote:  On 2 Nov 2024, at 3:14 am, Scott Bradner wrote: I have the same proble

Re: Significant memory usage

g My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. On 1. 7. 2025, at 20:40, OwN-3m-All wrote: Also, 127.0.0.1 (localhost) needs to be returned for these hosts, not a NXDOMAIN response. Would that impact it? -- Vis

Re: Significant memory usage

s On 01/07/2025 19:27, OwN-3m-All wrote: >>  Apologies if I misunderstood your setup. I’ve also encountered memory issues in recent BIND versions — BIND 9.18.33 on Debian 12 is a tremendous beast, capable of handling millions of QPS — but after reducing logging (including DNSTAP) and disa

Re: Significant memory usage

Hello there, I’m not a BIND developer either, but I was intrigued when you mentioned /millions of zone entries/. Are you referring to millions of individual zones, rather than consolidating entries into a single RPZ zone? Apologies if I misunderstood your setup. I’ve also encountered memory

Re: Is there any method/config to pass through rcode refused

is any config or method to achieve > that. > > > > Thanks, > > Neil Nie > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contac

Re: dnssec/obsolete dns keys removal - how to?

On 21/06/2025 05:16, Florian Piekert via bind-users wrote: Hello, wow, that did the trick. I didn't think of this at all. It -after all- appeared to be VERY obvious. I don't know why I overlooked this possibilty. THANK YOU! Am 20.06.2025 um 19:03 schrieb Crist Clark: Do you have

Re: dnssec/obsolete dns keys removal - how to?

Hello, wow, that did the trick. I didn't think of this at all. It -after all- appeared to be VERY obvious. I don't know why I overlooked this possibilty. THANK YOU! Am 20.06.2025 um 19:03 schrieb Crist Clark: Do you have a .signed file that BIND created? To be 100%, shutdown n

dnssec/obsolete dns keys removal - how to?

deleted those files somewhen in between while trying. After a while I got a correct working setup (using the default *facepalm*). Although I have then successfully managed to get the correct key setup into the DS with the root tld zones, I have mysterious DNSKEY entries on my bind installations

Problem with latest Docker image

ternal defaults: failure (But I'm not sure what I did to generate the named.run file, and I haven't been able to recreate it) I'm not using any geo capability that I know of. I haven't changed anything in my bind config files in quite some time, and it's always worked up

Re: Significant memory usage

ket I/O Statistics ++ 191596 UDP/IPv4 sockets opened 169 TCP/IPv4 sockets opened 191580 UDP/IPv4 sockets closed 777 TCP/IPv4 sockets closed 41 UDP/IPv4 socket bind failures 43 UDP/IPv4 socket conn

Re: Significant memory usage

10:46 PM, Philip Prindeville via bind-users > wrote: > > I read: > > https://bind9.readthedocs.io/en/v9.20.9/reference.html#namedconf-statement-max-cache-size > > and it doesn’t explain the notation for . > > > > >> On Jun 8, 2025, at 10:39 PM, Ondřej Sur

Re: Significant memory usage

ybe GB is the only unit it groks. >> >> >> Jun 8 22:31:52 OpenWrt named[19145]: /etc/bind/named.conf:42: expected >> integer and optional unit or percent near ‘1536MB’ >> >> Nope: >> >> Jun 8 22:32:48 OpenWrt named[19609]: /etc/bind/named.conf:

Re: Significant memory usage

Maybe GB is the only unit it groks. Jun 8 22:31:52 OpenWrt named[19145]: /etc/bind/named.conf:42: expected integer and optional unit or percent near ‘1536MB’ Nope: Jun 8 22:32:48 OpenWrt named[19609]: /etc/bind/named.conf:43: expected integer and optional unit or percent near ‘2GB'

Re: Significant memory usage

Jun 8 22:22:10 OpenWrt named[15142]: /etc/bind/named.conf:42: expected integer and optional unit or percent near '1638MB' > On Jun 8, 2025, at 10:17 PM, Ondřej Surý wrote: > > Yes, there's no math involved, it just honors the limit. > > FTR you can als

Re: Significant memory usage

im) > ond...@isc.org > > My working hours and your working hours may be different. Please do not feel > obligated to reply outside your normal working hours. > >> Here’s my statistics-channel output: >> >> -- Visit https://lists.isc.org/mailman/listinfo/bind-us

Re: Significant memory usage

for your purposes. > > Ondrej > -- > Ondřej Surý — ISC (He/Him) > > My working hours and your working hours may be different. Please do not feel > obligated to reply outside your normal working hours. > >> On 9. 6. 2025, at 5:45, Philip Prindeville >> wrote: >> &

Re: Significant memory usage

that talk to a small number of external hosts). It’s computing the max-cache-size that I’ve set: Jun 8 21:34:08 OpenWrt named[8106]: /etc/bind/named.conf:42: 'max-cache-size 10%' - setting to 171MB (out of 1714MB) but no idea where the 1741MB that it is basing that off of is coming f

Re: Significant memory usage

t’s going on with just output of named -V. > > I would suggest to recompile names with jemalloc enabled and then use > jemalloc profiling to see where the memory goes. > > See https://www.isc.org/blogs/2023-BIND-memory-management-explained/ for more > details (search for

Re: Significant memory usage

> On Jun 8, 2025, at 3:07 PM, Philip Prindeville via bind-users > wrote: > > > >> On May 21, 2025, at 3:38 PM, Ben Scott wrote: >> >> - Original Message - >>> From: "Philip Prindeville via bind-users" >>> To: "

Re: Significant memory usage

> On May 21, 2025, at 3:38 PM, Ben Scott wrote: > > - Original Message - >> From: "Philip Prindeville via bind-users" >> To: "bind-users" >> Sent: Sunday, May 18, 2025 5:20:59 PM >> Subject: Significant memory usage > >>

Re: Significant memory usage

> On May 21, 2025, at 3:38 PM, Ben Scott wrote: > > - Original Message - >> From: "Philip Prindeville via bind-users" >> To: "bind-users" >> Sent: Sunday, May 18, 2025 5:20:59 PM >> Subject: Significant memory usage > >>

Re: QNAME minimisation question

root trust anchor)                  -b address[#port]   (bind to source address/port) etc... The rest I don't know, yet. Hope that helps, Greg Thanks Greg. On Wed, 4 Jun 2025 at 07:46, Nick Tait via bind-users wrote: I've done a bit more testing on this, and it seems like if you u

Significant Throughput Drop in BIND 9.20.8 for Batch DNS Updates – Seeking Community Insights and Solutions

Hello BIND Community, I am writing to report a significant performance drop observed after upgrading from BIND 9.18.30 to BIND 9.20.8 . We are running BIND in a batch data processing environment where large volumes of dynamic DNS updates are pushed periodically. Under 9.18.30, our system

Re: QNAME minimisation question

[#port] (bind to source address/port) etc... The rest I don't know, yet. Hope that helps, Greg On Wed, 4 Jun 2025 at 07:46, Nick Tait via bind-users < bind-users@lists.isc.org> wrote: > Hi Stace. > > The transport protocol used to ask the question is (or should be) > inde

Re: QNAME minimisation question

ot;;; WARNING: using internal name server mode: '@8.8.8.8' will be ignored" On 03/06/2025 22:36, Stacey Marshall wrote: On 3 Jun 2025, at 10:29, Nick Tait via bind-users wrote: But I also noticed that delv only makes A queries (not ), and even if I specify "-6" on t

Re: QNAME minimisation question

isit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/lis

Re: QNAME minimisation question

On 02/06/2025 23:30, Petr Špaček wrote: In short, with an empty cache, BIND will exceed pre-configured limit on number of queries it can do. This is protection from various attacks which misuse DNS to attack itself. Thanks for the explanation! This particular recursive query doesn't

Re: QNAME minimisation question

re force to set the value off or disabled, because bind finds something "strange" in the zone cut response. dig ns +dnssec 90.45.in-addr.arpa @127.0.0.1 ; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> ns +dnssec 90.45.in-addr.arpa @127.0.0.1 ;; global options: +cm

QNAME minimisation question

Hi list. I've been investigating a failure that I noticed in my DNS logs. I know the issue is related to QNAME minimisation, but rather than just turning it off (to make the problem go away), I'm trying understand whether BIND is doing exactly what it is expected to do? I can rep

Re: Dns tunnel detection/prevention

rent things. -- Grant. . . . -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-

Re: Dns tunnel detection/prevention

On 5/22/25 9:23 AM, Karol Nowicki via bind-users wrote: Does ISC Bind software by native has any dns tunneling prevention embedded ? I don't think there is anything that I would describe that way. But there may be some rate limiting option(s) that you could use to at least cripple usin

Re: 3Rd Follow Up - Re: My Introduction and current issues

-08.braze.com.cdn.cloudflare.net A 5b57 > 1053 20.772813 102.767751 2.350603 184.184.184.10 8.8.8.8 48067 Q > sdk.iad-08.braze.com.cdn.cloudflare.net A ae45 > 1054 20.773441 102.768379 0.000628 184.184.184.7 184.184.184.10 - - - ICMP > - Destination unreachable (Port unreachable) but don

Dns tunnel detection/prevention

Does ISC Bind software by native has any dns tunneling prevention embedded ?  Thanks  Wysłane z Yahoo Mail do iPhone -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us

Re: 3Rd Follow Up - Re: My Introduction and current issues

- - ICMP > - Destination unreachable (Port unreachable) but don't know which packet > this is in response to. > 1055 20.773879 102.768817 0.000438 184.184.184.10 184.184.184.80 32337 R > sdk.iad-08.braze.com A 2e9e Response to 1032 > > Note that the BIND server at ...10 makes lots

Significant memory usage

creeping up again. I updated to 9.20.8 a few minutes ago but I’m still seeing the same issue. root@OpenWrt:~# named -V BIND 9.20.8 (Stable Release) running on Linux x86_64 6.6.41 #0 SMP Sat Jul 27 03:38:57 2024 built by make with '--target=x86_64-openwrt-linux' '--host=x86_6

Re: 3Rd Follow Up - Re: My Introduction and current issues

is unreachable. Since that ICMP packet is always preceded by a DNS query directed to either 1.1.1.1 or 8.8.8.8, it might imply that either your router or something further along (i.e. your ISP) is not allowing the DNS query packets to pass. Since Bind v9

Re: long FQDN resolution

Benny Pedersen via bind-users skrev den 2025-05-15 20:42: Matus UHLAR - fantomas skrev den 2025-05-15 17:04: turn off QNAME minimisation on DNS servers used by mailservers for DNSBL/DNSWL checks. make a better rbldnsd that support qname :) or dump zone from rbldnsd to bind.zone, the bind

Re: DNSVIZ errors

i didn’t receive your reply but saw this on lists archive so replying to you: Do be aware that Ondrej is a member of ISC, the organization that develops BIND. He is also one of the maintainers of the Debian release of BIND which you are using. Why should i be aware? Is he is a threat or

Re: long FQDN resolution

Matus UHLAR - fantomas skrev den 2025-05-15 17:04: turn off QNAME minimisation on DNS servers used by mailservers for DNSBL/DNSWL checks. make a better rbldnsd that support qname :) or dump zone from rbldnsd to bind.zone, the bind zone can be in sqlite to not be so memory hungry or report

Re: long FQDN resolution

I was beaten to it! It's called QNAME minimisation and is specified here: https://datatracker.ietf.org/doc/html/rfc9156 In BIND it can be disabled with this statement: https://bind9.readthedocs.io/en/v9.20.8/reference.html#namedconf-statement-qname-minimization Hope that helps, Greg On Th

Re: My Introduction and current issues -

Sorry let me try again. I missed your other questions... On 11/05/2025 17:17, Fred Morris wrote: BIND insists on addresses bound to interfaces (at least, that's my contention, based on experience yesterday, which may or may not reflect some reality which has been manufactured

Re: My Introduction and current issues -

On 11/05/2025 17:17, Fred Morris wrote: BIND insists on addresses bound to interfaces (at least, that's my contention, based on experience yesterday, which may or may not reflect some reality which has been manufactured today). resolved uses a loopback address which is not bound

Re: My Introduction and current issues -

y. Or not. --- On Sun, 11 May 2025 12:37:23 +1200 Nick Tait via bind-users wrote: > On 11/05/2025 07:28, Fred Morris wrote: > > Stop! Squirrel wearing a systemd tshirt! Kill / maim / destroy / drive > > off systemd resolved. Then make sure that resolv.conf is not being >

Re: My Introduction and current issues -

not/ trying to say that everyone should use systemd-resolved. I'm just trying to be an "active bystander". :-) -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: My Introduction and current issues -

others on this list would disagree with me, but that's just my 2p. Cheers, Greg. On Sat, 10 May 2025, 13:43 , wrote: > On 2025-05-10 02:03, Greg Choules wrote: > > @Danilo you are correct, the contents of /etc/resolv.conf are not set by > BIND and BIND itself does not use them. B

Re: My Introduction and current issues -

@Danilo you are correct, the contents of /etc/resolv.conf are not set by BIND and BIND itself does not use them. But all applications running on that machine (including dig, unless you specify @) that want some kind of name resolution will make OS system calls and then the OS *will* use what'

Re: My Introduction and current issues -

rch mydomain.net   (where mydomain is my actual domain name and not the FQDN of the machine (i.e. "machine01.mydomain.net")).   This was entered by default as BIND was installed.   I am wondering if the "namesever" should be th

Re: My Introduction and current issues -

. In DHCP, what do you have configured for your client's DNS servers? Lyle Giese On 5/9/25 17:58, bi...@clearviz.biz wrote: Howdy all!.   My name is Arnold, and I'm new to both Bind9 and to the Bind user's list. I'm hoping to contribute my findings on the use of Bind9. in

Re: My Introduction and current issues -

Hi. I also suspect it's not BIND, but how the OS is going about resolving names. Test your running BIND by using dig (please, not nslookup) @127.0.0.1 for domains you think you are having a problem with. Also check /etc/resolv.conf and see what address(es) is/are listed as nameservers.

Re: Massive increase of SERVFAIL after April 28th 2025.

-SERVERS.NET (2001:0501:b1f9:::::0030) Refers backwards Same output from any of my bind hosts: # dnstracer -q cname -s 127.0.01  ftp.lip6.fr Tracing to ftp.lip6.fr[cname] via 127.0.01, maximum of 3 retries 127.0.01 (127.0.0.1) Refers backwards But interestingly, doing this

Re: Massive increase of SERVFAIL after April 28th 2025.

everything up. So may be that was the reason, if it coincides with your perception ... dnstracer has eventually helped me find lame delegations. Carlos Horowicz Planisys On 01/05/2025 17:23, Rob McEwen via bind-users wrote: From vinc...@cojot.name until a few days ago (April 28th?) when the

Re: Massive increase of SERVFAIL after April 28th 2025.

and purge any caching (rndc flush), then restart BIND. Maybe you've already done that? But if not, it's worth a try before digging deeper. If that doesn't fix this, then hopefully someone else on this list can help you. Rob McEwen, invaluement -- Original Message --

Re: Massive increase of SERVFAIL after April 28th 2025.

-blackout-that-hit-spain-and-portugal Hopefully, you're not seeing any more of these errors now? Rob McEwen, invaluement -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact

Re: DNSVIZ errors

version: BIND 9.20.8-1+0~20250416.117+debian12~1.gbp1ea9dd-Debian (Stable Release) (<>) running on localhost: Linux x86_64 6.1.0-33-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.133-1 (2025-04-10) boot time: Sun, 20 Apr 2025 15:40:59 GMT last configured: Sun, 20 Apr 2025 15:40:

Re: DNSVIZ errors

Thank you for your help. it does give insights into the problem. if you check dnsviz history, this does not happen everytime. the bind version is BIND 9.20.8-1+0~20250416.117+debian12~1.gbp1ea9dd-Debian obtained from: https://www.isc.org/download/ —-> https://bind.debian.net/bind th

Re: DNSVIZ errors

need anything specific let me know.') today language models are more context aware. and if you don't want to share what do you 'need' then leave it be, i don't want your help. On April 20, 2025 5:17:46 PM UTC, "Ondřej Surý" wrote: > >> O

Re: DNSVIZ errors

eel obligated to reply outside your normal working hours. On 20. 4. 2025, at 16:31, akritrim® Intelligence™ via bind-users wrote: Hi I am getting the following error if i test the domain on dnsviz.net. For example for domain example.org i get : caikb.6tqs4.example.org/A has errors; s

DNSVIZ errors

only some of them. i have these parameters defined in dnssec policy: nsec3param iterations 0 optout no salt-length 0; any ideas will be welcome. -- akritrim® Intelligence™ -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the developme

Re: Multiple views (more than 2)

secondary server could inadvertently end up transferring the zone from the public view in spite of having signed the zone transfer request with one of the private keys. Nick. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the developme

bring clientip to the authoritative server

Hey Guys, I have a cache, which can cache the client's domain name request and forward the client ip to my bind authority service in the form of ecs to hit views. But I know that after bind 9.13, authoritative ecs functionality is not supported. So I've been unable to upgrad

Re: DNS hiccups

Apr 15 15:53:34 CEST 2025 ;; MSG SIZE rcvd: 282 -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Multiple views (more than 2)

lic one (for remote clients, served by all four > name > > servers). It used to work :-) > > > > Now it's desired to create multiple different private views served > > by my > > name servers (one view for clients from each subnet of my network) > &g

Re: Multiple views (more than 2)

h-clients" directives... > > Any example, link, general formula or some smart how-to, or anything > welcome... > > Thanks a lot! > Best regards, > Marek > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > IS

Re: Grief after upgrade to macOS Sequioa 15.4

For the record: brew update brew upgrade now also does the trick. -- Marco On Fri, 4 Apr 2025 07:06:45 +0200 Daniel Stirnimann via bind-users wrote: Hi Niall, If you use brew, I solved it with this: brew uninstall bind brew cleanup brew install libxml2 export LDFLAGS="-L/opt/homebre

Re: BIND 9.11.4-P1 unexpected process exit

file also, without it I or steps to reproduce it doubt anyone will be able fix it, whatever it is. Try whether coredumpctl list will contain this crash. On 10/04/2025 06:22, Duleep Thilakarathne wrote: Hi, Bind service unexpectedly exited a few days back with the following error: Could someone

Re: Custom DNS Filtering Plugin in BIND 9

is updated externally and serves as the sole source of >truth for categorization decisions. >- As such, I do not wish to store any additional data within the >plugin, memory, or any BIND-internal structures. >- Instead, I want the plugin to dynamically query this data by ca

Re: Authoritative and caching

03-2025 11:18, Danjel Jungersen via bind-users wrote: On 19-02-2025 12:04, Greg Choules wrote: Hi Danjel. To obtain a packet capture use tcpdump, which is probably installed already. If not, add it using your preferred package manager. You can dump to the screen, but I find it more useful to

Re: Grief after upgrade to macOS Sequioa 15.4

Hi Niall, If you use brew, I solved it with this: brew uninstall bind brew cleanup brew install libxml2 export LDFLAGS="-L/opt/homebrew/opt/libxml2/lib" export CPPFLAGS="-I/opt/homebrew/opt/libxml2/include" export PKG_CONFIG_PATH="/opt/homebrew/opt/libxml2/lib/pkgcon

Re: Why do I get underscore DNS queries when my host is running a recursive server?

arting > with an underscore > > Greg Choules 于2025年3月31日周一 18:01写道： > >> Hello. >> The underscore character was an old method for performing QNAME >> minimisation. Look in the CHANGES file for a note about it and the ARM for >> more detailed information. >

Re: Why do I get underscore DNS queries when my host is running a recursive server?

Hello. The underscore character was an old method for performing QNAME minimisation. Look in the CHANGES file for a note about it and the ARM for more detailed information. BIND 9.14 is five years old and has been unsupported for a long time. Please update to 9.18 or 9.20, which contain many

Cannot import keys into dnssec-policy

am -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

RE: isc-bind service shutdown after update at 9.20.7-1.2.el8

Hi Michal, Thanks a lot for the reply, i will take a look at the documentation for chroot and systemd notify. I already use the old option (type=forking) and yes everything is working fine. Have a good day. -- Joel Langlois -Message d'origine- De : bind-users De la pa

Re: Custom DNS Filtering Plugin in BIND 9

On 3/19/25 9:40 AM, Mónika Kiss wrote: I have a domain categorization program written in C that dynamically determines the risk level of a queried domain. I need to integrate this categorization logic into a BIND 9 plugin that: Mónika, have you looked into Dynamically Loadable Zones? You

RE: isc-bind service shutdown after update at 9.20.7-1.2.el8

Hello, Thanks for your reply, this help me to point in the good direction! The problem is in the startup file for the service /usr/lib/systemd/system/isc-bind-named.service (this file is modify by the 9.20.7 update). When i try to use the option "Type=notify" or the

Re: Authoritative and caching

(UDP) ;; WHEN: Sun Mar 23 11:00:01 CET 2025 ;; MSG SIZE  rcvd: 74 The mentioned tcpdump command gave the attached result. Just to sum it up: My setup: I have a mailserver (192.168.20.9), on the same box I have bind as resolver. I have 2 bind boxes running as "local authoritative" for t

Re: Custom DNS Filtering Plugin in BIND 9

program or SDK, which reads and evaluates domains in real time. My understanding is that RPS is a way for BIND / named to communicate with something external as a source of information. I think that it may be possible to create a DLZ driver that does similar. To whit, BIND would dynamic

Re: Help with ISC-BIND 9.20.7 COPR package DOH support

Hey Everyone, Need help with the COPR packages for BIND, they don’t seem to have DOH enabled / working sudo yum-config-manager --add-repo https://copr.fedorainfracloud.org/coprs/isc/bind/repo/epel-9/isc-bind-epel-9.repo sudo yum --enablerepo="copr:copr.fedorainfracloud.org:isc:bind&quo

Bind internal name space geo-proximity

comes from Europe then delegates to dns2 Wysłane z Yahoo Mail do iPhone -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more

isc-bind service shutdown after update at 9.20.7-1.2.el8

Hi everyone, After updating my isc-bind packages from 9.20.6-1.2 to 9.20.7-1.2, i try to start the service but it always « shutdown » by himself. My server is a Rocky Linux 8.10 and with the old version (9.20.6) everything is working fine since many mounths. Here is a the part of the

Re: Custom DNS Filtering Plugin in BIND 9

when using large and frequently updated policy zones. It also enables named to share response policy providers with other DNS implementations such as Unbound. Thanks to Vernon Schryver and Farsight Security for the contribution." Link - BIND 9.12 development is getting closer to

RHEL, Rocky, Fedora rpm 9.20.7

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies

Upgrading the Bind Server issue

Message: I am following the instructions provided in the knowledge base and I am having issues with the upgrade of my bind server to version 9.20.6 I am currently on version BIND 9.16.23-RH I run this command and it works fine ./configure --prefix=/usr/local/bind-9.9.6 --sysconfdir=/etc

Re: Authoritative and caching

On 16-03-2025 21:40, Greg Choules wrote: Hi. From what others have said, that makes sense. For BIND's static files to be under /etc and operational files (zone data, journals etc.) to be somewhere else. What are the permissions on /var/lib/bind/ and/or /var/cache/bind? Both is root

Re: Authoritative and caching

>I would either change ownership of "/etc/bind" and all files and folders >below that from "root" to "bind", or, if the group for user "bind" is also >"bind", leave ownership as root but change group permissions to rwx for >ever

Re: Authoritative and caching

On 15-Mar-25 18:16, Lee wrote: On Sat, Mar 15, 2025 at 5:25 PM Danjel Jungersen via bind-users wrote: Apparmor was also mentioned, I have no experience with that, and have not changed it in any way (to my knowledge)... On my machine, $ journalctl -l | grep apparmor | grep bind |more shows

Re: Authoritative and caching

Sending from the correct alias this time! On Sun, 16 Mar 2025 at 09:03, Greg Choules wrote: > Thank you. > The problem is that named is running as user "bind" but that user > doesn't have file system permissions to create and write to files (the .jnl > and .jbk files

Re: Authoritative and caching

Off-list I was asked. root@ns1:/etc/bind# ls -la total 60 drwxr-sr-x  3 root bind 4096 Mar 15 16:31 . drwxr-xr-x 71 root root 4096 Jan  6 08:40 .. -rw-r--r--  1 root root 2403 Jul 27  2024 bind.keys -rw-r--r--  1 root root  255 Jul 27  2024 db.0 -rw-r--r--  1 root root  271 Jul 27  2024 db

Re: Authoritative and caching

Hi Danjel. Please send "ls -al" of both "/etc/bind" and "/etc/bind/zones" Thanks, Greg On Sat, 15 Mar 2025 at 16:32, Danjel Jungersen via bind-users < bind-users@lists.isc.org> wrote: > I'm so sorry, but I have to trouble you guys again. >

Re: Authoritative and caching

I'm so sorry, but I have to trouble you guys again. The help below helped, I have no errors from checkconf or checkzone, but from journalctl I get: /etc/bind/zones/db.jungersen.dk.jbk: create: permission denied and /etc/bind/zones/db.jungersen.dk.signed.jnl: create: permission denied and

BIND 9.20.6: spurious recursive lookup failures after longish uptime

s reported as a gitlab issue as well, I can do that, of course. Context: we are running 4 nodes in an anycast setup, providing our users with DNS recursor service, and RPZ service to a subset of these users. We have been using BIND 9.20 for a while, and have followed the ISC upgrades shortly

rndc: 'reload' failed: unexpected error

Hey Guys, I am using bind version 9.11.0.   There are many views and zones running inside.   bind can run normally and resolve domain names normally.   But when I execute rndc reload, I I received an error message.   ./server.c:3799: unexpected error: unable to obtain neither an IPv4

  1   2   3   4   5   6   7   8   9   10   >