underscore in A or PTR records
Hello , I face the following problem ==> bind do not accept an A record with underscore: Example: example_try A1.2.3.4 Same for a PTR: Example: 1.2.3.4 PTR example_try Is it absolutely forbidden to have in such cases an '_'? I know that it is possible for SRV or TXT records. Thanks in advance to clarify the situation and sorry if this question has already be asked. Carlos, Sensitivity: Internal Use Only This e-mail cannot be used for other purposes than Proximus business use. See more on https://www.proximus.be/maildisclaimer ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: underscore in A or PTR records
The SRV and TXT records usage is depending on underscore not being part of a hostname. The separator in hostname labels is dash. e.g. my-host.example.net _ssh._tcp.example.net SRV can be safely deployed because there are no legal hostnames starting with _ssh and _tcp. Hostname (and mail domain) syntax is defined by RFC 952 as modified by RFC1123 (allows labels to start with digits. PTR records it depends on usage. Mark > On 17 Feb 2021, at 19:13, ONRUBIA AVILES Carlos (CCS/MST) > wrote: > > Hello , > > I face the following problem è bind do not accept an A record with > underscore: > > Example: example_try A1.2.3.4 > > > Same for a PTR: > > Example: 1.2.3.4 PTR example_try > > > Is it absolutely forbidden to have in such cases an ‘_’? > I know that it is possible for SRV or TXT records. > > > Thanks in advance to clarify the situation and sorry if this question has > already be asked. > > Carlos, > > > Sensitivity: Internal Use Only > This e-mail cannot be used for other purposes than Proximus business use. See > more on https://www.proximus.be/maildisclaimer > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: underscore in A or PTR records
Hello, Thanks for these clarifications. The issue we face is that a telecom provider ask us to implement a PTR record with a name like "example_try.net" We tried this configuration but BIND do not accept it. The telecom provider complaints we can not make this DNS configuration and that it must be possible (for the moment they do not gave us examples to prove what they say). So to be clear can we answer to this telecom provider that using a PTR with "_" is not possible and not RFC compliant? Or is there anything I miss? Thanks in advance for your time. Carlos, Sensitivity: Internal Use Only -Original Message- From: Mark Andrews Sent: 17 February 2021 09:28 To: ONRUBIA AVILES Carlos (CCS/MST) Cc: bind-users@lists.isc.org Subject: Re: underscore in A or PTR records The SRV and TXT records usage is depending on underscore not being part of a hostname. The separator in hostname labels is dash. e.g. my-host.example.net _ssh._tcp.example.net SRV can be safely deployed because there are no legal hostnames starting with _ssh and _tcp. Hostname (and mail domain) syntax is defined by RFC 952 as modified by RFC1123 (allows labels to start with digits. PTR records it depends on usage. Mark > On 17 Feb 2021, at 19:13, ONRUBIA AVILES Carlos (CCS/MST) > wrote: > > Hello , > > I face the following problem è bind do not accept an A record with > underscore: > > Example: example_try A1.2.3.4 > > > Same for a PTR: > > Example: 1.2.3.4 PTR example_try > > > Is it absolutely forbidden to have in such cases an '_'? > I know that it is possible for SRV or TXT records. > > > Thanks in advance to clarify the situation and sorry if this question has > already be asked. > > Carlos, > > > Sensitivity: Internal Use Only > This e-mail cannot be used for other purposes than Proximus business > use. See more on https://www.proximus.be/maildisclaimer > ___ > Please visit > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist > s.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=04%7C01%7Ccarlos. > onrubia.aviles%40proximus.com%7Cdf9e40bb2739424445be08d8d31de6af%7Ce7a > b81b21e844bf79dcbb6fec01ed138%7C0%7C0%7C637491472662614546%7CUnknown%7 > CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV > CI6Mn0%3D%7C1000&sdata=o3VYr2m93TRf7ODAq8NPV3M5dd4EvXR9uZ8wdi3C1X8 > %3D&reserved=0 to unsubscribe from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.isc.org%2Fcontact%2F&data=04%7C01%7Ccarlos.onrubia.aviles%40proximus.com%7Cdf9e40bb2739424445be08d8d31de6af%7Ce7ab81b21e844bf79dcbb6fec01ed138%7C0%7C0%7C637491472662614546%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SiZULEaSrJIfUUxXhwwLP%2Fa2Yg3w2pJuJcivH2Wadtk%3D&reserved=0 > for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist > s.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=04%7C01%7Ccarlos. > onrubia.aviles%40proximus.com%7Cdf9e40bb2739424445be08d8d31de6af%7Ce7a > b81b21e844bf79dcbb6fec01ed138%7C0%7C0%7C637491472662614546%7CUnknown%7 > CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV > CI6Mn0%3D%7C1000&sdata=o3VYr2m93TRf7ODAq8NPV3M5dd4EvXR9uZ8wdi3C1X8 > %3D&reserved=0 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org This e-mail cannot be used for other purposes than Proximus business use. See more on https://www.proximus.be/maildisclaimer ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: underscore in A or PTR records
On 17.02.21 08:13, ONRUBIA AVILES Carlos (CCS/MST) wrote: I face the following problem ==> bind do not accept an A record with underscore: Example: example_try A1.2.3.4 Same for a PTR: Example: 1.2.3.4 PTR example_try Is it absolutely forbidden to have in such cases an '_'? absolutely no, but since underscore is not valid in hostname as per rfc1123, I don't recomment you to use it in hostnamed. I know that it is possible for SRV or TXT records. it's valid in DNS, but not in hostnames. You can in fact disable checking but you may encounter problems with remote sites. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux IS user friendly, it's just selective who its friends are... ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: underscore in A or PTR records
Matus, What do you mean with " absolutely no, but since underscore is not valid in hostname as per rfc1123, I don't recomment you to use it in hostnamed" ? I tried with the following configuration in zone " dekil.nl " and bind do not accept it: hello_mail2.dekil.nl. 3600IN A 81.246.48.28 I have the following message error: Feb 17 10:40:41 dnszone904 named[1633]: /etc/bind/zones/master/dekil.nl:19: hello_mail2.dekil.nl: bad owner name (check-names) Feb 17 10:40:41 dnszone904 named[1633]: zone dekil.nl/IN: loading from master file /etc/bind/zones/master/dekil.nl failed: bad owner name (check-names) Feb 17 10:40:41 dnszone904 named[1633]: zone dekil.nl/IN: not loaded due to errors. Sensitivity: Internal Use Only -Original Message- From: bind-users On Behalf Of Matus UHLAR - fantomas Sent: 17 February 2021 09:53 To: bind-users@lists.isc.org Subject: Re: underscore in A or PTR records On 17.02.21 08:13, ONRUBIA AVILES Carlos (CCS/MST) wrote: >I face the following problem ==> bind do not accept an A record with >underscore: > >Example: example_try A1.2.3.4 > > >Same for a PTR: > >Example: 1.2.3.4 PTR example_try > > >Is it absolutely forbidden to have in such cases an '_'? absolutely no, but since underscore is not valid in hostname as per rfc1123, I don't recomment you to use it in hostnamed. >I know that it is possible for SRV or TXT records. it's valid in DNS, but not in hostnames. You can in fact disable checking but you may encounter problems with remote sites. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fantomas.sk%2F&data=04%7C01%7Ccarlos.onrubia.aviles%40proximus.com%7Ce40888443de343c66a9408d8d3218eb1%7Ce7ab81b21e844bf79dcbb6fec01ed138%7C0%7C0%7C637491488366965000%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=KzvQWs%2BuNEwQvNH2rKKOreQlm2YhJfYYPrssbqswhV4%3D&reserved=0 Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux IS user friendly, it's just selective who its friends are... ___ Please visit https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=04%7C01%7Ccarlos.onrubia.aviles%40proximus.com%7Ce40888443de343c66a9408d8d3218eb1%7Ce7ab81b21e844bf79dcbb6fec01ed138%7C0%7C0%7C637491488366965000%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=glCh5z35uLUmPPW86kRaScRn4ZhytXWLO4BewiR3H7Q%3D&reserved=0 to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.isc.org%2Fcontact%2F&data=04%7C01%7Ccarlos.onrubia.aviles%40proximus.com%7Ce40888443de343c66a9408d8d3218eb1%7Ce7ab81b21e844bf79dcbb6fec01ed138%7C0%7C0%7C637491488366969979%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=qQ7VCy6Gav8js8yeMQVEL1XgzW4hAscFrulvYjfK8Gc%3D&reserved=0 for more information. bind-users mailing list bind-users@lists.isc.org https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users&data=04%7C01%7Ccarlos.onrubia.aviles%40proximus.com%7Ce40888443de343c66a9408d8d3218eb1%7Ce7ab81b21e844bf79dcbb6fec01ed138%7C0%7C0%7C637491488366969979%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=cV83jmF%2BfQ2vNyNhHvV9%2F%2Ff8GX6FS63712vB7M3X2bA%3D&reserved=0 This e-mail cannot be used for other purposes than Proximus business use. See more on https://www.proximus.be/maildisclaimer ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: underscore in A or PTR records
Am 17.02.21 um 09:50 schrieb ONRUBIA AVILES Carlos (CCS/MST): Hello, Thanks for these clarifications. The issue we face is that a telecom provider ask us to implement a PTR record with a name like "example_try.net" point out to that provider it's a bad idea and that they should know that! i can't count how often developers wasted hours because they used a _ in the hostname and MSIE had strange cookie behavior with the illegal hostname at the final tests after development web applications on Firefox ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: underscore in A or PTR records
Am 17.02.21 um 10:41 schrieb ONRUBIA AVILES Carlos (CCS/MST): Matus, What do you mean with " absolutely no, but since underscore is not valid in hostname as per rfc1123, I don't recomment you to use it in hostnamed" ? _ is not allowed in hostnames I tried with the following configuration in zone " dekil.nl " and bind do not accept it: hello_mail2.dekil.nl. 3600IN A 81.246.48.28 I have the following message error: Feb 17 10:40:41 dnszone904 named[1633]: /etc/bind/zones/master/dekil.nl:19: hello_mail2.dekil.nl: bad owner name (check-names) Feb 17 10:40:41 dnszone904 named[1633]: zone dekil.nl/IN: loading from master file /etc/bind/zones/master/dekil.nl failed: bad owner name (check-names) Feb 17 10:40:41 dnszone904 named[1633]: zone dekil.nl/IN: not loaded due to errors _ is not allowed in hostnames https://tools.ietf.org/html/rfc1123 2.1 Host Names and Numbers The syntax of a legal Internet host name was specified in RFC-952 [DNS:4]. One aspect of host name syntax is hereby changed: the restriction on the first character is relaxed to allow either a letter or a digit. Host software MUST support this more liberal syntax. 1. A "name" (Net, Host, Gateway, or Domain name) is a text string up to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus sign (-), and period (.) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: underscore in A or PTR records
On 17.02.21 09:41, ONRUBIA AVILES Carlos (CCS/MST) wrote: What do you mean with " absolutely no, but since underscore is not valid in hostname as per rfc1123, I don't recomment you to use it in hostnamed" ? substitute the last word with "hostnames" (a mistype). I mean that since rfc1123 prohibits using underscores in hostnames, you should not try to use them in hostnames. Othersise, you may expect different problems on different places, and whenever you'll solve such problem, people can tell you it's your problem. I tried with the following configuration in zone " dekil.nl " and bind do not accept it: hello_mail2.dekil.nl. 3600IN A 81.246.48.28 I have the following message error: Feb 17 10:40:41 dnszone904 named[1633]: /etc/bind/zones/master/dekil.nl:19: hello_mail2.dekil.nl: bad owner name (check-names) Feb 17 10:40:41 dnszone904 named[1633]: zone dekil.nl/IN: loading from master file /etc/bind/zones/master/dekil.nl failed: bad owner name (check-names) Feb 17 10:40:41 dnszone904 named[1633]: zone dekil.nl/IN: not loaded due to errors. yes, exactly. Sensitivity: Internal Use Only this is really useless here, since you posted this to public mailing list. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Remember half the people you know are below average. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: underscore in A or PTR records
> > On 17. 2. 2021, at 9:50, ONRUBIA AVILES Carlos (CCS/MST) > wrote: > > The issue we face is that a telecom provider ask us to implement a PTR record > with a name like “example_try.net" You are mixing the two things here. If the provider has asked you to create a PTR record, why do you keep trying to create a forward record? There’s some information missing somewhere. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org signature.asc Description: Message signed with OpenPGP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: underscore in A or PTR records
Hello, Indeed my question was on A record but the issue is on PTR record. I can configure the following line: _ptr.dekil.nl. 3600IN PTR _81.99-129-109.adsl-dyn.isp.dekil.nl It workswe can use "_" in both sides. But what is strange is that the following configuration do not work: 9.10.238.195.in-addr.arpa. 3600IN PTR por_tal-bis.skynet.be. "_" is not allowed Is it due to extra check by bind when it sees it is an arpa zone so no "_" is allowed? Regards, Carlos, Sensitivity: Internal Use Only -Original Message- From: Ondřej Surý Sent: 17 February 2021 10:52 To: ONRUBIA AVILES Carlos (CCS/MST) Cc: Mark Andrews ; bind-users@lists.isc.org Subject: Re: underscore in A or PTR records > > On 17. 2. 2021, at 9:50, ONRUBIA AVILES Carlos (CCS/MST) > wrote: > > The issue we face is that a telecom provider ask us to implement a PTR record > with a name like “example_try.net" You are mixing the two things here. If the provider has asked you to create a PTR record, why do you keep trying to create a forward record? There’s some information missing somewhere. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org This e-mail cannot be used for other purposes than Proximus business use. See more on https://www.proximus.be/maildisclaimer ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND DLZ - ldap_init and LDAP_PORT function argument values
Hello,
I'm checking the source code of bind dlz since we need to use ldaps instead of
ldap.
I found this on the source code of BIND DLZ:
If (ldap_url->lud_port != 389) {
db->log(ISC_LOG_ERROR,"%s query must not specify a port", msg);
result = ISC_R_FAILURE;
goto cleanup;
}
I understand that this error control only involves the query and not the
connection.
Checking the connection parameter function:
dbc->dbconn = ldap_init(dbi->hosts,LDAP_PORT);
if (dbc->dbconn == NULL) {
return (ISC_R_NOMEMORY) ;
}
This uses a deprecated openldap function and sends a constant as port
(LDAP_PORT)
If we check the ldap.h where ldap_init is defined:
#define LDAP_PORT389/* ldap:///default LDAP port */
#define LDAPS_PORT636/* ldaps:///default LDAP over TLS port */
Does this means that Bind DLZ does not support ldaps from factory and should be
compiled again replacing LDAP_PORT by LDAPS_PORT?
Thank you so much.
Regards.
Dario Garcia
Díaz-Miguel
GGCS-SES Unit
GGCS SKMF Infrastructure Division
GMV
C\ de Isaac Newton, 11
28760, Tres Cantos, Madrid
España
+34 918 07 21 00
+34 918 07 21 99
www.gmv.com
-Mensaje original-
De: Dario García Díaz-Miguel
Enviado el: miércoles, 17 de febrero de 2021 7:55
Para: 'bind-users@lists.isc.org'
CC: skmf_support
Asunto: RE: Can't use Bind DLZ through LDAPS SSL
Hi everybody,
Since I'm a little bit desperate with this issue, and after asking this on
reddit (r/sysadmin) and serverfault with low or none responses, I tried some
configurations with the ideas an user gave me with still no luck:
- Using ldap:// and socket path translation using the python library
urllib.parse:
dlz "ldap zone" {
database "ldap 2
v3 simple {uid=bind/test-machine.example.com,ou=Services,dc=example,dc=com}
{secret} 192.168.1.15
ldap://%2Frun%2Fslapd%2Fldapi/dlzZoneName=\$zone\$,ou=dns,dc=example,dc=com???objectclass=dlzZone
ldap://%2Frun%2Fslapd%2Fldapi/dlzHostName=\$record\$,dlzZoneName=\$zone\$,ou=dns,dc=example,dc=com?dlzTTL,dlzType,dlzPreference,dlzData,dlzIpAddr?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa)))
ldap://%2Frun%2Fslapd%2Fldapi/dlzHostName=@,dlzZoneName=\$zone\$,ou=dns,=dc=example,dc=com?dlzTTL,dlzType,dlzData,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(dlzType=soa))
ldap://%2Frun%2Fslapd%2Fldapi/dlzZoneName=\$zone\$,ou=dns,dc=example,dc=com?dlzTTL,dlzType,dlzHostname,dlzPreference,dlzData,dlzIpAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectClass=dlzAbstractRecord)(!(dlzType=soa)))
ldap://%2Frun%2Fslapd%2Fldapi/dlzZoneName=\$zone\$,ou=dns,dc=example,dc=com??sub?(&(objectclass=dlzXFR)(dlzIPAddr=\$client\$))";
};
- Using ldapi:// and socket path translation using the python code:
dlz "ldap zone" {
database "ldap 2
v3 simple {uid=bind/test-machine.example.com,ou=Services,dc=example,dc=com}
{secret} 192.168.1.15
ldapi://%2Frun%2Fslapd%2Fldapi/dlzZoneName=\$zone\$,ou=dns,dc=example,dc=com???objectclass=dlzZone
ldapi://%2Frun%2Fslapd%2Fldapi/dlzHostName=\$record\$,dlzZoneName=\$zone\$,ou=dns,dc=example,dc=com?dlzTTL,dlzType,dlzPreference,dlzData,dlzIpAddr?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa)))
ldapi://%2Frun%2Fslapd%2Fldapi/dlzHostName=@,dlzZoneName=\$zone\$,ou=dns,=dc=example,dc=com?dlzTTL,dlzType,dlzData,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(dlzType=soa))
ldapi://%2Frun%2Fslapd%2Fldapi/dlzZoneName=\$zone\$,ou=dns,dc=example,dc=com?dlzTTL,dlzType,dlzHostname,dlzPreference,dlzData,dlzIpAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectClass=dlzAbstractRecord)(!(dlzType=soa)))
ldapi://%2Frun%2Fslapd%2Fldapi/dlzZoneName=\$zone\$,ou=dns,dc=example,dc=com??sub?(&(objectclass=dlzXFR)(dlzIPAddr=\$client\$))";
};
- Using ldaps:// and FQDN:
dlz "ldap zone" {
database "ldap 2
v3 simple {uid=bind/test-machine.example.com,ou=Services,dc=example,dc=com}
{secret} 192.168.1.15
ldaps://test-machine.example.com/dlzZoneName=\$zone\$,ou=dns,dc=example,dc=com???objectclass=dlzZone
ldaps://test-machine.example.com/dlzHostName=\$record\$,dlzZoneName=\$zone\$,ou=dns,dc=example,dc=com?dlzTTL,dlzType,dlzPreference,dlzData,dlzIpAddr?sub?(&(objectclass=dlzAbstractRecord)(!(dlzType=soa)))
ldaps://test-machine.example.com/dlzHostName=@,dlzZoneName=\$zone\$,ou=dns,=dc=example,dc=com?dlzTTL,dlzType,dlzData,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectclass=dlzAbstractRecord)(dlzType=soa))
ldaps://test-machine.example.com/dlzZoneName=\$zone\$,ou=dns,dc=example,dc=com?dlzTTL,dlzType,dlzHostname,dlzPreference,dlzData,dlzIpAddr,dlzPrimaryNS,dlzAdminEmail,dlzSerial,dlzRefresh,dlzRetry,dlzExpire,dlzMinimum?sub?(&(objectClass=dlzAbstractRecord)(!(dlzType=soa)))
ldaps://test-machine.example.com/dlzZoneName=\$zone\$,ou=dns,dc=example,dc=com??sub?(&(objectclass=dlzXFR)(dlzIPAddr=\$client\$))";
}
Re: underscore in A or PTR records
> On 17 Feb 2021, at 12.34, ONRUBIA AVILES Carlos (CCS/MST) > wrote: > > Hello, > > Indeed my question was on A record but the issue is on PTR record. > I can configure the following line: > > _ptr.dekil.nl. 3600IN PTR > _81.99-129-109.adsl-dyn.isp.dekil.nl > > It workswe can use "_" in both sides. > > > But what is strange is that the following configuration do not work: > > 9.10.238.195.in-addr.arpa. 3600IN PTR > por_tal-bis.skynet.be. > > "_" is not allowed > > Is it due to extra check by bind when it sees it is an arpa zone so no "_" > is allowed? As previously mentioned, the RFCs expressly forbids the "_" in names. I assume that a leading "_" slips past Bind's control because it "could" be part of a valid but at compile time unknown _tcp -like label. > > > Regards, > > Carlos, > > > Sensitivity: Internal Use Only > > -Original Message- > From: Ondřej Surý > Sent: 17 February 2021 10:52 > To: ONRUBIA AVILES Carlos (CCS/MST) > Cc: Mark Andrews ; bind-users@lists.isc.org > Subject: Re: underscore in A or PTR records > >> >> On 17. 2. 2021, at 9:50, ONRUBIA AVILES Carlos (CCS/MST) >> wrote: >> >> The issue we face is that a telecom provider ask us to implement a PTR >> record with a name like “example_try.net" > > You are mixing the two things here. If the provider has asked you to create a > PTR record, why do you keep trying to create a forward record? There’s some > information missing somewhere. > > Ondrej > -- > Ondřej Surý (He/Him) > ond...@isc.org > This e-mail cannot be used for other purposes than Proximus business use. See > more on https://www.proximus.be/maildisclaimer > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't use Bind DLZ through LDAPS SSL
On 2/12/21 4:49 AM, Ted Mittelstaedt wrote: If you are not familiar with stunnel you should have looked up what it was before responding. It's not going to be applicable here and I would not have suggested it if I had known both programs were on the same machine. What does being on the same machine have to do with using stunnel or not? Won't stunnel be configured to listen on one port and connect to a different port? Thus the connections would be: 127.0.0.1: --- 127.0.0.1:389 127.0.0.1: --- 127.0.0.1:639 What am I missing? -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't use Bind DLZ through LDAPS SSL
On 2/16/21 11:54 PM, Dario García Díaz-Miguel via bind-users wrote: Hi everybody, Hi, Since I'm a little bit desperate with this issue, and after asking this on reddit (r/sysadmin) and serverfault with low or none responses, I think it would be worth half an hour or so to test stunnel. It should be able to help prove your overall end to end design works. Having a successful end to end design will also help defend the use of the tool. You can also probably dig deeper into why you might need stunnel independently of does the design work. Sometimes having additional information, via a crutch, helps in diagnosing problems. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: underscore in A or PTR records
No. The PTR records that map from IP address to hostname enforce the hostname rules. -- Mark Andrews > On 18 Feb 2021, at 02:20, Sten Carlsen wrote: > > > >> On 17 Feb 2021, at 12.34, ONRUBIA AVILES Carlos (CCS/MST) >> wrote: >> >> Hello, >> >> Indeed my question was on A record but the issue is on PTR record. >> I can configure the following line: >> >> _ptr.dekil.nl. 3600IN PTR >> _81.99-129-109.adsl-dyn.isp.dekil.nl >> >> It workswe can use "_" in both sides. >> >> >> But what is strange is that the following configuration do not work: >> >> 9.10.238.195.in-addr.arpa. 3600IN PTR >> por_tal-bis.skynet.be. >> >> "_" is not allowed >> >> Is it due to extra check by bind when it sees it is an arpa zone so no "_" >> is allowed? > > As previously mentioned, the RFCs expressly forbids the "_" in names. > > I assume that a leading "_" slips past Bind's control because it "could" be > part of a valid but at compile time unknown _tcp -like label. > >> >> >> Regards, >> >> Carlos, >> >> >> Sensitivity: Internal Use Only >> >> -Original Message- >> From: Ondřej Surý >> Sent: 17 February 2021 10:52 >> To: ONRUBIA AVILES Carlos (CCS/MST) >> Cc: Mark Andrews ; bind-users@lists.isc.org >> Subject: Re: underscore in A or PTR records >> >>> On 17. 2. 2021, at 9:50, ONRUBIA AVILES Carlos (CCS/MST) wrote: >>> >>> The issue we face is that a telecom provider ask us to implement a PTR >>> record with a name like “example_try.net" >> >> You are mixing the two things here. If the provider has asked you to create >> a PTR record, why do you keep trying to create a forward record? There’s >> some information missing somewhere. >> >> Ondrej >> -- >> Ondřej Surý (He/Him) >> ond...@isc.org >> This e-mail cannot be used for other purposes than Proximus business use. >> See more on https://www.proximus.be/maildisclaimer >> ___ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ for more information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
DoH Support in bind 9.17?
Hello. We are looking to add this to our fleet of bind servers based on: https://gitlab.isc.org/isc-projects/bind9/-/wikis/DoH/DOH-and-DoT-Design However, there does not appear to be support for DoH ala bind9.17 atm. Do we have a timeline for its implementation? Cheers. -- -C -- This email, its contents and attachments contain information from J2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution or use of the contents of this message is prohibited. If you have received this email in error, please notify the sender by reply email and delete the original message and any copies. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
