Is anyone here forwarding your bind-users messages to gmail or a google-hosted domain?
Hey all, I'm one of the people who admins ISC's mail servers, and also receives all our DKIM/SPF/DMARC failure reports. (We use dmarcian.com) We've seen a number of messages reported to us as having an isc.org "from" address, and as having our dkim signatures, but the signatures failing to verify, perhaps because a forwarder may have added a subject tag or rewritten some other header. Of course, SPF also fails because those servers aren't in our SPF record. This makes us look bad because it shows isc.org messages arriving at gmail in a non-compliant way, and it makes your mail servers look bad, because they're "spoofing" isc.org mail. Worse, if ISC moves our dmarc record to a p=reject policy, you just won't get that email anymore, so it's definitely not future-proof. Our dmarc reports only show us aggregates of the from/to/spf/dkim/dmarc status. We can't easily inspect individual messages. If this sounds like you, please do drop me a line privately at dmaho...@isc.org. I'd love to work with you to ensure I understand what's going on and also see if we can make things work better for everyone. Cheers, -Dan -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Communication error when we do axfr query for the large size zone
Hi, We are getting the following error when we query for the 25M zone with axfr . ]# dig @localhost 25million.com axfr |tail a8157794.25million.com. 86400 IN A 1.1.1.1 a8157795.25million.com. 86400 IN A 1.1.1.1 a8157796.25million.com. 86400 IN A 1.1.1.1 a8157797.25million.com. 86400 IN A 1.1.1.1 a8157798.25million.com. 86400 IN A 1.1.1.1 a8157799.25million.com. 86400 IN A 1.1.1.1 a81578.25million.com. 86400 IN A 1.1.1.1 a815780.25million.com. 86400 IN A 1.1.1.1 *;; communications error to 127.0.0.1#53: end of file* Do we need to increase or set any parameters?. Regards, Ramesh -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Communication error when we do axfr query for the large size zone
Probably. Maybe check for any log messages from BIND. Do packet capture to see exactly what's happening to the TCP. On Tue, Apr 19, 2022 at 10:12 PM rams wrote: > Hi, > We are getting the following error when we query for the 25M zone with > axfr . > > ]# dig @localhost 25million.com axfr |tail > a8157794.25million.com. 86400 IN A 1.1.1.1 > a8157795.25million.com. 86400 IN A 1.1.1.1 > a8157796.25million.com. 86400 IN A 1.1.1.1 > a8157797.25million.com. 86400 IN A 1.1.1.1 > a8157798.25million.com. 86400 IN A 1.1.1.1 > a8157799.25million.com. 86400 IN A 1.1.1.1 > a81578.25million.com. 86400 IN A 1.1.1.1 > a815780.25million.com. 86400 IN A 1.1.1.1 > *;; communications error to 127.0.0.1#53: end of file* > > Do we need to increase or set any parameters?. > > Regards, > Ramesh > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Communication error when we do axfr query for the large size zone
Seeing only these two line in log: Apr 20 05:54:20 perf-bind named[74314]: client @0x7fb844005288 127.0.0.1#13522 (25million.com): transfer of '25million.com/IN': AXFR started (serial 1605611713) Apr 20 05:54:41 perf-bind monit[1105]: 'rootfs' space usage 92.9% matches resource limit [space usage > 90.0%] Apr 20 05:54:41 perf-bind monit[1105]: 'rootfs' space usage 92.9% matches resource limit [space usage > 90.0%] Apr 20 05:54:50 perf-bind named[74314]: client @0x7fb844005288 127.0.0.1#13522 (25million.com): transfer of '25million.com/IN': send: operation canceled On Wed, Apr 20, 2022 at 11:17 AM Crist Clark wrote: > Probably. > > Maybe check for any log messages from BIND. Do packet capture to see > exactly what's happening to the TCP. > > On Tue, Apr 19, 2022 at 10:12 PM rams wrote: > >> Hi, >> We are getting the following error when we query for the 25M zone with >> axfr . >> >> ]# dig @localhost 25million.com axfr |tail >> a8157794.25million.com. 86400 IN A 1.1.1.1 >> a8157795.25million.com. 86400 IN A 1.1.1.1 >> a8157796.25million.com. 86400 IN A 1.1.1.1 >> a8157797.25million.com. 86400 IN A 1.1.1.1 >> a8157798.25million.com. 86400 IN A 1.1.1.1 >> a8157799.25million.com. 86400 IN A 1.1.1.1 >> a81578.25million.com. 86400 IN A 1.1.1.1 >> a815780.25million.com. 86400 IN A 1.1.1.1 >> *;; communications error to 127.0.0.1#53: end of file* >> >> Do we need to increase or set any parameters?. >> >> Regards, >> Ramesh >> -- >> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe >> from this list >> >> ISC funds the development of this software with paid support >> subscriptions. Contact us at https://www.isc.org/contact/ for more >> information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> > -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Communication error when we do axfr query for the large size zone
We can’t really help you if you withhold information. You need to learn to provide complete information if you want other people to help you instead of letting them guess what does you environment look like. Ondrej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 20. 4. 2022, at 8:04, rams wrote: > > > Seeing only these two line in log: > Apr 20 05:54:20 perf-bind named[74314]: client @0x7fb844005288 > 127.0.0.1#13522 (25million.com): transfer of '25million.com/IN': AXFR started > (serial 1605611713) > Apr 20 05:54:41 perf-bind monit[1105]: 'rootfs' space usage 92.9% matches > resource limit [space usage > 90.0%] > Apr 20 05:54:41 perf-bind monit[1105]: 'rootfs' space usage 92.9% matches > resource limit [space usage > 90.0%] > Apr 20 05:54:50 perf-bind named[74314]: client @0x7fb844005288 > 127.0.0.1#13522 (25million.com): transfer of '25million.com/IN': send: > operation canceled > >> On Wed, Apr 20, 2022 at 11:17 AM Crist Clark >> wrote: >> Probably. >> >> Maybe check for any log messages from BIND. Do packet capture to see exactly >> what's happening to the TCP. >> >>> On Tue, Apr 19, 2022 at 10:12 PM rams wrote: >>> Hi, >>> We are getting the following error when we query for the 25M zone with axfr >>> . >>> >>> ]# dig @localhost 25million.com axfr |tail >>> a8157794.25million.com. 86400 IN A 1.1.1.1 >>> a8157795.25million.com. 86400 IN A 1.1.1.1 >>> a8157796.25million.com. 86400 IN A 1.1.1.1 >>> a8157797.25million.com. 86400 IN A 1.1.1.1 >>> a8157798.25million.com. 86400 IN A 1.1.1.1 >>> a8157799.25million.com. 86400 IN A 1.1.1.1 >>> a81578.25million.com. 86400 IN A 1.1.1.1 >>> a815780.25million.com. 86400 IN A 1.1.1.1 >>> ;; communications error to 127.0.0.1#53: end of file >>> >>> Do we need to increase or set any parameters?. >>> >>> Regards, >>> Ramesh >>> -- >>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from >>> this list >>> >>> ISC funds the development of this software with paid support subscriptions. >>> Contact us at https://www.isc.org/contact/ for more information. >>> >>> >>> bind-users mailing list >>> bind-users@lists.isc.org >>> https://lists.isc.org/mailman/listinfo/bind-users > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Communication error when we do axfr query for the large size zone
We have CentOS Linux 7 , 128GB ram and bind 9.16.13. Could you please share what information exactly you are looking for? to resolve the issue. On Wed, Apr 20, 2022 at 11:36 AM Ondřej Surý wrote: > We can’t really help you if you withhold information. You need to learn to > provide complete information if you want other people to help you instead > of letting them guess what does you environment look like. > > Ondrej > -- > Ondřej Surý — ISC (He/Him) > > My working hours and your working hours may be different. Please do not > feel obligated to reply outside your normal working hours. > > On 20. 4. 2022, at 8:04, rams wrote: > > > Seeing only these two line in log: > Apr 20 05:54:20 perf-bind named[74314]: client @0x7fb844005288 > 127.0.0.1#13522 (25million.com): transfer of '25million.com/IN': AXFR > started (serial 1605611713) > Apr 20 05:54:41 perf-bind monit[1105]: 'rootfs' space usage 92.9% matches > resource limit [space usage > 90.0%] > Apr 20 05:54:41 perf-bind monit[1105]: 'rootfs' space usage 92.9% matches > resource limit [space usage > 90.0%] > Apr 20 05:54:50 perf-bind named[74314]: client @0x7fb844005288 > 127.0.0.1#13522 (25million.com): transfer of '25million.com/IN': send: > operation canceled > > On Wed, Apr 20, 2022 at 11:17 AM Crist Clark > wrote: > >> Probably. >> >> Maybe check for any log messages from BIND. Do packet capture to see >> exactly what's happening to the TCP. >> >> On Tue, Apr 19, 2022 at 10:12 PM rams wrote: >> >>> Hi, >>> We are getting the following error when we query for the 25M zone with >>> axfr . >>> >>> ]# dig @localhost 25million.com axfr |tail >>> a8157794.25million.com. 86400 IN A 1.1.1.1 >>> a8157795.25million.com. 86400 IN A 1.1.1.1 >>> a8157796.25million.com. 86400 IN A 1.1.1.1 >>> a8157797.25million.com. 86400 IN A 1.1.1.1 >>> a8157798.25million.com. 86400 IN A 1.1.1.1 >>> a8157799.25million.com. 86400 IN A 1.1.1.1 >>> a81578.25million.com. 86400 IN A 1.1.1.1 >>> a815780.25million.com. 86400 IN A 1.1.1.1 >>> *;; communications error to 127.0.0.1#53: end of file* >>> >>> Do we need to increase or set any parameters?. >>> >>> Regards, >>> Ramesh >>> -- >>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe >>> from this list >>> >>> ISC funds the development of this software with paid support >>> subscriptions. Contact us at https://www.isc.org/contact/ for more >>> information. >>> >>> >>> bind-users mailing list >>> bind-users@lists.isc.org >>> https://lists.isc.org/mailman/listinfo/bind-users >>> >> -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Communication error when we do axfr query for the large size zone
> bind 9.16.13 This. You are running outdated unsupported version of BIND 9. You need to upgrade to latest 9.16 version at least. -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 20. 4. 2022, at 8:27, rams wrote: > > > We have CentOS Linux 7 , 128GB ram and bind 9.16.13. > Could you please share what information exactly you are looking for? to > resolve the issue. > >> On Wed, Apr 20, 2022 at 11:36 AM Ondřej Surý wrote: >> We can’t really help you if you withhold information. You need to learn to >> provide complete information if you want other people to help you instead of >> letting them guess what does you environment look like. >> >> Ondrej >> -- >> Ondřej Surý — ISC (He/Him) >> >> My working hours and your working hours may be different. Please do not feel >> obligated to reply outside your normal working hours. >> On 20. 4. 2022, at 8:04, rams wrote: >>> >>> Seeing only these two line in log: >>> Apr 20 05:54:20 perf-bind named[74314]: client @0x7fb844005288 >>> 127.0.0.1#13522 (25million.com): transfer of '25million.com/IN': AXFR >>> started (serial 1605611713) >>> Apr 20 05:54:41 perf-bind monit[1105]: 'rootfs' space usage 92.9% matches >>> resource limit [space usage > 90.0%] >>> Apr 20 05:54:41 perf-bind monit[1105]: 'rootfs' space usage 92.9% matches >>> resource limit [space usage > 90.0%] >>> Apr 20 05:54:50 perf-bind named[74314]: client @0x7fb844005288 >>> 127.0.0.1#13522 (25million.com): transfer of '25million.com/IN': send: >>> operation canceled >>> On Wed, Apr 20, 2022 at 11:17 AM Crist Clark wrote: Probably. Maybe check for any log messages from BIND. Do packet capture to see exactly what's happening to the TCP. > On Tue, Apr 19, 2022 at 10:12 PM rams wrote: > Hi, > We are getting the following error when we query for the 25M zone with > axfr . > > ]# dig @localhost 25million.com axfr |tail > a8157794.25million.com. 86400 IN A 1.1.1.1 > a8157795.25million.com. 86400 IN A 1.1.1.1 > a8157796.25million.com. 86400 IN A 1.1.1.1 > a8157797.25million.com. 86400 IN A 1.1.1.1 > a8157798.25million.com. 86400 IN A 1.1.1.1 > a8157799.25million.com. 86400 IN A 1.1.1.1 > a81578.25million.com. 86400 IN A 1.1.1.1 > a815780.25million.com. 86400 IN A 1.1.1.1 > ;; communications error to 127.0.0.1#53: end of file > > Do we need to increase or set any parameters?. > > Regards, > Ramesh > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >>> -- >>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from >>> this list >>> >>> ISC funds the development of this software with paid support subscriptions. >>> Contact us at https://www.isc.org/contact/ for more information. >>> >>> >>> bind-users mailing list >>> bind-users@lists.isc.org >>> https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
