On 9/3/21 01:55, Michael Sinatra wrote:
'listen-on any;' is the default for v4, so you should actually be
listening on 127.0.0.1 in addition to everything else (since all of
your listen-on's for v4 appear to be commented out). You *should* be
able to remove 'listen-on-v6 { ::1; };' and j
On 9/2/21 2:59 PM, Mark Tinka wrote:
On 9/2/21 23:51, Michael Sinatra wrote:
I have noticed this also and have opened a (similar but different)
issue, but it's a bit weird how it manifests itself.
On your freebsd installation, make sure that all of your interfaces
are configured and that
On 9/2/21 23:51, Michael Sinatra wrote:
I have noticed this also and have opened a (similar but different)
issue, but it's a bit weird how it manifests itself.
On your freebsd installation, make sure that all of your interfaces
are configured and that bind can listen on them. (They don't
On 9/2/21 2:35 PM, Mark Tinka wrote:
Not sure if this issue offers some clue:
https://gitlab.isc.org/isc-projects/bind9/-/issues/2575
I see its maintainer just closed it 11hrs ago...
I have noticed this also and have opened a (similar but different)
issue, but it's a bit weird how it manifes
Not sure if this issue offers some clue:
https://gitlab.isc.org/isc-projects/bind9/-/issues/2575
I see its maintainer just closed it 11hrs ago...
Mark.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this li
Just give it time. Named will choose the appropriate DNSKEY when it comes time
to re-sign the RRset.
--
Mark Andrews
> On 3 Sep 2021, at 03:26, Timothy A. Holtzen wrote:
>
> Okay, so if I'm interpreting this correctly. When the new alg 14 KSKs
> were created and then the zone was signed (e
FTR The PROXY protocol is on the todo list, but the demand hasn’t been great so
it’s more in the “patches accepted” area then something that’s just around the
corner…
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply o
In this case I use dnsdist (by PowerDNS) for load balancing and failover
-- requests are balanced between my internal bind9 servers, and if they
are all down queries go to public DNS directly to avoid a total outage.
The challenge here is that the source IP for all requests is now coming
from d
On Thu, Sep 02, 2021 at 02:26:59PM -0400, Ryan McGuire wrote:
> Thank you, in my searching I failed to come across that.
>
> Do you know if it's been replaced by something more "practical to
> deploy"? I found some discussion regarding support for "The PROXY
> Protocol" (https://www.haproxy.org/
Thank you, in my searching I failed to come across that.
Do you know if it's been replaced by something more "practical to
deploy"? I found some discussion regarding support for "The PROXY
Protocol" (https://www.haproxy.org/download/2.2/doc/proxy-protocol.txt)
but I don't believe it's planned.
> I did compile 9.16.20 from source since the latest in Debian repos is
> 9.16.15 but the result is the same. The doc snippet in my original email
> was from 9.11 docs -- could this feature not have been brought forward
> into 9.16 at all? The only related documented removed feature is
> geoi
Okay, so if I'm interpreting this correctly. When the new alg 14 KSKs
were created and then the zone was signed (either automatically or via a
command) there was probably only a valid alg 8 ZSK available. As a
result bind used the alg 14 KSK as a defacto CSK and singed the zone
RRSets directly.
I did compile 9.16.20 from source since the latest in Debian repos is
9.16.15 but the result is the same. The doc snippet in my original email
was from 9.11 docs -- could this feature not have been brought forward
into 9.16 at all? The only related documented removed feature is
geoip-use-ecs.
On 9/2/21 16:30, Michal Nowak wrote:
Mark, what's the exact BIND 9.16 version which is crashing for you?
I started off with 9.16.19 several weeks ago (coming from 9.11), and
that was crashing.
I upgraded to 9.16.20 last week, and it's crashing too.
Why do you say that the reason for cr
On 02/09/2021 13:29, Mark Tinka wrote:
Hi all.
Ever since we moved from BIND-9.11 to BIND-9.16, we've been experiencing
'named' crashing after 24hrs - 36hrs on high-load resolver-only servers,
running on FreeBSD-13.0.
We found that the reason for this was due to BIND running out of swap spac
I'm setting ECS in dnsdist in hopes of using it in an ACL to choose a
view. The views are working well, and the ECS is read by bind9 (see log
below), but I can't seem to find a syntax for adding an ecs entry into
an acl. Here is what I've tried:
acl "filtered" {
192.168.0.90;
192.168.0.91;
Hi all.
Ever since we moved from BIND-9.11 to BIND-9.16, we've been experiencing
'named' crashing after 24hrs - 36hrs on high-load resolver-only servers,
running on FreeBSD-13.0.
We found that the reason for this was due to BIND running out of swap space.
An increase in swap space by creatin
17 matches
Mail list logo
