Re: Seeing lots of DNS issues on OpenWRT

Hi Philip. I echo Fred's response; why forward? - Backup your config - remove/comment the "forwarders {}" statement - start a tcpdump to disc for port 53 (for evidence about what happens next) - stop/start 'named'. - try queries/look in the log/stop the tcpdump and analyse it in Wireshark. As an a

test - please ignore

Thanks, Greg -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org h

Re: Mailing list questions (DMARC, ARC, more?)

> On Aug 23, 2022, at 07:39, G.W. Haywood via bind-users > wrote: > > Hi there, > > On Tue, 23 Aug 2022, Alessandro Vesely wrote: > >> I see the list operates both From: munging and ARC sealing. While I'm clear >> about the former, I'm curious about how ARC works: >> Do any subscribers tru

Re: Mailing list questions (DMARC, ARC, more?)

another test done I see the list operates both From: munging and ARC sealing. While I'm clear about the former, I'm curious about how ARC works: Do any subscribers trust the seal by isc.org? I guess most of recipients use predefined configurations, e.g. no whitelisting. out of curiousity,

Re: Seeing lots of DNS issues on OpenWRT

On 23-09-2022 21:59, Ed Daniel wrote: As per your previous email 17:54 where you share Sparklight response, Quad9 uses strict DNS checking iirc, you should add another couple of cloud DNS resolvers like 1.1.1.1 and 8.8.8.8 that fall back to resolve when DNSSEC is broken at destination. As I hin

Re: Sparklight and DNSSEC

On 23-09-2022 18:54, Philip Prindeville wrote: Anyway, I suggested that they standup a second pair of DNS servers, this time with DNSSEC enabled, and let their customers decide if streaming is more important than security. Waiting to hear back... How many ISP's squelch DNSSEC like that? I hope

Re: Seeing lots of DNS issues on OpenWRT

Why are you forwarding at all? On Fri, 23 Sep 2022, Philip Prindeville wrote: I've changed locations (moved houses) and consequently ISPs (now on Sparklight, used to have CTC) and I'm seeing a slew of DNS issues I didn't have before [...] As you can see, a LOT of noise. [...] // If y

Re: Seeing lots of DNS issues on OpenWRT

As per your previous email 17:54 where you share Sparklight response, Quad9 uses strict DNS checking iirc, you should add another couple of cloud DNS resolvers like 1.1.1.1 and 8.8.8.8 that fall back to resolve when DNSSEC is broken at destination. forwarders { // Sparklight

Re: BINd9 Server for Public Website

Previously i was using unbound, but after suggestion's to try full fledge dns like bind, now i am trying it on bind Get Outlook for Android From: bind-users on behalf of Fred Morris Sent: Friday, September 23, 2022 9:02:39 PM To: bind-us

Seeing lots of DNS issues on OpenWRT

Hi all, I've changed locations (moved houses) and consequently ISPs (now on Sparklight, used to have CTC) and I'm seeing a slew of DNS issues I didn't have before like: Sep 23 11:42:13 OpenWrt3 named[28113]: timed out resolving 'wdatpsngatewaytmcacane.trafficmanager.net/A/IN': 9.9.9.9#53 Sep 23

Sparklight and DNSSEC

Hi all, I was seeing a lot of noise about RRSIG's using the Sparklight name servers dns1.cableonet.net and c1dns.cableone.net, like this: Sep 23 10:44:24 OpenWrt3 named[28113]: validating net/SOA: got insecure response; parent indicates it should be secure Sep 23 10:44:24 OpenWrt3 named[28113

Re: BINd9 Server for Public Website

Nearly identical to what was posted to the unbound list. -- FWM6 On Fri, 23 Sep 2022, JAHANZAIB SYED wrote: I am trying to get some basic ideas on dns/hosting. [...] -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this sof

Re: BINd9 Server for Public Website

Hi SJZ, please read https://berthub.eu/articles/posts/anonymous-help/ first, it contains many helpful advices how to ask for help. By using example domain names and other peoples IP addresses, it's nearly impossible to provide any meaningful

BINd9 Server for Public Website

I am trying to get some basic ideas on dns/hosting. I have purchased a public domain e.g: example.com & the hosting provider have given me with cpanel access where I can add my dns records using cpanel zone editor. I want to use my own BIND9 dns server instead of hosting provider DNS server. I

Default Reverse Lookup name for unused IPs in BIND9

Greetings, I have installed BIND9 to act as authoritative dns server for my company If I query reverse IP lookup via any public dns for my ISP's different Ip address, I get this result,,, For every IP on which my ISP have made custom record I get this result: ** nslookup 111.111.111.158 nslook