Re: SERVFAIL in BIND when resolving certain domains (.gov.co)

Am 01.11.2024 um 22:37:30 Uhr schrieb Marco Moock: > Both servers are reachable, via IPv6 using ICMP echo req, but the DNS > server isn't listening on UDP nor TCP. I have to catch that up: I don't receive any answer when querying UDP or TCP, also on other ports. Maybe it is also a firewall that s

Re: SERVFAIL in BIND when resolving certain domains (.gov.co)

Am 01.11.2024 um 16:30:55 Uhr schrieb Cesar Augusto Camacho Sierra: > Could this issue be related to some additional configuration in BIND > or is it possible that it is a bug in the cundinamarca.gov.co > delegation chain? I appreciate any guidance or suggestions for > additional testing. Proble

SERVFAIL in BIND when resolving certain domains (.gov.co)

Hello everyone, I'm experiencing a problem with my BIND 9 server (version 9.20.3-1+ubuntu22.04.1+deb.sury.org+1-Ubuntu) when trying to resolve certain domains. Below I share the details of an example of a failed query for the domain gevir.cundinamarca.gov.co: portalpagos.claro.com.co: ; <<>> DiG

Re: DNSSEC, OpenDNS and www.cdc.gov

This is a problem with the operational configuration of the cdc.gov nameservers. The gov nameservers publish the following NS records for cdc.gov: cdc.gov.10800 IN NS auth00.ns.uu.net. cdc.gov.10800 IN NS auth100.ns.uu.net. cdc.gov.

RE: dnnsec ipv6 reverse zone configuration

Thanks! This did the trick for me, once I built the missing zone and got the DS records in the correct spots everything is now reporting green. Michael Martinell Network/Broadband Technician Interstate Telecommunications Coop., Inc.-Original Message- From: Mark Andrews Sent: Wednesday,

Re: Question about DNSSEC

Thanks guys! As usual, you've taught me an invaluable lesson. Regards, Bob On Fri, Nov 1, 2024 at 11:42 AM Evan McKinney wrote: > Even with a CNAME record, the delv command will validate each step of the > resolution. You can use the +vtrace option to see each validation and > +mtrace to see

Re: Question about DNSSEC

Sorry, I get the DO and AD flags confused. I see now that DIG is telling me that somewhere in the chain there is an entry that is not validated. I was doing everything manually. And yes, I saw that DELV runs the chain. Thanks again, Bob -- Visit https://lists.isc.org/mailman/listinfo/bind-user

Re: Server crash on receiving query

I have the same problem with bind version 9.20.3 (on both Sonoma & Sequoia the Sonoma attempt was on a machine that I did a clean install on Sonoma on and the only things on the machine were what came with the install, homebrew & brew install bind instant reboot when trying "dig @127.0.0.1 can.

Re: BIND contribution

Hi Leonie, thank you for approaching us before making the contribution. Before we accept any code there are two main questions to be asked: a) is this going to be useful to anyone else but a handful of researchers? b) who is going to maintain the code long term? Adding a new transport mechanism

Re: Question about DNSSEC

Even with a CNAME record, the delv command will validate each step of the resolution. You can use the +vtrace option to see each validation and +mtrace to see each individual message. -Evan Get BlueMail for Desktop Ondřej Surý wrote: DO flag is indication to “do DNSSEC”, it

Re: Question about DNSSEC

DO flag is indication to “do DNSSEC”, it has no other meaning. You should be looking for AD flag.As for delv output - it prints out which names are validated and those that are not. I don’t see anything wrong here.--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different.

Re: Question about DNSSEC

The host is www.irs.gov. A further question. DIG sets the DO flag even though the second and third entries in the CNAME chain are not signed. There's basically no indication that there's really any issue. DELV indicates the host as "fully validated" then flags the second entry in the CNAME chain

BIND contribution

Dear users and contributors, we are a group of students from the technical university in Dresden. In the context of a group project, we want to extend BIND and dig with DNS over CoAP [1]. Our plan is it to implement it in BIND as a library and in dig directly in the existing code. For both, we

Re: Memory leak?

Hello, After upgrading to 9.20.3 i notice some of my dns servers are using a lot more memory than before. I have max-cache-size 32G; in my config, and bind are using much more memory.. Do you think is a some kind of memory leak? [root@ns01a ~]# ps faxu |grep named root 1960789 0.0 0.0 6