On 2/6/25 08:40, Greg Choules via bind-users wrote:
In DNS terms, for me, a "primary" has the single source of truth for
data in zones and a "secondary" transfers a temporary copy of that data
from a primary, or from another secondary (though daisy chain
secondaries at your peril). All are auth
We run both 9.18 and 9.20. We currently have servers running:
9.18.31
9.18.33
9.20.3
9.20.5
The 9.18 and 9.20 validating resolvers behave differently when exposed
to expired RRSIG records.
Both versions log errors of the type
validating transfer3.rastglb.cdc.gov/A: verify failed
Greg,
I must have been confused. Checked my work and can't reproduce the problem.
I may have been running a tail on my named logs in the background on the
primary and made the change after ssh'ing into the secondary or visa versa.
Whatever dumb thing I did, I've removed the stanza from both serve
In that case, something's not right. Please send your "named.conf".
Cheers, Greg
On Thu, 6 Feb 2025 at 14:52, Cuttler, Brian R (HEALTH) <
brian.cutt...@health.ny.gov> wrote:
> Greg,
>
>
>
> Yes, I did remove that stanza and restart the daemon, clean shutdown and
> restart, not just a reload.
> G
Greg,
Yes, I did remove that stanza and restart the daemon, clean shutdown and
restart, not just a reload.
Get the messages about the extra NS "." And unable to find root files, restored
the stanza, same error.
Thanks,
Brian
From: Greg Choules
Sent: Thursday, February 6, 2025 3:18 AM
To: Cutt
Hi Paul.
What's a "primary master" as opposed to (presumably?) a "secondary master"?
Maybe there are just too many combinations and permutations of type of box
for a single word to convey all meanings, though I haven't encountered any
yet. Even in an environment like Active Directory, where all se
Thank you !
I saw it, but wrongly supposed it was merged before the release.
Emmanuel.
Le 06/02/2025 à 13:28, Matthijs Mekking a écrit :
Hi Emmanuel,
Please see https://gitlab.isc.org/isc-projects/bind9/-/issues/5137
- Matthijs
On 06-02-2025 10:45, Emmanuel Fusté wrote:
Hello,
BIND 9.20.5
On Sat, 1 Feb 2025 09:11:32 +0100
Ondřej Surý wrote:
> Hey,
>
> since you've asked about ISC recommendations and good practice,
> we prefer to use the current DNS terminology as defined in RFC 8499[1]
> that says:
>
> > Although early DNS RFCs such as [RFC1996] referred to this as a "master",
>
You need to check the linked MRs, the original was indeed introduced in 9.20.5,
but there's a fix:
https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9985
And that hasn't been released yet.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be dif
Hi Emmanuel,
Please see https://gitlab.isc.org/isc-projects/bind9/-/issues/5137
- Matthijs
On 06-02-2025 10:45, Emmanuel Fusté wrote:
Hello,
BIND 9.20.5 is supposed to implement EDE 22 reporting (No reachable
authority)
Ubuntu 22.04 / ISC BIND packages
I have a domain for which the two DNS
Hello,
BIND 9.20.5 is supposed to implement EDE 22 reporting (No reachable
authority)
Ubuntu 22.04 / ISC BIND packages
I have a domain for which the two DNS servers are unreachable from my
BIND resolver because of network issues.
I am unable to get EDE 22 from my resolver. Only a SERVFAIL wi
Hi Brian.
I'm confused. In previous mails you confirmed that you had removed the hint
zone completely. To be absolutely clear what I meant before, it would look
something like this in named.conf:
...
options {
...
};
...
# zone "." {
#type hint;
#file "db.hint";
# };
I have shown that t
12 matches
Mail list logo
