On Tue, 26 Nov 2024 at 09:40, Greg Choules via bind-users <
bind-users@lists.isc.org> wrote:
Hi Greg,
Running "named-checkconf -p" will print your entire named configuration,
> following any include files. There *must* be a "controls" section in there
> or rndc could not work, since, from the ARM
On 04/11/2024 15:14, Scott Bradner wrote:
Hi Scott,
I doubt that BIND is using any special code to cause the crash. I am
aware that Apple has introduced some new code around firewalling in
macOS 15. In fact, before macOS 15.1, there was a serious issue with it,
that broke long-running SSH con
On 16/10/2024 14:00, Danilo Godec via bind-users wrote:
Hi Danilo,
I've been doing some more reading into DNSSEC and if I understand
correctly, it is allowed to have multiple DS records for one KSK - with
different digest types. Apparently, SHA-1 is deprecated and shouldn't be
used anymore, w
On 13/09/2024 16:14, Steven Shockley wrote:
Is there a way to tell BIND to listen (and respond) on a specific
interface? I already have listen-on { 10.0.0.1; }; (vlan101 IP) in the
config with nothing else listening.
BIND will send the response with a source address of 10.0.0.1, and it
hand
Your logs show error messages about missing Kerberos credentials files.
Did you notice and investigate those errors, and compare the state with
your CentOS 7 system?
On 08/08/2024 14:23, Nagesh Thati wrote:
Hello Guys,
Any help is much appreciated.
Thanks
Nagesh
--
Visit https://lists.isc.or
Hi John,
You can try something like:
dig +norec +opcode=notify soa @server
Regards,
Anand
On 19/03/2024 22:24, John Thurston wrote:
I can use dig to request a zone transfer:
dig AXFR foo.com
I am unable to find a simple way to craft a NOTIFY message. Can anyone
help me out?
--
Visit htt
On 04/03/2024 14:06, Jiaming Zhang wrote:
Then I should download the source, there's no devel package for this one in the
repo.
That's not necessary. Oracle Linux keeps many of the -devel packages in
its "codeready_builder" repository, which is not enabled by default. As
root, you need to r
On 04/03/2024 13:56, Jiaming Zhang wrote:
Hi Jiaming,
Recently I was trying to upgrade bind from 9.16 to 9.18. However, running
`./configure` return an error stating the `libuv` was not found. I have this
library installed (version 1.41.1) via dnf, and can can find it using `rpm -ql`
which s
s to hmac-md5 (documented in the nsupdate
man page).
Regards,
Anand Buddhdev
RIPE NCC
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ f
On 11/01/2024 12:58, trgapp16 via bind-users wrote:
Hi Mounika,
[snip]
-->With help of the private key i generated one file with name
"named.conf.tsigkeys" at
/etc/bind -
root@dhcpt:/etc/bind# cat named.conf.tsigkeys
key "my-tsig" {
algorithm "ECDSAP256SHA256";
secret "ESkrVALONh
On 25/12/2023 02:56, Francisco Obispo via bind-users wrote:
Hi Francisco,
[snip]
fobispo@mail:~$ host -4 -C id.iq
id.iq has no SOA record
Nameserver 64.96.1.1:
id.iq has SOA record ns.tucowsregistry.net. ops.tucowsregistry.net.
1703469021 1800 900 604800 86400
Nameserver 64.96.2.1:
On 22/09/2023 15:03, Marco Davids (SIDN) via bind-users wrote:
Hi Marco,
It reminded me that that there is such thing as a .digrc file, that
perhaps not all of the readers are familiar with.
Mine has this content:
+bufsize=1232
+dnssec
+nocrypto
+multi
-t
It serves me well, mostly. Som
similar records could
also be suppressed, but dig currently doesn't.
Do you think that dig should be adjusted to suppress cryptographic
material from other records such as TLSA, SSHFP, CDNSKEY, CDS, etc, and
the man page updated to reflect this?
Regards,
Anand Buddhdev
--
Visit https://
On 29/06/2023 14:13, Daniel Armando Rodriguez via bind-users wrote:
[snip]
Error is not the same as before, I see it know (fresh eyes maybe)
Jun 29 08:42:37 web kernel: [5679658.761672] audit: type=1400
audit(1688038957.685:548): apparmor="DENIED" operation="mknod"
profile="named" name="/etc
On 28/06/2023 20:44, Daniel Armando Rodriguez via bind-users wrote:
Hi Daniel,
[snip]
# ls -alh /etc/bind/zonas/
drw-r-S--- 2 bind bind 4,0K jun 28 14:55 .
drwxr-sr-x 3 root bind 4,0K jun 28 15:06 ..
-rwxr-xr-- 1 bind bind 323 ene 16 10:59 133.45.210.170.in-addr.arpa
-rwxr-xr-- 1 bind bind 3
On 09/06/2023 17:26, Alessandro Vesely wrote:
Hi Alessandro,
Hi,
I have two WANs. As a leftover from the times when I had no IPv6
address, I was running named with -4 option. I just removed it a couple
of minutes ago. However, I still have IPv4 precedence in gai.conf:
precedence ::1/128
On 09/05/2023 22:23, Pacific wrote:
Hi Pacific,
Installing bind9 (9.18.14) on macOS Ventura (13.3.1) — install is
not creating a namedb directory nor can I find a boilerplate named.conf.
As far as remember, the bind install procedure doesn't create a named.conf.
--
Anand
--
Visit https://li
On 13/04/2023 17:17, David Carvalho via bind-users wrote:
Hi David,
Hello and thanks for the reply.
I enabled this repo in Oracle Linux 8 with: dnf copr enable isc/bind
Then I tried to install (dnf install isc-bind) but I got:
Error:
Problem: package isc-bind-1:2-3.el8.x86_64 requires isc-b
On 09/03/2023 21:25, Klaus Darilion via bind-users wrote:
[snip]
PS: Latest PowerDNS tries the NOTIFY source first. MAybe someone
knows how Knot and NSD behave?
Knot DNS only tries to refresh from primaries that sent the NOTIFY. It
doesn't even try the other configured primaries. However, if i
Hi folks (especially BIND developers),
Apologies if this has been discussed and answered before. I just noticed
that BIND doesn't respond to CH/TXT/VERSION.SERVER queries. It only
responds to ID.SERVER.
Other name servers, such as Knot DNS, NSD, Verisign's ATLAS name server,
Quad9's and Clou
On 21/10/2022 14:04, Hugo Salgado wrote:
But wasn't it exactly the idea with the 2019 DNS Flag Day campaign?
http://www.dnsflagday.net/2019/
I see Google's name there, so I would expect their commitment to refuse
to solve incorrect domains. They do a skinny favor to all the Internet
by retur
On 02/09/2022 13:53, Mark Andrews wrote:
Hi Mark,
We don’t log rsamd5 is disabled now ec or ed curves when they are
not supported by the crypto provider. Why should rsasha1 based algs be
special?
The problem I see with 9.18.6 is that at startup, it is checking to see
if it can validate RSA
On 01/09/2022 23:19, Mark Andrews wrote:
Hi Mark,
Yes. You will need to restart the server.
Okay, I'm trying out 9.18.6 on an Oracle Linux 9 server. When starting
BIND, it doesn't log anything about disabling RSASHA1. But when I query
it for ietf.org/SOA, I get an unvalidated response. BIND
Hi BIND developers,
The release notes for 9.18.6 say:
"The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically
disabled on systems where they are disallowed by the security policy
(e.g. Red Hat Enterprise Linux 9)."
Does this happen at runtime when BIND starts?
If an administra
Hi Ondřej
Thank you for this explanation. I note that none of the official ISC
BIND packages for EL7 and EL8 link against jemalloc, even though the
documentation recommends it.
The jemalloc folks have deemed 3.6 as stable, and that's why it's the
latest version in EPEL7. For EPEL8 and EPEL9,
Dear BIND developers and users,
My question is about jemalloc on Enterprise Linux 7 (RHEL 7 and its
clones). I've built BIND 9.18.6 on CentOS 7. It links against jemalloc
3.6.0, which is available in the EPEL repository.
BIND does run without any problems, but I've only tried it with a
handf
On 25/08/2022 05:23, J Doe wrote:
Hello J Doe,
I was wondering if anyone could provide feedback on whether the
following: newsyslog.conf file is correct to allow for daily log
rotation for my Bind 9.16.30 logs ?
My currently logging settings in: named.conf are:
...
logging {
On 24/08/2022 14:16, Elias Pereira wrote:
Hi Elias,
Oh, sorry... :D
here it is
# cat named.conf.local
# ACL das redes internas
# Ultima modificação: 24/08/2022
acl "internal" {
10.60.0.1/23;
This is the issue. The address part of the prefix should be the lowest
address in that prefix. If
On 24/08/2022 14:08, Elias Pereira wrote:
Hi Elias,
I upgraded my AD, debian 10 to 11 and bind upgraded to version 9.16.27.
Now I get the address/prefix length mismatch error in name.conf.local.
In my first AD that I have not upgraded yet, it is working correctly with
the same settings in ver
On 08/08/2022 12:29, Dmitri Pavlov wrote:
Hi Dmitri,
Your response about the KB correctness will help to deliver a better
optimized business decision.
If you're using BIND in your commercial products and making money from
it, you should consider taking out an ISC support contract, so that yo
On 03/08/2022 18:36, Robert Moskowitz wrote:
Hi Robert,
[snip]
ARGH!
I want the IPv6 addr from my firewall/gateway. But I don't want that
IPv6 nameserver!
Calm down. Just add "PEERDNS=no" in your ifcfg-eth0 file. This way, the
resolv.conf file will only contain your specified DNS servers
Dmitri,
Just downloading, building and installing the latest version of jemalloc
like this doesn't mean that BIND will find and use it. BIND has to be
compiled with the correct compiler and linker flags to use this version.
Are you certain BIND is using your installed version?
--
Anand
On 0
On 16/05/2022 15:07, frank picabia wrote:
Hi Frank,
I have dsset-example.com showing two DS keys with algorithm 8.
I included both .key files in my DNS. Only digest 1 comes back
in a dig query.
I use dnssec-signzone tool to sign the zone file.
The domain registrar says there is a problem wit
On 07/05/2022 08:08, tengfei xiao wrote:
Hi Tengfei,
We are encountering a problem that SOA records had data residue when
deleting a new-created zone with BIND 9. The operation procedures are as
below:
1. Firstly, a zone named test18.cn was added with BIND 9. The command "dig
-t SOA test18.cn"
On 28/04/2022 19:38, DeCaro, James John (Jim) CIV DISA FE (USA) via
bind-users wrote:
# yum-config-manager --add-repo
https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-$basearch/
Sigh. What do they teach at system administration school these days?
You see the variable calle
On 28/04/2022 16:52, DeCaro, James John (Jim) CIV DISA FE (USA) via
bind-users wrote:
Dnf is not available. Therefore using yum
Linux Red Hat 7.9 virtual machine on VMware, has internet connectivity
Set up local repository in
/etc/yum.repos.d/download.copr.fedorainfracloud.org_results_isc_bi
Hi Ramesh,
This is the kind of information that you can easily find by Googling, so
please go and do the research yourself.
Folk on this mailing list help others by volunteering their time for
free, and get no compensation for it. We would be happy to help with
specific questions about BIND,
On 02/04/2022 19:47, Dzmitry Shykuts wrote:
Hi Dzmitry,
I have some questions about this situation.
What causes this "address fetching loop"?
Maybe it's a bug/future in the BIND software?
Misconfigured .BY zone and its servers?
Problem with root servers or TLD?
Why does my server have this pro
:
https://lists.dns-oarc.net/pipermail/dns-operations/2022-January/021501.html
He also contacted the .BY registry, but they neither replied to him, nor
fixed the issue.
Regards,
Anand Buddhdev
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds
On 18/03/2022 15:25, lejeczek via bind-users wrote:
Hi L,
how to troubleshoot that?
...
18-Mar-2022 14:17:41.725 warning: EVP_VerifyFinal failed (verify failure)
18-Mar-2022 14:17:41.725 info: error:0398:digital envelope
routines::invalid digest:crypto/evp/pmeth_lib.c:959:
18-Mar-2022 14:1
On 01/02/2022 15:33, Petr Špaček wrote:
Hi Petr,
As you correctly noticed, the log message "adjusted limit on open files
from 4096 to 1048576" already shows that BIND adjusted OS-level file
descriptor limit.
The only way out is what Tony wrote in another thread: Add "-S "
parameter to bump
Hi Ondrej,
Do you recommend setting LimitNOFILE=1048576 in the systemd unit file
for BIND?
Regards,
Anand
On 28/01/2022 15:03, Anand Buddhdev wrote:
Hi Ondrej,
It is 1024. I see named logging this:
adjusted limit on open files from 4096 to 1048576
I thought there was no need to set
Hi Ondrej,
It is 1024. I see named logging this:
adjusted limit on open files from 4096 to 1048576
I thought there was no need to set LimitNOFILE=1048576 in the systemd
unit file. Am I mistaken?
Regards,
Anand
On 28/01/2022 14:47, Ondřej Surý wrote:
Hi Anand,
what is your open files limi
I just tried to start BIND 9.16.25 on a server with 88 vCPUs, running
CentOS 7. Systemd is used to start BIND, and it emits the following:
general: notice: starting BIND 9.16.25 (Extended Support Version)
general: notice: running on Linux x86_64 3.10.0-1160.24.1.el7.x86_64 #1
SMP Thu Apr 8 19
ne...
Is including SHA-1 bad in some way? Should I change that?
Having a DS record with a SHA-1 hash isn't bad, but it's pointless,
because you already have the stronger SHA-2 hash. Most modern resolvers
will ignore the SHA-1 hash. So just remove
On 25/10/2021 15:40, Elias Pereira wrote:
Hi Elias,
Google sites use a domain in the following way for their free sites.
https://sites.google.com/company.com/mysite/
How can I create a CNAME for a site in this format? Is there another way?
A CNAME record can't point to a URL. It can only po
Sonal,
How do you expect anyone to help you when you ask such a vague question?
If you want help, the least you can do is ask a question properly. It
only takes 2 more minutes to describe a situation more accurately, so
please stop taking shortcuts, and try again, with a more detailed
questio
On 09/09/2021 21:13, Victoria Risk wrote:
Hi Vicky,
We would like to deprecate the `map` zone file format in future
branches of BIND. The proposal is to deprecate the feature in the
9.16 branch, (users will see a warning when this feature is used but
it will still work through the end of the 9.
On 17/06/2021 05:32, Manish Rane wrote:
Hi Manish,
> I have BIND 9.16.17-Ubuntu on ubuntu and have 4 cores. I have configured
>
> more /etc/default/bind9
> OPTIONS="-n 4"
>
> And then restarted the services. How do I verify if bind9 has spawned 4
> processes and distributed among those?
BIND
On 16/06/2021 20:36, ToddAndMargo via bind-users wrote:
Hi Todd,
> Questions:
>
> 1) is there some pruning of old stuff mechanism to
> keep my drive from being over run with logging
> data?
Yes, see section 4.2.9 of the BIND manual:
https://bind9.readthedocs.io/
> 2) If I want to commen
On 15/06/2021 08:12, PRAKASH CHAND wrote:
Hi Prakash,
Look at DNSPerf. It's an open source tool for benchmarking DNS servers.
It has a component called resperf, specifically for resolvers. You could
try to use that to find out how far you can push your resolvers. Make
sure to measure the packet r
On 01/06/2021 17:18, Cuttler, Brian R (HEALTH) via bind-users wrote:
Hi Brian,
> From what I'm reading I should be sending a notify from the primary
> to the secondary when a dynamic zone is updated but I don't seem to be
> doing that.
>
> Would someone please point me to the option I'm missing
On 01/06/2021 16:01, Karl Pielorz wrote:
Hi Karl,
> Thanks for the pointer - ok, yes I can see it's probably EDNS / Flag day
> related etc. I missed that - probably as it's never caused us an issue.
> Annoyingly a value of 1232 causes a TCP fallback to a server out of our
> control that doesn't d
On 01/06/2021 12:55, Karl Pielorz wrote:
Hi Karl,
> Anyone know why the Bind query appears to set such a low UDPsize? -
> We've nothing in our config setting sizes, or maximums.
Here's an answer:
https://bind9.readthedocs.io/en/v9_16_16/notes.html#notes-for-bind-9-16-16
Regards,
Anand
On 20/05/2021 23:34, John Thurston wrote:
Hi John,
> My subsequent read of the docs indicates that BIND on CentOS 7, while
> being told it is sending to 'syslogd', is sending to 'journald' which is
> handling all the messages and forwarding them on to 'syslogd'. I don't
> want journald handling m
On 20/05/2021 18:08, Klaus Darilion wrote:
Hi Klaus,
> Nevertheless I think there is a bug. IIR the previous default was
> 100% (switch to AXFR if IXFR would be grater than AXFR) and we also saw
> plenty of AXFR although the IXFR difference was very small and far away
> from 100%
Yes, I agree. I
On 20/05/2021 17:22, Manish Rane wrote:
> Are those new versions available in Linux distro packages?
Bleeding-edge distros like Gentoo Linux will probably have packages
within a short time. If you use Homebrew on your system, you'll also
have the newest version soonish.
Most of the major distrib
On 20/05/2021 00:06, Michael McNally wrote:
Hi ISC people,
> RELEASE-NOTES-bind-9.16.16.html
I was just reading the release notes, and noticed:
"The default value of the max-ixfr-ratio option was changed to
unlimited, for better backwards compatibility in the stable release series."
Thank you
On 20/05/2021 15:30, Tim Daneliuk via bind-users wrote:
Hi Tim,
> Recently - and for no obvious reason - the on-prem instance stops resolving
> properly. The fix is to stop it, clear out the slave files, and restart.
> Then it works for a few days and repeats its misbehavior.
>
> The logs show
Hi Greg,
Read the "ddns-confgen" man page. And then read all the material here:
https://bind9.readthedocs.io/en/v9_16_13/advanced.html
Regards,
Anand
On 27/04/2021 11:27, Greg Donohoe wrote:
> Thank you for the excellent advise, it is a lot clearer to me now.
> I am checking the nsupdate & TSI
remote was encrypted.
>
> Rgds,
> Greg.
>
> On Fri, Apr 23, 2021 at 2:21 PM Anand Buddhdev wrote:
>
>> On 23/04/2021 14:24, Greg Donohoe wrote:
>>
>> Hi Greg,
>>
>>> In regards to the nsupdate, what is the best way to secure the
>> connec
"allow-update" option):
https://bind9.readthedocs.io/en/v9_16/
Regards,
Anand Buddhdev
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support
Hi Greg,
You don't need to SSH into a remote server to do dynamic DNS updates!
The "nsupdate" tool can send the dynamic DNS updates directly to your
remote server over the DNS protocol.
You appear to be confused about what the various tools do, so here's a
summary:
1. ssh is used to log into a r
On 14/04/2021 00:29, @lbutlr wrote:
>> A legitimate client, following a normal chain of referrals, has *no*
>> reason to query a server for zones it is not authoritative for.
>
> Well, that's not really true. A mobile user might have their device
> configured to always check their corporate DNS s
Hi Ondrej, and others,
A legitimate client, following a normal chain of referrals, has *no*
reason to query a server for zones it is not authoritative for. Most of
the time, such a query would only arrive at a name server from a naughty
client. And then, replying with any response, even REFUSED, i
Hello Shubham,
Running a DNS resolver service that can handle a million queries/s isn't
a simple matter of just installing some servers and clicking some
buttons. You need to have a clear and well-structured project that
considers many things. Hardware requirements are just a very small part
of it
Hi Gaurav,
You can transfer the "in-addr.arpa" and "ip6.arpa" zones from these servers:
iad.xfr.dns.icann.org
lax.xfr.dns.icann.org
For the full list of zones provided by ICANN, check out this page:
https://www.dns.icann.org/services/axfr/
Regards,
Anand
On 12/12/2020 13:39, Gaurav Kansal wro
Sure, Cameron. However, since it's no longer BIND-related, I'll email
you off-list.
Anand
On 08/12/2020 22:58, Cameron Banowsky wrote:
> Thank you Anand,
>
> Would it be possible to look at your script and gitlab-ci yaml? This is
> incredibly helpful. Thank you so much.
> Cameron Banowsky
> S
Hi Cameron,
We do something like this for our zones. In our zone repository, I have
a script called "checkzones". I can run it any time in my checkout of
the repository, and it checks all the zones for various things. For
example, it checks for implicit owner names, missing TTL, etc. It also
runs
Hey Daniel,
That's *exactly* what I was after! Thank you :)
On 07/12/2020 08:25, Daniel Stirnimann wrote:
> Hello Anand
>
> this works for me:
>
> dig -k KEY @PRIMARY ZONE +noall +answer +noidnout +onesoa AXFR
___
Please visit https://lists.isc.org/m
one through an awk script to filter out these records, but
it would be nice if I could tell dig itself to suppress them.
Regards,
Anand Buddhdev
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC fund
On 21/11/2020 21:53, upen wrote:
Hi Upen,
> Could you someone guide me to troubleshoot this further? Thank you for the
> list.
Your instance of BIND is probably logging to syslog. Look for these logs
(usually /var/log/messages), and see what BIND is logging. It may shed a
light on the problem.
On 05/11/2020 14:02, rams wrote:
Hi Ramesh,
> What is the latest bind version for Centos 7?
> Where we can download it?
"yum info bind" will give you all the information you need.
Regards,
Anand Buddhdev
___
Please visit https://lists
On 25/08/2020 16:29, Brad Stevenson wrote:
Hi Brad,
I would like to have the behavior of the reverse lookup responses to only
include the hostname, not the hostname with the reverse zone appended. So
for example:
# nslookup 192.168.2.206
206.2.168.192.in-addr.arpa name = server1.ctois.lo
f "tsig-keygen". You will find the
answer in there.
Regards,
Anand Buddhdev
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subsc
On 22/07/2020 16:51, Josef Moellers wrote:
It turns out that it is mainly the warning the partner is irritade about.
So, let me put the question the other way round: what would happen if we
*always* copied /etc/bind.keys to the chroot environment? If there would
be no harm, I could easily add t
On 22/07/2020 15:30, Josef Moellers wrote:
Or just ignore the warning, and let BIND use its built-in keys.
If /etc/bind.keys contains some additional keys, this will not work ;-)
Sure, but what additional keys do you expect this file to contain? Are
you serving an alternate signed root zone
On 22/07/2020 15:06, Josef Moellers wrote:
Hi Josef,
named complains about the missing file /etc/bind.keys if run chrooted:
unable to open '/etc/bind.keys' using built-in keys
What is the preferred way around this? Add "/etc/bind-keys" to
NAMED_CONF_INCLUDE_FILES?
Or just ignore the warning,
On 09/07/2020 16:06, Matthew Richardson wrote:
On a related issues there were (perhaps long ago) issues if the A record
for a domain had an SMTP server on it, where email could sometimes be
delivered to that A record rather than the MX. I had (again long ago:
10-15 years) actually seen this occ
On 09/07/2020 14:21, @lbutlr wrote:
Given a domain that is hosted and used for email and web, is an A
record for that domain actually required?
It's not *required*. But see below.
That is, if bob.tld is hosted by example.com can you simply have
NS ns1.example.com
NS ns2.exam
On 09/07/2020 12:56, Duleep Thilakarathne wrote:
Hi Duleep,
After starting BIND, can you examine its log entries? It should print
all the addresses it is binding to, eg:
09-Jul-2020 13:50:57.674 listening on IPv4 interface lo0, 127.0.0.1#53
09-Jul-2020 13:50:57.676 IPv6 socket API is incomple
On 09/07/2020 12:08, Adrian van Bloois wrote:
Hi Adrian,
Run "journalctl -u named" to see any systemd logs for this unit. Also
look in /var/log/messages to see what (if anything) BIND has logged to
syslog. Finally, you would help yourself and everyone else to help you
better if you show your
On 09/07/2020 11:01, Duleep Thilakarathne wrote:
Hi Duleep,
I have configured bind with IPV6 support enabled. However bind does not
listen to IPV6 address. Any particular reason.is there any place to enable
IPV6 support other than named.conf.
Version : BIND 9.11.4-P1 (Extended Support Version)
On 16/06/2020 20:17, Tony Finch wrote:
Hi Tony,
16-Jun-2020 15:21:58.815 general: Accepting TCP connection failed: socket is
not connected
What does this log message mean?
I think this error comes from getpeername() and it can occur if the
connection is closed between accept() and getpeerna
Hi folks,
I'm running an authoritative server on BIND 9.16. It gets about 3500
q/s, of which around 200 q/s are over TCP. At least, this is what DSC
reports (DSC is a libpcap application sniffing traffic independent of BIND).
In my named.conf, I have set:
reserved-sockets 1000;
tcp-clients 9
On 08/06/2020 07:13, ShubhamGoyal wrote:
Hi Shubham,
Dear all,
I want to ask about bind DoH
Implementation by proxy server,
Is there any Documentation of DoH
Implementation.
On 01/06/2020 20:08, DeCaro, James John (Jim) CIV DISA FE (USA) via
bind-users wrote:
Hi Jim,
Installed BIND 9.16.3 and I discovered that the SMF dns/server is
trying to read named.conf from /usr/local/etc/:
"/usr/local/etc/named.conf: file not found". I am trying to figure
out how point name
On 21/04/2020 17:05, Petr Bena wrote:
Hi Petr,
> So when someone changes zone on A via nsupdate, NOTIFY and subsequent
> IXFR goes like this: A -> B -> C instead of:
This is just fine. There are many DNs setups organised like this. Your
configuration isn't unique or strange.
> What confuses me
On 17/04/2020 17:02, Karl Pielorz wrote:
Hi Karl,
> I seem to remember we got 'bitten' by large memory use when moving from
> a previous version of bind - do you have 'max-cache-size' set in your
> config?
It's an authoritative-only server, so there is (almost) no caching involved.
Anand
__
/dev/fd/42
and named-checkzone reads the "file" /dev/fd/42, getting the
decompressed data.
Regards,
Anand Buddhdev
RIPE NCC
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On 24/03/2020 20:44, Bhangui, Sandeep - BLS CTR via bind-users wrote:
Hi Sandeep,
[snip]
> As far as I can tell has the libuv library packageis installed on this
> RHEL 7.X machine.
>
> sh-4.2# rpm -qa | grep -i libuv
>
> libuv-1.34.0-1.el7.x86_64
This package contains just the runtime l
Thank you for your swift and clear response Ondrej!
Regards,
Anand
On 18/03/2020 15:35, Ondřej Surý wrote:
> Hi Anand,
>
> yes, it is. The broken code was introduced in the glibc 2.26, and generally
> RedHat/CentOS/Fedora/Debian libc6 already has the required patches.
>
> Ubuntu 18.04 (and de
Hi BIND developers,
The 9.16.1 release notes say:
"The system-provided POSIX Threads read-write lock implementation is now
used by default instead of the native BIND 9 implementation. Please be
aware that glibc versions 2.26 through 2.29 had a bug that could cause
BIND 9 to deadlock. A fix was re
On 20/02/2020 09:08, Ondřej Surý wrote:
Ah, thank you for this Ondrej! I've adjusted our spec file, and removed
the define.
> Hi Anand,
>
> on the contrary, we set tuning to large by default (it’s default or
> small now), so with the define you are actually setting it to lower value:
>
> #ifnde
Hi BIND developers,
We build our own RPMs of BIND, and ever since the 9.9 builds, we have
been setting -DISC_SOCKET_MAXEVENTS=256. This is based on advice we
received from someone at ISC.
Is this setting still relevant in BIND 9.16?
Regards,
Anand
___
On 27/01/2020 16:26, Stephan von Krawczynski wrote:
Hi Stephan,
> I would have expected that bind finds the domain by using the working
> nameserver and ignoring the dead one. But obviously it does not.
> Did I misconfigure something? I thought both nameservers should be questioned
> and the firs
On 15/12/2019 09:44, MEjaz wrote:
> Our bind name version is = BIND 9.12.3-P1
> Is that advisable to upgrade our bind from the above version to the latest
> stable one
I can't comment on the cause of the failure, but 9.12 isn't supported
any more. You should run the latest stable version, whi
On 06/12/2019 13:32, Andrey Geyn wrote:
Hi Andrey,
> Is it any option which will allow us to proxy SERVFAIL (and other «bad»
> responses) from forwarder and not to try make recursive requests by itself)?
Yes. Set the option "forward only" in your BIND configuration, so that
it doesn't do any re
On 10/07/2019 20:08, John Thurston wrote:
Hi John,
> On a server with both static and dynamic zones, is there any reason to
> perform an:
> rndc sync
> prior to issuing an:
> rndc reload
No, there is no need for a sync before reload.
Regards,
Anand
__
On 21/06/2019 22:01, Ronald F. Guilmette wrote:
Hi Ronald,
> I'll switch to using the 9.14.3 or 9.15.0 dig command as soon as possible.
> Until then I have a nice temprary workaround, which is to just append
> @a.root-servers.net to my dig +trace commands.
Just one note. 9.15.0 has the same prob
1 - 100 of 227 matches
Mail list logo
