Link for the Debian packaged version you mentioned is at
https://bind9.readthedocs.io/en/v9.18.24/reference.html#namedconf-statement-dnssec-policy
On Thu, Jun 6, 2024 at 9:31 AM Andrew Latham wrote:
> I took a quick look
>
> *
> https://github.com/isc-projects/bind9/blob/main/doc
I took a quick look
*
https://github.com/isc-projects/bind9/blob/main/doc/misc/dnssec-policy.default.conf
*
https://gitlab.isc.org/isc-projects/bind9/-/blob/main/doc/misc/dnssec-policy.default.conf
On Thu, Jun 6, 2024 at 8:19 AM Michael Paoli via bind-users <
bind-users@lists.isc.org> wrote:
> d
If you are using a version control system like GIT then I would suggest you
have a zonefile.md next to the zone with any specific notes and maybe a
history/changelog. This may not answer your problem case but documentation
as markdown or even just a TXT next to the zone is handy.
On Thu, Jan 18, 2
I have seen this question a few times so would a note or example in
https://kb.isc.org/docs/aa-01123 (or other related documentation) be a good
idea?
On Thu, Jan 18, 2024 at 7:36 AM Ondřej Surý wrote:
> Hi,
>
> put a real webserver in front of it. Both Apache and Nginx can work as
> proxy.
>
> O
* Commonly when an answer to a query is larger than UDP should handle, a
switch to TCP is required. This can be configurable and done in unexpected
ways to thwart DDOS
* I do not know of any laws specifically mentioning DNS. General computer
system/network laws could apply.
* I think there would be
* That sounds like a sadly normal implementation but yes you can do better
* Views is a good place to look https://kb.isc.org/docs/aa-00851
* Make sure to investigate how the company VPN services handle DNS as it
may surprise you
On Fri, Nov 3, 2023 at 9:52 AM Nick Howitt via bind-users <
bind-use
Maybe start with
https://kb.isc.org/docs/monitoring-recommendations-for-bind-9
On Thu, Aug 3, 2023 at 9:07 AM wrote:
>
>
> Hello comunity
>
> please what is the most recommended tool for BIND monitoring and
> especially display response time and latency thank you in advance.
>
> Regards Sami
> -
Issues can be tracked at https://gitlab.isc.org/isc-projects/bind9/-/issues
if it helps
On Wed, May 31, 2023 at 3:46 PM Dan Mahoney wrote:
>
>
> > On May 31, 2023, at 12:25 PM, Petr Špaček wrote:
> >
> > On 31. 05. 23 18:08, E R wrote:
> >> If you visit https://bind9.readthedocs.io/en/v9.18.15/
I see https://gitlab.isc.org/isc-projects/bind9/-/issues/3020 and
https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5998 which might
help
I did not see a CVE but only did a quick search
On Wed, Dec 7, 2022 at 12:33 PM Ben Bridges wrote:
> Greetings.
>
>
>
> This morning one of our BIN
IRC for example will check for PTR and gate login. I know there are others
but that came to mind quickly. In some regions having PTRs was a
requirement. It has been years but I recall LACNIC required/desired PTRs be
set.
On Thu, Oct 27, 2022 at 2:47 PM Grant Taylor via bind-users <
bind-users@list
I am unable to reproduce this. Please share some examples like this:
dig +norecurse @216.239.34.110 www.lathama.org
```
; <<>> DiG 9.11.5-P4-5.1+deb10u8-Debian <<>> +norecurse @216.239.34.110
www.lathama.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,
Mike
1. You can set the server with @ so in your case `dig @1.1.1.1 -x 208.x.x.x
+trace`
2. Test with an IP that you know should work `$ dig +short @8.8.4.4 -x
8.8.8.8` answers `dns.google.` for example
3. Confirm your RIR or provider has working NS set for the range. Query
directly the NS you thi
I just did a quick code search and while --without-python is mentioned I
can not see it used anywhere.
Have a look at random search
https://gitlab.isc.org/search?utf8=%E2%9C%93&search=without-python&group_id=&project_id=1&search_code=true&repository_ref=master&nav_source=navbar
On Sun, Dec 1, 20
chrony does today btw
- debian/chrony-helper:
- New helper script to make use of NTP servers obtained from DHCP and
_ntp._udp DNS SRV records.
On Sat, Sep 22, 2018 at 8:31 AM Matus UHLAR - fantomas
wrote:
> >>> On 9/21/2018 3:57 PM, Mauricio Tavares wrote:
> But that is
On Wed, Sep 19, 2018 at 10:19 AM Ray Bellis wrote:
> On 19/09/2018 15:59, Mauricio Tavares wrote:
>
> >> An NTP serice doesn't belong to a domain, so maybe not (I don't know of
> >> one off my mind).
> >>
> > Not necessarily; I can name a few universities and business who
> > offer their ow
SRV records can be useful when
devices support them. It does not hurt to add the SRV records for common
services.
On Wed, Sep 19, 2018 at 9:59 AM Mauricio Tavares
wrote:
> On Wed, Sep 19, 2018 at 10:12 AM, Andrew Latham wrote:
> > You can add SRV records for NTP to your domain if that is
You can add SRV records for NTP to your domain if that is what you are
asking.
On Wed, Sep 19, 2018 at 9:09 AM Mauricio Tavares
wrote:
> Stupid question: can I publish/query the NTP server through DNS the
> same way I can ask who is doing LDAP?
> ___
>
Matus
You are correct, I am coffee deprived. That direction was for an internal
testing only/development goal.
On Thu, Apr 12, 2018 at 12:18 PM, Matus UHLAR - fantomas
wrote:
>
> On 12.04.18 12:14, Andrew Latham wrote:
>>
>> As long as your zone file is correct you can use
Andrew
As long as your zone file is correct you can use *. (Note: Asterisk and
Dot) to match all entries. I would put this below any other required
entries.
Example:
"""
$ORIGIN mydomain.com.
*. IN A 192.168.12.12
"""
On Thu, Apr 12, 2018 at 10:49 AM, Hardy, Andrew
wrote:
>
> Does bind supp
Read about it at
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=blob;f=lib/dns/rootns.c;h=d86d0172d10625050ff1938c1869ce28921a1226;hb=HEAD
On Tue, Aug 15, 2017 at 10:29 AM, King, Harold Clyde (Hal)
wrote:
> How does Bind update the root servers? Does it go out and check, or is a
> relea
Sort of comes with a book
https://kb.isc.org/article/AA-00845/0/BIND-9.9-Administrator-Reference-Manual-ARM.html
which is quite good. For newbs in the field I say two or more of
everything and at least one hidden master. Use views internally and
IPv6 better be on your roadmap.
On Tue, May 27,
Manish
That is a perfectly good plan. One note is to study your TTL. If
your ISP has set a longer TTL on your NS records then you would need
to first ask for a shorter TTL and wait until the time has passed.
Example: if TTL is set to one week, ask for change to shorter period
and then wait for
On Tue, Feb 5, 2013 at 6:30 PM, Jack Tavares wrote:
> Hello -
>
> I am trying to add a DS record via nsupdate and I can't get it to succeed.
>
> It does not generate an error, but when I dig for the DS record I get
> NXDOMAIN.
>
> What I edit the zone file and add the same DS record and reload,
On Thu, Oct 4, 2012 at 9:29 AM, Matthew Horsfall (alh)
wrote:
> Hello,
>
> I was curious if the underlying protocol used by the rndc command was well
> documented and if writing clients against it (rather than using the rndc
> utility) was advisable or not.
>
> Thanks,
>
> -- Matthew Horsfall (alh
24 matches
Mail list logo
