I did, but my thought would be it's up to the dns admin to define those zone
configurations as you have done. I may be wrong though.
Jan 12, 2025 6:36:03 PM Lee :
> On Sun, Jan 12, 2025 at 5:15 PM Eric wrote:
>>
>> That is means that the 'domain' is reserv
That is means that the 'domain' is reserved and can be used locally. It doesn't
specify all records in that namespace / domain will resolve to 127.0.01.
Think of it like .com
If you want every A record in *.localhost to resolve to 127.0.0.1 what you did
will do that.
Jan 12, 2025 4:38:09 PM Le
Trying using rndc to see if it's broke.
rndc status
You may need to add a path to the rndc binary if it's not in your $PATH env
vars. Or maybe -c to the location of your rndc config.
In your named.conf you should have a rndc statement with the key name and value.
You can recreate your rndc co
Hello,
I'm looking for help here because I haven't found any information in the
documentation (or I haven't).
I've activated Bind's statistics, to test I've set port 8080.
So I can make http requests on port 8080, it works.
but i'd like to secure the page, is it possible to switch to https and
th
force it to A addresses.
Netflix
I use a Hurricane Electric tunnel for my IPv6. Works like a charm for every
other site I use. But Netflix rejects connections because it thinks it’s on a
VPN. So, filtering the quad A makes it appear it isn’t IPv6 enabled, so it
connects over 4. Works like a champ
key-directory "keys/example.com";
dnssec-policy domain-policy;
inline-signing yes;
zone-statistics yes;
};
If you're interested in more specifics, I'm happy to share. Ping me
off-list
Eric
On 2023-01-21 19:56, Rand
it
is worth throwing it over the fence.
Again, thanks for all the help!
Eric
signature.asc
Description: Message signed with OpenPGP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscrip
gets the DS
record number as the wrong ID.
Thanks to all who helped!
Eric
> On Dec 29, 2022, at 10:06, Timothe Litt wrote:
>
>
>> That’s why I wanted to decode the DS record to see if it’s encoding it as
>> 32686 or 22755
>
> As I said, no decoding required.
On Dec 29, 2022, at 09:17, Timothe Litt wrote:
>
> On 28-Dec-22 19:40, Eric Germann wrote:
>> My question is
>>
>> Is there any way to decode the DS record and see what key tag is actually
>> encoded in it? If it’s 32686 it’s an issue with Route53. If it’s 22
32686 it’s an issue with Route53. If it’s 22755 it’s
an issue with dnssec-dsfromkey.
If anyone wants the DNSKEY for algorithm 8, ping me off list and I will share
it with you in a private email.
Thoughts?
--
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
nning 8 and 13 both as an experiment
Eric
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing
Never mind. Rebooting the box resolved it. I’m still curious how it got
crossed
--
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann
<https://www.linkedin.com/in/ericgermann>
Medium: https://ekgermann.medi
chain when I point it to a dir with only the
links to chain7?
Querying ns04x.semperen.com returns the same cert on both ports.
Thanks for any pointers
--
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann
Medium: htt
I would propose one line per protocol for disabled methods. This would
allow for easier log parsing
On 2022-09-13 06:28, Petr Špaček wrote:
On 02. 09. 22 15:49, Anand Buddhdev wrote: On 02/09/2022 13:53, Mark
Andrews wrote:
Hi Mark,
We don't log rsamd5 is disabled now ec or ed curves wh
Are you missing a left paren before "1-16”?
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann
<https://www.linkedin.com/in/ericgermann>
Medium: https://ekgermann.medium.com <https://ekgermann.medium.
Why not as a stopgap to protect your human rights, use you phone as a hotspot?
Cheaper than suing everyone
Eric
> On Jan 8, 2022, at 11:17, Stephane Bortzmeyer wrote:
>
> On Sat, Jan 08, 2022 at 04:55:24PM +0100,
> Stephane Bortzmeyer wrote
> a message of 52 lines which s
initialization.
My question is if a “rndc reconfig” will read the new cert when it reloads the
config or do I have to stop and start named to get it to pick it up?
Thanks
---
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann
a few hours getting the
>> whole environment setup. some don't build it all the time.
>>
>>
>> I'll give ISC Five Stars on Google! 😃
>>
>>
>>>> On 6 Jul 2021, at 05:56, Eric Germann via bind-users
>>>> wrote:
>&g
Has ISC given any thought to releasing dig as a separate source package?
It’s good for testing DoH, but you need to build the entire bind package to get
it. It would be useful for support analysts without the overhead of compiling
all of bind to get it
---
Eric Germann
ekgermann {at} semperen
Bummer.
Thanks for the quick turnaround though!
---
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann
Twitter: @ekgermann
Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
GPG Fingerprint: 89ED 36B3
I’m confused
./configure --help | grep openssl
--with-openssl=DIR root of the OpenSSL directory
---
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann
Twitter: @ekgermann
Telegram || Signal || Phone +1 {dash
ystem.
Is there anyway to build against 1.1.1k without doing a “make install” on the
newer OpenSSL library?
Thanks
---
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann
Twitter: @ekgermann
Telegram || Signal || Pho
Time to live in the cache. Short time to live is useful when you need to change
the A record to swing one host to another.
> On Jun 25, 2021, at 12:56, Bruce Johnson wrote:
>
> I ran across these A records in one of our zone files:
>
> ;EXCHANGE STUFF
> mail1m IN A
bind doesn’t support @ signs for the email contact. It would be
root.rn6.xyz.local
Line 15, missing the class (IN)?
DeadStick IN A 192.168.255.156
>
> INTXT"310702541c5622d0e6001136bd71a6578b"
---
Eric Germann
ekgermann {a
the zones or the entire config and
subordinate files?
Thanks
---
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann
Twitter: @ekgermann
Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
GPG Fingerprint
records needed for service
location, etc. It seems it would be a lot easier to use that for a Windows
network than shoehorn everything in to BIND.
---
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann
<ht
not our cache only dns. Users are somehow the idiot on tech
things. They know a few of the dns flow, but they know they can compare,
you know... So I am asking if any miss of the bind dns config if I can fix
these domains at our side.
Eric
On Thu, Dec 29, 2016 at 10:23 PM, MURTARI, JOHN wrote
e dns 8.8.8.8 would really able to fresh the correct records
after expired. So just wonder bind config is able
to bypass this problem except I make the forward only zones to ask 8.8.8.8.
Eric
___
Please visit https://lists.isc.org/mailman/listinfo/bind-us
Hi Graham,
Thx for your great tip, it seems it fix my problem.
Eric
On Tue, Jun 7, 2016 at 5:45 PM, Graham Clinch
wrote:
> Hi Eric,
>
> > I run bind dns server 9.9 now with around 3000query/s. I recently
> > upgrade our server to Fujitsu M10-1 Solaris 10 with bind9.10.
&
Query time: 26 msec
;; Query time: 138 msec
;; Query time: 2 msec
;; Query time: 324 msec
Sometimes it even need more than 2000msec to resolve.
Just wonder if it is normal behavior, or anything can be tuned? Thanks
Eric
___
Please visit https://l
Duh...silly mistake...I did a DIG on the NS record..Once the DS record is
removed DNS queries should work fine right? Thanks Bill.
-Original Message-
From: Bill Owens [mailto:ow...@nysernet.org]
Sent: Tuesday, January 07, 2014 11:28 AM
To: Eric Davis
Cc: bind-users@lists.isc.org
So I guess my DS record has the same TTL as my default TTL for my records? My
default is 8 hours, so if I wait 8 hours after I remove the DS from my parent
zone then I should be ok? My parent zone is a TLD(.edu).
-Original Message-
From: bind-users-bounces+eric=rockefeller
My DNS appliances are not well-suited for this yet, so I want to disable DNSSEC
for my for domain. Anyone know the proper steps to take and what order if
there is any order? I have a DS record in my parent domain. Do I need to
remove that first? Thanks in advance.
Eric
Anyone have any experience uploading DS records to Godaddy? They are asking
for the Digest in addition to the public key and I'm a little lost. What is
the digest and how can I find it? I'm using an Infoblox appliance.(i
know...crin
Anyone know when Network Solutions plans to support DNSSEC?
Eric Davis
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
subscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Kind Regards
Eric Kom
System Administrator & Programmer - Metropolitan College
_
/ You are scrupulously honest, frank, and \
Thank you for the quick responses. I have solved my issue by setting the
empty-zones-enable option to no.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
I have configured a simple forward zone like the following in BIND:
zone "3.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 1.2.3.4; } ;
};
This is the only zone I have configured.
When I query for, as an example, 1.2.3.10.inaddr.arpa (PTR), I expect BIND to
you please assist me on fixing it?
--
Kind Regards
Eric Kom
System Administrator - Metropolitan College
_
/ You are scrupulously honest, frank, and \
| straightforward. Therefore you
I've been pointed to the right place to figure this out. The answer is in
using TSIG. That saved me a lot of time. I searched everywhere but the
most-obvious place - the bind9 faq.
Eric Chandler
Systems Architect
From: bind-users-bounces+eric.chandler=vonage@lists.is
gt; ";
};
// add required zones
};
I suppose I could set up another pair of hidden masters to serve up the
internal zones, or another pair of IP addrs on the masters, but I'm hoping not
to go down that road.
Thanks,
Eric Chandler
Systems Architect
23 Main Street, Holmd
60.50.51;
1.2.3.4;
5.6.7.8;
10.10.10.10;
};
};
Thanks,
Eric Chandler
Systems Architect
23 Main Street, Holmdel, NJ 07733
(: 732.203.7437
(: 732.284.8504 (iPhone)
*: eric.chand...@vonage.com <mailto:eric.chand...@vonage.com>
þ: www.vonage.com &
is one of the nameservers
> for the isc.org zone.
>
> I've tried Googling and looked through the ARM, but I haven't found any
> way to change this behavior.
>
> Hints appreciated. Thanks!
>
--
--
You Truly
Eric Kom
System Administrator - Metropolitan College
__
ed
Jan 4 07:01:09 ns1 named[920]: reloading zones succeeded
Jan 4 07:01:09 ns1 named[920]: zone 0.0.10.in-addr.arpa/IN/internal:
loaded serial 2012010402
Please how can I fix this issue?
--
--
You Truly
Eric Kom
System Administrator - Metropolitan College
2 Hennie Van Till, White River, 124
this apache it's very important if your
domain is well configured as the above configuration.
You can decided to call your FQDN as you want, playing with the
ServerAlias directive.
>
> ServerName domain.com
> ServerAlias www.domain.com
> ...
>
>
> -and later
I am getting an undefined reference error when running make on
bind-9.8.1. Error message at bottom.
|export CPPFLAGS="-I/usr/lib64/mysql $CPPFLAGS"
export LDFLAGS="-L/usr/lib64/mysql $LDFLAGS"
export LD_LIBRARY_PATH="/usr/lib64/mysql"
|# ./configure --prefix=/usr/local/bind --disable-openssl-v
gt;> Views complicate everything and I don't think there is anymore a real
>>> use for them. I strongly suggest you don't use them.
>>
>> alright!
>>
>> But since I got the internal services to resolve, if I remove the
>> internal resolution, I won&#x
aws.amazon.com/A in 0.73: out of memory/success
[domain:aws.amazon.com
,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:0,findfail:0,valfail:0]
Is it because we limit the memory usage at named.conf?
max-cache-size 1610612736;
Eric
On Thu, Jun 23, 2011 at 5
A 207.171.178.13
;; Query time: 229 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jun 22 18:59:31 2011
;; MSG SIZE rcvd: 190
Is it normal? What would be the problem?
Eric
___
Please visit https://lists.isc.org/mailman/listinfo/bind
On 17/06/2011 09:21, Benny Pedersen wrote:
> On Tue, 14 Jun 2011 14:25:12 +0200, eric...@kom.za.net wrote:
>
>> zone "194.134.41.in-addr.arpa" IN {
>> type master;
>> file "/var/cache/bind/194.134.41.metropolitanbuntu.co.za.inv";
>&
IN NS ns1.metropolitanbuntu.co.za.
194.134.41.in-addr.arpa.IN NS ns2.metropolitanbuntu.co.za.
;
90 IN PTR ns1.metropolitanbuntu.co.za.
91 IN PTR ns2.metropolitanbuntu.co.za.
Thanks in advance
On 14/06/2011 19:18, Mark Elkins wro
LinkedIn
I'd like to add you to my professional network on LinkedIn.
- Eric Magutu, CAPM
Eric Magutu, CAPM
Senior Network Administrator at Safaricom
Kenya
Confirm that you know Eric Magutu, CAPM
https://www.linkedin.com/e/7z6xwn-gnzxtyt8-58/isd/2959671536/BNSHu5y5/
-
LinkedIn
I'd like to add you to my professional network on LinkedIn.
- Eric Magutu, CAPM
Eric Magutu, CAPM
Senior Network Administrator at Safaricom
Kenya
Confirm that you know Eric Magutu, CAPM
https://www.linkedin.com/e/-7udqre-gnzxtytv-4v/isd/2959671537/VjP
t's probably because your connection to
nsupdate matches your internal view and so only the cache for the
internal view gets updated. The external view might eventually update
after the TTL expires or you manually flush the cache or do a restart.
Regards,
-Eric
___
Thank you for your replies. This is an internal network with only 1
domain, no other DNS servers. I disabled recursion and its working good.
Eric
On 10/17/2010 8:44 PM, Mark Andrews wrote:
In
message,
Barry Margo
lin writes:
In article,
Eric Ritchie wrote:
When doing a nslookup of
ersions also, one is 9.4.2 and one is
9.7.0-P1. The /etc/resolv.conf file is:
search ibg
options rotate
options ndots:3
nameserver 131.210.30.200
nameserver 131.210.30.201
nameserver 131.210.30.202
nameserver 131.210.30.203
Thanks
--
Eric Ritchie
_
NSEC and RRSIG NSEC records for me, that it would
inherit the "ttl 7200" value.
Regards,
-Eric
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
@0xab01de0: 205.in-addr.arpa.dlv.isc.org DLV: must be
secure failure: 1 Time(s)
validating @0xb49fe660: 216.in-addr.arpa.dlv.isc.org DLV: must be
secure failure: 1 Time(s)
What do these log entries mean? Anything to worry about?
Thanks for taking the time to help out.
---
Eric
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
resolution failures).
Does this ring any bells?
On Tue, May 5, 2009 at 9:11 PM, Eric Swenson wrote:
> I renamed the forwarders and added a "forward only;" option, and now, while
> I still can't resolve imap.gmail.com, I now simply get FORMERRs for the
> two forwarded DNS se
9:14.969 FORMERR resolving 'imap.gmail.com/A/IN':
192.228.79.201#53
Does this trace output suggest what is going wrong? -- Eric
On Tue, May 5, 2009 at 9:53 AM, Eric Swenson wrote:
> I'm seeing lots of DNS resolution failures on my router (running Utuntu
> 8.10, bind 9.3.4)
I figured this was not the
issue because the FORMERR log messages suggest (to me) that my DNS is trying
to contact the root servers itself (and not relying on the downstream DNS
servers to do so).
Does anyone have ideas about what is going on?
Thanks much. -- Eric
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
I figured this was not the
issue because the FORMERR log messages suggest (to me) that my DNS is trying
to contact the root servers itself (and not relying on the downstream DNS
servers to do so).
Does anyone have ideas about what is going on?
Thanks much. -- Eric
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
is cached, and my DNS
will resolve the hostname until the cache time is exceeded. And then I'm
back to no resolution and FORMERRs.
Can anyone suggest anything I can try?
Thanks much. -- Eric
PS: If this message appears twice on the list, I apologize. I'm not seeing
my posts show up (
is cached, and my DNS
will resolve the hostname until the cache time is exceeded. And then I'm
back to no resolution and FORMERRs.
Can anyone suggest anything I can try?
Thanks much. -- Eric
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
I'm running into a strange problem and am hoping someone might be able to
give me at least some direction regarding what to look at.
I have bind setup and the name server on my box. /etc/resolve.conf lists
127.0.0.1 as the name server. Bind is authoritative for a single domain (for
internal us
It's sign that they have low turnover. The few times that have relied
on them I've gotten the same engineers. A lot of companies lack that
personal rapport with their clients. You are just a number to them.
Eric
Steve Lancaster wrote:
[In a message on Wed, 25 Mar 2009 11
but I can't
speak from experience about the quality of their products.
Eric
Baird, Josh wrote:
Not an appliance, but has a nice offering including a MMC-ish console and
Web GUI.
Josh
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org]
tware release that has new IPAM and Reporting features. Appliances
in general I think are good for this service. We also use DHCP and NTP
on these boxes as well...fully redundant.
Eric
Rockefeller University
John D. Vo wrote:
Anyone has experience (good or bad) with a dns appliance?
Bluecatne
DNS thinks those domain names are under the authority of the
name servers listed above. What are you trying to accomplish?
Eric
Ashish wrote:
Hi,
Could someone kindly explain what is happening?
I don't have domain name kemira.kemira.com anywhere in my primary
database (and all secondar
It is better do this with a real IPS rather than use your DNS server to
do this. You should avoid having any unwanted traffic hit you DNS
servers ever.
Eric
Prabhat Rana wrote:
Hello,
I have BIND 9.5running on a Solaris10 box. It provides recursive DNS service.
I'm trying to implem
nd were to say they were going to start forcing compliance with
this naming standard, then I simply have to say it's a standard that is
being enforced. Shouldn't enforcement be applied across the board
anyway instead of at the operator's discretion?
Eric
Chris Buxton wrote:
On
Are there plans for Bind to enforce hostname compliance according to
RFC's or is this going to be left up to each DNS operator?
Eric Davis
Rockefeller University
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/ma
eltiare wrote:
Hello all,
Got a total newb here to DNS. I've purchased the book DNS and BIND
from O'Reilly, and most of it makes sense to me. However, there is one
thing that has been bugging me, and it's that I can't figure out how
the life of me I am supposed to point registrar's to my domai
73 matches
Mail list logo
