Re: DS keys with 2 digest algorithms

3:44 PM Mark Elkins wrote: > Just remove the type-1 digest from the domain registrar. > > In the future - only upload type type-2 version. > On 2022/09/20 20:32, frank picabia wrote: > > > The algorithm migration I made to 8 has worked well. > Getting green lights on DNSSE

DS keys with 2 digest algorithms

The algorithm migration I made to 8 has worked well. Getting green lights on DNSSEC checkers, etc. The only odd bit is some warnings at DNSVIS.NET about DS records using digest algorithm 1. DNSSEC specification prohibits signing with DS records that use digest algorithm 1 (SHA-1). Somehow the wa

Re: What action to take first with DS algorithm migration?

That's a good resource. Thanks, Hugo. On Wed, Sep 14, 2022 at 1:40 PM Hugo Salgado wrote: > On 11:23 14/09, frank picabia wrote: > > Hi, > > > > I'm at the point in DNSSEC algorithm migration > > where I have two types of keys involved in signing.

What action to take first with DS algorithm migration?

Hi, I'm at the point in DNSSEC algorithm migration where I have two types of keys involved in signing. Both algorithm 7 and 8 are in use. The top level domain registrar also has DS keys set up for both 7 and 8. I need to coordinate pulling out algorithm 7 with the domain registrar so our domain

Re: Only one DS key comes back in query

hat point you need the actual real names. You don’t > go to your mechanic with a different car when you have a problem with your > car. Using ‘example’ is like doing that. > > Mark > > > > On 17 May 2022, at 04:41, frank picabia wrote: > > > > I've been using

Re: Only one DS key comes back in query

s just plain arrogant behavior. Again, Bert > Hubert was exactly right here: > > https://berthub.eu/articles/posts/anonymous-help/ > > Ondrej > -- > Ondřej Surý — ISC (He/Him) > > My working hours and your working hours may be different. Please do not > feel obligat

Re: Only one DS key comes back in query

Perhaps you are unaware of the use of this domain as a generic filler. https://example.com/ I don't know why so many people assume the DNS information will be openly shared. Suppose I was working on a problem for Barclays Bank, do you suppose they would be thrilled with me posting their networki

Re: Only one DS key comes back in query

the thing to do. Using one of the other approaches with dnssec-dsfromkey is needed. The values in dsset file begin the same but it's different. On Mon, May 16, 2022 at 11:37 AM frank picabia wrote: > > That's helpful. Very similar to what I found a minute ago on > > https

Re: Only one DS key comes back in query

; > dig @localhost example.com. DNSKEY | egrep "IN\sDNSKEY\s257" | > dnssec-dsfromkey -f - example.com. > > Daniel > > > On 16.05.22 16:01, frank picabia wrote: > > Let's put it another way: > > > > Using tools like host or dig, can I look

Re: Only one DS key comes back in query

d Buddhdev wrote: > On 16/05/2022 15:07, frank picabia wrote: > > Hi Frank, > > > I have dsset-example.com showing two DS keys with algorithm 8. > > I included both .key files in my DNS. Only digest 1 comes back > > in a dig query. > > > > I use dnssec-sig

Only one DS key comes back in query

I have dsset-example.com showing two DS keys with algorithm 8. I included both .key files in my DNS. Only digest 1 comes back in a dig query. I use dnssec-signzone tool to sign the zone file. The domain registrar says there is a problem with the digest 2 value. It's copied directly from the dsse

Re: Transitioning to new algorithm for DNSSEC

On Thu, May 5, 2022 at 3:48 PM Tony Finch wrote: > frank picabia wrote: > > On Thu, May 5, 2022 at 1:46 PM wrote: > > > > > > Tony wrote a nice article about that: > > > https://www.dns.cam.ac.uk/news/2020-01-15-rollover.html > > > > Thanks for

Re: Transitioning to new algorithm for DNSSEC

On Thu, May 5, 2022 at 1:46 PM wrote: > Hi, > > On 5/5/22 6:37 PM, frank picabia wrote: > > > > Hi, > > > > I've been running a Bind set up with DNSSEC for many years. > > It was done following the guide at the digitalocean site. > > > >

Transitioning to new algorithm for DNSSEC

Hi, I've been running a Bind set up with DNSSEC for many years. It was done following the guide at the digitalocean site. What I don't find in a nice guide, is how to change your algorithm to a more current one, and seamlessly make your domain run under this new chain of data. I tried it on my o

Freezing a Zone vs. Stopping the DNS Server

so that I can add PTR records to correspond to A records in the forward zone? Thanks for any light you can shed on this subject. -- Frank Kyosho Fallon My pronouns are: He, HIm ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to

issue with domain forwarding

   Hi, Just to let everyone know that I have solved my issue by upgrading to bind-9.16.10.  It is working fine now. -- sysadm cronomagic.com e-mail ve2...@canasoft.net POWERED BY LINUX ___ Please visit https://lists.isc.org/mailman/listinfo

issue with domain forwarding

   Here is my entire config: My machine IP  =   66.159.32.31   2606:af00:1::3  key "rndc-key" {     algorithm hmac-md5;     secret "y4xt0wQJOiOiZmVaWSMgnQ==";  };  controls {     inet 127.0.0.1 port 953     allow { 127.0.0.1; } keys { "rndc-key"; };  }; acl local

issue with domain forwarding

   Hi, I am using bind-9.16.5.   I am having an issue with domain/zone forwarding. Global forwarding works fine. When I configure domain forwarding no request for dns info goes out from the machine. I did a tcpdump to verify this. For bind-9.13.2 the domain forwarding works properly.

bind resolver zone delegation

smiths.com. 59 IN SOA resolve01.sslvpndemo.com. hostmaster.resolve01.sslvpndemo.com. 5 10800 3600 604800 60 ;; Query time: 180 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mi Mai 15 15:26:28 CEST 2019 ;; MSG SIZE rcvd: 111 Can i help you. Regards -- Frank __

Re: conflicting subdomain delegation

That's an internal setting can't be exposed. I created a public test name: test.c.b.jilapps.com Should you see A record 1.2.3.4 or 5.6.7.8? On Thu, Nov 15, 2018 at 8:25 AM Barry Margolin wrote: > In article , > Frank Liu wrote: > > > Thanks for confirming bind be

Re: conflicting subdomain delegation

zon Route53 allows you to add both delegations in the a.com zone without any "out of zone data" error. On Tue, Nov 13, 2018 at 1:50 PM Mark Andrews wrote: > > > On 14 Nov 2018, at 4:04 am, Frank Liu wrote: > > > > Hi, > > > > Is there a RFC det

Re: conflicting subdomain delegation

bind9 resolver a simple cache only with root hint. no local zones. On Tue, Nov 13, 2018 at 9:18 AM Lyle Giese wrote: > On 11/13/2018 11:04 AM, Frank Liu wrote: > > Hi, > > Is there a RFC determining which nameserver to use if there is a > conflicting subdomain delegation? >

conflicting subdomain delegation

Hi, Is there a RFC determining which nameserver to use if there is a conflicting subdomain delegation? eg: In the zone of a.com, there are two NS delegations: b.a.com NS host1 c.b.a.com NS host2 On host1 in zone b.a.com, there is c.b.a.com NS host3 As you can see, there is a conflicting delega

Re: expired SSL certificate

Cert looks fixed now. Nice to see you're using Letsencrypt certs... just have to fix the cron job for the renew ;-) Frank >Forwarded to our operations people >> On 11 Apr 2018, at 10:12 am, /dev/rob0 wrote: >> >> The certificate for lists.isc.org expired

Re: adding zone forwards without restart

ed, Sep 21, 2016 at 5:03 PM, Sten Carlsen wrote: > I assume you did increase the serial, if not this is what I would expect > to happen. > > On 21/09/16 10:53, Tony Finch wrote: > > Frank Even wrote: > > > Is there a way to add forwarders for specific zones without a res

Re: adding zone forwards without restart

None of that works. Nothing short of a restart of the daemon notices new forwarders added to the config. That is inclusive of: rndc reconfig rndc reload rndc flushname $nameofforwardersadded rndc flush A restart of the service however, that does work. That is far more disruptive than I like th

Re: adding zone forwards without restart

quot; on EL6 and "service named-chroot restart" on EL7) works. On Wed, Sep 21, 2016 at 1:53 AM, Tony Finch wrote: > Frank Even wrote: > > > Is there a way to add forwarders for specific zones without a restart? > > Everything I've read seems to indicat

Re: adding zone forwards without restart

that is higher up in the hierarchy will not load until a full restart I've found (meaning you have "domain.com" configured as a master zone and add "subdomain.domain.com" as a master zone as well). On Tue, Sep 20, 2016 at 5:56 PM, Benny Pedersen wrote: > On 2016-09-2

adding zone forwards without restart

arded zone until I do a full daemon restart. Stock named on Cent 7/6/5 if curious is what I'm working with. Testing currently on 7 (which appears to be 9.9.4). Thanks, Frank ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubsc

Re: Load balancer for Bind

Hello Bert, This is the first I've heard of DNSDIST. I'll need to read more about it, but wanted to ask whether upon receiving the query, does DNSDIST act as a bridge for the complete request/response, or simply redirects the traffic with the response bypassing DNSDIST? THan

Re: Load balancer for Bind

. Regards, Frank - Original Message - From: "Job" To: bind-users@lists.isc.org Sent: Wednesday, 14 September, 2016 12:17:13 Subject: Load balancer for Bind Hello, which is the best load balancer for two or more Bind DNS Server, located in the same farm? I read something abo

Re: allow-query does not seem to be working

Thanks for the info. Also I'll have to note that I completely missed that the "offending IP" is one of the .uk root servers so the next logical conclusion is I've probably got a box in one of my environments driving an amplification attack of some sort or something at those IPs that I need to figu

Re: how to log client MAC address?

ssage - From: "Dennis Clarke" To: bind-users@lists.isc.org Sent: Saturday, 6 August, 2016 19:39:21 Subject: Re: how to log client MAC address? On 08/06/2016 10:01 PM, Frank Pikelner wrote: > MAC addresses are layer 2 and you only see those on your subnet, i.e. > most likely your

Re: how to log client MAC address?

MAC addresses are layer 2 and you only see those on your subnet, i.e. most likely your default gateway, etc. So the answer is no. Frank From: "Fima Leshinsky" To: bind-users@lists.isc.org Sent: Saturday, 6 August, 2016 17:42:59 Subject: how to log client MAC address? I

allow-query does not seem to be working

I have a group of servers serving out multiple addresses via anycast. I've been made aware that an IP outside of our network is hitting the boxes with queries, and we're returning data to the client. With allow-query and allow-recursion locked to our subnets, this outside host is still getting re

Re: monitoring/graphing/tracking named queries

s://github.com/dns-stats/hedgehog/wiki ("demo": > http://stats.dns.icann.org/hedgehog/hedgehog.html ) > > W > > > On Fri, Nov 13, 2015 at 5:45 PM, Frank Even > wrote: >> What does everyone do for monitoring their DNS traffic, if anything? >> I'v

monitoring/graphing/tracking named queries

about doing it. Tutorials for this topic out on the internets seem to be pretty sparse. If there is something out there, I'd rather not reinvent the wheel. Thanks in advance for any assistance, Frank ___ Please visit https://lists.isc.org/mailman/listi

Solved: high CPU and 'top' shows named as the culprit

o-leap-second/ http://blog.wpkg.org/2012/07/01/java-leap-second-bug-30-june-1-july-2012-fix / Frank ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

RE: DNSSEC validation on 9.7.4 not working

CPl9rwEcit95gyi CNQLOIPFq2XgHDmo01Pr4evPbSowny6kNXzuDHgKQn1+BWX5zhbr74OE 3FZXo2DUXm8BA5OhMY0bMg32kjzQLu+lxBWpaXabjFoALNFG4WRRdx1s 4+Wuhg== ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Jun 23 22:41:31 2015 ;; MSG SIZE rcvd: 883 root@nagios:/etc/bind# date -u Wed Jun 24 03:41:52 UTC 2015 root

RE: DNSSEC validation on 9.7.4 not working

nNnulq QxA+Uk1ihz0= . 32115 IN DNSKEY 256 3 8 AwEAAZyIkCwEYeG29NV+4cOdKE4DPng/4BqJeoOhKqzJbl+LR33TPWsr wBRfmAi9wvR/Qc6IV4MFMXjmkclXns+atIQZ9uQV3YAvKv/cVuO7Mneu MssIQixaMw+jp73R7zIUNMbLBgJRQXI57Rl+pvXBAkgHndVwv+aJkf7y GEuE9Dtj ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(12

DNSSEC validation on 9.7.4 not working

t/DS) 23-Jun-2015 20:43:48.759 dnssec: info: validating @0x7fced04fd9e0: a1784.dscg.akamai.net : bad cache hit (net/DS) 23-Jun-2015 20:43:48.761 dnssec: info: validating @0x7fced04fd9e0: e1181.dscb.akamaiedge.net : bad cache hit (net/DS) Of course, once the TLDs aren't considered valid every

Re: rndc flushname not working

On Mon, Apr 13, 2015 at 11:10 AM, Evan Hunt wrote: > On Mon, Apr 13, 2015 at 11:05:05AM -0700, Frank Even wrote: >> ...and where could I find info on what is stored in ADB and any other >> particular items that flushname might not deal with? That's where my >> frus

Re: rndc flushname not working

On Sat, Apr 11, 2015 at 6:49 AM, Tony Finch wrote: > There was a bug in 9.9 and earlier that rndc flushtree only flushed the main > cache, not adb or bad cache. This was fixed in 9.10 - see item 3606 in the > CHANGES file. ...and where could I find info on what is stored in ADB and any other pa

Re: rndc flushname not working

On Thu, Apr 9, 2015 at 1:48 PM, Matus UHLAR - fantomas wrote: > On 09.04.15 13:25, Frank Even wrote: >> >> Is there any place I can look to get a definitive answer in what cases >> "flushname" will and will not work? > > > it will work if you have old en

Re: rndc flushname not working

clearing the name and the name that the name servers was attached to, still had to flush the entire cache to get resolution working properly on that domain again. Thanks, Frank On Tue, Dec 9, 2014 at 8:31 PM, Mark Andrews wrote: > > Nameservers being down does not result in NXDOMAIN respo

Re: BIND not loading into memory on first transfer

On Fri, Mar 27, 2015 at 8:25 AM, Barry Margolin wrote: > In article , > /dev/rob0 wrote: > >> On Thu, Mar 26, 2015 at 11:34:42AM -0700, Frank Even wrote: >> > In this particular instance, the masters ended up under maintenance >> > shortly after these boxes

Re: BIND not loading into memory on first transfer

as saved on disk. Since BIND wasn't able to transfer newer >>> versions, it continued providing old versions. > > > On 26.03.15 12:48, Frank Even wrote: >> >> Yes, the old versions were provided on disk on initial load. But that >> was then followed up with

Re: BIND not loading into memory on first transfer

On Thu, Mar 26, 2015 at 12:17 PM, Matus UHLAR - fantomas wrote: > On 26.03.15 11:34, Frank Even wrote: >> >> Zone files were in place for the necessary domains, but were outdated >> (assuming one of our updates broke something somewhere, they were all >> on average 3

BIND not loading into memory on first transfer

fers while still failing to write the tmp file DID load the zone into memory). I guess the question really is, is this expected behavior or a bug? Thanks, Frank ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this

RE: Finding authoritative server and last update

There are free ones: http://www.frankb.us/dns/ http://networking.ringofsaturn.com/Unix/freednsservers.php Regards, Frank -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Robert Moskowitz Sent: Tuesday, February 03, 2015 4

RE: Finding authoritative server and last update

Rob, I like to use DNSstuff because it can check each path: http://www.dnsstuff.com/tools#dnsTraversal|type=domain&&value=4.254.253.50.i n-addr.arpa&&recordType=PTR Frank -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.o

Re: Is there any reverse proxy software for dns or udp?

Have a look at relayd from OpenBSD, the last time I checked it had the capability you are looking for. Another option might be pfSense, as I recall they ported relayd and include the functionality in their firewall. Frank Pikelner - Original Message - From: "WXR" <474

RE: Unable to get AAAA for www.revk.uk from some of our servers

isit that "ticket". At a minimum, I wish one could request de-listing from Google's blacklist. Frank -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Phil Mayers Sent: Monday, January 05, 2015 5:52 AM To:

RE: Unable to get AAAA for www.revk.uk from some of our servers

Except queries from 96.31.0.5 and 199.120.69.24 reliably return the while queries from 96.31.0.20 do not. And we're all the same ISP, and in the one case, from the same /24. I don't think Google is that granular. And we do have good IPv6 connectivity. Regards, Frank Bulk ---

RE: Unable to get AAAA for www.revk.uk from some of our servers

m. 600 IN SOA ns1.google.com. dns-admin.google.com. 1577101 900 900 1800 60 ;; Query time: 30 msec ;; SERVER: 216.239.32.10#53(216.239.32.10) ;; WHEN: Tue Dec 23 21:29:53 2014 ;; MSG SIZE rcvd: 84 == Frank -Original Message- From: Mark Andr

RE: Unable to get AAAA for www.revk.uk from some of our servers

IN NS ns4.google.com. ;; Received 170 bytes from 2001:503:a83e::2:30#53(a.gtld-servers.net) in 150 ms ;; connection timed out; no servers could be reached -Original Message- From: Mark Andrews [mailto:ma...@isc.org] Sent: Tuesday

RE: Unable to get AAAA for www.revk.uk from some of our servers

the "\- ;-$NXRRSET" mean? Working server shows this in the dump: ; authanswer ghs.l.google.com. 287 2607:f8b0:4001:c08::79 ; Regards, Frank Bulk -Original Message- From: Mark Andrews [mailto:ma...@isc.org] Sent: Tuesday, December 23, 2014 2:53 PM To: Fra

Unable to get AAAA for www.revk.uk from some of our servers

the last CNAME in the chain for www.revk.uk. How do I go about tracking this down? (Sorry, most of the servers have ACLs that prevent the public from resolving them, so you won't be able to test remotely.) Regards, Frank I have a script that checks against the IPv4 and IPv6 of each DNS

RE: still have named memory leak

Here’s some suggestions from ISC on capturing information on this memory growth issue: https://kb.isc.org/article/AA-01208 Frank From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Kevin Oberman Sent: Saturday, December 13, 2014 12:07 PM To

RE: rndc flushname not working

Next time I'll dump the db. Frank -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Matus UHLAR - fantomas Sent: Thursday, December 11, 2014 10:32 AM To: bind-users@lists.isc.org Subject: Re: rndc flushname not working

RE: rndc flushname not working

Perhaps it wasn't NXDOMAIN -- I didn't capture the output. But there definitely was not answer. The institution only has two authoritative nameserver entries, both pointing to the same IP, so all it was all down. In any case, why doesn't flushing the name work? Frank -O

rndc flushname not working

ecord. Issuing rndc flushname and rndc flushname didn't clear out the NXDOMAIN. I had to use "rndc flush" to resolve the issue. Is this expected behavior? The next time I see what, what troubleshoot steps should I take diagnose t

Re: forwarding zone to another DNS server problem

hat is the advantage of using a "stub" or "static-stub" to using a slave? Thanks, Frank ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

RE: Digging to the final IP

Dave, Thanks for the input, but what I was looking for was a dig command that returns the IP(s) or a fail. It looks like the host command is the right solution in this case, not dig. Kind regards, Frank -Original Message- From: Dave Knight [mailto:d...@knig.ht] Sent: Tuesday, October

RE: Digging to the final IP

That feature runs on our system, but it doesn't digging through to a final IP or failure: getent ahosts mail.automatedwastesystems.net returns nothing. Regards, Frank -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Beha

RE: Digging to the final IP

We’re using this in a bash shell script. I don’t think there’s a native shell command to get the IP, so I’ll use a mixture of host and dig as necessary. Thanks, Frank From: Fajar A. Nugraha [mailto:w...@fajar.net] Sent: Sunday, October 19, 2014 11:04 PM To: Frank Bulk Cc: comp

RE: Digging to the final IP

Thanks, what I ended up using. Didn't think that there was anything host could do that dig couldn't do. Frank -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Barry Margolin Sent: Sunday, October 19, 2014 5:00 A

Digging to the final IP

. root@nagios:/tmp# I'd rather know that mail3.sandhills.com is NXDOMAIN. Regards, Frank ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org

FreeBSD ports 9.8.7 problem with transfert to slave

Hello Since I upgraded to 9.8.7 on my two DNS the automated zones transfert from master to slave does not occurs automatically , I haven't change configuration files, serials are well incremented by a script that works for years BIND is installed from FreeBSD ports on the two machines, I wonder

Difference between BIND 9.8 and 9.9

Hello is there a link to a documentation that lists the main differences between BIND 9.8 and 9.9 ? I would like to read it before swiching from 9.8 thank you ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this

RE: Secondary DNS question...

Do you have a box such as a firewall or load-balancer sitting in front of ns1? Frank -Original Message- From: bind-users-bounces+frnkblk=iname@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of SH Development Sent: Tuesday, June 25, 2013 8:35 PM To

RE: Secondary DNS question...

age- From: bind-users-bounces+frnkblk=iname@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of Frank Bulk Sent: Saturday, June 22, 2013 8:56 PM To: 'SH Development'; bind-users@lists.isc.org Subject: RE: Secondary DNS question... stariononline.com ha

RE: Secondary DNS question...

And confirmed here: http://dns.squish.net/traverses/79b8efe4a31e6ddfce28f6abac444601 Frank -Original Message- From: bind-users-bounces+frnkblk=iname@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of SH Development Sent: Thursday, Ju

Re: forwarder is ignored when authoritative zone is added

On Fri, Oct 26, 2012 at 7:27 AM, Barry Margolin wrote: > In article , > Frank Even wrote: > >> I've recently had an issue that I'm having some issues finding >> information on solving. >> >> I have internal DNS resolvers...they act as recursive name s

forwarder is ignored when authoritative zone is added

ders are getting ignored. Is it an order of precedence, say authoritative zones are respected over forwarders...or something else?? Thanks for any assistance anyone can provide, or point me to some documentation I'm missing, Frank ___ Please visit https://li

RE: error (unexpected RCODE REFUSED) resolving

There's more: both ns1.netbcp.com and ns2.netbcp.net don't respond to queries about nbc.com and ns1.netbcp.com doesn't respond over TCP. Frank From: bind-users-bounces+frnkblk=iname@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf

RE: Delegation bit-rot detection?

rent information than the rest of the world (yes, our recursive and authoritative somewhat overlap). Frank From: bind-users-bounces+frnkblk=iname@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of Fr34k Sent: Thursday, June 14, 2012 8:54 AM To: Phil Ma

RE: Choosing max-journal-size

One possible default setting is to say a certain percentages or volume of disk space free. Frank -Original Message- From: bind-users-bounces+frnkblk=iname@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of Anand Buddhdev Sent: Wednesday, November

RE: BIND 9.7.3-P3 crash on multiple cashing servers

2d in ?? Nov 15 23:03:33 mail1 named[4601]: exiting (due to assertion failure) All times are U.S. Central Time and we're running on Debian (Linux mail1 2.6.32-5-amd64 #1 SMP Wed Jan 12 03:40:32 UTC 2011 x86_64 GNU/Linux). server:/etc/rc3.d# /usr/sbin/named -v BIND 9.7.3 server:/

RE: rndc: 'addzone' failed: permission denied

Would be nice if the error output or log would indicate such failures. Frank -Original Message- From: bind-users-bounces+frnkblk=iname@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of Tony Finch Sent: Wednesday, August 17, 2011 9:31 AM To

RE: Compromised BIND?

Yes, this message arrived in my Inbox 44 minutes after it was sent. Frank -Original Message- From: bind-users-bounces+frnkblk=iname@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of Warren Kumari Sent: Tuesday, May 31, 2011 4:59 PM To: Warren

RE: Compromised BIND?

Yes, this message arrived in my Inbox 44 minutes after it was sent. Frank -Original Message- From: bind-users-bounces+frnkblk=iname@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of Warren Kumari Sent: Tuesday, May 31, 2011 4:59 PM To: Warren

RE: Split DNS Configuration in BIND

Point taken, and I should have mentioned that it's NAT in play. I agree, it's a problem that not all firewalls can hairpin public IPs back to their private IPs, but when working with what you got sometimes the solution isn't ideal. Frank -Original Message- From: Doug Ba

RE: Split DNS Configuration in BIND

h the complexity back on the configuration. Frank From: bind-users-bounces+frnkblk=iname@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of babu dheen Sent: Monday, May 30, 2011 1:17 AM To: Doug Barton Cc: bind-users@lists.isc.org Subject: Re: Spli

Re: BIND Security Advisory May 2011: Large RRSIG RRsets and Negative Caching can crash named

Hello, I would want to say thank you very much for the wonderful work of the ISC team and the quick solution of the problem and a very professional appearance. Happy patching & a nice weekend Frank -- +----+ Frank Kloeker Operat

Bug in bind 9.7.3?

ailed May 26 19:59:02 resolv04 named[8237]: exiting (due to assertion failure) This is reproducible and should only affected in 9.7.3. Can this be possible? kind regards Frank -- +----+ Frank Kloeker Operations and Optimization of

"Good" TTL value for DDNS clients ?

Hello I'm setting up a DDSN server , following the ISC documentation it is working nicely. But I would like some guidance on setting up the TTL value for DHCP/DDNS clients. We use a lot of dual boot machines WINDOWS/LINUX and with default parameters the DDNS record isn't removed from the DDNS w

RE: Some hosts not resolving from No-IP by our DNS servers

Yes, thank you. The user entered the domain incorrectly. The oa.no-ip.info +trace resolves correctly. -Original Message- From: Dan Durrer [mailto:d...@vitalwerks.com] Sent: Wed 3/9/2011 1:46 PM To: Chuck Swiger Cc: Frank Pikelner; bind-users@lists.isc.org Subject: Re: Some hosts not

Some hosts not resolving from No-IP by our DNS servers

ved 91 bytes from 199.249.113.1#53(a2.info.afilias-nst.info) in 3 ms Would appreciate any pointers. Thank you, Frank ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Need infos to setup a subdomain with DDNS + DHCP

Hello I have to set up a subdomain that will works with DDNS and DHCP Our domain does not have DHCP or DDNS so I would like to setup a delegate DNS acting for the subdomain. Any infos, links , howto , configurations examples , welcome ! Thanks a lot. ___

RE: new webserver ip

Which DNS server are you digging? It's possible that (by default) you're digging against a server that has the old entry still cached. Frank -Original Message- From: bind-users-bounces+frnkblk=iname@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname@lists.isc.org]

Re: how do I get a slave to send NOTIFY messages?

global notify option interact. thanks -frank ps I'll send a note to zytrax about the error in their docs. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Having multiple name servers - is it really necessary

o make your DNS zone transfers reliable. I do sympathize with you. Old data is often worse than no data. -frank ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: NOTIFY logging problem

On February 1, 2010 1:12:56 PM +1100 Mark Andrews wrote: In message , Frank Cusack writes: On February 1, 2010 11:35:15 AM +1100 Mark Andrews wrote: > You need to be looking a debug 3. > > notify_log(notify->zone, ISC_LOG_DEBUG(3), "sending notify to >

Re: NOTIFY logging problem

t turning on debug logging, I have to infer what servers notify was sent to based on AXFR/IXFR requests. (I try not to trust looking at config files when debugging because you can't be sure that the running config is the same as the on-disk config.) Anyway thanks

how do I get a slave to send NOTIFY messages?

I have also-notify configured for a slave zone. The real master is a so-called stealth master and all other slaves must consult this slave nameserver that has also-notify configured. The slave doesn't appear to be sending NOTIFY messages to the also-notify hosts. zytrax does say that also-notif

NOTIFY logging problem

(serial 2010012700) I'd like to see a verification of every host a NOTIFY message was sent to. -frank ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

AW: Disabling recursion causes browser hangs on clients with auto proxy config

m to react differently to "recursion not available" than they do for flat out "refused", especially when there are more than one name servers configured. However I cannot refuse because the clients still need to be able to resolve our zones. I will work something out for this, so

AW: Disabling recursion causes browser hangs on clients with auto proxy config

N domains ) { return proxy2; // WAN } else { return proxy1; // Internet } Basically what we do is return one proxy for WAN sites (depending on the domain name), another proxy for normal internet traffic or

Disabling recursion causes browser hangs on clients with auto proxy config

o; in one view and recursion yes; in the other which comes down to the same thing. I have also inquired on the Firefox mailing list about why the browsers behave this way (try to resolve forever when they shouldn't need to) but have not received a reply yet. I'd be glad for any insight

  1   2   >