Hello Erich,
more below.
On 11/12/19 2:22 PM, Erich Eckner wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, 12 Nov 2019, Tony Finch wrote:
Erich Eckner wrote:
I have also a hard time, generating some useful debug output
- setting `-d 9` does not give additional information i
Hello Jóhann,
I am packager of BIND in RHEL and Fedora. I would like everyone would
use our BIND packages. But we have some modifications, as was already
mentioned. Some of them are important for FreeIPA to work, some provide
bind-sdb build to use SDB features. Also some other changes that bou
Hi John,
I came to similar example and wanted possible names also under developer
namespace. Something like dev1.user.example.org, you could add to zone
user.example.org:
dev1.user.example.org. IN NS dev1.example.org.
Then configure dev1 like Ondřej suggested, set dev1.example.org IP from
DHCP.
Thank you Paul,
this document is far better than I hoped for. I have to improve my
googling skills it seems. This is brilliant.
On 9/30/19 5:35 PM, Paul Ebersman wrote:
> pemensik> I am aware search is a no-no in DNS community. However, is
> pemensik> there any public documentation to this change
. Yes, this was a considered decision.
>
> Searching with partially qualified names with non-default ndots is also
> unsafe, but slightly less so. You reach internal information / services
> accidentally instead of leaking it to a external party.
>
> Mark
>
>> On 26 Sep 2019, at
Hello,
I got bug report [1] about different behavior of nslookup in 9.11
version compared to old 9.9 version. At first I thought this issue
should be closed right away. But when I digged into changes in BIND, I
could not find any reason for given change. It seems to me the effect
was not desired.
On 4/8/19 3:42 PM, Karl Lovink via bind-users wrote:
> I cannot use a registered domain name because I’am building a phishing demo
> environment and I do not want to use an internet connection.
How exactly is this different from using private TLD domain? In any way,
you have to provide authorit
On 4/8/19 1:05 PM, Matus UHLAR - fantomas wrote:
>> Karl Lovink via bind-users wrote:
>>> I am trying to set up a private gTLD with BIND9 and underneath that gTLD
>>> a subdomain.
>
> On 08.04.19 12:00, Tony Finch wrote:
>> Why a TLD?
>>
>> You will have fewer problems if you get a properly reg
is new enough and not used in similar cases.
On 4/1/19 12:17 PM, Klaus Malorny wrote:
> On 01.04.19 11:18, Petr Mensik wrote:
>> Hi Klaus,
>>
>> [...]
>>
>
>
> Thanks for the response. I have seen the LDAP implementation, but
> haven't looked deeper int
Hi Klaus,
I would recommend taking a look at bind-dyndb-ldap documentation [1], as
I think it still is the only one plugin in active use. Unfortunately not
under active development, but should be able to answer many of your
questions. Some questions could be asked in FreeIPA mailing list, but it
d
Hi Tony and Milan,
softhsm2 contains useful tool that converts bind private key file into
PKCS#8 format: softhsm2-keyconv.
Or modify dnssec-keyfromlabel to be able read files from different file
formats as well?
Maybe, just maybe it would be easier to modify that tool to be able
producing also t
Hi Cody,
please check contents of managed-keys.bind or viewname.mkeys files in
bind working directory. It can be redirected somewhere else by
managed-keys-directory option.
These files contains state of managed keys of BIND. Its contents can be
analysed by manually or by perl script in contrib/sc
Hi Mark,
Dne 7.9.2018 v 10:49 Mark Elkins napsal(a):
> It would probably have been more helpful (speeded up finding the
> problem) if the error message "file 'named.secroots': permission denied"
> also gave the directory name that it was trying to write to? Just a thought.
> Sometimes we don't see
Hi,
also a few notes to it.
Dne 7.9.2018 v 04:05 Brent Swingle napsal(a):
> This matter has been resolved with input from Evan. I was able to add a file
> path for secroots to the named.conf file and push the output file to a temp
> directory that was not permission restricted.
>
> secroots-f
etr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com PGP: 65C6C973
- Original Message -
From: "Reindl Harald"
To: bind-users@lists.isc.org
Sent: Friday, August 11, 2017 4:04:12 PM
Subject: Re: bind-chroot, runs, works, dies
Am 11.08.2017 um 15:57
Hi Todd,
that means you are trying to save session.key into directory where SELinux is
forbidding write access to named.
Session.key is file created once per start and removed before shutdown. I think
you have something wrong with link /var/run/named -> /run/named link.
Default built-in value is
Hi Todd.
I think much better than Ask Fedora would be filling a bug in
bugzilla.redhat.com. I would see it straight away.
I am Fedora bind maintainer. If there is bug preventing correct start of
named-chroot, I would like to fix it.
You would see SElinux errors in command "ausearch -i -ts recen
Hi,
I think you should use file "dynamic/db..signed"; instead. On Red
Hat /var/named is by default read only to named. It is enforced both by unix
permissions and SELinux policy. I think you are being blocked by selinux.
Try sudo ausearch -i -ts recent -m avc -m user_avc -m selinux_err
It may s
Dear Enrico,
I have never configured DLZ zone myself.
There is clear error: all nodes query must specify a search base
I think it did not parse some query uri well. Could you add at least -d 1 to
OPTIONS in /etc/sysconfig/named and retry?
It will provide more details about query before it fails.
Hello Michelle,
There is some documentation on
http://bind-dlz.sourceforge.net/postgresql_driver.html. It seems old, but DLZ
driver did not get major changes in last years. There is also example at
http://bind-dlz.sourceforge.net/postgresql_example.html. Of course there is
source code in bind
I think you might have problem with DNSSEC validation. Bind in rhel6 validates
root by default and have got built-in root key compiled in. Have you tried
dnssec-validation no; option in your config?
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com PGP:
A) $ORIGIN changes appended suffix to all hostnames without trailing . for all
following records. You can change it more than one time.
Unless I am mistaken, NS records of first section would expand to
. NS local.atlanta.com.
. NS kabulvm8.atlanta.com.
That seems wrong to me.
B) Yes, it is almos
Hello Kishore,
It is not so simple. What was merged into BIND 9.11 is only dynamic database
API, that is bind-dyndb-ldap using. That dynamic database does not store any
permanent data, it is only interface other plugins can use.
That means dynamic_db provided by custom patch for RHEL and Fedora
23 matches
Mail list logo
