On 21/08/2017 14:23, Matthew Pounsett wrote:
On 21 August 2017 at 07:18, Phil Mayers <mailto:p.may...@imperial.ac.uk>> wrote:
Gandi are another excellent registrar that I can recommend. They
have a comprehensive API for all their features, including uploading
DNSSEC pu
On 18/08/17 16:25, Carl Byington wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Sigh, it sure would be nice if I had a registrar with a means to
automate DS submission.
You might want to look at gkg.net
Gandi are another excellent registrar that I can recommend. They have a
compre
On 23/07/2017 15:16, Mick Lee wrote:
I have a colleague who has said he has a parts of a PCAP to BIND query
log agent that runs on UNIX platforms, and he is happy to port that to
Windows for me - he's actually working on it now (for a few beers :) ).
dnscap basically does the same thing. No i
On 22/07/2017 07:33, Mick Lee wrote:
Hi Guys,
Can anyone offer any advice based on their experience?
Well, if I understand correctly, your main problem is the windows boxes
running windows DNS, so this is not a bind problem. You might be better
asking elsewhere.
However, honestly I would c
On 02/06/17 08:12, Browne, Stuart wrote:
Just some interesting investigation results. One of the URL's Matthew
Ian Eis linked to talked about using a tool called 'perf'. For the
hell of it, I gave it a shot.
perf is super-powerful.
On a sufficiently recent kernel you can also do interesting th
On 14/04/17 22:40, McDonald, Daniel (Dan) wrote:
That works fine for test.example.com. But when I go to production, I
need to do it for example.com
As others have noted, you can't delegate a single record from the apex.
tl;dr - vendor specific, as your GSLB vendor.
There are multiple soluti
On 23/02/17 20:21, Mitchell Kuch wrote:
In practice, we have encountered caching resolvers that provide
non-decrementing TTL values to downstream resolvers and clients. Even
That is a depressingly common residential ISP trick :o(
___
Please visit htt
On 23/02/17 13:05, Job wrote:
Hi guys,
i have this situation with RPZ zones (and can grow up with more RPZ zones):
This is the third time you've posted this query. It's not necessary or
polite to continually re-post the same message to the list.
If no-one has replied, it's possible no-one
On 12/02/2017 11:09, Woodworth, John R wrote:
SAMPLE ZONES:
101{redacted}.com. (REAL ZONE FILE)
jwjw.sales.101{redacted}.com. (REAL ZONE FILE)
You are missing the glue NS records in the parent zone (just verified by
local test of the before/after case). You need:
jwjw.sales.1
On 09/02/17 14:51, Reindl Harald wrote:
just take the "ExecStart" line, look in the environment file which
defines $OPTIONS, add them and finally -g and press enter
On RH-based systems, the SELinux transition behaviour is different
running something from the CLI versus init scripts/systemd, s
On 04/02/2017 09:18, Phil Mayers wrote:
On 03/02/17 16:53, Alan Clegg wrote:
The "rndc" option allows those that KNOW that they may need the data
begin the collection where everyone else isn't impacted. If you know
that this customer is at risk, tell them "run this comman
On 03/02/17 16:45, Mukund Sivaraman wrote:
The query log is getting more fields at the end of it such as
CLIENT-SUBNET logging.
Although it would be super-disruptive, has any thought been given to
moving to an entirely new log format, for example k/v or JSON? They're a
lot more extendable go
On 03/02/17 16:53, Alan Clegg wrote:
The "rndc" option allows those that KNOW that they may need the data
begin the collection where everyone else isn't impacted. If you know
that this customer is at risk, tell them "run this command, it's going
FWIW, I would tend to agree with this approach;
On 19/01/17 15:18, Matthew Pounsett wrote:
Yeah, I find processing the JSON stats much easier.. the tools for
importing JSON into tend to be
pretty straightforward to use.
Plug here for excellent CLI tools like httpie and jq for the
development/exploration phase of dealing with the stats (al
On 19/01/17 15:12, John W. Blue wrote:
Daniel,
Thanks for sharing. I like the HTTP statistics channel but trying slice
up the XML has been challenging. Going to be checking this combo out.
We moved to the JSON stats recently to get around a memory leak in our
XML based script. Far nicer IMO
On 12/01/17 15:37, G.W. Haywood wrote:
Maybe it makes a difference that I'm in England, and using IPv6?
FWIW I see the same thing - also UK-based on IPv6 but traceroute shows
I'm hitting a server in the US so I doubt that's relevant. Download of:
https://www.isc.org/downloads/file/bind-9-9-
On 17/11/16 02:29, LEE SUKMOON wrote:
This domain causes many recursive query.
And client received late SERVFAIL response.
I want to quickly response "*.jifr.net".
I want to solve this problem using RPZ.
See "qname-wait-recurse" in the bind ARM. This will apply policy to the
query for QNAME
On 18/10/16 08:26, Mukund Sivaraman wrote:
We know that IXFR with RPZ policy zones (esp. this DBL zone) causes some
trouble due to a less than desirable design / implementation of RPZ in
BIND. We have a plan to refactor the RPZ implementation for 9.12 to
remove these inefficiencies.
Can you sh
On 16/09/16 14:16, bert hubert wrote:
Your question is justified of course. The history of dnsdist goes back to
2013. We spent most of 2015 ramping it up, and even as we were doing so it
was already being deployed, pre-1.0.0.
I was mainly wondering about the comment:
"""
dnsdist is still ver
On 15/09/16 15:49, bert hubert wrote:
Sorry for running advertisement here. But please know dnsdist is software
neutral, it is not "powerdnsdist".
I've never come across dnsdist before. Would you describe it as
production-ready?
___
Please visit ht
On 14/09/16 20:41, Matthew Pounsett wrote:
Your best option is something that can do the job statelessly. As
Warren says, anything that keeps state (firewall, load balancer, etc.)
becomes a DoS target... or, at best, becomes the thing that runs out of
resources before your network or your DNS s
On 02/09/16 15:22, Daniel Stirnimann wrote:
Hi all
We maintain a block list with RPZ on our BIND resolvers. I noticed that
the RPZ policy action does not apply for domain names which SERVFAIL
(i.e. cannot be resolved by the resolver because of a timeout, lame
delegation etc.).
RPZ applies to r
On 22/08/16 13:07, Tony Finch wrote:
Alternatively, maybe you could add something to the ExecStartPre in the
unit file to poll `ip addr show` until all the expected interface
addresses are present, so that named doesn't start until the rest of the
system has untangled its legs.
I've run into s
On 26/07/16 01:40, /dev/rob0 wrote:
Features which would work well behind a GUI frontend exist, and more
are coming in BIND 9.11. See the rndc(8) manual and the various
commands it has.
To expand on this - the catalog zones in bind 9.11 should permit in-band
provisioning of new DNS zones. On
Yep, that's it. The MASQ entry will nat all outbound traffic to the primary IP
of the interface. If you want to be playing with secondary IPs this is almost
certainly not right.
--
Sent from my mobile device, please excuse brevity and typos___
Please v
On 19/07/16 00:38, Ian Veach wrote:
Negative Ghostrider...:
[root@foo:~]# iptables -t raw -nvL
Might want to check "-t nat" as well.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailin
On 12/07/16 15:13, Daniel Dawalibi wrote:
#dig @localhost soa domainname
Don't hide the domain. It makes it impossible for people to help you.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-use
On 22/06/16 11:59, Leonardo Oliveira Ortiz wrote:
Hello.
Someone had success to build it? I got make test errors...
I had no problems, but we build w/o tests to save time.
It's a quick edit to the .spec file to disable the tests.
%{?!test: %define test 0}
I think someone else repo
On 16/06/16 13:01, Tony Finch wrote:
Phil Mayers wrote:
For what it's worth, I've been aggressively monitoring DNS resolution of
outlook.office365.com from all four of our recursives, both A & , once a
minute for the past 3 months.
I wonder if you would notice more pr
On 16/06/16 13:09, Thomas Sturm wrote:
- with "prefetch 0” I am able to reproduce it every single time the TTL
expires, even on quiet dev hosts
- with “prefetch 2” I am able to reproduce it on loaded hosts only
- with “prefetch 10” I am NOT able to reproduce it at all
Hmm.
I thought prefetch
On 16/06/16 13:01, Daniel Stirnimann wrote:
(This was as part of "proving" that various O365 issues were client
side, not network-triggered)
If a resolver cannot resolve outlook.office365.com why should this be a
client side issue? Or do you mean the resolver is the client for
upstream queries?
On 16/06/16 12:58, Reindl Harald wrote:
hence you can't compare it with normal usecases since bind 9.10 does
prefetch which mask any upstream problem, especially TTL when you query
it all the time
If you're running bind 9.10, then bind 9.10 doing prefetch is a normal
use-case.
You make a go
On 16/06/16 12:15, Tony Finch wrote:
Thomas Sturm wrote:
We are experiencing strange intermittent issues when resolving
outlook.office365.com, but also with other domains like e.g.
amazonaws.com or snort.org.
Based on recent discussions on the mailop list
For what it's worth, I've been agg
On 18/05/16 22:10, Con Wieland wrote:
I am having an issue resolving www.cloudsat.cira.colostate.edu
"rndc dumpdb" can be helpful in this case, IME. Dump the cache then
inspect the records and parent delegations, see what bind thinks is
in-cache when it's broken.
On 01/05/16 19:15, jaso...@mail-central.com wrote:
On Sun, May 1, 2016, at 11:05 AM, Phil Mayers wrote:
IIUC, though, a nameserver restart is supposed to force the
write-to-journal immediately, right?
No, I don't think so.
Perhaps the behaviour in flush-zones-on-shutdown (which defaul
On 01/05/16 19:05, Phil Mayers wrote:
On 30/04/16 04:49, jaso...@mail-central.com wrote:
Hi
On Fri, Apr 29, 2016, at 08:42 PM, Mark Andrews wrote:
Just give it time. The zone contents are the masterfile + journal.
The masterfile only gets written periodically as it can be a expensive
On 30/04/16 04:49, jaso...@mail-central.com wrote:
Hi
On Fri, Apr 29, 2016, at 08:42 PM, Mark Andrews wrote:
Just give it time. The zone contents are the masterfile + journal.
The masterfile only gets written periodically as it can be a expensive
operation.
Sure, under normal operation, as I
On 27/04/16 20:44, Barry Margolin wrote:
I've long since stopped getting bothered by sloppy language like this,
ever since people started using "IP" as short for "IP address", or using
"class A, B, C" to refer to /8, /6, and /24 prefixes, rather than the
original address ranges.
The context alw
On 01/04/16 11:52, Niall O'Reilly wrote:
If you are going to pick a single authority for a particular label, it
should be the zone that determines whether that label exists or not.
That seems no less arbitrary a rule of thumb than one which would
give priority to the zone which contains
On 30/03/2016 13:15, Tony Finch wrote:
Phil Mayers wrote:
On 30/03/16 10:50, Tony Finch wrote:
Yes, we encountered that problem recently :-) You can revert to the old
behaviour using
no-case-compress { any; };
+1 super confusing when we first ran into it (Exim dnslookup.c, by any
On 30/03/2016 13:32, Mark Andrews wrote:
That said anything matching ownernames should be doing this case
insensitively.
Absolutely. In our case it was something a little more subtle - the app
(Exim) was actually looking for case-changed replies and altering its
input to match, which under c
On 30/03/2016 13:23, Tony Finch wrote:
Phil Mayers wrote:
What is considered the source of the ownername for, say, "com."?
It should be the root zone master file.
Doh, of course - brainfade, it should be the root.
I am mildly surprised that the root and TLD/2LD servers aren&#
On 30/03/2016 12:25, Mark Andrews wrote:
The recent change was to record and return the learnt case of
ownernames (to the RRset level) rather than use whatever was used
to build the red-black tree names.
What is considered the source of the ownername for, say, "com."? One
thing I saw when I w
On 30/03/16 01:19, Mark Andrews wrote:
Your monitoring probe is broken.
STD 13 says that that the DNS is case preserving. The problem is
that lots of servers aren't case preserving instead they echo back
the query case in the owner names of records returned which named
then records.
Can I be
On 30/03/16 10:50, Tony Finch wrote:
Yes, we encountered that problem recently :-) You can revert to the old
behaviour using
no-case-compress { any; };
+1 super confusing when we first ran into it (Exim dnslookup.c, by any
chance? ;o)
In detail, since I spent ages figuring this ou
On 18/03/16 14:52, /dev/rob0 wrote:
On Fri, Mar 18, 2016 at 10:04:05AM -0400, Thomas Schulz wrote:
I turns out that it is harder than I thought to allow incomming
connections from both providers at the same time, so I may not do
that after all.
Multiple route tables (and rules to choose the ap
On 16/03/16 12:48, Lightner, Jeff wrote:
You might want to try "ip a" vs ifconfig. RHEL7 uses Network
Manager and in the past I've found some things don't show up in
ifconfig output when doing alias/virtual interfaces.
Usually even when other products (e.g. Oracle RAC/GRID) create
virtual inte
On 15/03/16 23:06, Mike Bernhardt wrote:
So, I'm hoping that either
1) There is a way to tell BIND to use an IP address that is not on an
interface, or
I don't think there is.
I can think of all kinds of horrible workarounds - iptables SNAT, shell
script doing a config-change & rndc reconfig
On 13/03/16 18:07, David Li wrote:
We are implementing an enterprise distributed system with many Centos
7 servers. Each server or a group of servers may run a different app
or provide a difference service to others. These service may come and
go. The challenge is how to use DNS-SD to let them
We've run into our first minor weirdness with an application that gets
tripped over by a mixed-case response.
Just so I can communicate accurately to the relevant parties in our
discussions - what is the anticipated lifetime of the "no-case-compress"
config option? Does ISC think it might get
On 21/01/2016 18:41, Darcy Kevin (FCA) wrote:
If the answer to both of those questions is “yes”, then I think you’re
in for a bit of a challenge, since I don’t know that the DHCP server
Agreed, this is hard.
Personally I think views are almost always a mistake, but if OP has to
do this, the
On 13/01/2016 19:38, blrmaani wrote:
Here is the issue:
I am sending approx 200 'A' queries to the DNS server and my above calculation
is showing a value of 2 queries-per-second.
Does the XML value you're looking at measure outbound or inbound
queries, and are the queries you're sending bein
On 04/01/16 13:54, MAYER Hans wrote:
As you can see “named” is using 842 MB physical and 982 MB virtual
memory. Much more than configured.
Well, bind will use memory for things other than cache.
Try accessing the statistics XML channel over HTTP with a browser; it'll
render to HTML via style
On 09/12/15 23:32, blrmaani wrote:
Hi, I would like to put 4 DNS masters behind a vip and have several
slaves doing the zone transfer from the VIP-IP. Is this normal?
In my experience no, this is not normal.
You might consider putting a "virtual" or "service" IP on your master(s)
that you can
On 18/11/15 21:26, Stephane Bortzmeyer wrote:
On Wed, Nov 18, 2015 at 12:19:57PM +,
Phil Mayers wrote
a message of 44 lines which said:
I suspect getaddrinfo isn't parsing the DNS response for some reason.
...
Obviously the *.thing on the RHS of the first CNAME is weird, but
All,
This isn't strictly a "bind" question, but it kind-of, sort-of is.
We've got an Office 365 tenancy, along with offsite voicemail. We send
our SIP connections to a hostname:
$GUID.um.outlook.com
This hostname is resolvable using "dig" & "host", but on Linux (glibc
2.20) the "ping", "tel
On 22/10/15 16:37, Reindl Harald wrote:
since in a normal environment that don't matter consider in case of a
caching-only nameserver in such an environment using unbound instead of
named because it supports "cache-min-ttl" which is also strongly
recommended on a inbound mailserver using RBL's
On 22/10/15 16:30, Steve Arntzen wrote:
As a test, I tried forwarding (and forward only) google.com to Google's
public DNS server. Although the packets did go directly to 8.8.8.8 as
expected, my Bind server still (for safe verification) performed the
second look up. Note, the requesting client
On 20/10/15 07:26, Harshith Mulky wrote:
Hi All,
How can a Client verify if the DNS Server is Running(named service is
Running) or Down?
By the presence or absence of a reply to a query.
Does it periodically send any messages to the server.
No. It just sends a query when it has one, and wa
On 03/09/15 15:14, Mukund Sivaraman wrote:
The numbers are overall counts for that view, after the contents of that
policy zone have been loaded. Cumulatively, they should match the number
of records in your policy zones (named starts with empty RPZ state).
In that case, those counts are absol
Minor cosmetic bug, but we're seeing logs like:
03-Sep-2015 12:18:50.751 (re)loading policy zone 'rpz.' changed
from 0 to 77406 qname, 0 to 0 nsdname, 769 to 771 IP, 0 to 0 NSIP, 0 to
0 CLIENTIP entries
03-Sep-2015 12:18:58.029 (re)loading policy zone 'rpz.'
changed from 77406 to 1213943 qna
On 02/09/15 21:57, Carl Byington wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
Sigh. FYI, Chrome popped this error up for me:
"""
Google Safe Browsing recently found harmful programs on www.five-ten-sg.com.
"""
Silly
On 26/05/15 22:00, Mike Hoskins (michoski) wrote:
However, as we've mostly just been turning knobs in an attempt to minimize
log entries... insight from operators is appreciated.
We run with:
rate-limit { responses-per-second 20; };
3x internet-facing resolvers answering about 5-25k qps a
On 14/04/15 00:44, Mark Andrews wrote:
No. Named caches NXDOMAIN and NOERROR NODATA to ANY queries
indendently of qtype (with the exception of DS/NXDOMAIN).
Shrug. As I've said a couple of times, I'm not experiencing this
problem, so it makes no difference to me. I'm really just wondering al
On 13/04/15 14:28, Tony Finch wrote:
Phil Mayers wrote:
Be interesting to see what happens. I like the NSEC/TYPExxx idea for
simplicity.
The best suggestion so far is
http://www.ietf.org/mail-archive/web/dnsop/current/msg13945.html
Nice, didn't spot tha
On 13/04/15 14:12, Tony Finch wrote:
Phil Mayers wrote:
Ah ha. This is interesting.
If you like that you'll loathe this:
http://www.ietf.org/mail-archive/web/dnsop/current/msg13667.html
Yowza! The threads surrounding that one... I see djb chimed in.
ANY is useful. It would be a mar
On 13/04/15 13:48, Tony Finch wrote:
Phil Mayers wrote:
TBH I wonder if bind mightn't be better caching ANY as a separate
pseudo-type, if I'm understanding the problem correctly.
Actually I think you are asking for BIND not to treat ANY specially :-)
Maybe. I don't have ANY
On 11/04/15 14:03, Chuck Anderson wrote:
I can't stop clients from making certain kinds of queries (unless BIND
has a feature to refuse such queries or not recurse for them?).
Whenever a client makes the 'ANY' query, it effectively causes a DoS
on that name. Luckily the MinTTL is only 30 second
On 08/04/15 22:00, Chuck Anderson wrote:
No, you are right. My filtered view of the packet capture was missing
the fact that another unrelated client did an 'ANY' query. I found it
in the query log. BIND 9.10 implements prefresh, but I'm on 9.8.2.
Oops just saw this, disregard my other ema
On 08/04/15 20:25, Chuck Anderson wrote:
My questions are, what is at fault here? Is it a BIND bug to expect
It all sounds really odd. In particular, if there is no recursive client
triggering them, and no prefetch, where are these ANY/A queries on TTL
expiry coming from?
Are you certain
On 08/03/15 16:09, Carsten Strotmann wrote:
Hi,
I'm doing some performance tests on some modern Haswell CPU machines (20
cores) using Ubuntu Linux 14.04 (Kernel 3.13.0-46-generic) using BIND
9.10.1-P2 compiled with "--with-tuning=large".
With using 8 worker threads I get near 400K QPS via IPv4
On 09/02/15 13:29, Chuck Anderson wrote:
He could build a nosrc.rpm by using NoSource: tags instead of Source:
tags in the spec file.
Just to clarify I don't want this to come across as criticism - this is
a suggestion that might save the person providing the download some
bandwidth. If it's
On 09/02/15 13:00, Reindl Harald wrote:
Am 09.02.2015 um 13:33 schrieb Phil Mayers:
On 09/02/15 01:29, Carl Byington wrote:
On Sun, 2015-02-08 at 16:10 +0200, Eliezer Croitoru wrote:
I had some issues in some old versions of CentOS 6 for a caching
server so I have compiled bind from sources
On 09/02/15 01:29, Carl Byington wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, 2015-02-08 at 16:10 +0200, Eliezer Croitoru wrote:
I had some issues in some old versions of CentOS 6 for a caching
server so I have compiled bind from sources.
You might try the building the source
On 03/02/15 05:51, Ray Van Dolson wrote:
We have a Lync 2013 environment with all of its DNS records living
within our primary domain (esri.com). I have a need to override all of
the Lync related DNS records so that they resolve differently for a set
of client IP's (clients which connect via VPN
On 21/01/15 15:46, eric.berthiaume.exter...@banque-france.fr wrote:
So it it does seem to be rolling the changes but jnl files still
persist. It’s not terribly bothering but I would like to know if this
is the normal behavior.
It's normal. The .jnl files contain the data required to perform
On 16/01/2015 15:07, John wrote:
On 1/16/2015 8:59 AM, Phil Mayers wrote:
On 16/01/2015 13:00, John wrote:
But for this to work I would need to enable recursion on the
authoritative server for masters
Why?
Because the last time I tried it, it did not work!
Authoritative servers don&#
On 16/01/2015 13:00, John wrote:
But for this to work I would need to enable recursion on the
authoritative server for masters
Why?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
On 13/01/15 12:39, Phil Mayers wrote:
On 13/01/15 12:37, Anand Buddhdev wrote:
On 13/01/15 13:27, Phil Mayers wrote:
Just to save anyone else the trouble, I've just found that some of the
GSLB names for *.adobe.com return NXDOMAIN with "nsid" options present:
It's no
On 13/01/15 12:37, Anand Buddhdev wrote:
On 13/01/15 13:27, Phil Mayers wrote:
Just to save anyone else the trouble, I've just found that some of the
GSLB names for *.adobe.com return NXDOMAIN with "nsid" options present:
It's not just NSID. They're responding with
On 13/01/15 12:27, Phil Mayers wrote:
Just to save anyone else the trouble, I've just found that some of the
GSLB names for *.adobe.com return NXDOMAIN with "nsid" options present:
...and in fact "sit", which is the actual problem option we're hitting
(our 9
Just to save anyone else the trouble, I've just found that some of the
GSLB names for *.adobe.com return NXDOMAIN with "nsid" options present:
# dig +norec +dnssec +nsid @193.104.215.247 ardownload.wip4.adobe.com
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50062
...versu
On 06/01/15 22:52, Anne Bennett wrote:
I don't know what to make of this; it looks as though the
technology is several years old, and my experience with ISC
bind is usually excellent. Has anyone else encountered this
type of flakiness?
No, but we're not using client-ip RPZ, just qname-based b
On 24/12/14 17:08, Frank Bulk wrote:
Except queries from 96.31.0.5 and 199.120.69.24 reliably return the
while queries from 96.31.0.20 do not. And we're all the same ISP, and in
the one case, from the same /24. I don't think Google is that granular. And
we do have good IPv6 connectivity.
On 20/10/14 14:22, Frank Bulk (iname.com) wrote:
We’re using this in a bash shell script. I don’t think there’s a native
shell command to get the IP, so I’ll use a mixture of host and dig as
necessary.
If your system has it, try "getent" e.g.
getent ahosts hostname
___
On 19/08/14 13:12, Bazy V wrote:
$ORIGIN 20.172.IN-ADDR.ARPA.
0.220/24 NS ns2.sub.test.com
You don't need to do this. You just need:
$ORIGIN 20.172.IN-ADDR.ARPA.
220 NS ns2.sub.test.com.
RFC 2317 is only need for /25 and longer.
___
Plea
On 01/08/14 15:46, Reindl Harald wrote:
if listen-on {0.0.0.0;}; would work a lot of problems
could go away - keep in mind that on modern systemd
systems a service can bind to 0.0.0.0 even before
the network is started
Most people just use "rndc reconfig". In bind 9.10 the routing socket,
on
On 11/07/14 16:45, Steffen Sledz wrote:
We have a local DNS server providing local IPv6 zones (fd44:...).
The server itself is reachable via IPv4 and IPv6 but has no IPv6 uplink.
With our current configuration everything works well, but we've a lot of errors
in the logfile:
"Jul 11 17:39:48 z
On 09/07/14 14:16, Reindl Harald wrote:
however, i wonder what takes 90 seconds to load 5000 zones
Depends how big they are.
the records-sql table has 3000 entries for all zones (backend
That is not very big. We've got zones with nearly 1M records in them,
including NSEC/RRSIG.
_
On 06/06/14 12:35, Reindl Harald wrote:
Am 06.06.2014 13:28, schrieb Matus UHLAR - fantomas:
On 06.06.14 13:13, Reindl Harald wrote:
why does in case of asking the slave always come a
"WARNING: recursion requested but not available"
even if you dig a A-record he is authoritative?
because you
On 21 May 2014 10:24:23 BST, Klaus Darilion
wrote:
>> Further, I see that sometimes there are no private records at all.
>When
>> does this happen? (I never called "rndc signing -clear")
>
>It seems that this happens when Bind is restarted.
>
>So, what is the suggested (and reliable) way for ext
On 18/05/14 09:26, Hongyi Zhao wrote:
Yes, I want to let bind/named prefetch records that are being queried
regularly. In this way, I'll have a set of up-to-date cached records
that I've been queried. Can the prefetch function plus caching mode of
bind/named do this for me?
Re-read Marks rep
On 16/05/14 05:38, Yossi Eskenazi wrote:
but there are many domains which cannot get through. The problem
appeared rather recently, so I suspect that an update in a firewall
brand, or a dns server update is causing this.
Almost certainly not. It's very likely your network provider or one of
t
On 09/05/2014 18:47, Jon Fullmer wrote:
(Sorry, let's try that again WITHOUT "smart quotes":)
Yeaaahhh that did not work out so well:
Content-Type: text/plain; charset="big5"
Your apostrophes ended up being a chinese character, CJK UNIFIED
IDEOGRAPH-6613 according to Python's unicodedata
On 07/05/14 15:05, David A. Evans wrote:
Can anyone else verify this behavior? What is going on with
www.rackspace.com? If this is a miss configuration on Rackspace's DNS
servers how are they not getting hit with support calls like crazy?
We don't have any NSDNAME RPZ entries, an
On 06/05/2014 19:39, Evan Hunt wrote:
I don't want to influence the conversation here by saying too much about
the ideas we've had so far, but I wanted to say: if anyone has specific
thoughts on how to make this sort of thing easier in BIND -- even just at
the level of "boy, it irritates me that
On 15/03/2014 10:09, Maren S. Leizaola wrote:
Can someone provide an answer that does not refer to zone transfers?
Your original email said:
What I want to be able to detect are serial number errors, where a
zone has been updated but the serial number has not changed
Then you said:
I am
Quite right I should have noted the need to canonicalise.
--
Sent from my phone with, please excuse brevity and typos___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lis
On 14/03/14 12:28, Maren S. Leizaola wrote:
Hello,
What do you guys recommend to audit every resource
record in a zone file against all the records in all the DNS servers
that host the zone file.
I want something that I feed the master zone file and then goes to each
NS s
On 06/03/14 08:53, Tony Finch wrote:
Jason Hellenthal wrote:
I recall spending a LOT of time with DNSSEC figuring out all the
nonsense but like anything else stability and friendliness has to start
somewhere. And development should not be impeded by adoption of bad
practices. Fix the root caus
1 - 100 of 492 matches
Mail list logo
