> # 8.8.4.4 port 853 tls google-tls;
>
> };
>
>
>
> forward only;
>
>
>
> allow-transfer { none; };
>
>
>
> dnssec-validation auto;
>
>
>
> listen-on port 443 tls router1-tls http default { trus
t of the
> standard BIND dnstap support? If not, I will gladly contribute my change to
> the ISC.
>
> Regards,
> Greg
I can't think of any reason not to have support for dnstap logging of
UPDATEs on the server side in BIND. It just wasn't a focus for the
original dnstap desi
ing something that hooks into the
> network IO layer.
>
> If you want to record other kinds of messages (UPDATE, NOTIFY, etc.) it
> would probably be best to extend the dnstap `Type` enum, and add
> corresponding dns_dt_send() calls to BIND's code. But you should check
> with R
Ronald F. Guilmette wrote:
> In message <20180320205558.23ld7b2orcfky...@mycre.ws>,
> Robert Edmonds wrote:
>
> >Rick Dicaire wrote:
> >> For libbind9, https://packages.ubuntu.com/trusty/libbind9-90
> >
> >You would also need the ".so" symlin
also shipped a copy of
the old BIND4/8 "libbind" resolver (configure --enable-libbind). At
which point it was split out into a separate tarball distribution
(https://ftp.isc.org/isc/libbind/) and given the arbitrary version
number 6.0.
--
Robert Edmonds
bly have been named
libbind9-dev. It's unrelated to the original "libbind"
(https://www.isc.org/downloads/libbind/).
However, note that there's also a proposal to get rid of the public
BIND9 libraries and turn these into private APIs:
https://gitlab.isc.org/isc-projects/bi
Ronald F. Guilmette wrote:
> In message <20180320193041.d2bwvgkgyvqem...@mycre.ws>,
> Robert Edmonds wrote:
>
> >For glibc versions that are less than about ten years old, these should
> >be available in libresolv, which is part of glibc.
>
> Thanks Robert!
unctions from from
libresolv in version GLIBC_2.9.
[...]
See the resolver(3) manpage, which is probably in the manpages-dev
package on Ubuntu 14.
This is unrelated to libbind9, which is a different API.
--
Robert Edmonds
___
Please visit https://list
bility to perform privileged binds at
runtime. Or you could eliminate CAP_SYS_CHROOT and use other systemd
functionality to make parts of the filesystem inaccessible, etc.) This
pattern might be a bit hard to retrofit into BIND at this point, though,
other than by adding more knobs.
--
Robert Edmond
is maintained by Farsight Security
(https://www.farsightsecurity.com/) and the source code is available on
GitHub:
https://github.com/farsightsec/fstrm
--
Robert Edmonds
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
is here:
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=9a36fb86f5019f25705d25ea729d03fcf8ecaa95
--
Robert Edmonds
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users m
ations that use NAPTR. For DNS servers, NAPTR is
> just a record it handles the way it does any other normal record, like
> A or HINFO.
Or the URI RR, which requires authoritative nameservers to know
absolutely nothing about the encoding of URIs.
--
Robert Edmonds
_
re).
But I don't see how you get from those marginal benefits to: DNS should
have had regex-driven template engines (!) in authoritative nameservers
from the beginning.
--
Robert Edmonds
___
Please visit https://lists.isc.org/mailman/list
n
templates in your nameserver. Knot DNS's "minimal viable product"
implementation is ~300 SLOC and uses a hardcoded template.
--
Robert Edmonds
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from th
s or making static PTR-entries? How does other
> companies handle this issue?
A very popular option is to only create or delegate IPv6 PTR entries for
hosts with static address assignments, and to return NXDOMAIN for
address space used for dynamic address assignm
9.11.0 alpha releases). We do have some pending
> patches that were submitted before this change that have not been integrated.
> I don’t think any of those are significant, but perhaps we should not
> integrate them unless/until we confirm that they are ok with the new license
> an
e, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
How does ISC then both a) Merge this contribution into the BIND
mainline, and b) Sell a "pay for exception" version of BIND containing
this contribution?
--
Rob
Tony Finch wrote:
> Phil Mayers wrote:
> >
> > What is considered the source of the ownername for, say, "com."?
>
> It should be the root zone master file.
Why not the com zone master file?
--
Robert Edmonds
___
Ple
fy(0, "READY=1");'
once the daemon is ready to accept requests.
--
Robert Edmonds
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
vice Switch (NSS). Static linking of glibc is
not supported on Red Hat Enterprise Linux, but the potential
breakage is nevertheless a reason to minimize changes in this area.
[...]
--
Robert Edmonds
___
Please visit https://lists.isc.o
in DNS tree order, or could it be
convinced to follow the LRU order?
--
Robert Edmonds
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ting
output for messages having a 'query_zone' field set to the root label,
which is a little less awkward and more future-proof than enumerating
all of the root server addresses.
--
Robert Edmonds
___
Please visit https://lists.isc.org/mailman/l
mmunity.
+1
--
Robert Edmonds
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ns2.msft.net.
outlook.com.172800 IN NS ns4.msft.net.
outlook.com.172800 IN NS ns1.msft.net.
outlook.com.172800 IN NS ns3.msft.net.
--
Robert Edmonds
___
Please visit https://lists.i
ina.naguib.ca/blog/2012/10/22/the-little-ssh-that-sometimes-couldnt.html
--
Robert Edmonds
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
25 matches
Mail list logo
