On 2/11/24 02:07, Ole Aamot wrote:
"This whole “we support everything for 10 years” is just a sales pitch, not a
something that can be fulfilled." – Ondřej Surý — ISC
I realize that there was a whole kerfuffle here that I mercifully missed and
have absolutely no interest in.
But it did "pro
After some months of poking around, we are now certain that our so-called
"Business"
service from Comcast is compromising our DNS servers because of their
execrable "Security Edge" garbage. (They are willing to remove this 'service'
only if we are willing to incur a higher monthly recurring fe
Environment: Master/Slave with Split Horizon both on FreeBSD-STABLE
Bind 9.16.24_1
Master out in a cloud server
Slave on a physical server with a static IP on Comcast Business
Problem: After years of stable behavior, Slave intermittently not resolving
On 8/15/21 9:07 AM, G.W. Haywood via bind-users wrote:
> Hi there,
>
> On Sun, 15 Aug 2021, Tim Daneliuk wrote:
>
>> I have a bind slave instance running on FreeBSD 13-STABLE. Periodically
>> (after
>> a few days of perfect operation), it loses its ability to resolve at
>> least some names - in
I have a bind slave instance running on FreeBSD 13-STABLE. Periodically (after
a few days of perfect operation), it loses its ability to resolve at
least some names - in this case, git.freebsd.org. When I look at the logs, I
see this:
==> /var/log/named/query-errors <==
14-Aug-2021 16:48:33.376
On 8/11/21 12:49 PM, Richard T.A. Neal wrote:
> There's a very good article on the ISC website which discusses BIND logging:
> https://kb.isc.org/docs/aa-01526
>
> I recommend reading and implementing the logging as per their suggestion
> (backup or make a note of your current logging configurati
On 8/10/21 11:27 PM, raf via bind-users wrote:
> Does that help at all?
Very much thank you. I have now discovered my DNS key and corresponding DS
record. I believe the DS record is what I have to provide my registrar
as I understand it.
--
---
I am running bind 9.16.19 on two FreeBSD 13-STABLE instances. The master
is on a Digital Ocean droplet and works fine. The slave is hosted on
physical machine here in our offices.
This has always worked flawlessly until recently. Periodically, the slave
refuses to resolve names like 'git.freeb
On 8/10/21 7:32 PM, raf via bind-users wrote:
> To get the DS record information to convey to the
> registrar, after starting to use the default policy.
> look for the CDS record (the child version of the DS
> record) with dig:
>
> dig CDS EXAMPLE.ORG
>
> For the default policy, you'll only hav
On 8/10/21 10:07 AM, Matthijs Mekking wrote:
>> So just to be sure I'm doing the right thing, I've added this to my
>> options stanza:
>>
>> dnssec-policy "default";
>>
>> Then restarted named and now all the signing magic is taken care of for
>> me for all zones? (I was not previously using
On 8/10/21 7:51 AM, Matthijs Mekking wrote:
> Hi Klaus,
>
> On 10-08-2021 13:38, Klaus Darilion wrote:
>> Hi Matthijs!
>>
>>> We would like to encourage you to change your configurations to
>>> 'dnssec-policy'. See this KB article for migration help:
>>>
>>> https://kb.isc.org/docs/dnssec-key-and
On 5/20/21 8:43 AM, Anand Buddhdev wrote:
> On 20/05/2021 15:30, Tim Daneliuk via bind-users wrote:
>
> Hi Tim,
>
>> Recently - and for no obvious reason - the on-prem instance stops resolving
>> properly. The fix is to stop it, clear out the slave files, and restart.
&g
Running bind 9.16.15 on FreeBSD 11.4-STABLE.
Master is out on a cloud server at Digital Ocean. Slave is on-premise.
All on-prem LANs point to the slave instance.
Running split horizon to keep nosey parkers out of our local DNS assignments.
Recently - and for no obvious reason - the on-prem inst
On 2/28/21 5:52 PM, Mark Andrews wrote:
> Domain names without a trailing period are relative to the current origin.
>
> Domain names with a trailing period are absolute.
>
> If you want to add the record
>
> foo.bar.example.com. TXT …
>
> and the current origin is example.com. You can en
I am trying to understand when the LHS of a TXT record needs to be terminated
with '.'.
For example, I see this one of the machines I am managing. The server in
question is
the zone authority for foo.com:
foo.com. IN TXT "v=spf1 ...
foo.com. IN SPF "v=spf1 ...
something
15 matches
Mail list logo
