Hi,
We had the same issue as James, fortunately with no impact on production.
But I agree that , although I finally found the warning at the very bottom of
the mail announcing the new release, this MAJOR change should have been
announced more clearly.
How do you find out whether or not you have
onday, October 31, 2022 5:30 PM
To: BIND users
Cc: Veronique Lefebure
Subject: Re: dig +norecurse behaviour changed with 9.16.33
Since we have already established that this is not a **dig** issue, you might
want
to look at the `minimal-responses` option. The default has changed from `no` to
`no-auth-rec
olv.conf you have a 'search' list. Personally I don't like search
> lists because they potentially increase the workload of the DNS system
> generally, lengthen query times and mean that you can't be sure exactly where
> an answer came from.
>
>
> Thanks
and
> bolts, is with a packet capture.
>
>
>
>
> You thought this was an easy question, huh ;)
>
> Can you provide at least some of these things, to get started?
>
>
> Cheers, Greg
>
>
> On Wed, 26 Oct 2022 at 16:41, Veronique Lefebure <mailto:
Hi,
dig answer is different between BIND 9.11 and BIND 9.16(.33) when +norecurse
option is used.
Is this documented somewhere ?
Is there an option that needs to be set so that the behaviour of 9.16 is the
same as the one in 9.11.
The change is that with 9.16, if the requested name
.
(139.91.191.3, 2001:648:2c30::191:3, UDP_-_EDNS0_4096_D_KN)
as indicated by https://dnsviz.net/d/physics.uoi.gr/dnssec/ ?
I guess so.
So with BIND 9.19 all queries using 139.91.191.3 will fail, but other NS will
answer successfully ?
> On 09/05/2022 13:19 Veronique Lefebure wrote:
>
>
imply ipv6, is it correct to say that the BIND messages
above are misleading ?
Or is there really a EDNS-related issue ?
Thanks again,
Veronique
> On 05/05/2022 03:01 Mark Andrews wrote:
>
>
> > On 5 May 2022, at 00:17, Veronique Lefebure
> > wrote:
> >
> >
Thanks Greg and Ondrej,
Many thanks for the pointer to DNS Cookies in BIND 9 (isc.org)
https://kb.isc.org/docs/aa-01387
I have used https://ednscomp.isc.org/ednscomp/1ba42afa27 to check if they are
compliant, but the answer is ambiguous:
EDNS Compliance Tester
Checking: 'sour.woinsta.com' as
Hello,
If we see this on our DNS server logs (BIND 9.11):
04-May-2022 12:55:37.675 edns-disabled: info: success resolving
'sour.woinsta.com/A' (in 'woinsta.com'?) after disabling EDNS
- are we correct to say that with BIND 9.16, that query wil always fail because
EDNS won't be disabled anymore
gs in case of
pipelining ?
Thanks,
Veronique
-Original Message-
From: Cathy Almond
Sent: 09 December 2019 10:05
To: Veronique Lefebure
Subject: Re: FW: Question about CVE-2019-6477: TCP-pipelined queries can bypass
tcp-clients limit
Hi Veronique,
I replied the same day:
https://lis
10 matches
Mail list logo
