Darilion
Cc: Klaus Darilion via bind-users
Subject: Re: Sporadic Timeouts after upgrading to bind9.20
Hi Klaus,
we've identified an issue in the glue cache that have been causing drops in the
performance.
Can you test a development branch or do you need fix on top of 9.20?
Ondrej
--
Ondřej
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On 15/01/2025 4:56 am, Lee wrote:
Should bind answer when asked for an A record for random.name.localhost?
If so, does the ISC ship a db.local with a wildcard - eg.
--- cut here ---
@ IN NS localhost.
@ IN A 127.0.0.1
@ IN ::1
* IN
tro,
but can be changed by modifying /etc/nsswitch.conf.
* I'm not sure about Android.
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.
nameserver
entries in /etc/resolv.conf determine where queries are sent, which could
be a local instance of BIND.
If the local BIND is authoritative for localhost/.local etc. then it should
respond in microseconds. I don't know how this would compare with a lookup
into hosts. I suspect hosts wou
On 13/01/2025 12:44, Lee wrote:
As long as I'm asking ignorant questions.. is there some reason why
bind (at least as it came configured on my Debian machine) looks up
.local names?
I added this bit to named.conf to do what seemed reasonable. But
again - it seems reasonable _to me_ I dun
Hello Evan and Petr!
Thanks for the details.
Klaus
> -Original Message-
> From: Evan Hunt
> Sent: Thursday, January 9, 2025 7:32 PM
> To: Klaus Darilion
> Cc: Greg Choules via bind-users
> Subject: Re: Binary zone file and journal compatibility between Bind9 version
Hello!
For testing I often up- and downgrade Bind versions, ie. Between 9.18, 9.20 and
9.21. I wonder how stable the binary zone file format and journal file format
is, and if there are changes in the binary format, if Bind would detect that
and behave properly.
I am concerned about zones
I tried disabling and stopped systemd resolved. It didn't fix the issue. I
checked in nsswitch, and could see the entries for file, group, user with
systemd.
Get Outlook for iOS<https://aka.ms/o0ukef>
From: bind-users on behalf of Fred Morris
Sen
remember any time I cared about the DHCP server's
IP in the last two decades, other than DHCP helpers / forwarders.
I'm sure there are some edge cases that I'm not thinking of. I'd be
curious to learn edge cases others have run into.
As others have said, running BIND and
a
different box.
Try it and see. Personally I would use different addresses for DNS and DHCP
service, just to make it easy to know which is which.
I'm sure there will be many opinions :)
Cheers, Greg
On Wed, 8 Jan 2025 at 15:35, Karol Nowicki via bind-users <
bind-users@lists.isc.or
Hello
Does a good practice recommend to split running ISC Bind and DHCP into two
different machines or make DNS+DHCP running on same server is allowed ?
Thanks
Wysłane z Yahoo Mail do iPhone
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds
Hello,
We have setup a bind with dnstap enabled and bind is running on channel
127.0.0.1. We want to write all DNS queries resolved by any name servers to
dnstap file. But ,it is writing the query logging to dnstap file which
resolving only by 127.0.0.1 and localhost name servers. bind version
n Internet Draft — there is a helpful
page here: https://authors.ietf.org/en/home
<https://authors.ietf.org/en/home> .
W
Robert Wagner
----
*From:* bind-users on behalf of
Carlos Horowicz via bind-users
*Sent:* Thu
Hi there,
does anyone know of the bind developers thinking of incorporating
post-quantum cryptography into bind9 , like Cloudflare with
X25519Kyber768 on BoringSSL ?
I'm just curious about if there are thoughts or ongoing work, or if this
is in the near roadmap at all.
Thank you,
C
On 12/27/24 15:40, Roberto Braga wrote:
For this, I must use 2 servers:
I agree that you should use two servers. But I also believe you could
do what you're doing with one server, one OS image, and maybe even one
instance of BIND.
The first, like Recursive DNS itself, is what clients
; The scheme below is working, but I would like someone more experienced who
> can review and identify if I'm doing it correctly, if there are flaws or
> how I can improve this structure... Thank you.
>
> *First server configuration (Recursive DNS):*
>
> *file /etc/bind/name
h hit or miss, I've found.
> Searching for information about which browsers support it is problematic
> because DNS and HTTPS are used together for different things.
Yeah. Having SVCB/HTTPS support in caniuse.com would
be useful:
https://github.com/Fyrd/caniuse/issues/6091
-Jan
--
Visi
ave
equal part in supporting and enabling the solution.
P.S. Reply directly / off-list if you'd like to discuss details.
--
Grant. . . .
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid suppor
Thanks Jan,
Per discussion not supported by all dns servers nor clients.
Ultimate solution is a non-DNS based fix to the websites anchors or a url
wr-write function to correct for the missing www. Prefix.
Thanks,
Brian
-Original Message-
From: bind-users On Behalf Of Jan Schaumann
"Cuttler, Brian R (HEALTH) via bind-users" wrote:
> However, I've been asked if we can point the apex record at the external
> webserver.
I'm not quite sure if this covers what you're trying
to accomplish, but if you're talking about an HTTP /
browser contex
source and sending the page/with anchors to the user's
browser?
That would fix their problem by complicating the code and not fixing the
problem at the source, so a perfect fit...
-Original Message-
From: bind-users On Behalf Of G.W. Haywood
Sent: Tuesday, December 24, 2024 10
in house because web devs will cry and be sad. Just sayin ...
John
Sent from Nine<http://www.9folders.com/>
From: "Cuttler, Brian R (HEALTH) via bind-users"
Sent: Tuesday, December 24, 2024 9:23 AM
To: Greg Choules
Cc: bind-users
Subject: RE: cname f
On Tue, Dec 24, 2024 at 03:22:44PM +,
11;rgb://Cuttler, Brian R (HEALTH) via bind-users
wrote
a message of 593 lines which said:
> Stefane - thank you for your input as well, I'll recheck my
> delegation and see where we've lost proper delegation.
I used che
On Tue, Dec 24, 2024 at 03:27:06PM +,
Cuttler, Brian R (HEALTH) via bind-users wrote
a message of 646 lines which said:
> Apologies, meant to write Stephane and not Stefane.
No problem, US-based people often miswrite it Stephanie :-)
--
Visit https://lists.isc.org/mailman/listinfo/b
Apologies, meant to write Stephane and not Stefane.
From: bind-users On Behalf Of Cuttler, Brian
R (HEALTH) via bind-users
Sent: Tuesday, December 24, 2024 10:23 AM
To: Greg Choules
Cc: bind-users
Subject: RE: cname for apex record
ATTENTION: This email came from an external source. Do not
efix, anchors do not.
Ged - I just put up the server in the spring, will check and update if we are
somehow running an older version.
Thanks to all and happy holidays,
Brian
From: Greg Choules
Sent: Tuesday, December 24, 2024 10:00 AM
To: Cuttler, Brian R (HEALTH)
Cc: bind-users
Subject: Re: cna
fic.
John
Sent from Nine<http://www.9folders.com/>
From: Greg Choules
Why do these people want you to alias your entire zone to them anyway?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development
HEALTH) via bind-users"
Sent: Tuesday, December 24, 2024 8:39 AM
To: bind-users
Subject: cname for apex record
Hello bind users.
We are running bind 9.14.28 on Ubuntu and have an offsite provider for our DNS
services.
The cname we create for our webserver
www.wadsworth.org<http://ww
ected your whole zone somewhere else.
CNAME/DNAME are very old now. More recently, a couple of other RRTYPEs -
SVCB and HTTPS - have been standardised (and are supported by BIND) that do
allow you to alias the apex (the zone itself) *but* not for any query, only
for queries matching those RRTPEs.
On Tue, Dec 24, 2024 at 02:38:51PM +,
Cuttler, Brian R (HEALTH) via bind-users wrote
a message of 163 lines which said:
> The cname we create for our webserver
> www.wadsworth.org<http://www.wadsworth.org> is working well.
> However, I've been asked if we can point th
Hello bind users.
We are running bind 9.14.28 on Ubuntu and have an offsite provider for our DNS
services.
The cname we create for our webserver
www.wadsworth.org<http://www.wadsworth.org> is working well.
However, I've been asked if we can point the apex record at the external
web
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
https://www.five-ten-sg.com/mapper/bind contains links to the source
rpm, and build instructions. This .src.rpm contains a .tar.gz file with
the ARM documentation, so the rpm rebuild process does not need sphinx-
build and associated dependencies
al.
or my own custom utility (Perl / Python code) to use beside dig et al.?
--
Grant. . . .
unix || die
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.is
Greg,
From: Greg Choules
Sent: Wednesday, December 18, 2024 5:04 PM
To: Cuttler, Brian R (HEALTH)
Cc: bind-users
Subject: Re: forwarding non-domain queries
ATTENTION: This email came from an external source. Do not open attachments or
click on links from unknown senders or unexpected emails
your network allows it) will send
a query for to that address. I would always recommend using this
form, to be certain where your queries are going.
4) dig +trace will cause dig itself to follow addresses it gets back. So
whilst the first query may go to your local BIND (depending on 1, 2 or 3)
sub
his case I queried a .edu address.
Is there a way to prevent these errors, or was my query ill thought out or have
I simply misconfigured my server?
thanks,
Brian
Dig without trace
root@intest:/etc/bind# dig @intest ns1.albany.edu
18-Dec-2024 14:45:04.452 queries: info: client @0x7f
ailure)
--
Marco
Original Message
*Subject: *BIND 9.20.4 exiting
*From: *Klaus Darilion via bind-users
*To: *"y...@iaelu.net" , Ondřej Surý
*Cc: *"bind-users@lists.isc.org"
*Date: *Wed, 18 Dec 2024 15:10:04 +
I confirm that I hit the same crash, but had
Cc: Klaus Darilion ; bind-users@lists.isc.org
Subject: Re: BIND 9.20.4 exiting
Issue has been created on gitlab.
It is marked as confidential, and its title is "BIND 9.20.4 exiting".
Everything is detailed there.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs
time: 40 msec
;; SERVER: 54.229.229.105#53(dns4.elasticbox.eu) (UDP)
;; WHEN: Fri Dec 13 15:40:38 CET 2024
;; MSG SIZE rcvd: 582
That implies that this might be a network problem, but since all servers
have a public IP and no NAT, I really cant's imagine why or how.
What diagnostic steps
Hello,
Thanks for the new release.
It's just me that cannot find the new release in the repo:
https://download.copr.fedorainfracloud.org/results/isc/bind/epel-9-x86_64/?
From: bind-announce on behalf of Victoria
Risk
Sent: 11 December 2024 17:01
To: bind-
> On 26 Nov 2024, at 14:36, Petr Špaček wrote:
>
> On 26. 11. 24 10:08, n/a via bind-users wrote:
>> I am a new user in bind9.
>> I have setup my DNS server with port 53, port 443 (DoH), and port 853 (DoT).
>> And now, in my logging file of `queries` category, one
A quick follow-up for posterity, this was resolved by manually editing
the bind 9.18 zone files and removing all DNSSEC records.
On 2024-10-22 9:57 p.m., Paul Galbraith wrote:
I am getting this error with bind 9.20.2, when trying to delete an
record with nsupdate on the same host. Using
roblems. If we manage an instantaneous
>>> change on all of the authoritative servers at once, we can still have
>>> cached records out there. You could still have a resolver with the NS and
>>> SOA of bar.example.com cached. It goes to ask for
>>> "doesntex
;
> Brian
>
>
>
> *From:* Greg Choules
> *Sent:* Tuesday, December 10, 2024 9:54 AM
> *To:* Cuttler, Brian R (HEALTH)
> *Cc:* bind-users
> *Subject:* Re: forwarding non-domain queries
>
>
>
> *ATTENTION: This email came from an external source. Do not open
>
From: Greg Choules
Sent: Tuesday, December 10, 2024 9:54 AM
To: Cuttler, Brian R (HEALTH)
Cc: bind-users
Subject: Re: forwarding non-domain queries
ATTENTION: This email came from an external source. Do not open attachments or
click on links from unknown senders or unexpected emails.
And my
v> wrote:
> Greg,
>
> Yes, I do have that but it looks like this
>
> (/etc/dns-root is a link to /etc/bind/zones carry over from an older
> platform)
>
> These are the servers I want to use as the forwards for all queries that
> aren’t either local zones or more specifi
Greg,
Yes, I do have that but it looks like this
(/etc/dns-root is a link to /etc/bind/zones carry over from an older platform)
These are the servers I want to use as the forwards for all queries that aren't
either local zones or more specific zones in the internal corp network.
brian@
continue to word when I add a forwarders statement for the
> servers that ny.gov servers for all more generic queries.
>
>
>
> Many thanks,
>
> Brian
>
>
>
> *From:* Greg Choules
> *Sent:* Monday, December 9, 2024 6:26 PM
> *To:* Cuttler, Brian R (HEALTH)
> *
Nick, Greg,
Thank you both, don't deal with that level of detail very often but I love
having a clue as to the underpinnings of things.
The root priming process is exactly the sort of thing you'd hope a service like
this did, and it does!
Thanks,
Brian
From: bind-users On Beha
health.ny.gov and ny.gov and its.ny.gov,
those will continue to word when I add a forwarders statement for the servers
that ny.gov servers for all more generic queries.
Many thanks,
Brian
From: Greg Choules
Sent: Monday, December 9, 2024 6:26 PM
To: Cuttler, Brian R (HEALTH)
Cc: bind-users
Subject: Re
, and wait until the
AXFR either succeeded or failed.
Does somebody have an idea if this is somehow possible?
Thanks
Klaus
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Hi Ondřej!
We run Ubuntu 24.04. Can you please update the dev-ppa too?
Thanks
Klaus
--
Klaus Darilion, Head of Operations
nic.at GmbH, Jakob-Haringer-Straße 8/V
5020 Salzburg, Austria
From: Ondřej Surý
Sent: Monday, December 9, 2024 2:54 PM
To: Klaus Darilion
Cc: Klaus Darilion via bind
Hi Nick.
True, they do, but very infrequently. Here are the ones I could find from
recent history:
b-root 2023-11-27
i-root 2016-03-23
h-root 2015-12-01
d-root 2013-01-03
l-root 2007-11-01
Despite those changes, each release of BIND (and other resolvers, I
believe) contains the current set
On 10/12/2024 12:25, Greg Choules via bind-users wrote:
Actually you don't need it anyway, even if you are doing recursion, as
Internet root hints have been built into BIND for many years. The only
reason you would need a hint zone is to define custom roots for a
private network th
ng that's not local *and* disabling
recursion if forwarding fails, you don't need the hint zone at all; please
delete it.
Actually you don't need it anyway, even if you are doing recursion, as
Internet root hints have been built into BIND for many years. The only
reason you would need a
Hello, looking for a sanity check.
Inside our network we are running BIND 9.18.28-0ubuntu0.22.04.1-Ubuntu on
Ubuntu 22.04.5 LTS
Currently our server serves our own zones files - A/CNAME/PTR/TXT/etc records
for our domain.
We have already modified the db.cache file to reference two servers
'm going to
re-state the config, with the corrections I *think* you meant.
zone "example. <http://example.net/>com" {
type forward;
forwarders {
10.0.1.10;
10.0.1.11;
};
};
zone "internal.example.com <
Hi Mike.
What version of BIND are you running?
Firstly, please clarify your question and example configuration.
You talk about "example.com" and subdomains of "exmaple.com", but your
config shows "example.net". It's not easy to understand exactly what you'r
e internal
zone is 10
.0.2.0/24 and it not Internet routable.
Let's say that .com has NS recording point example.com to 10.0.1.10 and
10.0.1.11. Those are bind servers hosting zones for example.com and
dmz.exmaple.com.
There are two BIND servers in the internal zone, 10.0.1.10 and
10.0.1.1
plugin.
Debugging 9.16.23+pile_of_patches and bind-dyndb-ldap is really out of the
scope for this list. Speaking with upstream hat, whatever the result of your
debugging is, we would be interested only in case this could be reproduced on
the latest 9.18 ESV or 9.20 branch.
I understand
Hi Ondřej!
I can test also the development branch. I prefer deb packages (do you have
nightly builds?), but I can fallback to make&&make install
Regards
KLaus
From: Ondřej Surý
Sent: Thursday, December 5, 2024 8:36 PM
To: Klaus Darilion
Cc: Klaus Darilion via bind-users
Sub
is an _awesome_ debugger
Once you get `rr record` functional on your system (which might require
a bit of fiddling, but definitely worth it!) ... go and modify command
to run BIND from:
named -c ...
to something like:
rr record named -n1 -g -c ...
A quick question.
The normal way (on a FreeIPA s
On 03-12-2024 15:56, Petr Špaček wrote:
On 03. 12. 24 11:36, Kees Bakker via bind-users wrote:
I have a CentOS FreeIPA setup with with multiple named (bind9 9.16.23)
servers.
On two of my five servers, when I start named it fails a REQUIRE in
dns_name_equal
/*
* Either name1 is
};".
I need to simplify adding and removing a domain so that it is enough
to just add the zone file itself whitout editing the big list. Is this
possible? There are simpler options?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the dev
t the zone statement for each zone in it's own file
and maybe do an include of those files as a wildcard.
... {
include /path/to/zone_stanza_files/zone_*.conf
}
Type of thing.
--
Grant. . . .
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
On 12/1/24 11:30, Greg Choules via bind-users wrote:
However, in the "DE" view you could configure global forwarding/forward
only to the "default" view.
Would it be better to do this -- what I call loopback / trombone --
forwarding -or- leverage something like loading al
his failure?
Just doing "p *name1" in gdb isn't very helpful for that.
BTW My work around is to keep restarting named until it no longer fails
on that REQUIRE.
Any help is greatly appreciated.
-- Kees
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe f
Hey , guys
I have been studying DOH-related content recently.
The bind version I use is 9.18.31.
bind does not seem to support http1.1 requests.
Generally speaking, what is the appropriate form of a client's doh request? Do
we have to base 64 encoding the domain name?
How can I ge
add example2.com
> to view "DE" section too. But if i have a lot of domains its too complex.
> Is there a way to add Geo zones only in Geo view and if zone not found we
> get zone from default view?
>
> acl "DE" {geoip country DE;};
> view "DE" {
&g
My bad. I spotted that afterwards.
On Thu, 28 Nov 2024 at 13:48, Anand Buddhdev wrote:
> On Tue, 26 Nov 2024 at 09:40, Greg Choules via bind-users <
> bind-users@lists.isc.org> wrote:
>
> Hi Greg,
>
> Running "named-checkconf -p" will print your entire nam
to just config bind9
named.conf.* for this?
Thanks.
publickey - cyberfoxmeow@proton.me - 0x8221F940.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds
use it, turn it off.
Cheers, Greg
On Tue, 26 Nov 2024 at 04:39, Luis Navarro wrote:
> Thanks Greg!
>
>
>
> I can confirm that running “rndc-confgen -a” replaced the previously
> created "/etc/bind/rndc.key" file with a new one. There are no other files
> named
sfer of 'at/IN' from ...
zone at/IN: sending notifies (serial 1732525202)
Can I file a feature request to harmonize that? Or is there some trick? As far
as I see, structured logging available is not available.
Thanks
Klaus
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to un
ssage-
> From: Mark Andrews
> Sent: Thursday, November 21, 2024 12:26 AM
> To: Klaus Darilion
> Cc: bind-users@lists.isc.org
> Subject: Re: Bind is not using the first master for freshness checks
>
> If a notify comes in while refresh / transfer is in progress that is
>From the ARM, when "rndc-confgen -a" is run::
> This option sets automatic rndc configuration, which creates a file
rndc.key in /etc (or a different sysconfdir specified when BIND was built)
that is read by both rndc and named on startup. The rndc.key file defines a
default com
;1422807...@qq.com> wrote:
> Hi,
>
> I'm sorry for my misrepresentation.
>
> It is ecs.
>
> How do I use my native bind to support ecs recursive requests ?
>
> I saw a document describing this, saying that the subscriber version is
> required to support ecs recu
Hi,
I'm sorry for my misrepresentation.
It is ecs.
How do I use my native bind to support ecs recursive requests ??
I saw a document describing this, saying that the subscriber version is
required to support ecs recursive requests.
BIND 9 -S Edition 1123.pages
If I want ues client
Hi.
Please can you clarify what you mean and what you're trying to achieve?
EDNS support generally has existed in all versions of BIND for many years.
Cheers, Greg
On Sat, 23 Nov 2024 at 15:43, 从今以后 via bind-users
wrote:
> Hey ,guys
>
> How do I make my bind recursively support
Hey ,guys
How do I make my bind recursively support edns ?
The official document mentions the need for subscription version, how can I get
a subscription version, please isc contact me??
Thanks,
Kind regards
Duan--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
Thanks for the ideas!
On Sun, Nov 17, 2024 at 5:15 AM Matus UHLAR - fantomas
wrote:
>
> >On 16/11/2024 04:47, Charles Eckman via bind-users wrote:
> >>I'm also down for other workarounds, if you have suggestions!
>
> On 16.11.24 10:40, Nick Tait via bind-users wro
Thank you so much for the detailed explanation!
Wish you all a great weekend.
Kind regards
David Carvalho
-Original Message-
From: Mark Andrews
Sent: 21 November 2024 22:23
To: David Carvalho
Cc: bind-users
Subject: Re: Simple question - trailing "." in zone file
The final
e same way. Both versions 9.16-9..on
Oracle Linux.
The official documentation doesn't use the trailing "."
What are the differences, if any?
Thanks!
Kind regards
David
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the de
, the last 2 IP addresses are currently not responding to
requests. Nevertheless our Bind secondary tries to contact them. That confuses
me, as I read quite some time that a NOTIFY (regardless of the src-IP) just
triggers a freshness check and during the freshness check, Bind uses the
configured
Hello Everyone
Does ISC Bind RPZ suport to change response for A query type ?For example
Cache nameserver respond back to clients 192.168.120.1 on A query for
a1.example.com and Im courius if RPZ can handle to change response to
192.168.21.2
Wysłane z Yahoo Mail do iPhone
--
Visit https
ding on your needs.
>
> You need to tell us more what you want to accomplish.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at http
On 16/11/2024 04:47, Charles Eckman via bind-users wrote:
I'm also down for other workarounds, if you have suggestions!
Hi Charles.
As a simple workaround, you can create the zone file in /var/lib, and
then create a hard-link (using "ln") to the same file in /etc/bind. Th
Hi bind-users,
As I was configuring DNSSEC for a domain, I ran into a conflict
between the AppArmor profile in the bind9 Debian package, and what I
understand to be the default / recommended file layout (the same issue
as [1]). The proposed solution in [1] is to put admin-provided (i.e.
zone
Remember that when you update a zone you need to increase the serial number (in
SOA record) and tell BIND to reload the zone - e.g. run “rndc reload”.
Nick.
> On 15 Nov 2024, at 6:30 PM, Blason R wrote:
>
> Even I tried that but still no luck
>
> $TTL 180
> @
172.1.xx.xx
app.hubspot.comCNAME wg.custom.block.
Hi Blason.
If you want app.hubspot.com to return NXDOMAIN response, try changing
the CNAME target to "." - i.e.:
app.hubspot.comCNAME .
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs
on the firewall. This bad guy
is doing a bad caching. It's only a caching server and obviously it
doesn't care about the TTL. Flushing the cache solves the issue.
Many thanks for your expertise.
Kind regards
Hans
--
On 06.11.24 06:41, Nick Tait via bind-users wrote:
On 06/11/2
On 06/11/2024 03:16, Hans Mayer via bind-users wrote:
I have 3 views:
view badcountry: based on geoip ( the name is self-explanatory )
view internal: all local area networks but not the loopback interfaces
for IPv4 and IPv6
it has only two response policy zones for drop and passthru , nothing
on different IP
addresses goes to different views ( as expected )
The bind query log shows a query @::1 or @127.0.01 goes to view
foreveryone, with real IP goes to "internal"
So the query for the domain "yer.at" @192.168.241.9 will be logged in
view "internal" but
> On 2 Nov 2024, at 3:14 am, Scott Bradner wrote:
>
> I have the same problem with bind version 9.20.3 (on both Sonoma & Sequoia
>
> the Sonoma attempt was on a machine that I did a clean install on Sonoma on
> and
> the only things on the machine were what came w
Maybe https://dnsviz.net/ ?
Mit freundlichen Grüßen
Julian Panke
Ursprüngliche Nachricht
Am 04.11.24 12:58 um Robert Wagner schrieb :
Any chance someone from the bind group knows of an open-source DNS compliance
validation tool that can analyze and check configuration
different OS
version (Sequoia) and the same Bind version.
Any clue on what might be different between bind 9.20.3 built with Homebrew and
9.20.2 when getting queries via 127.0.0.1?
It’s obvious it is an OS bug, but looks quite puzzling.
Borja.
signature.asc
Description: Message signed
or all records, and/or the negative response caching TTL (5th
parameter in the SOA record)?
Nick.
On 3/11/2024 11:28 pm, Hans Mayer via bind-users wrote:
Dear All,
I am running BIND 9.18.32-dev (Extended Support Version)
running on Linux x86_64 6.1.0-25-amd64 #1 SMP PREEMPT_DYNAMIC Deb
Dear All,
I am running BIND 9.18.32-dev (Extended Support Version)
running on Linux x86_64 6.1.0-25-amd64 #1 SMP PREEMPT_DYNAMIC Debian
6.1.106-3 (2024-08-26)
This server has several interfaces based on docker but in general a
physical interface "eno1" and a loopback interface
, October 30, 2024 3:26 PM
To: Michael Martinell
Cc: bind-users
Subject: Re: dnnsec ipv6 reverse zone configuration
Create the zone 0.0.6.d.7.0.6.2.ip6.arpa and delegate
3.0.0.0.0.9.0.0.6.d.7.0.6.2.ip6.arpa from it.
The ARIN servers delegate 0.0.6.d.7.0.6.2.ip6.arpa to ns1.itctel.com and
ns2
Hello,
After upgrading to 9.20.3 i notice some of my dns servers are using a lot more
memory than before.
I have max-cache-size 32G; in my config, and bind are using much more memory..
Do you think is a some kind of memory leak?
[root@ns01a ~]# ps faxu |grep named
root 1960789 0.0 0.0
1 - 100 of 1129 matches
Mail list logo
