your normal working hours.
>>>
>>>> On 9. 6. 2025, at 5:45, Philip Prindeville
>>>> wrote:
>>>>
>>>> Jun 8 21:34:08 OpenWrt named[8106]: /etc/bind/named.conf:42:
>>>> 'max-cache-size 10%' - setting to 171MB (out of
10:46 PM, Philip Prindeville via bind-users
> wrote:
>
> I read:
>
> https://bind9.readthedocs.io/en/v9.20.9/reference.html#namedconf-statement-max-cache-size
>
> and it doesn’t explain the notation for .
>
>
>
>
>> On Jun 8, 2025, at 10:39 PM, Ondřej Sur
o/en/v9.20.9/
>>> --
>>> Ondřej Surý — ISC (He/Him)
>>>
>>> My working hours and your working hours may be differentw . Please do not
>>> feel obligated to reply outside your normal working hours.
>>>
>>>>> On 9. 6. 2025, at 6:20,
gt; feel obligated to reply outside your normal working hours.
>
>> On 9. 6. 2025, at 6:20, Philip Prindeville
>> wrote:
>>
>> but doesn’t explain the syntax of “sizeval”.
>>
>> I tried “1638M” but that doesn’t seem to have an effect.
--
Visit https://lis
t; --
>>> Ondřej Surý — ISC (He/Him)
>>>
>>> My working hours and your working hours may be different. Please do not
>>> feel obligated to reply outside your normal working hours.
>>>
>>>> On 9. 6. 2025, at 5:45, Philip Prindeville
>&g
im)
> ond...@isc.org
>
> My working hours and your working hours may be different. Please do not feel
> obligated to reply outside your normal working hours.
>
>> Here’s my statistics-channel output:
>>
>>
--
Visit https://lists.isc.org/mailman/listinfo/bind-us
gt;> Jun 8 21:34:08 OpenWrt named[8106]: /etc/bind/named.conf:42:
>> 'max-cache-size 10%' - setting to 171MB (out of 1714MB)
>>
>> but no idea where the 1741MB that it is basing that off of is coming from.
>
--
Visit https://lists.isc.org/mailman/lis
hours.
>
>> On 8. 6. 2025, at 22:45, Philip Prindeville via bind-users
>> wrote:
>>
>> I’m currently doing an “rndc flush” every hour to stop my system from
>> getting exhausted. I’ll disable that and report back in a few hours.
>
--
Visit https://lists.
jeprof for tldr).
>
> Ondrej
> --
> Ondřej Surý — ISC (He/Him)
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more informa
> On Jun 8, 2025, at 3:07 PM, Philip Prindeville via bind-users
> wrote:
>
>
>
>> On May 21, 2025, at 3:38 PM, Ben Scott wrote:
>>
>> - Original Message -
>>> From: "Philip Prindeville via bind-users"
>>> To: "
> On May 21, 2025, at 3:38 PM, Ben Scott wrote:
>
> - Original Message -
>> From: "Philip Prindeville via bind-users"
>> To: "bind-users"
>> Sent: Sunday, May 18, 2025 5:20:59 PM
>> Subject: Significant memory usage
>
>>
> On May 21, 2025, at 3:38 PM, Ben Scott wrote:
>
> - Original Message -
>> From: "Philip Prindeville via bind-users"
>> To: "bind-users"
>> Sent: Sunday, May 18, 2025 5:20:59 PM
>> Subject: Significant memory usage
>
>>
root trust anchor)
-b address[#port] (bind to source address/port)
etc...
The rest I don't know, yet.
Hope that helps, Greg
Thanks Greg.
On Wed, 4 Jun 2025 at 07:46, Nick Tait via bind-users
wrote:
I've done a bit more testing on this, and it seems like if you u
guidance from ISC related to this?
Any input, confirmation, or suggestions would be highly appreciated. We are
open to providing additional logs or traces if needed.
Regards,
Sahil
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the
[#port] (bind to source address/port)
etc...
The rest I don't know, yet.
Hope that helps, Greg
On Wed, 4 Jun 2025 at 07:46, Nick Tait via bind-users <
bind-users@lists.isc.org> wrote:
> Hi Stace.
>
> The transport protocol used to ask the question is (or should be)
> inde
ot;;; WARNING: using
internal name server mode: '@8.8.8.8' will be ignored"
On 03/06/2025 22:36, Stacey Marshall wrote:
On 3 Jun 2025, at 10:29, Nick Tait via bind-users wrote:
But I also noticed that delv only makes A queries (not ), and even if I specify
"-6" on t
isit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/lis
ted answer. FYI My
packet capture shows that the total number of queries transmitted on the
wire was 46, which sounds about right considering that the root zone
queries are answered from the mirror zone (and therefore don't appear in
the packet capture).
Thanks again for helping to solve m
(UDP)
;; WHEN: Mon Jun 02 07:46:09 -03 2025
;; MSG SIZE rcvd: 541
-Carlos
On 02/06/2025 12:01, Nick Tait via bind-users wrote:
No zone cut at 90.45.in-addr.arpa.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software w
When this is set to strict, BIND follows the QNAME minimization
algorithm to the letter, as specified in RFC 7816.
Setting this option to relaxed causes BIND to fall back to normal
(non-minimized) query mode when it receives either NXDOMAIN or other
unexpected responses (e.
rent things.
--
Grant. . . .
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-
On 5/22/25 9:23 AM, Karol Nowicki via bind-users wrote:
Does ISC Bind software by native has any dns tunneling prevention
embedded ?
I don't think there is anything that I would describe that way. But
there may be some rate limiting option(s) that you could use to at least
cripple usin
Know)...
>4. Are the problems we see inherent to BIND9 v.18? Could an upgrade
>to BIND9 v.20 help at all? And, do I need to upgrade Ubuntu to 24.x to get
>that done?
>5. Are there buffer settings I can make in Bind9 to allow more to be
> processed at once in bul
Does ISC Bind software by native has any dns tunneling prevention embedded ?
Thanks
Wysłane z Yahoo Mail do iPhone
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us
the
>>time allowed to make the queries (i.e. to avoid timeout errors)? Or is
>> that
>>time limit set elsewhere?
>>3. Likewise, are there Bind9 tweaks I can do to extend the TTL for
>>successful query responses to keep them just a little longer (not much..
algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384
HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): no
TKEY mode 3 support (GSS-API): no
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
nsupdate session key: /var/run/named
.18 has been in use for quite a while and is still
widely used today (without such major issues), I very much doubt
your issues are caused by Bind.
Danilo
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
Benny Pedersen via bind-users skrev den 2025-05-15 20:42:
Matus UHLAR - fantomas skrev den 2025-05-15 17:04:
turn off QNAME minimisation on DNS servers used by mailservers for
DNSBL/DNSWL checks.
make a better rbldnsd that support qname :)
or dump zone from rbldnsd to bind.zone, the bind
in public and make a fool of yourself.
On 21/04/2025 8:25 pm, akritrim® Intelligence™ via bind-users wrote:
version: BIND 9.20.8-1+0~20250416.117+debian12~1.gbp1ea9dd-Debian
(Stable Release) (<>)
running on localhost: Linux x86_64 6.1.0-33-cloud-amd64 #1 SMP
PREEMPT_DYNAMIC Debian 6.
to dnsbl that it does not support qname
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
the configuration manage this mecanism ?
>
> Is this really usefull ?
>
>
>
> It is problematic for DNSBL requests because it generate a lot of useless
> requests and this kind of service look at the number of requests done
> (usage policy):
>
>
>
>
>
>
I wasn't trying to start a holy war, and I wasn't saying
that systemd-resolved is good or bad. I just wanted to correct a few
misconceptions, so that people are provided with accurate information
and can make their own informed choices. :-)
Nick.
--
Visit https://lists.isc.org/mailman/
It will only create
confusion about which process is servicing DNS requests sent to
127.0.0.53. What are you attempting to achieve by doing that?
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this softwa
y.
Or not.
---
On Sun, 11 May 2025 12:37:23 +1200
Nick Tait via bind-users wrote:
> On 11/05/2025 07:28, Fred Morris wrote:
> > Stop! Squirrel wearing a systemd tshirt! Kill / maim / destroy / drive
> > off systemd resolved. Then make sure that resolv.conf is not being
>
not/ trying to say that everyone should
use systemd-resolved. I'm just trying to be an "active bystander". :-)
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
re file to Windows you
> can open it in Wireshark there. Wireshark can also capture packets, like
> tcpdump, so you can use it to see exactly what your Windows machine is
> doing with DNS.
>
> *I'll go ahead and do it. I might actually have it already for install on
>
to
understand the behaviour you are seeing.
Cheers, Greg
On Sat, 10 May 2025 at 06:01, Danilo Godec via bind-users <
bind-users@lists.isc.org> wrote:
> On 10.05.2025 05:29, bi...@clearviz.biz wrote:
>
> >Also check /etc/resolv.conf and see what address(es) is/are listed
at with 'resolvectl dns'.
Then check what is listening on port 53 (netstat -anp | egrep
":53.*LISTEN") on the server.
And also check what DNS servers your DHCP sets.
Danilo
--
Visit https://lists.isc.org/
nse times by
the forwarding servers (8.8.8.8 and 1.1.1.1). I have attached my
named.conf.options file and .local file. The named.conf file only has
includes for .options and ,local conf files. The .default-zones file
is commented out.
If you need other info about my configuration and setup, please
ve attached my
> named.conf.options file and .local file. The named.conf file only has
> includes for .options and ,local conf files. The .default-zones file is
> commented out.
>
> If you need other info about my configuration and setup, please feel free
> to ask and I'l
fers backwards
Vincent
On Thu, 1 May 2025, Carlos Horowicz via bind-users wrote:
Hi,
For SERVFAIL to happen, ALL authoritative for the affected domains
must have been in Datacenters in Spain, Portugal or southern France.
I live in Spain, and as 12:33 CET I lost not only power but basic
tele
everything up.
So may be that was the reason, if it coincides with your perception ...
dnstracer has eventually helped me find lame delegations.
Carlos Horowicz
Planisys
On 01/05/2025 17:23, Rob McEwen via bind-users wrote:
From vinc...@cojot.name
until a few days ago (April 28th?) when the
From vinc...@cojot.name
To "Rob McEwen"
Cc bind-users@lists.isc.org
Date 5/1/2025 11:28:23 AM
Subject Re: Massive increase of SERVFAIL after April 28th 2025.
Hi Rob,
Unfortunately, as soon as I remove the 'forwarders' in any of my named servers,
the problem comes back. T
-blackout-that-hit-spain-and-portugal
Hopefully, you're not seeing any more of these errors now?
Rob McEwen, invaluement
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact
t does ‘rndc status’ return?
On 21 Apr 2025, at 13:05, akritrim® Intelligence™ via bind-users
wrote:
Thank you for your help. it does give insights into the problem.
if you check dnsviz history, this does not happen everytime.
the bind version is BIND
9.20.8-1+0~20250416.117+debian12~1.gbp
/think/ that might be is the record that would prove
ebzoq.ik7ub.akritrim.net (IAT39F3MSSGS2D4O255VNHB67V2GCNVI) does not
exist
in its place.
On Sun, Apr 20, 2025 at 10:29 AM akritrim® Intelligence™ via bind-users
<
bind-users@lists.isc.org> wrote:
i didn't specifically ask for y
need anything specific let me know.')
today language models are more context aware.
and if you don't want to share what do you 'need' then leave it be, i don't
want your help.
On April 20, 2025 5:17:46 PM UTC, "Ondřej Surý" wrote:
>
>> O
eel obligated to reply outside your normal working hours.
On 20. 4. 2025, at 16:31, akritrim® Intelligence™ via bind-users
wrote:
Hi
I am getting the following error if i test the domain on dnsviz.net.
For example for domain example.org i get :
caikb.6tqs4.example.org/A has errors; s
only some of
them.
i have these parameters defined in dnssec policy:
nsec3param iterations 0 optout no salt-length 0;
any ideas will be welcome.
--
akritrim® Intelligence™
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the developme
secondary server could
inadvertently end up transferring the zone from the public view in spite
of having signed the zone transfer request with one of the private keys.
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the developme
any other way? Can you give me a suggestion?
Kind regards
Duan--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
Apr 15 15:53:34 CEST 2025
;; MSG SIZE rcvd: 282
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
lic one (for remote clients, served by all four
> name
> > servers). It used to work :-)
> >
> > Now it's desired to create multiple different private views served
> > by my
> > name servers (one view for clients from each subnet of my network)
> &g
h-clients" directives...
>
> Any example, link, general formula or some smart how-to, or anything
> welcome...
>
> Thanks a lot!
> Best regards,
> Marek
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> IS
For the record:
brew update
brew upgrade
now also does the trick.
--
Marco
On Fri, 4 Apr 2025 07:06:45 +0200 Daniel Stirnimann via bind-users wrote:
Hi Niall,
If you use brew, I solved it with this:
brew uninstall bind
brew cleanup
brew install libxml2
export LDFLAGS="-L/opt/homebre
in ??
#5 0x7f2954471e25 in ??
#6 0x7f295419bbad in ??
exiting (due to assertion failure)
Regards
DT
--
Petr Menšík
Senior Software Engieer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscr
- The plugin will be handling a very high volume of DNS queries, so
>performance is critical.
>
>
> Best regards,
> Monika
>
> On Thu, Mar 20, 2025 at 10:25 PM Grant Taylor via bind-users <
> bind-users@lists.isc.org> wrote:
>
>> On 3/19/25 10:02 AM, Ondř
03-2025 11:18, Danjel Jungersen via bind-users wrote:
On 19-02-2025 12:04, Greg Choules wrote:
Hi Danjel.
To obtain a packet capture use tcpdump, which is probably installed
already. If not, add it using your preferred package manager.
You can dump to the screen, but I find it more useful to
K5dyld423LibSystemHelpersWrapper4exitEi + 172 11 dyld
0x00019dfe2b7c start + 6048 zsh: abort dig +short defo.ie niall@m2a ~ % |
/Niall
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
'_.
>>> baidu.com/A/IN': 2001:503:d414::30#53
>>> 31-Mar-2025 17:38:31.333 address not available resolving '_.
>>> baidu.com/A/IN': 2001:503:39c1::30#53
>>> 31-Mar-2025 17:38:32.120 address not available resolving '
>>> www.bai
8:32.120 address not available resolving '
> www.baidu.com/A/IN': 240e:bf:b801:1002:0:ff:b024:26de#53
> 31-Mar-2025 17:38:32.124 address not available resolving '
> ns3.baidu.com//IN': 2001:501:b1f9::30#53
> 31-Mar-2025 17:38:32.125 address not available resolving &#x
am
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Hi Michal,
Thanks a lot for the reply, i will take a look at the documentation for
chroot and systemd notify. I already use the old option (type=forking) and yes
everything is working fine.
Have a good day.
--
Joel Langlois
-Message d'origine-
De : bind-users De la pa
might be
able to turn your program into a DLZ compatible driver.
Link - BIND DLZ
- https://bind-dlz.sourceforge.net/
--
Grant. . . .
unix || die
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid
=multi-user.target
[root@dns_server]# cat /etc/opt/isc/scls/isc-bind/sysconfig/named
# Command line options passed to named
OPTIONS="-4 -t /var/named/chroot"
Thanks a lot for your help!
--
Joel Langlois
-Message d'origine-----
De : bind-users De la part de Michal Nowak
Envoyé :
says.
Hope that helps.
Cheers, Greg
On Wed, 19 Feb 2025 at 10:22, Danjel Jungersen via bind-users
wrote:
On 19-02-2025 11:11, Marco Moock wrote:
> Am Wed, 19 Feb 2025 10:58:14 +0100
> schrieb Danjel Jungersen via bind-users :
>
>> But if I change /et
encourage you to spend a few (more) minutes reviewing RPS as I
think that what you're wanting to do is the thing that RPS is intended
to solve.
--
Grant. . . .
unix || die
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the deve
nded
solely for the use of the individual or entity to whom they are addressed. If
you have received this email in error please notify the system manager. This
message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
dis
comes from Europe then delegates to dns2
Wysłane z Yahoo Mail do iPhone
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more
Mar 21 14:47:08 dns_server systemd[1]: isc-bind-named.service: Failed with
result 'timeout'.
Mar 21 14:47:08 dns_server systemd[1]: Failed to start isc-bind-named.service.
#
--
Joe
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC
completion!
- https://www.isc.org/blogs/bind-9-12-almost-ready/
I have long considered RPS for DNS to be like the milter API for email.
--
Grant. . . .
unix || die
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software
.
-BEGIN PGP SIGNATURE-
iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZ9r9bxUcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsHnVgCgguREoXM1LVnbHCuVdFkR0ryikIMA
n0Xio5ACFVCAie3FK4LniSZUUV5K
=kJqY
-END PGP SIGNATURE-
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to
this URL: https://kb.isc.org/docs/aa-00648
I am looking for if anyone can offer some Insite on this issue I am currently
experiencing.
Respectfully,
Dell Lowry-Schiller
LAN Manager
CSL Comalapa - US Navy
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
:bind and bind has write access.
I have changed the named.conf.local and moved the db. file of the signed
zone to /var/lib/bind and it seems to work.
The K files show up in /var/cache/bind
THANKS.
Now I just need the rest.
:-)
Danjel
--
Visit https://lists.isc.org/mailman/listinfo/bind-use
bind or
/var/cache/bind for signed zones.
???
If bind should be denied write access to /etc/... maybe this is the way to go?
:-)
Danjel
>
>Cheers, Greg
>
>On Sat, 15 Mar 2025 at 21:25, Danjel Jungersen via bind-users <
>bind-users@lists.isc.org> wrote:
>
>> Off-lis
On 15-Mar-25 18:16, Lee wrote:
On Sat, Mar 15, 2025 at 5:25 PM Danjel Jungersen via bind-users
wrote:
Apparmor was also mentioned, I have no experience with that, and have not
changed it in any way (to my knowledge)...
On my machine,
$ journalctl -l | grep apparmor | grep bind |more
shows
group for user "bind" is also
> "bind", leave ownership as root but change group permissions to rwx for
> everything "/etc/bind" and below. You could try starting with just
> "/etc/bind" and see if that helps. Then continue down if not.
>
> Som
work, please let me
know, I wish to keep it as tight as possible.
:-)
Danjel
On 15-03-2025 17:31, Danjel Jungersen via bind-users wrote:
I'm so sorry, but I have to trouble you guys again.
The help below helped, I have no errors from checkconf or checkzone,
but from journalctl I get:
Hi Danjel.
Please send "ls -al" of both "/etc/bind" and "/etc/bind/zones"
Thanks, Greg
On Sat, 15 Mar 2025 at 16:32, Danjel Jungersen via bind-users <
bind-users@lists.isc.org> wrote:
> I'm so sorry, but I have to trouble you guys again.
>
ertslund,
Denmark.
Tel: +45 43 64 10 00
WEBSHOP: PRINTLIGHT.DK <https://www.printlight.dk> | WWW.JUNGERSEN.DK
<https://www.jungersen.dk>
Logo <https://www.jungersen.dk>--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the developm
exposing our users to it is
... not exactly ideal.
So... What I guess I'm doing with this message is ask if anyone
else have been experiencing anything resembling this problem, or
if anyone have any more clues to share to guide further debugging
of this problem?
FWIW, we're running
nor an IPv6 dispatch
reloading configuration failed: unexpected error
But when I execute named -n half core, there's no problem.
A lot of research, but I don't know why.
Thanks,
Kind regards
Duan--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
l is well.
Can anyone tell me what is wrong with this line?
I have copy pasted it from the suggestion, and have read some online, to
me it looks good.
BR
Danjel
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development
self-signed or public signed certificates.
TSIG uses a pre-shared key
Regards
Klaus
--
Klaus Darilion, Head of Operations
nic.at GmbH, Jakob-Haringer-Straße 8/V
5020 Salzburg, Austria
From: bind-users On Behalf Of Michael De
Roover
Sent: Saturday, March 8, 2025 7:36 AM
To: bind-users
> On 14 Feb 2025, at 09:49, Borja Marcos via bind-users
> wrote:
>
> Signed PGP part
>
>
>> On 13 Feb 2025, at 14:46, Ondřej Surý wrote:
>>
>> There’s official KB article on the topic:
>> https://kb.isc.org/docs/bind-memory-consumption-explained
gt;
> Quote:
> A compliant DNS client MUST only inspect the certificate's
> subjectAltName extension for the reference identifier. In
> particular, it MUST NOT inspect the Subject field itself.
Thanks for the reference. It seems I should have read the whole RFC before
playing
-certificate.crt -subj
"/CN=xot-test-primary.ops.nic.at" -addext
"subjectAltName=DNS:xot-test-primary.ops.nic.at,IP:193.46.106.51"
regards
Klaus
From: bind-users On Behalf Of Klaus Darilion
via bind-users
Sent: Tuesday, March 4, 2025 11:31 AM
To: Ondřej Surý
Cc: bind-us...@isc.
working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
On 4. 3. 2025, at 10:01, Klaus Darilion via bind-users
mailto:bind-users@lists.isc.org>> wrote:
May it be, that the validation is just broken? Even when using dig, and
explicitely u
bind-users
Subject: XoT Testing: TLS peer certificate verification failed
Hi! I want to test XoT between Bind9.20.6 primary and secondary.
On the primary I created a self-signed certificate with
CN=xot-test-primary.ops.nic.at and configured bind:
# Create a 10years valid self-signed certificate
Please advise if there is any
> config or method can achieve this.
>
>
>
> Thanks in advance!
>
> Neil Nie
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software
-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Mon, 3 Mar 2025, Michael Richardson wrote:
Brett Delmage via bind-users wrote:
> Specifically for me now that's the query log including the flags. But it
> could be other log files too at times. I am running DNSSEC and primary,
> secondary, and internal resolving s
st at
different times.
I've found third party info that is obviously not authoritative, asked
duck.ai Mistral (sounded good but who knows if it's hallucinating!) but I
did not find the ISC docs if they exist.
Thanks.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
ificate verify ok.
* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed
using sha256WithRSAEncryption
So, what am I doing wrong? Is Bind using a not-trivial TLS certificate
verification? I also failed getting more verbose verification details. Any help
is apprec
n the primary zone server initially, which I believe will be too
late to make any intelligent decisions.
Is the idea to create a do-nothing dnssec policy to have some method of
enforcement?
Thoughts?
Stuart
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC
at discuss anycast
generally.
Does that help?
Cheers, Greg
On Tue, 25 Feb 2025 at 13:12, Karol Nowicki via bind-users <
bind-users@lists.isc.org> wrote:
> Hello Everyone
>
> Do we have any official recommendation /rfc to choice network for anycast
> vips which we need to adverti
Hello Everyone
Do we have any official recommendation /rfc to choice network for anycast vips
which we need to advertise into organization network ?
Wysłane z Yahoo Mail do iPhone
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the
Yes, the ZSK rollover got weird when the DS had not reach omnipresent state
yet. Why is that?
-Original Message-
From: bind-users On Behalf Of Matthijs
Mekking
Sent: Friday, February 21, 2025 2:30 PM
To: bind-users@lists.isc.org
Subject: Re: Policy-dnssec timeline step by step
Hi
ists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Mon, 24 Feb 2025 at 10:59, Danilo Godec via bind-users <
bind-users@lists.isc.org> wrote:
> Hello,
>
>
> apparently one shouldn't use CNAMEs for 'delegating' _domainkey records
> to another DNS server, but I see that some email service vendors use
> that - t
1 - 100 of 1286 matches
Mail list logo
