.
--
Mark Andrews
> On 23 Sep 2025, at 04:32, Alessandro Vesely wrote:
>
> Hi,
>
> I ran a script to check some DNS issues and it diagnosed "ERROR: SOA records
> are not consistent across nameservers". The reason seems to be because I use
> different views for intern
> On 24 Sep 2025, at 19:36, Alessandro Vesely wrote:
>
> On Wed 24/Sep/2025 08:25:40 +0200 Nick Tait wrote:
>> On 24/09/2025 05:42, Alessandro Vesely wrote:
>>> On Tue 23/Sep/2025 01:55:51 +0200 Mark Andrews wrote:
>>>> When checking zone serials for consist
The rest of the world cannot resolve .home names. ACME does domain
verification. If the name does not resolve for the rest of the world the
process will fail.
--
Mark Andrews
> On 18 Sep 2025, at 21:48, P van Dijk wrote:
>
> Hi Mark,
>
> Thank you for your reply.
.HOME does not exist so you will NEVER get a CERT for a .HOME name.
Use registered names.
Mark
> On 18 Sep 2025, at 13:15, P van Dijk wrote:
>
> Dear All,
> Has anyone encountered the error message ‘There was a problem with a DNS
> query during identifier validation’ w
NODATA is a concept not a record type. It indicates that the name is correct
but there are no records of the requested type.
--
Mark Andrews
> El 12 sept 2025, a las 0:34, Wolfgang Riedel via bind-users
> escribió:
>
> Hi Folks,
>
> I just wonder if I am missing somet
Use “forward only:” for your local zones.
--
Mark Andrews
> El 13 sept 2025, a las 4:58, Jarrod Spencer Farrell
> escribió:
>
> I'm setting up a private VPN containing mobile devices and the home's LAN
> through a firewall part of the VPN network, and I'd li
t; Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bin
Not sure what I am missing.
>
> -SteveG
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more i
.
--
Mark Andrews
> El 25 ago 2025, a las 1:39, Mike escribió:
>
> I should have mentioned that `managed-keys.bind{,.jnl}` are written
> (correctly) to /var/cache/bind. So the `directory` option is doing its job,
> just not for the `dnssec-policy` journals.
>
> But `Kgood-wit
information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/m
No.
If you want robustness secondary every internal zone in your recursive servers.
At the minimum secondary the zones at the top of every internal namespace.
Set up also-notify so they stay up to date on changes.
--
Mark Andrews
> El 6 ago 2025, a las 5:34, Michael Mullig via b
primary jobs of an
operating system is to prevent applications bringing it down.
--
Mark Andrews
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org
NSWER SECTION:
> d.0.0.f.e.b.a.b.0.0.0.0.0.0.0.0.0.0.0.0.f.0.0.0.0.b.0.f.7.0.6.2.ip6.arpa. 600
> IN CNAME 13.240.190.186.in-addr.arpa.
> 13.240.190.186.in-addr.arpa. 86315 IN PTR 186-190-240-13.e-commercepark.com.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Austr
Listen-on is an acl. The interface table is scanned for matches which are then
bound to. This is documented behaviour.
--
Mark Andrews
> On 6 Jul 2025, at 10:35, Bagas Sanjaya wrote:
>
> Hi,
>
> I notice BIND's address binding behavior (bug?). I'm running BIN
No. This is not a thing regular DNS servers do.-- Mark AndrewsOn 23 May 2025, at 00:23, Karol Nowicki via bind-users wrote:
Does ISC Bind software by native has any dns tunneling prevention embedded ? Thanks Wysłane z Yahoo Mail do iPhone
-- Visit https://lists.isc.org/mailman/listinfo/bind
.
Forwarding to the servers you are is providing indirect access to instances with
zone content to serve.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo/bind
rt subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +6
s from NSEC3 zones was previously reverted after a bug
> was found that could trigger an assertion failure. ([GL #4460], [GL #4950],
> and [GL #5108]) The bug has now been fixed, and the performance improvement
> has been restored. [GL #5204]
>
>
>
> On 21/04/2025 7:12
your normal working hours.
>>> >
>>> >
>>> akritrim® Intelligence™
>>> --
>>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>>> from this list
>>> ISC funds the development of this software with paid support
>>>
https://gitlab.isc.org/isc-projects/bind9/-/issues/942
Or CVE-2019-6471
Mark
> On 10 Apr 2025, at 02:14, Duleep Thilakarathne wrote:
>
> Dear Mark,
>
> Thank you for the update . I will arrange to update Bind to latest version .
> For my understanding, is their any r
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
.168.20.11; };
dnssec-policy "unlimited";
};
Mark
> On 13 Mar 2025, at 09:13, Danjel Jungersen wrote:
>
> On 20-02-2025 08:40, Mark Andrews wrote:
>>> The zone is available publicly, but from public serveres not hosted by me
>>> (one.com).
>>
Returning REFUSED to ANY is anti-pmsocial as it requires every resolver in the world to special case this There are better mechanisms to deal with it like returning TC=1 or BADCOOKIE if there is only a client cookie or returning one of the RRsets at the name. -- Mark AndrewsOn 4 Mar 2025, at 18
-statement-logging
--
Mark Andrews
> On 4 Mar 2025, at 06:45, Brett Delmage via bind-users
> wrote:
>
> On Mon, 3 Mar 2025, Michael Richardson wrote:
>
>> Brett Delmage via bind-users wrote:
>> > Specifically for me now that's the query log including the flag
> On 20 Feb 2025, at 17:35, Danjel Jungersen wrote:
>
>
>
> On 19 February 2025 13:01:01 CET, Mark Andrews wrote:
> >You can install a negative trust anchor or sign the zone so that DNSSEC
> >validation works. The zone exists in the public DNS. You can use the s
validation to work with BYOD.
You can also sign your internal zone and add trust anchors for it without
publishing DS records. This won’t work BYOD.
--
Mark Andrews
> On 19 Feb 2025, at 21:54, Danjel Jungersen wrote:
>
> On 19-02-2025 11:44, Mark Andrews wrote:
>> The
The posix boxes are validating the responses and your zone is not properly
delegated/signed so DNSSEC validation fails.
What does the following return?
dig +cd +dnssec mail.jungersen.dk
The answer on the internet is signed.
--
Mark Andrews
> On 19 Feb 2025, at 21:21, Danjel Junger
zones not delegated
to it. Contact the zone operator and report this to them. Adding a #if 0 /
#endif around this block of code should allow the lookup resolve.
DNSVIZ doesn’t detect this.
Mark
% dig szn20221014._domainkey.pojezdala.cz @2a02:2b88:2:1::c88:1 txt +norec
+dnssec
; <<&
If you want to test behaviour with expired records you are going to need to use
dnssec-signzone.
The tests that ship with BIND use dnssec-signzone to build zones with out of
date signatures.
As for dnssec-policy it is not designed to produce broken zones.
Mark
> On 11 Feb 2025, at 10:18, J
t was
confusing.
I was glad when RFC 8499 (and
https://datatracker.ietf.org/doc/html/draft-knodel-terminology ) came along. It
solved a big problem for me personally, and I do not want go back using the old
terms.
(for context: I'm from Germany)
Greetings
Carsten Strotmann
--
Mark Jame
be from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind
Well it is waiting for the zone contents on stdin. Try specifying both the
zone name and the file that it should be reading.
--
Mark Andrews
> On 5 Jan 2025, at 07:21, f...@www.zefox.net wrote:
>
> I'm setting up a new, non-recursive, authoritative secondary
> nameserver u
You have the error message. Cut and paste it from the logs and post it here.
Saying there is something to do with the user ‘bind’ when you have an actual
error message is wasting everyone’s time.
--
Mark Andrews
> On 30 Dec 2024, at 05:27, Pablo Andalaft Tarodo wrote:
>
>
HTTPS records via
DoH in release 129.0.
Chrome added support in 2021.
Searching for information about which browsers support it is problematic
because DNS and HTTPS are used together for different things.
Mark
> On 25 Dec 2024, at 06:53, Cuttler, Brian R (HEALTH) via bind-users
>
ilman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
&g
gt;
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/
> PMc
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users
ey have sat on their hands for 20 years
while everyone
else has enabled IPv6 on their equipment.
Mark
> On 26 Nov 2024, at 10:24, The Gorf wrote:
>
> On a 9.20 server that is a resolver only, I have a mystery. This is running
> out of the official docker. I have a fleet of these and t
I suspect the OP meant ECS. -- Mark AndrewsOn 24 Nov 2024, at 07:43, Greg Choules via bind-users wrote:Hi.Please can you clarify what you mean and what you're trying to achieve? EDNS support generally has existed in all versions of BIND for many years.Cheers, GregOn Sat, 23 Nov 2024 at 15:4
have
the concept of relative names and does not use the final period. When names
are looked
up in the DNS they are always absolute and are sent as series of length (one
byte) value
pairs ending in a 00 byte. (example.com is sent as 7 ‘e’ ‘x’ ‘a’ ‘m’ ‘p’ ‘l’
‘e’ 3 ‘c’ ‘o’ ‘m’ 0)
Mark
> On
If a notify comes in while refresh / transfer is in progress that is noted and
a new
refresh cycle is started when the current refresh cycle / transfer completes.
Note named is NOT logging every refresh attempt. It is logging refresh attempt
FAILURES
so you know what to fix.
Mark
> On 21
RPZ stands for RESPONSE POLICY ZONE. It does NOT block queries. It modifies replies. -- Mark AndrewsOn 17 Nov 2024, at 17:28, Blason R wrote:Nah even that didn't work.If I directly query to bind it blocks or wall garden the request but if I send it through windows AD or any other server
I can install one for my hardware.
Mark
> On 6 Nov 2024, at 02:32, N M wrote:
>
> What changed between bind-9.18.30 and bind-9.18.31 that would cause it to not
> compile? We can compile bind-9.18.30 just fine but bind-9.18.31 fails with
> netmgr/udp errors:
>
>
> netmgr
st
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
ot allowing
DNS over both UDP and TCP or is filtering fragments (check both IPv4 and IPv6)
or
is blocking ICMP or ICMPv6.
Mark
> On 31 Oct 2024, at 00:36, Drew Weaver wrote:
>
> Hello,
> We recently replaced 3 BIND 9 servers with newer ones.
> For whatever reason during t
minimisation you cannot miss intermediate zones.
Mark
> On 31 Oct 2024, at 00:31, Michael Martinell via bind-users
> wrote:
>
> Hello, hoping somebody might have some insight into the errors I am seeing on
> ipv6 dnssec records.
> I am just starting to roll out dnssec on my reve
Take your machine to Apple. You have a hardware fault or a kernel security
bug. A user application should not be able to make an operating system crash.
Mark
> On 24 Oct 2024, at 17:20, James L. Brown via bind-users
> wrote:
>
> For almost two weeks my instance of named has ca
t;
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing
has those rules encoded into it.
Mark
> On 16 Oct 2024, at 11:54, Arnold DECHAMPS wrote:
>
> Hello everyone,
>
> I made a algo rollover in DNSSEC from algo 8 to algo 13.
>
> Software version : 9.18.28-1~deb12u2-Debian
>
> My zone confi
t; DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256
> ECDSAP384SHA384 ED25519 ED448
> DS algorithms: SHA-1 SHA-256 SHA-384
> HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384
> HMAC-SHA512
> TKEY mode 2 support (Diffie-Hellman): no
&g
address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> How does cat play with mouse? cat /dev/mouse
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid
records.
All this needs to go through the IETF.
--
Mark Andrews
> On 28 Sep 2024, at 07:54, Terik Erik Ashfolk wrote:
>
> According to the page
> https://blog.apnic.net/2021/08/25/multi-signer-dnssec-models/
> in MODEL 2.
> I added an improved image as attachment.
>
> MUL
id support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61
> On 11 Sep 2024, at 16:06, Lee wrote:
>
> On Tue, Sep 10, 2024 at 10:52 PM Mark Andrews wrote:
>>
>>> On 11 Sep 2024, at 12:10, Lee wrote:
>>>
>>> On Tue, Sep 10, 2024 at 6:17 PM Mark Andrews wrote:
>>>>
>>>> Comma is legal
> On 11 Sep 2024, at 12:10, Lee wrote:
>
> On Tue, Sep 10, 2024 at 6:17 PM Mark Andrews wrote:
>>
>> Comma is legal in a domain name. It isn’t legal in a host name which are a
>> subset of domain names. Named-checkzone is working exactly as it should.
>
>
Comma is legal in a domain name. It isn’t legal in a host name which are a
subset of domain names. Named-checkzone is working exactly as it should.
If the current origin is example.com. then comma expands to ,.example.com. as
it is treaded as a relative name.
--
Mark Andrews
> On 11
>
> ---+-----
> 117965258 | ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: **
> +
> | ;; flags: qr rd ra; QUESTION: 1, ANSWER: 0, AUTHORIT
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing
On further reflection I suspect broken clocks. Named uses If-Modified-Since to
determine
whether to resend the style file. Named uses the server’s start time as the
modification time
in that calculation.
> On 26 Aug 2024, at 11:06, Mark Andrews wrote:
>
> We are probably not
o looks like I'll have to find out why collecting BIND
> stats via collectd (5.12.0) no longer works after upgrading to
> 9.20.x.
>
> Best regards,
>
> - Håvard
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
>
> On 19 Aug 2024, at 00:59, Marco Moock wrote:
>
> Am 18.08.2024 um 23:44:26 Uhr schrieb Mark Andrews:
>
>>> On 18 Aug 2024, at 20:32, Marco Moock wrote:
>
>> It is. Go to the product page. Look at panel 3 “Configuration".
>> Click on "Admini
. There are no DLV records there to lookup.
https://kb.isc.org/docs/disable-dnssec-lookaside-dlv-now-heres-how
Also I am not going to ask operations what happened 2 weeks ago to cause
the signature to be momentarily bad.
Mark
> On 19 Aug 2024, at 10:51, 秋林峻祐 wrote:
>
> This will be
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
>
Negative cache entries.
--
Mark Andrews
> On 15 Aug 2024, at 22:10, Marco Moock wrote:
>
> Hello!
>
> named.stats includes that:
>
> [...]
> ++ Cache DB RRsets ++
> [View: default]
>3184 A
>1059 NS
>
to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/li
he development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas
estadmin.ovh {
type secondary;
file “testadmin.ovh.db”;
primaries { 2803:1920::4:a09; };
};
e.g. dig testadmin.ovh @199.38.247.210
Mark
> On 15 Jul 2024, at 22:51, Herman Brule wrote:
>
> Hi,
> Sorry I had to fix for my customer the domain ore.org.bo, but I have ope
oftware with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Austra
IPv4 only):
zone ore.org.bo {
type secondary;
file "ore.org.bo.db”;
primaries { 45.225.75.8; };
};
Alternatively you can add IPv6 to an IPv4 only machine using services like
https://tunnelbroker.net/ even when the ISP does not support IPv6.
Mark
> On 15 Jul 2024, at 11
OOKIE: 42c6758d745eb62b0100669463baea9db7cd3474c256 (good)
;; QUESTION SECTION:
;smtp.ore.org.bo. IN A
;; ANSWER SECTION:
smtp.ore.org.bo. 3266 IN A 45.225.75.8
;; Query time: 264 msec
;; SERVER: 45.225.75.8#53(45.225.75.8) (UDP)
;; WHEN: Mon Jul 15 09:48:10 AEST 2024
;; MSG SIZE rcvd:
gt; this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
behave
like a stub resolver for the specified namespace rather than being an iterative
resolver.
Transfer the zone from the hidden primary rather than configuring forward mode.
zone ore.org.bo {
type secondary;
file “ore.org.bo.db”;
primaries { 2803:1920::c:1963; };
};
Mark
continue. If people where willing to put up with NXDOMAIN being returned
rather than the data that is later found by continuing or not using QNAME
minimisation the default could be changed. 'But it “works" when I ask Google'
is a hard thing to fight against.
Mark
> On 25 Jun 20
It’s just a false positive when the result is NXDOMAIN. Because people forget
to put delegating NS records in parent zones when both are served by the same
server the lookups continue on NXDOMAIN. There is an issue to address this.
--
Mark Andrews
> On 25 Jun 2024, at 06:36, Peter wr
> On 20 Jun 2024, at 15:29, Michael Richardson wrote:
>
>
> Mark Andrews wrote:
>> Named and nsupdate validate input for types they know about (both text
>> and wire). You would have to use versions that are not HTTPS aware and
>> use unknown type format.
>
Named and nsupdate validate input for types they know about (both text
and wire). You would have to use versions that are not HTTPS aware and
use unknown type format.
Mark
> On 20 Jun 2024, at 11:39, Stephen Farrell wrote:
>
>
> Hiya,
>
> Apologies if this is a repeat, I s
tware with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, A
Have you read the fine documentation on BIND where it is stated this is not
(currently) possible?
If you want to extend named to support this we would be happy to review a
change request. It is complicated however which is why it has not been done.
--
Mark Andrews
> On 13 Jun 2024, at
gt; Contact us at https://www.isc.org/contact/ for more information.
>>
>>
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>> --
>> - Andrew "lathama" Latham -
>>
rs to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mai
> On 27 May 2024, at 16:06, Erik Edwards via bind-users
> wrote:
>
> Hello Mark & List,
>
> Thank you for responding, I'm running bind-9.18.26-1.fc40.x86_64 and using
> nsupdate 9.16.27-Debian to send the updates, using rndc Version: 9.18.26.
>
> I'm
given
NOTHING for people to work with to help you.
Mark
> On 27 May 2024, at 13:39, Mark Andrews wrote:
>
>
>
>> On 25 May 2024, at 03:25, Erik Edwards via bind-users
>> wrote:
>>
>> algorithm hmac-sha256;
>>
>> named-checkconf -p shows
startup phase. It has to daemonize then
finish its startup. The parent process waits for the startup to complete and
then exits with an appropriate error code. Somewhere in that startup something
has failed.
Mark
> On 21 May 2024, at 14:10, avijeet gupta wrote:
>
> My Apologies. I
DNSSEC or adding a HINFO
record for every name in your zone when offline signing.
Mark
--
Mark Andrews
> On 21 May 2024, at 00:31, Ondřej Surý wrote:
>
> I would suggest you to create a feature request in our GitLab. This way it
> won't get lost
> in the tides of time
Named does not support this. There is no requirement to support this.
--
Mark Andrews
> On 21 May 2024, at 00:04, Amaury Van Pevenaeyge
> wrote:
>
>
> Hello everyone,
>
> How is it possible to set up a resource record of type HINFO so that it is
> returned on e
on ISC’s behalf don’t
support DNS COOKIE where as those run by ISC directly do. Changes in
routing can mean that the particular instance that answers your query will
change.
Mark
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
&g
reports due to garbage records at the zone apex.
Mark
--
Mark Andrews
> On 17 May 2024, at 23:31, Stephane Bortzmeyer wrote:
>
> On Fri, May 17, 2024 at 03:25:01PM +0200,
> Matus UHLAR - fantomas wrote
> a message of 43 lines which said:
>
>> I have noticed that BI
h paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHON
ut what would lead to truncated TCP
> traffic in the context of DNS ?
Usually it is a software bug in the server where it doesn’t support 65535 byte
responses or incorrectly applies UDP limits to TCP. Very occasionally the
response actually won’t fit in 65535 bytes.
Whatever it was I’m not seein
> On 1 May 2024, at 22:25, Walter H. via bind-users
> wrote:
>
> On 01.05.2024 01:33, Mark Andrews wrote:
>>
>>> On 1 May 2024, at 03:32, Lee wrote:
>>>
>>> On Mon, Apr 29, 2024 at 11:40 PM Walter H. wrote:
>>>> On 29.04.2024 22:19,
is list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Ma
:54 AEST 2024
;; MSG SIZE rcvd: 203
%
> On 30 Apr 2024, at 06:55, Lee wrote:
>
> On Sun, Apr 28, 2024 at 7:56 PM Mark Andrews wrote:
>>
>> It isn’t DNSSEC. It’s a badly configured DNS server that is claiming that it
>> serves .com rather than dnssec-analy
port subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2
I prefer to only name and shame when I’m 100% sure of the target.
--
Mark Andrews
> On 30 Apr 2024, at 06:56, Lee wrote:
>
> On Sun, Apr 28, 2024 at 7:56 PM Mark Andrews wrote:
>>
>> It isn’t DNSSEC. It’s a badly configured DNS server that is claiming that it
>&
And the SMTP server doesn’t need to listen on IPv6 if it isn’t going to accept
messages over that transport. Talk about a way to DoS yourself.
--
Mark Andrews
> On 30 Apr 2024, at 06:19, Lee wrote:
>
> On Sun, Apr 28, 2024 at 2:18 AM Walter H. via bind-users
> wrote:
>
>
/dnssec/>
>
> Hi Josh,
>
> Ok, sounds good!
>
> - J
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https
-records ...
>
> would it be a problem with just this DNS zone, why are only problems getting
> the IPv6?
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support
.
Named was looking up theses NS records I.e. chasing the DS servers. This can
result in named finding delegation errors. QNAME minimisation also exposes
these errors as it also does NS queries. Garbage in breakage out.
--
Mark Andrews
> On 27 Apr 2024, at 00:45, J Doe wrote:
>
> On 2
No. “Forward zones” are not DNS zones. They are overrides to the DNS resolution
processes that just happened to be configured in named by overloading the zone
syntax element. Similarly stub and static stub are not zones. The are other
things.
--
Mark Andrews
> On 23 Apr 2024, at 01
pport subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61
1 - 100 of 1054 matches
Mail list logo
