RE: dnnsec ipv6 reverse zone configuration

, October 30, 2024 3:26 PM To: Michael Martinell Cc: bind-users Subject: Re: dnnsec ipv6 reverse zone configuration Create the zone 0.0.6.d.7.0.6.2.ip6.arpa and delegate 3.0.0.0.0.9.0.0.6.d.7.0.6.2.ip6.arpa from it. The ARIN servers delegate 0.0.6.d.7.0.6.2.ip6.arpa to ns1.itctel.com and ns2

Re: dnnsec ipv6 reverse zone configuration

c > ;; SERVER: 75.102.161.234#53(75.102.161.234) > ;; WHEN: Mon Oct 28 08:19:20 CDT 2024 > ;; MSG SIZE rcvd: 385 > I did register the DS record for this block of IPs that matches the zone > with ARIN last week. > Network solutions still does not support glue records for

dnnsec ipv6 reverse zone configuration

atches the zone with ARIN last week. Network solutions still does not support glue records for nameservers, so I am unable to add those. My configuration is very simple and pretty much follows the bind documentation. Running BIND 9.18.30 DNSSEC Policy dnssec-policy "itc-no-rotate&

Re: Configuration management of BIND .conf

On Tue, Sep 24, 2024 at 7:24 PM John Thurston wrote: > I'm looking for your ideas. What works? What doesn't work? > > Are you leveraging your existing configuration management tools (e.g. > Puppet, Ansible, Chef)? > For OARC's name servers (significantly simpl

Re: Configuration management of BIND .conf

secrets in them. Signing the zone would demonstrate the validity of the record. In the absence of dnssec, a second record with a /sha256sum/ would demonstrate the large record had been retrieved correctly. I like the idea of re-using the zone-replication mechanism to distribute the .conf inf

Re: Configuration management of BIND .conf

Are you leveraging your existing configuration management tools (e.g. Puppet, Ansible, Chef)? Ansible (my choice of poison) works well for this type of situation I find, particularly because a lot of work can be done via Jinja templating. This trivial example hopefully illustrates what I mean

Configuration management of BIND .conf

Thirty years ago, we had a pretty simple DNS configuration; a couple of AIX servers configured as dual-purpose authorities and resolvers. Once it was set, the configuration didn't change much. But when it did, with two hosts, it was simple to rlogin to each and make similar mods to the c

Re: What is the equivalent of this dnsmasq configuration

Pretty much a precise use case for RPZ (Response Policy Zones). Google it or search the BIND docs for RPZ. On Sun, Jun 18, 2023 at 8:37 PM public1020 via bind-users < bind-users@lists.isc.org> wrote: > I need to hijack certain domains and not its subdomains, so I use dnsmasq > to achieve it: > >

What is the equivalent of this dnsmasq configuration

I need to hijack certain domains and not its subdomains, so I use dnsmasq to achieve it: ``` [host-record=example.com](http://host-record=google.com),1.2.3.4 ``` In bind I have to create a zone and copy everything there, is there a simple way for domains I have no authority for?-- Visit https:

Re: How to show run the active configuration on bind

Mik J via bind-users wrote: > How can I check which variables are loaded in memory and considered as active. As Ray said, usually it isn't ambiguous. But there are a couple of semi-relevant tools that are worth knowing about: You can use `named-checkconf -p` to canonicalize your confi

Re: How to show run the active configuration on bind

On 04/01/2022 16:53, Mik J via bind-users wrote: Hello, How can I check which variables are loaded in memory and considered as active. For example, I would like to check that the value of lame-ttl is 0 In my named.conf configuration file I have include "myconf.conf"; lame-ttl 60

How to show run the active configuration on bind

Hello, How can I check which variables are loaded in memory and considered as active. For example, I would like to check that the value of lame-ttl is 0In my named.conf configuration file I haveinclude "myconf.conf"; lame-ttl 600; And in the myconf.conf file I havelame-ttl 0; So how

Re: "minimal-any" configuration query

ShubhamGoyal wrote: > We have enabled " minimal-any yes;" in our Bind DNS Sever, Yet an ANY > query provides complete details instead of providing reduced details . Testing minimal-any with dig is tricky and very obscure! For an example of how to test it, try: dig cam.ac.uk any @131.11

Re: "minimal-any" configuration query

> > Dear sir, > We are running a public DNS resolver in > Centos 8 with bind software . We enable geoip feature at configuration time > now I want to know about > >" How can we imple

RE: "minimal-any" configuration query

Without seeing your configuration, I can only suggest trying the minimal-responses option. Regards, Bob ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with

Re: "minimal-any" configuration query

I believe, "minimal-any" is for authoritative nameservers only and has no effect on recursive resolvers. Where did you configure "minimal-any yes"? Daniel On 08.09.20 13:30, ShubhamGoyal wrote: > Dear All, >    We have enabled " *minimal-any yes;"* in our Bind > DNS Sever, Yet

"minimal-any" configuration query

Dear All, We have enabled " minimal-any yes;" in our Bind DNS Sever, Yet an ANY query provides complete details instead of providing reduced details . Please suggest a fix.

Can we use rndc addzone to add zone in rpz configuration?

Hi, Keen to know if rndc addzone functionality can be used to add zones in bind serving response-policy? If so then what would be my view? Do I need to define my view to make it work? I tried this and its failing hence wondering if rndc can be used to add zone or delete zone on the fly? Here is

Re: bind v9.16.2 build, inconsistent GeoIP2 configuration options usage ?

On 4/15/20 2:46 PM, PGNet Dev wrote: > On 4/15/20 1:50 PM, Ondřej Surý wrote: >> you are right this is a bit confusing, but you need to specify both: >> >> --enable-geoip (as the feature independent of used libraries) >> --with-maxmindsb (where to find the libraries) > > thx > > i'd also suggest

Re: bind v9.16.2 build, inconsistent GeoIP2 configuration options usage ?

On 4/15/20 1:50 PM, Ondřej Surý wrote: > you are right this is a bit confusing, but you need to specify both: > > --enable-geoip (as the feature independent of used libraries) > --with-maxmindsb (where to find the libraries) thx i'd also suggest - --with-maxmiddb + --with-libmaxmi

Re: bind v9.16.2 build, inconsistent GeoIP2 configuration options usage ?

>Optional features enabled: >Mutex lock type: adaptive >IPv6 support (--enable-ipv6) >Python tools (--with-python) >XML statistics (--with-libxml2) >JSON statistics (--with-json-c): -I/usr/include/json-c -ljson-c >HTTP zlib

bind v9.16.2 build, inconsistent GeoIP2 configuration options usage ?

Python tools (--with-python) XML statistics (--with-libxml2) JSON statistics (--with-json-c): -I/usr/include/json-c -ljson-c HTTP zlib compression (--with-zlib) LMDB database to store configuration for 'addzone' zones (--wit

Re: Saurabh: Want to exclude the MX Record from my RPZ Configuration.

S RPZ. > I want to exclude the MX Record for any domain in my RPZ Configration. > I only want to keep the A Record of any domain but want to exclude the MX > Record of that domain. > Can you please help me out to achieve this? > Means, in configuration, is it possible to exclude the

Saurabh: Want to exclude the MX Record from my RPZ Configuration.

? Means, in configuration, is it possible to exclude the MX Record of any domain? Please hep me out in this regard. Thanks, Saurabh Thanks & Regards, Saurabh Email: jp.saur...@gmail.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-user

Re: DNS RPZ Master/Slave configuration

How-can-I- > synchronize-DNS-RPZ-firewall-policies-across-multiple-DNS-servers.html > > The one thing I didnt understand is how to assign unicast address from DNS > perspective? > > On Thu, May 3, 2018 at 7:36 PM, Blason R wrote: > >> Hi there, >> >> Can someone please

Re: DNS RPZ Master/Slave configuration

PM, Blason R wrote: > Hi there, > > Can someone please guide me on working configuration of Mater/Slave zone > in DNS RPZ for reference? > > Is that available with someone? And does it work exactly as master/slave > like any other zone? >

DNS RPZ Master/Slave configuration

Hi there, Can someone please guide me on working configuration of Mater/Slave zone in DNS RPZ for reference? Is that available with someone? And does it work exactly as master/slave like any other zone? ___ Please visit https://lists.isc.org/mailman

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Am 19.06.2017 um 16:56 schrieb Matus UHLAR - fantomas: since DNS don't care about the PTR but mail does what is your problem that you need stupid dicussions instead just agree that it can't do harm and in doubt is beneficial to have just one hostname, use that one hostname in helo_name and have

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Am 19.06.2017 um 16:56 schrieb Matus UHLAR - fantomas: since DNS don't care about the PTR but mail does what is your problem that you need stupid dicussions instead just agree that it can't do harm and in doubt is beneficial to have just one hostname, use that one hostname in helo_name and ha

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Am 19.06.2017 um 15:25 schrieb Matus UHLAR - fantomas: those rejections were NOT caused by having two different PTRs. They were caused by something different that is not a subject of this thread - even one PTR of this format would cause rejections. On 19.06.17 15:32, Reindl Harald wrote: not di

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Am 19.06.2017 um 15:25 schrieb Matus UHLAR - fantomas: * smtp_helo_name of your MTA matches the same name this one is incorrect and my next comment applies only to this one: On 19.06.17 15:14, Reindl Harald wrote: does it harm? NO is it easy to achive? YES can it be used for scoring on a s

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

* smtp_helo_name of your MTA matches the same name this one is incorrect and my next comment applies only to this one: On 19.06.17 15:14, Reindl Harald wrote: does it harm? NO is it easy to achive? YES can it be used for scoring on a spamfilter? YES is it required? NO. Actually, this would

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Am 19.06.2017 um 15:00 schrieb Matus UHLAR - fantomas: On 19.06.17 01:05, Reindl Harald wrote: it's nearly always misleading and results in randomness on the receiving server which name get logged and if A/PTR matches normally you should always have: * IP with *one* PTR * the A-Record for t

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 19.06.17 01:05, Reindl Harald wrote: it's nearly always misleading and results in randomness on the receiving server which name get logged and if A/PTR matches normally you should always have: * IP with *one* PTR * the A-Record for the PTR matches these two are correct. * smtp_helo_name

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

In article you write: >>* IP with *one* PTR >>* the A-Record for the PTR matches >>* smtp_helo_name of your MTA matches the same name > >Even this is not required. In fact, requiring this breaks SMTP RFC. >The only requirement on helo name is that host must exist and be canonical, >which means it

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Am 19.06.2017 um 08:49 schrieb Matus UHLAR - fantomas: On 18.06.17 16:26, Mark Elkins wrote: Put two reverse records in both the IPv4 and IPv6 reverse zones in the "125.124.123.in-addr.arpa" zone: 126 IN PTR mail.xxx.com. 126 IN PTR ns.xxx.com. Am 18.06.2017 um 17:38 schr

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 06/19/2017 10:42 AM, Matus UHLAR - fantomas wrote: If I do what you say reverse IP for DNS will point on mail.xxx.com and not on ns.xxx.com. I have asked you twice: WHO TOLD YOU THIS IS A PROBLEM? IT IS NOT! There are only a few services on the net who currently use reverse DNS records

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 06/19/2017 10:27 AM, Mark Elkins wrote: Another solution could be to make one of the names a CNAME pointing to the other name. -or- Just use one generic name for both services. rather than the two "service" names. Although in all honesty, I see nothing wrong with a lookup returning two a

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 19.06.17 10:27, Mark Elkins wrote: Another solution could be to make one of the names a CNAME pointing to the other name. No. This would create a real problem, since NS and mail have different records. -or- Just use one generic name for both services. rather than the two "service"

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 06/19/2017 08:51 AM, Matus UHLAR - fantomas wrote: long story short: in the "125.124.123.in-addr.arpa" zone: 126 IN PTR mail.xxx.com. quoting your original message: What should I put for IPV4 reverse address : if I put mail.xxx.com, the reverse address will not point on ns.xxx.com,

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Another solution could be to make one of the names a CNAME pointing to the other name. -or- Just use one generic name for both services. rather than the two "service" names. Although in all honesty, I see nothing wrong with a lookup returning two answers (in a single response packet) for the o

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 06/19/2017 08:51 AM, Matus UHLAR - fantomas wrote: On 19.06.17 08:03, Pierre Couderc wrote: Ok, thank you all, now I need to understand your answers... long story short: in the "125.124.123.in-addr.arpa" zone: 126 IN PTR mail.xxx.com. quoting your original message: What should I

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

ist them all in the reverse configuration. After all, a NS record usually has at least two records ;-) there are cases when having two reverse records is misleading it's nearly always misleading and results in randomness on the receiving server which name get logged and if A/PTR matches

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 19.06.17 08:03, Pierre Couderc wrote: Ok, thank you all, now I need to understand your answers... long story short: in the "125.124.123.in-addr.arpa" zone: 126 IN PTR mail.xxx.com. quoting your original message: What should I put for IPV4 reverse address : if I put mail.xxx.com,

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 18.06.17 16:26, Mark Elkins wrote: Put two reverse records in both the IPv4 and IPv6 reverse zones in the "125.124.123.in-addr.arpa" zone: 126 IN PTR mail.xxx.com. 126 IN PTR ns.xxx.com. Am 18.06.2017 um 17:38 schrieb Matus UHLAR - fantomas: there are cases when having t

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

. List them all in the reverse configuration. After all, a NS record usually has at least two records ;-) there are cases when having two reverse records is misleading it's nearly always misleading and results in randomness on the receiving server which name get logged and if A/PTR ma

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

s possible, it's not always a good idea. One reverse record is enough in most cases you need reverse DNS. (which mostly means, for outgoing mail) Nothing wrong with a machine (or interface on a machine) having more than one name for the same address. List them all in the reverse configuration.

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

rd is enough in most cases you need reverse DNS. (which mostly means, for outgoing mail) Nothing wrong with a machine (or interface on a machine) having more than one name for the same address. List them all in the reverse configuration. After all, a NS record usually has at least two records

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

On 18.06.17 15:40, Pierre Couderc wrote: Well, we have 2 computers in xxx.com subnet provided by ISP on 123.124.125.126 ipV4 address and corresponding IPV6 segment mail.xxx.com :2a01:e34:::::1122:3344 for mail server ns.xxx.com : 2a01:e34:::::aabb:ccdd for

Re: reverse dns configuration for IPV4, IPV6+ dns+ mail ?

d see what question dig asks. Nothing wrong with a machine (or interface on a machine) having more than one name for the same address. List them all in the reverse configuration. After all, a NS record usually has at least two records ;-) On 18/06/2017 15:40, Pierre Couderc wrote: > Well, we hav

reverse dns configuration for IPV4, IPV6+ dns+ mail ?

Well, we have 2 computers in xxx.com subnet provided by ISP on 123.124.125.126 ipV4 address and corresponding IPV6 segment mail.xxx.com :2a01:e34:::::1122:3344 for mail server ns.xxx.com : 2a01:e34:::::aabb:ccdd for dns server In xxx.com bind : mail A 123.

RE: Configuration advice for a post-8020 world

> -Original Message- > From: Mark Andrews [mailto:ma...@isc.org] > > Named does not check that a parent zone has NS records for a child > zone on the same server. Always add delegating NS records. > > As for ENT returning NXDOMAIN. Early versions of the specifications > of DNSSEC said the

Re: Configuration advice for a post-8020 world

Named does not check that a parent zone has NS records for a child zone on the same server. Always add delegating NS records. As for ENT returning NXDOMAIN. Early versions of the specifications of DNSSEC said there were no NAMES, rather than NAMES with RECORDS, between names in a DNSSEC sorted

RE: Configuration advice for a post-8020 world

> -Original Message- > From: Woodworth, John R > -Original Message- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Phil > Mayers > > > > On 12/02/2017 11:09, Woodworth, John R wrote: > > > > > SAMPLE ZONES: > > > 101{redacted}.com. (REAL ZON

RE: Configuration advice for a post-8020 world

-Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Phil Mayers > > On 12/02/2017 11:09, Woodworth, John R wrote: > > > SAMPLE ZONES: > > 101{redacted}.com. (REAL ZONE FILE) > > jwjw.sales.101{redacted}.com. (REAL ZONE FILE) > > You ar

Re: Configuration advice for a post-8020 world

On 12/02/2017 11:09, Woodworth, John R wrote: SAMPLE ZONES: 101{redacted}.com. (REAL ZONE FILE) jwjw.sales.101{redacted}.com. (REAL ZONE FILE) You are missing the glue NS records in the parent zone (just verified by local test of the before/after case). You need: jwjw.sales.1

Configuration advice for a post-8020 world

All, I am asking for advice/ comments/ best-practices for bind configuration and zone RRs to avoid potential issues with Empty Non-Terminal (ENT) domain names. Before continuing, I feel I must point out I am a big fan of improvements in network and protocol efficiency including RFC-8020. I also

Re: High performance DNS server configuration?

Am 15.09.2016 um 17:19 schrieb Benny Pedersen: On 2016-09-15 15:42, John Levine wrote: Problem is procmail + postfix with rbl's (zen.spamhaus.org and others). Really big problem are spam botnet's and some day we can get over 5-6 million messages per day or even more. Procmail/postfix is doin

Re: High performance DNS server configuration?

On 2016-09-15 15:42, John Levine wrote: Problem is procmail + postfix with rbl's (zen.spamhaus.org and others). Really big problem are spam botnet's and some day we can get over 5-6 million messages per day or even more. Procmail/postfix is doing every check per msg at localdns (localdns => rb

Re: High performance DNS server configuration?

>Problem is procmail + postfix with rbl's (zen.spamhaus.org and others). > >Really big problem are spam botnet's and some day we can get over 5-6 >million messages per day or even more. > >Procmail/postfix is doing every check per msg at localdns (localdns => >rbl's) server and average check time i

Re: High performance DNS server configuration?

32 GB > memory and SSD disks (with raid controller). > > We have local bind running at same box (bind, caching) with default > configuration. Ask on a CentOS list if you don't wish to provide the configuration in use. We don't all know what "default" m

Re: High performance DNS server configuration?

Am 15.09.2016 um 13:20 schrieb Pekka Jalonen: Server is mail server with ~+150 K users. Problem is procmail + postfix with rbl's (zen.spamhaus.org and others). Really big problem are spam botnet's and some day we can get over 5-6 million messages per day or even more. Procmail/postfix is doi

RE: DNS's example of configuration with view and zones

ince named will, by default, listen on all interfaces, and for outbound queries, it's left to the Operating System to decide, based on its routing configuration, what interface to use to send any given packet). From a forward-zone perspective, whether you have 3 interfaces, or 30, you should be

DNS's example of configuration with view and zones

You would be able to send me some DNS's example of configuration with view and zones, for 3 interfaces of net, for favor as I can create the inverse zones for 3 different sub-nets I do not have access to internet in Cuba Greetings William - Mensaje original - De: "Rei

Re: configuration error in lists.isc.org

On 2015-08-13 21:14, Mark Andrews wrote: In message <94ac3fe7e1948b9c0ce80a78f8a59...@lhaven.homeip.net>, "Lawrence K. C hen, P.Eng." writes: Earlier today had a request to add another entry...didn't notice that how close the string was to 255? characters. You just use multiple fields if ther

Re: configuration error in lists.isc.org

In message , Steven Carr writes: > On 14 August 2015 at 03:14, Mark Andrews wrote: > > You just use multiple fields if there isn't space. The field are > > concatenated together with no space to produce the full SPF entry. > > > > e.g. "ab" "cd" -> "abcd" > > How does BIND know which o

Re: configuration error in lists.isc.org

On 14 August 2015 at 03:14, Mark Andrews wrote: > You just use multiple fields if there isn't space. The field are > concatenated together with no space to produce the full SPF entry. > > e.g. "ab" "cd" -> "abcd" How does BIND know which order to send the TXT records in so that they can

Re: configuration error in lists.isc.org

In message <94ac3fe7e1948b9c0ce80a78f8a59...@lhaven.homeip.net>, "Lawrence K. C hen, P.Eng." writes: > Earlier today had a request to add another entry...didn't notice that how > close the string was to 255? characters. You just use multiple fields if there isn't space. The field are concatenat

Re: configuration error in lists.isc.org

On 2015-08-13 18:47, Reindl Harald wrote: Am 13.08.2015 um 23:15 schrieb Lawrence K. Chen, P.Eng.: On 2015-08-10 17:12, Reindl Harald wrote: well, when you can't say from where you send mail you should refrain from setup SPF at all Except there are external forces that demand an SPF, and that

Re: configuration error in lists.isc.org

Am 13.08.2015 um 23:15 schrieb Lawrence K. Chen, P.Eng.: On 2015-08-10 17:12, Reindl Harald wrote: well, when you can't say from where you send mail you should refrain from setup SPF at all Except there are external forces that demand an SPF, and that it contain specific strings at all times

Re: configuration error in lists.isc.org

On 2015-08-10 17:12, Reindl Harald wrote: truncated the long, hard to understand and unrelated stuff Am 10.08.2015 um 23:49 schrieb Lawrence K. Chen, P.Eng.: that above is pure nonsense - your DOMAIN has either a strict SPF policy - or a testing policy ~ and no mix of both ~ means "testi

Re: configuration error in lists.isc.org

On 11/08/2015 07:59, Lawrence K. Chen, P.Eng. wrote: > On 2015-08-10 16:49, Lawrence K. Chen, P.Eng. wrote: > >> Though I realize my error not recalling that there is a middle (neutral) >> level, and which is more appropriate, since softfail is somewhere between >> fail and neutral which is

Re: configuration error in lists.isc.org

BTW: your SPF is completly broken http://www.openspf.org/Why?s=mfrom;id=lkc...@ksu.edu;ip=54.200.129.228 The domain outbound._spf.mailhop.org has published an SPF policy, however, an error occurred while the receiving mail server tried to evaluate the policy: Missing required IPv4 address in

Re: configuration error in lists.isc.org

truncated the long, hard to understand and unrelated stuff Am 10.08.2015 um 23:49 schrieb Lawrence K. Chen, P.Eng.: that above is pure nonsense - your DOMAIN has either a strict SPF policy - or a testing policy ~ and no mix of both ~ means "testing, please don't reject if it don't pass" and

Re: configuration error in lists.isc.org

On 2015-08-10 16:49, Lawrence K. Chen, P.Eng. wrote: Though I realize my error not recalling that there is a middle (neutral) level, and which is more appropriate, since softfail is somewhere between fail and neutral which is not where I had intended the servers to be. Went to fix it, only to

Re: configuration error in lists.isc.org

On 2015-08-07 22:23, Reindl Harald wrote: Am 08.08.2015 um 05:13 schrieb Lawrence K. Chen, P.Eng.: So, when we were with this provider, our SPF had exclusive pool as good, but included the other pool prefixed with '~' can we stop that foolish discussion on the named list? How about an unna

Re: configuration error in lists.isc.org

Am 08.08.2015 um 05:13 schrieb Lawrence K. Chen, P.Eng.: So, when we were with this provider, our SPF had exclusive pool as good, but included the other pool prefixed with '~' can we stop that foolish discussion on the named list? that above is pure nonsense - your DOMAIN has either a strict

Re: configuration error in lists.isc.org

On 2015-08-07 07:34, wbr...@e1b.org wrote: > From: "Lawrence K. Chen, P.Eng." > >> OTOH, we have caved on adding systems that aren't 'ours'...though how much >> of >> Office365 is actually 'ours'but I think we currently have a couple >> includes for mass emailing solutions or our surv

Re: [OT] Re: configuration error in lists.isc.org

On 08/08/2015 01:23, Heiko Richter wrote: > The "spf2.0/pra ?all" is SenderID, where "pra" forces the DMARC server > to check only the Envelope-Sender against "v=spf1 mx -all". If you > don't set that, SPF will always check both Envelope-From and Header-From. > >> Note that it's the SenderID

Re: [OT] Re: configuration error in lists.isc.org

Am 07.08.2015 um 08:29 schrieb Matus UHLAR - fantomas: SPF must only check envelope address, not header From: address - it was never designed to do the latter. On 07.08.15 17:23, Heiko Richter wrote: Correction: - All implementations of SPF always check 2 addresses: - Envelope-Fr

Re: [OT] Re: configuration error in lists.isc.org

On Fri, Aug 7, 2015 at 11:23 AM, Heiko Richter wrote: > Correction: > - > All implementations of SPF always check 2 addresses: > - Envelope-From address > - From address > > SPF will fail whenever the client is not authorized to send for either > the Envelope-From address or the

Re: [OT] Re: configuration error in lists.isc.org

Am 07.08.2015 um 17:23 schrieb Heiko Richter: Am 07.08.2015 um 08:29 schrieb Matus UHLAR - fantomas: On Aug 6, 2015, at 4:25 PM, Heiko Richter mailto:em...@heikorichter.name>> wrote: Whenever I post something to the list (I'm not using SMTP, I'm using a usenet server to post to comp.protocols.

Re: configuration error in lists.isc.org

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 07.08.2015 um 08:03 schrieb Lawrence K. Chen, P.Eng.: > In looking through the received headers I see that there's no SPF > for lists.isc.org Wether or not lists.isc.org was never in question. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.2

Re: [OT] Re: configuration error in lists.isc.org

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 07.08.2015 um 08:29 schrieb Matus UHLAR - fantomas: >>> On Aug 6, 2015, at 4:25 PM, Heiko Richter >>> mailto:em...@heikorichter.name>> >>> wrote: Whenever I post something to the list (I'm not using SMTP, I'm using a usenet server to post

Re: configuration error in lists.isc.org

On Fri, Aug 7, 2015 at 2:57 AM, Reindl Harald wrote: > > Am 07.08.2015 um 01:25 schrieb Heiko Richter: > >> So ISC: please fix your list servers, let them rewrite the From headers! >> > > please try to understand the topic before blaming! > http://wiki.list.org/DEV/DMARC > > * SPF is about envelo

Re: [OT] Re: configuration error in lists.isc.org

On 07/08/15 02:03, Charles Swiger wrote: >> So ISC: please fix your list servers, let them rewrite the From headers! > > How would this help? Changing the From header breaks your domain's DKIM > signing; are you asking them to take ownership of your messages and then DKIM > sign > them on beha

Re: configuration error in lists.isc.org

Am 07.08.2015 um 01:25 schrieb Heiko Richter: Whenever I post something to the list (I'm not using SMTP, I'm using a usenet server to post to comp.protocols.dns.bind), my postmaster address receives DMARC notifications from list members that have employed this wonderful protocol on their servers

Re: [OT] Re: configuration error in lists.isc.org

On Aug 6, 2015, at 4:25 PM, Heiko Richter mailto:em...@heikorichter.name>> wrote: Whenever I post something to the list (I'm not using SMTP, I'm using a usenet server to post to comp.protocols.dns.bind), my postmaster address receives DMARC notifications from list members that have employed this

Re: configuration error in lists.isc.org

On 2015-08-06 19:00, /dev/rob0 wrote: My SPF record doesn't include lists.ist.org, of course and it never will. Furthermore it ends with "-all" so all my messages to the list are being rejected by list members who have spf aware servers. No, GNU Mailman (which is the software behind lists.i

Re: [OT] Re: configuration error in lists.isc.org

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 07.08.2015 um 02:03 schrieb Charles Swiger: > On Aug 6, 2015, at 4:25 PM, Heiko Richter > wrote: >> Whenever I post something to the list (I'm not using SMTP, I'm >> using a usenet server to post to comp.protocols.dn

[OT] Re: configuration error in lists.isc.org

On Aug 6, 2015, at 4:25 PM, Heiko Richter wrote: > Whenever I post something to the list (I'm not using SMTP, I'm using a > usenet server to post to comp.protocols.dns.bind), my postmaster > address receives DMARC notifications from list members that have > employed this wonderful protocol on thei

Re: configuration error in lists.isc.org

On Fri, Aug 07, 2015 at 01:25:37AM +0200, Heiko Richter wrote: > Nothing concerning Bind, but still relevant to all list users: > > Just wanted to let you all know about a configuration error on > lists.isc.org. It doesn't rewrite any email headers, only reflects > incoming

configuration error in lists.isc.org

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Nothing concerning Bind, but still relevant to all list users: Just wanted to let you all know about a configuration error on lists.isc.org. It doesn't rewrite any email headers, only reflects incoming messages to all list members which lea

Re: Question on "--with-libxml2" option while compiling on Sparc Solaris 10 and the Configuration Summary output.

BLS CTR wrote: > Hello > > This is what I get in the summary after I run configure on BIND 9.10.2P3 > source code when I use the "--with-libxml2" option for compiling . As we can > see the summary says that the op

Question on "--with-libxml2" option while compiling on Sparc Solaris 10 and the Configuration Summary output.

Hello This is what I get in the summary after I run configure on BIND 9.10.2P3 source code when I use the "-with-libxml2" option for compiling . As we can see the summary says that the option has been enabled. Configurati

Re: ERROR : - writeable file 'data/udalgurijudiciarygov.hosts': already in use: /etc/nicnet2007.govdomain:15424 - loading configuration: failure

eport failures at least...and certificate reports (usually about old certs I've forgotten to remove, though thought I saw that newer F5 does sync deletions now.) The important thing was to have configuration backups of our F5's, since there had been a number of times former onsite contr

Re: ERROR : - writeable file 'data/udalgurijudiciarygov.hosts': already in use: /etc/nicnet2007.govdomain:15424 - loading configuration: failure

have something for the external nameservers to transfer > (hopefully), I'm doing a regular sync of the file 'sec' to 'ext'. > > Not totally sure that's workingbut nothing filing up logs > about it. > > So, is what I did something that'll ho

Re: ERROR : - writeable file 'data/udalgurijudiciarygov.hosts': already in use: /etc/nicnet2007.govdomain:15424 - loading configuration: failure

This unfortunately looks like the thread for me to jump on to I missed installing the last two 9.9...-p# patches, first time I built everything and was pretty much ready to do it, and then forgot all about it due to health issues. More recent one...I had got it built for Solaris x64 and w

Re: ERROR : - writeable file 'data/udalgurijudiciarygov.hosts': already in use: /etc/nicnet2007.govdomain:15424 - loading configuration: failure

Am 03.08.2015 um 16:59 schrieb Anand Buddhdev: On 03/08/15 16:50, Heiko Richter wrote: Hi Heiko, Why use the "file" option at all on a slave? If you don't use the "file" option on a slave, then BIND does not write the zone to disk. This is okay for a small number of small zones. But if you

Re: ERROR : - writeable file 'data/udalgurijudiciarygov.hosts': already in use: /etc/nicnet2007.govdomain:15424 - loading configuration: failure

On 03/08/15 16:50, Heiko Richter wrote: Hi Heiko, > Why use the "file" option at all on a slave? If you don't use the "file" option on a slave, then BIND does not write the zone to disk. This is okay for a small number of small zones. But if you have many zones, or they are large, then you usual

  1   2   3   4   >