Re: localhost name lookup

On Tue, Jan 14, 2025 at 10:47:35PM +0100, Emmanuel Fusté wrote: ! localhost is defined as a (local) hostname of the loopback interface, not a ! domain name. Where would that be defined? Because, what You state is a contradiction in itself: a hostname is a designation of the metal (or virtual, now

Re: localhost name lookup

On Wed, Jan 15, 2025 at 11:55 AM Ondřej Surý wrote: > > On 14. 1. 2025, at 16:56, Lee wrote: > > In other words, should I submit a bug report to the Debian bind > maintainers or ISC? > > > With both my ISC and Debian hats on, I am going to be very frank > and say this has a very low priority, so

Re: localhost name lookup

Le 15/01/2025 à 17:12, Lee a écrit : On Wed, Jan 15, 2025 at 5:41 AM Emmanuel Fusté wrote: Le 15/01/2025 à 05:59, Nick Tait via bind-users a écrit : On 15/01/2025 10:47, Emmanuel Fusté wrote: If so, does the ISC ship a db.local with a wildcard - eg. --- cut here --- @ IN NS

Re: localhost name lookup

> On 14. 1. 2025, at 16:56, Lee wrote: > > In other words, should I submit a bug report to the Debian bind > maintainers or ISC? With both my ISC and Debian hats on, I am going to be very frank and say this has a very low priority, so unless you actually want to work on this and submit a solid c

Re: RFC compliance: MUST v SHOULD or MAY

On Tue, Jan 14, 2025 at 3:31 PM Nick Tait via bind-users wrote: > > On 15/01/2025 6:09 am, Lee wrote: you snipped a bit much. What I was responding to was >> You'd be better off starting with how name >> resolution is configured on the clients. > > I don't have a whole lot of options there. The

Re: localhost name lookup

On Wed, Jan 15, 2025 at 5:41 AM Emmanuel Fusté wrote: > > Le 15/01/2025 à 05:59, Nick Tait via bind-users a écrit : > > On 15/01/2025 10:47, Emmanuel Fusté wrote: > >>> If so, does the ISC ship a db.local with a wildcard - eg. > >>>--- cut here --- > >>> @ IN NS localhost. > >>>

Re: localhost name lookup

Le 15/01/2025 à 05:59, Nick Tait via bind-users a écrit : On 15/01/2025 10:47, Emmanuel Fusté wrote: If so, does the ISC ship a db.local with a wildcard - eg.    --- cut here --- @   IN  NS  localhost. @   IN  A   127.0.0.1 @   IN      ::1 *   IN  A  

Re: Sporadic Timeouts after upgrading to bind9.20

o: Klaus Darilion mailto:klaus.daril...@nic.at>> > Cc: Klaus Darilion via bind-users <mailto:bind-users@lists.isc.org>> > Subject: Re: Sporadic Timeouts after upgrading to bind9.20 > > Hi Klaus, > > we've identified an issue in the glue cache that have been caus

RE: Sporadic Timeouts after upgrading to bind9.20

Darilion Cc: Klaus Darilion via bind-users Subject: Re: Sporadic Timeouts after upgrading to bind9.20 Hi Klaus, we've identified an issue in the glue cache that have been causing drops in the performance. Can you test a development branch or do you need fix on top of 9.20? Ondrej -- Ondřej

Re: localhost name lookup

On 15/01/2025 10:47, Emmanuel Fusté wrote: If so, does the ISC ship a db.local with a wildcard - eg.    --- cut here --- @   IN  NS  localhost. @   IN  A   127.0.0.1 @   IN      ::1 *   IN  A   127.0.0.1 IN      ::1    --- cut here

Re: localhost name lookup

Le 14/01/2025 à 16:56, Lee a écrit : On Tue, Jan 14, 2025 at 9:06 AM Petr Špaček wrote: It does not serve 'legitimate' purpose by itself, it just lowers cost of leaked nonsense queries. I guess it applies to most (all?) special-use names: The local authoritative zone is to defined to cu

Re: localhost name lookup

On 15/01/2025 4:56 am, Lee wrote: Should bind answer when asked for an A record for random.name.localhost? If so, does the ISC ship a db.local with a wildcard - eg. --- cut here --- @ IN NS localhost. @ IN A 127.0.0.1 @ IN ::1 * IN

Re: RFC compliance: MUST v SHOULD or MAY

On 15/01/2025 6:09 am, Lee wrote: I don't have a whole lot of options there. The clients are a mixture of Windows and Apple products.. about all I can do (or at least all I know how to do) is use DHCP to give them a domain name and point them to a resolver. My understanding is: * Apple device

Re: RFC compliance: MUST v SHOULD or MAY

IMO nothing. If a client really wanted a meaningful answer for a .local name, it wouldn't be asking your resolver the question; it would be making a multicast-DNS query. -- Do things because you should, not just because you can. John Thurston907-465-8591 john.thurs...@alaska.gov Departme

Re: RFC compliance: MUST v SHOULD or MAY

On Mon, Jan 13, 2025 at 2:54 AM Nick Tait via bind-users wrote: > > On 13/01/2025 12:44, Lee wrote: > > As long as I'm asking ignorant questions.. is there some reason why > > bind (at least as it came configured on my Debian machine) looks up > > .local names? > > > > I added this bit to named.con

Re: localhost name lookup

ry 14, 2025 10:48 AM To: Robert Wagner Cc: bind-users@lists.isc.org Subject: Re: localhost name lookup This email originated from outside of TESLA Do not click links or open attachments unless you recognize the sender and know the content is safe. On Tue, Jan 14, 2025 at 6:56 AM Robert Wagner

Re: localhost name lookup

On Tue, Jan 14, 2025 at 9:06 AM Petr Špaček wrote: > > On 14. 01. 25 12:56, Robert Wagner wrote: > > I wanted to better understand the use-case of having a DNS server > > provide localhost lookup. > > TL;DR Mistakes are being made. > > It does not serve 'legitimate' purpose by itself, it just lower

Re: localhost name lookup

case. I first had to install = systemd-resolved and point DNS to 127.0.0.53 instead of using the = locally installed bind on 127.0.0.1. Thanks Lee > > From: bind-users on behalf of Eric > > Sent: Sunday, January 12, 2025 9:39 PM > To: Lee > Cc

Re: localhost name lookup

On Sun, Jan 12, 2025 at 9:39 PM Eric wrote: > > I did, but my thought would be it's up to the dns admin to define those zone > configurations as you have done. I may be wrong though. I may be wrong also - which is why I'm asking :) There seems to be a long list of things bind tries to serve loca

Re: localhost name lookup

On 14. 01. 25 12:56, Robert Wagner wrote: I wanted to better understand the use-case of having a DNS server provide localhost lookup. TL;DR Mistakes are being made. It does not serve 'legitimate' purpose by itself, it just lowers cost of leaked nonsense queries. I guess it applies to most (

Re: localhost name lookup

anuary 12, 2025 9:39 PM > *To:* Lee > *Cc:* bind-users@lists.isc.org > *Subject:* Re: localhost name lookup > > This email originated from outside of TESLA > > Do not click links or open attachments unless you recognize the sender and > know the content is safe. > > I did,

Re: localhost name lookup

something prevent you from reaching the DNS server (or network delays) - thus improving uptime. From: bind-users on behalf of Eric Sent: Sunday, January 12, 2025 9:39 PM To: Lee Cc: bind-users@lists.isc.org Subject: Re: localhost name lookup This email

Re: RFC compliance: MUST v SHOULD or MAY

On 13/01/2025 12:44, Lee wrote: As long as I'm asking ignorant questions.. is there some reason why bind (at least as it came configured on my Debian machine) looks up .local names? I added this bit to named.conf to do what seemed reasonable. But again - it seems reasonable _to me_ I dunno if a

Re: localhost name lookup

I did, but my thought would be it's up to the dns admin to define those zone configurations as you have done. I may be wrong though. Jan 12, 2025 6:36:03 PM Lee : > On Sun, Jan 12, 2025 at 5:15 PM Eric wrote: >> >> That is means that the 'domain' is reserved and can be used locally. It >> do

Re: localhost name lookup

On Sun, Jan 12, 2025 at 5:15 PM Eric wrote: > > That is means that the 'domain' is reserved and can be used locally. It > doesn't specify all records in that namespace / domain will resolve to > 127.0.01. > > Think of it like .com > > If you want every A record in *.localhost to resolve to 127.0.

Re: localhost name lookup

That is means that the 'domain' is reserved and can be used locally. It doesn't specify all records in that namespace / domain will resolve to 127.0.01. Think of it like .com If you want every A record in *.localhost to resolve to 127.0.0.1 what you did will do that. Jan 12, 2025 4:38:09 PM Le

RE: Binary zone file and journal compatibility between Bind9 versions

Hello Evan and Petr! Thanks for the details. Klaus > -Original Message- > From: Evan Hunt > Sent: Thursday, January 9, 2025 7:32 PM > To: Klaus Darilion > Cc: Greg Choules via bind-users > Subject: Re: Binary zone file and journal compatibility between Bind9 version

Re: Bind and DHCP

sustain a little downtime. Good luck, RW From: bind-users on behalf of Fred Morris Sent: Wednesday, January 8, 2025 2:11 PM To: Bind-users Subject: Re: Bind and DHCP This email originated from outside of TESLA Do not click links or open attachments unless

Re: Need support setting up bind with dnstap

That's like swimming across the English Channel until you can see the coast of France, then turning around and swimming back because you're tired... On Thu, 9 Jan 2025, S L, Meghana wrote: I tried disabling and stopped systemd resolved. Ok, progress! That means that resolved is / was runnin

Re: Binary zone file and journal compatibility between Bind9 versions

On Thu, Jan 09, 2025 at 11:40:33AM +, Klaus Darilion via bind-users wrote: > For testing I often up- and downgrade Bind versions, ie. Between 9.18, > 9.20 and 9.21. I wonder how stable the binary zone file format and > journal file format is, and if there are changes in the binary format, if >

Re: Binary zone file and journal compatibility between Bind9 versions

On 09. 01. 25 12:40, Klaus Darilion via bind-users wrote: Hello! For testing I often up- and downgrade Bind versions, ie. Between 9.18, 9.20 and 9.21. I wonder how stable the binary zone file format and journal file format is, and if there are changes in the binary format, if Bind would detec

Re: Need support setting up bind with dnstap

t: Thursday, January 9, 2025 5:13:40 AM To: bind-users@lists.isc.org Subject: RE: Need support setting up bind with dnstap [WARNING - Externally Sent Email - Do not click any links or open attachments that are unexpected, even from apparent known senders. Call the sender i

RE: Need support setting up bind with dnstap

"S L, Meghana" : You wrote to me personally, off list. I tried to respond but your domain uses pphosted as an email service provider (ESP), and they in turn utilize proofpoint as a reputation service and proofpoint is nonresponsive to my inquiries.[0] If you want my help please contact me ag

Re: Bind and DHCP

Good operational network design calls for network segmentation; proper segmentation implies the functions of DDI to be technically (as opposed to organizationally) managed by segment. This would include actual recursing resolvers and DHCP services, not forwarders, at the segment edge. A lot of

Re: Bind and DHCP

primary / home system. But in the event of an outage, the service VIP can automatically re-home to the backup system. Thus clients think they can still get to their primary DNS server without any problem / delay. You may want to load balance clients across the two DNS servers. Usually

Re: Bind and DHCP

+1 for Greg's suggestion. You may want those services co-hosted today. But if you want to separate them next year, your life will be easier if they had unique IP addresses from the start. -- Do things because you should, not just because you can. John Thurston907-465-8591 john.thurs...@a

Re: Bind and DHCP

Hi Karol. You can run them both together, if you like. I think it comes down to a personal choice between economics, simplicity, cleanliness of design and performance. If you want your DNS server to handle many 1,000 QPS it might be better dedicating resource to that and put Kea (I assume Kea?) on

Re: Bind and DHCP

On 08.01.25 15:34, Karol Nowicki via bind-users wrote: Does a good practice recommend to split running ISC Bind and DHCP into two different machines or make DNS+DHCP running on same server is allowed ?  you can run both on the same server. If you ran, run them both on multiple machines to ha

RE: Need support setting up bind with dnstap

Your question and problem aren't clearly stated. I think that's because you don't really understand the environment you're working with. I'm guessing you have systemd resolved running; start there. You probably need to turn it off. Then name resolution will be broken until you get it properly

RE: Need support setting up bind with dnstap

Hello, We have setup a bind with dnstap enabled and bind is running on channel 127.0.0.1. We want to write all DNS queries resolved by any name servers to dnstap file. But ,it is writing the query logging to dnstap file which resolving only by 127.0.0.1 and localhost name servers. bind version

Re: where I find the PGP key the bind release is signed with?

On 06. 01. 25 13:18, Waldemar Brodkorb wrote: Hi Bind developers, gpg --verify bind-9.18.32.tar.xz.asc bind-9.18.32.tar.xz gpg: Signature made Mon 09 Dec 2024 02:45:23 PM CET gpg:using RSA key D99CCEAF879747014F038D63182E23579462EFAA gpg: requesting key 182E23579462EFAA from hkp

Re: SVCB/HTTPS vs. getaddrinfo: how to merge?

Please read on for comment in context below, both from my experience as one of the team for the [DEfO][] Project, and from personal reflection based on this experience. On 25 Dec 2024, at 19:10, Jan Schaumann via bind-users wrote: Well, "support" here means different things, though. In my exper

Re: Named-checkzone stops silently

On Sun, Jan 05, 2025 at 08:39:48AM +1100, Mark Andrews wrote: > Well it is waiting for the zone contents on stdin. Try specifying both the > zone name and the file that it should be reading. > -- > Mark Andrews For some reason I thought that would be found via named.conf > > > On 5 Jan 202

Re: Named-checkzone stops silently

On Sat, Jan 04, 2025 at 10:41:38PM +0100, Nico CARTRON wrote: > On 04-Jan-2025 21:21 CET, wrote: > > > nameserver using FreeBSD 12.2 and bind9.18.32. It works to the > > Not answering about the BIND part, but why are you running this on FreeBSD > 12.2, Sorry, typo. It's 14.2 Apologies for th

Re: Named-checkzone stops silently

On 04-Jan-2025 21:21 CET, wrote: > I'm setting up a new, non-recursive, authoritative secondary > nameserver using FreeBSD 12.2 and bind9.18.32. It works to the > extent that runs and answers queries correctly, but attempts to use > > bob@pelorus:/usr/local/etc/namedb/slave % named-checkzone -d

Re: Named-checkzone stops silently

Well it is waiting for the zone contents on stdin. Try specifying both the zone name and the file that it should be reading. -- Mark Andrews > On 5 Jan 2025, at 07:21, f...@www.zefox.net wrote: > > I'm setting up a new, non-recursive, authoritative secondary > nameserver using FreeBSD 12.2

Re: Does an RPZ "A" record prevent a lookup?

Ah, thank you, Bob. That was exactly the pointer that I needed. For future people searching, the specific situation Bob refers to is discussed in the last paragraph of this section here: https://bind9.readthedocs.io/en/v9.20.4/reference.html#namedconf-statement-response-policy, which begins with "N

Re: Does an RPZ "A" record prevent a lookup?

Yes, RPZ looks up first, and only replaces it if the lookup returns a value. There is an option to skip that, but then an attacker can more easily detect that you are using RPZ to block them. Search for descriptions online. -- Bob Harold DNS and DHCP Hostmaster - UMNet Information and Technology

Re: Question about post-quantum X25519Kyber768

Yes , when any changes concerning DS records would drag willing of support by registries, it sounds reasonable that there should be an RFC for it. Thanks, Carlos On 02/01/2025 13:45, Robert Wagner wrote: From my poke a few months back - stuff like PQC and NSA's Commercial Solutions for C

Re: Question about post-quantum X25519Kyber768

>From my poke a few months back - stuff like PQC and NSA's Commercial Solutions >for Classified settings need to go through the RFC process. Since both the DNS >server and DNS client need to be on the same page as to which cipher suites >they agree on. Around 10/16: Robert, if you'd like to p

Re: Docker Compose Setup with ISC/Bind9 Image

This is extremely bad advice. Unless the OP understands what went wrong and how to fix it, advising them to change the image, change the architecture and mash random stuff into docker will only lead to more confusion and more problems in the future.I was using ISC docker images with my students dur

Re: Docker Compose Setup with ISC/Bind9 Image

Try these Background info on my setup - ubuntu 24.04 + https://docs.docker.com/engine/install/ubuntu/ , arm64 (a vm on mac, if it matters). Other distros should work fine too, as long it can run docker compose. - ubuntu/bind9:9.20-24.10_edge docker image . Mainly because internetsystemsconsortium/

Re: Docker Compose Setup with ISC/Bind9 Image

You have the error message. Cut and paste it from the logs and post it here. Saying there is something to do with the user ‘bind’ when you have an actual error message is wasting everyone’s time. -- Mark Andrews > On 30 Dec 2024, at 05:27, Pablo Andalaft Tarodo wrote: > > Hi all, > > > T

Re: Docker Compose Setup with ISC/Bind9 Image

Hi all, Thanks for taking the time. I've been spending many hours on this, to no solution. But, some things that may shine more light: When the container is stuck restarting, the error, aside from exit code 1, is "user 'bind' is not recognised" or something similar, and checking the contain

Re: Docker Compose Setup with ISC/Bind9 Image

Hi Pablo, On 27.12.24 21:17 Pablo wrote: > This is my docker-compose.yml (my start command has to be sudoed for > some reason, Debian 12 machine: sudo docker compose up -d): Guess: Your user is not part of the docker group? Side note: I avoid docker and use (rootless) podman instead, which can

Re: Docker Compose Setup with ISC/Bind9 Image

I agree with the others, does it run standalone without docker complicating things. I suggest running with -g option too to keep it in the foreground and log to your terminal session. Happy hunting, Stace Sent from Gmail Mobile On Sat, 28 Dec 2024 at 12:22, Darren Ankney wrote: > Hi Pablo,

Re: Docker Compose Setup with ISC/Bind9 Image

Hi Pablo, There is an official BIND docker image that might be useful? https://hub.docker.com/r/internetsystemsconsortium/bind9 And yes - I agree with Michael. It is important to check the startup logs for named to see why it wouldn't run. Thank you, Darren Ankney On Fri, Dec 27, 2024 at 9:28

Re: Hyperlocal recursive servers questions

On 12/27/24 15:40, Roberto Braga wrote: For this, I must use 2 servers: I agree that you should use two servers. But I also believe you could do what you're doing with one server, one OS image, and maybe even one instance of BIND. The first, like Recursive DNS itself, is what clients will

Re: Docker Compose Setup with ISC/Bind9 Image

If it doesn't work without docker, then it probably won't work with Docker. Probably all the clue you need is in the log files. Did you read them? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works|IoT arc

Re: Hyperlocal recursive servers questions

Hi Roberto. Instead of defining "." as type "static-stub" you should define it as type "mirror". This shows you how: https://bind9.readthedocs.io/en/v9.18.32/reference.html#namedconf-statement-type%20mirror Cheers, Greg On Fri, 27 Dec 2024 at 21:41, Roberto Braga wrote: > Hello, if you could he

Re: SVCB/HTTPS vs. getaddrinfo: how to merge?

On Thu, Dec 26, 2024 at 04:53:51AM -0500, Darren Ankney wrote: ! Hi, ! ! It seems to me that the HTTPS/SVCB records describe where and how a ! service is available (could be several IPv4 and IPv6 addresses as well ! as several ports). It does nothing to select how a client might ! connect to the

Re: query failed (SERVFAIL) and query failed (failure)

> On 23 Dec 2024, at 13:49, Bob Harold wrote: > > I don't think it is your problem. gandi.net is having > trouble. > https://dnsviz.net/d/mail.gandi.net/dnssec/ > That would explain only gandi.net problems. I get errors all over the place. What I nee

Re: SVCB/HTTPS vs. getaddrinfo: how to merge?

Hi, It seems to me that the HTTPS/SVCB records describe where and how a service is available (could be several IPv4 and IPv6 addresses as well as several ports). It does nothing to select how a client might connect to the service other than by providing a hierarchy of importance for each. I've

Re: cname for apex record

Mark Andrews wrote: > As for browser support Safari added HTTPS record support years ago (~2020). > > Mozilla finally removed the restriction of only looking up HTTPS records via > DoH in release 129.0. > > Chrome added support in 2021. Well, "support" here means different things, though. In

Re: cname for apex record

iginal Message- > From: bind-users On Behalf Of Jan > Schaumann via bind-users > Sent: Tuesday, December 24, 2024 2:25 PM > To: bind-users@lists.isc.org > Subject: Re: cname for apex record > > ATTENTION: This email came from an external source. Do not open attachments

OT: DNS / HTTP server fixes for questionable website construction - Re: cname for apex record

On 12/24/24 09:54, G.W. Haywood wrote: You can do that sort of thing on the fly. I'd probably be thinking along the lines of Apache and mod_rewrite mod_rewrite alters / translates / permutes the request as it comes into Apache to some different path in the back-end. You could also accompli

RE: cname for apex record

via bind-users Sent: Tuesday, December 24, 2024 2:25 PM To: bind-users@lists.isc.org Subject: Re: cname for apex record ATTENTION: This email came from an external source. Do not open attachments or click on links from unknown senders or unexpected emails. "Cuttler, Brian R (HEALTH) via

Re: cname for apex record

"Cuttler, Brian R (HEALTH) via bind-users" wrote: > However, I've been asked if we can point the apex record at the external > webserver. I'm not quite sure if this covers what you're trying to accomplish, but if you're talking about an HTTP / browser context, you can take a look at setting an

RE: cname for apex record

Hello again, On Tue, 24 Dec 2024, Cuttler, Brian R (HEALTH) wrote: ... web developer wants to tell me they don't have any html ... Er, right. :) I'll look at those links, are you saying that they re-write them between the server reading the page source and sending the page/with

RE: cname for apex record

I talked about html anchors, but web developer wants to tell me they don't have any html because they use Drupal. I looked at some page source and sure enough its html under the hood. I'll look at those links, are you saying that they re-write them between the server reading the page

RE: cname for apex record

Hello again, On Tue, 24 Dec 2024, Cuttler, Brian R (HEALTH) wrote: ... I think its to avoid re-writing the links in the web pages ... You can do that sort of thing on the fly. I'd probably be thinking along the lines of Apache and mod_rewrite (and showing my age:) https://httpd.apach

Re: cname for apex record

in house because web devs will cry and be sad. Just sayin ... John Sent from Nine<http://www.9folders.com/> From: "Cuttler, Brian R (HEALTH) via bind-users" Sent: Tuesday, December 24, 2024 9:23 AM To: Greg Choules Cc: bind-users Subject: RE: cname f

Re: cname for apex record

On Tue, Dec 24, 2024 at 03:22:44PM +, 11;rgb://Cuttler, Brian R (HEALTH) via bind-users wrote a message of 593 lines which said: > Stefane - thank you for your input as well, I'll recheck my > delegation and see where we've lost proper delegation. I used check-soa and a bit of

Re: cname for apex record

On Tue, Dec 24, 2024 at 03:27:06PM +, Cuttler, Brian R (HEALTH) via bind-users wrote a message of 646 lines which said: > Apologies, meant to write Stephane and not Stefane. No problem, US-based people often miswrite it Stephanie :-) -- Visit https://lists.isc.org/mailman/listinfo/bind-

RE: cname for apex record

Apologies, meant to write Stephane and not Stefane. From: bind-users On Behalf Of Cuttler, Brian R (HEALTH) via bind-users Sent: Tuesday, December 24, 2024 10:23 AM To: Greg Choules Cc: bind-users Subject: RE: cname for apex record ATTENTION: This email came from an external source. Do not

RE: cname for apex record

Greg, I need to sit with the web developer and hash it out, I think its to avoid re-writing the links in the web pages that use the domain name rather than the fully qualified name. ie Wadsworth.org in anchors rather than www.wadsworth.org. I see an alternate fix for this if that is the case

Re: cname for apex record

Because the world we live in today it has become too hard or uncool for people type "www". Then to make matters worse most enterprise environments with an external Internet facing need to sit behind some type of CDN like Cloudfront, Akamai, ect *just* to blunt the nonstop DoS traffic. John Se

Re: cname for apex record

Hi there, On Tue, 24 Dec 2024, Cuttler, Brian R (HEALTH) wrote: ... We are running bind 9.14.28 ... Just to point out that if this version number is correct, it's more than four years past its EOL. https://kb.isc.org/docs/bind-9-end-of-life-dates -- 73, Ged. -- Visit https://lists.isc.org

Re: cname for apex record

Short answer: no Longer answer: set the apex to an IP address of a external facing webserver that you control so it can to do an HTTP 302 redirection to your cloudfront name. John Sent from Nine From: "Cuttler, Brian R (HEALTH) via bin

Re: cname for apex record

Hi Brian. You can't redirect your entire zone from inside the zone itself. CNAME absolutely will not do it, by design (also DNAME). The reason is, the way that DNS works. wadsworth.org has been delegated to a bunch of DNS servers (see below), which are presumably run by you and associated entities

Re: cname for apex record

On Tue, Dec 24, 2024 at 02:38:51PM +, Cuttler, Brian R (HEALTH) via bind-users wrote a message of 163 lines which said: > The cname we create for our webserver > www.wadsworth.org is working well. > However, I've been asked if we can point the apex record at the >

Re: query failed (SERVFAIL) and query failed (failure)

I don't think it is your problem. gandi.net is having trouble. https://dnsviz.net/d/mail.gandi.net/dnssec/ -- Bob Harold On Fri, Dec 13, 2024 at 7:24 AM Barry Scott wrote: > I have been using named-chroot on Fedora 40 for a long time without issue > on version bind-9.18.28-2.fc40.x86_64. >

Re: query failed (SERVFAIL) and query failed (failure)

On 12/13/2024 7:24 AM, Barry Scott wrote: This version is reporting errors like these: client @0x7fb312835168 172.17.1.173#62806 (bolt.dropbox.com): query failed (failure) for bolt.dropbox.com/IN/A at ../../../lib/ns/query.c:7837 client @0x7fb30fa4d168 172.17.1.200#56216 (mail.gandi.net): query

Re: `dig -x ...` and RFC 2317 Classless IN-ADDR.ARPA Delegation

On Thu, Dec 19, 2024 at 1:25 PM Grant Taylor via bind-users < bind-users@lists.isc.org> wrote: > Hi, > > I'd appreciate some help in getting just the PTR record from the > following dig command: > > dig +short -x 192.0.2.1 > > With the following germane content from the respective zones: >

Re: BIND 9.20.4 exiting

Hello, Please note that ISC has published an operation notification regarding this report: https://kb.isc.org/docs/operational-notification-bind-920-defect-in-qpzone-implementation with further instructions (in case anyone missed the recent announcement in the bind-announce mailing list). ​

RE: forwarding non-domain queries

Greg, From: Greg Choules Sent: Wednesday, December 18, 2024 5:04 PM To: Cuttler, Brian R (HEALTH) Cc: bind-users Subject: Re: forwarding non-domain queries ATTENTION: This email came from an external source. Do not open attachments or click on links from unknown senders or unexpected emails

Re: forwarding non-domain queries

ouldn't get address for 'd.edu-servers.net': failure > > couldn't get address for 'e.edu-servers.net': failure > > couldn't get address for 'f.edu-servers.net': failure > > couldn't get address for 'g.edu-servers.net': failure

RE: forwarding non-domain queries

rs.net': failure couldn't get address for 'l.edu-servers.net': failure couldn't get address for 'm.edu-servers.net': failure dig: couldn't get address for 'a.edu-servers.net': no more From: Cuttler, Brian R (HEALTH) Sent: Tuesday, December 10, 2024

Re: BIND 9.20.4 exiting

not time yet to fill a bug report and provide details Regards Klaus -- Klaus Darilion, Head of Operations nic.at GmbH, Jakob-Haringer-Straße 8/V 5020 Salzburg, Austria *From:*Guillaume Bibaut *Sent:* Wednesday, December 18, 2024 3:34 PM *To:* Ondřej Surý *Cc:* Klaus Darilion ; bind-users@l

RE: BIND 9.20.4 exiting

Cc: Klaus Darilion ; bind-users@lists.isc.org Subject: Re: BIND 9.20.4 exiting Issue has been created on gitlab. It is marked as confidential, and its title is "BIND 9.20.4 exiting". Everything is detailed there. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs

Re: BIND 9.20.4 exiting

Issue has been created on gitlab. It is marked as confidential, and its title is "BIND 9.20.4 exiting". Everything is detailed there. On Wed, Dec 18, 2024 at 2:51 PM Ondřej Surý wrote: > Hi Guillaume, > > thanks for reading the instructions. I’m afraid you’ve hit a bug and > filling an issue wo

Re: BIND 9.20.4 exiting

Hi Guillaume,thanks for reading the instructions. I’m afraid you’ve hit a bug and filling an issue would be appropriate in this case.I also think that Klaus (in Cc) seen similar crash.We would appreciate if you can provide coredump and binaries with debug symbols.Ondrej--Ondřej Surý — ISC (He/Him)M

Re: shut down hung fetch while resolving 'aro.army.mil.edgekey.dmz.akamai.csd.disa.mil/A'

This is the problem: https://lists.isc.org/mailman/htdig/bind-users/2024-April/108469.html Not a new problem. https://lists.isc.org/mailman/htdig/bind-users/2018-May/100229.html On Tue, Dec 17, 2024 at 12:19 PM Ondřej Surý wrote: > Crosscheck this with DNSSEC Debugger from Verisign: > > dnss

Re: shut down hung fetch while resolving 'aro.army.mil.edgekey.dmz.akamai.csd.disa.mil/A'

Crosscheck this with DNSSEC Debugger from Verisign: https://dnssec-analyzer.verisignlabs.com/extranet.aro.army.mil  No DS records found for akamai.csd.disa.mil in the csd.disa.mil zone  All Queries to dns3.akamai.csd.disa.mil for akamai.csd.disa.mil/DNSKEY timed out or failed 

Re: shut down hung fetch while resolving 'aro.army.mil.edgekey.dmz.akamai.csd.disa.mil/A'

disa.mil servers are timing out on me over IPv6: $ dig IN NS gcds.disa.mil. @DNS1.DISA.MIL. ;; communications error to 2608:125:0:1811:1001:9012:f00:20#53: timed out ;; communications error to 2608:125:0:1811:1001:9012:f00:20#53: timed out ;; communications error to 2608:125:0:1811:1001:9012:f00:2

Re: Problem resolving a domainkey TXT record

Hi Danilo, it is not a problem on your end, Their servers break the DNS protocol and don't respond to unknown names: $ dig +tries=1 -4 IN NS @nstll.eulisa.europa.eu ${RANDOM}.eulisa.europa.eu ;; communications error to 194.126.110.49#53: timed out ; <<>> DiG 9.21.3-1+0~20241211.133+debian12~1.

Re: New BIND releases are available: 9.18.32, 9.20.4, 9.21.3

Hi, it's in the following directory on the link you sent: 08383792-isc-bind-bind/ 2024-Dec-12 11:59:56-- Directory More precisely: https://download.copr.fedorainfracloud.org/results/isc/bind/epel-9-x86_64/08383792-isc-bind-bind/. Let us know if "dnf update --refresh" does not work fo

Re: New BIND releases are available: 9.18.32, 9.20.4, 9.21.3

Hello, Thanks for the new release. It's just me that cannot find the new release in the repo: https://download.copr.fedorainfracloud.org/results/isc/bind/epel-9-x86_64/? From: bind-announce on behalf of Victoria Risk Sent: 11 December 2024 17:01 To: bind-annou.

Re: ask about bind9 logging function: How can I log the service port number (eg. 53, 443, 853) in my log of `queries` category

> On 26 Nov 2024, at 14:36, Petr Špaček wrote: > > On 26. 11. 24 10:08, n/a via bind-users wrote: >> I am a new user in bind9. >> I have setup my DNS server with port 53, port 443 (DoH), and port 853 (DoT). >> And now, in my logging file of `queries` category, one query example shows >> as be

Re: Undelegating a Signed Subdomain

1. I assume example.com is signed. 2. I don't understand why you can't just remove the NS records and fold the foo.bar.example.com data in. 3. After some interval of TTL, you can delete the DS records. If bar.example.com is served by the same server (I assume not: because if it was, why would

  1   2   3   4   5   6   7   8   9   10   >