Re: Is it possible to move a zone between catalogs on the same secondary? It is.

> Wondering out loud: > Maybe it should skip loading that particular member zone if the "coo" > proproperty already points to different catalog? Would that be more > resilient against race conditions when named is restarted? That's an interesting suggestion, and I agree that it can solve the ra

Re: Is it possible to move a zone between catalogs on the same secondary? It is.

On 30. 04. 23 13:04, Aram Sargsyan wrote: Hello, Jan-Piet, > however, when I stop and restart the consumer server, I have sometimes (not always) seen > > catz: catz_addmodzone_cb: zone 'z10.aa' will not be added because another catalog zone already contains an entry with that zone > >whi

Re: Is it possible to move a zone between catalogs on the same secondary? It is.

Hello, Jan-Piet,   > however, when I stop and restart the consumer server, I have sometimes (not > always) seen >  > catz: catz_addmodzone_cb: zone 'z10.aa' will not be added because another > catalog zone already contains an entry with that zone > >which is true, but it doesn't _seem_ to ca

Re: Is it possible to move a zone between catalogs on the same secondary? It is.

And yes, you can automate this with nsupdate to old and new catalog, Brilliant, Petr, thank you. I saw some of the loviest log messages this week during coo from k-catz to t-catz: zone t-catz/IN: transferred serial 10: TSIG 't' catz: t-catz: reload start catz: updating

Re: Is it possible to upgrade bind from 9.11 to 9.18 directly?

Hi, a partial response: > If it's possible, can anyone confirm zone transfers from master > to slave would still work even if the servers ran different > major versions? Yes, "of course", because the details of that transfer is specified by the DNS protocol standards. Regards, - Håvard -- Vis

Re: Is it possible to upgrade bind from 9.11 to 9.18 directly?

Hi, thank you Ondřej and Stacy, we'll start testing next week. Kind regards, David Bruha Dne pátek 21. dubna 2023 10:03:26 CEST, Ondřej Surý napsal(a): > Hi, > > I can confirm that it’s ok to skip 9.16 and go straight to 9.18. There’s no > need for the intermediate step. As usual, it’s recommen

Re: Is it possible to upgrade bind from 9.11 to 9.18 directly?

Hi, I can confirm that it’s ok to skip 9.16 and go straight to 9.18. There’s no need for the intermediate step. As usual, it’s recommended to do a test migration first if you want to be extra careful. Ondrej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different

Re: Is it possible to upgrade bind from 9.11 to 9.18 directly?

If it helps, my assessment was that one could skip 9.16 too. I recognise that this is thanks to the hard effort that ISC work to provide backward compatibility, and not by some accident. On Solaris 11.4 current shipping versions of BIND are $ pkg list -fa service/network/dns/bind NAME (PUBLIS

Re: Is it possible to move a zone between catalogs on the same secondary?

On 19. 04. 23 19:23, Jan-Piet Mens wrote: Any ideas? is this the point at which I confess I've only now read about Change of Ownership (coo) [1]? Indeed. Chapter https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-dns-catalog-zones#name-change-of-ownership-coo-pro has an example how the pr

Re: Is it possible to move a zone between catalogs on the same secondary?

Any ideas? is this the point at which I confess I've only now read about Change of Ownership (coo) [1]? -JP [1] https://bind9.readthedocs.io/en/latest/chapter6.html#change-of-ownership-coo -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC fu

Re: Is it possible to use nsupdate with EDNS0?

On 2019-01-17 08:03, Fumiya Obatake wrote: Thank you for your reply. Since it seems very difficult to realize, I will consider other solutions. The obvious solution would be to use TCP. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-user

Re: Is it possible to use nsupdate with EDNS0?

Thank you for your reply. Since it seems very difficult to realize, I will consider other solutions. Sincerely, ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.is

Re: Is it possible to use nsupdate with EDNS0?

> On 17 Jan 2019, at 6:56 am, Mark Andrews wrote: > > While legal it is most definitely not a good idea. You first have to probe to > find out the EDNS buffer size. Then you may also need to deal with PMTUD > issues. The you need to deal with broken middle boxes and fragmentation. > Dealin

Re: Is it possible to use nsupdate with EDNS0?

While legal it is most definitely not a good idea. You first have to probe to find out the EDNS buffer size. Then you may also need to deal with PMTUD issues. The you need to deal with broken middle boxes and fragmentation. Dealing with all of this is done at the application level. Add to that

Re: [BIND] Re: Is it possible to...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2018-08-10 at 09:47 +1000, Mark Andrews wrote: > > On 10 Aug 2018, at 5:46 am, Jim Popovitch via bind-users > s...@lists.isc.org> wrote: > > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA512 > > > > Is it possible to... > > > > 1) u

Re: Is it possible to...

> On 10 Aug 2018, at 5:46 am, Jim Popovitch via bind-users > wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Is it possible to... > > 1) use text only zone files, and > > 2) keep serials identical between those zone files and what is > published in DNS, and That’s not even

Re: Is it possible to filter (*.)wpad.* with RPZ?

On 11/30/2017 12:04 AM, Daniel Stirnimann wrote: I doubt you can use RPZ for that. The testing that I did made me think that RPZ wouldn't be able to do it. I wonder if Response Policy Service (DNSRPS) can do it. We use https://dnsdist.org/ for that, our rule: -- WPAD Name Collission Vulnera

Re: Is it possible to filter (*.)wpad.* with RPZ?

I doubt you can use RPZ for that. We use https://dnsdist.org/ for that, our rule: -- WPAD Name Collission Vulnerability -- US-CERT TA16-144A. Redirect to landing page addAction(RegexRule("^wpad\\."),SpoofAction("192.168.1.2", "2001:DB8::2")) Daniel On 29.11.17 19:12, Grant Taylor via bind-users

Re: Is it possible to have separate query logs for different views?

On Tue, Mar 10, 2015 at 02:05:50PM -0400, Bob Harold wrote: > Note that named includes the name of the view in the query log lines, so > you could copy them from the query log to separate files, even in real > time, if desired. > > tail -f named-queries | awk '/ view inside / {print $0 > > named-q

Re: Is it possible to have separate query logs for different views?

Note that named includes the name of the view in the query log lines, so you could copy them from the query log to separate files, even in real time, if desired. tail -f named-queries | awk '/ view inside / {print $0 > named-queries-inside; next} / view outside / {print $0 > named-queries-outside;

Re: Is it possible to have separate query logs for different views?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 3/9/15 3:04 AM, Peter Olsson wrote: > Hello! > > Is it possible to have separate query logs for different views? > > I tried putting this in the view block, but it failed with "unknown > option 'logging'": > > logging { channel logging_query {

RE: Is it possible to block resolution of a malware address?

We typically override malware-ish domains's by creating a zone on our caching servers for them and create a wildcard similar to: * IN A 127.0.0.1 That way, when clients try to resolve xyz.com, our caching/resolvers return 127.0.0.1, not the real IP address. Josh -Original M

Re: Is it possible to block resolution of a malware address?

> That is, if we know that a symbolic address is malign, is there some way > to > refuse to resolve it or change its resolution when an internal users asks > for > its resolution? Two different ways of doing this: - configure your BIND to believe it's authoritative for the address(es) in question

Re: Is it Possible to Log nxdomain Responses?

On 17/11/2010 15:23, Stephane Bortzmeyer wrote: > On Wed, Nov 17, 2010 at 07:48:55AM -0600, > Martin McCormick wrote > a message of 22 lines which said: > >> It would be nice to log each nxdomain for a while so we can verify >> that the new deligated zone we are about to install fixed the >>

Re: Is it Possible to Log nxdomain Responses?

On Wed, Nov 17, 2010 at 07:48:55AM -0600, Martin McCormick wrote a message of 22 lines which said: > It would be nice to log each nxdomain for a while so we can verify > that the new deligated zone we are about to install fixed the > problem. May be with dnscap

Re: Is it Possible to Log nxdomain Responses?

On 17/11/10 13:48, Martin McCormick wrote: We are chasing down some problems in which clients are trying to resolve lookups to a domain related to Microsoft Active Directory zones. We were able to determine that clients were querying this AD zone when it was thought they weren't needing to do so.

RE: is it possible to dynamically update an RRSIG record?

>Jack Tavares wrote: >> Looking at the code for libbind, specifically >> res_nmkupdate, >> there is no case statement for RRSIG records. >> >> In this case, I was trying to update the TTL. >> Is that not allowed intentionally? > >I think so. The TTL of a RRSIG RR *MUST* match the TTL value of th

Re: is it possible to dynamically update an RRSIG record?

Jack Tavares wrote: > Looking at the code for libbind, specifically > res_nmkupdate, > there is no case statement for RRSIG records. > > In this case, I was trying to update the TTL. > Is that not allowed intentionally? I think so. The TTL of a RRSIG RR *MUST* match the TTL value of the RRset i

Re: Is it possible to set a ddns hostname to access a name-based virtual host?

In article , hongyi.z...@gmail.com wrote: > On Friday, February 20, 2009 at 22:15, serge.fonvi...@gmail.com wrote: > > Let me give an example to illustrate my problem: > > > In the following url, the prola.aps.org is a name-based virtual host: > > > http://prola.aps.org/pdf/PRB/v1/i1/p1_1 > >

Re: Is it possible to set a ddns hostname to access a name-based virtual host?

When using apache (you haven't told what web server you are using) you can define a virtual host which has a server name hongyi_zhao.changeip.net and a serveralias of some_domain. then apache will respond to urls which have either in the host header with the defined virtual host. This assumes that

Re: Is it possible to set a ddns hostname to access a name-based virtual host?

Hongyi Zhao wrote: Hi all, Suppose a file named file.pdf stored in the following web location: http://some_domain/path/to/file.pdf Where, the *some_domain* is a name-based virtual host. In this case, is it possible to set a ddns hostname, say through http://www.changeip.net/, without usin

Re: Is it possible to set a ddns hostname to access a name-based virtual host?

In article , hongyi.z...@gmail.com wrote: > On Friday, February 20, 2009 at 19:51, serge.fonvi...@gmail.com wrote: > > Hi, > > > Is it possible to set a ddns hostname, say through > > http://www.changeip.net/ , without using *some_domain* itself, to > > access this file? > > > Not entirely sur

Re: Is it possible to set a ddns hostname to access a name-based virtual host?

Hi, > Is it possible to set a ddns hostname, say through > http://www.changeip.net/ , without using *some_domain* itself, to > access this file? > Not entirely sure what you are actually trying to achieve. Could you provide a concrete example of the situations you are

Re: Is it possible to use one KSK for multiple domains?

In message <[EMAIL PROTECTED]>, Chris Tho mpson writes: > On Nov 20 2008, Stephane Bortzmeyer wrote: > > >On Thu, Nov 20, 2008 at 11:55:17AM +, > > Chris Thompson <[EMAIL PROTECTED]> wrote > > a message of 33 lines which said: > > > >>> The text you quote is for DNS publication. But you typi

Re: Is it possible to use one KSK for multiple domains?

On Nov 20 2008, Stephane Bortzmeyer wrote: On Thu, Nov 20, 2008 at 11:55:17AM +, Chris Thompson <[EMAIL PROTECTED]> wrote a message of 33 lines which said: The text you quote is for DNS publication. But you typically do not put KSK in the DNS, no? Sure you do. How could a validator use

Re: Is it possible to use one KSK for multiple domains?

On Thu, 2008-11-20 at 14:15 +0100, Adam Tkac wrote: > It isn't possible to validate myzone1.tld. with key from other zone, > for example myzone2.tld., is it? No, but Chris explained better than I did what I had in mind. On Thu, 2008-11-20 at 11:43 +, Chris Thompson wrote: > the DNSKEY

Re: Is it possible to use one KSK for multiple domains?

On Thu, Nov 20, 2008 at 11:55:17AM +, Chris Thompson <[EMAIL PROTECTED]> wrote a message of 33 lines which said: >> The text you quote is for DNS publication. But you typically do not >> put KSK in the DNS, no? > > Sure you do. How could a validator use it if you didn't? Because it is pub

Re: Is it possible to use one KSK for multiple domains?

On Thu, Nov 20, 2008 at 09:18:01AM +, Niall O'Reilly wrote: > On Wed, 2008-11-19 at 21:55 +0100, Adam Tkac wrote: > > does anyone know if is it possible to sign multiple domains with one > > KSK? > > Adam, > > I suspect your question may need to be more specific. Right you are.

Re: Is it possible to use one KSK for multiple domains?

On Nov 20 2008, Stephane Bortzmeyer wrote: [...snipped...] [Warning: still struggling with the subtleties of KSK/ZSK.] The text you quote is for DNS publication. But you typically do not put KSK in the DNS, no? Sure you do. How could a validator use it if you didn't? Perhaps you meant: you wo

Re: Is it possible to use one KSK for multiple domains?

On Nov 19 2008, Adam Tkac wrote: does anyone know if is it possible to sign multiple domains with one KSK? If I understand correctly what RFC 4034, section 2.1.1 says "... If bit 7 has value 1, then the DNSKEY record holds a DNS zone key, and the DNSKEY RR's owner name MUST be the name of a zon

Re: Is it possible to use one KSK for multiple domains?

On Wed, 2008-11-19 at 21:55 +0100, Adam Tkac wrote: > does anyone know if is it possible to sign multiple domains with one > KSK? Adam, I suspect your question may need to be more specific. Are you asking about the signing process itself, or rather about how cert

Re: Is it possible to use one KSK for multiple domains?

On Wed, Nov 19, 2008 at 09:55:52PM +0100, Adam Tkac <[EMAIL PROTECTED]> wrote a message of 17 lines which said: > If I understand correctly what RFC 4034, section 2.1.1 says "... If > bit 7 has value 1, then the DNSKEY record holds a DNS zone key, and > the DNSKEY RR's owner name MUST be the na