Re: bind sends back server failure when local cache expired ( glue record)

Hello Panagiotis Thank you for your reply and I apologize for my late response. I was away on vacation. I was just wondering why the resolver reacts immediately with a server failure and then continues the recursive resolution in the background. In the meantime, the client has received an error

Re: BIND 9.11.4-P1 unexpected process exit

Hi! The version seems like RHEL 7 or something based on that code. That is quite old, but if you have it supported, please report that issue to whatever entity you have obtained it from. They may still support it, but ISC does not support that version for years. Ideally with some coredump fi

Re: BIND 9.11.4-P1 unexpected process exit

Hi Mark, Thank you for the knowledge sharing. Regards DT. On Thu, Apr 10, 2025 at 3:39 PM Mark Andrews wrote: > > https://gitlab.isc.org/isc-projects/bind9/-/issues/942 > > Or CVE-2019-6471 > > Mark > > > On 10 Apr 2025, at 02:14, Duleep Thilakarathne > wrote: > > > > Dear Mark, > > > > Thank

Re: BIND 9.11.4-P1 unexpected process exit

https://gitlab.isc.org/isc-projects/bind9/-/issues/942 Or CVE-2019-6471 Mark > On 10 Apr 2025, at 02:14, Duleep Thilakarathne wrote: > > Dear Mark, > > Thank you for the update . I will arrange to update Bind to latest version . > For my understanding, is their any reference thread to refe

Re: BIND 9.11.4-P1 unexpected process exit

Dear Mark, Thank you for the update . I will arrange to update Bind to latest version . For my understanding, is their any reference thread to refer historical incident . I didnt experience this issue since last friday . Regards Duleep. On Thu, Apr 10, 2025 at 12:02 PM Mark Andrews wrote: > T

Re: BIND 9.11.4-P1 unexpected process exit

This was fixed roughly 6 years ago in a later version of BIND 9.11 which has since been EoL’d. Upgrade to a supported version. > On 9 Apr 2025, at 23:22, Duleep Thilakarathne wrote: > > Hi, > > Bind service unexpectedly exited a few days back with the following error: > Could someone possibly

Re: Bind internal name space geo-proximity

Hi Karol. The DNS model is that if a zone contains multiple records of the same type with the same owner name - e.g. google.com/NS - then all answers are returned in a response to a query: this is known as an RRSET. In the case of NS records, all RRSETs from anywhere must

Re: BIND 9.20.6: spurious recursive lookup failures after longish uptime

> From: "Havard Eidnes via bind-users" > Sent: Thursday, March 13, 2025 7:21:32 AM > The reason is that the "how to reproduce the problem" bit is > quite fuzzy. Yeah. :-( In general, without logs or similar, it is impossible to diagnose this sort of problem by DNS results alone. Unless zon

Re: BIND 9.20.6: spurious recursive lookup failures after longish uptime

On 3/13/25 12:21, Havard Eidnes via bind-users wrote: I wondered a while whether this would be more appropriate to post here or as an issue in ISC's gitlab, but came to the conclusion that for now the best place would be here. The reason is that the "how to reproduce the problem" bit is quite fu

Re: bind crashes with assertion, maybe due to many ephemeral network devices?

> bind crashes with assertion, maybe due to many ephemeral network devices? Looking at the symptoms and your description, I actually think this is a problem of interfaces appearing during the network interface scan and then disappearing before named can process them. I would suggest to disable th

Re: bind crashes with assertion, maybe due to many ephemeral network devices?

Hi Ondrej, thanks for the fast answer :) On Mon, 10 Mar 2025, Ondřej Surý wrote: bind crashes with assertion, maybe due to many ephemeral network devices? Looking at the symptoms and your description, I actually think this is a problem of interfaces appearing during the network interface sc

Re: [bind-9.18.26] named crash with assertion failure

Sure, here is 9.18.26 with all the required patches: https://ftp.isc.org/isc/bind9/9.18.34/bind-9.18.34.tar.xz Ondrej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 28. 2. 202

Re: [bind-9.18.26] named crash with assertion failure

Hi Ondrej, Thank you for your prompt response. We recently upgraded to this version as it was marked as stable. It may take some time to upgrade to the latest version of bind-9.18. Meanwhile i was wondering if i can patch the fix (if available) to our current version or any workaround available

Re: [bind-9.18.26] named crash with assertion failure

Start with upgrading to the latest 9.18. You are 8 versions behind, and yes, bugs get fixed. Ondrej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 27. 2. 2025, at 23:12, avije

Re: BIND DNS Server on Windows

On Tuesday, February 11, 2025 3:10:14 PM CET Turritopsis Dohrnii Teo En Ming wrote: > I had considered getting Raspberry Pi before. But the problem is that the > device supports only 1 network card. > > Regards, > > Mr. Turritopsis Dohrnii Teo En Ming > Targeted Individuals in Singapore There

Re: BIND DNS Server on Windows

On Tuesday, February 11th, 2025 at 9:52 PM, Michael De Roover wrote: > On Monday, February 10, 2025 4:31:46 PM CET Ondřej Surý wrote: > >> I am pretty much confused, unless you are using this setup for educational > >> purposes, it makes little sense. > >> > >> Setup like this is similar to onio

Re: BIND DNS Server on Windows

On Monday, February 10th, 2025 at 11:31 PM, Ondřej Surý wrote: > I am pretty much confused, unless you are using this setup for educational > purposes, it makes little sense. > > Setup like this is similar to onion - it has layers and it makes you cry, you > can add docker for extra pain or ku

Re: BIND DNS Server on Windows

On Monday, February 10th, 2025 at 11:16 PM, Michael De Roover wrote: > On Monday, 10 February 2025 15:12:05 CET Turritopsis Dohrnii Teo En Ming > wrote: > > > It appears to be too difficult for me to understand. > > > Not gonna lie, Hyper-V is anything but easy to work with, at least initiall

Re: BIND DNS Server on Windows

On Monday, February 10, 2025 4:31:46 PM CET Ondřej Surý wrote: > I am pretty much confused, unless you are using this setup for educational > purposes, it makes little sense. > > Setup like this is similar to onion - it has layers and it makes you cry, > you can add docker for extra pain or kubern

Re: BIND DNS Server on Windows

I am pretty much confused, unless you are using this setup for educational purposes, it makes little sense. Setup like this is similar to onion - it has layers and it makes you cry, you can add docker for extra pain or kubernetes for permanent blindness. It is going to be much easier to get $5/

Re: BIND DNS Server on Windows

On Monday, 10 February 2025 15:12:05 CET Turritopsis Dohrnii Teo En Ming wrote: > It appears to be too difficult for me to understand. Not gonna lie, Hyper-V is anything but easy to work with, at least initially. It was in response to this thread that I realized that I don't even remember and n

Re: BIND DNS Server on Windows

On Sunday, February 9th, 2025 at 9:55 PM, Michael De Roover wrote: > On Sunday, February 9, 2025 12:07:48 PM CET Richard T.A. Neal wrote: > > > That's my site! 😊 > > > That is incredible! > > > One major drawback with WSL is that there doesn't seem to be a way to assign > > it a static IP -

Re: BIND DNS Server on Windows

On Sunday, February 9th, 2025 at 6:55 PM, Marco Moock wrote: > Am 09.02.2025 um 10:51:35 Uhr schrieb Turritopsis Dohrnii Teo En Ming > via bind-users: > > > Can I install WinBIND on Windows 10 and Windows 11? The following > > guide mentioned installation of WinBIND on Windows Server only. > >

RE: BIND DNS Server on Windows

On Sunday, February 9th, 2025 at 7:07 PM, Richard T.A. Neal wrote: > That's my site! 😊 > > Whilst functional please bear in mind that BIND is no longer developed or > supported on Windows so I really don’t recommend doing so. You should install > it on a Linux system as intended, or alternati

Re: BIND DNS Server on Windows

On Sunday, February 9, 2025 12:07:48 PM CET Richard T.A. Neal wrote: > That's my site! 😊 That is incredible! > One major drawback with WSL is that there doesn't seem to be a way to assign > it a static IP - i.e. your WSL BIND server will change IP address every > time (it's a private routed addr

RE: BIND DNS Server on Windows

That's my site! 😊 Whilst functional please bear in mind that BIND is no longer developed or supported on Windows so I really don’t recommend doing so. You should install it on a Linux system as intended, or alternatively in WSL (Windows SubSystem for Linux). One major drawback with WSL is that

Re: BIND DNS Server on Windows

Am 09.02.2025 um 10:51:35 Uhr schrieb Turritopsis Dohrnii Teo En Ming via bind-users: > Can I install WinBIND on Windows 10 and Windows 11? The following > guide mentioned installation of WinBIND on Windows Server only. Should work, give it a try. -- Gruß Marco -- Visit https://lists.isc.org/m

Re: BIND 9.20.5 EDE 22

Thank you ! I saw it, but wrongly supposed it was merged before the release. Emmanuel. Le 06/02/2025 à 13:28, Matthijs Mekking a écrit : Hi Emmanuel, Please see https://gitlab.isc.org/isc-projects/bind9/-/issues/5137 - Matthijs On 06-02-2025 10:45, Emmanuel Fusté wrote: Hello, BIND 9.20.5

Re: BIND 9.20.5 EDE 22

You need to check the linked MRs, the original was indeed introduced in 9.20.5, but there's a fix: https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9985 And that hasn't been released yet. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be dif

Re: BIND 9.20.5 EDE 22

Hi Emmanuel, Please see https://gitlab.isc.org/isc-projects/bind9/-/issues/5137 - Matthijs On 06-02-2025 10:45, Emmanuel Fusté wrote: Hello, BIND 9.20.5 is supposed to implement EDE 22 reporting (No reachable authority) Ubuntu 22.04 / ISC BIND packages I have a domain for which the two DNS

Re: Bind and DHCP

sustain a little downtime. Good luck, RW From: bind-users on behalf of Fred Morris Sent: Wednesday, January 8, 2025 2:11 PM To: Bind-users Subject: Re: Bind and DHCP This email originated from outside of TESLA Do not click links or open attachments unless

Re: Bind and DHCP

Good operational network design calls for network segmentation; proper segmentation implies the functions of DDI to be technically (as opposed to organizationally) managed by segment. This would include actual recursing resolvers and DHCP services, not forwarders, at the segment edge. A lot of

Re: Bind and DHCP

On 1/8/25 10:14 AM, John Thurston wrote: You may want those services co-hosted today. But if you want to separate them next year, your life will be easier if they had unique IP addresses from the start. I agree that different IPs for each service is more flexible. Though I've never found it d

Re: Bind and DHCP

+1 for Greg's suggestion. You may want those services co-hosted today. But if you want to separate them next year, your life will be easier if they had unique IP addresses from the start. -- Do things because you should, not just because you can. John Thurston907-465-8591 john.thurs...@a

Re: Bind and DHCP

Hi Karol. You can run them both together, if you like. I think it comes down to a personal choice between economics, simplicity, cleanliness of design and performance. If you want your DNS server to handle many 1,000 QPS it might be better dedicating resource to that and put Kea (I assume Kea?) on

Re: Bind and DHCP

On 08.01.25 15:34, Karol Nowicki via bind-users wrote: Does a good practice recommend to split running ISC Bind and DHCP into two different machines or make DNS+DHCP running on same server is allowed ?  you can run both on the same server. If you ran, run them both on multiple machines to ha

Re: BIND 9.20.4 exiting

Hello, Please note that ISC has published an operation notification regarding this report: https://kb.isc.org/docs/operational-notification-bind-920-defect-in-qpzone-implementation with further instructions (in case anyone missed the recent announcement in the bind-announce mailing list). ​

Re: BIND 9.20.4 exiting

not time yet to fill a bug report and provide details Regards Klaus -- Klaus Darilion, Head of Operations nic.at GmbH, Jakob-Haringer-Straße 8/V 5020 Salzburg, Austria *From:*Guillaume Bibaut *Sent:* Wednesday, December 18, 2024 3:34 PM *To:* Ondřej Surý *Cc:* Klaus Darilion ; bind-users@l

RE: BIND 9.20.4 exiting

Cc: Klaus Darilion ; bind-users@lists.isc.org Subject: Re: BIND 9.20.4 exiting Issue has been created on gitlab. It is marked as confidential, and its title is "BIND 9.20.4 exiting". Everything is detailed there. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs

Re: BIND 9.20.4 exiting

Issue has been created on gitlab. It is marked as confidential, and its title is "BIND 9.20.4 exiting". Everything is detailed there. On Wed, Dec 18, 2024 at 2:51 PM Ondřej Surý wrote: > Hi Guillaume, > > thanks for reading the instructions. I’m afraid you’ve hit a bug and > filling an issue wo

Re: BIND 9.20.4 exiting

Hi Guillaume,thanks for reading the instructions. I’m afraid you’ve hit a bug and filling an issue would be appropriate in this case.I also think that Klaus (in Cc) seen similar crash.We would appreciate if you can provide coredump and binaries with debug symbols.Ondrej--Ondřej Surý — ISC (He/Him)M

RE: Bind is not using the first master for freshness checks

ssage- > From: Mark Andrews > Sent: Thursday, November 21, 2024 12:26 AM > To: Klaus Darilion > Cc: bind-users@lists.isc.org > Subject: Re: Bind is not using the first master for freshness checks > > If a notify comes in while refresh / transfer is in progress that is

Re: Bind is not using the first master for freshness checks

If a notify comes in while refresh / transfer is in progress that is noted and a new refresh cycle is started when the current refresh cycle / transfer completes. Note named is NOT logging every refresh attempt. It is logging refresh attempt FAILURES so you know what to fix. Mark > On 21 Nov

Re: BIND RPZ is not blocking A record

That is what I exactly did and noticed that packets are received on bind and bind is directly forwarding. See my first email that has packet captures On Sun, Nov 17, 2024, 18:17 Lee wrote: > On Sun, Nov 17, 2024 at 1:28 AM Blason R wrote: > > > > Nah even that didn't work. > > > > If I directly

Re: BIND RPZ is not blocking A record

On Sun, Nov 17, 2024 at 1:28 AM Blason R wrote: > > Nah even that didn't work. > > If I directly query to bind it blocks or wall garden the request but if I > send it through windows AD or any other server bind just forwards the request > to forwarders. How do you _know_ windows AD or any other

Re: BIND RPZ is not blocking A record

Agree but response for app.hubspot.com.is getting modified and i see issue with only this domain. On Sun, Nov 17, 2024, 12:01 Mark Andrews wrote: > RPZ stands for RESPONSE POLICY ZONE. It does NOT block queries. It > modifies replies. > -- > Mark Andrews > > On 17 Nov 2024, at 17:28, Blason R w

Re: BIND RPZ is not blocking A record

Nah even that didn't work. If I directly query to bind it blocks or wall garden the request but if I send it through windows AD or any other server bind just forwards the request to forwarders. On Sat, Nov 16, 2024, 23:55 Lee wrote: > Hi > > On Fri, Nov 15, 2024 at 10:24 PM Blason R wrote: > >

Re: BIND RPZ is not blocking A record

RPZ stands for RESPONSE POLICY ZONE. It does NOT block queries. It modifies replies. -- Mark AndrewsOn 17 Nov 2024, at 17:28, Blason R wrote:Nah even that didn't work.If I directly query to bind it blocks or wall garden the request but if I send it through windows AD or any other server bind just

Re: BIND RPZ is not blocking A record

Hi On Fri, Nov 15, 2024 at 10:24 PM Blason R wrote: > > Where is that exactly to be added? I added in response-policy > statement then I tired adding in options stanza but rndc fails > everytime. > <.. snip ..> > > > > response-policy { > > > > zone "custom.block"; > > > > ... > > > > .. > > >

Re: BIND RPZ is not blocking A record

Blason R skrev den 2024-11-16 04:24: Where is that exactly to be added? I added in response-policy statement then I tired adding in options stanza but rndc fails everytime. try this response-policy { zone "rpz.localhost"; } break-dnssec yes qname-wait-recurse no recursi

Re: BIND RPZ is not blocking A record

Where is that exactly to be added? I added in response-policy statement then I tired adding in options stanza but rndc fails everytime. On Fri, Nov 15, 2024 at 6:35 PM Blason R wrote: > > Hmmm - Ok let me try doing that. Thanks for letting me know > > On Fri, Nov 15, 2024 at 3:43 PM Lee wrote:

Re: BIND RPZ is not blocking A record

Hmmm - Ok let me try doing that. Thanks for letting me know On Fri, Nov 15, 2024 at 3:43 PM Lee wrote: > > On Thu, Nov 14, 2024 at 1:48 AM Blason R wrote: > > > > Hello Team, > > > > I am encountering an unusual problem. I am using BIND version BIND > > 9.18.19-1+ubuntu22.04.1+isc+1-Ubuntu and h

Re: BIND RPZ is not blocking A record

On Thu, Nov 14, 2024 at 1:48 AM Blason R wrote: > > Hello Team, > > I am encountering an unusual problem. I am using BIND version BIND > 9.18.19-1+ubuntu22.04.1+isc+1-Ubuntu and have configured BIND RPZ. My > objective is to block access to app.hubspot.com, for which I have > established a zone. >

Re: BIND RPZ is not blocking A record

Remember that when you update a zone you need to increase the serial number (in SOA record) and tell BIND to reload the zone - e.g. run “rndc reload”. Nick. > On 15 Nov 2024, at 6:30 PM, Blason R wrote: > > Even I tried that but still no luck > > $TTL 180 > @ IN SOA ns

Re: BIND RPZ is not blocking A record

Even I tried that but still no luck $TTL 180 @ IN SOA ns1.custom.block. ns1.custom.block. ( 2006060301 21600 3600 604800 3600 ) IN NSns1.custom.block. ns1.custom.block. IN A 172.1.254.243 wg.custom.block.IN A 172.1.254.243 app.hubspot.com

Re: BIND RPZ is not blocking A record

On 14/11/2024 7:48 pm, Blason R wrote: And here is zone file $TTL 180 @ IN SOA ns1.custom.block. ns1.custom.block. ( 2006060301 21600 3600 604800 3600 ) IN NSns1.custom.block. ns1.custom.block. IN A 172.1.xx.xx wg.custom.block.IN A 172

Re: BIND RPZ is not blocking A record

That's my nginx load balancer ip. Surprisingly this happens only with this domain. On Thu, Nov 14, 2024, 17:30 Peter Davies wrote: > Hi Blason, >Your configuration looks correct, though BIND will try to resolve the > "wg.custom.block" > through your forwarders. > > What reply do you get from

Re: BIND RPZ is not blocking A record

Hi Blason, Your configuration looks correct, though BIND will try to resolve the "wg.custom.block" through your forwarders. What reply do you get from: dig @172.1.254.243 custom.block soa /Peter -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

Re: bind-9.18.31 compile errors RHEL 7.9

Mark, Thanks for the suggestion. That did the trick. We will be upgrading our RHEL 7 systems this year but the RHEL 8 systems will take more time. This gives us a solution until we can get all of our DNS servers to RHEL 9. — Nathan > On Nov 5, 2024, at 3:46 PM, Mark Andrews wrote: > > Use a c

Re: bind-9.18.31 compile errors RHEL 7.9

> On 5. 11. 2024, at 15:32, N M wrote: > > What changed between bind-9.18.30 and bind-9.18.31 that would cause it to not > compile? Centos 7 went end-of-life, so we no longer care about it. That’s what has happened. You should not be using system past the EOL date. Ondrej -- Ondřej Surý — ISC

Re: bind-9.18.31 compile errors RHEL 7.9

Use a compiler that supports C(11), you are going to needed it for BIND 9.20. You may get away with adding "#define _Atomic(x) x” to lib/isc/include/isc/stdatomic.h. See the attached diff. I’ve not tested this because I don’t have such an ancient compiler installed nor do I believe I can instal

Re: BIND contribution

Hi Leonie, thank you for approaching us before making the contribution. Before we accept any code there are two main questions to be asked: a) is this going to be useful to anyone else but a handful of researchers? b) who is going to maintain the code long term? Adding a new transport mechanism

Re: bind on fbsd no longer starting

## Kurt Jaeger (bind-us...@opsec.eu): > > 14-Oct-2024 22:14:14.515 compiled with libuv version: 1.49.1 > Downgrading libuv to 1.48.0 seems to fix the startup problem. I just re-checked so I can absolutely not confirm it would be a general libuv problem: Oct 15 00:00:17 disconnector named[56975]:

Re: bind on fbsd no longer starting

Hi! > when I try to start bind 9.18.30 from the ports tree, build > for fbsd 14.1p5, I get this error: [...] > 14-Oct-2024 22:14:14.515 compiled with libuv version: 1.49.1 Downgrading libuv to 1.48.0 seems to fix the startup problem. See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282088

Re: bind on fbsd no longer starting

## Kurt Jaeger (bind-us...@opsec.eu): > 14-Oct-2024 21:49:18.566 netmgr/netmgr.c:302:isc__netmgr_create(): fatal > error: > 14-Oct-2024 21:49:18.566 uv_loop_init failed: no such file or directory > 14-Oct-2024 21:49:18.566 exiting (due to fatal error in library) Check if your chroot has a /dev/

Re: BIND statistics

> On 27 Aug 2024, at 06:04, Havard Eidnes via bind-users > wrote: > >> On Mon, Aug 26, 2024 at 06:05:19PM +0200, Havard Eidnes via bind-users wrote: >>> Thanks. I found it, and it's more than a little embarassing. >>> >>> This is what you get when not building with --with-libxml2: an >>> "un

Re: BIND statistics

> On Mon, Aug 26, 2024 at 06:05:19PM +0200, Havard Eidnes via bind-users wrote: >> Thanks. I found it, and it's more than a little embarassing. >> >> This is what you get when not building with --with-libxml2: an >> "un-rendered" xsl file as a result, in essence just the content >> of bin/named/x

Re: BIND statistics

On Mon, Aug 26, 2024 at 06:05:19PM +0200, Havard Eidnes via bind-users wrote: > Thanks. I found it, and it's more than a little embarassing. > > This is what you get when not building with --with-libxml2: an > "un-rendered" xsl file as a result, in essence just the content > of bin/named/xsl.c.

Re: BIND statistics

> If I was debugging this I would: > - compared strace output from working and non-working server I did parts of that, ref. that other message I sent. > Unfortunately you are the only person who reported this problem and I > can't reproduce it either, so it's probably up to you to find needle > i

Re: BIND statistics

BTW, I got an off-line question how the chrooting is done in my case, i.e. whether the "chroot" program is used, or the "-t" option to BIND is used. In my case it's the latter: -t directory This option tells named to chroot to directory after processing the com

Re: BIND statistics

On 26. 08. 24 9:19, Havard Eidnes via bind-users wrote: Looking a bit further, I find in the XML output: Server Status Boot time: So no actual value? Is there a required post-processing step whi

Re: BIND statistics

Hi, and thanks for the suggestions. This is not an issue of broken clocks, all the involved machines run ntp and have good sync status traceable to at least a GPS clock. This does however appear to have something to do with the chroot'edness of this particular installation, and it's evident that

Re: BIND statistics

>> Hi Håvard. >> Have you tried a different browser? > > Not yet. Will do tomorrow. Latest Chrome on MacOS: just the same; it displays the raw XML which isn't exactly user-friendly. Regards, - Håvard -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC

Re: BIND statistics

Looking a bit further, I find in the XML output: Server Status Boot time: So no actual value? Is there a required post-processing step which is omitted? I see xsl is mentioned both here and in the style

Re: BIND statistics

Hi there, On Mon, 26 Aug 2024, Greg Choules wrote: On Sun, 25 Aug 2024 at 21:06, Havard Eidnes via bind-users < I've started testing 9.20.x. ... firefox ... version 120.0... informs me ... This XML file does not appear to have any style information associated with it. The document tree i

Re: BIND statistics

Latest Chrome/Safari/Firefox on MacOS as well and it looks good for me. I haven't needed to clear cookies or browsing data or anything, it just worked. My 9.20.0 is running locally on the Mac, installed via homebrew. Maybe try that and see what you get? Perhaps it's something to do with the enviro

Re: BIND statistics

On further reflection I suspect broken clocks. Named uses If-Modified-Since to determine whether to resend the style file. Named uses the server’s start time as the modification time in that calculation. > On 26 Aug 2024, at 11:06, Mark Andrews wrote: > > We are probably not properly managin

Re: BIND statistics

We are probably not properly managing the style sheet versioning correctly. Flushing the browser’s cache when you install a new version of BIND should fix the display problems. As for collectd there are differences in which stats are collected. You a probably looking for something that is no

Re: BIND statistics

> Hi Håvard. > Have you tried a different browser? Not yet. Will do tomorrow. > Having said that, I just started 9.20.0 with this config: > > statistics-channels { inet 127.0.1.0 port 8080 ; }; > > Then pointed three different browsers at that address/port and it looks > fine to me in all of the

Re: BIND statistics

Hi Håvard. Have you tried a different browser? Having said that, I just started 9.20.0 with this config: statistics-channels { inet 127.0.1.0 port 8080 ; }; Then pointed three different browsers at that address/port and it looks fine to me in all of them. Browers tried were Chrome, Safari and Fir

Re: bind-users Digest, Vol 4516, Issue 1

Veronique, There are two restrictions: max-types-per-name 100; (Unlikely to cause issues) max-records-per-type 100; So to list the counts of each each name you could use the following command: dig -t axfr $zone  @$server | awk '{print $1,$4}' | sort | uniq -c | sort -n Where $zone is zone FQ

Re: bind-users Digest, Vol 4516, Issue 1

Hi, We had the same issue as James, fortunately with no impact on production. But I agree that , although I finally found the warning at the very bottom of the mail announcing the new release, this MAJOR change should have been announced more clearly. How do you find out whether or not you have

Re: bind 9.18 few system tests failing

Hi, I find it hard to believe that IBM can't test it themselves on any Linux really, but yes, all system tests pass correctly on all supported platforms. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply

Re: BIND 9.16 is approaching EOL in April, 2024

> On Mar 11, 2024, at 4:09 PM, John Thurston wrote: > > I assume the day is approaching when the packages in the COPR repositories > will be changed; isc/bind-esv will have 9.18 (instead of 9.16), and ics/bind > will have 9.20 > > So that we might start weaving this into our maintenance plans

Re: BIND 9.16 is approaching EOL in April, 2024

I assume the day is approaching when the packages in the COPR repositories will be changed; isc/bind-esv will have 9.18 (instead of 9.16), and ics/bind will have 9.20 So that we might start weaving this into our maintenance plans, is there a projected date on which this will happen? -- Do th

Re: BIND Upgrade

We are working intensively at Red Hat to finally fix that version. A huge thanks goes to ISC, which kindy provided complex backport into 9.11 version, which they do not support for a long time. It was discovered those changes require also changes to bind-dyndb-ldap used in freeipa and also may

Re: BIND Upgrade

Hi there, On Fri, 16 Feb 2024, Semra T?rkkal Nazl?mo?lu wrote: Our bind version seems below. How can we upgrade bind version? And if we upgrade bind version, is there any problem? Recently I upgraded from 9.11.26 (not 9.11.36) to 9.18.24 using the source from the ISC Website. It's a very sma

Re: BIND Upgrade

Hi, You don't need to use the RHEL version of BIND. ISC supplies packages that you can add as described here: https://kb.isc.org/docs/isc-packages-for-bind-9 Thank you, Darren Ankney On Thu, Feb 15, 2024 at 8:02 AM Marco Moock wrote: > > Am 15.02.2024 schrieb Semra Türkkal Nazlımoğlu > : > > >

Re: BIND Upgrade

Am 15.02.2024 schrieb Semra Türkkal Nazlımoğlu : > Our bind version seems below. How can we upgrade bind version? It comes from the OS you are using. Upgrade to the current RHEL release. If you prefer bleeding-edge versions, use Fedora instead. > And if we upgrade bind version, is there any prob

Re: BIND-9.10.2-P4: Cannot use in-view to refer to RPZ zone definitions: "'$RPZ_ZONE' is not a master or slave zone"

I know this is an incredibly old thread, but I was wondering if there has been any progress on this topic within the last 8 years. I am attempting to use views to offer different configurations of RPZ filtering to different subsets of the user population. My original approach was having multi

Re: Bind forgets my changes with nsupdate

201907-b...@planhack.com wrote: >> My solution is not to mix dynamic update with other access. Instead, >> I put in CNAMEs in the signed zone to a sub-zone (or other zone) where >> I do exclusive dynamic update. This isn't perfect, but it works well >> enough to allow dns-01 (cer

Re: Bind forgets my changes with nsupdate

Paul van der Vlis via bind-users wrote: > But how could I refresh the key without loosing the IP? I was in a similar situation. I managed my zone files mostly manually, but a few records needed to be updated automatically. Either manual changes would obliterate automatically updated records, as yo

Re: Bind forgets my changes with nsupdate

> My solution is not to mix dynamic update with other access. > Instead, I put in CNAMEs in the signed zone to a sub-zone (or other zone) > where I do exclusive dynamic update. This isn't perfect, but it works > well enough to allow dns-01 (certbot/LetsEncrypt) to be able to refresh my >

Re: Bind forgets my changes with nsupdate

In general, you don't want to mix dynamic update zones with ones that you want to edit by hand. I see that you are doing manual DNSSEC signing in your cron job. Your choices are: a) do everything with dynamic update, and turn on automatic DNSSEC management in bind9. b) do your DNSSEC signing

Re: Bind forgets my changes with nsupdate

Just configure named to sign the zone. -- Mark Andrews > On 6 Oct 2023, at 22:30, Paul van der Vlis wrote: > > Op 06-10-2023 om 10:39 schreef Mark Andrews: >> You need to figure out what is updating the zone. This isn’t named. > > Thanks for your answer. > It makes me find the reason. See m

Re: Bind forgets my changes with nsupdate

Op 06-10-2023 om 10:39 schreef Mark Andrews: You need to figure out what is updating the zone. This isn’t named. Thanks for your answer. It makes me find the reason. See my other message. With regards, Paul -- Paul van der Vlis Linux systeembeheer Groningen https://vandervlis.nl/ -- Visit ht

Re: Bind forgets my changes with nsupdate

Op 06-10-2023 om 10:28 schreef Paul van der Vlis via bind-users: Hello, I try to give a dynamic IP to a name, using nsupdate. This works fine, but after some hours the IP is gone from the master (which I update). Something like this: Host home.customer.nl not found: 3(NXDOMAIN) The IP is the

Re: Bind forgets my changes with nsupdate

You need to figure out what is updating the zone. This isn’t named. -- Mark Andrews > On 6 Oct 2023, at 19:28, Paul van der Vlis via bind-users > wrote: > > Hello, > > I try to give a dynamic IP to a name, using nsupdate. This works fine, but > after some hours the IP is gone from the mast

Re: BIND 9.18 unable to successfully transfer zone from axfrdns primary

Right, BIND 9.18 now enforces Section 2.2 of RFC 5936, specifically, this: "The AXFR server MUST copy the Question section from the corresponding AXFR query message into the first response message's Question section. For subsequent messages, it MAY do the same or leave the Question se

Re: BIND 9.18 unable to successfully transfer zone from axfrdns primary

That gets me more information, and I think puts the problem onto axfrdns. Thanks. xfer-in: info: zone example.net/IN: Transfer started. xfer-in: debug 1: zone example.net/IN: forced reload, requesting AXFR of initial version from 198.51.100.1#53 xfer-in: info: transfer of 'example.net/IN' from

  1   2   3   4   5   6   7   8   9   10   >