Hi,
> Need help with the COPR packages for BIND, they don’t seem to have DOH
> enabled / working
That's not the case, DNS-over-HTTPS should work just fine with our Copr
packages.
> Should have: compiled with DNS-over-HTTPS
> It does not no?
DNS-over-HTTPS support in BIND
Hey Everyone,
Need help with the COPR packages for BIND, they don’t seem to have DOH enabled
/ working
sudo yum-config-manager --add-repo
https://copr.fedorainfracloud.org/coprs/isc/bind/repo/epel-9/isc-bind-epel-9.repo
sudo yum --enablerepo="copr:copr.fedorainfracloud.org:isc:bind&quo
-- Original --
> From: "Greg Choules" ;
> Date: Sun, Apr 28, 2024 03:39 PM
> To: "Yang"<395096...@qq.com>;
> Cc: "bind-users";
> Subject: Re: [help]how to configure ecs subnet for bind-9.18-21
>
> Hello.
> Do you mean
Hello.
Do you mean 9.18-S1?
> On 28 Apr 2024, at 08:06, Yang via bind-users
> wrote:
>
>
> dear admin:
> now, i use bind-9.18-21, i want to use ecs client subnet function; but i
> don't know how to configure it, and i don't get method from google
> please give me some example,or document
dear admin:
now, i use bind-9.18-21, i want to use ecs client subnet function; but i
don't know how to configure it, and i don't get method from google
please give me some example,or document , or google links to learn about
it ;
thanks!
Yang
395096...@qq.com--
Visit https://lists.isc
rs about DNS
>protocol, DNS protocol security or good research practices for DNS
>amplification attacks?
>
>
>
> Thank you in advance for your help. I remain at your disposal should you
> have any questions.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-u
On Fri, 3 Nov 2023, Amaury Van Pevenaeyge wrote:
* Would you have some articles and researches or others about DNS
protocol, DNS protocol security or good research practices for DNS
amplification attacks?
The "go to" book on my bookshelf for IP generally is Comer's
_Internetworking w
> On 3. 11. 2023, at 18:04, Fred Morris wrote:
>
> Your interpretation of what is occurring may be interfering with your
> understanding of it.
This ^^^.
You should start with understanding the wider picture by studying how DNS works.
I would recommend starting here:
https://labs.ripe.net/a
Am 03.11.2023 um 15:20:50 Uhr schrieb Amaury Van Pevenaeyge:
> Hello everyone,
>
> I'm currently a final year Master's student at the Free University of
> Brussels. As part of my Master's thesis, I have to implement a DNS
> amplification scenario within a Cyber Range. However, before
> achieving
Hello. Your interpretation of what is occurring may be interfering with
your understanding of it.
On Fri, 3 Nov 2023, Amaury Van Pevenaeyge wrote:
[...] As part of my Master's thesis, I have to implement a DNS
amplification scenario within a Cyber Range. However, before achieving
this final
r good research practices for DNS amplification attacks?
Thank you in advance for your help. I remain at your disposal should you have
any questions.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software wi
dig -x 2001:db8::1 also works
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 24. 8. 2023, at 8:49, Jan-Piet Mens wrote:
>
>
>>
>> IPv6 PTR records are simply reversed.
>
You may already have BIND installed; most distros do. If not, it's easy.
You don't *have* to run named, but tools like this (and dig, particularly)
are very useful to have.
Do "which arpaname" to see if you have it already.
Cheers, Greg
On Thu, 24 Aug 2023 at 08:00, Marco wrote:
> Am 24.08.202
Am 24.08.2023 schrieb Jan-Piet Mens :
> easier said than done, for some of us. I use BIND's arpaname(1)
> utility which does the work for me:
>
> $ arpaname 2001:db8::1
> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.B.D.0.1.0.0.2.IP6.ARPA
Thanks for telling me. I used dig and extracted the
IPv6 PTR records are simply reversed.
easier said than done, for some of us. I use BIND's arpaname(1) utility which
does the work for me:
$ arpaname 2001:db8::1
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.B.D.0.1.0.0.2.IP6.ARPA
-JP
--
Visit https://lists.isc.org/mailman/listinfo/
Am 23.08.2023 23:13 schrieb Cesar Augusto Camacho Sierra:
> I am looking to generate IPv6 PTR records in a specific format for my
> BIND 9 server. The desired format is [insert format]. I've tried
> [describe any approach you've tried], but I'm having a hard time
> getting it done. Could anyone pr
I am looking to generate IPv6 PTR records in a specific format for my
BIND 9 server. The desired format is [insert format]. I've tried
[describe any approach you've tried], but I'm having a hard time
getting it done. Could anyone provide guidance on how to accomplish
this?
--
Visit https://lists.i
On 18/04/2023 2:16 am, Matt Zagrabelny via bind-users wrote:
On Mon, Apr 17, 2023 at 9:04 AM Marco wrote:
Am 17.04.2023 um 08:59:29 Uhr schrieb Matt Zagrabelny via bind-users:
> I'm running a little older Debian bind:
>
> bind9 1:9.9.5.dfsg-9
The upgrade your
The additional problem is that you also choose to hide the domain and the IP
addresses which doesn’t help others test stuff for you.
Why do you think named asked for the addresses of the servers? What does named
have and what does it need to send out notify messages? Is the server properly
Hello Ondřej,
On Mon, Apr 17, 2023 at 9:26 AM Ondřej Surý wrote:
>
> > On 17. 4. 2023, at 15:59, Matt Zagrabelny via bind-users <
> bind-users@lists.isc.org> wrote:
> >
> > Greetings bind-users,
> >
> > I'm running a little older Debian bind:
> >
> > bind9 1:9.9.5.dfsg-9
>
> A litt
On Mon, Apr 17, 2023 at 9:04 AM Marco wrote:
> Am 17.04.2023 um 08:59:29 Uhr schrieb Matt Zagrabelny via bind-users:
>
> > I'm running a little older Debian bind:
> >
> > bind9 1:9.9.5.dfsg-9
>
> The upgrade your OS, stretch already has 9.10 and that is very old.
>
Agreed! It is on
> On 17. 4. 2023, at 15:59, Matt Zagrabelny via bind-users
> wrote:
>
> Greetings bind-users,
>
> I'm running a little older Debian bind:
>
> bind9 1:9.9.5.dfsg-9
A little older?
Debian Jessie reached EOL in June 2018, Debian Jessie LTS reached EOL in June
2020
So, you are r
Am 17.04.2023 um 08:59:29 Uhr schrieb Matt Zagrabelny via bind-users:
> I'm running a little older Debian bind:
>
> bind9 1:9.9.5.dfsg-9
The upgrade your OS, stretch already has 9.10 and that is very old.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe fr
; 192.168.21.10.63839:
15372*- 1/0/1 fc00:101:101::53 (69)
2023-04-14 14:23:53.741303 IP 10.101.101.1.53 > 192.168.21.10.14682:
46647*- 1/0/1 fc00:223:13::53 (69)
Any ideas what I'm missing?
Thanks for the help!
-Matt
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to un
You can investigate cookies, if you think that is the issue, by setting
options found in the manual. There are a few options:
https://bind9.readthedocs.io/en/v9_18_9/reference.html#namedconf-statement-require-server-cookie
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
The DNS server at 119.29.29.29 is broken. It does not implement EDNS (RFC 6891)
correctly. Some of the errors may be due to a misconfigured firewall in front
of
the server. This is the section of RFC 6891 the server is not following and it
is designed to allow clients to use options the server
'servfail' exception occurs after BIND runs for a period of time, restart bind
:servfail does not appear
but,After running for some time, it still had the same 'servfail' problem
#./sbin/named -VBIND 9.11.5 (Extended Support Version) running on
Linux x86_64 3.10.0-514.26.2.el7.x86_64 #1 SM
Thanks for providing the data.
So it looks to me that nothing has happened yet because you scheduled
the rollover at 2022112223 (November 22, 2022, 23:00:00 UTC). That's
why no successor has been created yet, the datetime is still in the future.
You can see in the state file that the key
> On Nov 21, 2022, at 3:29 AM, Matthijs Mekking wrote:
>
> Hi,
>
> It is hard to see what the problem is without any configuration or state
> information. Also, log level debug 3 gives you probably more useful logs when
> investigating a problem.
>
> Can you share (privately if you wish) t
Hi,
It is hard to see what the problem is without any configuration or state
information. Also, log level debug 3 gives you probably more useful logs
when investigating a problem.
Can you share (privately if you wish) the key **state** files, and the
output of 'rndc dnssec -status' for the g
Hello,
So I reconfigured one of my domains to use dnssec-policy. I’m using the policy
“default” + I’ve only added nsec3 stuff. All other timers / params are from
default. Working fine / as expected.
Luckily for me this is a domain that I don’t use much. So outages and mistakes
are easily t
Hi Anand,
> How did you add this zone to BIND?
We added this zone through OpenStack Desigante. We sent a HTTP request to
Designate for adding a zone. Designate would convert the HTTP request to
RNDC command to add zone to BIND.
Tengfei
Anand Buddhdev 于2022年5月7日周六 16:27写道:
> On 07/05/2022 08:0
On 07/05/2022 08:08, tengfei xiao wrote:
Hi Tengfei,
We are encountering a problem that SOA records had data residue when
deleting a new-created zone with BIND 9. The operation procedures are as
below:
1. Firstly, a zone named test18.cn was added with BIND 9. The command "dig
-t SOA test18.cn"
Hi,
We are encountering a problem that SOA records had data residue when
deleting a new-created zone with BIND 9. The operation procedures are as
below:
1. Firstly, a zone named test18.cn was added with BIND 9. The command "dig
-t SOA test18.cn" shows the corresponding SOA record was created
succ
On 13.01.22 14:29, Tim Daneliuk via bind-users wrote:
Environment: Master/Slave with Split Horizon both on FreeBSD-STABLE
Bind 9.16.24_1
Master out in a cloud server
Slave on a physical server with a static IP on Comcast Business
Problem: After years of s
Environment: Master/Slave with Split Horizon both on FreeBSD-STABLE
Bind 9.16.24_1
Master out in a cloud server
Slave on a physical server with a static IP on Comcast Business
Problem: After years of stable behavior, Slave intermittently not resolving
Hi all,
once, I received the advice (from Tony?) to move to ddns.
At that time I had trouble with zones no longer being updated
from reloaded zone files.
(Reloading zone files with inline-signing and autodnssec-maintain
could interfere with key-signing activities of the server.)
To help admins
your current logging configuration options in case
> you want to revert in future) and then start looking through those logs the
> next time your on-prem slave stops resolving.
>
> Once you spot any errors in the look you can post them here on the list and
> others will try and help explain
) and then start looking through those logs the
next time your on-prem slave stops resolving.
Once you spot any errors in the look you can post them here on the list and
others will try and help explain what may be happening.
Richard.
-Original Message-
From: bind-users On Behalf O
garbage may be implicated.
We could use some help on an approach to debugging this. Having never had
significant bind problems over 20 years of use, we literally have no named
debugging experience...
TIA,
--
Tim D
Dude!! Thanks!!
On 2021-06-15 12:58, Lyle Giese wrote:
Yep, that fixed it.
Lyle
On 6/15/21 2:23 PM, techli...@phpcoderusa.com wrote:
Thank you for your help!! The zone file is the one I tool from Plesk
when I had keiththewebguy.com parked there. All I did was change the
IP addresses
Yep, that fixed it.
Lyle
On 6/15/21 2:23 PM, techli...@phpcoderusa.com wrote:
Thank you for your help!! The zone file is the one I tool from Plesk
when I had keiththewebguy.com parked there. All I did was change the
IP addresses.
I assume what you want me to do is add keiththewebguy.com
Thank you for your help!! The zone file is the one I tool from Plesk
when I had keiththewebguy.com parked there. All I did was change the IP
addresses.
I assume what you want me to do is add keiththewebguy.com to the two
records making:
ns1.keiththewebguy.com. 86400 IN A
On 15.06.21 09:14, Lyle Giese wrote:
I think I stumbled upon a problem with the zone records for
keiththewebguy.com. It could be the root issue you are having.
If I run
dig ns +trace keiththewebguy.com
I got the following for the last record from your name servers:
ns1.keiththewebguy.com.
ent
nameservers you can't host DNS - it's that easy
https://www.iana.org/help/nameserver-requirements
Minimum number of name servers
There must be at least two NS records listed in a delegation, and the
hosts must not resolve to
h only one nameserver
you can't have proper DNS with two nameservers in the same network or
on the same line
if you can't provide the minimum of *two* completly independent
nameservers you can't host DNS - it's that easy
https://www.iana.org/help/nameserver-requirements
Minimum
On 2021-06-15 01:31, Reindl Harald wrote:
Am 14.06.21 um 22:37 schrieb techli...@phpcoderusa.com:
keiththewebguy.com [1]. does not actually have the two nameservers
required though that is not the problem. (ns1 and ns2 have same IP)
I have a VPS that runs Plesk and there is only one name s
Thank you for your help!!
On 2021-06-15 00:39, Matus UHLAR - fantomas wrote:
On 11.06.21 18:19, Sten Carlsen wrote:
From my place I resolve both to: 98.191.108.149
keiththewebguy.com. does not actually have the two nameservers
required though that is not the problem. (ns1 and ns2 have
; Good Morning to all Bind- users.
> I need help for calculating DNS server throughput.
> Actually, we are planning to purchase firewall so it is required for
> purchasing according to load.
>
> I am using RHEL, I will be thankful if someone could guide us that how we can
> c
er DNS with two nameservers in the same network or on
the same line
if you can't provide the minimum of *two* completly independent
nameservers you can't host DNS - it's that easy
https://www.iana.org/help/nameserver-requirements
Minimum number of name servers
There must be at le
Am 14.06.21 um 22:37 schrieb techli...@phpcoderusa.com:
keiththewebguy.com [1]. does not actually have the two nameservers
required though that is not the problem. (ns1 and ns2 have same IP)
I have a VPS that runs Plesk and there is only one name server so for
every domain I have hosted on
your hosts to the right NS.
On 14.06.21 14:26, techli...@phpcoderusa.com wrote:
I do have the same IP in both "glue" records. GoDaddy calls them host
records.
those might be different records, haven't checked godaddy's dictionary.
Server was probably off. Thank y
Dear All,
Good Morning to all Bind- users.
I need help for calculating DNS server throughput.
Actually, we are planning to purchase firewall so it is required for purchasing
according to load.
I am using RHEL, I will be thankful if someone could guide us that how we can
calculate the
WEBGUY.COM': failure
dig: couldn't get address for 'NS1.KEITHTHEWEBGUY.COM': no more
Server was probably off. Thank you for your help!!
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovan
Thank You Mr. Haywood!!
On 2021-06-12 05:11, G.W. Haywood via bind-users wrote:
Hi there,
On Sat, 12 Jun 2021, techli...@phpcoderusa.com wrote:
Re: Need Help with BIND9
...
The two domains I am working with on my SOHO home server are 1)
keiththewebguy.com and 2) phpcodetest.com.
I setup
know.
Thank you for your help!!
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for more
Thank you for your response.
On 2021-06-11 09:19, Sten Carlsen wrote:
From my place I resolve both to: 98.191.108.149
keiththewebguy.com [1]. does not actually have the two nameservers
required though that is not the problem. (ns1 and ns2 have same IP)
I have a VPS that runs Plesk and there i
Am 12.06.21 um 14:30 schrieb Matus UHLAR - fantomas:
On 11.06.21 18:19, Sten Carlsen wrote:
From my place I resolve both to: 98.191.108.149
keiththewebguy.com. does not actually have the two nameservers
required though that is not the problem. (ns1 and ns2 have same IP)
BIND seems to work
On 11.06.21 18:19, Sten Carlsen wrote:
From my place I resolve both to: 98.191.108.149
keiththewebguy.com. does not actually have the two nameservers required though
that is not the problem. (ns1 and ns2 have same IP)
BIND seems to work ok but your local settings probably don't point your host
Hi there,
On Sat, 12 Jun 2021, techli...@phpcoderusa.com wrote:
Re: Need Help with BIND9
...
The two domains I am working with on my SOHO home server are 1)
keiththewebguy.com and 2) phpcodetest.com.
I setup keiththewebguy.com first and configured BIND9 for it on the same
server.
To try to
g Ubuntu 20.04lts and BIND9.
>
> My connection is a commercial/business Internet connection provided by
> my cable company for home office usage. This connection does not block
> ports.
>
> I followed the Ubuntu 20.04 server manual to configure BIND9 and I have
>
From my place I resolve both to: 98.191.108.149
keiththewebguy.com. does not actually have the two nameservers required though
that is not the problem. (ns1 and ns2 have same IP)
BIND seems to work ok but your local settings probably don't point your hosts
to the right NS.
--
Best regards
St
A thing you probably missed is checking the log files. What do they contain
when it "isn't working"? What is the actual problem anyway?___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the develo
rnet connection provided by
my cable company for home office usage. This connection does not block
ports.
I followed the Ubuntu 20.04 server manual to configure BIND9 and I have
searched the Internet for more information.
If you need any additional information let me know.
Thank yo
On 2021-04-30 07:20, Sainik Biswas via bind-users wrote:
I need some help setting up a recursive nameserver for my internal
network using BIND 9. The recursive name server is not resolving any
domains.
I am running the BIND 9 package from the ppa:isc/bind repo.
BIND Version Number: 9.16.15
On 30.04.21 17:50, Sainik Biswas via bind-users wrote:
I need some help setting up a recursive nameserver for my internal
network using BIND 9. The recursive name server is not resolving any
domains.
Error Log [resolver.log]
2021-04-30T11:58:17.784Z notice: DNS format error from 198.41.0.4
Hi,
I need some help setting up a recursive nameserver for my internal
network using BIND 9. The recursive name server is not resolving any
domains.
I am running the BIND 9 package from the ppa:isc/bind repo.
BIND Version Number: 9.16.15
OS: Ubuntu 18.04 LTS
This is the named.conf.options
Hello,
I have found the issue. Maybe it helps someone else.
In the logs above, there were "exceeded max queries resolving".
The default max-recursion-queries is 75.
I have increased it to 100 and it seems it helped. So I set it up to 150
to be on the safe side.
Best regards,
Olaf
NAVI Sp.
Hello,
One more thought - This behaviour didn't happen with bind 9.9 - on CentOS 7.
Best regards,
Olaf Frączyk
NAVI Sp. z o.o.
Promienista 5/1
60-288 Poznań
mobile: +48609769035
phone: +48616622881
fax: +48616622882
http://www.navi.pl
On 2020-10-04 01:39, Olaf Frączyk wrote:
Hello,
I'm run
Hello,
I'm running bind on CentOS 8:
bind-9.11.13-6.el8_2.1.x86_64
From time to time I get SERVFAIL responses.
When the client queries second time, it gets the answer, so this are
transient errors. I don't see any pattern for them.
This happens probably a few times a day - enough to make it
that were last updated in
2011, yet some of them still seem useful, and articles from much more recently
that are so out of date as to be misleading to current users.
However, I am really not a BIND-user and I need help from actual users. If you
have a little time to spare, consider reading an
On Fri, Sep 11, 2020 at 8:58 AM ShubhamGoyal wrote:
> Dear sir,
>We are running a public DNS resolver in
> Centos 8 with bind software . We enable geoip feature at configuration time
> now I want to know about
>
> "
> Dear sir,
>We are running a public DNS resolver in
> Centos 8 with bind software . We enable geoip feature at configuration time
> now I want to know about
>
> " How can we implement Geo
> log in bind R
>On 4 Mar 2019, at 16:20, Paul Kosinski wrote:
>> provides our users with general caching DNS service for
>> all other domains.
>
>[...]
>
>> Its "named.conf" file doesn't list any "forwarders" any more, and
>> "forward-only" is gone, but it still has a leftover "recursion yes"
>> clause. Am I cor
In article ,
Paul Kosinski wrote:
> I gather "recursion yes" (explicit or default) controls whether BIND
> *does* recursion itself, in the sense of querying other DNS servers for
> data it doesn't have, not whether it *issues* queries with the
> "recursion desired" flag set. (Somewhat confusing
I gather "recursion yes" (explicit or default) controls whether BIND
*does* recursion itself, in the sense of querying other DNS servers for
data it doesn't have, not whether it *issues* queries with the
"recursion desired" flag set. (Somewhat confusing terminology, in my
opinion.)
So is the "recu
On 4 Mar 2019, at 16:20, Paul Kosinski wrote:
provides our users with general caching DNS service for
all other domains.
[...]
Its "named.conf" file doesn't list any "forwarders" any more, and
"forward-only" is gone, but it still has a leftover "recursion yes"
clause. Am I correct is assuming
On 4 Mar 2019, at 16:20, Paul Kosinski wrote:
> provides our users with general caching DNS service for
> all other domains.
[...]
> Its "named.conf" file doesn't list any "forwarders" any more, and
> "forward-only" is gone, but it still has a leftover "recursion yes"
> clause. Am I correct i
> >> Actually I m bit confused between Recursive vs Iterative query
> >> mode , so does this mean Bind will only work in Recursive query
> >> mode & this makes the "Forwarder " to do his required job.
> >>
> >> Help in understand so in what sce
t work.
>>
>> Actually I m bit confused between Recursive vs Iterative query mode , so
>> does this mean Bind will only work in Recursive query mode & this makes the
>> "Forwarder " to do his required job.
>>
>> Help in understand so in what
cursive query mode & this makes the
> "Forwarder " to do his required job.
>
> Help in understand so in what scenarios will use/configure Bind in Iterative
> query mode.
"recursion yes" means that it will *answer* queries that require
recursion, i.e. they ask
ode & this makes the
"Forwarder " to do his required job.
Help in understand so in what scenarios will use/configure Bind in Iterative
query mode.
iterative mode happend when domain is configured locally, otherwise
recursive mode is used. you don't need to configure it.
-
warder " to do his required job.
Help in understand so in what scenarios will use/configure Bind in Iterative
query mode.
--
Sent from: http://bind-users-forum.2342410.n4.nabble.com/
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users t
On 03.03.19 14:55, Vivek Aggarwal wrote:
Please help in understand what the purpose of specifying "recursion yes"
it means that BIND will provide recursion, e.g. resolve domains not
confiured locally.
in the "named.conf.options" file when I have already configured the
f
Team,
>
>
>
> Please help in understand what the purpose of specifying "recursion yes"
> in the "named.conf.options" file when I have already configured the
> forwarders list in it.
>
> I've a zone file for managing the internal subnet machine
which part? I would highly
appreciate it if one could help me in this matter.
Thank you,
Sincerely,
Fatemah Alharbi
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
Hi BIND expert,
I could not have sent the followings thru https://www.isc.org/bind-
subscription-contact/
due to error on the site.
--
I am a S/W engineer who is working on BIND, especially named in Seoul/Korea.
I've got reports from a customer regarding stucked "named" pr
On 12.09.18 13:01, Spears, Luke wrote:
I'm not sure how to go about requesting this but I am looking for information
on upgrading from BIND 9.8 to 9.11 or 12 depending if it's ESV or not. We are
running Ubuntu 14.04
if you use ubuntu *-LTS, you should be safe with the version in ubuntu.
--
I'm not sure how to go about requesting this but I am looking for information
on upgrading from BIND 9.8 to 9.11 or 12 depending if it's ESV or not. We are
running Ubuntu 14.04
v\r
==
CONFIDENTIALITY NOTICE:
This e-mail communication and any attachments may
es, are they facing same issue?
>>>
>>> On Sun, Aug 12, 2018 at 10:12 AM Bob Harold wrote:
>>>
>>>>
>>>> On Fri, Aug 10, 2018 at 10:53 PM Blason R wrote:
>>>>
>>>>> Infact what I observed that the intermediate DNS serve
n list from commercial RPZ
>> services, are they facing same issue?
>>
>> On Sun, Aug 12, 2018 at 10:12 AM Bob Harold wrote:
>>
>>>
>>> On Fri, Aug 10, 2018 at 10:53 PM Blason R wrote:
>>>
>>>> Infact what I observed that the intermedia
ot
>>> forwarding he queries for .com and .net servers to my RPZ servers and it
>>> tries resolves directly on his own from TLD servers
>>>
>>
>> You need to work on the intermediate server to get it to forward. If it
>> is running Microsoft DNS, then I d
DNS servers are not
>> forwarding he queries for .com and .net servers to my RPZ servers and it
>> tries resolves directly on his own from TLD servers
>>
>
> You need to work on the intermediate server to get it to forward. If it
> is running Microsoft DNS, then I don&
te server to get it to forward. If it is
running Microsoft DNS, then I don't know enough to help you with that.
I would suggest that you have the RPZ server be a 'slave' for the 'test.com'
zone (and all the zones that the AUTH server has). Then point users
direct
Infact what I observed that the intermediate DNS servers are not forwarding
he queries for .com and .net servers to my RPZ servers and it tries
resolves directly on his own from TLD servers
192.168.3.72 End User
192.168.3.15 [AUTH Server for test.com] and has forwarder to
192.168.3.44 [RPZ]
So, 3
Ok - Now I added like this and it disappeared.
response-policy { zone "whitelist.allow" policy passthru;
zone "malware.trap";
zone "ransomwareips.block"; } qname-wait-recurse no
break-dnssec no;
On Sat, Aug 11, 2018 at 7:51 AM Blason R wro
This is not accepting and giving my syntax error.
named-checkconf /etc/bind/named.conf
/etc/bind/named.conf.options:29: syntax error near '}'
And here is I added
response-policy { zone "whitelist.allow" policy passthru;
zone "malware.trap";
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2018-08-10 at 13:17 +0530, Blason R wrote:
> Nah I dont think that is the answer since you need a termination after
> clause.
Did you actually try the answer below?
> On Fri, Aug 10, 2018 at 12:58 PM Vadim Pavlov wrote:
> Should be:
>
Hello,
Well even though the entry is there in RPZ zone it is still being returned
as nxdomain.
On Fri, Aug 10, 2018, 3:01 PM WILSON Sam wrote:
> I'm sorry, I don't understand the question. Your message shows a query
> and an NXDOMAIN response. That seems to be correct. I don't know whether
>
I'm sorry, I don't understand the question. Your message shows a query and an
NXDOMAIN response. That seems to be correct. I don't know whether your RPZ
configuration is supposed to change that.
Sam
> On 9 Aug 2018, at 18:25, Blason R wrote:
>
> Is it a big?? I mean certain domains from m
1 - 100 of 503 matches
Mail list logo
