y's ad hoc command into something publishable,
it would be better to use
dig +nocmd +nostats +onesoa AXFR zone | awk ...
(although for +onesoa you need the dig from BIND 9.8 or later).
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.
ry to perform an RFC 5011
rollover on it, using dnssec-revoke and/or the -R option of dnssec-settime,
meanwhile tracking it on another system via a managed-keys entry, but then
if it all went pear-shaped it might not be clear whether I had performed
the rollover correctly or not.
--
Chris Thompson
E
subject to negotiation!) to provide automatic scaling
according to the size of the zone.
Do other people have this problem? Any other ideas?
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubsc
gorithm represented in the DNSKEY RRset: at least one KSK
| and one ZSK per algorithm. If there is any algorithm for which this
| requirement is not met, this option will be ignored for that algorithm.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit
the new raw format (e.g. as a result
of dynamic updates), then one would have a problem backing off to earlier
BIND versions?
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscr
"gov", just because the early reports were from the
US and no-one around here seems to have had their recursive nameservers
crash. [We upgraded to BIND 9.8.1-P1 anyway, of course.]
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit
"How many secondaries?":
| The DNS specification and domain name registration rules require at
| least two servers for every zone.
before going on to recommend more than two in most cases.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit h
han my one from RFC 1035. How did I miss it?
Well, it turns out that the word "two" above occurs at the beginning of a
line in rfc1034.txt, and I was searching for the string " two" ... :-(
[Too many false drops if you search for just the three-character string,
because of
27;t really meant to perform this experiment
at this time... it happened as a result of specifying a set of key
publication and activation times in January 2011 when January 2012
was intended :-)
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit h
invalid" as the SOA.rname, but BIND
still uses "." for empty zones (apparently even in 9.9.0rc1). I imagine
we will change that if/when BINS does.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listin
new, but seems always to be the same
as the later query name. What is it for? If it meant to be the name of the
client it has got it horribly wrong!
The ARM for 9.9.0rc1 still describes the old format.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please
pears, not just the query log ones.
But it does look mighty strange in that case. And maybe people will want
the class and type (and even flags) of the query added in the general case,
which would sort of reduce the query log specific info to just "it happened".
--
Chris Thompson
E
h servers?
If you did go out of your way to make it other than "unlimited",
then yes to both. But don't.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
If it's occurring a lot, you could have stuck or nearly-stuck
transfers going on. "rndc status" will tell you how many. You may
need to adjust "max-transfer-time-out"/"max-transfer-idle-out"
rather than "transfers-out".
--
Chris Thompson
Email: c..
me components.
The real point for the OP is: whatever the naming convention used,
you have to agree it with the delegating authority (unless you are
in the happy position of *being* the delegating authority as well).
All too likely, they will not offer you any choice in the mat
sages ever get routed to the channel, the file will
never get created.
Actually, "default_debug" is slightly different from a channel
that you could set up yourself with "severity dynamic". The
latter would revert to "severity info" when you used "
e of points:
1. You can (and should) test a new named.conf for syntax errors in
advance by using the named-checkconf program.
2. BIND 9.2.2 is very very old. The whole of the 9.2.x series is EOL
(and that was after 9.2.9). It's long past time that you upgraded.
--
Chris Thomp
t any RRSIGs using it any longer, and removes its TYPE65535
record.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
en't, consider switching to a Unix flavour that
does...
But this is getting off-topic for bind-users.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
fied for zone "localhost"
@ 86400 SOA localhost. . 0 28800 7200 604800 86400
@ 0 NS localhost.
@ 86400 A127.0.0.1
@ 86400 ::1
(db.localhost-rev)
; Like empty zone, but modified for reverse lookup of "localhost" (IPv4 or IPv6)
@ 86400 SOA localho
fault, or I can imagine
people getting quite upset about the security implications.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Apr 3 2009, R Dicaire wrote:
On Fri, Apr 3, 2009 at 10:55 AM, Chris Thompson wrote:
This one is hardy perennial, of course, but I've been working on an
"index zone" in a certain local DNS context recently, and thinking
how convenient it would have been if BIND had prov
On Apr 3 2009, Niall O'Reilly wrote:
Or Google for "vixie metazone" (without the quotes).
... and it tells me I probably wanted to know about nosedrops
("Vista-methasone") ... :-)
[yes, OK, and some real links as well]
--
Chris Thomp
s done the same
thing already. Also, a suggestion to ISC that they use lrand48() on
Solaris, in the same way as they use arc4random() if that is available.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc
On Apr 7 2009, Stacey Jonathan Marshall wrote:
On 04/06/09 16:06, Chris Thompson wrote:
It turns out that rand(3c) in even recent Solaris versions returns
values in the range 0..32767 only. I suppose this is part of Sun's
rather extreme paranoia about backwards compatibility with pro
a) have no $TTL directive (b) have no explicit
TTL on the first RR in the master file. Or at least, with the various BIND
backwards-compatibility features, that's the case.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users
or the negative caching?
RFC 2308 is not clear.
How could "$TTL override the SOA's min TTL"? The $TTL value doesn't exist
in the compiled zone, and of course $TTL could occur many times in the input,
with different arguments. Maybe you mean "the TTL value of the SOA r
there any way to limit the zone-transfer to require both key and
known IP using allow-transfer?
Yup. Use
allow-transfer { !{!11.22.33.44}; key secret-key; };
Now sit down with a cold, cold drink and puzzle out why that works!
--
Chris Thompson
Email: c...@cam.ac.uk
ewhat inconsistent: since when has the rdata part
of an A or record been a "domain name"?
The real restriction seems to be that the rdata consists of a single
lexical item.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing
them :-(
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
It seems that even in the most recent versions of BIND, rndc supports
only the hmac-md5 algorithm. Given that MD5 is being deprecated all over
the place (I am thinking of draft-ietf-dnsext-tsig-md5-deprecated-02
in particular), is this wise?
--
Chris Thompson
Email: c...@cam.ac.uk
27;t, is a perfectly reasonable requirement.
What you need to do is to add a prereq requiring the RRset to exist
("prereq yxrrset mandy11.example.com A") or for it to have particular
contents ("prereq yxrrset mandy11.example.com A 192.168.255.42")
before it is deleted.
--
Chris
urvives named being restarted.)
So what are the TYPE65535 records actually for?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
deleted key, but are not required
or used when resigning.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
BIND imposes the same restriction on the key-directory value as it does
on directory, i.e. that it has to be an absolute path or ".". I don't
see why this should be necessary: why can't it be a path relative to the
directory setting? (Just as "file" values in zone
n the box right now, so I am looking to see if
anyone has suggestions about what might be causing this, and/or ways to
resolve it without restarting the named daemon.
You never need to restart named. (Well, hardly ever.) You can change
the logging configuration in named.conf, check your syntax w
not even obvious what the original query was in these cases.
(If I could find that out I could try the same query on a quieter
nameserver with more logging turned on.) There are no messages
generated at this level when I force a validation failure to occur
("dig soa advocaat.pro" remain
On Jun 11 2009, Jeremy C. Reed wrote:
On Thu, 11 Jun 2009, Chris Thompson wrote:
We have recently turned on DNSSEC validation (using dlv.isc.org) in our
main university-wide recursive nameservers, which are running BIND 9.6.1rc1.
No-one is actually complaining, but the counts I am seeing for
on other validating nameservers.
Just to expand on that a bit: the DS record in the parent zone correctly
describes the KSK in the child zone, and the RRSIGs in 8.84.in-addr.arpa
appear to be correct ... except that they all expired over 15 months ago!
--
Chris Thompson
E
ed transfers from trusted master servers.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
cult to find in the ARM.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ere aren't any. (I don't actually
much like syntax like this, when leaving out an argument has such a
wide-ranging effect that might not have been intended. "rndc freezeall",
say, would have been a better idea.)
--
Chris Thompson
Email: c...@cam.ac.uk
__
etc would be greatly appreciated.
Useful to me diagnosing your problem were
dig dlv kritek.net.dlv.isc.org.
dig +dnssec +cd dnskey kritek.net.
and observing that the key tags didn't agree.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind
"Responding to Queries
for NSEC3 Owner Names" mandates the response you are seeing.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
the extra official slaves.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
can find a one-character TLD.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
.
- propagation of what?
Who knows? But AFAIK MIT don't actually *intend* bitsy.mit.edu to be
an open recursive nameserver, although it is one. (Somewhat worrying
from our POV, as it's one of the official slaves for cam.ac.uk.)
--
Chris Thompson
Email: c...
ended - if so I can't work out which entry in the
CHANGES file it corresponds to.
Both 9.6.0 and 9.6.1 give REFUSED if one attempts to delete the
last KSK (although they let you remove all the ZSKs).
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-use
ke them to cover DNSKEY ones as well.)
There is a limit to how much "validation" you can do on an RSASHA1
key record (the most popular type), absent the signatures that use it.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing li
On Jul 15 2009, Mark Andrews wrote:
In message ,
Chris Thompson writes:
In BIND 9.6.0 one could take an unsigned zone and add an initial
KSK and ZSK to it using nsupdate (and if the right files were in the
key directory, it would sign everything correctly). In BIND 9.6.1
this no longer works
event.
Unfortunately I failed to get a core dump of named in the non-responding
state (I need to review my procedures for that!) so I haven't got enough
to report to bind-bugs. This is an appeal to ask if anyone has seen
anything similar.
--
Chris Thompson
Email: c...
On Jul 20 2009, Tech W. wrote:
I have Bind-9.6.1 running on our university environment, have been
using dynamic update.
My question is, when other DNS query my named for a record, for example
test.example.com, but this record doesn't exist. How long time will the
remote DNS cache this nonexist
ng to treat the RR order in the answer
as significant. They will use the priority and weight fields as
described in RFC 2782 (or so one hopes). Those should be adjusted
appropriately in the two views.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-
rstanding what causes these. The zone had several
externally applied updates (apparently successfully) during this period,
before the one that hung.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
e they can roll out DNSSEC,
won't they?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
E does not redirect the owner name itself,
only its descendants. (That's why it is allowed at the zone apex
in the first place, of course.)
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/m
On Jul 30 2009, Danny Mayer wrote:
Chris Thompson wrote:
On Jul 28 2009, sth...@nethelp.no wrote:
% dig +short a dns3.potomacnetworks.com @a.gtld-servers.net
216.250.243.230
As long as that host record exists, with an IP different from what
your authoritative servers reply with, you are
ply*
to v6 queries without *generating* them. (For the record, I have the
same issue than Gilles.)
Would
server ::/0 { bogus yes; };
work?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lis
0 July 2010, or will the
numbers start dropping as higher-level domains get their signed
delegation procedures going?
Anyway, congratulations and thanks to ISC for providing this service.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing
On Jul 30 2009, Matus UHLAR - fantomas wrote:
On Jul 30 2009, Stephane Bortzmeyer wrote:
-4 shuts down any v6 service. We would like BIND to be able to *reply*
to v6 queries without *generating* them. (For the record, I have the
same issue than Gilles.)
On 30.07.09 15:46, Chris Thompson
Draft
draft-livingood-dns-redirect-00 over on the dnsop mailing list -
see http://www.ietf.org/mail-archive/web/dnsop
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Aug 3 2009, Danny Mayer wrote:
Chris Thompson wrote:
[...]
You are misinterpreting what I said. Of course erroneous glue needs to be
corrected. But there is no need for the servers to return IP addresses
provided for glue as an *answer* to a query, as the *.gtld-servers.net ones
do, rather
On Aug 3 2009, JINMEI Tatuya / 神明達哉 wrote:
At 03 Aug 2009 11:52:10 +0100,
Chris Thompson wrote:
will believe this answer (and cache it). This would only be proper
behaviour if the *.gtld-servers.net were slaving (possibly stealth slaving)
potomacnetworks.com - which of course they aren&#
e earliest expiry time is (comfortably) later than the next
time you expect to resign the zone in the same way. (I am assuming that
you are using offline signing only.)
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.
On Aug 14 2009, Paul Wouters wrote:
On Fri, 14 Aug 2009, Chris Thompson wrote:
I'm running into a strange issue where when signing a zone with
re-using signatures, that sometimes 1 RRSIG record ends up with
a validity time of almost nothing. This happens for instance when
signing (a
itter only makes the
interval less, by up to the -j amount, never more.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
you need an external hints file if you are using a fake root for
a network isolated from the Internet. Otherwise, it's largely a matter of
taste. Personally, I prefer to keep one in my configurations for the small
amount of extra flexibility that provides.
--
Chris Thomp
rying another dlv.isc.org nameserver
with better luck.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
01:500:31::63#53(X.ARIN.NET) in 166 ms
;; Truncated, retrying in TCP mode.
;; connection timed out; no servers could be reached
No joy if you actually wanted a result, of course. Both nameservers
for the zone are u/s.
--
Chris Thompson
Email: c...@cam.ac.uk
ter once a day, in the
early hours but that's just habit and I've always thought we were a bit
hyperactive.
I think so too.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mai
times?
Using the xfer-in (level info) log entries is probably your best substitute.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
to specify +norec when "appropriate"?).
Query logging will help you track them down if you are really concerned.
At 0.4%, I wouldn't worry.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
http
believe that the frequency is related to transient network
errors or delays, but I have no idea whether they are likely to be local
or at at the dlv.isc.org server end.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lis
on them to sort this out.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
nes ("reverse lookup results should only be treated as a hint, anyway").
What I would like to see is for more reverse zones to go away, by use
of the scheme I describe in
http://people.pwf.cam.ac.uk/cet1/prune-reverse-zones
(There probably ought to be a date in that - it was written la
On Sep 30 2009, Mark Andrews wrote:
In message ,
Chris Thompson writes:
DNSSEC certainly adds to the aggravation of having lots of piddling little
reverse zones. Some people may just decide not to bother signing reverse
zones ("reverse lookup results should only be treated as a hint, a
hat was an unfortunate choice of syntax back in
the Mesozoic. But it's absolutely principle-of-least-surprise that
the same rules should apply to the $ORIGIN argument as well. And of
course, there are people relying on that behavior as well, especially
within $INCLUDE'd
(in general) start
with keywords.
For the whole truth, you need to look at lib/isccfg/namedconf.c and
lib/isccfg/parser.c and work out in exactly which cases cfg_parse_mapbody
in the latter gets called :-(
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ng that it will be out before 9.7.0b2 is...
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
g to current reports).
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
clients to change their DNS
resolver IP address.
Put the authoritative-only nameservers at the new IP addresses, keeping
the recursive ones at the original IP addresses.
Been there, done that!
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users
ons.)
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
n-addr.arpa than
ns1.etecsa.net and ns2.etecsa.net do. You have a lot of errors to
correct.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
o be those that got into 9.5.2.)
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
complaining about?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
o to do recursive lookups.
[It's never been entirely clear to me why these functions have to be
combined, especially given that "server [ipaddr/len] {bogus yes;};"
can be used to block outgoing queries.]
--
Chris Thompson
Email: c...@cam.ac.uk
licates (due to case-insensitivity). Ever since I first
saw you recommend this, I have wondered "why did I ever think TXT records
were the right way to do it?" ...
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
be final in a little over a month, which is fortunate
timing.
(But it's not too obvious to me that adding support for a new signing
algorithm should necessarily be considered a "major functional change".)
--
Chris Thompson
Email: c...@cam.ac.uk
___
ed to be, is expired and gone
to meet its maker, etc. etc. It is an ex-BIND.
and in any event I'd like to know what the
issue is. Any ideas on what I'm doing wrong?
Did the above help?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ame" convention.
Altogether, using AXFR is the thing to get used to using in this
context. (If you disable zone transfers generally, at least allow
them on the loopback interface.) Then start using "masterfile-format
raw", and forget about thinking of zone files are something human
t do that. (Probably there are other niggling things I
have forgotten as well.)
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
try a shorter key and see if that works.
Just to clarify, does this also apply to HMAC-MD5 (block size = 64 bytes,
digest size = 16 bytes) ?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/ma
und
and here is what I know:
running 'pfiles' on named on the two complaining
show 1023 files the happy ones are showing less
than that. This tells me there's a limit of 1024
somewhere.
[... rest snipped ...]
--
Chris Thompson
Email: c...@cam.ac.uk
make your voice heard.
We hear you. Expect a decision in the next few days.
So, has the decision been made?
[I am tentatively planning on going to 9.7 in production round about Easter,
in good time for the RSASHA256-signed root zone in July, but it would be
nice to have a fall-back option.]
invalid.
But the CHANGES files list *three* security fixes (2827, 2828 & 2831),
none of which seem to be superficially the "same" vulnerability. So is
the "two" above a mistake?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users
in the query pattern that might
explain this, without success so far. If anyone else has seen a similar
effect as a result of upgrading, please let me know.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
that turns out not to be the case ...
(Using "-m record" was motivated by a unfreed-memory-at-shutdown abort
that we observed with 9.6.1-P1 -- and not since -- and reported on
bind9-bugs as RT #20675.)
--
Chris Thompson
Email: c...@cam.ac.uk
__
c.org (where the DLV records
always come in pairs with digesttype=1 and digesttype=2). [Self
registration at dlv.isc.org asks for DNSKEY records in the first
place, of course.]
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-
parent's?
Shouldn't there be an additional @parent.name.server argument?
Not necessary if the nameserver you are sending the dig request to
is DNSSEC-aware, and therefore following RFC 4035 section 3.1.4.1.
--
Chris Thompson
Email: c...@cam.ac.uk
___
lead to all sorts of confusion if they are validating
via dlv.isc.org (say).
But the solitary 9.5.1-P3 is a counter-example (2579 was fixed in
9.5.1-P2). Maybe its version number is faked ...
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
201 - 300 of 344 matches
Mail list logo
