Hi.
I’m migrating an old bind from Oracle Linux 6 to Oracle linux 9.16.
The first thing I noticed was that there were 2 bind versions available in this
new distro. I went for the newest.
It is “named-chroot” and a “slave” configuration for my domain. The files are
already being transferred au
quot;, tcpdump shows it trying to connect to top
level IPs
And I keep getting SERVFAIL.
Regards.
David
-Original Message-
From: Marco
Sent: 13 January 2023 11:33
To: bind-users@lists.isc.org
Cc: David Carvalho
Subject: Re: Can not query localhost
Am 13.01.2023 schrieb David Carv
keys-directory "/var/named/dynamic";
and everything worked. Still don't understand exactly why, I will continue
to investigate, but any feedback is welcome.
Thanks
Regards
David
-Original Message-----
From: bind-users On Behalf Of David
Carvalho via bind-users
Sent: 13 January
st the zone you
added and any acls. Distros expect you to put local changes in isolated files
so they can update defaults configurations without overwriting local config.
Copying everything means that you are missing all those changes.
> On 14 Jan 2023, at 03:48, David Carvalho via bi
Hello.
I hope someone could help to understand the following.
I have "my.domain.pt" and a master and slave server for the "my" part. I
have been using "recursion yes" in both named.conf, as I want them to be
both authoritative and cache for my clients.
Last week I migrated my slave DNS server to
ust be enabled.
Secondly, do you have "minimal-responses" configured on either/both servers? If
so, what is it set to? There were changes in 9.16 so maybe these explain your
observations.
Cheers, Greg
On Tue, 24 Jan 2023 at 16:49, David Carvalho via bind-users
mailto:bind-users
t
Sent: 24 January 2023 20:12
To: David Carvalho
Cc: bind-users@lists.isc.org
Subject: Re: recursion yes/no?
On Tue, Jan 24, 2023 at 04:48:34PM -0000, David Carvalho via bind-users wrote:
> Hello.
>
> I hope someone could help to understand the following.
>
> I have "my.
vers shouldn't need it and should have "recursion no;". So the
first question is, do your servers make queries out to other places? If so,
recursion must be enabled.
Secondly, do you have "minimal-responses" configured on either/both servers? If
so, what is it set to? T
Hello, good morning.
I'm trying to setup DNNSEC and I've been using Bind9.16 packages available
in Oracle Linux 8. Somehow there are also "Bind" packages, which default to
9.11 version. Being a new installation I went for 9.16. The problem now is
that dnssec-keygen seems to be only available in ve
Thanks gor the reply.
I am able to find bind9.16-dnssec-utils in CentOS repository, but have not
installed it yet. I'm trying to find out more information about why this
package is not available, unlike the other for version 9.11.
Had you any dependencies problems or it was straight forward?
Th
mean time.
Regards,
Petr
1. https://bugzilla.redhat.com/show_bug.cgi?id=2115322
On 3/20/23 13:31, David Carvalho via bind-users wrote:
Hello, good morning.
I’m trying to setup DNNSEC and I’ve been using Bind9.16 packages available in
Oracle Linux 8. Somehow there are also “Bind” packages, which defau
at.com/show_bug.cgi?id=2115322
On 3/20/23 13:31, David Carvalho via bind-users wrote:
Hello, good morning.
I’m trying to setup DNNSEC and I’ve been using Bind9.16 packages available in
Oracle Linux 8. Somehow there are also “Bind” packages, which default to 9.11
version. Being a new installatio
Van: bind-users mailto:bind-users-boun...@lists.isc.org> > namens David Carvalho via
bind-users mailto:bind-users@lists.isc.org> >
Verzonden: Friday, March 24, 2023 10:22:45 AM
Aan: 'Petr Menšík' mailto:pemen...@redhat.com> >;
bind-users@lists.isc.org <mailt
Hello, hope everyone is fine.
So it seems that going to Bind version 9.16 was the right call as it
simplifies DNSSEC a lot.
Nevertheless, I would like to clarify some things because our organization
has a parent domain and I host my own e-mail servers. I know they had
problems while implementing
NSSEC with BIND 9.16
Hello David,
On 4/11/23 12:02, David Carvalho via bind-users wrote:
> Hello, hope everyone is fine.
>
> So it seems that going to Bind version 9.16 was the right call as it
> simplifies DNSSEC a lot.
>
> Nevertheless, I would like to clarify some things bec
23 11:16 To: bind-users@lists.isc.org Subject: Re:
> Fully automated DNSSEC with BIND 9.16
>
> Hello David,
>
> On 4/11/23 12:02, David Carvalho via bind-users wrote:
>> Hello, hope everyone is fine.
>>
>> So it seems that going to Bind version 9.16 was the right cal
Hello, again.
Guys, sorry once again, but my dnssec implementation didn't work out.
Using 9.16.23 (I have that problem of keys being regenerated every restart,
but I'll learn to sign the zone later using the original key- Bug solved in
version 9.16.30).
After providing my DNSKEY record to
uot;SERVFAIL" to my client queries. I don't think I tested
dnssec-validation to no when dnssec was enabled, nor if this makes much
sense, but I can try.
Kind regards
David
On Wed, Apr 12, 2023 at 05:41:33PM +0100, David Carvalho via bind-users
wrote:
> After reverting my prima
rt?
Kind regards,
David Carvalho
-Original Message-
From: Evan Hunt
Sent: 12 April 2023 18:08
To: David Carvalho
Cc: bind-users@lists.isc.org
Subject: Re: dnssec-validation?
On Wed, Apr 12, 2023 at 05:41:33PM +0100, David Carvalho via bind-users
wrote:
> After reverting my primary dns
Hello.
Both content and timestamps. I've been told previously here that there is a bug
prior to version 9.16.30. I'm using 9.16.23, no update available yet.
No, not removing 😉
Regards
David
-Original Message-
From: bind-users On Behalf Of Jan-Piet Mens
Sent: 13 April 2023 11:12
To: bind
stick with provided packages.
Kind regards
David
-Original Message-
From: Ondřej Surý
Sent: 13 April 2023 14:40
To: David Carvalho
Cc: Bind Users Mailing List
Subject: Re: Fully automated DNSSEC with BIND 9.16
> On 13. 4. 2023, at 15:25, David Carvalho via bind-users
> wrote:
&g
David
-Original Message-
From: Anand Buddhdev
Sent: 13 April 2023 16:48
To: David Carvalho
Cc: 'Bind Users Mailing List'
Subject: Re: Fully automated DNSSEC with BIND 9.16
On 13/04/2023 17:17, David Carvalho via bind-users wrote:
Hi David,
> Hello and thanks for the reply.
> I
Hello and thank you for the reply.
Problem 1 - I'll have to investigate further.
As for problem 2 ... it's weird.
I was working on another thing and now I was checking permissions by your
suggestion, when I noticed the files have new timestamp from a while ago.
I compared the contents of the updat
although outside tools showed everything was fine, my
> server kept answering "SERVFAIL" to my client queries. I don't think I
> tested dnssec-validation to no when dnssec was enabled, nor if this
> makes much sense, but I can try.
>
> Kind regards
> David
>
gt; On 13 Apr 2023, at 19:23, David Carvalho via bind-users
> wrote:
>
> Hello and thank you for the reply.
> My domain is "di.ubi.pt". The parent domain "ubi.pt" recently
> configured DNSSEC (BIND 9.11) so it was time again for me to try to
> set it up for my
Hello guys
Asking for your help, again.
So after setting up DNSSEC I've found I couldn't reach some internal sites
on my top domain, served by internal DNS servers
There's no need in hiding domains as my e-mail is shown here.
Top domain
ubi.pt (external
and forward zone
Hi David,
You can disable validation on one or more domains using "validate-except" -
https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-validate-except
Thank you,
Darren Ankney
On Wed, Apr 19, 2023 at 5:05 AM David Carvalho via
and forward zone
Hi David,
You can disable validation on one or more domains using "validate-except" -
https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-validate-except
Thank you,
Darren Ankney
On Wed, Apr 19, 2023 at 5:05 AM David Carvalho via
; https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statem
> ent-validate-except
> <https://bind9.readthedocs.io/en/latest/reference.html#namedconf-state
> ment-validate-except>
>
> Thank you,
>
> Darren Ankney
>
> On Wed, Apr 19, 2023 at 5:05 AM
namedconf-statement-validate-except
Thank you,
Darren Ankney
On Wed, Apr 19, 2023 at 5:05 AM David Carvalho via bind-users
mailto:bind-users@lists.isc.org> > wrote:
Hello guys
Asking for your help, again.
So after setting up DNSSEC I’ve found I couldn’t reach some internal
Hello, good afternoon.
We've had an internet failure for a few days last week and as services got
online I found the following:
Dns queries about my.domain from my.domain worked as expected. Since there
was no internet connection, I obviously couldn't query the outside world.
Reverse (PTR)
@lists.isc.org
Subject: Re: Reverse lookups not working when Internet connection failed.
On 04.11.22 15:41, David Carvalho via bind-users wrote:
>We've had an internet failure for a few days last week and as services
>got online I found the following:
>
>Dns queries about my.domain from my.
t connection failed.
On 11/4/22 10:07 AM, David Carvalho via bind-users wrote:
> My reverse zone file
What is the origin of your zone file? 0-28.66.136.193.in-addr.arpa.?
> 1.0-28.66.136.193.in-addr.arpa. IN A 193.136.66.1
You seem to be using RFC 2317 Classless IN-ADD
Of Grant Taylor
via bind-users
Sent: 04 November 2022 17:07
To: bind-users@lists.isc.org
Subject: Re: Reverse lookups not working when Internet connection failed.
On 11/4/22 10:54 AM, David Carvalho via bind-users wrote:
> Thanks for the replies.
You're welcome.
> My reverse zone i
Hello again.
Finally had the opportunity to get back to this.
Having internet connection restored, everything seems to be working as supposed
to. One simple query from my client and one response from my server.
Output from wireshark:
1 0.0010.0.0.199 193.136.66.1DNS
024, at 04:44, David Carvalho via bind-users
> wrote:
>
> Hi!
> Sorry for this “beginner” question. If I knew this before, than I completely
> forgot.
> I know a “.” Inside a zone file can be used to define top level entry .If a
> record entry doesn’t have it, it gets
Hi!
Sorry for this "beginner" question. If I knew this before, than I completely
forgot.
I know a "." Inside a zone file can be used to define top level entry .If a
record entry doesn't have it, it gets itself along with the domain name.
Today I was comparing my master and slave, which provide
37 matches
Mail list logo
