Re: do not stupidly delete ZSK files

in the DNSKEY rrset. "dnssec-settime" sets the timing metadata for the key so that named will delete it next time it reads the key file. "rndc loadkeys" tells it to read the file. The key should be deleted from the zone now, and you can remove the key files saf

Re: running named built with --enable-native-pkcs11 without HSM provider library

writing of) such a shim provider? We'd certainly be happy for any assistance. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mail

Re: do not stupidly delete ZSK files

On Thu, Jul 30, 2015 at 10:30:33AM -0700, David Newman wrote: > After that second procedure (and also chown'ing the keyfiles to the bind > user), the command 'dig +dnssec +multi dnskey example.com' gives > different results depending on which nameserver gets the query: > > Hidden primary (not auth

Re: REQUIRE(rdataset->rdclass == db->rdclass) failed

to the internal TLD. I'm not sure that what you're doing should work, but it definitely shouldn't fail by crashing the server, so either way we ought to fix it. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit

Re: Bind v9.9.7-P2 inline-signing hourly?

ed, an existing key scheduled for deletion, a standby key activated, etc). -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mail

Re: Version Number

t;subscription" version of BIND 9.9; it contains a preview of new features that will be rolled out to the general public in the 9.11 release: negative trust anchors and a few other items. 9.9.7-S5 is the most up-to-date version of that branch. -- Evan Hunt -- e

Re: DNSSEC ZSK rollover

s out the work of resigning over a longer period of time to reduce the load on the server. (And a lot of people prefer smaller IXFRs anyway.) You can adjust the resigning interval, or force a full resign with "rndc sign". -- Evan Hunt -- e...@isc.org Internet Syst

Re: logging bug for rpz at load-time?

On Thu, Sep 03, 2015 at 03:30:43PM +0100, Phil Mayers wrote: > I'm a tiny bit uncomfortable exposing the detailed config here given > what it does. You can open a bug ticket at bind9-b...@isc.org. ISC's bug database is closed and confidential for this exact reason. -- Evan Hunt

Re: BIND 9.9.8-S1 Release Notes (What's 'S' stands for?)

same stuff by cloning the development branch in our git repository at source.isc.org. (I can't guarantee not to have broken anything recently, though.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.

Re: BIND 9.10 also-notify syntax

On Wed, Sep 23, 2015 at 03:37:23PM +0100, greg.ra...@bt.com wrote: > Can someone please confirm if the BIND 9.10 ARM documentation is wrong? Yes, the grammar was copied incorrectly into the ARM. Thanks for pointing it out. -- Evan Hunt -- e...@isc.org Internet Systems Consortium,

Re: Caching and upper case issue with BIND 9.9.7-P3

};" to your options. If you want it back for all clients, then use "no-case-compress { any; };". -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscr

Re: Fwd: problem using setuid ("-u" option) with BIND 9.10.3 on RedHat when listening on tun/tap interface

you'll get a fraction of the performance. If you have a low-traffic server, that might not be a concern for you. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users t

Re: Root hints

RRset. In servers that still have the old hints, H wouldn't respond to the priming query, but all the other root servers would, and named would learn the new address for H from one of them, so H will work fine thereafter. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. __

Re: ENDS-CLIENT-SUBNET support for recursive queries

itory at source.isc.org.) Authoritative support for ECS is already in place. Some design work has been done toward recursive support, but it's not likely to be implemented until someone funds the development. -- Evan Hunt -- e...@isc.org Inte

Re: Writeable file already in use

s the errors i seen from named on my slave dns > > : named.conf:584: writeable file 'db.file-1': already in use: named.conf:194 On a slave server, named transfers the zone from elsewhere and writes a copy into a local file. These all need to

Re: Writeable file already in use

#x27;s mandatory in that case (named needs to know where to put the .signed file and the journal files), but I believe it's optional otherwise. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/ma

Re: Intended usage of dnssec-must-be-secure?

us. I would suggest slaving the local zone instead of forwarding it. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind

Re: Intended usage of dnssec-must-be-secure?

rust up to the root zone. 2) Have all your local resolvers slave the local TLD. When a server gives out an authoritative answer to a query, it doesn't bother to validate it, because when you're the authority you already *know* whether you're giving the correct answer. -- Evan Hun

Re: pre heat cache

Using it in a production environment would not be a good idea. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list b

Re: no-case-compress lifespan

certainly not as long as there's a continued need for it. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bin

Re: rndc signing -list not working?a

records aren't there now, I would guess you either already cleared them at some point, or else some other signing mechanism was used such as dnssec-signzone instead of the automatic signing in named. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc.

Re: Database driven ACL

, which will have an implementation of something like https://tools.ietf.org/html/draft-muks-dnsop-dns-catalog-zones-00. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to

Re: what does "max-ncache-ttl 0;" mean?

> So, it might actually mean "as big as possible". > > Consult the source code to be sure. Tony did consult the source code, upthread. And he was correct: for this particular option, zero does mean zero. -- Evan Hunt -- e...@isc.org Internet Syst

Re: Build with GEOIP

geoip.h in bin/named/include/named That file is part of BIND. Look for GeoIP.h, with the capital letters. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscr

Re: non-BDB support for DLZ in Bind9?

ition on BDB dependency & support, and implementation > any alternative such as LMDB, going forward? We have no position on the licensing issue. Technically, the DLZ modules are considered contributed code and are not formally supported by ISC, though we do make our best effort to fix bugs. If

Re: non-BDB support for DLZ in Bind9?

dlopen" part is enabled by default already, and the others are unnecessary.) Then "cd contrib/dlz/modules/bdbhpt" (or whichever one you want to use), and run "make". The resulting .so file needs to be put somewhere that named can find it. There's a sample configuration

Re: non-BDB support for DLZ in Bind9?

quot;Dynamically Loadable Zones" is, in retrospect, unfortunate. Now that it's possible to load DLZ modules at runtime with dlopen(), that means you can have dynamically loadable Dynamically Loadable Zones zones. Sorry about that.) -- Evan Hunt -- e...@isc.org Internet Systems Consor

Re: non-BDB support for DLZ in Bind9?

On Fri, Mar 25, 2016 at 11:59:41PM +, Evan Hunt wrote: > (The name "Dynamically Loadable Zones" is, in retrospect, unfortunate. Now > that it's possible to load DLZ modules at runtime with dlopen(), that means > you can have dynamically loadable Dynamically Loadable Zo

Re: generating TSIG keys with 'dnssec-keygen', get "error reading key file ... bad key type"?

On Tue, Apr 19, 2016 at 07:40:38AM -0700, jaso...@mail-central.com wrote: > I'm working on generating TSIG keys for use with my bind server. I think you'll be happier if you use "tsig-keygen" instead of "dnssec-keygen". -- Evan Hunt -- e...@isc.org

Re: generating TSIG keys with 'dnssec-keygen', get "error reading key file ... bad key type"?

mat you'd get by simply typing "tsig-keygen example.com". (The name "tsig-keygen" was introduced in BIND 9.10; prior to that, the tool was called "ddns-confgen", and it did essentially the same thing as it does now, but with some extra comments in the

Re: generating TSIG keys with 'dnssec-keygen', get "error reading key file ... bad key type"?

ct what *should* be there, but the collision- checking function is expectingly DNSKEY, and so it complains. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from th

Re: Whether Bind (bind-9.10.3-P3) support Edns ?

recursive support in a subsequent release. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.o

Re: BIND assertion failure - 9.10.4

s version of BIND. > > Hopefully it’s a one-off. Let me know if there is any more information I > can provide. This article lists useful information to include in bug reports. https://kb.isc.org/article/AA-00340 I'll follow up with you about this by private mail. -- Evan Hunt -- e..

Re: BIND 9.10.4 may have a fatal crash defect.

gi-bin/gitweb.cgi?p=bind9.git;a=patch;h=04a6d1de64b2b600f1c3a67b82abc32392048692 We're testing it for a few more days before we publish, just to make sure there isn't another error we haven't spotted yet, but this seems almost certain to be it. -- Evan Hunt -- e...@isc.org Internet Sy

Re: ISC considering a change to the BIND open source license

ck a few bucks of their > ill-gotten gains to you guys. All I can say is once you have your > shiny new license I'm going to be mighty POed if you don't sue > the pants off the next one of those companies that uses the BIND code > and effs it up to make an example for the

Re: ISC considering a change to the BIND open source license

s disappointing to me to add any burden to it at all. I do like eating, though, and I won't be able to fix as many bugs if I have to stop doing that. :/ -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://

Re: ISC considering a change to the BIND open source license

On Tue, Jun 14, 2016 at 08:06:55PM +, Evan Hunt wrote: > On a personal level, I actually agree with you, and I find the idea of > relicensing somewhat regrettable. It's not that I'm against the GPL, I > think software creators should be able to share their work on whateve

Re: writeable file 'domain.com': already in use

o that there's only one copy of the zone shared by both views. Or else use a different file name for the zone in each view, so the two copies of the zone aren't stepping on each other. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _

Re: named and use of resolv.conf? - how to "learn" this

authoritative servers in order to blah blah etc" and it might be nice to just say no. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bi

Re: managed-keys update when outgoing UDP is blocked

; view: default > next scheduled event: Tue, 25 Feb 2020 19:16:47 GMT > > name: . > keyid: 20326 > algorithm: RSASHA256 > flags: SEP > next refresh: Tue, 25 Feb 2020 19:16:47 GMT > trusted since: Mon, 03 Feb 2020 18:10:26 GMT "trusted since" indicates it manag

Re: checkzone from stdin?

On Wed, Apr 08, 2020 at 02:58:12PM -0400, Matthew Pounsett wrote: > It looks to me like named-checkzone isn't able to read a zone file from > stdin. You didn't mention what version you're running, but IIRC, this was added in 9.16. -- Evan Hunt -- e...@isc.org Internet Sy

Re: checkzone from stdin?

On Wed, Apr 08, 2020 at 10:22:55PM +, Evan Hunt wrote: > You didn't mention what version you're running, but IIRC, this was > added in 9.16. My mistake, 9.17. On most Unices you can specify /dev/stdin as the filename though, and that should work with any version. --

Re: BIND-9.16.1 & KASP

tomated > MMDDxx number - date it was last 'modified'. Would be perfect for > small zones that are rarely updated. I think the zone option "serial-update-method date;" does this. (I haven't tested it with dnssec-policy though.) -- Evan Hunt -- e...@isc.o

Re: BIND-9.16.1 memory leak?

thing unusual in your server configuration? -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.

Re: Vim Syntax, New Release for ISC Bind named.conf 5.16

any chance? -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/li

Re: Nsupdate and TTL

ample.com in a > update add example.com in a 192.0.2.1 > update add example.com in a 192.0.2.2 > update add example.com in a 192.0.2.3 > send -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mail

Re: DoH plugin for BIND

> Does BIND have a DoH plugin official? > Or is there any guide to customize that one? Not yet, but we plan to have a DoH implementation in named by the end of this year. In the meantime, there are DoH proxies that can run BIND as the back-end. -- Evan Hunt -- e...@isc.org Internet S

Re: DoH plugin for BIND

nfiguration for an nginx proxy in the BIND source tree under contrib/dnspriv that you can use now, if you wish. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe

Re: maxminddb support in 9.16

be largely unchanged, with the exception that a couple of very infrequently used keywords like "areacode" and "netspeed" became unavailable in the new API, and three-letter country codes are now obsolete. "Country" is definitely st

Re: maxminddb support in 9.16

b.isc.org/docs/aa-01149 Ah, thank you, I hadn't seen that. The only thing I see in that article that's out of date is that the "--with-geoip" option is no longer needed, or valid; it's "--with-maxminddb" now, and it's enabl

Re: DLZ: dlz/modules, dlz/drivers ?

ld system. The ones in contrib/dlz/drivers ones do need to be linked in at compile time, so they still turn up as configure options even though they're kinda obsolete now. I expect them to go away in 9.17/9.18; the only reason they're still there now is that a few of them support databas

Re: can bind support DOH and DoT

>1. Can bind support DoH and DoT >2. If yes Which version of bind support DoH or DoT It's in development now. The plan is for it to be supported in 9.18 when it comes out next year, and backported to the 9.16 branch as a compile-time option. -- Evan Hunt -- e...@isc.org Inter

Re: Syntex for primary/secondary

Old syntax will continue working so old named.conf files don't need to be changed, at least for the next several releases. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo

Re: rndc valid key types

reason not to select the strongest - HMAC-SHA512? No, go ahead. I tend to use sha256, just because it's the default from rndc-confgen. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/lis

Re: /etc/bind.keys in a chrooted environment

her domains listed there will be ignored. So, this would already not work. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds

Re: how to revert signed db zone file to unsgined plain text (remove dnssec keys)

r/cache/bind/db.powercraft.nl.signed You can just regex out all the DNSSEC-related types. Something like this ought to work: $ named-compilezone -f raw -F text -s full -o - powercraft.nl | \ awk '$4 ~ /(DNSKEY|DS|RRSIG|NSEC|NSEC3|NSEC3PARAM)/ {next} {print}' -- Evan Hunt --

Re: how to revert signed db zone file to unsgined plain text (remove dnssec keys)

cally sorted. "named" can do this automatically if you dynamically update a zone and remove the DNSKEY rrset. I think "dnssec-signzone -SPRQ" would do it if you marked the keys as deleted with "dnssec-settime" first; I haven't tested this, but it should. But I th

Re: DoH Support in bind 9.17?

.17.11. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact

Re: Does bind9 support adding acl and view through commands, not by updating config file?

ia "reconfig" either. Views don't scale well. Finding the correct view for a query is a linear search, so your performance will decline quite badly if you have more than a few views to search through. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. __

Re: GeoIP ACL

e an example to achieve the same? match-clients { !geoip country A; !geoip country B; !geoip country C; any; }; -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubsc

Re: where are the testing docs ?

t;sudo sh bin/tests/system/ifconfig.sh up"). I think the message got lost when we switched to automake. Some tests will be skipped if there are missing dependencies, so you may also wish to install the Net::DNS, Net::DNS::Nameserver and XML::Simple modules for perl, and dnspython for pyth

Re: No more support for windows

build under MinGW. (I'd be happy to get help with that project from anyone who knows windows better than I do - it wouldn't take much.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman

Re: 'managed-keys' is deprecated ??

, in place of both "trusted-keys" and "managed-keys". For the moment, using the old syntax only generates a warning, not a fatal error, but the old options will be removed in a future release (9.20, I think, but don't quote me on that). -- E

Re: Does BIND supports ANAME RR

and SVCB records look like a better approach anyway. BIND will have support for those pretty soon. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this

Re: Does BIND supports ANAME RR

ANAME was that browser vendors were unwilling to use SRV. If they *are* willing to use HTTPS/SVCB - which looks promising at the moment - then the remaining use cases for ANAME aren't worth the complexity. -- Evan Hunt -- e...@isc.org Internet Sys

Re: Syntax for ECS ACL Entry

documentation. There's a mechanism for flagging obsolete options in named.conf and logging a useful message about them, but it's not so straightforward when the option is still valid but the parameters have changed. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _

Re: Syntax for ECS ACL Entry

x27;t comply with the RFC, so it kind of had to go. I'm not sure which of the open-source auth servers currently have ECS support. PowerDNS maybe? And a quick google search just suggested one called gdnsd, which I hadn't heard of before. -- Evan Hunt -- e...@isc.org Internet Systems Co

Re: Notice of plan to deprecate map zone file format

ld be nice not to have to worry about map files when it came to maintaining feature parity.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC

Re: Notice of plan to deprecate map zone file format

t > instead.  Until the pendulum swings again. Yep, I think that's how we'll do this, if we do it. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs

Re: Question about "max-zone-ttl" in dnssec-policy

ifferent things (not to mention being documented to mean a third). Thanks for bringing this to our attention. I've created issue #2918 to track it in gitlab. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://li

Re: Possible to condition a view based on the interface the query comes in on?

ents; }; zone example.com { type secondary; file "example-secondary.db"; primaries { 127.0.0.1 key them-key; }; }; }; view them { match-clients { any; }; zone example.com { type primary;

Re: "make test" not working?

06 > # SKIP: 0 > # XFAIL: 0 > # FAIL: 0 > # XPASS: 0 > # ERROR: 0 > > make[7]: Leaving directory '/tmp/bind9/bind-9.18.0/bin/tests/system’ > […] > $ -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. -- Visit https://lists.is

Re: Question about missing bind.keys

ote that you should always check whether bind.keys needed to be updated. In today's world, I don't think it's inmportant anymore. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this li

Re: Question about missing bind.keys

dig @localhost unsigned.com | grep flags ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 $ dig @localhost ietf.org | grep flags ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ^^ -- Evan Hunt -- e...@isc.org Internet Systems Consor

Re: 9.18 behavior change for mDNS queries with dig

bably related to that. Please open a bug report at https://gitlab.isc.org/isc-projects/bind9/-/issues, we'll look into it. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC

Re: Using nsupdate remotely

zone example.com { type primary; file "example.db"; update-policy { grant update-key zonesub ANY; }; }; (Incidentally, the "ddns-confgen" command is a version of tsig-keygen that, in addition to generating a new key, also prints a

Re: Question about additional section in BIND-responses

it authority and additional section data except when necessary. The default is "no-auth-recursive", which omits authority section data when it isn't strictly necessary, but will still add additional data for records in the answer section. -- Evan Hunt -- e...@isc.org Internet Systems

Re: Thread handling

o this, I'd be happy to see it. It's always seemed pretty clunky to me but I've never had the necessary combination of time and brains to improve it.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe

Re: Thread handling

something about it that I don't? It would definitely be easier to *make* dyndb work for the cache; it has all the necessary API calls, and DLZ doesn't. But I don't know a way to configure it to take the place of the cache currently. If you do, please educate me. -- Evan Hunt -- e...

Re: Thread handling

at's what was in configure.ac. Later we added dlopen-able DLZ modules, which are built separately and linked in at runtime (see contrib/dlz/modules and subdirectories). For a long time both methods were available but in (I think?) 9.18 we finally removed the old-style drivers. -- Evan Hunt -

Re: Thread handling

akefile? No package requirement checking > through configure.ac? Correct. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid suppor

Re: when does bind calls plugin_destroy ?

debug(1), you should see "unloading plugin" in your log file when this happens. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with pai

Re: when does bind calls plugin_destroy ?

until that last reference is released. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www

Re: nsupdate ACL based on a key AND ip-subnet

hes too. boolean translation: (A and B) Hope that's helpful. (*I* find it hard to keep this syntax straight, and I wrote a big chunk of the code that implements it in BIND 9.5...) -- Evan Hunt -- [EMAIL PROTECTED] Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: nsupdate ACL based on a key AND ip-subnet

easier way to accomplish the same thing. I've never done so, but I'd expect it to work. But it sounds like you're asking for a feature change... clarify please? -- Evan Hunt -- [EMAIL PROTECTED] Internet Systems Consortium, Inc. ___ bi

Re: nsupdate ACL based on a key AND ip-subnet

l reason I can see. (There may be other reasons I don't know about.) It's probably not a high enough priority for ISC to devote engineering resources to it at this time, but if someone submitted a patch that added an ACL check to the update-policy syntax, I'm sure we'd

Re: ISC BIND Windows?

ease-candidate status, as is 9.6.0). And yes, win2k is still unsupported. -- Evan Hunt -- evan_h...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: validator bug?

to 9.3.6, 9.4.3, or 9.5.1, and see if you're still seeing the problem. -- Evan Hunt -- evan_h...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Using 2 CPUs with BIND

X CPUs, using Y worker threads". If you're not seeing that, your logging might not be set to the right severity level. Make sure to include "info"-level messages. -- Evan Hunt -- evan_h...@isc.org Internet Systems Consortium, Inc. __

Re: version

://www.isc.org/download/software/current -- Evan Hunt -- evan_h...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: libbind for 9.6 series is still not available

-free I'd expect it to be public in a week or so. I don't expect any changes to the code at this point, but the documentation is in flux. -- Evan Hunt -- evan_h...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind

Re: where is libbind???

> I would like to request that libbind install a pkg-config file (perhaps > $prefix/lib/pkgconfig/libbind.pc). Thanks. libbind-b...@isc.org and libbind-sugg...@isc.org would be the best places to send bug reports and suggestions, though, so we can keep track of them. -- Evan Hunt --

ISC libbind 6.0b1 is now available

bind. Bug reports can be submitted to libbind-b...@isc.org. -- Evan Hunt -- evan_h...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: libbind 6.0b1 bug?

> Actually, it is a compile time problem. > > Is there a place on the isc.org website to report a bug on libbind? > > I ddn't see it anywhere. libbind-b...@isc.org -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. __

Re: Hostname Naming Compliance

oss the board > anyway instead of at the operator's discretion? I haven't heard anyone at ISC suggest this, but if I did, I'd argue against it. I don't think we have any wish to be the "enforcers". :) And anyway, if we put "mandatory" compliance into B

Re: EDNS - edns-udp-size and max-udp-size

> The code just looks at the number of timeouts not at what > size was sent in the initial query. triededns512() records > when the DNS_FETCHOPT_EDNS512 has been set not when the > initial query advertised a receive buffer of 512 bytes. But, if the initial query uses a rec

Re: single-character host names

;t have a single-character name, it also defines names as including periods to delimit domain-name components. So, "m.google.com." is really a 13-character name, with a single-character component at the beginning, not a single-character name. -- Evan Hunt -- e...@isc.

Re: rndc addzone/delzone in 9.7.2rc1 (was: rndc reconfig delays)

e in the new-zone file. (You wouldn't want named to be directly editing named.conf.) If you haven't done the second part, then the zone isn't really "removed", just temporarily disabled. I felt that if we can't do both parts, we shouldn't do the first. If you

Re: BIND 9.7.1 + DLZ + DNSSEC: Possible?

#x27;re planning to use this for a hidden zone master or some such, where it would only be answering AXFRs, I think it could probably do that. Incidentally, BIND 10 can serve authoritative data from a database back-end; it currently supports SQLite3 and we're planning to add a MySQL data source dr

Re: When does BIND send queries with DO flag enabled?

are broken and don't understand EDNS. When BIND doesn't initially get an answer to a query, it retries in different ways, and eventually (on the third try, if I recall correctly) it tries omitting the EDNS option. No EDNS means no DO bit, and I'm pretty sure that's what you

<    1   2   3   4   5   6   >