Re: managed-keys-zone file not found

out this: > I have tried using managed-keys-directory option, but I cannot get rid of > this message. BIND hasn't created the file yet? Is your working directory or managed-keys-directory writable? -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _

Re: managed-keys-zone file not found

> Evan, I had this same message and it continued on every start. That's a bug, then. Thank you. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/

Re: managed-keys-zone file not found

u can work around it, as others have mentioned, by touching the file so that named will shut up, or you can ignore it. Thanks for your help with it. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-use

Re: MySQL BIND SDB

gative responses for records that don't. BIND 10 does have a SQL data source that's fully DNSSEC compliant. It's not really production-ready yet, but you can check out the work in progress if you like: https://bind10.isc.org. -- Evan Hunt -- e...@isc.org I

Re: ZSK syntax problems bind9.7.1P2

ONE okstate.edu You missed out the -a before RSASHA1. (However, you don't need it in 9.7, as that's the default algorithm anyway. You can leave out the -b and -n options as well.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _

Re: correct syntax for TSIG & IP restrictions for named-ACL versus just IP?

ty: http://www.mail-archive.com/bind-users@lists.isc.org/msg00045.html -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: m master file managed-keys.bind failed

quot; option (added in 9.7.1). > Is there, by chance, a "make it good" script where it > just chown's everything to the proper directories? That would be > very helpful. ...that's an interesting idea. Thanks. -- Evan Hu

Re: RT-Number?

his may change in the future; we've had some discussions of alternatives, but I don't expect anything to happen very soon. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https:/

Re: Bind 9.7 - sanity check or a bug

e zone before the change, not the new version of the zone resulting from the change, and consequently some valid updates were rejected. This was fixed in 9.7.3b1. The relevant routine is "zone_check_ns()" in zone.c. -- Evan Hunt -- e...@isc.org Internet Systems

Re: Please upgrade validators to at least BIND-9.7.2 before .com is signed

l the way to 9.7.2 if you prefer to stay with 9.6, however. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

ISC BIND 9.6.3 is now available

to make quality open source software, please visit our donations page at http://www.isc.org/supportisc. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: bind makes RRSIG disappear?

it. But routine RRSIG maintenance happens in *any* dynamic zone, with or without "auto-dnssec". Having RRSIGs disappear from a zone when there's no private key available for re-signing is probably a problem (at least, it would seem to violate the

Re: bind makes RRSIG disappear?

ee this as a symptom: I would really prefer if this kind of magic > only kicked in if explicitly enabled. Or, if that's not possibly for > usability reason, have a config switch like "don't touch my data - ever". I agree that option would be a good thing to have. -- Evan H

Re: BIND 9.7.3 is now available.

default now. We do on most other platforms.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: root zone initial key in bind.keys

ide auto"). The "dnssec-validation auto" feature isn't going to be backported to 9.7, but we thought it would still be useful for people to have a copy of the root key included somewhere in the tarball, so we put the key into both branches, but w

Re: root zone initial key in bind.keys

want to use the root key, comment the root key out of bind.keys. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: dnssec validation, managed keys, and chaos view

ical failure mode, but even if we fix that, the configuration you're using still wouldn't work right. I think named should reject or warn-and-ignore when it encounters managed-keys or dnssec-lookaside statements in non-IN views. It hadn't occurred to me to have it check for that; th

Re: dnssec validation, managed keys, and chaos view

atch later today. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

ISC BIND 9.8.0 is now available

ould be left with the zone in an unclean state. named detected this error too late and named would crash with an INSIST. The order dependancy has been fixed. [RT #23254] Known issues in this release * None. Thank You Thank you to everyone who assisted us in maki

Re: CVE-2011-0414 and Bind 9.7.3

> How sure are we that 9.7.3 fixes CVE-2011-0414? Pretty darn sure. > Because we are seeing behaviour that looks like CVE-2011-0414 > on our 9.7.3 server... Please send details to bind9-b...@isc.org. -- Evan Hunt -- e...@isc.org Internet Systems Consor

Re: Bind 9.8 with dlz and dnssec

other DLZ drivers (mysql, postgresql, ldap, etc) to back-end modules for the dlopen driver at that time as well. I'm not expecting to make them support dynamic updates yet, and hadn't even given any thought to to the problem of supporting DNSSEC, but we can add those features to the roadmap as

Re: force to flush from jnl to zone files

uot; afterward to re-enable DDNS. Rather coincidentally, yesterday afternoon I wrote the code for an "rndc sync" command that would dump the zone without freezing updates. That'll be in BIND 9.9. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc.

Re: problem for validate the script dnssec to isc dlv

working better. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

ISC BIND 9.6-ESV-R4 is now available

on http://www.isc.org/services/support for paid support options. Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://lists.isc.org/mailman/listinfo. -- Evan Hunt -- e...@isc.org Internet Systems Conso

Re: INSIST(n == 1) failed

seen it happen before. Do you have a coredump? Can you get a stack backtrace from it? You can report this to bind9-b...@isc.org. Please include the the OS you're running on, the output of "named -V", as as much detail as possible about how named is configured. -- Evan

Re: cname of cname of cname not working in bind 9.8.0

of named.conf (remove or obscure keys if you wish) and the zone file that exhibits the problem, and the exact command you're using to trigger this? -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lis

Re: Anyway to disable dns_zone_nscheck in 9.8.0?

one options before loading the masterfile). But I'm confused why one would want to serve a zone if it isn't going to work anyway. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org

Re: named crashed (mem.c:1099: INSIST(ctx->stats[i].gets == 0U) failed)

l the unfreed blocks of memory had been allocated. That record-keeping has an impact on performance, but it can help a lot with locating the problem. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@l

Re: DNSSEC, whitehouse, isc, and troubleshooting...

ns whitehouse.gov" and you should see the ad flag. (Anyway, it's working for me at the moment.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: named crashed (mem.c:1099: INSIST(ctx->stats[i].gets == 0U) failed)

e. I can't really make recommendations. (I, of course, think 9.7.4 and 9.8.1 will both be perfect snowflakes of bug-free wonderfulness, but you might not want to trust the opinion of the author on this point. ;) ) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. __

Re: BIND 9.4-ESV-R5b1 is now available

d failed to preserve the case of domain names in rdata which is not compressible when writing master files. [RT #22863] 2996. [security] Temporarily disable SO_ACCEPTFILTER support. [RT #22589] -- Evan Hunt --

Re: [dns-operations] Bind 9.8.0 intermittent problem with non-recursive responses

neral area of code that has the bug in it. I hope to have a fix soon, before 9.8.1 ships (but after 9.8.1b1, which is already in the pipeline). -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-us

Re: [dns-operations] Bind 9.8.0 intermittent problem with non-recursive responses

> I hope to have a fix soon, before 9.8.1 ships (but after 9.8.1b1, which > is already in the pipeline). Followup: The bug was in fact found about an hour after I wrote that, and will be fixed in 9.8.1. -- Evan Hunt -- e...@isc.org Internet Systems Consortiu

ISC BIND 9.8.1b1 is now available

enough space after calling grow_headerspace() and if not re-call grow_headerspace() until we do. [RT #22521] -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Problems in views in a zone transfer

tify statement but that's being fixed in 9.9.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Bug in bind 9.7.3?

> I using bind 9.7.3 as resolver in a slightly larger server farm with > some mail servers that use domain key validation. We're investigating the problem. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailin

Re: Bug in bind 9.7.3?

was in this case) or due to someone crafting a bad zone maliciously, we will be releasing a patch to all affected versions of BIND 9 as soon as I finish turning the crank. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing

Re: recursive lookups problems with 9.8.0_p2

roblem, and if so you can deploy 9.8.1 in a few weeks. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: recursive lookups problems with 9.8.0_p2

> after upgrading to 9.8.0p2 I have notices problems with recursive queries. > The server sometimes does not return answer for e.g. www.yahoo.com. Would it be convenient to try 9.8.1b1? It has a fix that may address this problem. -- Evan Hunt -- e...@isc.org Internet Systems Consortiu

Re: bind restart needed to reflect changes to dynamic zone in multiple views

in one view as a master and the one in the other view as a slave; then reloading the master will automatically send a notify to the slave. This involves tsig keys and is kind of fiddly, but works quite well (I run several zones that way on my home server). -- Evan Hunt -- e...@isc.o

Re: bind restart needed to reflect changes to dynamic zone in multiple views

e example.com { type master; file "filename"; update-policy { grant example-key zonesub ANY; }; also-notify { 127.0.0.1; }; }; }; -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___

Re: cve-2011-2464 affected the 9.4-ESV-R4-P1?

iggers: one was introduced in 9.6 and another in 9.7. Neither of them is in any version of 9.4. So, we *will* be releasing 9.4-ESV-R5 soon, and it contains a fix for the underlying bug. But we didn't release a patch today because there's no

Re: "Key : Delaying activation to match the DNSKEY TTL."

art signing records with this key until after the old DNSKEY record is guaranteed to have expired out of all the resolver caches. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-use

Re: update bind

conf -z" on your existing configuration. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-user

Re: "Key : Delaying activation to match the DNSKEY TTL."

date but from before-and-after comparison of the DNSKEY RRset. If this message came from dnssec-signzone, I guess maybe you were signing the raw zone, rather than re-signing a zone that was already signed? -- Evan Hunt -- e...@isc.org Internet Systems C

Re: "Key : Delaying activation to match the DNSKEY TTL."

saw the same warning message, but there's no reason you need to care. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users m

big improvement in BIND9 auth-server startup time

-performance -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo

Re: RFC 6303 and automatic empty zones

/server.c to disappear? Yes. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://li

ISC BIND 9.8.1b3 is now available

* None. Thank You Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to make quality open source software, please visit our donations page at http://www.isc.org/supportisc. -- Evan Hunt -- e.

Re: 9.8.1b3 windows binary

> The link in the download page seems to point to b2... Whoops. Thanks, we'll get that fixed. Meantime, you can use the direct ftp URL: ftp://ftp.isc.org/isc/bind9/9.8.1b3/BIND9.8.1b3.zip -- Evan Hunt -- e...@isc.org Internet Systems Consort

Re: ISC BIND 9.8.1b3 is now available

n dynamic zones if key is inactive and there is no replacement key. [RT #23136] -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe f

Re: CVE-2011-1910 vs bind 9.6-ESV-R4-P3

10, under "Solution". -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://li

Re: big improvement in BIND9 auth-server startup time

e-limiting due to the SOA queries slaves have to send to their masters. I very much doubt the raw zonefile format is the problem. Generally that'll reduce the zone loading time by almost half. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. __

Re: syntax error in $GENERATE crashed all nameservers

cted the conversion to fail, but, shrug. We'll be adding a better formatting check. Meantime: exercise caution. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-u

Re: bind-9.8.1 - make error with MySQL DLZ

THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifdef DLZ - #include #include @@ -527,5 +525,3 @@ return isc_mem_strdup(mctx, value); } - -#endif -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://li

Re: servfail are not cached!

x27;t had time yet. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mai

Re: Experience with DDNS (RFC 2136)

> 1. DNSSEC > > Of all of them, #1 and #6 were probably the most important. Note that this will be less of an issue in BIND 9.9: you can set up a DLZ master and configure a slave to do inline signing. -- Evan Hunt -- e...@isc.org Internet Systems Consor

Re: DNSSEC and EDNS behavior

ery was to flush cache. I don't think you need to flush the whole cache; 'rndc flushname ' will clear the entry for the affected name server, and should be sufficient. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _

Re: Securing zone transfer and DDNS

> Create your keys with the dnssec-keygen utility (check its manual page). Or 'ddns-confgen' is somewhat simpler. Its output is already in the format named.conf wants, and the keys it generates can be repurposed for other uses than DDNS. -- Evan Hunt -- e...@isc.org Internet Syste

Re: OT: Bind 9.9.0B1 Inline-Signing Question

anges that you've made via the same mechanism as ixfr-from-differences, generate signatures for the new records, and add those to the signed version of the zone automatically. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please v

Re: Reason for Limited number of Root DNS Servers

bytes in length. More than 13, and the packet would have been too large. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing

Re: OT: Bind 9.9.0B1 Inline-Signing Question

have a fix for this in a future release. It's not a problem when using inline-signing on slave zones; slaves load their data via zone transfer, not from files, so this issue doesn't affect them at all. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___

Re: DNSSEC external validation issues

192.168.18.1) ;; WHEN: Sat Nov 12 17:18:55 2011 ;; MSG SIZE rcvd: 38 -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-use

Re: bind-9.8.1: INSIST(! dns_rdataset _isassociated(sigrdataset)) failed

on. This is in fact one of the goals of BIND 10. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.i

Re: trigger point for new bug

because the query can be a perfectly innocuous one sent by an allowed host. The problem is what was in the cache at the time. > An authoritative only server ought to be safe? Yes. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Plea

Re: Can't compile bind 9.8.1-P1 on Solaris

zexternal/driver.o" and then run "make" again. The dlzexternal system test will fail when you run "make check", but otherwise your server will be fine. In general, issues like this are best sent to the bind9-b...@isc.com alias, which opens a ticket in our

Re: turning off gssapi in 9.8.1

> I notice that 9.8.1 ships with > --with-gssapi > on by default. > > If I turn that off, what functionality do I lose? GSS/TSIG authentication, which lets you interoperate with Active Directory servers. -- Evan Hunt -- e...@isc.org Internet Systems

Re: Can't compile bind 9.8.1-P1 on Solaris

> Using ./configure [ ... ] --without-dlopen [ ... ] got it to compile > and install, which is fine for me, but what should I do if I needed > DLZ support? Removing "dlzexternal" from SUBDIRS in bin/tests/system/Makefile ought to do it. -- Evan Hunt -- e...@isc.org Internet

Re: Port number in A record in zone file

rvers running on those aliases talking to each other. For example the "dnssec" test has a root server, TLD server, SLD server, and several resolvers (some of them misconfigured) to test DNSSEC validation from the root. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc.

Re: trigger point for new bug

e authoritative one down with it.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://li

Re: Bind 9.9.0B1 Inline-Signing Question

zone "ualbanytest.org" { type slave; file "ualbanytest.org.slave.db"; masters { 127.0.0.1 key secretkey; }; auto-dnssec maintain; inline-signing yes;

Re: Bind 9.9.0B1 Inline-Signing Question

you, by the way, for testing the code. If you'd like to get this issue into our ticketing system, send mail to bind9-b...@isc.org. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/list

Re: trigger point for new bug

does. Any server that does recursion, even if only in one view, should be considered to be at risk. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this

Re: trigger point for new bug

ou go. Setting max-ncache-ttl to 0 would prevent negative cache records from being retained for longer than the duration of one query, but that one query could still be enough to hurt you--I can't currently say for sure. Rather than guess, I recommend upgrading. -- Evan Hunt -- e...@isc.org Int

Re: Not able to resolve a domain

the BIND 9 documentation contains a sample blackhole ACL which, until recently, specifically recommended filtering addresses in that block. The advice is outdated but I think someone is still following it. -- Evan Hunt -- e...@isc.org Internet Systems Cons

Re: 9.9.0b1 inline-signing questions

update, bind rewrote jaspain.net.db.signed. > Is there a utility akin to named-journalprint that would display the > contents of jaspain.net.db.signed in human-readable form? It's a raw-format zonefile; you can convert it to text using named-checkzone: named-checkzone -D -f

Re: 9.9.0b1 inline-signing questions

BITWS" is an abbreviation for "bump in the wire signing", which is what we were calling this feature for a while, and there are a few leftover bits of code that still use the term.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. __

Re: nanny (was Re: bind-9.8.1: INSIST(! dns_rdataset _isassociated(sigrdataset)) failed)

> Personally I have always thought that the perl script in contrib is > overly complex. > > #!/bin/sh > > while : ; do > /path/named -f > sleep 17 > done That works, but note that it won't catch the problem if named hangs. Running it in xinetd wor

Re: OT: Bind 9.9.0B1 Inline-Signing Question

a zone are loaded for the first time in a newly-started server: i.e., you've updated the zone and then shut down the server, or shut down the server and then updated the zone. We expect to have this addressed by the time 9.9.0 is final. -- Evan Hunt --

Re: Bind 9.9.0b2 inline signing...

inline-signing' isn't necessary either. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind 9.9.0b2 inline signing...

d be likely to run in that way in production myself.) > By the way, I think there is a typo on page 99 of Bv9ARM.pdf: For > "inline-signing inline-signing", read "inline-signing". Thank you, fixed now. -- Evan Hunt -- e...@isc.org Internet Systems Consortium

Re: DNSSEC and IXFR

as of 9.9.0 it will also work with manually configured zones that have inline-signing turned on. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this l

Re: Exercising RFC 5011 rollovers

present. The right place to ask is probably the dnssec-deployment mailing list. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users

Re: Algorithm 'When to use EDNS0'?

> The dig tool does not use ENDS0 by default. Minor addendum: in BIND 9.9, it will. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list b

Re: How to identify a "raw" zone file

t;. The first of those is the format that's always been used up to now; the second is the format that will be used in 9.9.0, starting with the next beta. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.

Re: How to identify a "raw" zone file

vert back to the older version. (Thanks for reminding me of that scenario, we'll need to mention it in the release notes.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-use

Re: IXFR zone transfer

a dynamic update, and can then use IXFR with slaves. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@l

Re: What does this mean ? INSIST(zone->type == dns_zone_stub) failed

send details of the triggering event to an open mailing list. Instead, gather up the information detailed in this article: https://deepthought.isc.org/article/AA-00340/89/What-to-do-if-your-BIND-or-DHCP-server-has-crashed.html ...and send mail to bind9-b...@isc.org. Thanks. -- Evan Hunt -- e.

Re: Precaching in Bind 9 and up

lt; TTL)? If it does so by > default, at which point in time will it perform precaching (e.g., TTL-10%)? No. We've discussed it as possible future work, but it hasn't happened yet. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. __

Re: Exercising RFC 5011 rollovers

be a timer to reset. :) Feel free to open a ticket at bind9-b...@isc.org. It's not likely to be a particularly high-priority fix, though. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/ma

Re: DNSSEC made simple, is this possible?

hed version of openssl--but it does work. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists

Re: 9.9 query log change

ried. [RT #25944] This is to to help with debugging by making it easier for human eyes, and/or 'grep', to separate out the logging for one specific query from all the other contemporaneous queries. > The ARM for 9.9.0rc1 still describes the old format. Oops. Where, please? I

Re: 9.9 query log change

client 131.111.11.47#58644 (www.playground.test): endrequest It can be hard to pick those apart when you have several queries (or other tasks) being processed simultaneously in different threads. Adding the qname to all of them makes the process a little less opaque. -- Evan Hunt -- e...@isc.org In

Re: 9.9.0rc1: example from arm 4.8.3 does not validate

ritative server validate its own answers.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.o

Re: Can we stop emitting an error for managed-keys.bind?

;file not found" warnings when loading managed-keys zone. [RT #26340] This fix is in 9.7.5, 9.8.2, and 9.9.0, all of which are currently in release candidate status. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___

Re: Extracting key tag from DNSKEY

> Can I extract the key tag from a DNSKEY, obtained via dig? "dig +multi" will show it. In BIND 9.9, so will "dig +rrcomments". -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.i

Re: Extracting key tag from DNSKEY

27;t add any other options that start with "dn". (It only takes as many letters as needed to disambiguate the option you want from any of the others.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https

Re: bind 9.9 & inline-signing issue..

e changed, but it won't find any journal files to replay, so it will force the signed and unsigned databases to sync up to one another directly; it should remain sane after that. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Plea

Re: bind 9.9 & inline-signing issue..

we'd like your input. The target date for final release is quite soon, so the more testing we can get in the next few days, the better. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listin

Re: bind 9.9 & inline-signing issue..

.9.0rc2 is now available to BIND Forum members for initial testing before we roll it out to the public tomorrow. If you're not a Forum member but would like to have early access anyway, send me email. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _

<    1   2   3   4   5   6   >