recursion yes;
};
--end--
Upgrading bind is not currently an option. Is there a way to stop these errors?
--
Jack Tavares
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Mark:
>Ignore them. They are from the built in empty zones. They are fixed in
>the next maintenance release.
I notice that adding
"enable-empty-zones no;"
to the config stops these messages.
Is there any downside to doing that?
Thank you
--
Jack
___
have.
Can I make a request to add that info to the output if possible.
Thank you
Not that it matters but bind9.8.1-P1 build from the source.
--
Jack Tavares
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
are/man' '--with-openssl=/blah' '--enable-fixed-rrset'
'--enable-shared' '--enable-threads' '--enable-ipv6' '--with-libtool' etc etc
etc
I would prefer to not have that show up in the log.
Short of modifying the source,
Let me be more specific.
Is there a way to tell named to not log this message?
Thank you
--
Jack Tavares
From: Warren Kumari [war...@kumari.net]
Sent: Thursday, October 18, 2012 10:18
To: Jack Tavares
Cc: Warren Kumari; bind-us...@isc.org
Subject: Re
I wasn't suggesting that it be removed.
I was asking if it was possible to disable it if desired.
The answer is obviously no.
Thank you all for your time.
--
Jack Tavares
"How many more can we sell with this button?"
From: bind-users-bounc
One issue that *may* be impacting you (and another reason to upgrade)
is the size of the receive buffer within named was bumped up in 9.5 or 9.6
IIRC.
--
Jack Tavares
From: bind-users-bounces+j.tavares=f5@lists.isc.org
[bind-users-bounces+j.tavares=f5
g a misconception that this is the minimum TTL.
Thanks
--
Jack Tavares
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
DITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;subzone.test.net. IN DS
;; ANSWER SECTION:
subzone.test.net. IN DS 34845 7 1
325AA7B83FAC7DB621678EB2FB9035B51A0A504F
;; Query time: 0 msec
Should this work?
Thank yo
Of course.
Thank you.
--
Jack Tavares
"How many more can we sell with this button?"
From: Mark Andrews [ma...@isc.org]
Sent: Tuesday, February 05, 2013 19:58
To: Andrew Latham
Cc: Jack Tavares; bind-us...@isc.org
Subject: Re: adding DS record vi
I have been using libbind(6.0) to do dynamic updates via
res_mkupdate()
libbind is not currently under development.
Is there are replacement in bind9 that I should move to?
I see the LWRES but that does not appear to have any update support.
Thank you
--
Jack Tavares
t I should move to?
I see the LWRES but that does not appear to have any update support.
Thank you
--
Jack Tavares
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@list
I have a request for clarification:
The workaround states to rebuild BIND with regexp support disabled.
And I see new versions of BIND have been released.
Are those versions just a rebuild with regexp support disabled?
Or are they a more comprehensive fix?
thanks.
--
Jack Tavares
Thank you.
--
Jack Tavares
From: ISC Support Staff [support-st...@isc.org]
Sent: Tuesday, March 26, 2013 11:08
To: Jack Tavares
Cc: bind-us...@isc.org
Subject: Re: ISC Security Advisory: CVE-2013-2266: A Maliciously Crafted
Regular Expression Can Cause
Please disregard.
--
Jack Tavares
"How many more can we sell with this button?"
From: bind-users-bounces+j.tavares=f5@lists.isc.org
[bind-users-bounces+j.tavares=f5@lists.isc.org] on behalf of Jack Tavares
[j.tava...@f5.com]
Sent
ously used here
make[2]: *** [rdata.lo] Error 1
make[2]: Leaving directory
`/local/tavares/perforce/tmos-dns-bugs-bind/ports/bind/build/lib/dns'
make[1]: *** [subdirs] Error 1
make[1]: Leaving directory
`/local/tavares/perforce/tmos-dns-bugs-bind/ports/bind/build/lib'
make: *** [subdirs
BIND appears to be setup to compile against the idnkit supplied in contrib.
It will not build against GNU's libidn.
Or at least I have not been able to make it do so.
Is there a way to use libidn instead of idnkit (besides modifying the code
myself)
that I am missing?
Thank you
--
Hello -
Is it possible to enable inline signing of a zone in 2 different views with 2
different keys?
I have the following config:
view "external" {
match-clients {
1.1.1.1;
};
zone "test.com." {
type master;
file "external.test.com.";
allow-update {
file locally)
Thank you
--
Jack Tavares
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
as specified, wouldn't this zone then be non-authoritative
--
Jack Tavares
AIM: jackatavares
SKYPE: jackandkaddee
Reminder: I am at GMT+2, 10 hours AHEAD of Seattle.
My workweek is Sunday-Thursday.
Email sent to me Thursday afternoon (PST) may not be viewed until Sunday
morning (
other.third.name.server.
;
193 CNAME 193.192/26.2.0.192.in-addr.arpa.
194 CNAME 194.192/26.2.0.192.in-addr.arpa.
195 CNAME 195.192/26.2.0.192.in-addr.arpa.
That has no NS server defined for the zone, just the ranges of the zon
2.in-addr.arpa. 500 IN NS d88.test.net.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Dec 22 03:17:53 2008
;; MSG SIZE rcvd: 69
So I am trying to figure out, if named wont serve the 0/16 NS record from
168.192 zone,
what is the purpose of putting it there?
-
I have downloaded libbind6.0b1
My question is;
the arpa/nameser.h file included does not include
type definitions for DNSKEY (or other dnssec rr types)
in the ns_type enum.
am I looking in the wrong place?
Thanks
--
Jack Tavares
___
bind-users
Hello -
Any suggestions on this?
Thank you
--
Jack Tavares
From: bind-users-boun...@lists.isc.org [bind-users-boun...@lists.isc.org] On
Behalf Of Jack Tavares [j.tava...@f5.com]
Sent: Wednesday, February 11, 2009 15:00
To: bind-users@lists.isc.org
Subject
From: JINMEI Tatuya / 神明達哉 [jinmei_tat...@isc.org]
> I have downloaded libbind6.0b1
>
> My question is;
>
> the arpa/nameser.h file included does not include
> type definitions for DNSKEY (or other dnssec rr types)
> in the ns_type enum.
>
> am I looking in the wrong place?
> No, you're looking a
Actually, it is a compile time problem.
Is there a place on the isc.org website to report a bug on libbind?
I ddn't see it anywhere.
Thanks
--
Jack Tavares
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/lis
>
> > No, you're looking at the right place, and libbind isn't supposed to
> > provide any new feature regarding the new DNSSEC spec.
>
> Ok. So is there a 'C' api for dealing with DNSSEC in this regard?
>Hmm...I was wrong. There's actually a planned patch to introduce
>newer types in nameser.h,
Thank you
> Actually, it is a compile time problem.
>
> Is there a place on the isc.org website to report a bug on libbind?
>
> I ddn't see it anywhere.
libbind-b...@isc.org
--
jack
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.is
Hello
While starting up bind I get the following 2 messages
01-Oct-2010 15:13:15.304 set up managed keys zone for view external, file
'3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys'
and
01-Oct-2010 15:13:15.309 managed-keys-zone ./IN/external: loading from master
file 3c4
Forgive the top post.
The directory is writable. I run bind chrooted and the directory exists, is
owned
by the named user and is writable by the named user.
--
Jack Tavares
"How many more can we sell with this button?"
From: Dav
Evan:
> My statement about the expected behavior (i.e., that you'd see this log
> message only on the first start, and not thereafter) turns out to be
> true
> only if there's actually a managed key that needs maintaining. If you
> don't have any such keys, named won't create a file to save them
I am currently using libbind to do dynamic updates in "C".
I have looked in the bind 9.7.x source and I don't see a replacement mechanism
for this.
Is there one or is there one planned in bind10?
Thanks
--
Jack.
___
bind-users mailing list
bind-users@
I believe I found a bug in the libbind code.
Is this the correct place to report that?
Thanks
--
jack
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
age-
> From: Doug Barton [mailto:do...@dougbarton.us]
> Sent: Sunday, November 21, 2010 1:41 PM
> To: Jack Tavares
> Cc: bind-users@lists.isc.org
> Subject: Re: dynamic updates via libbind.
>
> On Fri, 12 Nov 2010, Jack Tavares wrote:
>
> > I am currently using li
A further complication on this is if you are using dynamic updates.
If you are using dynamic zones, bind will create journal files.
If you were to copy over the zone files and journal files and do
a reload, bind determines whether or not to reload the zone based
on the timestamp of the zone file.
I have a question about the hints file.
It is "built in" to BIND.
Does bind check for updates to this periodically?
If so, where does it get it from ?
I assume it gets it from ftp.isc.org.
Does bind contain a hardcode for that IP address?
or does it use the existing hints to find the address
of "
> On 28/01/2011 21:10, Jack Tavares wrote:
>
> > I have a question about the hints file.
> >
> > It is "built in" to BIND.
> >
> > Does bind check for updates to this periodically?
> > If so, where does it get it from ?
> > I assume it
I am using bind 9.7.3 and I have tried running it with
various -n values and it appears that I will always get
n+3 threads.
Ex:
I run it:
named -n 1
I get 4 threads
named -n 4
I get 7 threads
etc.
I understand the desire to have background "housekeeping"
threads, but I would like to know what,
> -Original Message-
> From: bind-users-bounces+j.tavares=f5@lists.isc.org [mailto:bind-
> users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Eivind Olsen
> Sent: Thursday, February 24, 2011 11:46 AM
> To: bind-users@lists.isc.org
> Subject: Re: Threaded bind on CentOS
>
> >
> -Original Message-
> From: Chris Thompson [mailto:c...@hermes.cam.ac.uk] On Behalf Of Chris
> Thompson
> Sent: Thursday, February 24, 2011 1:21 PM
> To: Jack Tavares
> Cc: bind-users@lists.isc.org
> Subject: Re: Threaded bind on CentOS
>
> On Feb 24 2011,
Recap:
running named with "-n 1" will spin up one worker thread
and approx 4 other threads.
Is there an official discussion or explanation of what these
other threads do?
--
Thanks
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.
Did I miss a notice? What issue(s) does this address?
I can't find a way to see what this addresses without
downloading the tarball..
--
Jack Tavares
From: bind-users-bounces+j.tavares=f5@lists.isc.org
[bind-users-bounces+j.tavar
I would like a clarification of something about this vulnerability.
If my named config has "recursion no", it is vulnerable to this ?
Thanks
--
Jack Tavares
"How many more can we sell with this button?"
___
Please visit https://l
I notice that 9.8.1 ships with
--with-gssapi
on by default.
If I turn that off, what functionality do I lose?
Thanks.
--
Jack Tavares
"How many more can we sell with this button?"
___
Please visit https://lists.isc.org/mailman/listinfo/bin
So is it true that there is no way to make an existing bind server
(without this patch) safe from this?
--
Jack Tavares
"How many more can we sell with this button?"
From: bind-users-bounces+j.tavares=f5@lists.isc.org
[bind-users-bounces+j.
From: Evan Hunt [e...@isc.org]
Sent: Thursday, November 17, 2011 14:30
To: Jack Tavares
Cc: John Wobus; bind-users
Subject: Re: trigger point for new bug
> So is it true that there is no way to make an existing bind server
> (without this patch) safe from this?
>A server that on
>> So is it true that there is no way to make an existing bind server
>> (without this patch) safe from this?
>A server that only serves authoritative data and doesn't recurse
>is safe. The assertion takes place when retrieving data from the
>cache, which an authoritative server never does.
>An
I asked
>> If the assertion takes place when retrieving data from the cache,
>> would setting cache size to 0 (do disable caching) avert this issue
>> while still allowing recursion?
Evan responded:
>
>I don't think so. I believe the cache actually has a minimum size,
>lower than which named won't
cros with some fudging for NSEC
records, but I was wondering if there is a plan for updateing nameser.h?
Thanks
--
Jack Tavares
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Sorry. I still have libbind-6.0b1. I missed the
announcement that libbind6.0 had shipped.
What I need is in libbind6.0
Thank you
From: bind-users-boun...@lists.isc.org [bind-users-boun...@lists.isc.org] On
Behalf Of Jack Tavares [j.tava...@f5.com]
Sent
t DNSSEC, it works.
It appears there is something wrong with my setup and the regeneration of the
RRSIG/NSEC
keys is failing. (I have tried it with both NSEC and NSEC3 keys)
I will put together a (simpler) named.conf and zone file that causes this and
post that info,
but I was hoping that may
I am running bind in a chroot jail, btw.
I had this working a while ago, and left it for a while
and then tried to set it up again, with no luck.
I am sure it is something simple...
--
Jack Tavares
From: bind-users-boun...@lists.isc.org [bind-users-boun
-validation yes;
key-directory "/config/namedb";
--
Jack Tavares
From: mark_andr...@isc.org [mark_andr...@isc.org]
Sent: Wednesday, May 13, 2009 10:38
To: Jack Tavares
Cc: bind-users@lists.isc.org
Subject: Re: error while attempting to use nsupda
the code with the debug, it seems to work everytime
(naturally)
I am really scratching my head.
--
Jack Tavares
____
From: Alexa Petrean [apetr...@bluecatnetworks.com]
Sent: Wednesday, May 13, 2009 17:50
To: Jack Tavares
Cc: bind-users@lists.isc.org
Subject: RE: e
g up the /dev/random incorrectly?
should I not be creating /dev/random? (the how-tos I have seen all talk about
re-creating /dev/null and /dev/random etc)
Note:
I also tried generating the keys not using /dev/urandom, and have the same
inconsistent behavior with the chroot /dev/random present.
chroot random, but I would still like
to know why using the chrooted /dev/random causes this problem.
--
Jack Tavares
AIM: jacktavares
SKYPE: jackandkaddee
Reminder: I am at GMT+2, 10 hours AHEAD of Seattle.
My workweek is Sunday-Thursday.
Email sent to me Thursday afternoon (PST) may not be
hostmaster.d62.test.net. 2009033114 10800 3600 604800 86400
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jun 24 05:20:37 2009
;; MSG SIZE rcvd: 110
What am I doing wrong?
thanks
--
Jack Tavares
___
bind-users mailing lis
a correction:
my dig command is
dig @127.0.0.1 -t RRSIG 4PPH7Q8R02M0AD8MLJPS0UEH2AB9KFJL.test.net
and I still get NXDOMAIN
--
Jack Tavares
AIM: jacktavares
SKYPE: jackandkaddee
Reminder: I am at GMT+2, 10 hours AHEAD of Seattle.
My workweek is Sunday-Thursday.
Email sent to me Thursday
Thanks. I obviously missed that part of the rfc.
--
Jack Tavares
From: Chris Thompson [c...@hermes.cam.ac.uk] On Behalf Of Chris Thompson
[c...@cam.ac.uk]
Sent: Wednesday, June 24, 2009 18:44
To: Jack Tavares
Cc: Bind Users Mailing List
Subject: RE
Looking at the code for libbind, specifically
res_nmkupdate,
there is no case statement for RRSIG records.
In this case, I was trying to update the TTL.
Is that not allowed intentionally?
Thank you
--
Jack Tavares
"How many more can we sell with this b
>Jack Tavares wrote:
>> Looking at the code for libbind, specifically
>> res_nmkupdate,
>> there is no case statement for RRSIG records.
>>
>> In this case, I was trying to update the TTL.
>> Is that not allowed intentionally?
>
>I think so. The TT
Hello -
What is the default build on linux (2.6) with regard to threads.
If I don't explicitly enable or disable threads, does named
run threaded or unthreaded?
Thanks
--
jack
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/ma
You said:
>On most operating systems, the default is threaded.
>On linux, the default is unthreaded, for historical reasons having t
>do with an odd interaction between linux threads and linux process
>privileges. I expect we'll correct this fairly soon; it's on the
>to-
Perhaps you have configured it to run in a chroot jail and have not
fully outfitted the chroot with /dev/random
this is old, but looks to be accurate, at least when talking about the
/dev/random file on linux. You didn't even specify what OS you are running on:
http://tldp.org/HOWTO/Chroot-BIND-H
Not quite the right place to report this but...
wget http://ftp.isc.org/isc/bind9/9.7.0-P1/bind-9.7.0-P1.tar.gz
--2010-05-06 10:53:30--
http://ftp.isc.org/isc/bind9/9.7.0-P1/bind-9.7.0-P1.tar.gz
Resolving ftp.isc.org... 204.152.184.110, 2001:4f8:0:2::18
Connecting to ftp.isc.org|204.152.184.110|
.isc.org<ftp://ftp.isc.org>
also fails
From: bind-users-bounces+j.tavares=f5@lists.isc.org
[mailto:bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Jack
Tavares
Sent: Thursday, May 06, 2010 10:55 AM
To: bind-users@lists.isc.org
Subject: ftp.isc.org is down
Not quite the right pl
25947/7125947]
From: Jack Tavares
Sent: Thursday, May 06, 2010 11:07 AM
To: Jack Tavares; bind-users@lists.isc.org
Subject: RE: ftp.isc.org is down
Acouple people have pointed out that I am attempting to connect to
ftp.isc.org<ftp://ftp.isc.org>
using http.
That is so, but that is what hap
from isc.org:
>
> ISC experienced a fiber outage this morning that affected some of our
> services. It has now been fixed and you should be able to reach all of
> the download servers.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.
I have downloaded 9.7.0-P1 and I am running into something odd with
named-checkzone
I have a simple zone with an NS record that has no A or record.
named-checkzone has flags to ignore this. and this same command (see below)
worked in 9.6
but given this zone file
test.net. 500 IN SOA d88.te
Correction:
I am calling named-checkzone not checkconf.
this:
named-checkconf -k ignore -n ignore -i none test.net.
should read
named-checkzone -k ignore -n ignore -i none test.net.
the rest of the email is correct
From: Jack Tavares
Sent: Monday, May 10, 2010 12:49 PM
To: bind-users
which
would cause the zone
to fail the above checks if
committed. [RT #20678]
From: Jack Tavares
Sent: Monday, May 10, 2010 12:54 PM
To: Jack Tavares; bind-users@lists.isc.org
Subject: RE: named-checkzone behavior change?
Correction:
I am calling
When I have this problem the first thing I check is the permissions
on the key files. Ownership, etc. Are they in a place that named knows about?
From: bind-users-bounces+j.tavares=f5@lists.isc.org
[mailto:bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of rams
Sent: Thursday, Ma
I have a question about the bug that this patch fixes.
--- 9.6.2-P2 released ---
2876. [bug] Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131]
Does this bug only occur if dnssec is enabled?
or only if dnssec valida
Or it is a chroot jail and it does not have a source of entropy
-Original Message-
From: bind-users-bounces+j.tavares=f5@lists.isc.org
[mailto:bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Paul
Wouters
Sent: Friday, May 28, 2010 9:34 AM
To: Michelle Konzack
Cc: Bin
Disregard my statement.
An incorrect chroot setup will affect the named executable, but not
the dnssec-keygen
-Original Message-
From: bind-users-bounces+j.tavares=f5@lists.isc.org
[mailto:bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of
Michelle Konzack
Sent: Friday
>From the release notes:
--- 9.6.2-P2 released ---
2876. [bug] Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131]
Question:
Does this bug only occur if dnssec is enabled?
or only if dnssec validation is turned on?
or will it (p
> From: bind-users-bounces+j.tavares=f5@lists.isc.org [mailto:bind-
> users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Evan Hunt
> Sent: Thursday, July 29, 2010 1:24 AM
> To: Mike Flathers
> Cc: bind-users@lists.isc.org
> Subject: Re: Dynamically add zones
>
> > Is there a patch for
Thanks. I use the libisccc where possible.
--
Jack Tavares
"How many more can we sell with this button?"
From: bind-users-bounces+j.tavares=f5@lists.isc.org
[bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Mark Andrews
[ma.
>
> In message <4c5220c1.7060...@isc.org>, Alan Clegg writes:
> > > Will this functionality be available through an api?
> > > Or will it just be through rndc ?
> >
> > Not sure what API we would use beyond rndc. If you have
> > recommendations, please e-mail me directly or give me a phone call
>
79 matches
Mail list logo
