On Fri, 16 Jan 2009, GanGan wrote:
> when I compile bind 9.6.0p1 I have nothing in etc
BIND doesn't install a configuration file.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ease see
https://www.isc.org/software/bind/new-features/9.5
Jeremy C. Reed
ISC Sales & Support Engineer
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Wed, 21 Jan 2009, Rich Goodson wrote:
> And I'm expected to know this, how? (incidentally, I added a 'wait'
> statement to my script after I discovered this behavior). This behavior
> does not appear to be what the documentation describes, is all I'm
> trying to say.
Just to clarify the d
On Fri, 23 Jan 2009, Len Conrad wrote:
> Where and what is telling named to log to syslog?
See the documentation
http://ftp.isc.org/www/bind/arm95/Bv9ARM.ch06.html
If there is no logging statement, the logging configuration will be:
logging {
category default { default_syslog; default_deb
On Fri, 23 Jan 2009, Stephane Bortzmeyer wrote:
> > Can someone please tell me where the manuals are, better yet PDF
> > versions of it.
Peter: Please see
https://www.isc.org/software/bind/documentation
which links to some manuals. (The manuals are in the ARM.)
Also see http://ftp.isc.org/www/bin
> I'm trying to troubleshoot why we are getting a lot of disabling EDNS
> messages in /var/log/messages.
>
> We are running bind-9.5.0.P2 on a linux box.
>
> Jan 27 11:42:23 ns0 named[27764]: too many timeouts resolving
> 'host2.centmine.com/' (in 'centmine.com'?): disabling EDNS
Please co
Make sure you are really talking to the correct named. Maybe a you have a
rndc.conf file.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Wed, 18 Feb 2009, Cihan Subasi (Garanti Teknoloji) wrote:
> As you see below the files are dated 15 august, we upgraded our 2 server
> in august and 2 in november, could it be first 2 servers have an early
> version of p2 and things are changed after that time in the stats.
> Because all the
On Tue, 17 Feb 2009, atbigelow wrote:
> After entering input mode for nslookup:
>
> mydomain.com
>
> Says it can't find mydomain.com: REFUSED. Looking into /var/log/syslog
> I find numerous SERVFAIL and REFUSED RCODEs.
And what did named log about attempting to load that zone?
Maybe your n
Maybe you need to fully stop the process and restart it. (Maybe old named
is still running even though you replaced the binary.)
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Tue, 24 Feb 2009, Andy Shellam wrote:
> Is there also a separate mailing list for "implementors" using libbind in
> applications, or should these questions also go to bind-users? Like Jack I
> had a look on the website but couldn't see anything obvious.
The public mailing list for discussing
On Wed, 25 Feb 2009, Martin Moerman wrote:
> Hello,
>
> I have an issue with 9.5.3 on which I see that bind does a reload of the
> named.conf but does not reload the include files which are in named.conf
9.5.3 doesn't exist.
> Situation:
> I do an add or change of name / ip in Plesk, plesk nic
> What I'm trying to do is log /var/bind/named.stats in a separate node.
Note that file name is commonly used for the "rndc stats" statistics-file.
It may be a good idea to use a different name so you don't cause confusion
or conflict.
> So my question is, can I specify the node IP address and
On Wed, 4 Mar 2009, Takahiro Masuda wrote:
>The tricky part is ${3,0,d} waas not working. I bumped into a site
> that stated $GENERATE range rhs type lhs
That is wrong.
> I then tried $GENERATE 11-30 $ PTR ${3,0,d}.COOL.COM. and this
> worked.
> Anybody here have the ability to update the man
On Sat, 2 Oct 2010, online-reg wrote:
> Hi All: One more conf issue on bind 9.7.1-P2
>
> After running rndc-confgen and reloading BIND I?m getting this error:
>
> WARNING: key file (/etc/namedb/rndc.key) exists, but using default
> configuration file (/etc/namedb/rndc.conf)
> rndc: connection
> Subject: Loading MX record with illegal preference (Lame subject replaced:
> clarification
Because subject was replaced I didn't find it before my response :)
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listin
On Fri, 22 Oct 2010, rams wrote:
> I have a record in BIND as follows:
>
> mxdomain.com. 86400 IN MX 65536 gmail.com.
How did you get named to load this?
If your named does load it, what version of BIND are you using?
You should get "out of range". (See named-checkzone too.)
> When I query "
On Wed, 24 Nov 2010, Brian J. Murrell wrote:
> Yeah, I was hoping to have caught the attention of a BIND developer
> here with all of this by now. Perhaps they just don't hang out here.
> Maybe I will try to find out where to ask questions that they might
> see.
I was reading it all along, b
On Thu, 6 Jan 2011, jim wrote:
> Upgraded today from BIND 9.2.4 to BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1.
> Pretty much copied the named.conf file from one to the other.
> We are a slave for a three other sites, two I download the zones OK, one I
> get REFUSED since the upgrade.
Check your BIND
source, you can build BIND 9 using ./configure
--prefix=/usr/local/bind9 (change path has you like to not overwrite
existing).
Jeremy C. Reed
ISC___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
It is in the ARM.
http://ftp.isc.org/isc/bind9/cur/9.8/doc/arm/Bv9ARM.ch06.html#id2575842
(search for "queries" or "querylog")
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Wed, 6 Jul 2011, King, Harold Clyde (Hal) wrote:
> I know there is a web front end to DNS stats, but I can not remember the
> option in the named.conf that defines the port.
> I'm running 9.8.0-P4 (just now being able to upgrade to a version that
> supports the statistics)
statistics-channels
I am unable to reproduce this (on a CentOS Linux system).
Please tell us about your platform, what shell, what make, and provide a
copy of your full configure output, and config.log and generated
bin/named/Makefile. You may send these to me off-list if you'd like.
Thanks,
Jeremy C.
On Wed, 16 Nov 2011, Phil Mayers wrote:
> It might be good if bind were able to re-start itself, rather than dying
> outright (e.g. re-exec the process) but that is dangerous too; it's better
> done by an unrelated supervising process.
In the bind9 tarball's contrib directory there is a simply "n
On Wed, 30 Nov 2011, jagan padhi wrote:
> checking build system type... sparc-sun-solaris2.10
> checking for a sed that does not truncate output... ./configure: line 4579:
> /usr/bin/cmp: cannot execute binary file
What does this tell you?
file /usr/bin/cmp
(Maybe you have /usr/bin/cmp for
> I've built bind 9.6.0-P1 on NetBSD/i386 machines (versions 3.1, 4.0,
> 4.0.1 and 5.0_RC2) and discovered that nsupdate dumps core on the 4.x
> ones.
I just built and installed bind-9.6.0-P1 on NetBSD/i386 4.0 and nsupdate
doesn't crash for me. (Built with default pthread and also linked with
> @ IN SOA ns.hhs.harrisonburg.k12.va.us
> (
> 2004061000 ; serial number 09032401
> 28800 ; refresh 8 hours
> 7200; retry2 hours
> 864000 ;
On Tue, 24 Mar 2009, Kevin Darcy wrote:
> SOA record is now used as the "negative caching TTL", not "minimum" in any
> sense of the word. The comment should probably reflect that.
off-list now to get BIND's generated outputs to say the same thing
:)
___
> Mar 25 08:44:24 myserver named[1124]: FORMERR resolving
> 'auniarael.com//IN': 216.69.185.38#53
The negative response includes the optional NS records.
My custom named has logging that says:
FORMERR: NS name matches domain name.
This new logging is not committed yet. If you have a
On Thu, 26 Mar 2009, ARMSTRONG, KENNETH wrote:
> Thanks, I gave that a go and now when I run a query I get "No response
> from server" when running nslookup. I tried restarting bind and now I
> get the "rndc: connect failed: 127.0.0.1#953: connection refused" error.
> I then tried running rnd
Maybe provide some examples, maybe dig and/or tcpdump output showing from
your "private DNS server" and from your "Forwarder".
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
> Note
>
> The *rrset-order* statement is not yet fully implemented in BIND 9. BIND 9
> currently does not support "fixed" ordering."
See the docs for BIND 9.5 and 9.6 versions.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc
(As Kevin pointed out ...) what version of BIND are you running? I'd guess
9.3 or 9.4 something. Try using latest release of 9.5.x or 9.6.x -- but
read the README and ARM to get details on building named with that
support.
(I don't recommend using it myself, as the results may be reordered late
On Fri, 24 Apr 2009, schilling wrote:
> channel query-errors-log {
> file "/var/log/named.query-errors" versions 10 size 100m;
> severity info;
Change to:
severity debug 2;
> print-severity yes;
> print-time
n this case, it may be more than just
zone transfers. It needs to be configured on both sides (so also on the
slave at 10.25.1.11).
Jeremy C. Reed
ISC Sales & Support Engineer
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Fri, 24 Apr 2009, Terry wrote:
> Thanks for your reply. On my slave, I have this:
>
> server 10.25.1.10 {
> keys {
> omajelns01.omajelns02;
> };
> };
>
> It will sign all requests between these hosts. If requests come
> across that appear to be from t
On Tue, 28 Apr 2009, Jonathan Petersson wrote:
> I did try to run the following option:
> syslog named;
syslog should define a "syslog facility".
Look in the openlog, syslog and/or syslog.conf manual pages to see lists
of facilities. The ARM says: " The syslog destination clause directs the
c
On Tue, 5 May 2009, Stephane Bortzmeyer wrote:
> This is a BIND 9.5.1-P1, Debian package. It is configured to use ISC's
> DLV:
https://www.isc.org/node/437
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-
but don't use IPv6, see the named switch -4 "Use IPv4
only even if the host machine is capable of IPv6. -4 and -6 are mutually
exclusive."
(I get the same types of messages on my personal NetBSD system since I
don't have a IPv6 tunnel setup he
On Tue, 5 May 2009, alexus wrote:
> the other problem im having is these:
>
> May 5 20:44:57 dd named[21037]: success resolving
> '92.68.83.189.zen.spamhaus.org/TXT' (in 'zen.spamhaus.org'?) after
> reducing the advertised EDNS UDP packet size to 512 octets
>
> i have followings in my named.con
On Thu, 14 May 2009, Philippe Maechler wrote:
> Hello Everybody
>
> I'm running a bind 9.4.2-p2 and a 9.5.1-P1 both on a FreeBSD 6.x box as
> caching servers.
> let's call them ns1 and ns2 :P
>
> short after we shutdown server one we get error messages on the other server
> -> socket: too many o
> Any clue why the 9.4.2 is refusing to answer ?
9.4.2 introduced allow-query-cache. (This is not a secondary, but using
forwarding.) Try specifically setting allow-query-cache ACL as needed.
___
bind-users mailing list
bind-users@lists.isc.org
https://
Also do you have allow-notify ACL restrictions on the secondary?
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
k at the listen-on, transfer-source, and notify-source
(and query-source) clauses.
Jeremy C. Reed
ISC
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Wed, 3 Jun 2009, Kevin Darcy wrote:
> Kevin Darcy wrote:
> > Since .org was recently DNSSEC-signed
> > (http://www.afilias.info/afilias+signs+org+zone), my guess would be that you
> > have a firewall, an intrusion-prevention device, or somesuch, that is
> > dropping the packets because it doesn
On Wed, 3 Jun 2009, Scott Haneda wrote:
> Hoping I can get a walk through in simple terms, but also a pointer to
> some docs where I can dive into the details. I think I am finding what
> I want in the docs, but those docs come up 404 since the isc site
> changed things a bit, from there, I ge
On Fri, 29 May 2009, Jesse Cabral wrote:
> When I rerun ./configure --disable-threads the configure file does not
> update.
I guess you mean the config.h doesn't update. But probably the
./lib/isc/include/isc/platform.h file did change (so
ISC_PLATFORM_USETHREADS is no longer defined). (In my c
switch.
We currently don't have option to define this at compile time. Start
looking at the ns_g_chrootdir in the code.
Jeremy C. Reed
ISC
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Thu, 11 Jun 2009, Chris Thompson wrote:
> We have recently turned on DNSSEC validation (using dlv.isc.org) in our
> main university-wide recursive nameservers, which are running BIND 9.6.1rc1.
>
> No-one is actually complaining, but the counts I am seeing for "ValFail"
> on the statistics chan
On Thu, 11 Jun 2009, Erik Lotspeich wrote:
> Although I'm not new to DNS, I'm new to DNSSEC. I have read
> documentation and howtos regarding DNSSEC.
>
> I believe that I have it configured and working for my domain,
> lotspeich.org. I have registered with the ISC's DLV registry. I am
> having
igned (S), EDNS was
in use (E), if DO (DNSSEC Ok) was set (D), or if CD
(Checking Disabled) was set (C).
Jeremy C. Reed
ISC
echo ... naq ninvynoyr va cevagrq obbx sbezng. | \
tr "noqrsvxyzabcegi" "abdefiklmnoprtv"
___
On Sun, 21 Jun 2009, R Dicaire wrote:
> Hi folks, bind 9.6.1...I'm looking in the ARM but I dont see a logging
> category specific to control channel communications.
> In syslog I have (generated by an mrtg script):
>
> named[7837]: received control channel command 'stats'
>
> What category does
See the FAQ Question:
Q: How can I make a server a slave for both an internal and an external
view at the same time? When I tried, both views on the slave were
transferred from the same view on the master.
(It has two different answers.)
The FAQ is included with BIND source. Here it is in
On Wed, 29 Jul 2009, Sandy Mackenzie wrote:
> Any known gotcha's for this upgrade?
The significant 9.6.0 changes are listed at
https://www.isc.org/software/bind/new-features/9.6
The BIND 9.6.1 minor release has numerous improvements
especially in portability, documentation, and DNSSEC.
The rele
On Wed, 19 Aug 2009, Michael Monnerie wrote:
> # dig -x 212.69.164.57 @dns1.zmi.at
57.164.69.212.in-addr.arpa is not 48-28.164.69.212.in-addr.arpa
> zone "48-28.164.69.212.in-addr.arpa" in {
Also see your named logs about the "refused".
___
bind-users
On Fri, 21 Aug 2009, clemens fischer wrote:
> BIND 9.7.0a2 built with '--prefix=/opt/bind/9.7.0a2'
> '--with-openssl=yes' '--disable-linux-caps'
> '--sysconfdir=/usr/local/etc' '--localstatedir=/var' 'CFLAGS=-O'
Thank you very much for testing the alpha release.
> deny-answer-addresses {
>
On Tue, 25 Aug 2009, David Forrest wrote:
> What do I have to do to correct whatever is causing this log message from
> named (9.6.1-P1-RedHat-9.6.1-4.P1.fc11)?
>
> validating @0x7f9f2c60c200: dns1.registeredsite.com.dlv.isc.org DS: must be
> secure failure
May need more context for this (like h
On Mon, 31 Aug 2009, Fr34k wrote:
> I thought with some version of BIND 9, one no longer needed a root hints
> file.
> I can't recall the details and my google searches are finding how to set
> up a hints file (instead of suggesting this is, say, deprecated).
>
> Can someone shed some light on
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34869
While it doesn't help you with your 9.5.0-P2 version, BIND 9.6.1 and newer
provide a new query-errors logging category that can be helpful by logging
details about various errors.
___
bind-us
What GCC version? What binutils/ld version?
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
> It looks like that the authoritative name server for youbei.cc
> actually did return some answers, but somehow bind gave a FORMERR for
> some unknown reasons, which I think it caused a SERVFAIL to be
> reported in turn. Interestingly, dig any youbei.cc +trace ran
> successfully and did not report
On Mon, 5 Oct 2009, Cyril Gaudin - Rodacom wrote:
> But in my browser, if I write http://myapplication/, the dns request
> failed.
>
> Here is the bind log (192.168.6.28 is my computer):
>
> queries: client 192.168.6.28#36728: query: myapplication.home.fr IN A +
> queries: client 127.0.0.1#5688
> > Possibly also useful to report success here so that many people aren't
> > needlessly repeating the same test.
- NetBSD 4.99.62 amd64, gcc 4.1.3 20080202 prerelease (NetBSD nb1 20080202)
- NetBSD 5.0.0_PATCH i386, pcc 0.9.9 (HEAD) for i386-unknown-netbsdelf5.0.0.
___
It may be useful for you to show us what you tried (configurations and
that it is restarted), how you tested, and any network traces and log
files showing that it is not working.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
> I am looking for any suggestions or ideas to help fix this issue. Thanks in
> advance!
To get good help, you may want to tell us what the issue is. Provide
real names and show your real tests. Also the version of BIND you are
using is out of date and is no longer supported.___
On Mon, 2 Nov 2009, Josh Luthman wrote:
> dig mail.alexandertelecominc.com @74.218.88.168 #fails
What does "fails" mean?
> dig mail.alexandertelecominc.com @4.2.2.2 #works
>
> until I issue
>
> rndc reload && /etc/init.d/named restart #on the 74.218.88.168 server
Check named logs and look at
On Mon, 2 Nov 2009, Paul Krash wrote:
> > view internal {
> >
> > zone "eng.exegy.net" {
Do you have anything to match here? By default, match-clients and
match-destinations default to matching all addresses (even not
"internal"). So when you reversed, the other view (dot5) would never
http://www.reedmedia.net/software/gethost/
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Thu, 19 Nov 2009, David Forrest wrote:
> Logged: Nov 19 12:13:45 maplepark named[23329]: validating @0x17b7980:
> dlv.isc.org SOA: got insecure response; parent indicates it should be secure
>
> What does this mean?
This is documented in the ARM. The parent zone says (published DS) that
it
The upcoming BIND 9.7.0 has several logging improvements, for example:
04-Dec-2009 14:46:41.020 resolver: notice: DNS format error from
216.137.38.22#53 resolving d2rdfnizen5apl.stl2.cloudfront.net/ for
client 127.0.0.1#53764: invalid response
04-Dec-2009 14:46:41.060 resolver: notice: DNS
On Fri, 18 Dec 2009, Len Conrad wrote:
> dig'ging from a !mynets IP receives a referral to rather than
> time-out/silence.
Please show us. Does dig and tcpdump (or other packet trace) show where
the response actually comes from?
___
bind-users mailing
On Wed, 6 Jan 2010, Michael Sinatra wrote:
> I tried this out and I noticed that both BIND and unbound appear to
> behave the same way when using dig in this manner. So both of the
> major validating implementations support it. I don't see specific
> reference to using the AD flag in queries
On Tue, 19 Jan 2010, Michelle Konzack wrote:
> Jan 19 18:56:42 samba3 named[18333]: 19-Jan-2010 18:56:42.920 general:
> error: dns_master_load: /etc/bind/net.tamay-dogan.debian:18:
> lists.debian.tamay-dogan.net: CNAME and other data
See line 18 and then look for "lists".
_
Thank you very much for your bug report. For your
information, you can also submit bugs to our bind9-bugs
AT isc.org email address. Your issue is now being
tracked as ticket # 20923.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.
Please provide real names.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Fri, 19 Feb 2010, ic.nssip wrote:
> I just installed ISC 9.7.0 on one of our x86 SUN Solaris 10 machines.
> I did a fresh local compiled install with all default settings.
> It looks that DNS is working fine for customers (anyway the time is too short
> to conclude that), but my syslog suddenly
On Fri, 19 Feb 2010, Jeremy C. Reed wrote:
> Some loggings maybe could be made more clear, for example:
>
> stats.surfaid.ihost.com/
> no SOA returned
Not sure why I saw that. Looking again I see com. But I have other
proble
> @ IN MX 10 mail.man169.com.
Try adding here:
@ IN A 202.68.195.36
> www IN A 202.68.195.36___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo
On Wed, 3 Mar 2010, Nikolay Elenkov wrote:
> I've a few question about the PKCS#11 support in BIND 9.7,
> specifically the OpenSSL engine implementation. Is this the right
> place to ask? There appears to be no bind-dev mailing list.
I see you already asked your question. This list is okay.
Th
On Tue, 9 Mar 2010, ic.nssip wrote:
> Can somebody suggest a place where from I can download dnsquery source/pkg
> to make it work on Solaris 10?
It is available in old BIND 8 source.
> I have it installed on a FreeBSD machine but imported to Solaris is
> reporting some syntax error
>
> # dnsq
"When answering queries, don't add data to the additional section if the
answer has more than 13 names in the RDATA."
That is vague or misleading: is this saying don't add to additional
section if the ANSWER SECTION has more than 13 separated "names" (so not
limited by rrsets if have same names
On Wed, 19 Mar 2025, Lowry-Schiller, Dell M CTR (USA) via bind-users wrote:
> I run this command and it works fine ./configure --prefix=/usr/local/b
> ind-9.9.6 --sysconfdir=/etc --localstatedir=/var --enable-threads --with-ope
> nssl
I suspect this configure step did not work fine
or you r
> /var/log/named/auth_servers.log:01-May-2025 11:05:26.694 lame-servers: info:
> SERVFAIL unexpected RCODE resolving 'isis.lip6.fr//IN': 193.51.24.1#53
do some queries for these many examples, like
dig @193.51.24.1 isis.lip6.fr
dig @132.227.60.2 osiris.lip6.fr
dig +norec @198.51.4
> To further dig into that direction, I was asking Google if there is a
> bind setting to limit or disable the sending of additional RR with an
> answer but could not find such a setting.
>
> * Is there such a setting?
See minimal-responses in the ARM
https://bind9.readthedocs.io/en/stable/refere
On Wed, 23 Jul 2025, Michael Richardson wrote:
When I ask from the IETF123 network:
;; SERVER: 31.130.231.0#53(31.130.231.0) (UDP)
;; ANSWER SECTION:
d.0.0.f.e.b.a.b.0.0.0.0.0.0.0.0.0.0.0.0.f.0.0.0.0.b.0.f.7.0.6.2.ip6.arpa. 7200
IN PTR nic.sandelman.ca.
which is entirely correct.
Probably 3
On Thu, 24 Jul 2025, Michael Richardson wrote:
> nic.sandelman.ca. is also authoritatively serving:
> 0.0.0.0.0.0.0.0.0.0.0.0.f.0.0.0.0.b.0.f.7.0.6.2.ip6.arpa. 86400 IN SOA
> . . 0 28800 7200 604800 86400
> 0.0.0.0.0.0.0.0.0.0.0.0.f.0.0.0.0.b.0.f.7.0.6.2.ip6.arpa. 0 IN NS .
> T
101 - 186 of 186 matches
Mail list logo
