Hi Marco,use this patch[1] on older Ubuntu or use Sphinx from pypi1. https://salsa.debian.org/dns-team/bind9/-/blob/debian/9.18/debian/patches/0001-Disable-treat-warnings-as-errors-in-sphinx-build.patchUbuntu 18.04 has too old Sphinx included.Ondrej--Ondřej Surý — ISC (He/Him)My working hours and
And what did you find looking at the new data? What are the differences? And by how much?You should not expect other people doing the analysis for yourself.Ondrej--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different. Please do not feel obligated to reply outside your
+bufsize=
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 22. 6. 2022, at 19:44, Fred Morris wrote:
>
> Self explanatory? Maybe it's the nomenclature bu
> On 8. 7. 2022, at 18:05, Roberto Carna wrote:
>
> using the CLI in the BIND master
What does this mean and how exactly are you changing the zone? List all the
steps that you are doing when changing the zone contents.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and you
Could you for the purpose of the debugging share the DNS traffic between the
phone device and the resolver?
I think stepping back a little might help debug the issue. Perhaps people on
the list might notice something that might help.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and
some memory as compared to the default system
allocator
2. our expectations are to go even lower during the 9.19/9.20 development
cycle, but no promises yet
Cheers,
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to
free
buffet where you come and just take.
And don’t be mistaken - I was not helping you specifically, I was just
disputing your claim that BIND 9.18 takes more memory than 9.16 because that
claim didn’t match our own measurements.
Have a nice day,
--
Ondřej Surý — ISC (He/Him)
My working
macOS 10.10 reach end-of-life 5 years ago. You can try installing recent enough
compiler with C11/C17 support and up-to-date libraries, but you are mostly on
your own.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated
Sorry, but you are being too terse. What is DNS setup? Which website? What
*exactly* are you doing? Would you be able to help yourself with such little
information you gave us?
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
sees truncation.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 26. 7. 2022, at 1:02, Boian Bonev via bind-users
> wrote:
>
> Hello,
>
> For the Devua
There’s no generic tool. The one that was mentioned in the article was tailored
for that specific bug in jemalloc.
In any case, the article is only tangential to the topic here. It talks about a
issue in the jemalloc that was triggered by a specific code in named.
Ondřej
--
Ondřej Surý — ISC
> On 1. 8. 2022, at 16:14, Doug Whitfield wrote:
>
> as monitored from "top" RES value
Please read the whole thread on measuring the real consumed memory.
The '“top” RES value' has little or no value at all.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My w
med,
or is this allocated in the libraries?
> Should the memory reduction apply to our experiment?
The question doesn’t really make sense. We have not measured any increase in
our test scenarios,
which doesn’t mean you can’t find different scenarios with a memory increase.
Ondrej
--
Ondřej
ed to libxml2 version: 20910
01-Aug-2022 18:18:20.127 compiled with json-c version: 0.15
01-Aug-2022 18:18:20.127 linked to json-c version: 0.15
01-Aug-2022 18:18:20.127 compiled with zlib version: 1.2.11
01-Aug-2022 18:18:20.127 linked to zlib version: 1.2.11
$ smem -P name[d] -a
SWAP:1032108 USS:
-> configure ->
> make -> make install. All default values.
I’ll try that. I have a custom script that tweaks some values (you can see that
in the log snippets I sent).
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not
to
secondaries, or provided by a secure signing system, etc…
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 1. 8. 2022, at 18:40, John W. Blue via bind-users
>
lable at https://www.isc.org/support
01-Aug-2022 22:09:59.363
01-Aug-2022 22:09:59.363 found 8 CPUs, using 8 worker threads
01-Aug-2022 22:09:59.363 using 8 UDP listeners per interface
Swap:488612 USS:29592668 PSS:29593610 RSS:29596988
Ondrej
--
Ond
than anything else.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 2. 8. 2022, at 0:29, Grant Taylor via bind-users
> wrote:
> On 8/1/22 4:21 PM, Greg Ch
I don’t see jemalloc anywhere in your setup scripts. Preferably use the latest
upstream jemalloc version available.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> O
.
We are refactoring the database for storing the resource records in 9.20 and
it's probably better spent time to work on the refactoring than look at this.
As usual, we would accept any well commented and well thought patches.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your wo
Not really. Using ECDSA (or EdDSA) CSK is pretty lightweight even during
rollover.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 3. 8. 2022, at 19:10, Peter wr
What Emmanuel said…
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 4. 8. 2022, at 19:15, Emmanuel Fusté wrote:
>
> Le 04/08/2022 à 17:48, Dmitri Pavlov a écrit
>
ly confident that any advantage from shared cache will be lost because
the extra latency caused by communication with the MongoDB (or any other no-sql
systems).
Perhaps, describing the use case first (why do you want to use MongoDB at all)
might have the benefit of not wasting time on your end.
O
ies updated
with nsupdate works reasonably well in smaller deployments.
Cheers,
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> Regards
> Hamid Maadani
>
>
.
That’s wrong. 10.60.0.0/23 means 10.60.0.0 to 10.60.1.255 range.
> How do I configure this ACL in named.conf.local so that it takes the whole
> range?
Correctly specified range (without address/host bits) does takes the whole
range.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working
hers have already answered that, I would be just repeating their
answers.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On Wed, Aug 24, 2022 at 10:33
intention and
whether it’s a typo in the network or in the bits - did the origin author meant
10.10.0.0-10.10.1.255 or 10.20.1.0-10.10.1.255 or something completely else
(like 10.10.1.0-10.10.2.255 based on wrong assumption?)
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may
, but it's ultimately your decision
It's little bit similar with libuv - you will be better running with latest
upstream release,
but you can get away with older versions too.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do no
First of all, the latest published version is 9.18.6, so why would you use a
version that's ~two months old?
Second, ISC does publish packages for EPEL, it's all listed here:
https://www.isc.org/download/ <https://www.isc.org/download/> (the COPR link),
so you can use that.
--
The netmgr unit tests are not meant to run fully in the CI as some of it are
time sensitive.
You might want to set the CI=true environment variable to reduce the set of the
netmgr unit tests to just the more reliable subset.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your
Then run only the system tests by running make check only in the
bin/tests/system directory instead of the top level. Or don’t run the tests at
all - these are mostly meant for development purposes where we have better
control over the build environment.
Ondřej
--
Ondřej Surý — ISC (He/Him
Petr,
care to prepare a MR for this? After all, it's RedHat who is making us all to
go through this mess.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
>
No, the tools and named use the same internal libraries, so it doesn’t help to
have “just tools”. You can keep using the last version of dig.exe, nobody can
take this from you. It’s very unlikely that there will be serious security
vulnerability (RCE) in dig.
Ondřej
--
Ondřej Surý — ISC (He
meaningful advice. Please don't do that.
Cheers,
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 23. 9. 2022, at 15:17, JAHANZAIB SYED wrote:
>
>
might always be inconsistent between the queries.
But same thing can in theory happen even on same server. The cached entry might
get evicted from cache either by memory pressure or by administrator.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. P
ata points should be collected in the newly created GitLab issue.
Thanks,
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 27. 9. 2022, at 16:09, Prasanna Mathiva
ase tone down on the snarkiness. I get it that you might be frustrated, but this mailing list is not a place to vent off your frustration.Ondrej--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.O
e user that named runs under and try
changing to the directory and checking if you can access the files.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 14. 1
> able to find all EDNS0 incompatible servers and loosing customers to 8.8.8.8
> - which is able to resolve these names..
This is kind of moot argument - the DNS needs to evolve, and it can't evolve if
we keep supporting broken stuff. This needs to be fixed on the authoritative
ope
https://bind9.readthedocs.io/en/v9_18_8/chapter9.html?highlight=cookie
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 20. 10. 2022, at 13:49, Andreas S. Kerber wr
What you are really saying that we should dance how tech giants whistle, and I
don’t think succumbing to tech giants is a good strategy long term.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your
as well as to the code. The
documentation is equally important as correct code, and we are not operator
ourselves, so we might miss few things.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your
You need to be more specific with real examples.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 26. 10. 2022, at 17:41, Veronique Lefebure
> wrote:
>
Or cache snooping behaves differently between two (or multiple) queries.
That’s why questions like this should not imply where the problem is but rather
describe what can be seen (possibly also on the wire).
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be
other items with more priority.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 27. 10. 2022, at 10:12, Matus UHLAR - fantomas wrote:
>
>
>>
>>
, any resolver still has to revalidate the answer, and there's no
point in appending records that would be thrown away anyway.
Cheers,
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your norm
The IPv4 reverse zone is easy to scrape and stored for situations like this…
just saying.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 5. 11. 2022, at 0:48, Gr
ldd` might give you some hints.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 6. 11. 2022, at 16:27, Niall O'Reilly wrote:
>
> Building BIND 9.18.8 fro
ften even if not very recently?
How do you know it's a garbage?
One woman's trash is another woman's treasure...
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your no
records.
That's not any different than wildcard record in a forward zone. The resolvers
already have to deal with garbage in the cache and cache eviction algorithms.
The DNS server doesn't live among rainbows and unicorns, so we prepare for the
worst to come from network, not the b
is too small
by default. To limit the amount of memory used by the
server, use the ``max-cache-size`` and ``recursive-clients`` options
instead.
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside
Hi Anand,
correct me if I am wrong, but the VERSION.SERVER doesn't seem to be anywhere
documented[1], and you are the first one to request it[2].
1. RFC 4892 only talks about ID.SERVER
2. Please create a GitLab issue for tracking
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working
It’s `also-notify ;` and `notify explicit;`
The online documentation is here:
https://bind9.readthedocs.io/en/v9_16_34/reference.html
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal
The default EDNS0 buffer size has changed to 1232, how big is the response when
you use dig?
Perhaps increasing the edns buffer sizes would be a way out?
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply
> On 30. 11. 2022, at 11:03, Tom wrote:
>
> Does someone of ISC agree? If so, I'll file a bug.
Please do. A MR or patch would be even better ;-)
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obli
client in the lab.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 30. 11. 2022, at 20:00, Hamid Maadani wrote:
>
>
>
> > Weird. Please send c
1800IN A 10.53.0.1
;; AUTHORITY SECTION:
example.nil.3600IN NS example.nil.
;; Query time: 0 msec
;; SERVER: 10.53.0.1#5300(10.53.0.1) (UDP)
;; WHEN: Thu Dec 01 17:04:17 CET 2022
;; MSG SIZE rcvd: 98
This is from the example driver located in
> test.com <http://test.com/>. 0 IN A 10.10.10.10
I think this line just have it all - you are generating record with TTL 0.
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
FTR it's an authoritative answer.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
general recommendation would be to go straight to latest 9.18.Ondrej--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.On 8. 12. 2022, at 1:03, Ben Bridges wrote:
According to the
> On 8. 12. 2022, at 7:57, Ben Bridges wrote:
>
> When you say “ISC packages”, are you referring to the packages in the
> ppa:isc/bind repository on launchpad?
Yes, you can find the links here: https://www.isc.org/download/
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My worki
I think it would be useful if you read the documentation on the feature before we continue this thread. Guessing what the feature is or isn’t does not help helpful discussion.8. Configuration Reference — BIND 9 9.18.9 documentationbind9.readthedocs.ioThanks,--Ondřej Surý — ISC (He/Him)My working
with any new feature.)
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 15. 12. 2022, at 20:10, Marcus Kool wrote:
>
>
> Hi,
>
> I have written a pl
h new BIND 9 version.
I am open to any suggestions, but I think the having a GitLab
issue would be a better venue to record any ideas around the
plugin system.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to
the full range if possible.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 16. 12. 2022, at 7:26, Vikas Sharma wrote:
>
>
> Hi Team,
>
>
rip the DS record when you move between
registrars.
I don't know if this is the case with .nl, but I just know that it might happen.
Cheers,
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your no
, your 243 is actually 244 (first label also have to have length) + 4 (rpz)
+ 6 (local) + 1 (root) is exactly 255.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 27.
.
https://gitlab.isc.org/isc-projects/bind9/blob/master/lib/isc/include/pk11/site.h
2. https://www.openssl.org/docs/fips.html#background
Ondrej
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> On 4 Jun 2018, at 10:21, Mathieu Arnold wrote:
>
> On Sun, Jun 03, 2018 at 06:00:08AM +0000, Ondřej Surý wrote:
>> The PKCS#11 interface is very fragile, as the different vendors implement
>> different parts of the
>> standard, and BIND needs to be compiled with
the inconvenience this has caused for platforms we don’t have
support for old atomics.
Ondrej
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind
ays thought it’s a common knowledge that gcc from ports is
needed to compile modern software.
Ondřej
--
Ondřej Surý — ISC
> On 28 Apr 2019, at 00:33, bind-users-requ...@lists.isc.org wrote:
>
> Send bind-users mailing list submissions to
>bind-users@lists.isc.org
>
> To sub
be on the safe side, please mark the issue as confidential. We will make
sure that we redact any files before we make the issue public in the future.
BTW is there any chance that you and Havard share any common bits of
configuration?
Thanks,
Ondřej
--
Ondřej Surý — ISC
> On 8 May 2019, at 20
* Linux without NPTL (Native POSIX Thread Library)
[…]
—cut here—
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 29 May 2019, at 07:34, Dennis Clarke wrote:
>
>
> Not sure where the need for ifaddrs.h came from but it doesn't exist in
> ye old Solaris 10 sparc boxen :
>
> /
The script reports everything is missing.
You’ll need to check config.log for more details what’s happening.
Anyway it should work with stock OpenSSL, so why don’t you just use that?
Cheers,
Ondrej
--
Ondřej Surý — ISC
> On 7 Jun 2019, at 17:12, wrote:
>
> That makes s
eed to use libcap
in GNU GPL project, you are allowed to do so without considering potential
conflicts between 3-clause BSD and GPL 2.0
Cheers,
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 11 Jun 2019, at 16:58, Mukund Sivaraman wrote:
>
> * readline is GPL, and so you'll link your c
uld take 4 full years to deprecate single option, as we need to take
people that upgrade from ESV to ESV into account, and we were aiming
at slightly “faster” approach :-).
Thanks,
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mail
me started on how I
just love
to receive patches, preferably as merge requests (ping me if you need up the
projects limit
in our GitLab) ;).
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 13 Jun 2019, at 15:55, G.W. Haywood via bind-users
> wrote:
>
> Hello again,
>
> O
system than simple
refactoring, so it is
crucial to get some testing from the systems we don’t really have access to.
Cheers,
Ondrej
* - In theory, even cross-compilation for Windows msys2 should be possible, but
I haven’t
had yet time to do that.
--
Ondřej Surý
ond...@isc.org
we aim
to fix the cruft that has accumulated in last 20 years. This is more of high
level design decision, but it is something that has to be done because it is
connected with maintenance burden. And it’s a burden we don’t have to really
carry on our shoulders.
Ondrej
--
Ondřej Surý
ond...@isc.org
__
I use named-checkconf two
> different ways.
"--no-deprecated”-like option is a nice idea, I like it. Thanks!
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
b
which is suboptimal, but it should suffice as a workaround.
Ondrej
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Hi Mayer (and other Solaris users),
could you please try following patch:
https://gitlab.isc.org/isc-projects/bind9/merge_requests/2053.patch
on your Solaris boxes with both GCC and Solaris compiler whether it correctly
complains about non-GNU ld in GCC case?
Thanks,
Ondrej
--
Ondřej Surý
ond
://gitlab.isc.org/ondrej/gitlab-victor
Ondrej
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
://jobs.isc.org/
Ondrej
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Yes, the whole RRSet is always signed. Signing individual records would not
protect against attacks stripping individual records and their RRSIGs.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 2 Jul 2019, at 19:34, Josh Kuo wrote:
>
> This may not be the right place to ask, if this is
create the
issue, so we can make
BIND fail more gracefully that with an crash if there’s error in the
configuration related to the
switch between GeoIP and GeoIP2.
Thank you,
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 25 Jul 2019, at 05:51, FUSTE Emmanuel
> wrote:
>
> The new version c
,
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 25 Jul 2019, at 07:40, FUSTE Emmanuel
> wrote:
>
> Le 25/07/2019 à 12:56, Ondřej Surý a écrit :
>> Hi Emmanuel,
>>
>> the crash should not happen because the discrepancy between the GeoIP and
>> GeoIP2 confi
achieve, but adding only ZSK with
new algorithm serves no purpose.
Ondřej
--
Ondřej Surý — ISC
> On 11 Aug 2019, at 12:59, Mark Elkins wrote:
>
> Hi, Running BIND 9.14.4 on Gentoo.
>
> I've been running BIND and DNSSEC for a long time. Years ago - I changed from
> Algo
Hi John,
like
* foo.example.org. IN CNAME foo.example.org.
for each host?
If that’s not the case you’ll have to be more specific and less vague about
your configuration...
Ondrej
--
Ondřej Surý — ISC
> On 29 Sep 2019, at 19:22, John Robson via bind-users
> wrote:
>
>
/firewall.
Somewhere in between is firewall blocking the well known IP addresses (the post
from Daniel), but that mostly blocks the “good guys”.
Ondřej
--
Ondřej Surý — ISC
> On 2 Oct 2019, at 13:24, Blason R wrote:
>
>
> Hi Folks,
>
> Wondering if anyone has any clue or def
/coprs/isc/bind-dev/
* Ubuntu: https://launchpad.net/~isc/+archive/ubuntu/bind-dev
* Debian: https://bind.debian.net/bind-dev/
Sorry for any inconvenience our packaging changes might have caused.
Thanks,
--
Ondřej Surý
ond...@isc.org
> On 10 Oct 2019, at 00:43, Matthew Pounsett wrote:
>
&
TL;DR use ECDSA, single algorithm
https://tools.ietf.org/html/rfc8624
--
Ondřej Surý
ond...@isc.org
> On 11 Oct 2019, at 08:38, ego...@sarenet.es wrote:
>
> Good afternoon,
>
> I would like to ask you some questions about DNSSEC, which I have not been
> able to clarify
Hi Peter,
we had a similar report in the past, so maybe you can chime in and add
the information to the issue here
https://gitlab.isc.org/isc-projects/bind9/issues/1179 ?
That would be helpful...
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 16 Oct 2019, at 01:32, Peter wrote:
>
>
, all we as software users can ask is to be treated fairly and
honestly.
Ondřej
--
Ondřej Surý — ISC
> On 21 Oct 2019, at 18:01, Kevin Darcy wrote:
>
> But, it's harder for the bad guys to find. They have to use fuzzing, reverse
>
Neither analogy would work to the detail here. But search domains is the butt
dial of DNS…
You are better if you don’t use it as it works well until it doesn’t and you
send your data to the wrong party.
Ondrej
> On 28 Oct 2019, at 17:01, Paul Kosinski via bind-users
> wrote:
>
> "... long
Dear BIND 9 Users,
We would like to announce proposed changes that affect 32-bit Windows platform.
In accordance with our published policy on removing features
(https://kb.isc.org/docs/policy-for-removing-namedconf-options), we are giving
notice that we plan to gradually wind down our support f
Or patch the old version instead.
--
Ondřej Surý — ISC
> On 4 Nov 2019, at 15:14, Alan Clegg wrote:
>
> On 11/4/2019 5:57 AM, Tony Finch wrote:
>> Nguyen Huy Bac wrote:
>>> So, my question is: Can and How to remove @0x in my
>>> log query message.
>>
spoofing attacks for off-path attacker.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 6 Nov 2019, at 09:18, Wilfred Sarmiento via bind-users
> wrote:
>
> Hi Mark,
>
> The workaround works very well, i also got the same response from Daniel of
> Switch.
>
> Thank you very
instead of scattering
the defines all over the place.
(BTW I never understand the Hurd stubbornness of ignoring the PATH_MAX and
forcing all random projects to adjust the code while it could be solved in the
system headers...)
Ondřej
--
Ondřej Surý — ISC
> On 10 Nov 2019, at 18:02, Sam
Or changes to SELinux policies (since you are running CentOS).
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 19 Nov 2019, at 11:49, Mark Andrews wrote:
>
> There have been no changes. I would be checking directory permissions.
> Anything that would
> stop rename() succeeding.
>
Hi,
you mentioned “forwarders” - what are these and how does answer look like
on the upstream forwarders?
I would recommend enabling higher debug level (start with -d 1) and look into
logs what was the answer from the forwarders preceding the failure.
Ondrej
--
Ondřej Surý — ISC
> On
401 - 500 of 622 matches
Mail list logo
