running the affected query against the upstream
resolvers in a semi-tight loop and log the results.
while true; do echo "$(date -R): $(dig +short IN A @)“;
sleep 1; done
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 21 Nov 2019, at 01:09, Bind Mailinglist wrote:
>
> Hello Ondřej
>
Put a proxy between BIND and your monitoring team?
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 26 Nov 2019, at 00:38, Veaceslav Revutchi wrote:
>
> I'm looking for a way to detect and alert when our monitoring team
> starts pulling the stats from our resolvers by http://resolv
There’s a space after com
O.
--
Ondřej Surý
ond...@isc.org
> On 5 Dec 2019, at 13:29, Sten Carlsen wrote:
>
>>
>> zone "internal.nixcraft.com " IN {
>> type master;
>> file "lan.master.nixcraft.com";
>> };
>> }
-pair for every signed zone.
Ondrej
--
Ondřej Surý — ISC
> On 7 Dec 2019, at 18:36, Chuck Aurora wrote:
>
> On 2019-12-07 08:24, Elimar Riesebieter wrote:
>> is it possible to have one key pair for DNSSEC to sign subdomains in
>> different zonefiles?
>
> IIUC how it
g the real domain is very often misleading and prevents other
people from helping you.
I would start by checking the correctness of the zone file (with
named-checkzone) and making sure you bumped the serial number in SOA and you
reloaded the zone.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 10 De
r-cayenne.fr.
;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr. 3600IN A 186.2.246.17
;; Query time: 192 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: Tue Dec 10 14:45:16 CET 2019
;; MSG SIZE rcvd: 135
I don’t think it was an intent.
Ondrej
--
Ondřej Surý
ond...@isc.org
> O
Well, I already told you what’s wrong and you ignored that part. Please read it
again and understand what it means to delegate a part of the zone. Your
problems are not specific to BIND 9, it’s just your zone file is wrong.
Ondrej
--
Ondřej Surý — ISC
> On 10 Dec 2019, at 17:43, Edouard Gui
value.
Ondrej
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
You need to ask on your distro user support forum and not here. This topic is
beyond
the subject of this list as it could include all kinds of integrations that
your distribution
provides.
This is not a bind-users topic.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 19 Dec 2019, at 11
.
Ondrej
--
Ondřej Surý — ISC
> On 17 Jan 2020, at 20:52, Steve Farr via bind-users
> wrote:
>
>
> Hi there,
>
> I'm hoping perhaps someone can point me in a good direction for
> troubleshooting here… I recently upgraded from BIND 9.9.10-P3 running in
> 3
Run named with -4 option, that will disable IPv6.
Please note that filter--on-v4 was always wrong. You should fix your
network instead. It’s a bandaid, not a fix.
Ondrej
--
Ondřej Surý — ISC
> On 20 Jan 2020, at 04:38, Carl Byington via bind-users
> wrote:
>
> -BEGI
this mailing list.
Ondřej
--
Ondřej Surý — ISC
> On 20 Jan 2020, at 15:19, Steve Farr via bind-users
> wrote:
>
> Yeah, it's hard to disagree on the "should" part but we all definitely have
> to administer networks in an imperfect world... To my mind, when the
could try
enforcing AFRX on salt change.
This is currently tracked as
https://gitlab.isc.org/isc-projects/bind9/issues/1447
and associated feature request:
https://gitlab.isc.org/isc-projects/bind9/issues/1515
Ondrej
--
Ondřej Surý
ond...@isc.org
___
Pleas
NSEC3 is like a toilet window. You want it translucent, not transparent. For
that purpose, it serves well.
--
Ondřej Surý — ISC
> On 21 Jan 2020, at 17:05, Jim Reid wrote:
>
>
>
>> On 21 Jan 2020, at 15:59, Daniel Stirnimann
>> wrote:
>>
>> I agree
of using HSMs with BIND 9, so don’t be afraid to fill issues and feature
requests in BIND 9 GitLab issue tracker:
https://gitlab.isc.org/isc-projects/bind9/issues
Ondrej
--
Ondřej Surý
ond...@isc.org
___
Please visit https://lists.isc.org/mailman
Hi,
did you try stopping BIND, removing journal files and then starting BIND again?
If the signed copy of the zone got corrupted in the memory, you might be
dumping the corrupted version on disk again with `rndc reload`.
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 22 Jan 2020, at 12:11, Ju
Hi Kal,
thanks for testing the new feature. This sounds like a bug to me. Could you
please fill issue in our GitLab (https://gitlab.isc.org/), so we don’t lose
track of the bug.
Thank you,
--
Ondřej Surý — ISC
> On 2 Feb 2020, at 10:53, Kal Feher via bind-users
> wrote:
>
>
confidential, we
will sanitize it before making the issue public in the future. You may use
pandora.isc.org to drop of larger files in a confidential matter and link it to
the GitLab issue.
Ondřej
--
Ondřej Surý — ISC
> On 5 Feb 2020, at 19:28, Matthew Richardson wrote:
>
> I have an in
> How do I fix this issue?
You don’t, their DNSSEC is broken:
https://dnsviz.net/d/emeraldonion.org/dnssec/
They have to either start signing again or remove DS record from the parent
(org).
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 8 Feb 2020, at 02:36, Alessandro Vesely wrote:
&
If `dig +dnssec +cd emeraldonion.org mx` will give you answers and `dig +dnssec
emeraldonion.org mx` does not, then it’s most probably validation failure.
Then of course based on your logging setup, the validation failures might be
visible in BIND 9 log.
Ondrej
--
Ondřej Surý
ond...@isc.org
The wildcard doesn’t cover empty non terminals.
The only nonstandard implementation that did this was djbdns and the behavior
was considered to be incompatible with rest of the DNS implementations.
Ondrej
--
Ondřej Surý — ISC
> On 11 Feb 2020, at 15:59, Petr Bena wrote:
>
> Hell
.
Ondrej
--
Ondřej Surý — ISC
> On 18 Feb 2020, at 23:22, Matthew Richardson
> wrote:
>
> Having upgraded to 9.11.15 I am still seeing similar problems, where some
> zones stop updating their signatures. I have a suspicion that "rndc
> reconfig" might get them re-
You can’t do this. The signatures are unique per zone and thus the files need
to be unique as well. Just write a small provisioning on your side that
duplicates the files.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
Please stop framing this as this is BIND 9 fault. I’ll report this to Apple as
I can reproduce this on my machine too on unprivileged account.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your
> maybe named is using some special system call
Named is not using anything special. All the stuff is just libraries and
standard API.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your nor
-exempt {
10.0.0.0/8;
2001:db8::100;
};
If that doesn't help, I would suggest to fill an issue in our GitLab, it seems
like a genuine bug.
Ondřej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not
As Mark said - you need to take this to Apple. It could be kernel bug, it could
be a compiler bug. Userspace program crashing the hardware is pretty bad, but
there’s nothing we can do on our side.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different
I spent last two hours crashing my computer while bisecting the issue,
and you would not have guessed the commit that causes this:
commit f063ee276e4a7f6cfccbefa969e8db8df952348b
Author: Ondřej Surý
Date: 2022-05-18 14:10:58 +0200
Use libuv CFLAGS and LIBS when checking for features
DO flag is indication to “do DNSSEC”, it has no other meaning. You should be looking for AD flag.As for delv output - it prints out which names are validated and those that are not. I don’t see anything wrong here.--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different
your semestral project ends?
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 1. 11. 2024, at 15:22, Leonie Seelisch
> wrote:
>
>
> Dear users a
You haven’t pasted the contents of the include files, but most likely it’s the
contents of /etc/bind/named.conf.options that are missing the semicolon at the
end, but the parser only complains at the next directive which is located in
the main config file.
--
Ondřej Surý — ISC (He/Him)
My
secondary site,
or use anycast for each primary, but since you are hosting “example.com” I
don’t think it matters much.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 27
agile, not resilient.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the deve
/~sgtatham/bugs.html
We don’t plan to drop dnstap any time soon, if that’s what you are asking.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 19. 9. 2024, at 8
there's no reason to add those extra records.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 3. 10. 2024, at 11:21, 大浦 義 wrote:
>
> ;; WARN
> On 5. 11. 2024, at 15:32, N M wrote:
>
> What changed between bind-9.18.30 and bind-9.18.31 that would cause it to not
> compile?
Centos 7 went end-of-life, so we no longer care about it. That’s what has
happened. You should not be using system past the EOL date.
Ondrej
--
Since the libuv bug is in the open, I’ll link it here as well:
https://github.com/libuv/libuv/issues/4594
I’m in contact with Apple folks, and they have all the information they need
now.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do
> On 6. 11. 2024, at 16:22, Mike Hodson wrote:
>
> Why is the bind project using such a library that seems to be perennially
> unstable?
You are absolutely and utterly wrong in your assessment.
Ondřej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working
ility,
but for small setups this could even be just a manual intervention - you can
configure the IP address on the second server in the case of the outage.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outs
I think the good starting point is exactly the question that Marco asked - we
have no idea what Jean-François is trying to achieve.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working
> On 24. 11. 2024, at 13:10, James wrote:
>
> Is this my mistake or bind's?
Hard to tell since you have provided virtually no information in your email.
You need to share the configuration and the logs for the start if you want the
community help.
Ondrej
--
Ondřej Surý — IS
version number, but
it has a pile of patches all in the name of “stability”. Unfortunately, the
Linux distro customer like this “make believe” game which doesn’t really work
for anything slightly more complex than a simple utility.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your
Hi Klaus,
we've identified an issue in the glue cache that have been causing drops in the
performance.
Can you test a development branch or do you need fix on top of 9.20?
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please d
Hi Klaus,
the bind-dev repository is now at 9.21.2-302-gebe0db5daad-1 as I remember
you are using Debian on the servers, right?
Could you test that version if you can see the same timeouts you've been
encountering before?
Thanks,
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working
during the fall semester and the images work just fine both for authoritative and recursive workload. And I’ve tested them using both docker and podman.Ondrej--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal
s/raw/bind-9.18.34-dev.tar.xz
* [9.20.6-dev]:
https://gitlab.isc.org/isc-projects/bind9/-/jobs/5204024/artifacts/raw/bind-9.20.6-dev.tar.xz
Thanks for anyone who will test this,
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not
will be released sometime
in 2026.
Here is the upstream guide:
https://mesonbuild.com/SimpleStart.html
You can follow the progress in the following merge request:
https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8989
Thanks,
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and
s/raw/bind-9.18.34-dev.tar.xz
* [9.20.6-dev]:
https://gitlab.isc.org/isc-projects/bind9/-/jobs/5204024/artifacts/raw/bind-9.20.6-dev.tar.xz
Thanks for anyone who will test this,
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not
0-Feb-2025 08:31:39.626 lame-servers: info: REFUSED unexpected RCODE resolving
'kriss.re.kr/MX/IN': 134.75.30.1#53
but there are no debug lines:
$ grep debug named.log
Whatever you are doing, it looks like your local configuration / operations
problem.
Ondrej
--
Ondřej Surý (He/Him)
t the word “groper” had the
connotations when dig was acronym “domain internet groper”. However in the
current discourse, using word “groper” is just *ew*, and it is possible to take
an action and just stop using that term, because exactly — the context matters.
Ondrej
--
Ondřej Surý — ISC (He/Him)
n is same as if you would have asked whether we
will keep changing the tools we use to build the technology?
The answer to both are yes. We will adapt to the living word and be considerate
people not only to ourselves but also to others that we share the society with.
Ondrej
--
Ondřej Surý — I
/month VPS. Alternatively get (used) RPi
and host it on a local network.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 10. 2. 2025, at 15:07, Turritop
You need to check the linked MRs, the original was indeed introduced in 9.20.5,
but there's a fix:
https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9985
And that hasn't been released yet.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working ho
packages installed, see
here:
https://documentation.ubuntu.com/server/reference/debugging/debug-symbol-packages/
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 1. 2. 2025,
e line you just quoted:
https://bind9.readthedocs.io/en/latest/reference.html#built-in-empty-zones
The file in debian was incomplete while the default built-in empty zones are
much longer list. There's no point
in maintaining both lists at the same time when the built-in works just fine.
Hi Support Info,
that’s quite unusual name!
The BIND 9 packages in Debian have been properly updated:
https://tracker.debian.org/pkg/bind9
Whatever you are seeing is your local problem.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do
peaking of the best practice, I would
recommend using the current naming of the server roles and current
naming of the configuration options.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
1. https://datatracker.ietf.org/doc/html/rfc8499
My working hours and your working hours may be different. Please do
he generated entry and the final
release notes should
be close to zero).
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
--
Visit https://lists.isc.org/mailman/li
You'll find the "changelogs" in doc/changelogs now, the file is now
autogenerated
from merge requests.
If you want to see development changelog, it is more useful to do
git log --merges
or just
git log
Ondřej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your wo
Alternatively these links also work:
9.18: https://bind9.readthedocs.io/en/bind-9.18/changelog.html
9.20: https://bind9.readthedocs.io/en/bind-9.20/changelog.html or
https://bind9.readthedocs.io/en/stable/changelog.html
Cheers,
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your
<http://example.com/> if the subdomain is correctly signed.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 10. 12. 2024, at 20:07, Nick Tait via bind-user
on SOA and DNSKEY records just to be sure nothing stays in the cache for too long.Then before the change I would change those TTLs to 0, wait out the previous TTL, and then again just fold the data, and the resolvers should immediately switch to new chain.Ondrej--Ondřej Surý — ISC (He/Him)My working
s.gdcs.disa.mil IN NS
cds.disa.mil IN NS
e1008.d.akamaiedge.akamai.csd.disa.mil. IN A
Ondřej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 17. 12. 2024, at 20:5
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 17. 12. 2024, at 21:16, Ondřej Surý wrote:
>
> disa.mil servers are timing out on me over IPv6:
>
&
Hi Guillaume,thanks for reading the instructions. I’m afraid you’ve hit a bug and filling an issue would be appropriate in this case.I also think that Klaus (in Cc) seen similar crash.We would appreciate if you can provide coredump and binaries with debug symbols.Ondrej--Ondřej Surý — ISC (He/Him
.gbp5b5fe5-Debian <<>> +tries=1 -4
IN NS @nstll.eulisa.europa.eu. _domainkey.eulisa.europa.eu
; (1 server found)
;; global options: +cmd
;; no servers could be reached
Cheers,
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
You
need to do the measurements
that match your environment.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 23. 1. 2025, at 17:16, sami.ra...@sofre
other people
by keeping this thread alive and asking other people to do this work for you.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 24. 1. 2025, at 22:32, Lee w
options
Please be aware of these changes to configuration files when upgrading the
packages as this could result in named not starting.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your
half of bug fixes and security issues
remedies.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 28. 1. 2025, at 6:32, Nagesh Thati wrote:
>
> severity dynamic;
bmit a solid correct patch with a good reasoning,
there's probably nobody that is going to work on this.
The itch to scratch here isn't particularly bothering.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obli
Hi Klaus,
thanks for reporting back. The patch from the Debian package will be included
in the next release, so thank you for the prompt testing. Much appreciated.
Also glad to hear that the XFR speeds improved due to this change.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours
is possible to have smaller and faster, sometimes the smaller even
means faster, but there are times where faster means larger.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours
quickly detected at the shutdown as there are safeguards in place.Ondrej--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.On 13. 2. 2025, at 13:47, Robert Wagner wrote:
Not sure if we
It's absolutely ok to drop the dependency for your custom packages.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 13. 2. 2025, at 17:17, Malcolm Scot
It does, and it follows the FHS, so not in /etc.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 16. 3. 2025, at 17:08, Timothe Litt via bind-users
> wrote:
&
then there's always the third option that's listed in the mailing list
footer:
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working h
this was the first time I've ever heard about tj-actions in
my life.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
signature.asc
Description: Message signed
only if you need to - starting with blazingly fast classification would
be a better option.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 21. 3. 2025,
It might, except it has been removed (now I admit I don’t remember in which
version), because it was proprietary and never had any real users. It should
work while it is still available, but I am not really keen on resurrecting the
API for yet another proprietary thing.
Ondrej
--
Ondřej Surý
This looks like named is not sending the systemd notifications to the
supervisor. Is there anything unusual on your system? Are those stock ISC
packages?
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply
/filter_
plugins.
We would be happy to accept any work that extends the plugins API if you need
one.
For constructing the modified message, I am afraid there’s nothing like
“developer’s documentation”, you are the first one who asked about the plugins
API in years.
Ondrej
--
Ondřej Surý — ISC (He
w my advice :shrug:. The bits of information you have provided
are not sufficient to meaningfully
help you.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
signature
ll the details about the domain name configuration
and the related logs. You can’t expect help without sharing the full
information about your problem.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside
> dig +short +nsid version.bind. txt ch @dns4.p08.nsone.net
This needs to be this: ^^^
You missed @ and thus you asked your local resolver.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your nor
Sure, here is 9.18.26 with all the required patches:
https://ftp.isc.org/isc/bind9/9.18.34/bind-9.18.34.tar.xz
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 28
Sounds like this: https://gitlab.isc.org/isc-projects/bind9/-/issues/3896--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.On 4. 3. 2025, at 10:01, Klaus Darilion via bind-users wrote
anent marked this not
a spam account.
Feel free to fill the issue, but I can't promise this will be looked at quite
soon
as this is in the "doctor it hurts when I do this" territory.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be diffe
Start with upgrading to the latest 9.18. You are 8 versions behind, and yes,
bugs get fixed.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 27. 2. 2025, at 23
Providers (5.5.6 and onwards):
https://bind9.readthedocs.io/en/v9.20.6/chapter5.html#pkcs-11-cryptoki-support
Cheers,
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On
ethod as the
distributions supporting that will get deprecated. As of now, the
change you mentioned will be included in Debian Trixie that hasn't
been released yet, and there's too many installations that still use
the old method
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours a
Have you read:
https://kb.isc.org/docs/dnssec-key-and-signing-policy
and
https://bind9.readthedocs.io/en/latest/dnssec-guide.html
This RFC should give you some background too:
https://datatracker.ietf.org/doc/html/rfc6781
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and
plugin: https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/968/diffsIt is outdated, but it does synthesize DNS messages on the fly, so it might be a good starting point.Ondrej--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different. Please do not feel obligated to
Michael,
you can hardly create a static list from all of the domains that can possibly
exists.
I do understand the usefulness of dynamic classification.
There’s just not a straightforward interface for it now. Somebody will have to
invest into writing this :shrug:
Ondrej
--
Ondřej Surý — ISC
Hi again,if this is something that is going to be open-source and the whole BIND 9 users community would benefit from this, I would love to hear and see more.Ondrej--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different. Please do not feel obligated to reply outside
It’s been tracked as https://gitlab.isc.org/isc-projects/bind9/-/issues/5268 and https://github.com/Homebrew/homebrew-core/issues/217127Ondrej--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working
ch and stragglers. You
should do this anyway as an ISP if you have resources for this.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
--
Visit https://lists.isc.org/
distribution does it use.As I said - too many moving parts and it’s not even clear where to start the debugging.Ondrej--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.On 10. 5. 2025, at 9:03, Greg
You are running an unsupported BIND 9.18 release. I would start with upgrading
to the latest 9.18 or even 9.20 release. There’s no point in debugging software
that’s missing one year of accumulated bug fixes.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be
-explained/ for more
details (search for jeprof for tldr).
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 18. 5. 2025, at 23:21, Philip Prindeville via bind-us
501 - 600 of 622 matches
Mail list logo
