planned) way, to generate reverse-responses
"on-the-fly" with bind? I'm using the latest bind (9.10.4-P2).
Many thanks for your help.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this
tion in the
"catalog-zones"-directive to properly "speak" XoT?
btw: Using dig for transferring the zone from the primary with XoT and
TSIG is working fine:
$ dig @192.168.1.1 -k /tmp/key +tls +onesoa axfr example.ch
Many thanks in advance,
Tom
--
Visit https://lists.isc.
Hi Aram
Thanks a lot for your quick response. I've tested with 9.18.10 which
definitely solved this issue and XoT for catalog-zones is now working fine.
Best regards,
Tom
On 1/9/23 16:38, Aram Sargsyan wrote:
Hello Tom,
I see you are using BIND 9.18.9, can you retry with the l
-9.19.10 behaves differently to BIND-9.18.12 regarding
lookups after flushing the name "ns2.comtronic.ch"?
- BIND-9.19.10 does A and lookups after flushing the name
"ns2.comtronic.ch", where BIND-9.18.12 only queries for A records
Many thanks for any hints.
Hi Ondrej
I've created the issue:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3885
Best regards,
Tom
On 2/21/23 14:24, Ondřej Surý wrote:
Tom,
the ADB (Address DataBase) responsible for caching the delegations had been
heavily refactoring in 9.19 branch, I think the best cour
mselves or making static
PTR-entries? How does other companies handle this issue?
Kind regards,
Tom
On 08/26/2016 09:17 AM, Woodworth, John R wrote:
Hi list
I'm searching a way to respond to IPv6-PTR-Queries like the "$GENERATE"
-mechanism for IPv4 has done it.
I re
=0x7f107b0a8700 (yahoo.com/A): rpz_rewrite_name: mismatched
summary data; continuing
...
...
The client receives the right response, dns-rpz is also working, but I'm
suspicious about the errors mentioned above. Any hints?
Thanks a lot.
Kind regards,
Tom
__
ormat map;" for this zone, then the error
disappered.
Any hints for this behaviour?
Kind regards,
On 08/30/2016 06:53 AM, Tom wrote:
Hi list
Using self-compiled latest bind (9.10.4-P2):
I have a bind-setup with activated response-policy-zones. For *each*
client-forward-query, w
Sorry...wrong post. After a little bit more testing, the errors are
still appearing. The masterfile-format didn't solved the errors
Thank you,
Tom
On 08/30/2016 08:20 AM, Tom wrote:
Hi list
After some more troubleshooting, I was able to locate the problem:
- One Spamhaus-Zone
Is there a workaround/configuration-directive not to log every request
with this "error"? One way would be using BIND 9.9.9-P2 (because this
code was added in 9.10.x...), but I would prefer 9.10.x.
Kind regards,
Tom
On 08/31/2016 03:05 PM, Tony Finch wrote:
Tom wrote:
I have a
Hi Mukund
Many thanks for your hint. In fact named was compiled with
"--enable-querytrace". After recompiling 9.10.4-P2 without querytrace,
the log looks good.
Kind regards,
Tom
On 09/06/2016 09:32 AM, Mukund Sivaraman wrote:
Hi Tom
On Tue, Sep 06, 2016 at 07:37:50AM +0200,
esponse
"on-the-fly", whose zone is configured as "slave"? Because we use
configured some third-party-rpz-zones, the soa-record is predefined...
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-us
#x27;slave/malware.rpz.spamhaus.org': already in use: /etc/named/named.conf:259
Is there a way to support RPZ in views? I want to achieve that
Customer01 (view01) should have different RPZ-options than Customer02
(view02) using the same RPZ-Files.
Thank you.
Ki
17:31:25.381 zoneload: error: zone example.com/IN
(unsigned): not loaded due to errors.
In which version will this issue be fixed?
Many thanks.
Kind regards,
Tom
On 11.01.20 08:48, Mark Andrews wrote:
Open a ticket saying “CDS/CDNSKEY not handled when performing constancy checks
DS 0 0 0 00
@ IN CDNSKEY 0 3 0 AA==
SCHNAPP
21-Feb-2020 08:13:40.939 general: error: zone example.com/IN (unsigned):
CDS/CDNSKEY consistency checks failed
21-Feb-2020 08:13:40.939 zoneload: error: zone example.com/IN
(unsigned): not loaded due to errors.
Th
Hi Mark
Heureka..., that did the trick. The zone is inline signed and after I
added the already existing DNSKEY records in the raw zone file, the
CDS/CDNSKEY deletion record was accepted and the zone was loaded.
Many thanks.
Kind regards,
Tom
On 21.02.20 21:08, Mark Andrews wrote:
> There
1638 (Thu Apr 9 08:16:38 2020)
example.com. 60 IN DNSKEY 257 3 13
uV/NtPZSL1fmO3FAi4pZCcbTl19iD3SizgVcDXGJEl1g4l/cHUGvVl33
3cx2cODA6RUj55pZa77g1VBtFBXByg==
Any hints, why in this case the dnssec-policy mechanism doesn't publish
the CDS/CDNSKEY records?
Many thanks.
Kind regards,
Tom
___
sion? Is there a better way with not enabling recursion
(perhaps with views) to accomplish this?
Many thanks for any hints.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC
d-keys.bind.jnl.
Any hints about this error?
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Cont
: expected
serial 2021050100, got 2021050300
03-May-2021 00:20:28.532 general: error: zone example.com/IN:
dns_journal_compact failed: unexpected error
Thank you.
Kind regards,
Tom
On 01.05.21 08:52, Mark Andrews wrote:
Named should automatically correct this error. The journal version was no
8. Jul 15:26
__catz___default_catalog.123456.local_example.com.db.jnl
Is this intentional or possibly a bug?
Many thanks.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the de
3cprtWPAOwEuUvaiV5DKYWxhJHrdU6FL7Jk2+aNavOao
lTzQMKev2OF6TqPhXXfaHANIz+tiVhZaeaDCDagkSA== )
...
...
What do I misunderstand here?
Many thanks for a hint.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
Hi Matthijs
Thank you for your explanation.
The documentation says, that "any record encountered with a TTL higher
than max-zone-ttl is capped at the maximum permissible TTL value".
Is the documentation wrong here?
Thank you.
Kind regards,
Tom
On 21.09.21 09:47, Matthijs Mek
n the RPZ log?
Many thanks.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.o
ning-state
without recreating a new KSK?
I assume, that disabling DNSSEC completely and creating a new ZSK/KSK
will work, but in the case now, I already have the mentioned KSK (61416).
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailm
Hi Matthijs
I've tried several times to reproduce this behavior..., dnssec-policy
always does his job. I did not currently succeed in reproducing the
behavior. I will make a few more attempts and otherwise inform you.
Thank you.
Best regards,
Tom
On 29.11.21 10:56, Matthijs Mekking
23 10:29:18 2022)
DNSKEYChange: 20220211092418 (Fri Feb 11 10:24:18 2022)
ZRRSIGChange: 20220211092418 (Fri Feb 11 10:24:18 2022)
DNSKEYState: omnipresent
ZRRSIGState: rumoured
GoalState: omnipresent
Any hints for this?
Many thanks.
Best regards,
Tom
--
Visit https://lists.isc.org/mailman/listinfo/bind-u
Hi Matthijs
Perfect, thank you for this information and clarifying this.
Best regards,
Tom
On 14.02.22 09:59, Matthijs Mekking wrote:
Hi Tom,
The lifetime is applied to new keys, so when the ZSK is rolled the
lifetime of the successor key should be 60 days.
I have considered applying it
domain on "dnsviz.net" (ZSK or KSK), which results in "Key
Length: 512".
# state file
$ grep Length Karcademics.ch.+013+19238.state
Length: 256
# The ZSK/KSK for this domain on "dnsviz.net"
Key Length: 512
What's the difference between this both values?
Many than
Hi Tony
Many thanks for your explanation!
Tom
On 10.05.22 10:46, Tony Finch wrote:
Tom wrote:
I'm wondering about the value of the "Length"-field in the dnssec-policy
state-file output, which results in "Length: 256" for domains, which are
signed with algo
600;
nsec3param iterations 0 optout no salt-length 0;
};
Many thanks for hints/explanations.
Best regards,
Tom
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us
On 11.05.22 11:26, Mark Andrews wrote:
Signature-refresh determines when the RRSIGs will be replaced by looking at the
expiration time and working backwards. New RRSIGs are generate Using
signature-interval.
Ah, perfect. Thx.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to un
se.ch.
;; Query time: 4 msec
;; SERVER: 10.100.102.21#53(test) (UDP)
;; WHEN: Tue Aug 16 17:14:21 CEST 2022
;; MSG SIZE rcvd: 120
Any hints why BIND adds the additional section while other resolvers
doesn't? Is there an option in BIND to behave like Knot/PDNS?
Many thanks.
Regards,
Tom
On 8/17/22 02:27, Evan Hunt wrote:
On Tue, Aug 16, 2022 at 05:28:19PM +0200, Tom wrote:
Using BIND-9.18.5 as a recursive server:
What's the reason, that BIND answers with the additional section for the
the following query where for example Knot resolver and also PowerDNS
resolver doesn&
On 8/17/22 06:45, Tom wrote:
On 8/17/22 02:27, Evan Hunt wrote:
On Tue, Aug 16, 2022 at 05:28:19PM +0200, Tom wrote:
Using BIND-9.18.5 as a recursive server:
What's the reason, that BIND answers with the additional section for the
the following query where for example Knot resolve
On 10/26/22 10:19, Matthijs Mekking wrote:
Thanks for this. It probably should be removed from the docs at this point.
When introducing dnssec-policy, my goal was to reduce the dozens of
DNSSEC related configuration options that are scattered throughout
named.conf and contain them in one sta
okup
$ dig @resolver +short -x 2a02:1368:6000::cafe
static-2a02-1368-6000--cafe.cust.swissbackbone.net.
# Forward-Lookup ()
$ dig @resolver +short
static-2a02-1368-6000--cafe.cust.swissbackbone.net.
2a02:1368:6000::cafe
Best regards,
Tom
On 10/27/22 19:23, Marco wrote:
Am 27.10.202
On 10/26/22 13:13, Tom wrote:
On 10/26/22 10:19, Matthijs Mekking wrote:
Thanks for this. It probably should be removed from the docs at this
point.
When introducing dnssec-policy, my goal was to reduce the dozens of
DNSSEC related configuration options that are scattered throughout
was set on the IP header (true for TCP, but never seen for UDP).
Which circumstands or which queries enforces BIND9 to set the "DF"-flag
on outgoing UDP-based packets?
Any hints for this?
Thanks a lot.
Tom
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubsc
On 11/30/22 09:27, Borja Marcos wrote:
On 30 Nov 2022, at 08:20, Tom wrote:
Hi list
Regarding ARM 9.18.9
(https://bind9.readthedocs.io/en/v9_18_9/reference.html#namedconf-statement-edns-udp-size):
"The named now sets the DON’T FRAGMENT flag on outgoing UDP packets."
Tested
nsfer the slave-zone again...just for the view2.
Thank you.
Tom
On 09/16/2016 12:22 PM, Tony Finch wrote:
Anand Buddhdev wrote:
In newer versions of BIND, you cannot share a writable file in different
views. This is a bad configurtion, and newer versions of BIND reject it.
Just use different
the reason, that it isn't necessary to run modern version of bind
in a jail?
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
http
Hi
Can someone explain the behaviour of "window" in the rate-limit-context?
I've tried "responses-per-second 10; window 3;" and had the same results
as "responses-per-second 10; window 5;".
Any simple explanation for the "window&quo
only appears about 60-65
seconds later, after I've stopped the "test"-attack (confirmed multiple
times..)?
My rate-config:
rate-limit {
responses-per-second 5;
slip 0;
window 5;
blem here? Why do I never have to wait
longer than about 5s until I'm able to query the nameserver from the
unique client with the same query again?
Many thanks.
Kind regards,
Tom
On 03/27/2017 11:33 AM, Tony Finch wrote:
Tom wrote:
Can someone explain the behaviour of "window&qu
or 3600.
Any hints / explanation for the behavior of the "window"-value?
Many thanks.
Tom
On 01/05/2018 07:27 PM, Tony Finch wrote:
Tom wrote:
Could someone explain the problem here? Why do I never have to wait longer
than about 5s until I'm able to query the nameserver
On 01/08/2018 12:37 PM, Tony Finch wrote:
Tom wrote:
Mmmh...I can't verify the meaning of the "window"-value. In my flood-tests, it
makes no differences, if I set this value to 5 or 60 or even 3600.
You'll only notice the window if you pause your flood test - it'
On 01/09/2018 02:49 PM, Tony Finch wrote:
Tom wrote:
If I set the "responses-per-second 5;" and the "window 30;", then begin
flooding (the responses are correctly dropped), then stop flooding, then
querying the nameserver from the same source for the same RR, I'll
On 01/09/2018 05:11 PM, Tony Finch wrote:
Tom wrote:
Slip is set to "0" (always drop). After stopping the flood, I'm immediately
able to query the same record (www.example.com) with a positive answer. Does
the "window 5;" or "window 30;" or "win
lookups.
I've tested with simple iptables-rules on my resolver, which are
blocking outbound-connections to one or more authoritative servers of a
zone for simulating the "lame-servers"-behavior.
Any explanation or hints for this (mis)-behavior?
Thank you.
Kind regards,
Tom
__
, to force BIND automatically to renew the RRSIGs?
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailma
will create new
log files.
...or you use "copytruncate", so the file will be copied and the other
stuff (compress, rotate 180, etc..) and then truncated, so BIND has
still the same filedescriptors open, but the logfile is rotated :-).
This way, you don't need to "rndc
e "rndc
dumpdb"-output I have a value for 605082.
Any hints?
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
htt
ndc dumpdb" nevertheless the
TTL in the form of "serve-stale" is shown (even if the
serve-stale-status = off)?
Thank you.
Tom
On 23.10.18 10:25, Michał Kępień wrote:
After querying my resolver for "testbla11.example.com", I receive a NXDOMAIN
response with a minimum-ttl (in
Hi all
Is there a way to override/rewrite QTYPE (ex. MX) with RPZ? If no, is
this planned in future releases of BIND?
Regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
Fore example "example.com" and "*.example.com" are blacklisted. I would
like to return a real ip address for special query types like MX or TXT,
but not for A or .
Tom
On 08.11.18 16:44, Barry Margolin wrote:
In article ,
Tom wrote:
Hi all
Is there a way to ov
eturns and removing
rejected email addresses from your databases. These often occur because the
customer no longer has the email address they originally gave you (or they had
a typo in what they gave you).
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Beh
Hi Daniel
Thank you for your feedback. This could be a solution.
It seems, that unbound can do this (not verified) and BIND-RPZ can't do
this actually:
https://serverfault.com/questions/18748/overriding-some-dns-entries-in-bind-for-internal-networks
Any plans for BIND?
Tom
On 12.11.
nd, why this happens when
"minimal-responses no;" is configured.
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
In both authoritative configurations I've set "minimal-responses no;",
but on 9.12.3-P1, no additional section comes back.
Thank you.
Kind regards,
Tom
On 15.01.19 19:15, Evan Hunt wrote:
On Tue, Jan 15, 2019 at 02:40:51PM +0100, Tom wrote:
After migrating from 9.11.x to 9.12.3-
On 16.01.19 08:08, Evan Hunt wrote:
On Wed, Jan 16, 2019 at 07:02:05AM +0100, Tom wrote:
$ dig +norec -4 @ns3.example.com www.mydomain.net
; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> +norec -4 @ns3.example.com
www.mydomain.net
; (1 server found)
;; global opt
.3-P1 on our authoritative servers and we have
the same behavior with 0-ttl with a invalid soa-query. Is this
bind-specific? Why does an invalid soa-record responds with 0-ttl in the
authority-section?
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Perfect.., many thanks for your hints.
Tom
On 29.01.19 16:33, Tony Finch wrote:
Tom wrote:
We're running BIND-9.12.3-P1 on our authoritative servers and we have the same
behavior with 0-ttl with a invalid soa-query. Is this bind-specific? Why does
an invalid soa-record responds with
aa tc ad; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;org. IN DNSKEY
...
...
Any hints for this behavior?
Many thanks.
Tom
___
Please v
that DNSSEC is working fine, but the error is confusing.
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.is
Many thanks for any hints/ideas.
Kind regards,
Tom
On 11.03.19 09:14, Tom wrote:
Hi list
We're sometimes receiving the same error as described in
https://gitlab.isc.org/isc-projects/bind9/issues/256 after reloading BIND.
zone example.com/IN (signed): receive_secure_serial: unchanged
What
here I can configure a zone-wide exception for
"qname-minimization" in a (pseudo)-way like this:
zone "gracenote.com." { qname-minimization off; };
What's the best way to "enable" resolution for the mentioned z
?
Thank you.
Kind regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ian-specific bug?
No, nothing Debian-specific :-)
You told Bind how to log queries in the config.
Now you have to tell Bind that he should start with the querylogging.
Do:
rndc querylog
Tom.
--
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https
printable name is then in DNS where I (and a few older nameserver)
don't want it.
So is there something possible like
update-policy { deny "*" name /^a-zA-Z0-9_\-/; };
?
(For thos who don't speak regex: deny all names with something in it what is no
letter or digit or underscore
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
perhaps my idea is quite stupid.
I think about following scenario:
A primary nameserver is script-managed via rdnc addzone/delzone and
nsupdate with data from a database.
I know, rndc generates nzf files, which are named by hash values of
the cor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Jan-Piet,
>> The question is: how to generate the name of a nzf file?
>> Is there a tool or an easy way?
>
> Maybe something like this? (Untested)
>
> echo -n internal | shasum -a 256 | awk '{printf "%16.16s\n", $1}'
>
Great - it works. :-
ttl's timeout, resolvers with the old nameservers cached will still
query them. Once the ttl's time out the new servers will be queried.
Hope this helps,
--
Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com___
Please
e master's log.
The other two slaves are running perfectly, no errors or delays what so
ever.
Bind version 9.9.2-P2 (recently upgraded to).
Any hints would be appreciated, as I feel like I've exhausted most
options.
Thank you.
--
Tom Sommer
On 5/8/13 12:25 PM, Cathy Almond wrote:
On 08/05/13 08:26, Tom Sommer wrote:
Hi,
I have a problem with one of 3 slave servers, all set up the exact same
way, with the exact same bind version and configuration.
One slave has a problem transfering zones from the master.
The logfiles are
On 5/8/13 8:15 PM, Tom Sommer wrote:
Another issue has arisen now though, the logfile is filled with lots of
named[5596]: zone example.com/IN: refresh: failure trying master
1.2.3.4#53 (source 0.0.0.0#0): operation canceled
and
named[5596]: zone example.com/IN: refresh: retry limit for
On 5/9/13 11:36 AM, Cathy Almond wrote:
I don't think you solved the problem - I think you moved it (or made it
happen faster...)
The refresh errors indicate that the master isn't responding to your
slave for some reason. That's what you'll need to investigate. I would
suggest auditing the di
On 5/9/13 2:19 PM, Luther, Dan wrote:
> Tom,
>
> What happens when you "dig +tcp example.com @1.2.3.4"? Specifically I'm
> wondering here if the slave you're having problems with is blocking TCP port
> 53. Such a configuration would allow you to query the
thesise the DNS64 .
Is there any way to configure BIND9 to comply with this RFC 6147 behaviour?
We're on 9.8.2, but I couldn't find anything related in the CHANGES for either
9.8 or 9.9.
Thanks,
Tom
___
Please visit https://lists.isc.org/
DNSSEC validation in the stub resolvers. Are there any other options,
and if not, are either of these two more preferred than the other?
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
2k.
So there problem is "solved" that way, but it still makes me very
concerned that the amount of entropy in use was so different. There is no
DNSSEC configured, no incremenal zone transfers (just notifications sent
from the master to all slaves).
Anyone have any theories on why this migh
DNS with
just one real server?
Thanks.
Best regards,
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind
On Wed, Aug 19, 2015 at 5:59 PM, Reindl Harald wrote:
> Am 20.08.2015 um 00:53 schrieb Tom Browder:
>> I have a single server with access to several IP addresses from my
...
>> I would like to run my own DNS server but I only have the one server
...
> they have to be on differe
single mail server?
Thanks.
Best regards,
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ave a fixed ip address?
Thanks.
Best regards,
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Saturday, August 27, 2016, /dev/rob0 wrote:
> On Sat, Aug 27, 2016 at 10:47:36AM -0500, Tom Browder wrote:
> > I do not control 3-octet networks but need reverse mapping for my
> > mail server.
>
> Discuss that with your ISP or netblock owner.
...
Thanks for the go
On Saturday, August 27, 2016, Warren Kumari wrote:
> On Saturday, August 27, 2016, Tom Browder > wrote:
>
>> My plan is to have two remote, authoritative name servers (master and
>> slave) for my owned domains. I would like to use rndc to control them from
>> my
ds you think necessary including your mail server's host name.
>
Thanks, Lyle!
Best regards,
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
h
On Saturday, August 27, 2016, Lyle wrote:
> On 08/27/16 10:54, Tom Browder wrote:
>
> https://calomel.org/dynamic_dns_ddns.htmlMy plan is to have two
>
> 2. Can I use rndc from my local host which doesn't have a fixed ip address?
>
> ...
> Let me Google that for y
haps
> the address range in which your local machine is to be allocated its
> address?
>
Thanks, Cathy.
Best regards
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
On Tuesday, August 30, 2016, Woodworth, John R <
john.woodwo...@centurylink.com> wrote:
>
> I have a slightly unorthodox view on this which may even offer a bit more
>
> security. The answers are listed below inline.
>
> ...
Thanks, Jo
the names I use for the IPv4 records.
Thanks for your always helpful advice.
Best regards,
-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc
ind it again.
On today's Internet, you want your mail server to EHLO with a name
> that has matching forward and reverse DNS with the server's IP. If
> you don't, you look unnecessarily like a spambot.
...
A very good reason, indeed!
Thanks again.
Best regards,
-Tom
___
t the systemd's restart facility
rate-limit. Please attach the log which contains the real cause of failure,
e.g. by using:
# journalctl -u bind9
--
Tom Krizek
OpenPGP_0x01623B9B652A20A7.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
--
Visit h
I just read the release notes from Bind 9.7.2-P3 and noticed that behind every
short description of a change there is a number beginning with RT.
I hope this is some kind of ticket number were more detailed information about
this change could be found?
My question:
Were do I find these tickets?
Consider the option "transfers-in".
Look at the output of:
rndc status
If you notice that the "soa queries in progress" number is high in
proportion to the number of slave zones maintained by the server, you
should increase the transfers-in number (the default is 10 as I
recall). That means
ers as the rootzone.
I don't see any DNS-problems at all, only the +trace-option is behaving weird.
Can anybode tell me why? What does this option what normal DNS queries don't do?
Tom.
--
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!
Jetzt informie
>
> What strikes me as odd is that the first query does return 4 (internal)
> root servers, but no glue records ?
I have no idea why this is this way.
> Given those root name servers, do you have A-records for root[1234] in
> your root zone ?
Yes, of course. From my root-zone:
. 10800 I
Original-Nachricht
> I believe what is missing the root cache file.
>
> The root server would have glue records point to GTLDs, like this
>
> Then the GTLDs would have glue records pointing to nameserver of the
> domain you are trying to trace.
>
> What you are seeing is yo
> >> What strikes me as odd is that the first query does return 4 (internal)
> >> root servers, but no glue records ?
> >
> >I have no idea why this is this way.
>
> Because +trace only displays the answer section of the responses by
> default.
> Try "dig +trace +additional".
Hi Chris,
you are
1 - 100 of 148 matches
Mail list logo
