anyone else seeing similar behavior?
>
> --
> --
> Do things because you should, not just because you can.
>
> John Thurston907-465-8591john.thurs...@alaska.gov
> Department of Administration
> State of Alaska
>
> --
> Visit https://lists.isc.org/mailman/lis
Hi,
Looks like stork agent doesn't work in a named chroot environment.
On one of my systems, it complains about non-existing config file:
stork-agent[129190]: time="2023-01-27 04:47:07" level="warning"
msg="cannot parse BIND 9 config file /etc/named.conf: exi
>> I recently made an upgrade of BIND to version 9.18.11 on our
>> resolver cluster, following the recent announcement. Shortly
>> thereafter I received reports that the validation that lookups of
>> "known entries" in our quite small RPZ feed (it's aroun
Hi,
by default, the files written by BIND when acting as a slave is
not in "text" format, but is some binary file format, I beleive
what is referred to as "raw" format.
Once in a while it's desireable to be able to see the contents of
the slave zone file as plain
Regards,
- Håvard
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
htt
30 Jan 2023 at 10:11, Havard Eidnes via bind-users <
bind-users@lists.isc.org> wrote:
> > Named-checkzone and named-compilezone are the same executable.
> > Named-checkzone looks up remote records to more completely
> > detect configuration errors. See the man page for detail
problem: Even after running "rndc dnssec -checkds published
example.com" the KSK stays in DSState rumoured. I've got the following
messages in the log:
keymgr: checkds DS for key example.com/RSASHA256/12345
seen published at Mon Jan 30 10:58:16 2023
zone example.com/IN (signed): recon
sc introduced the filter yeas ago - in theory there is no reason to
> block nor A. But blocking A depending on the existence of makes no
> sense at all.
> (as bind at moment is doing)
I’ve found one edge case where blocking records fixes something in order
to
Hi Sandeep.
>From a quick look in Wireshark at what my own server (9.18.8) is doing,
this looks like Akamai not responding correctly to a BIND QNAME
minimisation query. Here's one response, from 95.101.36.192 for example, of
many similar ones showing an issue. The response code shou
view they are talking to. Let me know
if you need more info about how to set this up?
Nick.
On 6/02/23 01:08, Darren Ankney wrote:
Matthias,
This is what I did to force my resolver bind instance to lookup my
internal domain directly on my authoritative bind instance without
asking any other
the internal machines continue to use the public address, but the
packets don't actually get routed out to the Internet.
Nick.
On 7/02/23 19:45, Matthias Fechner wrote:
Hi Darren, Hi Nick,
at first thanks a lot for your answer.
I see that I have not explained my use-case detailed
r automatically, and
instead create a recurring reminder for yourself to initiate the KSK
roll-over manually? That way you'd never get caught out with a KSK
roll-over happening when you weren't prepared for it?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
Hi,
I have a local caching resolver running bind 9.16.30
on NetBSD/amd64 9.3.
I'm currently hitting it on localhost with
approximately 200 qps, and it reliably gets killed
after approximately 3 hours with "out of swap"
messages in dmesg.
The system in question is a Xen VPS with 6
Hi Jan.
There could be SO many things going on here. I have a few questions:
- Do you mean 200 QPS or 200,000 QPS? I was wondering if a "k" had missed
the print. If it's really 200, this box (not necessarily just BIND) sounds
very ill. 200 QPS is background noise and (depending
"John W. Blue via bind-users" wrote:
> At the risk of stating the obvious .. have you tried 9.16.37 or 9.18.11?
I haven't yet, but will give that a try.
Thanks!
-Jan
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the d
ookups of second-level domains.
> That turned into a bit more than a few! I hope some of that helps a bit.
It does, in that it gives me plenty to do to better
nail down the problem. :-)
Thanks - if I come up with anything, I'll report back.
-Jan
--
Visit https://lists.isc.org/mailman/li
What must i specify in the update-policy option for the example.de domain?
Regards, André
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org
-
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists
17:58, Danilo Godec via bind-users wrote:
Hello,
in the near future I will have to change NS records for one of my
domains, as DNS servers currently use an old domain (not mine), that
will be phased out. DNS servers will actually remain the same, only
the domain name will change.
So, basi
at you're after:
grant key-name name host1.example.de. A;
You will be aware that the type list can take multiple space-separated
values.
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid s
milar with TSIG by giving the key the same name as the machine but
you also need to add key clauses for all the TSIG keys to named.conf.
On 14 Feb 2023, at 07:55, André Steden via bind-users
wrote:
But i don't want to specify all possible hostnames in the update-policy
settings .
there
Jan Schaumann via bind-users wrote:
> Greg Choules wrote:
> > - Are you stuck on 9.16.30 for some reason? If not, grab the latest 9.18
> > package. It will be less memory hungry generally and contain fixes for
> > recent issues.
>
> Yeah, will give that a try.
Upg
rective and restarting named (even
with 'severity debug'), I don't see this line in the
logs now. Not sure why that would be.
That number seems right. I guess for the overall
system load, that default value was too high, and my
setting it (to 2GB, in this case) seems to have
re
On 14/02/23 05:39, adrien sipasseuth wrote:
"You configure parental agents and named will check which DS’s are
published. Named won’t complete the
roll until it knows the new DS is published."
=> what is parental agent ? i don't find this term in Bind
documentation. From
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
https://www.five-ten-sg.com/mapper/bind contains links to the source
rpm, and build instructions. This .src.rpm contains a .tar.gz file with
the ARM documentation, so the rpm rebuild process does not need sphinx-
build and associated dependencies
lt) called "named_dump.db" in named's working
directory. Grep for NXDOMAIN in that file.
Cheers, Greg
On Tue, 14 Feb 2023 at 15:29, Jan Schaumann via bind-users <
bind-users@lists.isc.org> wrote:
> Jan Schaumann via bind-users wrote:
> > Greg Choules wrote:
>
>
Greg Choules wrote:
> Since the queries are unique the responses should be NXDOMAIN
Well, _some_ of them will be NXDOMAIN, many others
will be NOERROR or NODATA etc., no? But yes, they all
ended up contributing to the cache growing, and it
seems that 90% of physical memory all in use by b
Point taken. Unique does not necessarily mean non-existent and *something*
will end up in cache. So restricting your max-cache-size would seem to be
the thing for you. If it were my server, I would monitor just how much RAM
is getting used in total and adjust max-cache-size to allow BIND to use as
st max-cache-size to allow BIND to use as
> much RAM as you can afford. That way you minimise the frequency of cache
> cleaning, which is an overhead.
Yep. And in the process I learned a bit about tuning
bind, so it's all good.
Thanks for the help!
-Jan
--
Visit https://lists.isc.or
76.private
update add ns1.example.com 3600 IN A 10.0.0.1
update add ns1.example.com 3600 IN 2001::1
send
%
You can do similar with TSIG by giving the key the same name as the machine but
you also need to add key clauses for all the TSIG keys to named.conf.
On 14 Feb 2023, at 07:55, André Steden via
On 17/02/2023 16:06, Bob McDonald wrote:
I'm implementing a caching resolver under FreeBSD 13.1 running on a
RaspberryPI. Bind 9.18.11
My named.conf is below. My question is do these look like workable
options? I include logging and a statistics channel in my preliminary
implementation
Yes it does. I guess all name servers offer a command to force a transfer of
the zone without checking the serial. The ones I use support that:
Bind: rndc retransfer
NSD: nsd-control force_transfer
PowerDNS: pdns_control retrieve
Knot: knotc zone-retransfer
regards
Klaus
TSIG tsig-key.movie.edu: tsig verify failure
(BADKEY)
I'd take packet captures of both cases and compare them, see what the
differences are.
Hope that helps.
Greg
On Tue, 21 Feb 2023 at 16:06, Patrik.Graser--- via bind-users <
bind-users@lists.isc.org> wrote:
> Hi all
>
>
>
> Due
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Bob
> Harold
> Gesendet: Freitag, 24. Februar 2023 19:26
> An: bind-users
> Betreff: DNS DDoS protection
>
> Before answering this question, can you tell me the proper place where I
> should be ask
Hello!
I always was quite sure that Bind will request XFR from the Primary that sent
the NOTIFY.
config:
masters {
X.X.X.4;
X.X.X.20;
};
Bind Version 9.11.5.P4+dfsg-5.1+deb10u8
But I just saw this in the logs that the first NOTIFY is received from .20, but
AXFR is
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Mark
> Andrews
> Gesendet: Donnerstag, 9. März 2023 21:04
> An: Jan-Piet Mens
> Cc: bind-users@lists.isc.org
> Betreff: Re: Correlation between NOTIFY-Source and AXFR-Source
>
> Named just uses the
the named.conf file and not actually zone contents.
What am I failing to understand?
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of thi
Hi Paul,
Thank you for explaining.
On 3/10/23 12:21 AM, Paul Stead wrote:
Imagine that 1.1.1.1 has lost network connectivity recently. A notify
comes from 2.2.2.2 - if I understand correctly Bind will try 1.1.1.1
first, time out and then try 2.2.2.2 - even though we know given the
situation
ie
smime.p7s
Description: S/MIME Cryptographic Signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users ma
ed in minutes.
I've always simply considered it faster than the alternative. In this
case, before the secondary would naturally get to it's refresh / retry
timer.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
--
Visit https://lists.isc.o
.0.2 won't
cause named to actually listen there.
-Original Message-
From: bind-users On Behalf Of Serg via
bind-users
Sent: Sunday, March 12, 2023 10:55 AM
To: bind-users@lists.isc.org
Subject: Bind listener to an IPv6 from AnyIP subnet
Hello, I am trying to bind named listener
Hi Serg.
Can you post the output of "named -V" please?
You're looking for "--disable-linux-caps", which you don't want.
I'm not sure how (if) BIND interacts with AnyIP, but it should pick up new
interfaces as they are added, *if* it is built with the necessary
c
Hi,
Have you checked the syntax?
try this:
$INCLUDE "/var/named/zones/masters/rpz.local.data";
Regards,
Sachchidanand
From: tcpnag...@gmail.com
To: m3...@m3047.net
Cc: bind-users@lists.isc.org
Sent: Friday, March 17, 2023 9:18:32 AM
Subject: Re: BIND 9.16.30 - $INCLUDE f
Hi,
(please do not start a discussion on the usefulness of views. I'm not in favor
of views, but sometimes I have to work with them).
I have a client that runs a split horizon (internal / external view of the same
domain namespace) setup with BIND 9 on Linux.
Both the internal and ext
y. Consequently I've only done a
key rollover a couple of time in that period.But this setup has been working
fine for me the whole time.Nick.
Original message From: Matthijs Mekking
Date: 18/03/23 3:43 AM (GMT+12:00) To: bind-users@lists.isc.org Subject: Re:
KASP: sha
Hello, good morning.
I'm trying to setup DNNSEC and I've been using Bind9.16 packages available
in Oracle Linux 8. Somehow there are also "Bind" packages, which default to
9.11 version. Being a new installation I went for 9.16. The problem now is
that dnssec-keygen seems to
rward?
Thanks.
Os melhores cumprimentos
David Alexandre M. de Carvalho
═══
Especialista de Informática
Departamento de Informática
Universidade da Beira Interior
-Original Message-
From: bind-users On Behalf Of Jan-Piet Mens
Sent: 20 March 2023 18:12
To: bind-users@lists.is
sri.biopyrenees.net A 3.4.5.6
>
>
>
> Is it normal ? Is there a way to have the good answer on my SrvB ?
>
>
>
> With tcpdump, I see the same behavior with a record that works and with
> the record that doesn’t work…
>
>
>
> Thanks for yo
Thank you so much for your help.
Unfortunately it seems bind-utils 9.11 and 9.16 can not co-exist (at least in
Oracle Linux 8). I had problems with dependencies and didn’t force anything
until having more information.
Thanks once again!
Regards
David Carvalho
From: bind-users On Behalf
Brilliant!
Thank you so much!
Regards
David
From: Petr Menšík
Sent: 24 March 2023 11:05
To: David Carvalho ; bind-users@lists.isc.org
Subject: Re: dnssec-keygen not available in Bind9.16-utils package?
I have tried it on fresh RHEL 8.7.0, which should be similar to what you get on
Hi.
Thanks for the reply. Very useful information!
Kind regards
David Carvalho
From: Jiaming Zhang
Sent: 24 March 2023 12:33
To: David Carvalho ; 'Petr Menšík' ;
bind-users@lists.isc.org
Subject: Re: dnssec-keygen not available in Bind9.16-utils package?
Hello Davi
few seconds in such a setup:
customer --> incoming-bind --> distribution-bind --> public facing secondaries
Once a day, the distribution server stops sending NOTIFYs for some minutes (the
incoming is working fine), while still processing incoming NOTIFY and fetching
the zones. See logs
>
> https://bind9.readthedocs.io/en/stable/reference.html#namedconf-statement-notify-rate
Will that feature throttle Notifys or stop them completely for some minutes?
Thanks
Klaus
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC fun
> > On 24. 3. 2023, at 14:36, Klaus Darilion via bind-users us...@lists.isc.org> wrote:
> >
> > Is there some rate liming in Bind?
>
> https://bind9.readthedocs.io/en/stable/reference.html#namedconf-
> statement-notify-rate
For the records: Increasing the n
;
> Recursive queries to a pair of matching bind 9.16 servers on openbsd 7.0
> are timing out unexpectedly for only two names: "www.edison.tn.gov" and "
> www.tn.gov". Both bind instances are otherwise working fine, and have
> been for some time.
>
> The q
. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more
prevent the world from querying it in addition to the public zones that
are allowed to be queried by the world.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC
ems to
support that.
;-)
I bring this up as this is something that I've stubbed my toe on and I
would like it if others can avoid similarly stubbing their toes.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
--
Visit https://lists.isc.org/mai
for higher deployment rates.
>
> Greetings,
> Klaus
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/co
Hello, hope everyone is fine.
So it seems that going to Bind version 9.16 was the right call as it
simplifies DNSSEC a lot.
Nevertheless, I would like to clarify some things because our organization
has a parent domain and I host my own e-mail servers. I know they had
problems while implementing
e top domain?
I'll have to read more about ZSK, KSK and CSK rollovers. All of this is new to
me so far.
Thanks!
David Carvalho
-Original Message-----
From: bind-users On Behalf Of Matthijs
Mekking
Sent: 11 April 2023 11:16
To: bind-users@lists.isc.org
Subject: Re: Fully automated D
Thank you so much!
Regards
David
-Original Message-
From: bind-users On Behalf Of Matthijs
Mekking
Sent: 11 April 2023 13:03
To: bind-users@lists.isc.org
Subject: Re: Fully automated DNSSEC with BIND 9.16
On 4/11/23 13:14, David Carvalho wrote:
> Hello and thank you so much for y
Hi list.
I'm currently running a few DNSSEC zones in BIND using dnssec-policy
option, albeit with an unlimited lifetime on the KSK, so that I can
control KSK roll-overs (which is necessary because my Registrar doesn't
support RFC 7344)...
Anyway I know that BIND supports RF
mandatory? Any help appreciated.
Regards
David
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-use
my advice: do the delegations properly by
copying the NS RRset from the child to the parent, plus any required
address glue records, and this particular problem will not become an
issue.
Best regards,
- Håvard
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this l
On 13/04/2023 5:58 am, Havard Eidnes via bind-users wrote:
I suspect you don't need the NS records in challenge.state.ak.us and
if you remove them then the records in challenge.state.ak.us are
simply part of the state.ak.us zone since they're served off of the
same server.
Unfortun
something that would
work within the inline-signing framework. But perhaps I was being overly
optimistic?
I've decided I'll stick with manual KSK roll-overs for now... :-)
Thanks again.
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this
DOMAIN (i.e. same as suggested by Evan Hunt) rather than returning a
bogus IP address.
FWIW I haven't experienced any issues with youtube, so I wonder whether
one of these differences could be the cause of your CPU usage issue?
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users
Hello and thank you for the reply.
My domain is "di.ubi.pt". The parent domain "ubi.pt" recently configured
DNSSEC (BIND 9.11) so it was time again for me to try to set it up for my
domain.
A few months ago I updated both dns servers to Oracle Linux 8, running BIND
9.16.23
rt?
Kind regards,
David Carvalho
-Original Message-
From: Evan Hunt
Sent: 12 April 2023 18:08
To: David Carvalho
Cc: bind-users@lists.isc.org
Subject: Re: dnssec-validation?
On Wed, Apr 12, 2023 at 05:41:33PM +0100, David Carvalho via bind-users
wrote:
> After reverting my primary dns
Hello.
Both content and timestamps. I've been told previously here that there is a bug
prior to version 9.16.30. I'm using 9.16.23, no update available yet.
No, not removing 😉
Regards
David
-Original Message-----
From: bind-users On Behalf Of Jan-Piet Mens
Sent: 13 April 202
Hello and thanks for the reply.
I enabled this repo in Oracle Linux 8 with: dnf copr enable isc/bind
Then I tried to install (dnf install isc-bind) but I got:
Error:
Problem: package isc-bind-1:2-3.el8.x86_64 requires isc-bind-bind, but none of
the providers can be installed
- package isc
Hello and thank you for the reply.
I can confirm my current dns servers have already EPEL repo enabled and
jemalloc package is available.
I'll setup my test machine accordingly to be able to install BIND 9.18. Will it
also provide named-chroot (is it really necessary?)
Thanks!
me I reconfigure and reload, I would stick with this version.
Regards
David
-Original Message-
From: Evan Hunt
Sent: 13 April 2023 18:08
To: David Carvalho
Cc: bind-users@lists.isc.org
Subject: Re: dnssec-validation?
On Thu, Apr 13, 2023 at 11:38:15AM +0100, David Carvalho wrote:
> P
are (again) my named.conf on the primary and secondary server to
find why dnssec-validation needs to be off on the primary.
Thanks!
David
-Original Message-
From: Mark Andrews
Sent: 14 April 2023 02:35
To: David Carvalho
Cc: Evan Hunt ; bind-users@lists.isc.org
Subject: Re: dnssec-
Hi bind-users,
I have asked this question on GitLab, but hijacking a closed issue to ask
questions is bad practice (often rewarded with silence), so I’m re-posting the
question here.
https://gitlab.isc.org/isc-projects/bind9/-/issues/3769#note_356577
My DNS server serves multiple views that
On 17/04/23 09:08, Andrej Podzimek via bind-users wrote:
The easiest (?) way to make DNSSEC work in all views has been to keep
a dnssec-policy for zones in *one* of the views (to generate and
maintain keys) and then passively refer to the keys from the zones’
counterparts in other views using
in old
terminology) statement that includes the correct key name.
Nick.
On 17/04/23 22:12, Mark Andrews wrote:
You use keys as well when sending notify to select which view processes the
notify
On 17 Apr 2023, at 18:44, Jiaming Zhang wrote:
Dear community,
I was wondering if notif
DNSSEC policy. The reason why certain zones are (re)defined in other
views rather than linked using “in-view” is a need for different zone data, different
“allow-query” settings etc.)
So eventually it may be as simple as replacing “auto-dnssec maintain;” with
“dnssec-policy "standard";
aok after restarting the service.
Thank you all who took the time to clarify me about this.
Kind regards
David Carvalho
-Original Message-
From: Mark Andrews
Sent: 14 April 2023 02:35
To: David Carvalho
Cc: Evan Hunt ; bind-users@lists.isc.org
Subject: Re: dnssec-validation?
&
> Our CentOS/RHEL 8 package are not just random BIND 9 snapshot.
Then please let me suggest that there is possibly an issue with
identification (customer said "9.16.23") and documentation of the
actual changes that are incorprorated in your distribution, compared
to the upstream-mai
Greetings bind-users,
I'm running a little older Debian bind:
bind9 1:9.9.5.dfsg-9
Scenario: I have two authoritative servers locally and three authoritative
servers that are part of the parent domain:
$ dig +short NS sub.example.com | sort
ns-0.sub.example.com.
On Mon, Apr 17, 2023 at 9:04 AM Marco wrote:
> Am 17.04.2023 um 08:59:29 Uhr schrieb Matt Zagrabelny via bind-users:
>
> > I'm running a little older Debian bind:
> >
> > bind9 1:9.9.5.dfsg-9
>
> The upgrade your OS, stretch already has 9.10 and
the server instead of IP?
> Both name server has IPv4 (single or multiple) and IPv6 glued with the
> domain name, and I was wondering if by setting domain name instead of IP,
> bind will intelligently find if it would need to communicate with which IP
> (like it currently do with not
Hello Ondřej,
On Mon, Apr 17, 2023 at 9:26 AM Ondřej Surý wrote:
>
> > On 17. 4. 2023, at 15:59, Matt Zagrabelny via bind-users <
> bind-users@lists.isc.org> wrote:
> >
> > Greetings bind-users,
> >
> > I'm running a little older Debian bind:
&
name server has IPv4 (single or
multiple) and IPv6 glued with the domain name, and I was wondering if
by setting domain name instead of IP, bind will intelligently find if
it would need to communicate with which IP (like it currently do with
|notify yes|). I asked because if by any chanc
On 18/04/2023 2:43 am, Greg Choules via bind-users wrote:
Why do you need it? Do you have some secondaries that are not listed
as NS in zones?
The goal was to have the primary use a particular TSIG key when it sends
out the NOTIFY messages to the secondaries, which is achieved by turning
off
On 18/04/2023 2:16 am, Matt Zagrabelny via bind-users wrote:
On Mon, Apr 17, 2023 at 9:04 AM Marco wrote:
Am 17.04.2023 um 08:59:29 Uhr schrieb Matt Zagrabelny via bind-users:
> I'm running a little older Debian bind:
>
> bind9 1:9.9.5.dfsg-9
> You do not have to sift through lists.
That depends entirely what one wants to do. I see a couple of
scenarios where that may be required:
1) Let's say someone has flagged to you as a BIND administrator that
your BIND installatin is susceptible to CVE-2022-3924. This
could be
merce trade register with number 85744115.*
> --
> *Van:* Greg Choules
> *Verzonden:* Monday, April 17, 2023 4:43:58 PM
> *Aan:* Jiaming Zhang
> *CC:* bind-users@lists.isc.org
> *Onderwerp:* Re: Best practice MultiView
>
> Hi Jiaming.
> The a
85744115.*
> ------
> *Van:* Greg Choules
> *Verzonden:* Tuesday, April 18, 2023 2:10:49 PM
> *Aan:* Jiaming Zhang
> *CC:* bind-users@lists.isc.org
> *Onderwerp:* Re: Best practice MultiView
>
> Hi Jiaming.
> I had a similar requirement. Si
y internal dns servers, I guess not using DNSSEC?
Can this only be accomplished by adding these entries to my parent domain?
Thanks!
Kind regards
David Carvalho
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this s
Hi and thanks for the reply.
Does it make sense to not validate my parent domain entirely? Wouldn’t that
also stop exterior validation when I request it?
Thanks!
David
From: Darren Ankney
Sent: 19 April 2023 10:27
To: David Carvalho
Cc: Bind Users Mailing List
Subject: Re: DNSSEC
Anyway, It is working using your suggestion. Apparently everything is also fine
from the outside.
But I’ll have to check Petr Špaček post and study more.
Thanks!
David
From: Darren Ankney
Sent: 19 April 2023 10:27
To: David Carvalho
Cc: Bind Users Mailing List
Subject: Re: DNSSEC
nssec, and even if
they were, the key would be different than that on the outside servers, which
is the same domain.
Not optimistic
Regards
David
-Original Message-
From: bind-users On Behalf Of Petr Špacek
Sent: 19 April 2023 10:35
To: bind-users@lists.isc.org
Subject: Re: DNSSE
es for
> some distros maintained by ISC
> (https://kb.isc.org/docs/isc-packages-for-bind-9).
I stand corrected, thanks for reminding me. I come from the
non-Linux open source side, so needs this reminder from time to
time.
BTW, if someone from ISC is listening in, the above KB URL
currently
Hi Håvard
Odd, it works for me. Try a literal copy/paste of the link below. Or go to
https://kb.isc.org and search for packages:
https://kb.isc.org/docs/isc-packages-for-bind-9
Cheers, Greg
On Wed, 19 Apr 2023 at 12:03, Havard Eidnes via bind-users <
bind-users@lists.isc.org>
or the information inside it, without a written
> consent from the sender. Yixi Meta is registered with the Dutch Chamber of
> Commerce trade register with number 85744115.*
> ------
> *Van:* Greg Choules
> *Verzonden:* Tuesday, April 18, 2023 2:51:05 PM
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
https://www.five-ten-sg.com/mapper/bind contains links to the source
rpm, and build instructions. This .src.rpm contains a .tar.gz file with
the ARM documentation, so the rpm rebuild process does not need sphinx-
build and associated dependencies
that much about the parent setup.
Anyway, thanks and regards!
David
From: bind-users On Behalf Of Petr Menšík
Sent: 21 April 2023 10:59
To: bind-users@lists.isc.org
Subject: Re: DNSSEC and forward zone
Would it make sense to create a subdomain for internal use, but have the main
zone
301 - 400 of 2152 matches
Mail list logo
