Am 2024-06-04 09:50, schrieb Matus UHLAR - fantomas:
On 03.06.24 18:46, Thomas Barth via bind-users wrote:
Should I perhaps ask the mail user to unsubscribe from this website
due to troubles of bad configuration?
yeah I guess you should, their DNS servers are pretty much messed up:
A
Hi Thomas.
Firstly, I doubt you actually need to kill and restart `named`. Flushing
the cache would probably work, either all of it or just selected names.
Secondly, take a packet capture of this happening and analyse what BIND is
really doing, in Wireshark.
- If it shows up that certain NS are
Hello!
Am 2024-06-04 15:28, schrieb Greg Choules:
Hi Thomas.
Firstly, I doubt you actually need to kill and restart `named`.
Flushing the cache would probably work, either all of it or just
selected names.
Secondly, take a packet capture of this happening and analyse what
BIND is really doing
en looking at Debian BIND9 packages:
bind9 1:9.18.24-1
bind9-doc 1:9.18.24-1
and also ISC BIND 9.18.24 source and 9.18.27 source and documentation.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid
isc.org/isc-projects/bind9/-/blob/main/doc/misc/dnssec-policy.default.conf
>
> On Thu, Jun 6, 2024 at 8:19 AM Michael Paoli via bind-users
> wrote:
>>
>> dnssec-policy default - where/how to determine what all its settings are?
>> Documentation
>> doc/bind9-do
Hi list.
I received the email below, which on the face of it looks pretty bogus
(especially since this supposed 'list' email is personalised with my
name). But the message headers show that this email was relayed to my MX
server from the same MTA that relays legitimate emails from
ei...@newsletter.mallorcazeitung.es piano.io
Spamassassin Doc
"Use this (whitelist_from_rcvd) to supplement the whitelist_from
addresses with a check against the Received headers. The first parameter
is the address to whitelist, and the second is a string to match the
relay's rDNS. &q
the mailing list archive:
https://www.mail-archive.com/bind-users@lists.isc.org/msg34359.html
Ged, I'll forward the email headers to you privately, but I trust you'll
find that they support the explanation offered below.
Thanks again everyone who took the time to respond. :-)
Nick.
ation to reflect that:
> https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9092/diffs
>
> Petr Špaček
> Internet Systems Consortium
>
> On 06. 06. 24 21:01, Michael Paoli via bind-users wrote:
> > Ah, thanks!
> >
> > Yeah, that's what I
Hi Sami.
If you can, I would set up a new BIND (test) server running the current
code - 9.18.27 - next to your current production system and compare how
they behave: current code uses NS queries for qmin rather than _... A
queries. There may still be failures, but this would allow you to pinpoint
Hi Brian.
Yes, you can define your own hint zone and tell BIND to use it. The
contents (I called the file "db.root" but the name is your choice) could be
as simple as:
@ 300 IN A 127.0.0.3
@ 300 IN NS @
which says for this zone (which will be called ".", coming next) the NS
t; Thank you – I think you’ve given me exactly what was needed.
>
>
>
> Brian
>
>
>
> *From:* Greg Choules
> *Sent:* Wednesday, June 26, 2024 12:29 PM
> *To:* Cuttler, Brian R (HEALTH)
> *Cc:* bind-users
> *Subject:* Re: rolling my own hints file
>
>
Hi Renzo.
Firstly, please can we see your BIND configuration and have the actual AD
domain name.
Secondly, BIND, or any other recursive DNS server, does not 'forward' to
the root servers, unless you have configured it explicitly to do so, which
would be a bad idea and not work anywa
Hi Renzo.
Ah OK, I had it the wrong way round. AD DNS needs to resolve names in the
Internet on behalf of its clients, so it forwards to BIND.
In that case, two questions:
1) What version of BIND are you running? You can get this with "named -V"
2) What is in the file "named.ca&qu
Hi Renzo.
Thank you for that. The hints look OK. A bit old, but they will work.
The first thing I would advise you to do as a matter of priority is to
upgrade BIND.
9.11 has been end-of-life for a few years and there have been many security
fixes since then. 9.18.27 is the current version.
You
Hi Renzo.
You're welcome.
1) Correct. You don't need forwarding for a simple resolver. Take a look at
the meaning of the RD flag in the BIND protocol header. This should help
you understand the difference between recursive and non-recursive queries.
2) No. See 1)
3) Yes. For a standar
Hi again Renzo.
In general, BIND (and other resolvers) make non-recursives (aka iterative)
queries to authoritative servers, such as the roots and others.
- Clients (laptops etc.) make recursive queries to the DCs. If the DCs know
the answer they respond immediately; no forwarding needed.
- If
Correct.
On Fri, 28 Jun 2024, 12:54 Renzo Marengo, wrote:
> Ok very veri interesting,and about this doubt?
>
> etc/resolv.conf in bind server is used only from client services ? E.g.
> ping tool
> I think bind9 dns service doesn't contact any /etc/resolv.conf, right?
>
y detrimental?
> If it is, its “dot” rather than “at”?
>
> @ 518400 IN A xx.yy.zz..7
>
> @ 518400 IN A xx.yy.zz..8
>
> . 518400IN NS @
>
>
>
> Thank you.
>
> Brian
>
>
>
> *From:* bind-users * On Behalf Of *Cuttler,
> Brian R (HEALTH)
Hello,
we have been running some BIND nameservers on Debian-based systems for many
years.
Until (including) Debian 10 with BIND 9.11.5, netstat always showed only one
line
per listening socket, e.g.
tcp0 0 10.x.x.x:53 0.0.0.0:* LISTEN
1234/named
ded from Debian < 11
and others installed from scratch with Debian 11 or 12.
I also set up a test VM and started BIND with the default configuration shipped
with Debian.
Same behaviour: All lines are shown twice.
It looks like on machines with only two interfaces (lo / eth0) the lines are
sh
:50 iparep5.example.com named[541]: zone
29.16.172.in-addr.arpa/IN: zone_journal_compact: could not get zone
size: not found
I have been running FreeIPA (including the bind nameserver) for several
years now and I have never seen this message before.
I still have one FreeIPA system running
Hi Kees.
A few questions:
- What version of BIND are you running?
- How large (number of RRs) are your zones?
- What is the peak rate of dynamic updates?
- Do you have "max-journal-size" configured to anything?
- Are you perhaps getting short on disc storage in the place where BIND
keeps
On 08-07-2024 13:42, Greg Choules wrote:
Hi Kees.
Hi Greg, thanks for the quick reply.
A few questions:
- What version of BIND are you running?
9.16.23 (in centos that is 32:9.16.23-15.el9)
- How large (number of RRs) are your zones?
My main zone (renamed to example.com) is about 800 RRs
t64_t *)) 0x0 The question now is: why
is that getsize method NULL? Or, should it never have gotten here?
-- Kees
On 08-07-2024 13:42, Greg Choules wrote:
EXTERNAL E-MAIL
Hi Kees.
A few questions:
- What version of BIND are you running?
- How large (number of RRs) are your zones?
- What
ethod).
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do
not feel obligated to reply outside your normal working hours.
On 8. 7. 2024, at 16:48, Kees Bakker via bind-users
wrote:
Running gdb showed that the "not found" comes from thi
On 08.07.24 15:59, Lee wrote:
How many cpus does your machine have?
I'm running bind at home; not a whole lot of traffic to named so it
seemed like all those threads were a waste. So pretend there's only
one cpu:
$ grep bind /etc/default/named
# OPTIONS="-u bind "
O
e set to 3 with four CPUs.
Also, the parameter "-U" usually does not show up in the ps output if not
specified.
So in your case it looks more like named is specifically started with "-U4"?
- Thomas
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
Hi,
I have dns problem, mostly show by dig A smtp.ore.org.bo @8.8.8.8
Then I have dump the connection by dumpcap, the raw reply by bind is wrong.
As attached file:
- dump of ethernet interface
I have into /etc/bind/named.conf.rproxy:
zone "ore.org.bo" {
type forward;
urity and business department
On 7/12/24 14:28, Marco Moock wrote:
Am 12.07.2024 um 14:13:03 Uhr schrieb Herman Brule via bind-users:
bind to my proxy from IPv4 to IPv6 zone
Why don't you simply run multiple authoritative servers, some only
accessible by IPv6, some dual-stack?
They are indep
pany, not accessible for the customer.
In which way is this router involved in DNS resolution?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc
box.com/SuperTool.aspx?action=a%3aore.org.bo&run=toolpage#>
Reported by *mxtoolbox.com* on 7/12/2024 at *2:40:49 PM*, just for you
<https://mxtoolbox.com/whatismyip/?justforyou=1>.
bind run on 45.225.75.8 with is the edge
The hostname is speedykvm
All query related to ore.org.bo have to be
t; {
type master;
file "/etc/bind/ore.org.bo.db";
};
But failed too.
alpha_one_x86/BRULE Herman
Main developer of Supercopier/Ultracopier/CatchChallenger, Esourcing and server
management
IT, OS, technologies, research & development, security and business department
On 7/12/2
I open this to test (45.225.75.8 is particial anycast IP, for DNS/UDP
have bind9):
dig A ore.org.bo @199.38.247.210
With on 199.38.247.210 (work):
zone ore.org.bo {
type master;
file "/etc/bind/ore.org.bo.db";
};
; <<>> DiG 9.18.19-1~deb12u1-De
j Surý — ISC (He/Him)
>
> My working hours and your working hours may be different. Please do not feel
> obligated to reply outside your normal working hours.
>
>> On 1. 6. 2024, at 23:19, Philip Prindeville via bind-users
>> wrote:
>>
>> Hi,
>>
&
VPS customer (here I'm the
customer) <-> EDGE 199.38.247.210 IPv4+IPv6 <-> upstream provider of my
autonomous system Each time I try enable log, named not start, see
attached file Debian 12 into /etc/bind/named.conf.local I replace
(/var/log/bind.log exist with bind user): loggi
which apparently caused some issues. Is there any new alternative in
> later versions?
>
> Thanks,
> Gabe
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
>
The DS for the new key is only rumored. I believe you want a `rndc
dnssec -checkds -key 48266 published` and maybe another to withdraw
the 50277 key.
Peter
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with
Hello All,
I’m currently working with BIND 9.19.24 and have successfully implemented EDNS
EDE (Extended DNS Error) with the following configuration:
response-policy {
zone "rpz.example.com" ede blocked; }
add-soa false
This correctly returns the OPT c
Hi.
Please, please, please upgrade your OS and BIND.
CentOS 6 went EoS 3 years ago, from what I can tell.
BIND 9.8 is 12 years old and there have been far too many changes and
security fixes in that time to list in a mail. If you want to see for
yourself, explore https://downloads.isc.org/isc
Hi John.
The reason is step 4c here:
https://datatracker.ietf.org/doc/html/rfc1034#section-5.3.3
The A record in the response is for a name that BIND wasn't asked for
(otherwise why a CNAME at all?), so in the interests of not just believing
random answers that might potentially poison the
f our intent to remove support for Response-Policy Server support.
Back in 2018, Farsight Security[1] contributed a patch to BIND that was
an optional replacement to our native RPZ implementation. At that time,
our RPZ implementation wasn’t scaling very well, and we accepted
the patch. This patch, ho
olicy. The feature required librpz.so that was a
binary blob provided to Farsight customers. It was wrong to accept this code
into BIND 9 in the first place. BIND 9 already had working RPZ implementation
and the effort would be better spent on improving RPZ for everyone.
Ondrej
--
Ondřej Surý
configured, or even be set
to "unlimited" ?
Thanks in advance
Carlos Horowicz
Planisys
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://w
.
Expect to be banned and canceled by the childish little minds that
feel they are entitled to control the narrative.
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the
configured, or even be set to "unlimited" ?
Thanks in advance
Carlos Horowicz
Planisys
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.o
w has its own cache, hence the need
for a lot of RAM.
I would try it out on a lab server first.
Hope that helps.
Cheers, Greg
On Fri, 23 Aug 2024 at 20:43, Carlos Horowicz via bind-users <
bind-users@lists.isc.org> wrote:
> Hello List,
>
> an ISP has brought a case where several cu
rver first.
Hope that helps.
Cheers, Greg
On Fri, 23 Aug 2024 at 20:43, Carlos Horowicz via bind-users
wrote:
Hello List,
an ISP has brought a case where several customers do not agree
with our web interface portal that lets select different RPZ zones
to be activated fo
ich can be used to narrow
down the cause of his observation.
Instead we get anger where the user uses swearwords and implies
that ISC staff are stupid ("with stupidity like this"), which I
can assure you of is not true.
I run several BIND installations in my work, both a resolver
clust
On 8/24/24 07:37, Carlos Horowicz via bind-users wrote:
2. if RPZ records are held in memory, why would an RPZ zone need to be
stored n times if there are n orthogonal views ? That is, why the more
views the more memory needed. Maybe you meant the qpcache, to store
different answers, though I
view selection, I don't know exactly how the code works or how
efficient it is. But certainly I have seen some configs with a lot of views
and they seem to function OK.
What sort of QPS are each of your servers handling?
Cheers, Greg
On Sun, 25 Aug 2024 at 05:27, Grant Taylor via bin
Hi,
I'm mostly running BIND 9.18.x, and have configured statistics
publishing via
statistics-channels {
inet 127.0.0.1 port 8053 allow { 127.0.0.1; };
inet "actual-address" port 8053 allow { prefix1/24; prefix2/24; };
};
I've started testing 9.20.x.
I s
Firefox.
I can't reproduce your issue, sorry.
Cheers, Greg
On Sun, 25 Aug 2024 at 21:06, Havard Eidnes via bind-users <
bind-users@lists.isc.org> wrote:
> Hi,
>
> I'm mostly running BIND 9.18.x, and have configured statistics
> publishing via
>
> statistics-channe
gt; fine to me in all of them.
> Browers tried were Chrome, Safari and Firefox.
>
> I can't reproduce your issue, sorry.
OK, thanks for checking anyway, will do more testing.
Regards,
- Håvard
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this l
o with the environment in which you have BIND
installed, or the particular build parameters.
Cheers, Greg
On Mon, 26 Aug 2024 at 07:49, Havard Eidnes wrote:
> >> Hi Håvard.
> >> Have you tried a different browser?
> >
> > Not yet. Will do tomorrow.
>
> Latest Chrom
definition at the start of the XML output. I am however
way too unfamiliar with the various XML-related tools to tell
which piece is either missing or mal-functioning.
This particular name server instance is running in a chroot, so
naturally no external xsl processor is available (but surely BIND
>> Hi Håvard.
>> Have you tried a different browser?
>
> Not yet. Will do tomorrow.
Latest Chrome on MacOS: just the same; it displays the raw XML
which isn't exactly user-friendly.
Regards,
- Håvard
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsu
\n\n \
\n \nCurrent time:<\
/th>\n\n \n\n \n \nServer version:\n\n \
\n\n \n\n\nhttps://l
BTW,
I got an off-line question how the chrooting is done in my case,
i.e. whether the "chroot" program is used, or the "-t" option to
BIND is used.
In my case it's the latter:
-t directory
This option tells named to chroot to directory after pro
lexible as possible for
individual corporate customers. Nowadays loading zones with millions of
rpz domains with ixfr takes a long time on platinum-xeon on a single
view where bind 9.18* is not very responsive. Yes this deserves a single
lab test for e.g. 2 or 3 views and see if loading time varie
ecause I wasn't paying
attention to what options were turned on by default for the
package I was putting together. "Surely stats is on by default!"
Not so. (Well, I didn't even think it was optional.) Lesson
learned.
Regards,
- Håvard
--
Visit https://lists.isc.org/mailman/l
> On Mon, Aug 26, 2024 at 06:05:19PM +0200, Havard Eidnes via bind-users wrote:
>> Thanks. I found it, and it's more than a little embarassing.
>>
>> This is what you get when not building with --with-libxml2: an
>> "un-rendered" xsl file as a result, i
had basic logging, I could provide more information,
possibly even resolved the issue and reported the fix. Can we get
logging to work?
--dan
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support sub
nt. Please do not feel
> obligated to reply outside your normal working hours.
>
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Con
Ok, thanks. I see the logging now and I got this:
27-Aug-2024 19:53:19.449 general: error: could not configure root hints
from '/usr/share/dns/root.hints': file not found
Then I checked the container:
bind9-1:/var/log/bind# docker exec -it bind9 /bin/sh
/ # ls -lha /usr/share/dns
> Having said that, I wonder if people have some preference or even policy
> which mandates specific base image?
Yes. We're using a certified ubi8-minimal image for the finalized
docker by mandate and a bit of preference. Base image is 90M deployed
with BIND 9.18.29 is 258M (uncompr
By any chance have you measured the performance difference between GNU
libc and MUSL?
Best Regards,
Taavi
smime.p7s
Description: S/MIME Cryptographic Signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this
Hello!
On our production name servers we have check every 30s if bind is alive by
sending a SOA query to bind. Today I upgraded a few nodes from 9.18.x (x
between 17 and 27) to 9.20.1 (Ubuntu 24.04 with packages from ISC ppa).
Since that, we have sporadic timeouts (3s). On the nodes with more
Sorry, I forgot to mention that this is an authoritative nameserver. (For
several ccTLDs. Each customers has its own Bind process. Currently I only
noticed timeouts on Binds hosting bigger ccTLDs).
I will look how to integrate eu-stack into our monitoring check.
Thanks
Klaus
--
Klaus
Hi,
is it possible to set
query-source-v6 address { none; };
I would like to make DNS requests via ipv4 and ipv6 to isc bind (incoming) from
my Internal network.
However, outgoing requests should only be made via ipv4.
This is e.g. necessary in a scenario where a 6in4 tunnel is used for an
> On our production name servers we have check every 30s if bind
> is alive by sending a SOA query to bind. Today I upgraded a few
> nodes from 9.18.x (x between 17 and 27) to 9.20.1 (Ubuntu 24.04
> with packages from ISC ppa).
>
> Since that, we have sporadic timeouts (3s).
-Haringer-Straße 8/V
5020 Salzburg, Austria
From: Ondřej Surý
Sent: Wednesday, September 4, 2024 7:23 PM
To: Klaus Darilion
Cc: bind-users@lists.isc.org
Subject: Re: Sporadic Timeouts after upgrading to bind9.20
Klaus,
is that recursive or authoritative? Anything unusual like RPZ or catz?
Try
]: zone xx/IN: Transfer started.
[ here inbetween were timeouts ]
Sep 06 07:25:56 named[1605200]: 0x7b8a8fdff000: transfer of xx/IN' from
83.136.xx.xx#53: Transfer completed: 166 messages, 28386 records, 3319665
bytes, 301.177 secs (11022 bytes/sec) (serial 2024090614)
Is bind applying
/lib/x86_64-linux-gnu/libuv.so.1.0.0
#4 0x7b8ceb49ca94 - 1 - /usr/lib/x86_64-linux-gnu/libc.so.6
#5 0x7b8ceb529c3c - 1 - /usr/lib/x86_64-linux-gnu/libc.so.6
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this
From: Ondřej Surý
Sent: Friday, September 6, 2024 4:10 PM
To: Klaus Darilion
Cc: Klaus Darilion via bind-users
Subject: Re: Sporadic Timeouts after upgrading to bind9.20
Hmm, what is the churn in the zones? How often there’s IXFR and how large those
changes are?
Every 30 minutes. See logs
From: Ondřej Surý
Sent: Friday, September 6, 2024 4:08 PM
To: Klaus Darilion
Cc: Petr Špaček ; bind-users@lists.isc.org; Klaus Darilion via
bind-users
Subject: Re: Sporadic Timeouts after upgrading to bind9.20
Are your running with options { reuseport no; }; ?
You might want to try that
Correcting myself: event with { reuseport no; }; and UV_THREADPOOL_SIZE=12
still timeouts happen, but the situation improved a lot.
Regards
Klaus
From: bind-users On Behalf Of Klaus Darilion
via bind-users
Sent: Saturday, September 7, 2024 12:21 AM
To: Ondřej Surý
Cc: Klaus Darilion via bind
As we still have several timeouts I downgraded our server to 9.18. If you know
another workaround or need someone to test new version please let me know.
Thanks
Klaus
From: Klaus Darilion
Sent: Saturday, September 7, 2024 12:36 AM
To: Klaus Darilion ; Ondřej Surý
Cc: Klaus Darilion via bind
Hi Steven.
As you said, `listen-on {...;};` tells BIND which addresses to register for
incoming traffic. This can be a list, not just one address. Any query
received on (say) 10.0.0.1 will be responded to from the same address.
It is possible to choose which address to use for outgoing queries
, Rok
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
install BIND 9.11.0rc1 with:
./configure --with-atf
It failed with:
checking for sched_yield... yes
checking for pthread_yield... no
checking for pthread_yield_np... yes
checking for sysconf... yes
checking for libtool... no
checking for OpenSSL library... using OpenSSL from /usr/local/lib and
/usr
visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Fri, Sep 02, 2016 at 06:59:35PM +, Jim Popovitch via bind-users wrote:
> Hello,
>
> Should minimal-all (v9.11.0-rc1) work on a master? My testing shows that it
> only works on the slave DNS servers.
>
And by minimal-all I mean minimal-any (i keep typo'ing that fo
On Mon, Sep 05, 2016 at 09:51:25AM +0100, Tony Finch wrote:
> Jim Popovitch via bind-users wrote:
> >
> > Should minimal-all (v9.11.0-rc1) work on a master? My testing shows
> > that it only works on the slave DNS servers.
>
> Works for me :-) minimal-any is implement
On Mon, Sep 05, 2016 at 05:12:47PM +0100, Tony Finch wrote:
> Jim Popovitch via bind-users wrote:
> >
> > Thanks. Now I'm seeing something slighly different. I have 3 NS
> > servers, ns{1-3}.domainmail.org.
> >
> > When I first asked 3 days ago I was seein
On 2020-02-19 16:01, Andreas Hasenack wrote:
Hi,
I didn't find a bind-devel mailing list, so I'm sending this here.
After a plain ./configure && make install, I see in the installed
task.h header file that it includes netmgr.h, but netmgr.h is not
installed. It's not l
Hi there,
On Sun, 23 Feb 2020, Scott A. Wozny wrote:
Greetings BIND gurus,
Sorry, I can't make any claim to be a BIND guru.
... webserver clusters hosted on the west and east coasts of the US
and would like to use Bind 9.11.4
Hmmm. You might want to look e.g. at all the fixes
It looks to me as if you are trying to generate a TSIG key for DNS updates. Try
using "tsig-keygen" instead.
Stuart
> -Original Message-
> From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of
> @lbutlr
> Sent: Monday, 2 March 2020 1:13 PM
>
improve my recursive resolver speed.
I wonder if you have some kind of networking misconfiguration which
results in timeouts while BIND is waiting for responses. Perhaps you
will learn more about what is happening if you look at the network
traffic using a tool such as Wireshark.
and If we
apparent where the majority of the
delay is. I half way expect that the delay is between the outbound
queries (sent by BIND) and the inbound replies.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
___
Ple
Hi there,
On Thu, 12 Mar 2020, G.W. Haywood wrote:
On Thu, 12 Mar 2020, ShubhamGoyal wrote:
How can i improve my recursive resolver speed.
I wonder if you have some kind of networking misconfiguration which
results in timeouts while BIND is waiting for responses. Perhaps you
will learn
On 3/20/20 1:14 AM, David Klatt wrote:
Hi,
Hi,
Now I'd like bind to just return a random subset of e.g. 5 IP
addresses if someone requests this A record.
Hum. That sounds quite contrary to the typical BIND behavior.
Reason for this are in my case some (thousands) older clients (t
Hello,
I have seen essentially this same question/problem posed by others in
other forums but never seen any proper answers to it.
I have now tried this myself with BIND 9.16.1 and faced the exact same
issue that I had previously read about.
How does one migrate an already signed zone from
blem)
/Håkan
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
> This was an accident - we did *not* do this on purpose - but infact,
> this is a good time for anyone who still has dlv.isc.org configured
> to REMOVE it from your BIND configuration.
This advice may be misunderstood. Use of dlv.isc.org is usually
implied, not explicitly stated in n
little awkward?
On that note, combining "dnssec-policy x" with "inline-signing no" does
not seem to be handled gracefully.
This makes me suspect that it's not an intended scenario, is that correct?
/Håkan
On 2020-03-25 16:57, Håkan Lindqvist via bind-users wrote:
On 2
failure)
/Håkan
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ssues/1709
/Håkan
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Hello - I am running the Bind server
> named -v
BIND 9.11.2
under OpenSuSE Leap 15.0. In order to support other servers running on
the same system that my Bind server is running on I am trying to set up
3 views, one for the localhost, one for my internal network to use, and
one for
experience of it. The last changelog entry is dated
Sep 22 2010, which you might consider a good thing, or you might not.
--
73,
Ged.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
601 - 700 of 2152 matches
Mail list logo
