named listen-to an ip address that is not yet available?
Thanks. Paul
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo
Thanks for the quick reply. rndc reconfig has the same problem as a
restart. I need to automatically listen to the new ip address without
manual intervention. On Wed, 2013-06-05 at 09:14 +0100, Phil Mayers
wrote:
> On 06/05/2013 07:37 PM, paul wrote:
> > Hi. I have a two node activ
Thanks again. I am using linux fedora17. I have tested changing
interface-interval to i min and that seems to work. I am also looking on
the cluster mailing list to see if I can include named in my cluster
configuration. Paul
On Wed, 2013-06-05 at 10:02 +0100, Phil Mayers wrote:
> Peter Andr
On Thu, 9 Mar 2023, 20:27 Klaus Darilion via bind-users, <
bind-users@lists.isc.org> wrote:
> > -Ursprüngliche Nachricht-
> > Von: bind-users Im Auftrag von Mark
> > Andrews
> > Gesendet: Donnerstag, 9. März 2023 21:04
> >
> > Named just uses the notify to trigger an early refresh process
On Thu, 9 Mar 2023, 23:53 Grant Taylor via bind-users, <
bind-users@lists.isc.org> wrote:
> On 3/9/23 2:25 PM, Paul Stead wrote:
> > Chiming in to say +1 to Kalus' logic and sight of benefit here.
>
> Please forgive my ignorance in asking:
>
> Why doesn't
op
of the list.
Anand has done a better job at describing this function in other software
than my attempts
Paul
On Sat, 11 Mar 2023, 17:16 Grant Taylor via bind-users, <
bind-users@lists.isc.org> wrote:
> Hi Paul,
>
> Thank you for explaining.
>
> On 3/10/23 12:21 AM, Pau
"it works everywhere else, you must be
broken"
Paul
On Sat, Oct 28, 2023, 3:56 PM Rick Frey wrote:
> As Mark mentions, the NS records gtm.bankeasy.com need to be corrected
> and failure is not due to lack of iterating through all auth nameservers
> (all of the auth nameservers
be different. Please do not
> feel obligated to reply outside your normal working hours.
>
> On 28. 10. 2023, at 17:50, Paul Stead wrote:
>
>
> As a previous ISP admin I too have come across similar situations and
> frustrations.
>
> I can only say that Google and Cl
ould recommend that dnssec-keygen starts ignoring the "-e" parameter
that everyone has put in their scripts to prevent exponent 3 keys, who
are not getting keys with exponent 4294967296 + 1 (F5)
Alternatively, if this is done on purpose, I guess we should all
migrate the 64 bit machine
with
dig it doesn't work. I'm not sure what the difference is between the two
commands. Also using host I cant get an MX listing. I'm hoping someone has
an idea.
Thanks, Paul
[root@ns1 ~]# host -v -t ns kingstonmass.org
Trying "kingstonmass.org"
;; ->>HEADER
me
queries are sourced from the 6to4 ipv6 instead of the ipv4 ip that would be
great.
Looks like when it goes out as a ipv6 6to4 ip I'm not getting a returned
answers which makes sense because I have no relay routers for ipv6 packets
coming in.
paul
-Original Me
ION:
mns01.domaincontrol.com. 67665 IN A 216.69.185.34
mns01.domaincontrol.com. 67665 IN 2607:f208:206::22
thanks Paul
-Original Message-
From: bind-users-bounces+pamaral=meganet@lists.isc.org
[mailto:bind-users-bounces+pamaral=meganet@lists.isc.org] On
e or domain has been signed? a dig +dnssec is
the best or the only way to know that?
Assuming your system uses a DNSSEC configured resolver with the root
key , and with "signed" you really mean "secure" (that is with a DS or
DLV trust path), you can use:
[paul@thinkpad ~]$ di
network, and I have my ISP dns in my forwarders.
My resolv.conf has 127.0.0.1, my internal ip, and the ip for my isp DNS
Any help will be greatly appreciated.
Thanks
Paul
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
;<>> DiG 9.7.3 <<>> mx gmail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32902
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 5
;; WARNING: recursion requested but not available
On May 2, 2012, at 1
use a longer timeout perhaps.
On May 2, 2012, at 1:42 PM, Lyle Giese wrote:
> On 05/02/12 12:12, Paul Marais wrote:
>> Hi,
>> I'm having an issue where my postfix server is having trouble with some
>> lookups.
>> When I type 'host', 80% of the time I get decen
s to the real issue you have.
>
> Lyle Giese
> LCR Computer Services, Inc.
>
> On 05/02/12 16:36, Paul Marais wrote:
>>
>> Thanks Lyle,
>> You're right - I started using the host command because it was giving me the
>> error I found in the postfix logs..
ecursion setting in named is immaterial when doing dig +trace.
> Once dig gets the addresses of the root server, it stops asking your local
> copy of named and starts asking the root servers for itself and does not rely
> any further on named.
>
> Lyle
>
> On 05/02/12
I've gotten really annoyed at dig not taking the +do option.
Please consider applying this patch, many simple souls like me will
appreciate it a lot :)
Pauldiff -Naur bind-9.8.2-ori/bin/dig/dig.c bind-9.8.2/bin/dig/dig.c
--- bind-9.8.2-ori/bin/dig/dig.c2012-05-08 22:34:19.059392999 -040
On Thu, 21 Jun 2012, Shawn Bakhtiar wrote:
Did you turn OFF SELinux?
That is not neccessary.
I ran the tests with selinux enabled:
E:zonechecks:Thu Jun 21 17:23:31 EDT 2012
I:System test result summary:
I: 2 FAIL
I:45 PASS
I: 2 SKIPPED
Looking at the failed test and
source rpm that will build on EL4, EL5, EL6.
Why not just grab the Fedora srpm and recompile on rhel6?
Paul
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
, and it should
drop these, but instead retains them. I am not sure what happens when
they would fall below the re-sign treshold.
I believe the correct behaviour should be for dnssec-signzone to drop
the RRSIGs of the A records when the delegation
right?
Paul
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
(I don't think this made it to the list before, mixup of email addresses)
Please consider including this patch,
Paul
-- Forwarded message --
Date: Mon, 2 Jul 2012 17:45:08
From: Paul Wouters
Cc: Paul Vixie
To: bind-users@lists.isc.org
Subject: PATCH: dig warn user
from any to any 53 in
pipe 2 config mask src-ip 0x buckets 1024 bw 100Kbit/s queue 3
But that will totally ruin djb's claim that dnssec is the cause of the
internet melt down!
Paul
___
Please visit https://lists.isc.org/mailman/listinfo
ng I could configure BIND to only return A records from
google.com and not any records.
Is this possible?
Thanks
Paul
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lis
;
That option looks like it may do the trick!
I'll try re-compiling Bind on a test box, and try this out.
Thanks
Paul
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing li
v4 only parts of the
network do not try and access IPv6 internet hosts - as they are blocked at
the firewall.
Paul
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
rks, could you reveal the full
commandline argument used, the bind version, and whether any pkcs#11
provider was compiled in?
Thanks,
Paul
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-user
all cases.
Were you signing your zone from scratch, or re-signing a zone that
was already signed? If there was a pre-existing ZSK signature,
the signing process might have left it in place.
Bingo. That was the problem.
Thanks,
Paul
___
Please visit h
What is a good compromise on zone expiration TTLs? Our DNS is authoritative
for AD DNS and we want to make sure we force records to refresh but do not want
to expose ourselves to the risk of zone failures.
Thanks
Paul___
Please visit https://lists.is
failed. I am looking for some added security to avoid
a failure but still want to make sure changes are propagated efficiently. Is
there another factor that I should be using to define this value? Our refresh
is set for 40 minutes.
Paul
From: Wes
scavenging is in place.
Your explanation suggests that the refresh time is strictly survivability and
will not force an update if the serial numbers do not increment enough to
implement the refresh.
Am I stating this correctly? Any suggestions?
Thanks
Paul
From
TIA, Paul
named-compilezone -o - sturdymemorial.org db.sturdymemorial
zone sturdymemorial.org/IN: loaded serial 2013021307
sturdymemorial.org. 86400 IN SOA
reuben.meganet.net. postmaster.naisp.net. 2013021307 10800 3600 604800 600
OK
rndc reload sturdymemorial.org
n't update.
paul
From: bind-users-bounces+pamaral=meganet@lists.isc.org
[mailto:bind-users-bounces+pamaral=meganet@lists.isc.org] On Behalf Of
Chris Buxton
Sent: Wednesday, February 13, 2013 12:58 PM
To: Paul A
Cc: bind-us...@isc.org
Subject: Re: SOA issue
On Feb 13, 2
You could try the BIND module in webmin - I've not used it in a long long time
so has probably changed quite a bit. Some docs here:
http://www.webmin.com/deb.html
http://doxfer.webmin.com/Webmin/BINDDNSServer
Paul
--
Paul Roberts
Calleva Networks Ltd.
http://www.calevanetworks.com
trying is wrong, bad and broken.
My laptop with unbound+dnssec-trigger would detect an attack and warn
me.
Paul
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
what I'm missing.
I'm running an older kernel but I have never had issues on this machine
until now. Not sure if what header file im missing.
CentOS release 4.9 (Final)
2.6.9-103.ELsmp
Any help is appreciated.
paul
os.c:166: error: syntax error before "caps
Sent: Tuesday, November 26, 2013 11:34 AM
To: bind-users@lists.isc.org
Subject: Re: caps compiling error
On Tue, Nov 26, 2013 at 10:17:11AM -0500, Paul A wrote:
> I was trying to upgrade BIND and suddenly ran into this error with
> both version of bind I was upgrading to.
>
> I tried
Cathy, thank you that worked on 9.9.4.
Thanks for your help, paul.
-Original Message-
From: bind-users-bounces+razor=meganet@lists.isc.org
[mailto:bind-users-bounces+razor=meganet@lists.isc.org] On Behalf Of
Cathy Almond
Sent: Tuesday, November 26, 2013 12:08 PM
To: bind-users
Thank you Cathy already informed me of that. it works with the patch.
-Original Message-
From: Jeremy C. Reed [mailto:jr...@isc.org]
Sent: Tuesday, November 26, 2013 12:20 PM
To: Paul A
Cc: bind-us...@isc.org
Subject: Re: caps compiling error
Please see
https://kb.isc.org/article/AA
9.9.4 (Extended Support Version) built with
'--enable-rrl'
Thanks, Paul
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lis
So Kevin what your saying is someone using my dns created a record with
fe80::? I was under the impression that bind what trying to listen on that
subnet.
Thanks Paul
From: bind-users-bounces+razor=meganet@lists.isc.org
[mailto:bind-users-bounces+razor=meganet@lists.isc.org] On
, April 01, 2014 4:35 PM
To: bind-users@lists.isc.org
Subject: RE: socket error on ipv6 link local
I'm getting the same errors with bind-9.10.0b2.
Just a guess but I think it's related to using a HE IPv6 Tunnel and the
updated root servers.
On Tue, 1 Apr 2014, Paul A wrote:
> Date: Tu
Thank you Mark for all your help in the mail list. I will try this instead,
so is this happening when an link local client is trying to query my server?
paul
-Original Message-
From: Mark Andrews [mailto:ma...@isc.org]
Sent: Tuesday, April 01, 2014 5:03 PM
To: Paul A
Cc: ca35763+b
> I have a subdomain prod.mydomain.com today all of our internal
> resources that use this prod subdomain stopped being able to reach
> eachother. I believe the issue is related to the release of .prod as
> a TLD. Is there a way I can block this TLD or point it back to my
> environment?
>
> Curre
since it has a 0/24 NS
RR? It seems like because of the above DNAME RR it expects and zone file for
the 0/24. However I just want to forward this.
I know I can probably just slave off the PTR server but I rather try and do
it this way unless someone suggests otherwis
.orei...@ucd.ie]
Sent: Tuesday, October 13, 2015 6:29 PM
To: Paul A
Cc: bind-users@lists.isc.org
Subject: Re: dname reverse delegation
On Tue, 13 Oct 2015 21:40:30 +0100,
Paul A wrote:
>
> I have a few /24 that I want to delegate using DNAME.
Are you expecting to save yourself trouble
Yeah, it looks like I might have to give up on this.
paul
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Matus UHLAR -
fantomas
Sent: Wednesday, October 14, 2015 10:29 AM
To: bind-users@lists.isc.org
Subject: Re: dname
weak as I don't have to change the
logging config very often!
If I want to cut down the log volume to just the events I'm interested in,
is it possible to get bind to *not* log PASSTHRU hits?
Or is the only option for me to log RPZ hits via syslog and then get
rs
pdate preserve the original order of the
zone file -- simply modifying the one A record "in place" and updating
the serial number -- that would be nice. If not I guess I will have to
continue using the little Perl script I wrote to do j
Interesting idea -- it never occurred to me that I could have separate
zone files for sub-domains.
So, if I had a tiny zone file for "dynamic.example.com" alone, and a
bigger zone file for all the other stuff for "example.com", could I be
*sure* that nsupdate would *only* modify the tiny file, and
I have avoided the problem chroot causes in a fairly general fashion by
using "mount --bind". For example:
/bin/mount --bind /lib /chroot/dns/lib
will make the entire /lib directory available to the chrooted BIND,
assuming the path /chroot/dns is created beforehand to serve as the
chroot base f
I thought port 0 was never valid as either source or destination.
On Wed, 27 Jul 2016 11:22:06 +0300
"Ejaz" wrote:
>
> Thanks you.
>
> The traffic will go to router which is handled by the Network dept.
> The fear that may router can crash if we start enabling the
> packet capture since
ove
old stale DNS entries that I'm no longer authoritative for. I was thinking
of using dig +trace in a script but I'm not sure if there is a better way.
Thanks, Paul
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users t
Yes on both server and the slave and primary are listed on the NS RR. I'm
really at a loss here, the zone updates on the slave but I keep getting that
message.
Paul
-Original Message-
From: Tony Finch [mailto:d...@dotat.at]
Sent: Thursday, July 28, 2016 6:20 AM
To: Paul A
Cc: bi
Yes there is.
p
From: Casey Deccio [mailto:ca...@deccio.net]
Sent: Thursday, July 28, 2016 10:39 AM
To: Paul A
Cc: Tony Finch ; bind-us...@isc.org
Subject: Re: getting not authoritative with some notifies
On Thu, Jul 28, 2016 at 10:34 AM, Paul A mailto:ra...@meganet.net> >
ng to your NS servers? I have a lot of stale DNS zones I want to
remove.
Thanks, Paul
-Original Message-
From: Tony Finch [mailto:d...@dotat.at]
Sent: Thursday, July 28, 2016 10:45 AM
To: Casey Deccio
Cc: Paul A ; bind-us...@isc.org
Subject: Re: getting not authoritative with som
If the client is at all remote (i.e. the request passes through a
router), the MAC address isn't preserved.
On Sat, 6 Aug 2016 17:42:59 -0700
Fima Leshinsky wrote:
> I'd like to log the client's MAC address. Is this possible? Could
> someone point me in the right direction?
>
> Thank you!
> Fi
I have a rather unusual network with a gateway machine that connects to
two ISPs: a slower DSL with a static IP and a faster cable (Comcast)
with a DHCP IP. The gateway machine runs two instances of BIND (plus
the usual firewalling): an authoritative one for a couple of domains
(and only those doma
"Your better bet is surely to dump the forwarders and to do your own
recursion."
It doesn't solve the connectivity issue, but it sounds reasonable in
it's own right: I'll have to try it.
On Sat, 27 Aug 2016 14:32:09 -0500
/dev/rob0 wrote:
> On Sat, Aug 27, 20
ND itself could fail-over the DNS lookups and
solve the immediate problem.
On Sat, 27 Aug 2016 23:29:08 -0700
Dave Warren wrote:
> On Sat, Aug 27, 2016, at 11:32, Paul Kosinski wrote:
> > So my question is, is it possible to configure my forwarding BIND to
> > have a primary and *s
rharolde> Thanks for the link. Lots of pieces to get working there. Not
rharolde> nearly as simple as TSIG. But good if you are already using
rharolde> Kerberos.
MS active directory is kerberos under the hood. You don't need to run a
classic mit/hesiod KDC to get GSS-TSIG to work. But it is crypti
Is there another command I should issue to stop BIND?
Thank you,
Paul
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Con
read_np.h... no
checking for libuv... checking for libuv >= 1.0.0... no
configure: error: libuv not found
I have libuv installed, however. It is version 1.41.0.
I would appreciate any suggestions on how to fix this.
Thank you,
Paul
___
Please
I did use homebrew. It installed libuv 1.41.0 without any complaints. Is
there something I could do to manually point BIND to libuv?
Thank you,
Paul
> On Mar 25, 2021, at 10:12 PM, Mark Andrews wrote:
>
> libuv discovery requires pkg-config to be found. macports/homebrew insta
Eddy, I fully agree with you. I wish I could do it. Unfortunately I failed to
install libuv from scratch and I took a shortcut by using homebrew (and now I
am paying for it, as I should).
Paul
> On Mar 25, 2021, at 11:05 PM, Eddy Hahn wrote:
>
> I do not use either of them because
-proctitle.lo] Error 1
> On Mar 25, 2021, at 10:58 PM, Larry Stone wrote:
>
> I’ve been building BIND on MacOS for years (currently on Catalina but has
> worked on almost the entire Mac OS X series.
>
>>
>> On Mar 25, 2021, at 7:50 PM, Paul Cizmas wrote:
>&
Ondrej:
I did not think of doing it. Let me try. Thank you for your suggestion!
Paul
> On Mar 26, 2021, at 2:04 AM, Ondřej Surý wrote:
>
> Paul,
>
> why don’t you just install BIND 9 from Homebrew?
>
> Ondřej
> --
> Ondřej Surý — ISC (He/Him)
>
> My wor
)
~$ named -v
BIND 9.9.7-P3 (Extended Support Version)
So, why is it still 9.9.7-P3?
Thank you,
Paul
> On Mar 26, 2021, at 9:25 AM, Ondřej Surý wrote:
>
> $ brew info bind
> bind: stable 9.16.13 (bottled), HEAD
> Implementation of the DNS protocols
> https://www.isc.org/bind/
and it is
/Applications/Server.app/Contents/ServerRoot/usr/sbin/named
When I ran rndc status I got
~$ rndc status
rndc: error: open: /Library/Server/named/rndc.key: permission denied
rndc: could not load rndc configuration
Thank you,
Paul
> On Mar 26, 2021, at 1:44 PM, Tony Finch wro
Bruce, indeed the named is in
/Applications/Server.app/Contents/ServerRoot/usr/sbin/named.
> On Mar 26, 2021, at 12:20 PM, Bruce Johnson
> wrote:
>
>
>
>> On Mar 26, 2021, at 9:17 AM, Paul Cizmas wrote:
>>
>> Ondrej:
>>
>> Thank you - I in
along the lines of -
server 157.83.102.245 {
edns no;
};
for each of the problematic upstreams. I contacted Barclays a few months
ago about this, but never got a solid response.
Paul
On Fri, 13 May 2022 at 13:12, Ondřej Surý wrote:
> Hi Rainer,
>
> I believe this is unrelated to an
e DNS software seem to fall back gracefully
and resolve these problems
Paul
On Fri, 13 May 2022 at 13:51, Paul Stead wrote:
> I have noticed this, too,
>
> The problem seems to be related to edns - disabling edns for the upstream
> servers looks to resolve the issue, this can be seen with
Agreed, but without the upstream provider actually fixing the issue I
couldn't find a way to provide resolution of this domain to my customers -
are there better ways to resolve this from our side?
There seems to be a document about this issue -
https://kb.isc.org/docs/aa-01387
Paul
On Fr
grant> I'd be interested in learning what other things /require/ or are
grant> at least predicated on having PTR records for IPs.
Been a few years since I last delved but was appalled at some of the
pointless uses of rev-ptrs. NYT used to require it to let you connect to
their website, as one such
they were, especially as the
behaviour described with the Expect 100 wasn't in violation of spec,
just unusual.
We had a problem which was solved by this setting, and I want to be in a
position to explain why things were setup in a way which caused this to
occur.
Thanks,
Paul Cocker
TNT Post
#x27;s much better
placed in /var.
Paul
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ended method to secure your nameserver when
starting from a fresh install, is to use SElinux, not chroot.
Paul
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
rhel6beta source rpm for bind on your rhel5 ?
Paul
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
martin> there is a recurring message in named.log that goes something
martin> like:
martin> success resolving 'www.pbs.org/A' (in 'pbs.org'?) after
martin> reducing the advertised EDNS UDP packet size to 512 octets
martin> What category of message is this called and can I put something
martin>
ibuted named.conf, someone needs to talk to
them...
It was a separate file named.keys, and if the machine has received all the
updates it should no longer be included in named.conf. Keys were never
hardcoded in named.conf. If that's where these keys are, s
.
I'd recommend preprocessing the zone with ldns-read-zone, which also sorts
and canonicalises the zone. Later on, you can then also use this command
to seperate unsigned data from dnssec, and merge in data (eg updates)
from multiple zone versions while re-using previous RRSIGs
Paul
___
sting signatures.
In the setup i described, you get a new unsigned zone and you need
to merge it with the signed zone, hence the pre-processing.
(this is requires for on offline signers, where the private ZSK is not
available)
Paul
___
bind-users mailing
eys
You give your DS via http://dlv.isc.org/
Paul
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
ds an explicit trust anchor, even
if in the "world view" the trust anchor is missing?
(eg can you use this to more easilly deploy dnssec testbeds similar to
how unbound can do this?
Paul
___
bind-users mailing list
bind-users@lists.isc.org
https:
example.com example?
I think Paul is wondering if it works with the DENIC testbed. 8-)
The forward hack does not work reliable for DNSSEC islands, IIRC.
(I still don't understand what exactly "it works with the DENIC
testbed" means in the context of the original question of Paul,
-800-81r1.pdf
Thanks. looks great, will learn from it.
And RFC-4641bis http://tools.ietf.org/html/draft-ietf-dnsop-rfc4641bis-05
Paul
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
d-zone -s, concatenate it
with your unsigned zone, and run it through dnssec-signzone.
Paul
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
bsfinkel> In the posting and on the ISC release notes page on the web,
bsfinkel> under "Feature Changes" - the first heading "9.7.2" should
bsfinkel> read "9.7.3".
No, it's correct. Those were new features in 9.7.2. 9.7.3 has a number
of bug fixes but no "new" features over 9.7.2.
But it's good
larissas> When an authoritative server processes a successful IXFR
larissas> transfer or a dynamic update, there is a small window of time
larissas> during which the IXFR/update coupled with a query may cause a
larissas> deadlock to occur.
The issue is a write lock. The bug can be triggered by an
linux, etc.
Alternatively, you can look into the "development tree" for RHEL, called
"Fedora".
Fedora is on a 6 month release cycle and releases updates more often. But take
note
that you're exchanging stability and testing for a more rapid new version
deployment.
Paul
p
special key configuration is required for any resolver that uses
the root key already.
Paul
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
this recently, but if it does not
work, I suggest opening a bug report about this, so that we can get it fixed.
Paul
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
network that receives DHCP updates and needs to reconfigure the forwarder based
on the
obtained DNS server options.
I know unbound can do this using unbound-remote forward a.b.c.d.
If a patch for bind9 would be written to allow this via rndc, would it have a
chance of
being accepted?
Paul
Hello,
One of our DNS stopped with this critical error:
Mar 31 16:34:42 ns2 named[3806]: dispatch.c:3018: INSIST(n == 1) failed
Mar 31 16:34:42 ns2 named[3806]: exiting (due to assertion failure)
has anyone seen this before, and knows what causes it?
Thanks
Paul
Thanks Evan,
I'll send in a bug report and upgrade to the latest release.
Paul
On 31 March 2011 17:18, Evan Hunt wrote:
> > Mar 31 16:34:42 ns2 named[3806]: dispatch.c:3018: INSIST(n == 1) failed
> > Mar 31 16:34:42 ns2 named[3806]: exiting (due to assertion failure)
> &
Is anyone else seeing this behavior? Also, is there a link that addresses
troubleshooting or diagnosing DNSSEC based queries?
works for me:
[paul@bofh ~]$ dig +dnssec whitehouse.gov
; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc14 <<>> +dnssec whitehouse.gov
;; globa
has not been necessary, so I'm
curious. Building 9.8 against the default openssl in the FreeBSD base
(0.9.8q) I have not experienced this problem.
0.9.8 did not support gost, so I'm not sure if you can compare this as you do.
Paul (not
ients-per-query apply to forward zone queries too, or is this
ignored?
4 Can this behaviour be changed via a configuration option so we can remember
this EDNS
failure so that we're not unable to anser queries for 3 out of 4 seconds?
Paul
___
Pl
1 - 100 of 336 matches
Mail list logo
