bind-users Digest, Vol 4123, Issue 2

Mon Nov 28 00:30:37 UTC 2022

Please sir in future no mail send on me sir.

On Mon, 28 Nov, 2022, 4:03 am , <bind-users-request at lists.isc.org> wrote:

> Send bind-users mailing list submissions to
>         bind-users at lists.isc.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.isc.org/mailman/listinfo/bind-users
> or, via email, send a message with subject or body 'help' to
>         bind-users-request at lists.isc.org
>
> You can reach the person managing the list at
>         bind-users-owner at lists.isc.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
>    1. Re: bind-users Digest, Vol 4123, Issue 1 (GAJENDRA CHOUBISA)
>    2. Re: bind-users Digest, Vol 4123, Issue 1 (Benny Pedersen)
>    3. Re: lame-servers: SERVFAIL unexpected RCODE resolving (Alex)
>    4. Struggling with dnssec-policy timers (vom513)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 27 Nov 2022 20:02:34 +0530
> From: GAJENDRA CHOUBISA <gajendrachoubisa754 at gmail.com>
> To: bind-users at lists.isc.org
> Subject: Re: bind-users Digest, Vol 4123, Issue 1
> Message-ID:
>         <CAG-cxMQSHLZGeJuTP9NjgF3s5SEHADbW8C=_
> LEWQ-k_TdR-zUA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Please no more emails on future sir.
>
> On Sun, 27 Nov, 2022, 5:30 pm , <bind-users-request at lists.isc.org> wrote:
>
> > Send bind-users mailing list submissions to
> >         bind-users at lists.isc.org
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> >         https://lists.isc.org/mailman/listinfo/bind-users
> > or, via email, send a message with subject or body 'help' to
> >         bind-users-request at lists.isc.org
> >
> > You can reach the person managing the list at
> >         bind-users-owner at lists.isc.org
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of bind-users digest..."
> >
> >
> > Today's Topics:
> >
> >    1. Re: lame-servers: SERVFAIL unexpected RCODE resolving
> >       (Anders L?winger)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Sun, 27 Nov 2022 04:04:09 +0000
> > From: Anders L?winger <anders at abundo.se>
> > To: bind-users at lists.isc.org
> > Subject: Re: lame-servers: SERVFAIL unexpected RCODE resolving
> > Message-ID: <1669521774156.1242792614.949363040 at abundo.se>
> > Content-Type: text/plain; charset="utf-8"
> >
> > 26-Nov-2022 09:19:13.969 lame-servers: SERVFAIL unexpected RCODE
> resolving
> > 'lists.opensuse.org/NS/IN': 195.135.221.195#53
> > Lots of errors in the zone:
> >
> >
> > https://zonemaster.net/result/ff3dacdfc1e41199
> >
> >
> >
> >
> > --
> > MVH/Regards
> > Anders L?winger, Abundo AB, +46 72 206 0322
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <
> >
> https://lists.isc.org/pipermail/bind-users/attachments/20221127/d10d299d/attachment-0001.htm
> > >
> >
> > ------------------------------
> >
> > Subject: Digest Footer
> >
> > _______________________________________________
> > ISC funds the development of this software with paid support
> > subscriptions. Contact us at https://www.isc.org/contact/ for more
> > information.
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> >
> >
> > ------------------------------
> >
> > End of bind-users Digest, Vol 4123, Issue 1
> > *******************************************
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.isc.org/pipermail/bind-users/attachments/20221127/fdf188a4/attachment-0001.htm
> >
>
> ------------------------------
>
> Message: 2
> Date: Sun, 27 Nov 2022 16:04:21 +0100
> From: Benny Pedersen <me at junc.eu>
> To: bind-users at lists.isc.org
> Subject: Re: bind-users Digest, Vol 4123, Issue 1
> Message-ID: <3bd213e33a7f5e50e9834d89b8233888 at junc.eu>
> Content-Type: text/plain; charset=US-ASCII; format=flowed
>
> GAJENDRA CHOUBISA skrev den 2022-11-27 15:32:
> > Please no more emails on future sir.
>
> its a self service, no one can help you get more or less mails here
>
> List-Id: BIND Users Mailing List <bind-users.lists.isc.org>
> List-Unsubscribe: <https://lists.isc.org/mailman/options/bind-users>,
> <mailto:bind-users-request at lists.isc.org?subject=unsubscribe>
> List-Archive: <https://lists.isc.org/pipermail/bind-users/>
> List-Post: <mailto:bind-users at lists.isc.org>
> List-Help: <mailto:bind-users-request at lists.isc.org?subject=help>
> List-Subscribe: <https://lists.isc.org/mailman/listinfo/bind-users>,
> <mailto:bind-users-request at lists.isc.org?subject=subscribe>
>
> try using above
>
>
> ------------------------------
>
> Message: 3
> Date: Sun, 27 Nov 2022 15:54:45 -0500
> From: Alex <mysqlstudent at gmail.com>
> To: Anders L?winger <anders at abundo.se>, bind-users at lists.isc.org
> Subject: Re: lame-servers: SERVFAIL unexpected RCODE resolving
> Message-ID:
>         <CAB1R3sjkCKEKeyeMGku+HRGtXswiBU2+U+dv=
> 1x2YwdmM6uthw at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> On Sat, Nov 26, 2022 at 11:05 PM Anders L?winger <anders at abundo.se> wrote:
>
> > 26-Nov-2022 09:19:13.969 lame-servers: SERVFAIL unexpected RCODE
> resolving
> > 'lists.opensuse.org/NS/IN': 195.135.221.195#53
> >
> > Lots of errors in the zone:
> >
> > https://zonemaster.net/result/ff3dacdfc1e41199
> >
>
> That's very helpful information. Is there any way to configure bind to
> avoid using those nameservers? It doesn't appear as if it's currently doing
> that on its own. I'm also very surprised that such an organization would
> have such a poorly configured DNS. Is that common?
>
> Here's McAfee's blocklist service that also has numerous problems,
> including name servers that don't even respond.
> https://zonemaster.net/result/c2e9affcb3b39d00
>
> I'm also seeing similar issues with other name servers as query-errors:
>
> 27-Nov-2022 15:09:51.471 query-errors: client @0x7fd19e38cb68
> 127.0.0.1#53460 (us-smtp-delivery-100.mimecast.com.sa.fmb.la): query
> failed
> (timed out) for us-smtp-delivery-100.mimecast.com.sa.fmb.la/IN/A at
> ../../../lib/ns/query.c:7729
>
> Is there any way to display the name server that failed with these queries
> so I can research further?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.isc.org/pipermail/bind-users/attachments/20221127/d6b54e20/attachment-0001.htm
> >
>
> ------------------------------
>
> Message: 4
> Date: Sun, 27 Nov 2022 17:32:59 -0500
> From: vom513 <vom513 at gmail.com>
> To: bind-users at lists.isc.org
> Subject: Struggling with dnssec-policy timers
> Message-ID: <ADE62D46-708F-4FA2-BDC3-D9C61276D3AB at gmail.com>
> Content-Type: text/plain;       charset=utf-8
>
> Hello all,
>
> I?m still having a really hard time understanding and getting my timings
> right.  At least I think I am (from the way I?m reading the
> status/logs/state files).
>
> I let my current CSK get completely ?omnipresent? for all it?s timers (I?m
> not even sure if this is really necessary?)  I did a rollover, and I?m very
> confused by the various timers I?m seeing.
>
> FYI - I added:
>
>         publish-safety 1d;
>         retire-safety 1d;
>
> To the policy ?default?.  Other than that and NSEC3, everything is using
> values from the ?default? policy.  With this, it seems that my successor
> key will go active but CDS won?t be published until the same exact time.
> This seems to defeat the purpose of doing an overlapping rollover.  I would
> think I would want CDS published before the new key goes active.  Is the
> old key going to keep being used for signing as well ?  I don?t think so
> because it?s retirement is also at this exact moment.
>
> So simultaneously, it seems that I have:
>
> - New key start to be used for signing
> - CDS is published
> - Old key is retired
>
> If I?m reading this right - did my timers screw this up ?  I would have
> hoped/assumed that the ?default? policy would have timers arranged as such
> as there there *should* not be any gaps in coverage (assuming everything
> else goes swimmingly?)  I?ll be honest - I?m kind of feeling like an idiot
> because of how difficult this seems.
>
> Can someone please set me straight ?  I can ?nuke? this zone?s keys and
> state and start over (which I?ve done several times already).  It?s just
> getting a bit tiresome because of course when I do this all the various
> timers start over.
>
> Here are my state files, 2 keys.  Current and a successor.  Thanks in
> advance.
>
> ?
> ; This is the state of key 3697, for acuity.tech.
> Algorithm: 13
> Length: 256
> Lifetime: 0
> Predecessor: 35731
> KSK: yes
> ZSK: yes
> Generated: 20221127221000 (Sun Nov 27 17:10:00 2022)
> Published: 20221127221000 (Sun Nov 27 17:10:00 2022)
> Active: 20221128231500 (Mon Nov 28 18:15:00 2022)
> PublishCDS: 20221128231500 (Mon Nov 28 18:15:00 2022)
> DNSKEYChange: 20221127221000 (Sun Nov 27 17:10:00 2022)
> ZRRSIGChange: 20221127221000 (Sun Nov 27 17:10:00 2022)
> KRRSIGChange: 20221127221000 (Sun Nov 27 17:10:00 2022)
> DSChange: 20221127221000 (Sun Nov 27 17:10:00 2022)
> DNSKEYState: rumoured
> ZRRSIGState: hidden
> KRRSIGState: rumoured
> DSState: hidden
> GoalState: omnipresent
>
> ; This is the state of key 35731, for acuity.tech.
> Algorithm: 13
> Length: 256
> Lifetime: 546573
> Successor: 3697
> KSK: yes
> ZSK: yes
> Generated: 20221122152527 (Tue Nov 22 10:25:27 2022)
> Published: 20221122152527 (Tue Nov 22 10:25:27 2022)
> Active: 20221122152527 (Tue Nov 22 10:25:27 2022)
> Retired: 20221128231500 (Mon Nov 28 18:15:00 2022)
> Removed: 20221209232000 (Fri Dec  9 18:20:00 2022)
> DSPublish: 20221123043555 (Tue Nov 22 23:35:55 2022)
> PublishCDS: 20221124153027 (Thu Nov 24 10:30:27 2022)
> DNSKEYChange: 20221123163027 (Wed Nov 23 11:30:27 2022)
> ZRRSIGChange: 20221124153027 (Thu Nov 24 10:30:27 2022)
> KRRSIGChange: 20221123163027 (Wed Nov 23 11:30:27 2022)
> DSChange: 20221125053555 (Fri Nov 25 00:35:55 2022)
> DNSKEYState: omnipresent
> ZRRSIGState: omnipresent
> KRRSIGState: omnipresent
> DSState: omnipresent
> GoalState: hidden
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
> ------------------------------
>
> End of bind-users Digest, Vol 4123, Issue 2
> *******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20221128/675ffacf/attachment-0001.htm>