BIND 9.2.2-P1 is now available.
Mark_A...@isc.org
BIND 9.2.2-P1 is now available.
In response to high demand from our users, ISC is releasing a patch for BIND
to support the declaration of "delegation-only" zones in caching/recursive
name servers. Briefly, a zone which has been declared "delegation-only" will
be effectively limited to containing NS RRs for subdomains, but no actual
data outside its apex (for example, its SOA RR and apex NS RRset). This can
be used to filter out "wildcard" or "synthesized" data from NAT boxes or from
authoritative name servers whose undelegated (in-zone) data is of no interest.
BIND 9.2.2-P1 can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.2.2/patch.9.2.2-P1
The PGP signature of the distribution is at
ftp://ftp.isc.org/isc/bind9/9.2.2/patch.9.2.2-P1.asc
The signature was generated with the ISC public key, which is
available at <http://www.isc.org/ISC/isckey.txt>.
To apply patch.9.2.2-P1 first download BIND 9.2.2, extact the
contents then apply the patch using the patch(1) command.
e.g.
gunzip < bind-9.2.2.tar.gz | tar xf -
cd bind-9.2.2
patch -p1 < ../patch.9.2.2-P1
BIND 9.2.2 can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.2.2/bind-9.2.2.tar.gz
The PGP signature of the distribution is at
Rob MacGregor
> BIND 9.2.2-P1 is now available.
One interesting feature I've found. When I had forwarders set attempts
to resolve www.google.com and www.freshports.net failed. Removing the
forwarders solved the problem:
.... enforced delegation-only for 'net' (www.random-picks123456.net)
.... enforced delegation-only for 'com' (www.random-picks1234566.com)
.... enforced delegation-only for 'com' (random-gubbins-thingy.com)
.... enforced delegation-only for 'net' (random-gubbins-thingy.net)
.... enforced delegation-only for 'net' (www.freshports.net)
.... enforced delegation-only for 'com' (www.google.com)
Happy to do more testing if it'll help anybody, otherwise I'll assume
it's something odd with my system :)
--
Rob MacGregor (BOFH) Oh my God! They killed init! You bastards!
The light at the end of the tunnel is an oncoming dragon.
Erik Hensema
> Mark_A...@isc.org wrote:
> > BIND 9.2.2-P1 is now available.
>
> to resolve www.google.com and www.freshports.net failed. Removing the
> forwarders solved the problem:
>
> .... enforced delegation-only for 'net' (www.random-picks123456.net)
> .... enforced delegation-only for 'com' (www.random-picks1234566.com)
> .... enforced delegation-only for 'com' (random-gubbins-thingy.com)
> .... enforced delegation-only for 'net' (random-gubbins-thingy.net)
> .... enforced delegation-only for 'net' (www.freshports.net)
> .... enforced delegation-only for 'com' (www.google.com)
>
> Happy to do more testing if it'll help anybody, otherwise I'll assume
> it's something odd with my system :)
I've got no trouble resolving google.com. freshports.net isn't a registered
domain, so the behaviour of bind is correct.
--
Erik Hensema (er...@hensema.net)
Joseph S D Yao
>
> to resolve www.google.com and www.freshports.net failed. Removing the
> forwarders solved the problem:
>
> .... enforced delegation-only for 'net' (www.random-picks123456.net)
> .... enforced delegation-only for 'com' (www.random-picks1234566.com)
> .... enforced delegation-only for 'com' (random-gubbins-thingy.com)
> .... enforced delegation-only for 'net' (random-gubbins-thingy.net)
> .... enforced delegation-only for 'net' (www.freshports.net)
> .... enforced delegation-only for 'com' (www.google.com)
>
> Happy to do more testing if it'll help anybody, otherwise I'll assume
> it's something odd with my system :)
>
> Rob MacGregor (BOFH) Oh my God! They killed init! You bastards!
> The light at the end of the tunnel is an oncoming dragon.
I'm assuming that the e-mail address I just happened to notice is
invalid, so am removing it. ;-( ;-(
I would guess that whover you were forwarding to was applying some
other blocking to .com and/or .net.
--
Joe Yao js...@center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
Odirf
www.microsoft.com .
Worked around it by removing forwarders.
"Erik Hensema" <er...@hensema.net> wrote in message
news:bka8su$1e4d$1...@sf1.isc.org...
Rob MacGregor
> I've got no trouble resolving google.com. freshports.net isn't a registered
> domain, so the behaviour of bind is correct.
<Slaps self> Next time, check URLs :-(
As I say, only a problem when I'd the forwarding going. Removing that
fixed it. As Joseph said, possibly an issue with my ISP.
Hou, Ming
What are these forwarders?
Thanks
-----Original Message-----
From: Odirf [mailto:od...@mapsonxs4all.nl]
Sent: Thursday, September 18, 2003 9:26 AM
To: comp-protoc...@isc.org
Subject: Re: BIND 9.2.2-P1 is now available.
Having the same problem here with www.google.com (not google.com) and
www.microsoft.com .
Worked around it by removing forwarders.
"Erik Hensema" <er...@hensema.net> wrote in message
news:bka8su$1e4d$1...@sf1.isc.org...
> On Wed, Sep 17, 2003 at 04:49:04PM +0000, Rob MacGregor wrote:
> > Mark_A...@isc.org wrote:
> > > BIND 9.2.2-P1 is now available.
> >
> > One interesting feature I've found. When I had forwarders set =
attempts
> > to resolve www.google.com and www.freshports.net failed. Removing =
the
> > forwarders solved the problem:
> >
> > .... enforced delegation-only for 'net' (www.random-picks123456.net)
> > .... enforced delegation-only for 'com' =
(www.random-picks1234566.com)
> > .... enforced delegation-only for 'com' (random-gubbins-thingy.com)
> > .... enforced delegation-only for 'net' (random-gubbins-thingy.net)
> > .... enforced delegation-only for 'net' (www.freshports.net)
> > .... enforced delegation-only for 'com' (www.google.com)
> >
> > Happy to do more testing if it'll help anybody, otherwise I'll =
assume
> > it's something odd with my system :)
>
> I've got no trouble resolving google.com. freshports.net isn't a
registered
> domain, so the behaviour of bind is correct.
>
> --=20
> Erik Hensema (er...@hensema.net)
>
Nicholas Brealey
> BIND 9.2.2-P1 is now available.
The patch seems to work fine if I stop using my ISP's forwarders but I
needed to make one minor change to get it to compile on Solaris 9 using
the Sun One Studio 8 C compiler.
Nick
The simple change required is:
--- bind-9.2.2/lib/dns/include/dns/view.h~ Thu Sep 18 21:02:47 2003
+++ bind-9.2.2/lib/dns/include/dns/view.h Thu Sep 18 21:19:31 2003
@@ -706,7 +706,7 @@
* ISC_R_NOMEMORY
*/
-isc_boolean_t
+isc_result_t
dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name);
/*
* Check if 'name' is in the delegation only table.
Nicholas Brealey
Actually I should have changed view.c INSTEAD of view.h.
Use the patch INSTEAD of the previous one:
--- bind-9.2.2/lib/dns/view.c~ Thu Sep 18 21:02:47 2003
+++ bind-9.2.2/lib/dns/view.c Thu Sep 18 22:13:02 2003
@@ -1191,7 +1191,7 @@
return (result);
}
-isc_result_t
+isc_boolean_t
dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name) {
dns_name_t *new;
isc_uint32_t hash;