#bind

ramnath@nerdpol.ch

enter image description here
The #Six #Enemies of The #Mind ( #Arishadvarga / #Shadripu)
These are the fundamental tenets of #Kali-yuga ( The #Dark-Age)

#kama — lust, craze, desire
#krodha — anger, hatred
#lobha — greed, miserliness, narrow minded
#moha — delusory emotional attachment
#mada — pride, stubborn mindedness
#matsarya — envy, jealousy, show or vanity, and pride
According to #Hindu #scriptures, these #bind the #soul to the #cycle of #birth and #death and keep it confined in this material world (confines of #Maya or relative existence). Especially the first three are said to pave the way towards #hell. The first two bring about difficult experiences we face in our lives.

No matter how powerful, rich, successful or outwardly happy we are, we cannot be considered mature if we have not conquered these six #internal #enemies.

In fact, #SanātanaDharma says that we will never be truly #happy and #peaceful #within our #hearts unless we defeat these six enemies — the ‘ #Shadripus.’

https://medium.com/brah-ma/the-six-enemies-of-the-mind-arishadvarga-shadripu-d44fb460a12

rainerhgw@diasp.org

Huge dynamic zones with #bind?

I use SpamAssassin on my mailserver, with a self maintained DNS blacklist.

ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
urirhssub MY_URI_RBL spam.uri.example.com. A 127.0.0.3
body MY_URI_RBL eval:check_uridnsbl('MY_URI_RBL')
describe MY_URI_RBL Contains a host listed in my URI blocklist
score MY_URI_RBL 100
endif

Then I have on my name server a zone spam.uri.example.com which is/was self maintained, but that does not work well, I have to add every unwanted domain by hand.
To prevent from phishing attacks, I add https://blocklistproject.github.io/Lists/phishing.txt to the zone file with some script magic. Still I have to increase the serial, and being a lazy sysadmin, I want to automate this. nsupdate comes to my mind, but phishing.txt contains 190305 unique records. Will nsupdate/bind handle this? (Of course, I would have to turn spam.uri.example.com into a dynamic zone)

rainerhgw@diasp.org

While doing housekeeping in my #DNS (​ #bind with flat files), I wonder if there is a tool that compares forward and reverse zones and reports problems.
That would be handy.

Any hints?

rainerhgw@diasp.org

I do not get it.
I need to update the DNS zone sokoll.com

On the name server (​ #bind​ )

allinclusive:/var/lib/named/master # grep vpn sokoll.com
ssh IN CNAME vpn
vpn IN A 91.66.58.118
vpn IN AAAA 2001:470:6d:c40:210:75ff:fe1a:c7cf
allinclusive:/var/lib/named/master #

Zone is up to date:

allinclusive:/var/lib/named/master # rndc reload sokoll.com
zone reload up-to-date
allinclusive:/var/lib/named/master #

Looks good:

allinclusive:/var/lib/named/master # rndc zonestatus sokoll.com
name: sokoll.com
type: master
files: master/sokoll.com
serial: 2022020101
signed serial: 2022020101
nodes: 63
last loaded: Tue, 01 Feb 2022 13:50:43 GMT
secure: yes
inline signing: yes
key maintenance: automatic
next key event: Tue, 01 Feb 2022 15:03:36 GMT
next resign node: sokoll.com/A
next resign time: Wed, 02 Feb 2022 06:32:47 GMT
dynamic: no
reconfigurable via modzone: no
allinclusive:/var/lib/named/master #

But:
```
~$ host vpn.sokoll.com ns.sokoll.com.
Using domain server:
Name: ns.sokoll.com.
Address: 195.110.60.28#53
Aliases:

vpn.sokoll.com has address 91.66.45.77
vpn.sokoll.com has IPv6 address 2001:470:6d:c40:210:75ff:fe1a:c7cf
~$
``
91.66.45.77` is an old address that I need to replace.
I must be blind :-/

russ@diasp.org

Got a #DNS problem... using #BIND, with #Cloudflare 1.1.1.1 resolvers as my forwarders. Since a few days ago I can no longer look up PTRs for IPv6 addresses; all return SERVFAIL. Looking up the same addresses directly against Cloudflare, it works. Using different forwarders in BIND (e.g. my ISP's), it works.

These are the errors in the BIND logs:

Sep 26 20:37:37 server.example.com named[708943]: FORMERR resolving 'a.2.ip6.arpa/DS/IN': ::1#1053
Sep 26 20:37:37 server.example.com named[708943]: no valid DS resolving '4.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.3.2.8.0.9.0.0.4.0.5.4.1.0.0.a.2.ip6.arpa/PTR/IN': ::1#1053

Searches for these errors have not turned up anything that has helped.

Any gurus out there able to shed any light?