{"id":10678,"date":"2024-02-12T11:45:08","date_gmt":"2024-02-12T16:45:08","guid":{"rendered":"https:\/\/www.rushworth.us\/lisa\/?p=10678"},"modified":"2024-02-12T11:46:19","modified_gmt":"2024-02-12T16:46:19","slug":"isc-bind-9-18-and-windows-dns","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=10678","title":{"rendered":"ISC Bind 9.18 and Windows DNS"},"content":{"rendered":"<p>After upgrading all of our Linux hosts to Fedora 39, we are running ISC bind 9.18.21 &#8230; and it seems the ISC folks are finally <em>done<\/em> with Microsoft&#8217;s &#8220;kinda sorta RFC compliance&#8221;. Instead of just working around Windows DNS servers having some quirks &#8230; they now fail to AXFR the domain.<\/p>\n<p><a href=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2024\/02\/isc-bind-edns-windows-incompatability-errorlog.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10679\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2024\/02\/isc-bind-edns-windows-incompatability-errorlog.png\" alt=\"\" width=\"1594\" height=\"22\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2024\/02\/isc-bind-edns-windows-incompatability-errorlog.png 1594w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2024\/02\/isc-bind-edns-windows-incompatability-errorlog-300x4.png 300w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2024\/02\/isc-bind-edns-windows-incompatability-errorlog-1024x14.png 1024w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2024\/02\/isc-bind-edns-windows-incompatability-errorlog-768x11.png 768w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2024\/02\/isc-bind-edns-windows-incompatability-errorlog-1536x21.png 1536w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2024\/02\/isc-bind-edns-windows-incompatability-errorlog-750x10.png 750w\" sizes=\"auto, (max-width: 1594px) 100vw, 1594px\" \/><\/a><\/p>\n<p>Fortunately, you can tell bind to stop doing edns <em>&#8216;stuff<\/em>&#8216; by adding a server{} section to named.conf &#8212; this gives the server some instructions on how to communicate with the listed server. When bind is no longer trying to do edns &#8220;stuff&#8221;, Windows doesn&#8217;t have an opportunity to provide a bad response, so the AXFR doesn&#8217;t fail.<\/p>\n<p><a href=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2024\/02\/isc-bind-edns-windows-incompatability-namedfix.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10681\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2024\/02\/isc-bind-edns-windows-incompatability-namedfix.png\" alt=\"\" width=\"448\" height=\"106\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2024\/02\/isc-bind-edns-windows-incompatability-namedfix.png 448w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2024\/02\/isc-bind-edns-windows-incompatability-namedfix-300x71.png 300w\" sizes=\"auto, (max-width: 448px) 100vw, 448px\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>After upgrading all of our Linux hosts to Fedora 39, we are running ISC bind 9.18.21 &#8230; and it seems the ISC folks are finally done with Microsoft&#8217;s &#8220;kinda sorta RFC compliance&#8221;. Instead of just working around Windows DNS servers having some quirks &#8230; they now fail to AXFR the domain. Fortunately, you can tell &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30],"tags":[99,100,313,136],"class_list":["post-10678","post","type-post","status-publish","format-standard","hentry","category-system-administration","tag-bind","tag-dns","tag-isc-bind","tag-windows"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/10678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10678"}],"version-history":[{"count":3,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/10678\/revisions"}],"predecessor-version":[{"id":10684,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/10678\/revisions\/10684"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}