Re: Occasional errors from res_nsearch

On 11/25/09 05:44, Divakar Pratap Singh P wrote: Hi, I am using S olaris (5.10 Sparc as well as i386 ) server to run an application (written in C language) which uses B ind library client implementation (available on Solaris box by default, version 4.9.4) . On processing consecutive lookup

DNSSEC validation works with DLV, but not with just trusted-key

Hi, Maybe I'm getting something wrong here, but as far as I understand, when I enable dnssec and dnssec-validation and have a zone with a trusted-key, bind should not answer to requests for bad dnssec signatures. This is my config: trusted-keys { org. 257 3 7

Re: DNSSEC validation works with DLV, but not with just trusted-key

Hanno Böck wrote: dig baddata-A.test.dnssec-tools.org @localhost There is no DS record for dnssec-tools.org in .org (chain of trust is broken), so you can't validate the response -- thus the data being passed back to you. AlanC ___ bind-users

Re: DNSSEC validation works with DLV, but not with just trusted-key

Am Mittwoch 25 November 2009 schrieb Alan Clegg: There is no DS record for dnssec-tools.org in .org (chain of trust is broken), so you can't validate the response -- thus the data being passed back to you. Ok, that explains it. Are there any example domains with known-broken dnssec records

Re: DNSSEC validation works with DLV, but not with just trusted-key

Hanno Böck wrote: Am Mittwoch 25 November 2009 schrieb Alan Clegg: There is no DS record for dnssec-tools.org in .org (chain of trust is broken), so you can't validate the response -- thus the data being passed back to you. Ok, that explains it. Are there any example domains with

Re: DNSSEC validation works with DLV, but not with just trusted-key

Or one could use DLV to provide the trust linkage. dnssec-tools.org.dlv.isc.org. 3499 IN DLV 54556 5 1 11A4026F4E09B1C106AAF3AC81A37AA537B8A3E6 dnssec-tools.org.dlv.isc.org. 3499 IN DLV 54556 5 2 6B026928292D452A5CC37B3EF327F27F50A29936CB31E664EB066D71 A476E282 -- Mark Andrews,

Re: DNSSEC validation works with DLV, but not with just trusted-key

In message 200911252202.napm2asg000...@drugs.dv.isc.org, Mark Andrews writes: Or one could use DLV to provide the trust linkage. dnssec-tools.org.dlv.isc.org. 3499 IN DLV 54556 5 1 11A4026F4E09B1C106AAF3AC81A37AA537B8A3E6 dnssec-tools.org.dlv.isc.org. 3499 IN DLV 54556 5 2

File System Choice

500,000 domains, with the Ext3 file system, DNS service starts very slow and therefore require several hours before they can work properly. For the bind file system choices, there are any suggestions advice? -- 万善义 2009-11-26

Re: File System Choice

2009/11/26 万善义 w...@114.com.cn: 500,000 domains, with the Ext3 file system, DNS service starts very slow and therefore require several hours before they can work properly. For the bind file system choices, there are any suggestions advice? Are you sure it's filesystem issue? ext3 has a