On 11/28/2011 4:33 PM, Bill Owens wrote:
I think that if I had to use a Windows workstation my first installs
would be the ISC binary kit and wireshark, since AFAIK Windows doesn't
come with a packet capture program either. . .
There is one. I forget what it's called. I think it's in one of
Todd wrote on 11/24/2011 11:29:14 AM:
I don't understand why Windows doesn't include dig by default, even
now. Free software hate?
And grep and logrotate! At least the GnuWin32 project has a good version
of grep.
Confidentiality Notice:
This electronic message and any attachments may
-bounces+jlightner=water@lists.isc.org] On Behalf Of
wbr...@e1b.org
Sent: Monday, November 28, 2011 1:03 PM
To: Todd Snyder
Cc: bind-users-bounces+wbrown=e1b@lists.isc.org; bind-users@lists.isc.org
Subject: RE: Bind 9.9.0b2 inline signing...
Todd wrote on 11/24/2011 11:29:14 AM:
I don't
On Mon, Nov 28, 2011 at 01:03:15PM -0500, wbr...@e1b.org wrote:
Todd wrote on 11/24/2011 11:29:14 AM:
I don't understand why Windows doesn't include dig by default, even
now. Free software hate?
And grep and logrotate! At least the GnuWin32 project has a good version
of grep.
There
I don't understand why Windows doesn't include dig by default, even now.
Free software hate?
And grep and logrotate! At least the GnuWin32 project has a good version
of grep.
I think that if I had to use a Windows workstation my first installs would be
the ISC binary kit and
On 11/24/2011 11:21 AM, Jan-Piet Mens wrote:
Jeffry,
I have had a tendency to dig axfr from my Windows workstation
+1 to you for using `dig' on Windows; most don't even know it exists
and suffer the `nslookup' pain. ;-)
It comes with the Windows version of BIND9.
Danny
Spain, Dr. Jeffry A. spa...@countryday.net wrote:
From time to time I want to review the current state of the zone files.
I have been accustomed with v9.8 to taking a copy of a signed zone file
and stripping out the DNSSEC-related records in a text editor for easy
review.
I use `dig axfr
On Thu Nov 24 2011 at 13:52:32 CET, Tony Finch wrote:
I use `dig axfr dotat.at | grep -v RRSIG`
... | grep -v TYPE65534 | grep -v DNSKEY | grep -v NSEC3PARAM
hoping, of course, that no owner name is called 'RRSIG' et. al. ;-)
-JP
Jan-Piet Mens jpmens@gmail.com wrote:
On Thu Nov 24 2011 at 13:52:32 CET, Tony Finch wrote:
I use `dig axfr dotat.at | grep -v RRSIG`
... | grep -v TYPE65534 | grep -v DNSKEY | grep -v NSEC3PARAM
I think it is more useful to see those records than to spend effort
stripping them
On Thu, Nov 24, 2011 at 02:29:05PM +0100, Jan-Piet Mens wrote:
On Thu Nov 24 2011 at 13:52:32 CET, Tony Finch wrote:
I use `dig axfr dotat.at | grep -v RRSIG`
... | grep -v TYPE65534 | grep -v DNSKEY | grep -v NSEC3PARAM
hoping, of course, that no owner name is called 'RRSIG'
On Nov 24 2011, Shumon Huque wrote:
On Thu, Nov 24, 2011 at 02:29:05PM +0100, Jan-Piet Mens wrote:
On Thu Nov 24 2011 at 13:52:32 CET, Tony Finch wrote:
I use `dig axfr dotat.at | grep -v RRSIG`
... | grep -v TYPE65534 | grep -v DNSKEY | grep -v NSEC3PARAM
hoping, of course, that
dig axfr dotat.at | grep -v RRSIG. Tony.
dig axfr dotat.at | grep -v RRSIG | grep -v TYPE65534 | grep -v DNSKEY | grep
-v NSEC3PARAM. JP.
dig axfr zone | awk '$4 !~ ^NSEC$|^NSEC3$|^RRSIG$ {print}'. Shumon.
Thank you, gentlemen. These are very helpful. As we are primarily Windows
users, I
Jeffry,
I have had a tendency to dig axfr from my Windows workstation
+1 to you for using `dig' on Windows; most don't even know it exists
and suffer the `nslookup' pain. ;-)
-JP
___
Please visit
Chris Thompson c...@cam.ac.uk wrote:
If we are trying to turn Tony's ad hoc command into something publishable,
See the loadzone, axfrzone, and cleanzone functions in
http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/conf/bind/bin/nsdiff
Writing code to process arbitrary zones is a rather different
I have had a tendency to dig axfr from my Windows workstation
+1 to you for using `dig' on Windows; most don't even know it exists
and suffer the `nslookup' pain. ;-)
First thing I do on a new windows box is download the BIND package and throw
dig on the box ... well, right after I get
I don't understand why Windows doesn't include dig by default, even now.
Free software hate?
I wonder if it some kind of intellectual property issue. Microsoft has to be
able to sell Windows and therefore must consider any added costs related to
including a component that they do not own
I did something similar, using nsupdate to modify the unsigned zone
instead of a manual edit. [...] rndc reload is not necessary.
`rndc reload' never is necessary if you use DDNS to update master zones.
True, but in that situation 'inline-signing' isn't necessary either.
--
Evan Hunt
=countryday@lists.isc.org
[mailto:bind-users-bounces+spainj=countryday@lists.isc.org] On Behalf Of
Evan Hunt
Sent: Wednesday, November 23, 2011 12:01 PM
To: Jan-Piet Mens
Cc: bind-users@lists.isc.org
Subject: Re: Bind 9.9.0b2 inline signing...
I did something similar, using nsupdate to modify
Evan: I'd like to ask for clarification. My understanding is that
inline-signing yes: is necessary to cause bind to keep separate signed
and unsigned zone files, and that the source of the unsigned zone file
can be a disk file in the case of a master, or a zone transfer in the
case of a
On Wed Nov 23 2011 at 20:21:00 CET, Evan Hunt wrote:
Correct, but... let me start by explaining the situation in releases prior
to 9.9, without the inline-signing feature.
And would you now kindly do all of us and all future readers a favor and
copy/paste that text *verbatim* into the ARM?
Now, you can *also* turn on DDNS and use nsupdate on an inline-signing
zone... but, if you're going to be using DDNS anyway, then I'm unclear what
operational need is being served by separating the data. With or without
inline-singing, your master file will be overwritten, and you'll have
I have opened up a Bug ticket with ISC on this - #26676, but I just wanted to
make sure that I'm not doing anything wrong that may be causing the issue.
Has anyone been able to get inline-signing to work on a static master zone
using an authoritative server?
When we manually change the Master
22-Nov-2011 11:25:28.320 general: notice: all zones loaded
22-Nov-2011 11:25:28.320 general: notice: running
This looks to me as though you've cycled the server, which isn't
currently allowed. Evan pointed out recently here that it can actually
corrupt the zone...
My experience is that, after
Kevin McConville
University at Albany
-Original Message-
From: Jan-Piet Mens [mailto:jpm...@gmail.com] On Behalf Of Jan-Piet Mens
Sent: Tuesday, November 22, 2011 1:02 PM
To: McConville, Kevin
Cc: bind-users@lists.isc.org
Subject: Re: Bind 9.9.0b2 inline signing...
22-Nov-2011 11:25:28.320
@lists.isc.org
[mailto:bind-users-bounces+spainj=countryday@lists.isc.org] On Behalf Of
McConville, Kevin
Sent: Tuesday, November 22, 2011 11:58 AM
To: bind-users@lists.isc.org
Subject: Bind 9.9.0b2 inline signing...
I have opened up a Bug ticket with ISC on this - #26676, but I just
On Tue Nov 22 2011 at 20:34:46 CET, Spain, Dr. Jeffry A. wrote:
I did something similar, using nsupdate to modify the unsigned zone
instead of a manual edit. [...] rndc reload is not necessary.
`rndc reload' never is necessary if you use DDNS to update master zones.
-JP
26 matches
Mail list logo