2009/11/26 万善义 :
> 500,000 domains, with the Ext3 file system, DNS service starts very slow and
> therefore require several hours before they can work properly. For the bind
> file system choices, there are any suggestions advice?
Are you sure it's filesystem issue? ext3 has a feature, dir_index
500,000 domains, with the Ext3 file system, DNS service starts very slow and
therefore require several hours before they can work properly. For the bind
file system choices, there are any suggestions advice?
--
万善义
2009-11-26
__
In message <200911252202.napm2asg000...@drugs.dv.isc.org>, Mark Andrews writes:
>
> Or one could use DLV to provide the trust linkage.
>
> dnssec-tools.org.dlv.isc.org. 3499 IN DLV 54556 5 1
> 11A4026F4E09B1C106AAF3AC81A37AA537B8A3E6
> dnssec-tools.org.dlv.isc.org. 3499 IN DLV 54556
Or one could use DLV to provide the trust linkage.
dnssec-tools.org.dlv.isc.org. 3499 IN DLV 54556 5 1
11A4026F4E09B1C106AAF3AC81A37AA537B8A3E6
dnssec-tools.org.dlv.isc.org. 3499 IN DLV 54556 5 2
6B026928292D452A5CC37B3EF327F27F50A29936CB31E664EB066D71 A476E282
--
Mark Andrews, IS
Hanno Böck wrote:
Am Mittwoch 25 November 2009 schrieb Alan Clegg:
There is no DS record for dnssec-tools.org in .org (chain of trust is
broken), so you can't validate the response -- thus the data being
passed back to you.
Ok, that explains it.
Are there any example domains with known-broken
Am Mittwoch 25 November 2009 schrieb Alan Clegg:
> There is no DS record for dnssec-tools.org in .org (chain of trust is
> broken), so you can't validate the response -- thus the data being
> passed back to you.
Ok, that explains it.
Are there any example domains with known-broken dnssec records
Hanno Böck wrote:
dig baddata-A.test.dnssec-tools.org @localhost
There is no DS record for dnssec-tools.org in .org (chain of trust is
broken), so you can't validate the response -- thus the data being
passed back to you.
AlanC
___
bind-users mai
Hi,
Maybe I'm getting something wrong here, but as far as I understand, when I
enable dnssec and dnssec-validation and have a zone with a trusted-key, bind
should not answer to requests for bad dnssec signatures.
This is my config:
trusted-keys {
org. 257 3 7
"AwEAAYpYfj3aaRzzkxWQqMdl7YExY81N
On 11/25/09 05:44, Divakar Pratap Singh P wrote:
Hi,
I am using S olaris (5.10 Sparc as well as i386 ) server to run an
application (written in C language) which uses B ind library client
implementation (available on Solaris box by default, version 4.9.4) .
On processing consecutive lookup
9 matches
Mail list logo