bind9 and IPV6
For all users... Can anybody give me informations on the IPV6 compatibility of BIND9 compared to BIND8? It is not clear what is present in BIND9 and not in BIN8 regarding IPV6. I have created an IPV6 record in BIND8 and it works... Thanks in advance for any clear references or for any clear explnations. Hugo, ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind9 and IPV6
On 1/13/2011 9:19 AM, hugo hugoo wrote: For all users... Can anybody give me informations on the IPV6 compatibility of BIND9 compared to BIND8? It is not clear what is present in BIND9 and not in BIN8 regarding IPV6. I have created an IPV6 record in BIND8 and it works... Thanks in advance for any clear references or for any clear explnations. No one should be using BIND 8. It has nothing to do with the ability of BIND 8 vs BIND 9. It has everything to do with using software that has been maintained over the last 10 years. AlanC signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone and file name
Hi, http://www.google.com/search?q=rndc+addzone 1st link : rndc addzone example.aa in myview '{type master; file master/example.aa;};' Not tested. 2011/1/13 Peter Andreev andreev.pe...@gmail.com: Hello, All! I have several includes which are edited via hand-written script and now I'm trying to simplify it by using add/delzone options of rndc. So, the question is: how can I specify files where rndc addzone puts new zones' descriptions? Thanks in advance. -- -- AP ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Yohann L. http://www.2xyo.info ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone and file name
On 1/13/2011 9:43 AM, Peter Andreev wrote: I have several includes which are edited via hand-written script and now I'm trying to simplify it by using add/delzone options of rndc. Yay! So, the question is: how can I specify files where rndc addzone puts new zones' descriptions? You provide the entire block that will be inserted into the named.conf, so you put it where ever you want.. I must say that I'm not exactly sure what you mean by description. If you want to see a real life example, take a look at the slides that I presented at NANOG -- on the 3rd to last slide, there is an example of 'rndc addzone' that adds, keys and DNSSEC signs the zone. ftp://ftp.isc.org/isc/pubs/pres/NANOG/50/DNSSEC-NANOG50.pdf AlanC signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc addzone and file name
On 1/13/2011 11:08 AM, Peter Andreev wrote: I've executed rndc addzone test.test '{ type master; file /etc/namedb/master/test.1; };' and have got the file /etc/namedb/3bf305731dd26307.nzf: zone test.test { type master; file /etc/namedb/master/test.1; }; The question was: can I force rndc addzone to use specific file (for example /etc/namedb/includes/file2) instead of 3bf305731dd26307.nzf? No. The file is a hash of the view in which the data resides. it's automated, just leave it alone and it won't hurt anyone :) AlanC signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Tracing Response Packets at the Querying Server
I am running bind-9.7.2-P3, and I am having a problem with BIND or the network or the Ubuntu operating system. I send a DNS query from one of my DNS servers to another of my DNS servers. I see in a tshark trace that the reply packet is received back at the querying server, but dig produces a timeout message. Can I set some trace level to see if the reply packet is being seen by BIND? And I am not sure into which logging category the trace records would be written. Thanks. -- -- Barry S. Finkel Computing and Information Systems Division Argonne National Laboratory Phone:+1 (630) 252-7277 9700 South Cass Avenue Facsimile:+1 (630) 252-4601 Building 240, Room 5.B.8 Internet: bsfin...@anl.gov Argonne, IL 60439-4828 IBMMAIL: I1004994 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Tracing Response Packets at the Querying Server
On Jan 13, 2011, at 12:08 PM, Barry Finkel wrote: I am running bind-9.7.2-P3, and I am having a problem with BIND or the network or the Ubuntu operating system. I send a DNS query from one of my DNS servers to another of my DNS servers. I see in a tshark trace that the reply packet is received back at the querying server, but dig produces a timeout message. If you use dig to query the remote server directly (dig @other_server foo) do you see the same issue? One obvious thing to check would be if you have something like iptables blocking the reply (tshark / tcpdump will still see the packet). Can I set some trace level to see if the reply packet is being seen by BIND? And I am not sure into which logging category the trace records would be written. Thanks. -- I believe this will do sometihng helpful: channel debug_log { // Attach this channel for debugging messages.. file /var/named/data/debug.log size 1m versions 5; severity debug; print-category yes; print-severity yes; print-time yes; }; category queries { debug_log; audit_log; }; W -- Barry S. Finkel Computing and Information Systems Division Argonne National Laboratory Phone:+1 (630) 252-7277 9700 South Cass Avenue Facsimile:+1 (630) 252-4601 Building 240, Room 5.B.8 Internet: bsfin...@anl.gov Argonne, IL 60439-4828 IBMMAIL: I1004994 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how to proper include DS record on key dnssec
hello bind network and hello dnssec network admin. thank you for answered, I think I found a solution to my problem. $INCLUDE directive is that I have to handle example: $INCLUDE /var/named/keys/dsset-fakessh.eu. fakessh.eu $INCLUDE /var/named/keys/keyset-fakessh.eu. fakessh.eu and perform a complete resignatures area zone this should enable me to have the flag DS and DS sign, DLV and DLV sign in my area zone its right thanks for your return many return are welcome Le jeudi 13 janvier 2011 à 12:36 -0500, Paul Wouters a écrit : On Thu, 13 Jan 2011, fakessh @ wrote: I correctly configure my server centos dnssec on with as a representative of encryptions dlv isc. my question is relevant and was already asked but I have not found the complete answer on google. my question is how to include the DS record in the Keys. my keys are in a separate folder. the DS record is already generated in The DS record goes into the parent zone, not the zone itself. I also wonder the utility of this good record given that my signatures are marked as good on dlv Use any public DNS server with dlv configured. eg nssec.xelerance.net: dig +dnssec -t ds yourzone @nssec.xelerance.net what file in the include directive must be accomplished and realize how well inclusion of the DS record (what should be the proper syntax on how to declare dlv isc) how to re-sign after the keys You give your DS via http://dlv.isc.org/ Paul -- gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x092164A7 signature.asc Description: Ceci est une partie de message numériquement signée ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users