Quoting from p...@mail.nsbeta.info's mail on Thu, Dec 30, 2010:
> What's the difference between these two flags in the response of
> dig?
>
> < ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
ra : recursion available
The nameserver is ready to ask other nameservers for the r
What's the difference between these two flags in the response of dig?
< ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
---
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
Thanks in advance.
Sunil Shetye writes:
Quoting from David Sparro's mail on T
In message <20101229090538.17173t2lbw1zw...@mail.junc.org>, Benny Pedersen writ
es:
> On man 27 dec 2010 15:09:15 CET, Mark Andrews wrote
> > You are falling foul of out of date filters. 2/8 was only allocated
> > 2009-09 so you will still find sites that are blocking packets from /
> > route for
On 12/29/10 14:06, Alan Clegg wrote:
On 12/29/2010 2:17 PM, Federico Barbieri wrote:
Not sure if this is the right place to ask but I've been trying to dig
around and found nothing...
reading the dns specification it would seems possible to send multiple
request in a single packet.
I'm not su
On 12/29/2010 2:17 PM, Federico Barbieri wrote:
> Not sure if this is the right place to ask but I've been trying to dig
> around and found nothing...
>
> reading the dns specification it would seems possible to send multiple
> request in a single packet.
I'm not sure what the actual reference is
In re-reading this, I do hope you realize that where I said 'the
microsoft dns servers', it means 'YOUR dns servers on YOUR microsoft
servers'.
If setup correctly, only queries for your mymsdomain.local will be sent
to YOUR microsoft servers for the answer.
Lyle
Riccardo Castellani wrote:
> From: Casey Deccio
>
> Before checking the signature, you need to import ISC's public key
> into your key ring. Something like this will work:
>
> curl https://www.isc.org/files/pgpkey2009.txt | gpg --import
>
> Then you can run gpg --verify.
>
> Casey
That is the final piece of information
On 12/29/2010 3:37 AM, Marc Lampo wrote:
> However, we now found the following case :
> 1) registrar offers us DNSKEY information with algorithm 7 :
> RSASHA1-NSEC3-SHA1
> 2) in the zone file, there are NSEC (and not NSEC3) records
This is not an error.
The only reason for there being "different
May I suggest the book DNS and Bind 5th edition.
Availible from Amazon:
http://www.amazon.com/DNS-BIND-5th-Cricket-Liu/dp/0596100574/ref=sr_1_1?ie=UTF8&qid=1293629633&sr=8-1
All of these things can be done. Do some reading!
Yes you setup forwarding only for the microsoft domain name.
And yes
Dnia 2010-12-29 13:55 T. Wunderlich napisał(a):
>Thanks a lot for all your suggestions. I haven't found a solution yet, but
found something
>which got my attention:
>
>Have a look at the TTL of the following CNAME entries.
>
>What happens when the lookup lasts longer than those 57 seconds? Mayb
Thanks a lot for all your suggestions. I haven't found a solution yet, but
found something
which got my attention:
Have a look at the TTL of the following CNAME entries.
What happens when the lookup lasts longer than those 57 seconds? Maybe named
will get
in trouble then?
AND what do the RFC
>Hopefully the microsoft domain is a name that is not availible on the
>internet, like mymsdomain.local. Then your microsoft server is known as
>domaincontroller.mymsdomain.local.
Of course !
>In that case you would setup a forwarder in BIND for mymsdomain.local that
>points to the microsoft d
What was the observed behaviour in your test system?
>From a sanity point of view and if you are checking the zone prior to
accepting the DNSKEY, then I see nothing wrong in rejecting it. There are
already other restrictions on domains in .EU that establish a precedent for
being more demanding on
Hi there,
On Wed, 29 Dec 2010 Alan Clegg wrote:
> In your named.conf, you should have "key-directory <...>;" defined. The
> keys should be there (and readable by the named process).
>
> If you don't have a "key-directory" statement, then named will look in
> the working directory from which the
Hello,
And my best whishes for the new year 2011 !
May we have lots of interesting questions, where we all can learn from ;-)
(hope my question is also in that category ...)
As .eu top level domain we try to avoid inserting DS records in our zone
where corresponding DNSKEY information is missing
On ons 29 dec 2010 08:57:04 CET, Riccardo Castellani wrote
3- Can you show me sample example of forwarding configure file for
specific domain, please ?
zone "rfc-ignorant.org" IN {
type forward;
forward first; // cache dns
forwarders {
On man 27 dec 2010 15:09:15 CET, Mark Andrews wrote
You are falling foul of out of date filters. 2/8 was only allocated
2009-09 so you will still find sites that are blocking packets from /
route for 2/8.
post to bind-users@lists.isc.org not to bind-us...@isc.org
well is there anything i can
Hopefully the microsoft domain is a name that is not availible on the
internet, like mymsdomain.local. Then your microsoft server is known as
domaincontroller.mymsdomain.local.
Of course !
In that case you would setup a forwarder in BIND for mymsdomain.local that
points to the microsoft dns s
18 matches
Mail list logo