Re: Optimising rndc reload times on a slave server with 50,000 zones

5 files in a single directory will make difficult for any filesystem. I would recommend breaking that out into groups of less than 1 per directory. For better performance, separate them onto directories that are on different spindles; the parallelization of seek (and with thousands of

Re: Optimising rndc reload times on a slave server with 50,000 zones

On 2/27/2011 1:15 AM, Dennis Perisa wrote: Thanks Doug. Yes, helps a lot. And yes, this is to handle adding new zones. Look into BIND 9.7.2 or newer and the rndc addzone capabilities. Solves the problem without needing to reload/restart/reconifg at all. AlanC signature.asc Description:

Re: inconsistency dnssec debuguers response and writing conseil for new areas zone

Den 28. feb. 2011 kl. 17.46 skrev fakessh @: for example the test shows me some time http://dnssec-debugger.verisignlabs.com/nicolaspichot.fr the results are not consistent with my expectations Well, I see a few different errors for that domain: I don't see any DS records for your domain

Re: tools for searching/removing stale keys

On Thu, 24 Feb 2011, Antonio Querubin wrote: Has anyone come up with scripts/tools for removing stale zone-signing keys but leaving key-signing keys which are in the same directory alone? Take a look at http://seatpost.its.uiowa.edu/bind_stuff/ It's a collection of scripts for dealing with

Re: dnssec validation, managed keys, and chaos view

On 2011.02.28 00.20, Evan Hunt wrote: if i comment out dnssec-lookaside, or the chaos view, things seem to work ok. i'm wondering what i can do to further diagnose what is happening. below is my configuration, with the (presumably) uninteresting bits removed. i'm using 9.7.1, courtesy of

Re: dnssec validation, managed keys, and chaos view

even with dnssec-lookaside auto; only in the non-chaos view stanzas, it seems to still want to do something relating to the chaos view: Ah well, thanks for checking. Turns out managed keys cross-link between the views incorrectly. There's a fix in review, I'll send you a patch later today.

RE: Threaded bind on CentOS

Recap: running named with -n 1 will spin up one worker thread and approx 4 other threads. Is there an official discussion or explanation of what these other threads do? -- Thanks ___ bind-users mailing list bind-users@lists.isc.org

Re: inconsistency dnssec debuguers response and writing conseil for new areas zone

Le lundi 28 février 2011 à 20:14 +0100, Laurent Bauer a écrit : Eivind Olsen wrote: Well, I see a few different errors for that domain: I don't see any DS records for your domain when I query the fr. nameservers. I don't know how it's handled in that TLD but I guess you somehow

why dig +short for NS doesn't get the result

server1:/var/cache/bind# dig ox.test.nsbeta.info ns @localhost +short # got nothing here server1:/var/cache/bind# dig ox.test.nsbeta.info ns @localhost ; DiG 9.6-ESV-R3 ox.test.nsbeta.info ns @localhost ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id:

Re: why dig +short for NS doesn't get the result

On 03/01/11 04:55, terry wrote: server1:/var/cache/bind# dig ox.test.nsbeta.info ns @localhost +short # got nothing here server1:/var/cache/bind# dig ox.test.nsbeta.info ns @localhost ; DiG 9.6-ESV-R3 ox.test.nsbeta.info ns @localhost ;; global options: +cmd ;; Got answer: ;;