Re: does authority named require the external name servers?

2011/5/2 Torinthiel torinth...@data.pl: Authority named never sends queries on it's own, only responds to submitted queries. On 02.05.11 20:17, Jeff Pang wrote: Doesn't it execute iterative query from the root server? root servers do not send queries. For example, given the nameserver is

Re: does authority named require the external name servers?

2011/5/6 Matus UHLAR - fantomas uh...@fantomas.sk: BIND will search for def.com only for recursive queries, not for iterative, and only when the client has recursion allowed on it. you are totally mis-unstanding me. -- Jeff Pang www.DNSbed.com

RE: forward first: iterative or recursive query

Thanks for the answer but: * In the example i post yesterday: on my server1 the recursion is enabled (recursion yes), but the server1 can't recurse because i stop it on firewall and it can't contact the outside. * You say Don't use forwarding from a recursive server to a non-recursive server

[DNSSEC] Resolver behavior with broken DS records

In an (involuntary) experiment under .FR, I discovered that the rule at least one DS must match for a child zone to be authenticated is wrong if a broken DS is present. In our case, the field Algorithm in the DS did not match the one in the DNSKEY. While there was another correct DS for the child

Re: how to check if a slave zone is expired

I try to catch zones that are not updating on the slaves to which I have access. I compare the modtime of the zone file with the current time and the refresh interval for the zone. Typically I allow a failure or two before alerting, e.g. wait 1 refresh + 2 retry intervals. If the expire

Re: forward first: iterative or recursive query

On 5/6/2011 6:40 AM, iharrathi@orange-ftgroup.com wrote: Thanks for the answer but: You say Don't use forwarding from a recursive server to a non-recursive server but when my server1 is recursive (and the firewall allow it to contact the outside), and server2 don't

Re: DNSSEC submit of DLV vs DNSKEY records?

On May 6 2011, Mark Andrews wrote: Once the parent zone is signed and is accepting DS/DNSKEY records for child zones there shouldn't be any need to add records to DLV. Well, for some value of should ... It might be that the parent, although signed and accepting DS records, does not yet have

Re: forward first: iterative or recursive query

On 5/6/2011 6:40 AM, iharrathi@orange-ftgroup.com wrote: Thanks for the answer but: * In the example i post yesterday: on my server1 the recursion is enabled (recursion yes), but the server1 can't recurse because i stop it on firewall and it can't contact the outside.