Introduction
BIND 9.6-ESV-R5rc1 is the first release candidate of BIND 9.6-ESV-R5.
This document summarizes changes from BIND 9.6-ESV-R4 to BIND
9.6-ESV-R5rc1. Please see the CHANGES file in the source code release
for a complete list of all changes.
Download
The latest release
On Jul 7, 2011, at 6:32 PM, Feng He wrote:
2011/7/8 Kevin Darcy k...@chrysler.com:
I think it's worth emphasizing that in the first case, the contents of the
Authority Section were *mandatory* (see RFC 2308, Negative Caching), whereas
in the second case the authoritative nameserver was
Hi,
After getting up my split-DNS using views and TSIG (thanks to all who
responded) I run into a, let's say weird behavior:
Whenever I receive a zone-update for the external zone on the slave,
it (the slave) seems to send out a notify for the zone in question via
the internal view to itself -
What version of BIND are you using? I remember that behavior from the
9.3 series, but I'm pretty sure it was fixed in 9.4.
Regards,
Chris Buxton
BlueCat Networks
On 7/8/11, Ewald Jenisch a...@jenisch.at wrote:
Hi,
After getting up my split-DNS using views and TSIG (thanks to all who
I have a number of zones being served by rbldnsd, with bind as a front-end.
The zones are defined as forward only in named.conf.
When I enable dnssec validatation, these zones report that they are
insecure.
08-Jul-2011 08:55:58.700 dnssec: info: validating @0xb4260ad8:
ips.backscatterer.local
Hello,
I have primary DNS server for TLD domain mydomain.org which is also a
secondary DNS server for many other subdomains like
domainX.mydomain.org
this name server IP Address is 131.x.y.z domain is mydomain.org ang his
hostname is server2.mydomain.org
he si serving as secondary the
Daniel McDonald dan.mcdon...@austinenergy.com wrote:
08-Jul-2011 08:55:58.700 dnssec: info: validating @0xb4260ad8:
ips.backscatterer.local SOA: got insecure response; parent indicates it
should be secure
I¹m not really certain which parent is reporting this
The root zone says that .local
On 08/07/11 15:13, Daniel McDonald wrote:
I have a number of zones being served by rbldnsd, with bind as a
front-end. The zones are defined as forward only in named.conf.
When I enable dnssec validatation, these zones report that they are
insecure.
08-Jul-2011 08:55:58.700 dnssec: info:
It should be possible to set up an authoritative-only name server so
that it does not recurse for anyone [except perhaps itself], but still
allow someone to get a full resolution of a name whose canonical name is
elsewhere. IMHBUCO.
I started with this:
view all {
match-clients { any;
On 7/8/2011 3:04 AM, Chris Buxton wrote:
On Jul 7, 2011, at 6:32 PM, Feng He wrote:
2011/7/8 Kevin Darcyk...@chrysler.com:
I think it's worth emphasizing that in the first case, the contents of the
Authority Section were *mandatory* (see RFC 2308, Negative Caching), whereas
in the second case
On 7/8/11 10:41 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 08/07/11 15:13, Daniel McDonald wrote:
I have a number of zones being served by rbldnsd, with bind as a
front-end. The zones are defined as forward only in named.conf.
When I enable dnssec validatation, these zones report
On Jul 8, 2011, at 9:05 AM, Kevin Darcy wrote:
On 7/8/2011 3:04 AM, Chris Buxton wrote:
As for Kevin's assertion that the SOA record in the authority section is
required for a negative response, this is also incorrect. RFC 2308 is a
proposed standard, not a standard.
OK, I stand
On Jul 8, 2011, at 9:11 AM, Joseph S D Yao wrote:
I'd rather that recursion controls only control recursion.
And not forwarding - have separate forwarding controls, says I.
Forwarding is a response to a recursive query. For an iterative query, even if
you have recursion enabled, the server
fddi f...@gmx.it wrote:
how to avoid these useless notification ?
notify master-only
Tony.
--
f.anthony.n.finch d...@dotat.at http://dotat.at/
Viking: Easterly, becoming variable, 3 or 4. Slight or moderate. Rain or
thundery showers. Good, occasionally poor.
On Jul 8, 2011, at 8:10 AM, fddi wrote:
Hello,
I have primary DNS server for TLD domain mydomain.org which is also a
secondary DNS server for many other subdomains like
domainX.mydomain.org
this name server IP Address is 131.x.y.z domain is mydomain.org ang his
hostname is
Are there any tunable's to speed up the propagation of dynamic updates between
views without manually freezing and thawing the zone?
Thanks!
jlc
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
Joseph L. Casale wrote:
Are there any tunable's to speed up the propagation of dynamic updates
between views without manually freezing and thawing the zone?
Hm, are you using the same zonefile for both your versions of the zone,
trying to share it between multiple views? If you are - don't.
On Fri, Jul 08, 2011 at 07:04:32AM -0700, Chris Buxton wrote:
What version of BIND are you using? I remember that behavior from the
9.3 series, but I'm pretty sure it was fixed in 9.4.
Hi,
The two servers (master and slave) are running BIND 9.6.-ESV-R4-P1 under
FreeBSD.
Kind regards,
-ewald
On 07/08/11 16:06, Joseph L. Casale wrote:
Hm, are you using the same zonefile for both your versions of the zone,
trying to share it between multiple views? If you are - don't. Views are
an abomination, giving people plenty of rope to hang themself with AND
plenty of chances to shoot themselves
You can have views and separate zone files. You need to plan and it
helps to read the FAQs at ISC about this.
http://www.isc.org/faq/item/191
Didn't even think about it that way, ok.
http://www.isc.org/faq/item/182
How does one actually do away with views if that was an approach?
Docs
Hello list,
$ dig www.qq.com ns @ns1.qq.com
; DiG 9.4.2-P2.1 www.qq.com ns @ns1.qq.com
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 50734
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0
;; WARNING: recursion requested but not
On 07/08/11 19:45, Joseph L. Casale wrote:
You can have views and separate zone files. You need to plan and it
helps to read the FAQs at ISC about this.
http://www.isc.org/faq/item/191
Didn't even think about it that way, ok.
http://www.isc.org/faq/item/182
How does one actually do away
On 07/08/11 20:07, Feng He wrote:
Hello list,
$ dig www.qq.com ns @ns1.qq.com
; DiG 9.4.2-P2.1 www.qq.com ns @ns1.qq.com
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 50734
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0
;;
In message caa3u4en75jav7d0zsxtm-vojynzhw_lznbcqhuevvk1peou...@mail.gmail.com
, Feng He writes:
Hello list,
$ dig www.qq.com ns @ns1.qq.com
; DiG 9.4.2-P2.1 www.qq.com ns @ns1.qq.com
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 50734
In message 4e17bc15.1090...@lcrcomputer.net, Lyle Giese writes:
On 07/08/11 20:07, Feng He wrote:
Hello list,
$ dig www.qq.com ns @ns1.qq.com
; DiG 9.4.2-P2.1 www.qq.com ns @ns1.qq.com
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id:
2011/7/9 Lyle Giese l...@lcrcomputer.net:
qq.com zone is the parent to the subdomain www.qq.com, so it has to have
knowledge of the name servers for the www.qq.com subdomain. That is how a
recursive name server finds www.qq.com.
Do you mean the reference?
I don't think the first case is
26 matches
Mail list logo