On 29.02.12 17:53, Michael McNally wrote:
NXDOMAIN redirection is now possible. This enables a resolver
to respond to a client with locally-configured information
when a query would otherwise have gotten an answer of no
such domain. This allows a recursive nameserver to provide
If the root hints are updated on ftp://rs.internic.net/domain/, would
it require a new build of bind to incorporate them, or is bind able to
update its built-in root hints by some other means?
No, it requires a rebuild after changing lib/dns/rootns.c. But using a mildly
out-of-date hints
Spain, Dr. Jeffry A. spa...@countryday.net wrote:
Would you please elaborate on how you are managing your bogon-related
empty zones.
I have bogon declarations and empty zones for all the ranges listed in RFC
5735 except 224.0.0.0/4 which only has a bogon declaration. (The multicast
addresses
No, it requires a rebuild after changing lib/dns/rootns.c. But using a
mildly out-of-date hints file is usually harmless - it is only a *hint*.
Right. One of the first things BIND does after starting up is query one of
the root servers to get the current set of root servers.
Thanks. This
On 02/03/12 10:13, Matus UHLAR - fantomas wrote:
On 29.02.12 17:53, Michael McNally wrote:
NXDOMAIN redirection is now possible. This enables a resolver
to respond to a client with locally-configured information
when a query would otherwise have gotten an answer of no
such domain. This allows a
On Fri, Mar 02, 2012 at 11:13:06AM +0100, Matus UHLAR - fantomas wrote:
On 29.02.12 17:53, Michael McNally wrote:
NXDOMAIN redirection is now possible. This enables a resolver
to respond to a client with locally-configured information
when a query would otherwise have gotten an answer of
In article mailman.102.1330686511.63724.bind-us...@lists.isc.org,
Spain, Dr. Jeffry A. spa...@countryday.net wrote:
No, it requires a rebuild after changing lib/dns/rootns.c. But using a
mildly out-of-date hints file is usually harmless - it is only a *hint*.
Right. One of the first
On Fri, Mar 02, 2012 at 11:13:06AM +0100, Matus UHLAR - fantomas wrote:
NXDOMAIN redirection is now possible. This enables a resolver
to respond to a client with locally-configured information
when a query would otherwise have gotten an answer of no
such domain. This allows a recursive
Didn't the answer to the NS query include the addresses in the Additional
Section? It does when I perform the query manually. It gets cut off with
the default packet size, but if EDNS0 is used it will include them all.
The addresses are included in the additional section. Missed that
When BIND 9.9.0 was released, we started converting our DNSSEC-signed zones to
inline signing.
Everything went smoothly with all but one of our zones (pesky.zone, below).
With that zone, after named signed it and completed an AXFR-style IXFR to each
of four slaves, it proceeded to start
Just let it complete signing the zone. This is done incrementally.
sig-signing-nodes integer;
sig-signing-signatures integer;
These control the number nodes processed and signatures generated per
increment.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117,
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
Second, why do I get multiple DS records as response? --
You will always get a 2 DS Records in response. One for SHA-1 and
second for SHA-256.
I was
On 03/03/12 12:47, dE . wrote:
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
Second, why do I get multiple DS records as response? --
You will always get a 2 DS Records in response. One for SHA-1 and
13 matches
Mail list logo