Re: Master/slave configuration

2012-03-08 Thread Niall O'Reilly
On 8 Mar 2012, at 02:58, Lyle Giese wrote (on bind-users): On linux boxes, adding options rotate to the /etc/resolv.conf helps. [cross-posted, reply-to header set] Is there a DHCP option which expresses that, and which typical fielded DHCP clients will respect?

RE: fermat primes and dnssec-keygen bug?

2012-03-08 Thread G.W. Haywood
Hi there, On Thu, 8 Mar 2012, Spain, Dr. Jeffry A. wrote: Other posts have alluded to the Debian openssl flaw reported in May 2008 (http://www.debian.org/security/2008/dsa-1571). This led to predictable random primes being used to generate RSA moduli ... Just in case anyone thinks that this

Re: Exercising RFC 5011 rollovers

2012-03-08 Thread Chris Thompson
Continuing a thread from November January (these experiments do take a long time, absent a fake clock)... One experiment I have been doing is to see whether a rollover done as described in https://www.iana.org/dnssec/icann-dps.txt (which is only approximately RFC 5011-like) would cause BIND's

Re: Master/slave configuration

2012-03-08 Thread Romgo
Hello, thanks for the answer. That was my first change : /etc/resolv.conf like : domain example.fr search example.fr example2.fr nameserver 192.168.0.1 nameserver 192.168.0.2 options rotate options timeout:1 options attempts:1 This works fine. But the issue is now mainly coming from the client

Re: Master/slave configuration

2012-03-08 Thread michoski
On 3/8/12 8:15 AM, Romgo ro...@free.fr wrote: I can use a VIP for DNS server, but I though that master/slave configuration was made in order to avoid to use a VIP. Master/slave was to avoid SPOF -- if the master dies, who cares with a reasonable expire time. :-) So go ahead, setup a

Re: Master/slave configuration

2012-03-08 Thread michoski
On 3/8/12 10:20 AM, Mike Hoskins micho...@cisco.com wrote: On 3/8/12 8:15 AM, Romgo ro...@free.fr wrote: I can use a VIP for DNS server, but I though that master/slave configuration was made in order to avoid to use a VIP. Master/slave was to avoid SPOF -- if the master dies, who cares with

Re: DNSSEC and slaves error

2012-03-08 Thread Nick Edwards
Thanks, that did the trick! On 3/8/12, Mark Andrews ma...@isc.org wrote: In message CAMD-=VKxKssRXfD4XSgPua-v6=ooazylgc3yb3cy51ihopw...@mail.gmail.com , Nick Edwards writes: On 3/8/12, Nick Edwards nick.z.edwa...@gmail.com wrote: On 3/7/12, Mark Andrews wrote: resigned it again as

Re: Master/slave configuration

2012-03-08 Thread Barry Margolin
In article mailman.210.1331230835.63724.bind-us...@lists.isc.org, michoski micho...@cisco.com wrote: On 3/8/12 8:15 AM, Romgo ro...@free.fr wrote: I can use a VIP for DNS server, but I though that master/slave configuration was made in order to avoid to use a VIP. Master/slave was to

BIND 9.9.0 assertion failure

2012-03-08 Thread 김세훈
In BIND 9.9.0(CentOS 4.6) Mar 9 06:58:51 X named[17533]: general: critical: client.c:318: INSIST(client-gt;newstate lt;= 3) failed, back trace Mar 9 06:58:51 X named[17533]: general: