Hi,
Maybe you are looking for dnsperf and resperf [1]. We have done some
tests similar to these in [2] and [3], so maybe it helps. Replaying
captures of traffic may also be recommended especially to consider, for example,
queries with no answers. At least for DNSSEC this matters.
[1]
Hi,
I just enable bind as caching name server and when watching logs i got
below erros.
error (network unreachable) resolving
'www.indiaresultsalert.com//IN': 2001:503:a83e::2:30#53
error (network unreachable) resolving 'ns-797.awsdns-35.net/A/IN':
2001:503:231d::2:30#53
error (network
On 10 May 2012, at 09:47, Ben wrote:
I just enable bind as caching name server and when watching logs i got below
erros.
You seem to be noticing 3 kinds of error.
Network unreachable messages refer only to IPv6 destinations.
Perhaps you have IPv6 enabled on the
On 10/05/12 09:47, Ben wrote:
Hi,
I just enable bind as caching name server and when watching logs i got
below erros.
It looks like you have broken IPv6 connectivity - your machine believes
it has an IPv6 address and possibly a default route, but it doesn't work.
Check your networking
Hi, Bind'ers,
i'm trying to have a TTL of a zone just by typing a command, but i can't
seen which command line i can used to have the solution.
Can someone have an idea? is it possible to found that?
PS: The zone file is not created by me. For example, i made a dig +dnssec
www.google.fr and i
William Thierry wrote on 05/10/2012 08:02:57 AM:
i'm trying to have a TTL of a zone just by typing a command, but i
can't seen which command line i can used to have the solution.
Can someone have an idea? is it possible to found that?
PS: The zone file is not created by me. For example,
When you do a dig, the TTL is the 2nd column:
;; ANSWER SECTION:
www.google.com. 604800 IN CNAME www.l.google.com.
www.l.google.com. 300 IN A 74.125.225.20
www.l.google.com. 300 IN A 74.125.225.19
www.l.google.com. 300 IN A
Barry Margolin bar...@alum.mit.edu wrote:
[Validation is] only untroublesome until someone screws things up on
their auth server. When one of your users can't access something.gov,
they'll complain to YOU, even though it's mostly out of your hands.
This is true for other problems on auth
In article mailman.748.1336659466.63724.bind-us...@lists.isc.org,
Tony Finch d...@dotat.at wrote:
Barry Margolin bar...@alum.mit.edu wrote:
[Validation is] only untroublesome until someone screws things up on
their auth server. When one of your users can't access something.gov,
they'll
On 05/10/2012 04:33 PM, Barry Margolin wrote:
In articlemailman.748.1336659466.63724.bind-us...@lists.isc.org,
Tony Finchd...@dotat.at wrote:
Barry Margolinbar...@alum.mit.edu wrote:
[Validation is] only untroublesome until someone screws things up on
their auth server. When one of your
On May 10, 2012, at 11:20 AM, Daniel Ryšlink wrote:
On 05/10/2012 04:33 PM, Barry Margolin wrote:
In articlemailman.748.1336659466.63724.bind-us...@lists.isc.org,
Tony Finchd...@dotat.at wrote:
Barry Margolinbar...@alum.mit.edu wrote:
[Validation is] only untroublesome until someone
On 10/05/2012 17:20, Daniel Ryšlink wrote:
What's the point of DNSSec when resolver administrators configure
exceptions on regular basis? If you can't be sure when your resolver
does or does not validate, why having signed zones in the first place?
It's just seems to be another shared
Warren wrote on 05/10/2012 11:50:30 AM:
Nope -- Comcast does a large amount of checking before turning off
validation for a failing domain.
This is (IMO) more secure than the alternative, which is to simply
leave it failing, and have users move to a non-validatiing resolver
instead?
Does
All,
key 22924 of framail.de has a delete date of 2012-05-07T14:55:02 set.
It has been deleted from the repository at 2012-05-07T14:55:02.569706,
but is still included by named 9.9.0 in the zone framail.de
(as of 2012-05-10T19:51:32).
Is this a bug, triggered by my timing?
Should I wait one more
On May 10, 2012, at 12:52 PM, wbr...@e1b.org wrote:
Warren wrote on 05/10/2012 11:50:30 AM:
Nope -- Comcast does a large amount of checking before turning off
validation for a failing domain.
This is (IMO) more secure than the alternative, which is to simply
leave it failing, and have
Hello all.
What random device used for ?
ARM says Entropy is primarily needed for DNSSEC operations,
such as ... dynamic update of signed zones. I don't get why signing a zone
requires any randomness.
This bothers me as I'm implementing DNSSEC now, and I know that my systems
are low at entropy,
On May 10, 2012, at 3:41 PM, Alexander Gurvitz wrote:
Hello all.
What random device used for ?
ARM says Entropy is primarily needed for DNSSEC operations,
such as ... dynamic update of signed zones. I don't get why signing a zone
requires any randomness.
This bothers me as I'm
Hi there,
On Thu, 10 May 2012, Alexander Gurvitz wrote:
What random device used for ?
Cryptographic operations, loading libraries in random locations to
avoid insidious attacks, that kind of thing.
This bothers me as I'm implementing DNSSEC now, and I know that my systems
are low at
Some signature methods require this, some do not. RSA should not (in general)
but RSA encryption in practice may. Signing is different, in that you know
both halves (encrypted and cleartext) so it should not require padding.
I think DSA does require randomness in signing.
--Michael
On May
On Thu, May 10, 2012 at 11:04 PM, Axel Rau axel@chaos1.de wrote:
Did you delete it manually (at 2012-05-07T14:55:02.569706) ?
Yes; i.e. my script.
If so, maybe it's still in the zone because BIND doesn't know the timing
metadata anymore ?
I thought that would be in the journal or
key 22924 of framail.de has a delete date of 2012-05-07T14:55:02 set.
It has been deleted from the repository at 2012-05-07T14:55:02.569706,
but is still included by named 9.9.0 in the zone framail.de
(as of 2012-05-10T19:51:32).
To clarify: I'm using inline-signing.
The repository is
In message CABUciR=m+b45ddzyv2j8z9+ltvuy4rwh+kp3e8njyahdpy-...@mail.gmail.com
, Alexander Gurvitz writes:
Hello all.
What random device used for ?
ARM says Entropy is primarily needed for DNSSEC=A0operations,
such as ... dynamic update of signed zones. I don't get why signing a zone
In message CABUciRkMv4HRwvwvqe=z+=xkw9ccjhntzpmy6sfa4l+tzej...@mail.gmail.com
, Alexander Gurvitz writes:
On Thu, May 10, 2012 at 11:04 PM, Axel Rau axel@chaos1.de wrote:
Did you delete it manually (at 2012-05-07T14:55:02.569706) ?
Yes; i.e. my script.
If so, maybe it's still in the
In message 532c3631-d503-4dc0-88c9-600a90564...@kumari.net, Warren Kumari wri
tes:
On May 10, 2012, at 12:52 PM, wbr...@e1b.org wrote:
Warren wrote on 05/10/2012 11:50:30 AM:
=
Nope -- Comcast does a large amount of checking before turning off =
validation for a failing domain. =
Hello,
Multiple zones with a single key - is possible with BIND ?
Regards,
Alexander Gurvitz,
net-me.net
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
Multiple zones with a single key - is possible with BIND ?
There was a recent discussion on this topic. See thread beginning at
https://lists.isc.org/pipermail/bind-users/2012-April/087481.html. Jeff.
Jeffry A. Spain
Network Administrator
Cincinnati Country Day School
26 matches
Mail list logo