Sporadic but noticable SERVFAILs in specific nodes of an anycast resolving farm running BIND

Greetings to all, we operate an anycast caching resolving farm for our customer base, based on CentOS (6.4 or 6.5), BIND (9.9.2, 9.9.5 or the stock CentOS package BIND 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1) and quagga (the stock CentOS package). The problem is that we have noticed sporadic but

Re: Sporadic but noticable SERVFAILs in specific nodes of an anycast resolving farm running BIND

Does it only happen for IPv6 DNS requests? Maybe it is related to this: https://open.nlnetlabs.nl/pipermail/nsd-users/2014-January/001783.html klaus On 05.03.2014 14:16, Kostas Zorbadelos wrote: Greetings to all, we operate an anycast caching resolving farm for our customer base, based on

Re: Sporadic but noticable SERVFAILs in specific nodes of an anycast resolving farm running BIND

On 05/03/14 15:15, Klaus Darilion wrote: Does it only happen for IPv6 DNS requests? Maybe it is related to this: https://open.nlnetlabs.nl/pipermail/nsd-users/2014-January/001783.html Or, less likely, this: http://marc.info/?l=linux-netdevm=139352943109400w=2 -- Marco

RE: Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in dnssec-keygen

HI Tony, Thanks for help. I was wondering if HMAC* keys are not used for zone then why the same is displayed when we use dnssec-keygen -h. Regards, Gaurav Kansal -Original Message- From: Tony Finch [mailto:fa...@hermes.cam.ac.uk] On Behalf Of Tony Finch Sent: Monday, March 3,

Regarding zone trf from master to slave

Dear Team, We are running slave services for our customers. We want to have log of what entries has been changed in the master (which is causing this zone transfer) at the time of zone transfer. I want to know whether it is possible to have some sort of log generation (either by using

Re: Regarding zone trf from master to slave

Gaurav Kansal gaurav.kan...@nic.in wrote: We are running slave services for our customers. We want to have log of what entries has been changed in the master (which is causing this zone transfer) at the time of zone transfer. I want to know whether it is possible to have some sort of log

Re: Regarding zone trf from master to slave

Hi, We want to have log of what entries has been changed in the master (which is causing this zone transfer) at the time of zone transfer. Two options come to mind: 1) Log the output of 'dig -t ixfr=2014030501 example.org' occasionally, updating the serial to query for changes since the last

Re: Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in dnssec-keygen

On 3/6/14, 12:40 AM, Gaurav Kansal wrote: I was wondering if HMAC* keys are not used for zone then why the same is displayed when we use dnssec-keygen -h Because dnssec-keygen is used to generate more than just DNSSEC zone keys. AlanC signature.asc Description: OpenPGP digital signature

Re: Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in dnssec-keygen

Gaurav Kansal gaurav.kan...@nic.in writes: I was wondering if HMAC* keys are not used for zone then why the same is displayed when we use dnssec-keygen -h. the tool dnssec-keygen can be used to create both zone keys (with -n ZONE) for DNSSEC zone signing, and host keys (with -n HOST) for TSIG