New BIND Releases 9.9.9-P1 and 9.10.4-P1 (was: "Re: BIND 9.10.4 may have a fatal crash defect.")

2016-05-25 Thread Michael McNally
On 5/17/16 11:08 PM, Michael McNally wrote: > Though this flaw can occur with any compiler, it's substantially more > likely to lead to a crash when BIND is compiled on the x86_64 platform > using the 'clang' compiler and a difference in the node structure between > BIND 9.9 and 9.10 makes the

Re: Reverse Zone CIDR

2016-05-25 Thread /dev/rob0
On Wed, May 25, 2016 at 12:06:40PM +0100, Tony Finch wrote: > Jonathan Del Campo wrote: > > > > So if I have to create two /24 reverse zones for my case, I will, > > but I was hopping a smarter solution. > > Oh, I had a brainfart, I read /23 as /25 :-) I figured that was

Re: native-pkcs11 and smartcard-hsm

2016-05-25 Thread FUSTE Emmanuel
Le 25/05/2016 14:29, FUSTE Emmanuel a écrit : > Le 24/05/2016 16:36, FUSTE Emmanuel a écrit : >> Le 23/05/2016 16:40, FUSTE Emmanuel a écrit : >>> Hello, >>> >>> I'm trying to use a smartcard-hsm usb stick (v1.2) with BIND 9.10.3-P4. >>> This stick is working with powerdns and support all crypto

Re: native-pkcs11 and smartcard-hsm

2016-05-25 Thread FUSTE Emmanuel
Le 24/05/2016 16:36, FUSTE Emmanuel a écrit : > Le 23/05/2016 16:40, FUSTE Emmanuel a écrit : >> Hello, >> >> I'm trying to use a smartcard-hsm usb stick (v1.2) with BIND 9.10.3-P4. >> This stick is working with powerdns and support all crypto operations >> required for basic DNSSEC support. >> >>

Re: Reverse Zone CIDR

2016-05-25 Thread Tony Finch
Jonathan Del Campo wrote: > > So if I have to create two /24 reverse zones for my case, I will, but I was > hopping a smarter solution. Oh, I had a brainfart, I read /23 as /25 :-) Yes, two /24s is the best solution. For smarter solutions, see the rfc2317bis I-D, though

Re: Reverse Zone CIDR

2016-05-25 Thread Jonathan Del Campo
Thanks Anand, I don't have any errors logs to answer Tony, but just the "dig +short -x 192.168.223.42" doesn't return anything. So if I have to create two /24 reverse zones for my case, I will, but I was hopping a smarter solution. Should I have to create two reverses zones definition in my

Re: Reverse Zone CIDR

2016-05-25 Thread Anand Buddhdev
Hi Jonathan, If it's a /23, may I suggest creating two reverse zones, for each of the /24s in that prefix? It's much simpler. RFC 2317-style delegation, while possible for a /23, was designed for IPv4 prefixes smaller than a /24. Regards, Anand Buddhdev RIPE NCC On 25/05/16 11:37, Jonathan

Re: Reverse Zone CIDR

2016-05-25 Thread Tony Finch
Jonathan Del Campo wrote: > > We are trying to create a zone for a /23 subnet (192.168.222.0/23), but we > can't get the reverse zone working. What error messages do you get in your logs? Any other symptoms of "not working"? > I don't know if the naming convention is

Reverse Zone CIDR

2016-05-25 Thread Jonathan Del Campo
Hello, We are trying to create a zone for a /23 subnet (192.168.222.0/23), but we can't get the reverse zone working. There is our config : */etc/named/domain.int.zonefile :* zone "0/23.222.168.192.in-addr.arpa" IN { type master; file "dynamic/0-23.222.168.192.in-addr.arpa"; };

Re: resolution problem

2016-05-25 Thread Matus UHLAR - fantomas
In article , Matus UHLAR - fantomas wrote: often a problem of invalid NS delegation, or bad TTL (A record for a server expires before NS record). On 19.05.16 15:31, Sam Wilson wrote: Glue A records for the nameservers