Hello Erich,
more below.
On 11/12/19 2:22 PM, Erich Eckner wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, 12 Nov 2019, Tony Finch wrote:
Erich Eckner wrote:
I have also a hard time, generating some useful debug output
- setting `-d 9` does not give additional information
Hello Jóhann,
I am packager of BIND in RHEL and Fedora. I would like everyone would
use our BIND packages. But we have some modifications, as was already
mentioned. Some of them are important for FreeIPA to work, some provide
bind-sdb build to use SDB features. Also some other changes that
Hi John,
I came to similar example and wanted possible names also under developer
namespace. Something like dev1.user.example.org, you could add to zone
user.example.org:
dev1.user.example.org. IN NS dev1.example.org.
Then configure dev1 like Ondřej suggested, set dev1.example.org IP from
Thank you Paul,
this document is far better than I hoped for. I have to improve my
googling skills it seems. This is brilliant.
On 9/30/19 5:35 PM, Paul Ebersman wrote:
> pemensik> I am aware search is a no-no in DNS community. However, is
> pemensik> there any public documentation to this
s, this was a considered decision.
>
> Searching with partially qualified names with non-default ndots is also
> unsafe, but slightly less so. You reach internal information / services
> accidentally instead of leaking it to a external party.
>
> Mark
>
>> On 26 Sep 2019, at 9:20
Hello,
I got bug report [1] about different behavior of nslookup in 9.11
version compared to old 9.9 version. At first I thought this issue
should be closed right away. But when I digged into changes in BIND, I
could not find any reason for given change. It seems to me the effect
was not desired.
On 4/8/19 1:05 PM, Matus UHLAR - fantomas wrote:
>> Karl Lovink via bind-users wrote:
>>> I am trying to set up a private gTLD with BIND9 and underneath that gTLD
>>> a subdomain.
>
> On 08.04.19 12:00, Tony Finch wrote:
>> Why a TLD?
>>
>> You will have fewer problems if you get a properly
is new enough and not used in similar cases.
On 4/1/19 12:17 PM, Klaus Malorny wrote:
> On 01.04.19 11:18, Petr Mensik wrote:
>> Hi Klaus,
>>
>> [...]
>>
>
>
> Thanks for the response. I have seen the LDAP implementation, but
> haven't looked deeper into
Hi Klaus,
I would recommend taking a look at bind-dyndb-ldap documentation [1], as
I think it still is the only one plugin in active use. Unfortunately not
under active development, but should be able to answer many of your
questions. Some questions could be asked in FreeIPA mailing list, but it
Hi Tony and Milan,
softhsm2 contains useful tool that converts bind private key file into
PKCS#8 format: softhsm2-keyconv.
Or modify dnssec-keyfromlabel to be able read files from different file
formats as well?
Maybe, just maybe it would be easier to modify that tool to be able
producing also
Hi Cody,
please check contents of managed-keys.bind or viewname.mkeys files in
bind working directory. It can be redirected somewhere else by
managed-keys-directory option.
These files contains state of managed keys of BIND. Its contents can be
analysed by manually or by perl script in
Hi Mark,
Dne 7.9.2018 v 10:49 Mark Elkins napsal(a):
> It would probably have been more helpful (speeded up finding the
> problem) if the error message "file 'named.secroots': permission denied"
> also gave the directory name that it was trying to write to? Just a thought.
> Sometimes we don't
Hi,
also a few notes to it.
Dne 7.9.2018 v 04:05 Brent Swingle napsal(a):
> This matter has been resolved with input from Evan. I was able to add a file
> path for secroots to the named.conf file and push the output file to a temp
> directory that was not permission restricted.
>
>
ies
Am 11.08.2017 um 15:57 schrieb Petr Mensik:
> Hi Todd.
>
> I think much better than Ask Fedora would be filling a bug in
> bugzilla.redhat.com. I would see it straight away.
> I am Fedora bind maintainer. If there is bug preventing correct start of
> named-chroot, I woul
Hi Todd,
that means you are trying to save session.key into directory where SELinux is
forbidding write access to named.
Session.key is file created once per start and removed before shutdown. I think
you have something wrong with link /var/run/named -> /run/named link.
Default built-in value
Hi Todd.
I think much better than Ask Fedora would be filling a bug in
bugzilla.redhat.com. I would see it straight away.
I am Fedora bind maintainer. If there is bug preventing correct start of
named-chroot, I would like to fix it.
You would see SElinux errors in command "ausearch -i -ts
Hi,
I think you should use file "dynamic/db..signed"; instead. On Red
Hat /var/named is by default read only to named. It is enforced both by unix
permissions and SELinux policy. I think you are being blocked by selinux.
Try sudo ausearch -i -ts recent -m avc -m user_avc -m selinux_err
It may
Dear Enrico,
I have never configured DLZ zone myself.
There is clear error: all nodes query must specify a search base
I think it did not parse some query uri well. Could you add at least -d 1 to
OPTIONS in /etc/sysconfig/named and retry?
It will provide more details about query before it fails.
Hello Michelle,
There is some documentation on
http://bind-dlz.sourceforge.net/postgresql_driver.html. It seems old, but DLZ
driver did not get major changes in last years. There is also example at
http://bind-dlz.sourceforge.net/postgresql_example.html. Of course there is
source code in bind
I think you might have problem with DNSSEC validation. Bind in rhel6 validates
root by default and have got built-in root key compiled in. Have you tried
dnssec-validation no; option in your config?
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com
A) $ORIGIN changes appended suffix to all hostnames without trailing . for all
following records. You can change it more than one time.
Unless I am mistaken, NS records of first section would expand to
. NS local.atlanta.com.
. NS kabulvm8.atlanta.com.
That seems wrong to me.
B) Yes, it is
Hello Kishore,
It is not so simple. What was merged into BIND 9.11 is only dynamic database
API, that is bind-dyndb-ldap using. That dynamic database does not store any
permanent data, it is only interface other plugins can use.
That means dynamic_db provided by custom patch for RHEL and Fedora
22 matches
Mail list logo
