BIND 9.7.4b1 is now available
Introduction BIND 9.7.4b1 is a beta release of BIND 9.7.3. Download The latest development version of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/development. There you will find additional information about each release, source code, and some pre-compiled versions for certain operating systems. Support Product support information is available on http://www.isc.org/services/support for paid support options. Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://lists.isc.org/mailman/listinfo. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND 9.4-ESV-R5b1 is now available
Introduction BIND 9.4-ESV-R5b1 is a beta release of BIND 9.4-ESV-R5. Download The latest development version of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/development. There you will find additional information about each release, source code, and some pre-compiled versions for certain operating systems. Support Product support information is available on http://www.isc.org/services/support for paid support options. Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://lists.isc.org/mailman/listinfo. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Primary Server Name Change
On 05/12/2011 08:15 PM, Mark Andrews wrote: In message4dcc225f.8000...@obsd.us, CT writes: Primary Name server bind- 9.7.3 OS- CentOS 5.6 Authoritative for 2 zones using DNSSEC This may be an obvious question but I will ask anyway.. :) I want to change the name of the server from old.zone1.com to new.zone2.com IP Address - no change - change soa in master zone files - work with slaves to make sure named.conf are correct Other than that are there any gotchas.. ?? I am wondering if I will have to unsign my zones and the upload new keysets to the registrar. To do a graceful transition to a new nameserver you should. * Commision the new nameserver. * Add the new address records and wait for them to propogate to all authoritative servers and any cached negative responses for them to expire. * Add the NS record for the new nameserver. * Update the parent zone to ADD the new nameserver and glue. * Wait for the old NS RRet and referrals to expire from caches. * Remove the NS record for the old nameserver. * Update the parent zone to REMOVE the old nameserver and glue. * Wait for the intermediate NS RRet and referrals to expire from caches. * Remove the old address records if they are no longer required. * Decommision the old nameserver. As the addresses of the new and old nameservers are the same you can shorten this process a little. * Add the new address records and wait for them to propogate to all authoritative servers and any cached negative responses for them to expire. * Update the NS RRset + Add the NS record for the new nameserver. + Remove the NS record for the old nameserver. * Update the parent zone + Update the parent zone to ADD the new nameserver and glue. + Update the parent zone to REMOVE the old nameserver and glue. * Wait for the old NS RRet and referrals to expire from caches. * Remove the old address records if they are no longer required. In all cases you re-sign the zone whenever you make changes to it. Thx CT ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Mark, Thank you for your very succinct response.. Exactly what I needed.. CT ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: BIND 9.4-ESV-R5b1 is now available
Did I miss a notice? What issue(s) does this address? I can't find a way to see what this addresses without downloading the tarball.. -- Jack Tavares From: bind-users-bounces+j.tavares=f5@lists.isc.org [bind-users-bounces+j.tavares=f5@lists.isc.org] on behalf of Mark Andrews [ma...@isc.org] Sent: Thursday, May 12, 2011 21:59 To: bind-us...@isc.org Subject: BIND 9.4-ESV-R5b1 is now available Introduction BIND 9.4-ESV-R5b1 is a beta release of BIND 9.4-ESV-R5. Download The latest development version of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/development. There you will find additional information about each release, source code, and some pre-compiled versions for certain operating systems. Support Product support information is available on http://www.isc.org/services/support for paid support options. Free support is provided by our user community via a mailing list. Information on all public email lists is available at https://lists.isc.org/mailman/listinfo. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.4-ESV-R5b1 is now available
Did I miss a notice? What issue(s) does this address? I can't find a way to see what this addresses without downloading the tarball.. Whoops. The CHANGES file is at ftp://ftp.isc.org/isc/bind9/9.4-ESV-R5b1/CHANGES, (and similarly for the other versions), so you don't have to download the whole tarball. In this case, changes since prior release ware: --- 9.4-ESV-R5b1 released --- 3095. [bug] Handle isolated reserved ports in the port range. [RT #23957] 3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf and add setup.sh in order to resolve changing named.conf issue. [RT #23687] 3071. [bug] has_nsec could be used unintialised in update.c:next_active. [RT #20256] 3067. [bug] ixfr-from-differences {master|slave}; failed to select the master/slave zones. [RT #23580] 3065. [bug] RRSIG could have time stamps too far in the future. [RT #23356] 3064. [bug] powerpc: add sync instructions to the end of atomic operations. [RT #23469] 3058. [bug] Cause named to terminate at startup or rndc reconfig/ reload to fail, if a log file specified in the conf file isn't a plain file. [RT #22771] 3051. [bug] NS records obsure DNAME records at the bottom of the zone if both are present. [RT #23035] 3041. [bug] dnssec-signzone failed to generate new signatures on ttl changes. [RT #23330] 3040. [bug] Named failed to validate insecure zones where a node with a CNAME existed between the trust anchor and the top of the zone. [RT #23338] 3037. [doc] Update COPYRIGHT to contain all the individual copyright notices that cover various parts. 3014. [bug] Fix the zonechecks system test to match expected behaviour for 9.4 and to fail on error. [RT #22905] 3009. [bug] clients-per-query code didn't work as expected with particular query patterns. [RT #22972] 3007. [bug] Named failed to preserve the case of domain names in rdata which is not compressible when writing master files. [RT #22863] 2996. [security] Temporarily disable SO_ACCEPTFILTER support. [RT #22589] -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Primary Server Name Change
On Thu, May 12, 2011 at 01:09:35PM -0500, CT wrote: Primary Name server bind- 9.7.3 OS- CentOS 5.6 Authoritative for 2 zones using DNSSEC This may be an obvious question but I will ask anyway.. :) ... To Mark's excellent response, I want to re-emphasize the importance of making sure that your parent zone ends up with identical NS records (and any A records needed as glue) to those in your zone whose NS records are changing. Remind them also to remove any old glue records no longer needed, or update changed ones. Failing to do all this is a common cause of problems. Also, I again point out that to the clients, there are generally no such things as primary and secondary name servers - there are only peer name servers. One exception would seem to be the server in the MNAME field of the SOA record - it is sent UPDATE records as the primary server [the one with the master copy of the zone] - but this is frequently filled in with a different name either for stealth server reasons or just to avoid those UPDATE records. -- /*\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users