Can you please explain What is the meaning of INVALID RECORD?
Thanks and Regards,
Gaurav Kansal
9910118448
-Original Message-
From: bind-users-bounces+gaurav.kansal=nic...@lists.isc.org
[mailto:bind-users-bounces+gaurav.kansal=nic...@lists.isc.org] On Behalf Of
Michael McNally
On Thu, Nov 17, 2011 at 8:46 AM, Aleksander Kurczyk
aleksanderkurc...@o2.pl wrote:
Hello,
Yesterday I asked here how can I run multiple named processes on different
ports in one OS. Now I have some troubles with that. How can I specify the
port number in zone file A record?
You can't.
Why
Am Thu, 17 Nov 2011 14:46:45 +0100
schrieb Aleksander Kurczyk aleksanderkurc...@o2.pl:
Hello,
Yesterday I asked here how can I run multiple named processes on different
ports in one OS. Now I have some troubles with that. How can I specify the
port number in zone file A record?
There is
I assume ISC does not deliberately insert aborts
triggerable by bad data in DNS queries and answers.
Much more likel,y they do it when something happens
that is supposed to be logically impossible whatever the
incoming data, and implies continuing to run is
potentially insecure and/or will just
On 17/11/2011 14:41, Aleksander Kurczyk wrote:
If not, it is possible to map traffic from 127.0.0.11:53,
127.0.0.12:53 and 127.0.0.13:53 to 127.0.0.1:2001, 127.0.0.1:2002 and
127.0.0.1:2003 or to setup new loopback interfaces for 127.0.0.11,
127.0.0.12 and 127.0.0.13 on Mac OS X or somehow do
On Thu, Nov 17, 2011 at 03:41:54PM +0100, Aleksander Kurczyk wrote:
Why would you run a dns server on a non standard port? There's no way
for clients to query via non standard ports.
I would like to make a experimental configuration simulating a few BIND
servers on one PC (PowerMac G4 400
On 11/17/11 08:54 AM, Bill Owens wrote:
On Thu, Nov 17, 2011 at 03:41:54PM +0100, Aleksander Kurczyk wrote:
Why would you run a dns server on a non standard port? There's no way
for clients to query via non standard ports.
I would like to make a experimental configuration simulating a few BIND
Hello *,
my ISP http://www.hetzner.de/ is now offering an IPv6 /64 subnet for
free for each Server. Not only Root-Servers but for realy ALL!
OK, however, I like to setup my VHosts to use it, but I am puzzling
around how to do this with bind9 (I run Debian)
I have gotten this:
IPs:
It works :)
Thanks very much
Dnia 17 listopada 2011 15:52 Matthew Seaman m.sea...@infracaninophile.co.uk
napisaĆ(a):
On 17/11/2011 14:41, Aleksander Kurczyk wrote:
If not, it is possible to map traffic from 127.0.0.11:53,
127.0.0.12:53 and 127.0.0.13:53 to 127.0.0.1:2001, 127.0.0.1:2002
On Nov 17, 2011, at 8:51 AM, Rick Dicaire wrote:
On Thu, Nov 17, 2011 at 8:46 AM, Aleksander Kurczyk
aleksanderkurc...@o2.pl wrote:
Hello,
Yesterday I asked here how can I run multiple named processes on
different ports in one OS. Now I have some troubles with that. How
can I specify the
Why would you run a dns server on a non standard port? There's no way
for clients to query via non standard ports.
I would like to make a experimental configuration simulating a few BIND
servers on one PC (PowerMac G4 400 Mhz :) ), without virtual machines.
Take a look at how the BIND 9
On 17/11/2011 15:13, Michelle Konzack wrote:
my ISP http://www.hetzner.de/ is now offering an IPv6 /64 subnet for
free for each Server. Not only Root-Servers but for realy ALL!
OK, however, I like to setup my VHosts to use it, but I am puzzling
around how to do this with bind9 (I
It appears that named is trying to use ports I've mentioned in
avoid-v4-udp-ports.
Platform: BIND 9.8.1-P1 on Solaris 10 / SPARC
On some of the ports which BIND might otherwise choose to use,
I have other daemons running and/or the OS treats the ports
as privileged. To keep named from trying
How about authoritative-only views? I.e., if a query reaches
the bind instance but is in a view that does not have caching,
could it crash the instance? (I assume not.)
You're correct, that would be safe. (But, obviously, if the
recursive view crashes, it's taking the authoritative one down
First off, Thank you to all who responded/helped in my previous post - this
list is a wonderful community. The inline-signing is now working...sort of.
We edit the static zone, adding a resource record (of any type), increment the
serial, and then do a rndc reload. However, Bind is still
We edit the static zone, adding a resource record (of any type),
increment the serial, and then do a rndc reload. However, Bind is still
looking at the previous dnssec signed file - it's not picking up the new
records. Another strange thing is that using the auto-dnssec maintain
option, it
On 17/11/11 05:33, King, Harold Clyde (Hal) wrote:
With great help I got Bind 9.8.1 to compile on solaris but I can not get
Bind to start up. I am getting:
17-Nov-2011 00:31:23.609 initializing DST: openssl failure
17-Nov-2011 00:31:23.609 exiting (due to fatal error)
Is anyone else
Evan:
Thank you for responding. Unfortunately, it seems that the journal file isn't
getting updated when we manually edit/increment the static zone file. The
time/date stamps are off - both ualbanytest.org.db.signed and
ualbanytest.org.db.signed.jnl show Nov 16 while the static zone file
Thank you for responding. Unfortunately, it seems that the journal file
isn't getting updated when we manually edit/increment the static zone
file. The time/date stamps are off - both ualbanytest.org.db.signed and
ualbanytest.org.db.signed.jnl show Nov 16 while the static zone file
That's just the thing. I compile on my test box and it works. Move it to
production and it fails with the error stated. Bind-9.8.1 worked with the
same environment settings. No chroot on my end. Same version of ssl
(1.0.0d).
--
Hal King - h...@utk.edu
Systems Administrator
Office of Information
Hello,
I am getting the following informational messages on starting named after
installing bind 9.8.1-P1 on a set of resolvers. Please advise.
18-Nov-2011 03:35:14.872 database: info: adb: grow_entries to 1531 starting
18-Nov-2011 03:35:14.874 database: info: adb: grow_entries finished
Evan:
Thank you once more for your help with this. I'll redo our test on a separate
environment, just to make sure, before sending a bug report.
Pass on a Thank You to the rest of the ISC Bind team - you guys did a
remarkable job with getting the Bind Upgrade out for the query.c crash, as well
Well I recompiled everything within the environment and now I seem to have
a working Bind.
Thanks
--
Hal King - h...@utk.edu
Systems Administrator
Office of Information Technology
Systems: Business Information Systems
The University of Tennessee
135D Kingston Pike Building
2309 Kingston Pk.
On 11/17/11 3:58 AM, Gaurav Kansal gaurav.kan...@nic.in wrote:
Can you please explain What is the meaning of INVALID RECORD?
I think doing so in overly verbose terms just helps script kiddies while
parts of the community schedule upgrades... It can be best not to rush this
type of detail.
Hi,
I have been working on upgrading from bind-9.7.3-P3 to bind-9.7.4-P1
to patch for cve-2011-4313.
Here is what I am doing ...
rcricket@dws-rch-rcricket-l:~$ wget
http://ftp.isc.org/isc/bind9/9.7.4-P1/bind-9.7.4-P1.tar.gz
...
rcricket@dws-rch-rcricket-l:~$ tar -zxf bind-9.7.4-P1.tar.gz
In message 5e1a7573.3227017d.4ec51045.62...@o2.pl,
=?UTF-8?Q?Aleksander_Kurczyk?= writes:
Hello,
Yesterday I asked here how can I run multiple named processes on different
ports in one OS. Now I have some troubles with t
hat. How can I specify the port number in zone file A record?
You
I am unable to reproduce this (on a CentOS Linux system).
Please tell us about your platform, what shell, what make, and provide a
copy of your full configure output, and config.log and generated
bin/named/Makefile. You may send these to me off-list if you'd like.
Thanks,
Jeremy C. Reed
On Wed, 16 Nov 2011, Phil Mayers wrote:
It might be good if bind were able to re-start itself, rather than dying
outright (e.g. re-exec the process) but that is dangerous too; it's better
done by an unrelated supervising process.
In the bind9 tarball's contrib directory there is a simply
We have the zone data - the slave is alive and the zones are on disk. I
don't care about recovering the master server that died because we've
been wanting to move the zones it served to our Infoblox systems anyways
and this presented a 'do or die' opportunity. The original question was
to
You need to fix your gcc wrapper as it is not handling command line
arguments that contain spaces. This is a common error when people
write shell script wrappers. They fail to account for arguments
with spaces.
Mark
In message
On Thursday 17 November 2011 15:24:12 Jeremy C. Reed wrote:
Also what other types of nanny scripts do you use? (I already saw
other emails with a few suggestions.)
Mine is a very trivial thing, basically just:
/sbin/pidof named || restartNamed
where restartNamed is a function to log the
On 11/17/11 1:45 PM, /dev/rob0 r...@gmx.co.uk wrote:
What I should perhaps do: separate the authoritative named instance
from the recursive one on the mail server. I suppose BIND 10 does
this, by design?
Yes, that is best practice (I keep reading it in docs from people I trust,
like Cricket
So is it true that there is no way to make an existing bind server
(without this patch) safe from this?
--
Jack Tavares
How many more can we sell with this button?
From: bind-users-bounces+j.tavares=f5@lists.isc.org
So is it true that there is no way to make an existing bind server
(without this patch) safe from this?
A server that only serves authoritative data and doesn't recurse
is safe. The assertion takes place when retrieving data from the
cache, which an authoritative server never does.
Any
In message 5a89161c-702d-4093-af15-966cbc724...@cornell.edu, John Wobus
writes:
I assume ISC does not deliberately insert aborts
triggerable by bad data in DNS queries and answers.
Much more likel,y they do it when something happens
that is supposed to be logically impossible whatever the
From: Evan Hunt [e...@isc.org]
Sent: Thursday, November 17, 2011 14:30
To: Jack Tavares
Cc: John Wobus; bind-users
Subject: Re: trigger point for new bug
So is it true that there is no way to make an existing bind server
(without this patch) safe from this?
A server that only serves
So is it true that there is no way to make an existing bind server
(without this patch) safe from this?
A server that only serves authoritative data and doesn't recurse
is safe. The assertion takes place when retrieving data from the
cache, which an authoritative server never does.
Any
If the assertion takes place when retrieving data from the cache,
would setting cache size to 0 (do disable caching) avert this issue
while still allowing recursion?
I don't think so. I believe the cache actually has a minimum size,
lower than which named won't let you go.
Setting
I asked
If the assertion takes place when retrieving data from the cache,
would setting cache size to 0 (do disable caching) avert this issue
while still allowing recursion?
Evan responded:
I don't think so. I believe the cache actually has a minimum size,
lower than which named won't let you
In message 20171600.pahg0ucw011...@scramble.princeton.edu, Irwin Tillman
writes:
It appears that named is trying to use ports I've mentioned in
avoid-v4-udp-ports.
Platform: BIND 9.8.1-P1 on Solaris 10 / SPARC
On some of the ports which BIND might otherwise choose to use,
I have
That's it! THANK YOU!
my /usr/bin/gcc was this ...
#!/bin/sh
if [ -n $GCC10G ]; then
# Use the standard gcc
exec /usr/bin/gcc323 $@
elif id | grep -q gcc296; then
#Use the compat gcc
exec /usr/bin/gcc296 $@
elif [ -n $GCC296 ]; then
# Use the compat gcc
In message
cahu+3oywmvbkghytno7hcjpud4vv4inahzgvv-qgz1ngu56...@mail.gmail.com, Red
Cricket writes:
That's it! THANK YOU!
my /usr/bin/gcc was this ...
#!/bin/sh
if [ -n $GCC10G ]; then
# Use the standard gcc
exec /usr/bin/gcc323 $@
elif id | grep -q gcc296; then
In message
9f4917e46ec4a64c8e5c28480a43eba50ca1061...@blrkecmbx02.ad.infosys.com, Binu B
Nair writes:
Hello,
I am getting the following informational messages on starting named after=
installing bind 9.8.1-P1 on a set of resolvers. Please advise.
18-Nov-2011 03:35:14.872 database:
On Nov 17, 2011, at 6:28 PM, Mark Andrews wrote:
In message 20171600.pahg0ucw011...@scramble.princeton.edu, Irwin
Tillman writes:
It appears that named is trying to use ports I've mentioned in
avoid-v4-udp-ports.
Platform: BIND 9.8.1-P1 on Solaris 10 / SPARC
On some of the ports
In message 4b588336-2de9-45bd-87ec-98c04b83c...@columbia.edu, David Coulthart
writes:
On Nov 17, 2011, at 6:28 PM, Mark Andrews wrote:
In message 20171600.pahg0ucw011...@scramble.princeton.edu, Irwin =
Tillman writes:
It appears that named is trying to use ports I've mentioned in =
Oops! Thanks again Mark. I'll fix'em :)
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
46 matches
Mail list logo