Comcast has taken a pragmatic view. I'm glad to see they've turned on
validation, but I can see why they need to configure exceptions. Without
being able to manage exceptions, large ISPs are not going to turn on
validation.
Indeed, which brings on the question why BIND (still) doesn't have
Hi,
Currently we using ipv4 network for our customers and all.By the way, we
do not block any ipv6 , so why we got ipv6 resolution as network
unreachable in logs?
On 10/05/12 09:47, Ben wrote:
Hi,
I just enable bind as caching name server and when watching logs i got
below erros.
It
Am 10.05.2012 um 23:52 schrieb Evan Hunt:
key 22924 of framail.de has a delete date of 2012-05-07T14:55:02 set.
It has been deleted from the repository at 2012-05-07T14:55:02.569706,
but is still included by named 9.9.0 in the zone framail.de
(as of 2012-05-10T19:51:32).
To clarify: I'm
Ben wrote:
Hi,
Currently we using ipv4 network for our customers and all.By the way, we
do not block any ipv6 , so why we got ipv6 resolution as network
unreachable in logs?
BIND believes your OS has IPv6 and tries to use it.
One option for disabling use of IPv6 in BIND is to tell BIND
Warren wrote on 05/10/2012 04:14:01 PM:
Multiple options:
1: install haveged (http://www.irisa.fr/caps/projects/hipsor/) --
this will provide you with much randomness [0].
2: buy a USB entropy widget (for example: http://www.entropykey.co.uk/)
3: See if there is a driver for your TPM --
Jan-Piet wrote on 05/11/2012 02:17:53 AM:
Indeed, which brings on the question why BIND (still) doesn't have the
a negative trust anchor feature.
So how do we implement one? Create a separate caching server with DNSSEC
validation turned off and forward all queries for the broken domain to
wbr...@e1b.org wbr...@e1b.org wrote:
So how do we implement one? Create a separate caching server with DNSSEC
validation turned off and forward all queries for the broken domain to it?
That won't work, because a validating server validates replies from a
forwarding server.
Tony.
--
So how do we implement one? Create a separate caching server with DNSSEC
validation turned off and forward all queries for the broken domain to it?
Unbound can be configured (on the fly) to ignore DNSSEC for individual
zones. From the unbound.conf(5) page:
domain-insecure: domain name
I found this article about setting up a secondary master.
This may be useful as we are bringing up a disaster recovery site.
The author explains that the zone type should be 'slave'' so it can receive db
updates from the normal master.
Seems like that makes it a slave instead of a master for that
John wrote on 05/11/2012 11:05:58 AM:
I found this article about setting up a secondary master.
This may be useful as we are bringing up a disaster recovery site.
The author explains that the zone type should be ?slave?? so it can
receive db updates from the normal master.
Seems like that
The concept of a secondary master is sound. It basically provides for
a healthy means of handling the situation where your primary master is
unusable. To enable and support a primary/backup dns master, the backup
master is initially setup as noted as a slave server. Any other slave
In article mailman.780.1336757913.63724.bind-us...@lists.isc.org,
John Wingenbach b...@wingenbach.org wrote:
The concept of a secondary master is sound. It basically provides for
a healthy means of handling the situation where your primary master is
unusable.
That's true, but the sample
thanks for the reply Daniel this is what i need.
On Thu, May 10, 2012 at 2:38 AM, Daniel Migault mglt@gmail.com wrote:
Hi,
Maybe you are looking for dnsperf and resperf [1]. We have done some
tests similar to these in [2] and [3], so maybe it helps. Replaying
captures of traffic may also
13 matches
Mail list logo
