Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

Thanks for a workaround. But in this case - after "dnssec-settime -L ttl" I need unsign/sign zone (p.1 of steps above) in order to new TTL value appeared in DNSKEY RRset ("service bind9 reload" or "rndc loadkeys" has no effect). But I would like to find a solution without the need of

Problem looking up domain dryfire.com

Hello. I'm seeing some odd problems where BIND (9.10.4-P2) has issues resolving getsurfed.com. This is when using the "510 Software Group" BIND 9.10 for RHEL/CentOS/Fedora. I can do manual lookups of the domain with "dig" and point it to their servers (dns0.getsurfed.com,

Re: Problem looking up domain dryfire.com

On Tue, Aug 16, 2016 at 11:04:14AM +0200, Eivind Olsen wrote: > Hello. > > I'm seeing some odd problems where BIND (9.10.4-P2) has issues resolving > getsurfed.com. This is when using the "510 Software Group" BIND 9.10 for > RHEL/CentOS/Fedora. > > I can do manual lookups of the domain with

Re: Problem looking up domain dryfire.com

The nameservers are broken. They send back rcode 17 (which is yet to be assigned) when they see a query with a EDNS option present rather than ignore the option as required by RFC 6891. They also send back RCODE 17 rather than BADVERS (16) when send a EDNS(1) query. The servers also don't

RE: Re: Disabling rate-limit?

Blr, We do run RRL on some of our servers, example option clause below that activates the feature. Two suggestions: 1. You mention you 'inherited' the server and looked at /etc/named.conf -- verify that it is not running chroot to another directory and using another config file (I

Re: Disabling rate-limit?

On Mon, Aug 15, 2016 at 11:23 PM, blrmaani wrote: > From tcpdump, it appears that customers are receiving delayed response and > are too sensitive for timeouts. > > The queries they are sending are authoritative i.e the zone is on our > nameserver. > > How do I trouble-shoot