Thanks Munukd, this was the info I was looking for.
Have a great day.
On Apr 20, 2017 2:54 AM, "Mukund Sivaraman" wrote:
Hi Carlos
On Thu, Apr 20, 2017 at 12:54:47AM -0300, Carlos Pizarro wrote:
> Today the bind9 service crashed and this were the last few log lines when
> it
"The tinfoil hat brigade in some distributions has resisted using them,
fearing some conspiracy to provide not-so-random numbers."
I think the NSA *did*, in fact, compromise the "Dual Elliptic Curve
Deterministic Random Bit Generator" and paid RSA to make it the default
in one of their products
Hello,
I'm running the latest stable BIND available on Debian 8.7:
root@host:~# named -v
BIND 9.9.5-9+deb8u10-Debian (Extended Support Version)
root@host:~# dpkg -s bind9 | grep 'Version'
Version: 1:9.9.5.dfsg-9+deb8u10
https://packages.debian.org/jessie/bind9
Today the bind9 service crashed
On 19-Apr-17 21:43, Mark Andrews wrote:
> ...
> DSA requires random values as part of the signing process. Really
> all CPU's should have real random number sources built into them
> and new genuine random values should only be a instruction code away.
>
> Mark
Most recent ones do. See RDRAND
In message , "Spain, Dr. Jeffry A." writes:
> > Install and run haveged... The problem is your system doesn't have
> > enough entropy
>
> This was clearly the problem. I built a new test server with haveged
>
> Install and run haveged... The problem is your system doesn't have enough
> entropy
This was clearly the problem. I built a new test server with haveged installed,
and the bind9 completed ECDSAP256SHA256 signing in 5 seconds. I used 9.11.1
this time since it was just released today.
Upgrading from bind 9.10.3-P5 -> 9.11.1 release on linux64,
cat CHANGES
../dns/.libs/libdns.so: undefined reference to
`ERR_load_crypto_strings'
collect2: error: ld returned 1 exit status
--- 9.11.0 released ---
...
> Install and run haveged... The problem is your system doesn't have enough
> entropy in the processor or maybe it's a VM but either way there is not
> enough entropy to produce random seeds which is why it is taking so long.
Thanks, David. The system is a Microsoft Azure VM. I assumed that
I'm testing a bind9 v11.1.0-P5 server signing 8 small zones de novo with
ECDSAP256SHA256. The process takes about 12 hours to complete vs. signing with
RSASHA256, which is almost immediate, but signing is ultimately successful. The
server is running Ubuntu 16.04 LTS with current patches. I
On 04/19/2017 10:58 AM, Victoria Risk wrote:
We have implemented ECS for recursive queries in 9.10.5-S, the
subscriber preview edition of BIND, which will be released today. For
now, ECS recursion is available only to users with a support contract
with ISC. Development of this feature was a
> On Apr 19, 2017, at 8:47 AM, Nico CARTRON wrote:
>
>> Nor did I see
>> details on how to have BIND send ECS with queries when it's a recursive
>> server.
>
> As far as I know, ECS for Recursive queries is not yet implemented by ISC, or
> at least it is not publicly
On 04/19/2017 09:49 AM, Nico CARTRON wrote:
Of course I meant +subnet / +nosubnet
;-)
Thank you for the pointers Nico & Tony. I'm sure I'll find a way to get
myself into trouble with what you've provided.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic
On 19-Apr-2017 16:47 BST, wrote:
> On 19-Apr-2017 15:59 BST, wrote:
> [...]
> > I'd also like to see if it's possible to have dig send ECS info.
>
> +edns / +noedns , but you'll need a recent dig version.
Of course I meant +subnet / +nosubnet
Hi Grant,
On 19-Apr-2017 15:59 BST, wrote:
> On 04/19/2017 03:37 AM, Tony Finch wrote:
> > This is what the EDNS client subnet option is about. You can use it in
> > BIND by adding "ecs" clauses to your address match lists for views or
> > acls. However it isn't
Grant Taylor via bind-users wrote:
>
> The only occurrences I found for "ecs" on the two release notes didn't
> include more details about how to configure views to use it.
Yes, it's a bit mysterious.
> Nor did I see details on how to have BIND send ECS with queries
On 04/19/2017 03:37 AM, Tony Finch wrote:
This is what the EDNS client subnet option is about. You can use it in
BIND by adding "ecs" clauses to your address match lists for views or
acls. However it isn't documented in the ARM and it has significant
problems. See
I understand the concept, but I'm not sure I fully understand how to
configure it.
I've updated my bind to 9.11 P05 compiled with "--with-ecdsa", and as far
as I can read EDNS is enabled for authoritative bind installations
automatically.
But I'm still getting wrong answers from my installation.
Alberto Rinaudo wrote:
> I have a bind installation on a aws server and I'm trying to set up views
> to give different responses based on the source location.
>
> It works fine when this dns server is the first dns used by a client, I
> guess because the source address
Am 19.04.2017 um 06:52 schrieb i.chu...@volga.ttk.ru:
Hello all.
Regarding the "critical mass": I'm the one who downloads BIND from XP box
and I do it just to set it up on internal Linux machine. The reason to use
XP as PC OS is company's policy and lack of money after all. :)
P. S.: I can
Hello,
I have a bind installation on a aws server and I'm trying to set up views
to give different responses based on the source location.
It works fine when this dns server is the first dns used by a client, I
guess because the source address used to discriminate between views is the
last hop.
If
20 matches
Mail list logo