RE: Got error mssg when I started ISC Bind service

Check the event log, any more specific info? Maybe not enough rights in the /etc/namedb folder, the process needs to be able to write to that directory. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Amir Sent: 21. marraskuuta 2008 1:42 To: bind-users@l

RE: Zone not propogating to slaves

Ah, Thanks for pointing out my errors. :) Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Niall O'Reilly Sent: Thursday, November 20, 2008 3:45 PM To: BIND Users Mailing List Subject: Re: Zone not propogating to slaves On Wed, 2008-11-19 at 19:36

Re: Zone not propogating to slaves

On Wed, 2008-11-19 at 19:36 -0800, Steve Koon wrote: [ ... ] > Anyone know why I am getting this “not authoritative” message and no > zone file on .118 all of a sudden? [ ... ] > This is the log message in the 69.25.129.118 slave > > client 69.25.129.117#1304: received notify for zone > 'manzanit

Got error mssg when I started ISC Bind service

I received an error mssg when I tried to start ISC Bind I just installed on my server (Windows 2003 server): "Could not start the ISC Bind service on local computer. Error 1069: The service did not start due to a logon failure." How do I start the service and how do I get rid of that error? __

Re: Is it possible to use one KSK for multiple domains?

In message <[EMAIL PROTECTED]>, Chris Tho mpson writes: > On Nov 20 2008, Stephane Bortzmeyer wrote: > > >On Thu, Nov 20, 2008 at 11:55:17AM +, > > Chris Thompson <[EMAIL PROTECTED]> wrote > > a message of 33 lines which said: > > > >>> The text you quote is for DNS publication. But you typi

Re: socket: too many open file descriptors

At Thu, 20 Nov 2008 04:30:00 -0800 (PST), pollex <[EMAIL PROTECTED]> wrote: > > "9.3.4-P1.1" still seems to be a Debian specific version, but if this > > is featurewise equivalent to 9.3.5-P1, you should at least upgrade to > > 9.3.5-P2 (and build it with a large value of ISC_SOCKET_MAXSOCKETS). >

Re: socket: too many open file descriptors

On 19 nov, 13:32, JINMEI Tatuya / 神明達哉 <[EMAIL PROTECTED]> wrote: > At Wed, 19 Nov 2008 04:03:23 -0800 (PST), > > pollex <[EMAIL PROTECTED]> wrote: > > > Running bind9 9.3.4-2etch3 on Debian etch 4.0(last stable version with > > > apt-get install bind9) and I continue to get "socket: too many open

RE: bind-users Digest, Vol 3, Issue 3

[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, November 20, 2008 7:51 AM To: bind-users@lists.isc.org Subject: bind-users Digest, Vol 3, Issue 3 Send bind-users mailing list submissions to bind-

Re: Help understanding lame server error

>20-Nov-2008 00:36:38.470 lame-servers: info: lame server resolving >'szi.szi.sv.gov.yu' (in 'szi.sv.gov.yu'?): 195.178.32.2#53 This message means that your DNS server sent a query for szi.szi.sv.gov.yu and through recursion was directed to the nameserver at IP address 195.178.32.2

Re: Help understanding lame server error

Scott wrote at about Thursday, November 20, 2008 12:45:26 AM: ... >> 19-Nov-2008 15:36:34.955 lame-servers: info: lame server resolving >> '127.52.195.166.in-addr.arpa' (in '52.195.166.in-addr.arpa'?): >> 209.183.48.20#53 > However, I thought the last part, was an IP and a port, telling me, tha

Re: Is it possible to use one KSK for multiple domains?

On Nov 20 2008, Stephane Bortzmeyer wrote: On Thu, Nov 20, 2008 at 11:55:17AM +, Chris Thompson <[EMAIL PROTECTED]> wrote a message of 33 lines which said: The text you quote is for DNS publication. But you typically do not put KSK in the DNS, no? Sure you do. How could a validator use

RE: Workaround Solaris's kernel bug

Is the correct procedure to make this define: STD_CDEFINES='-DISC_SOCKET_USE_POLLWATCH' export STD_CDEFINES ./configure make -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thomas Schulz Sent: Wednesday, November 19, 2008 4:25 PM To: bind-users@lists.i

Re: Is it possible to use one KSK for multiple domains?

On Thu, 2008-11-20 at 14:15 +0100, Adam Tkac wrote: > It isn't possible to validate myzone1.tld. with key from other zone, > for example myzone2.tld., is it? No, but Chris explained better than I did what I had in mind. On Thu, 2008-11-20 at 11:43 +, Chris Thompson wrote: > the DNSKEY

Re: Help understanding lame server error

Have you tried looking up the client IP from another line in the logs from the same time? -Original Message- From: Scott Haneda <[EMAIL PROTECTED]> Date: Thu, 20 Nov 2008 00:45:26 To: BIND Users Mailing List Subject: Re: Help understanding lame server error On Nov 19, 2008, at 6:19 P

Re: Is it possible to use one KSK for multiple domains?

On Thu, Nov 20, 2008 at 11:55:17AM +, Chris Thompson <[EMAIL PROTECTED]> wrote a message of 33 lines which said: >> The text you quote is for DNS publication. But you typically do not >> put KSK in the DNS, no? > > Sure you do. How could a validator use it if you didn't? Because it is pub

Re: Help understanding lame server error

In message <[EMAIL PROTECTED]>, Scott Haneda writ es: > On Nov 19, 2008, at 6:19 PM, Kevin Darcy wrote: > > Here is another example, I think not a reverse lookup for sure: > 20-Nov-2008 00:36:38.470 lame-servers: info: lame server resolving > 'szi.szi.sv.gov.yu' (in 'szi.sv.gov.yu'?): 195.178.3

Re: Is it possible to use one KSK for multiple domains?

On Thu, Nov 20, 2008 at 09:18:01AM +, Niall O'Reilly wrote: > On Wed, 2008-11-19 at 21:55 +0100, Adam Tkac wrote: > > does anyone know if is it possible to sign multiple domains with one > > KSK? > > Adam, > > I suspect your question may need to be more specific. Right you are.

Re: Workaround Solaris's kernel bug

At 10:18 AM 11/20/2008 +, you wrote: This is CR 6724237 Which was first introduced in Solaris 8. At this time there is no patch for Solaris 8, 9 or 10 and therefore "ISC_SOCKET_USE_POLLWATCH" should be defined when building BIND 9 f

Re: Is it possible to use one KSK for multiple domains?

On Nov 20 2008, Stephane Bortzmeyer wrote: [...snipped...] [Warning: still struggling with the subtleties of KSK/ZSK.] The text you quote is for DNS publication. But you typically do not put KSK in the DNS, no? Sure you do. How could a validator use it if you didn't? Perhaps you meant: you wo

Re: Is it possible to use one KSK for multiple domains?

On Nov 19 2008, Adam Tkac wrote: does anyone know if is it possible to sign multiple domains with one KSK? If I understand correctly what RFC 4034, section 2.1.1 says "... If bit 7 has value 1, then the DNSKEY record holds a DNS zone key, and the DNSKEY RR's owner name MUST be the name of a zon

Zone not propogating to slaves

I am getting on one of my slaves (69.25.129.117) yet on the other I get the zone to come across from the master. Just a quirk here is that the .117 slave has to be recycled before the zone comes across yet the .118 comes across when the master is recycle and a change has occurred in one of the zone

Re: Workaround Solaris's kernel bug

Thomas Schulz wrote: Change 2489 says to define ISC_SOCKET_USE_POLLWATCH to workaround a Solaris kernel bug about /dev/poll. How do I know if I should define this? Should I just assume that if I am running Sloaris 8 then I need to define ISC_SOCKET_USE_POLLWATCH? Is there any down side to defi

Re: Is it possible to use one KSK for multiple domains?

On Wed, 2008-11-19 at 21:55 +0100, Adam Tkac wrote: > does anyone know if is it possible to sign multiple domains with one > KSK? Adam, I suspect your question may need to be more specific. Are you asking about the signing process itself, or rather about how cert

Re: Help understanding lame server error

On Nov 19, 2008, at 6:19 PM, Kevin Darcy wrote: Scott Haneda wrote: I have a good deal if lame server errors in my logs, which I am not entirely understanding. 19-Nov-2008 15:36:34.657 lame-servers: info: lame server resolving '170.73.234.209.in-addr.arpa' (in '73.234.209.in-addr.arpa'?):

Re: Is it possible to use one KSK for multiple domains?

On Wed, Nov 19, 2008 at 09:55:52PM +0100, Adam Tkac <[EMAIL PROTECTED]> wrote a message of 17 lines which said: > If I understand correctly what RFC 4034, section 2.1.1 says "... If > bit 7 has value 1, then the DNSKEY record holds a DNS zone key, and > the DNSKEY RR's owner name MUST be the na