Re: Regarding EDNS Responses.

In message 001501ca5785$257c7220$21011...@china.huawei.com, Ashwin writes: Hi All, RFC 2671 mentions in Section 5.3 Responders who do not understand these protocol extensions are expected to send a response with RCODE NOTIMPL, FORMERR, or SERVFAIL. However the above mentioned error

RE: Regarding EDNS Responses.

In message 001501ca5785$257c7220$21011...@china.huawei.com, Ashwin writes: Hi All, RFC 2671 mentions in Section 5.3 Responders who do not understand these protocol extensions are expected to send a response with RCODE NOTIMPL, FORMERR, or SERVFAIL. However the above mentioned error

Re: Regarding EDNS Responses.

It's not a perfect world. Even getting back a EDNS response does not indicate that the server understands EDNS. In message 002301ca579c$56deb0f0$21011...@china.huawei.com, Ashwin writes: In message 001501ca5785$257c7220$21011...@china.huawei.com, Ashwin writes: Hi All, RFC 2671

RE: 2 simultaneous hung Bind boxes

Hi! On some of our (linux based) DNS server's the BIND just hangs; the combination was fairly old hardware and fairly new OS/BIND. Couldn't figure it out either until I came up with https://www.isc.org/node/302. At least you could try it, I found no harm on setting the

Reasons for not resolving

Hello, There are few websites that our DNS (BIND 9.4.2 on CentOS 5) is not resolving while others like 4.2.2.2 does, I wonder what could be the reasons for this? Regards, Alans ___ bind-users mailing list bind-users@lists.isc.org

Reverse DNS slave server

Just simple question. I'm setting up slave dns server, my question, is do I need to transfer Reverse zone too ? or just domain zone is enough? thank you for any help ___ bind-users mailing list bind-users@lists.isc.org

Re: 2 simultaneous hung Bind boxes

Justin Shore wrote: The boxes are running fairly old Bind code, 9.5.1b2. Tomorrow I will upgrade to 9.6.1rc1 (unless people believe 9.7.0b1 is ready for use). I would recommend not using beta or release candidate code in your deployment. If you want something that will stand up to customer

Re: ISC BIND 9.7.0b1 is now available

On Tue, Oct 20, 2009 at 08:29:20PM +, Evan Hunt e...@isc.org wrote a message of 836 lines which said: BIND 9.7.0b1 is now available. Apparently, support for the new algorithms RSASHA256 and RSASHA512 is not included? Is it planned for 9.7 or shall I wait 9.8? %

Re: 2 simultaneous hung Bind boxes

Nikkilä wrote: Hi! On some of our (linux based) DNS server's the BIND just hangs; the combination was fairly old hardware and fairly new OS/BIND. Couldn't figure it out either until I came up with https://www.isc.org/node/302. At least you could try it, I found no harm on setting the

Re: ISC BIND 9.7.0b1 is now available

On Oct 28 2009, Evan Hunt wrote: Apparently, support for the new algorithms RSASHA256 and RSASHA512 is not included? Is it planned for 9.7 or shall I wait 9.8? That will be in 9.7.0b2. You aren't going to wait for the RFC? - it doesn't seem to be out yet. Or maybe you are predicting that it

Re: ISC BIND 9.7.0b1 is now available

On Wed, Oct 28, 2009 at 03:17:54PM +, Chris Thompson c...@cam.ac.uk wrote a message of 13 lines which said: You aren't going to wait for the RFC? It is in AUTH48 (the last step before publication, theoretically meaning that the people involved have 48 h to make remarks). After all,

New BIND server

Hello BIND users, I have setup a new Ubuntu 9.04 server with BIND9. I have looked at a few tutorial and how to’s like this one: https://help.ubuntu.com/community/BIND9ServerHowto but would like to get your tips and tricks to secure your BIND servers before putting it into production.

Re: New BIND server

On Wed, Oct 28, 2009 at 11:27 AM, NéoSynergix | Martin Dubreuil martin.dubre...@neosynergix.com wrote: but would like to get your tips and tricks to secure your BIND servers before putting it into production. A little vague here. You haven't defined what your intentions are. Is this an

RE: New BIND server

Yes sorry, This DNS server is only to resolve our local hosted domain names - authoritative only server - WITH no recursion -Original Message- From: Rick Dicaire [mailto:kri...@gmail.com] Sent: 28 octobre 2009 12:01 To: martin.dubre...@neosynergix.com Cc: bind-users@lists.isc.org

Re: Reasons for not resolving

Alans, Why would you use Google to determine whether a web site is up or not? It's not even clear to me that you're having a DNS problem. It's rather bad practice to have lots of reverse-records in the DNS for a given address (e.g. 96.31.75.113), and can even cause problems with oversized

Re: Reverse DNS slave server

アルベルト wrote: Just simple question. I'm setting up slave dns server, my question, is do I need to transfer Reverse zone too ? or just domain zone is enough? Sort of impossible to answer, without more information. Why did you set up a slave server in the first place? Redundancy?

Re: New BIND server

On 28.10.09 11:27, NéoSynergix | Martin Dubreuil wrote: I have setup a new Ubuntu 9.04 server with BIND9. but would like to get your tips and tricks to secure your BIND servers before putting it into production. What do you mean secure? Default installation should not allowanything that

RE: New BIND server

Hello BIND users, I have setup a new Ubuntu 9.04 server with BIND9. I have looked at a few tutorial and how to's like this one: https://help.ubuntu.com/community/BIND9ServerHowto but would like to get your tips and tricks to secure

Re: New BIND server

Yeah, look it over, but take the zone-transfer restrictions and version-obfuscation stuff with a bit of a grain of salt. Those parts are a little too PHSCSE (Pointy-Haired So-Called Security Expert)-ish for my tastes, verging on Theater. At least they finally got rid of the bogon stuff.

Re: ISC BIND 9.7.0b1 is now available

You aren't going to wait for the RFC? - it doesn't seem to be out yet. Or maybe you are predicting that it will be out before 9.7.0b2 is... It's out now (RFC 5702), so this is a moot point--but we were mainly waiting for IANA to pick the final codepoints, not so much for the RFC to be

Re: Reverse DNS slave server

In article mailman.799.1256720493.14796.bind-us...@lists.isc.org, $B%%k%Y%k%H(B dziu...@kdl.co.jp wrote: Just simple question. I'm setting up slave dns server, my question, is do I need to transfer Reverse zone too ? or just domain zone is enough? thank you for any help You need to

Re: ISC BIND 9.7.0b1 is now available

On Oct 28 2009, Evan Hunt wrote: You aren't going to wait for the RFC? - it doesn't seem to be out yet. Or maybe you are predicting that it will be out before 9.7.0b2 is... It's out now (RFC 5702), so this is a moot point--but we were mainly waiting for IANA to pick the final codepoints, not

Re: ISC BIND 9.7.0b1 is now available

Will you be adding RSASHA256 support in the 9.5.x and 9.6.x series? It might be a bit optimistic to expect everyone to move to 9.7.x by 2010-07-01, if that's when the root zone is going to be *really* signed (with RSASHA256, according to current reports). Not 9.5.x, as it lacks NSEC3

how to debug

HI, I have already analysis where to add new RR,and how to make it works. But i don't contact automake tool before, so reading so large configure and makefiles make me feel so bad. I try to understand ,but it just myself alone to do this , so anyone can give some guide how to debug the

Re: how to debug

In message e1b1ab9e0910281921j612d2982le3170b6dc3d60...@mail.gmail.com, aihua zhang writes: HI, I have already analysis where to add new RR,and how to make it works. But i don't contact automake tool before, so reading so large configure and makefiles make me feel so bad. I try to