I have a question about the bug that this patch fixes.
--- 9.6.2-P2 released ---
2876. [bug] Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131]
Does this bug only occur if dnssec is enabled?
or only if dnssec
If your primary master goes down, and you want to ensure that all of
your slaves get the *latest*available*version* of the zone, and serves
it until the master comes back up, then you would cross-connect all of
your slaves so that eventually they'll all sync up to that version.
*HOWEVER*,
Hi,
I am having a dnssec problem while signing zone:
# dnssec-signzone -N INCREMENT mydomain.org
Verifying the zone using the following algorithms: RSASHA1.
Missing RSASHA1 signature for . NSEC
The zone is not fully signed for the following algorithms: RSASHA1.
dnssec-signzone: fatal: DNSSEC
On Thu, May 20, 2010 at 12:10:53PM -0700,
itservices88 itservice...@gmail.com wrote
a message of 92 lines which said:
# dnssec-signzone -N INCREMENT mydomain.org
Verifying the zone using the following algorithms: RSASHA1.
Missing RSASHA1 signature for . NSEC
The zone is not fully signed
On 05/20/2010 09:10 PM, itservices88 wrote:
Verifying the zone using the following algorithms: RSASHA1.
Missing RSASHA1 signature for . NSEC
You seem to have a record for . somewhere in your zone file.
Did you load the unsigned zone into BIND before? It should have logged a
warning about that
On 5/20/2010 12:51 PM, Hauke Lampe wrote:
Did you load the unsigned zone into BIND before? It should have logged a
warning about that record.
named-checkzone would be useful here as well.
hth,
Doug
--
... and that's just a little bit of history repeating.
No local script. I am using snssec-signzone that cam with the installation:
# dnssec-signzone --help
Version: 9.6.2-P1-RedHat-9.6.2-3.P1
On Thu, May 20, 2010 at 12:26 PM, Stephane Bortzmeyer bortzme...@nic.frwrote:
On Thu, May 20, 2010 at 12:10:53PM -0700,
itservices88 itservice...@gmail.com
On Thu, May 20, 2010 at 12:51 PM, Hauke Lampe
list+bindus...@hauke-lampe.delist%2bbindus...@hauke-lampe.de
wrote:
On 05/20/2010 09:10 PM, itservices88 wrote:
Verifying the zone using the following algorithms: RSASHA1.
Missing RSASHA1 signature for . NSEC
You seem to have a record for .
#named-checkconf -t /var/named/chroot /etc/named.conf
#
# named-checkzone -t /var/named/chroot mydomain.org /etc/named-data/
mydomain.org
zone mydomain.org/IN: loaded serial 2010141144
OK
No error in both of the commands.
I am missing something else may be.
Thanks
On Thu, May 20, 2010 at
I'm new to this list but have been having trouble looking for information on
this topic.
A pointer please to information on how to use BIND to translate a domain name
to a target URL. For example, www.domain -
http://www.someother.domain/folder1/folder2/index.html.
Thanks in advance.
On Thu, May 20, 2010 at 5:18 PM, Hoover Chan hc...@mail.ewind.com wrote:
I'm new to this list but have been having trouble looking for information on
this topic.
A pointer please to information on how to use BIND to translate a domain
name to a target URL. For example, www.domain -
Heh, thanks for the humor.
I'm used to having control over both Web server and DNS server and the way I
normally handle these things is via an Apache virtual host configuration.
However, I'm under pressure to lose control of DNS and hand it over to a
company like Go Daddy or Network Solutions
Hoover Chan wrote:
I'm new to this list but have been having trouble looking for information on
this topic.
A pointer please to information on how to use BIND to translate a domain name to
a target URL. For example, www.domain -
http://www.someother.domain/folder1/folder2/index.html.
Thanks
Hi,
Whenever i enable:
dnssec-lookaside . trust-anchor DLV.ISC.ORG;
in the named.conf, restart bind, the dns resolution stops. One the same FC12
machine, dig using an outside dns server has no issues resolving with
+dnssec option. I am using bind 9.6.2 that came with FC12.
Any thoughts ?
In message aanlktikyznh9_cgpb2efye_-yuu4n3bs75fwzp-jz...@mail.gmail.com, itse
rvices88 writes:
Hi,
Whenever i enable:
dnssec-lookaside . trust-anchor DLV.ISC.ORG;
in the named.conf, restart bind, the dns resolution stops. One the same FC12
machine, dig using an outside dns server has
Hi Bind Users,
Good day. I wish to know what is the industry standard when dealing with the
TOTAL QPS and how do we calculate this with BIND?
My understanding of QPS is the queries that a DNS server has received
regardless if it was dealt with a successful response, nxdomain or timed-out
due
In message 20100520192619.ga27...@laperouse.bortzmeyer.org, Stephane Bortzmey
er writes:
On Thu, May 20, 2010 at 12:10:53PM -0700,
itservices88 itservice...@gmail.com wrote
a message of 92 lines which said:
# dnssec-signzone -N INCREMENT mydomain.org
Verifying the zone using the
In message aanlktil_-lds5t6svsfgp6u_9atklov2xfowyoovs...@mail.gmail.com, itse
rvices88 writes:
Hi,
I am having a dnssec problem while signing zone:
# dnssec-signzone -N INCREMENT mydomain.org
Verifying the zone using the following algorithms: RSASHA1.
Missing RSASHA1 signature for . NSEC
On May 20, 2010, at 8:34 PM, Hoover Chan wrote:
Heh, thanks for the humor.
I'm used to having control over both Web server and DNS server and the way I
normally handle these things is via an Apache virtual host configuration.
However, I'm under pressure to lose control of DNS and hand it
Ok. I will open a bug.
Thanks
-dani
On Thu, May 20, 2010 at 8:10 PM, Mark Andrews ma...@isc.org wrote:
In message aanlktil_-lds5t6svsfgp6u_9atklov2xfowyoovs...@mail.gmail.com,
itse
rvices88 writes:
Hi,
I am having a dnssec problem while signing zone:
# dnssec-signzone -N INCREMENT
I missed the trusted key .. Thanks
Here is the other output
# dig +cd +dnssec dlv.isc.org dnskey @localhost
; DiG 9.6.2-P1-RedHat-9.6.2-3.P1.fc12 +cd +dnssec
dlv.isc.orgdnskey @localhost
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 63788
;;
21 matches
Mail list logo