Re: Force Bind caching resolver to always obey DNSSSEC

2010-10-02 Thread lst_hoe02
Zitat von Barry Margolin bar...@alum.mit.edu: In article mailman.265.1285967251.555.bind-us...@lists.isc.org, lst_ho...@kwsoft.de wrote: Zitat von Alan Clegg acl...@isc.org: On 10/1/2010 4:50 PM, lst_ho...@kwsoft.de wrote: Sorry for being unclear. We want the SERVFAIL as it should be for

Re: Auto signing ARM

2010-10-02 Thread Phil Mayers
On 10/01/2010 09:59 PM, Tony Finch wrote: I haven't seen any answers to Timothe's questions below, though I have been keeping an eye out for them. The documentation in this area is a bit thin... A few comments based on what I've observed. Consider this configuration snippet: View internal

Re: Force Bind caching resolver to always obey DNSSSEC

2010-10-02 Thread Phil Mayers
On 10/02/2010 10:01 AM, lst_ho...@kwsoft.de wrote: So the problem are not resolvers unaware of DNSSEC but resolvers with inappropriate defaults or configured wrong by accident. Additionally this problem is not easy detectable as it can occur far downstream. So i would say it is a valid concern

multiple slave zones pointing to same file?

2010-10-02 Thread online-reg
Hi All: I’m building a new Bind 9.7.1-P2 slave server and am taking an opportunity to review my conf files. I have a number of zones on the primary that all point to the same zone configuration file. On my slave server, is there any way to configure named.conf so that multiple zones are all

Re: multiple slave zones pointing to same file?

2010-10-02 Thread John Wingenbach
Simply set the file option to the same name on the slave server. On 10/2/2010 2:59 PM, Doug Barton wrote: On 10/2/2010 11:16 AM, online-reg wrote: Hi All: I’m building a new Bind 9.7.1-P2 slave server and am taking an opportunity to review my conf files. I have a number of zones on the

Re: multiple slave zones pointing to same file?

2010-10-02 Thread Mark Andrews
In message 58f2f2eb90f24743a050575c87c7c...@nyoffice.enigmedia.local, online -reg writes: Hi All: I’m building a new Bind 9.7.1-P2 slave server and am taking an opportunity to review my conf files. I have a number of zones on the primary that all point to the same zone configuration

Re: multiple slave zones pointing to same file?

2010-10-02 Thread John Wingenbach
Doesn't support it? Since when does named not allow you to use the same file name for more then one zone? I've been doing that for several years. -- John Wingenbach On 10/2/2010 6:49 PM, Mark Andrews wrote: In message58f2f2eb90f24743a050575c87c7c...@nyoffice.enigmedia.local, online -reg

Re: multiple slave zones pointing to same file?

2010-10-02 Thread Mark Andrews
In message 4ca7b926.9070...@wingenbach.org, John Wingenbach writes: Doesn't support it? Correct. It is not supported. Don't take the fact that it doesn't complain as evidence that this is supported practice. The only place where shared file use is supported is in static master zones.

rndc.key vs. rndc.conf

2010-10-02 Thread online-reg
Hi All: One more conf issue on bind 9.7.1-P2 After running rndc-confgen and reloading BIND I’m getting this error: WARNING: key file (/etc/namedb/rndc.key) exists, but using default configuration file (/etc/namedb/rndc.conf) rndc: connection to remote host closed This may indicate that * the

9.7.1-P2 managed-keys error

2010-10-02 Thread online-reg
02-Oct-2010 17:33:53.125 general: error: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found I've googled around but am not clear on what's causing this error? Does this file need to be created manually for BIND to be able to write to it? I have a

Re: rndc.key vs. rndc.conf

2010-10-02 Thread Jeremy C. Reed
On Sat, 2 Oct 2010, online-reg wrote: Hi All: One more conf issue on bind 9.7.1-P2   After running rndc-confgen and reloading BIND I?m getting this error:   WARNING: key file (/etc/namedb/rndc.key) exists, but using default configuration file (/etc/namedb/rndc.conf) rndc: connection to

Re: rndc.key vs. rndc.conf

2010-10-02 Thread Doug Barton
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/2/2010 5:08 PM, online-reg wrote: | Hi All: One more conf issue on bind 9.7.1-P2 | After running rndc-confgen and reloading BIND I?m getting this error: | WARNING: key file (/etc/namedb/rndc.key) exists, but using default | configuration file

Re: multiple slave zones pointing to same file?

2010-10-02 Thread Doug Barton
On 10/2/2010 3:15 PM, online-reg wrote: IME the best way to do this on a Unix'y system is to use hard links. That way if you ever need to change one of them to be its own file it's trivial to do so. Also IME, BIND doesn't react well to having multiple slave zones sharing the same file, but that