Re: DNSSEC, whitehouse, isc, and troubleshooting...

On Apr 18 2011, Evan Hunt wrote: On Mon, Apr 18, 2011 at 10:51:04AM -0700, John Williams wrote: From my signed domain when I query www.isc.org (w/ +dnssec) I get the ad flag as expected. I don't see that flag when I query whitehouse.gov (w/ +dnssec) and I know that zone is signed. Is anyone

Re: DNSSEC, whitehouse, isc, and troubleshooting...

On Mon, 18 Apr 2011, John Williams wrote: Subject: DNSSEC, whitehouse, isc, and troubleshooting... From my signed domain when I query www.isc.org (w/ +dnssec) I get the ad flag as expected. I don't see that flag when I query whitehouse.gov (w/ +dnssec) and I know that zone is signed. Is

Re: DNSSEC, whitehouse, isc, and troubleshooting...

On Mon, Apr 18, 2011 at 11:07 AM, Evan Hunt wrote: > On Mon, Apr 18, 2011 at 10:51:04AM -0700, John Williams wrote: > > From my signed domain when I query www.isc.org (w/ +dnssec) I get the ad > > flag as expected. I don't see that flag when I query whitehouse.gov (w/ > > +dnssec) and I know tha

Re: DNSSEC, whitehouse, isc, and troubleshooting...

John Williams wrote: > Is anyone else seeing this behavior? Also, is there a link that addresses > troubleshooting or diagnosing DNSSEC based queries? One minor issue: If I query a.gov-servers.net for the nameservers of whitehouse.org, it returns a list of 6. If I query any of these, they give m

Re: DNSSEC, whitehouse, isc, and troubleshooting...

On Mon, Apr 18, 2011 at 10:51:04AM -0700, John Williams wrote: > From my signed domain when I query www.isc.org (w/ +dnssec) I get the ad > flag as expected. I don't see that flag when I query whitehouse.gov (w/ > +dnssec) and I know that zone is signed. > > Is anyone else seeing this behavior?

DNSSEC, whitehouse, isc, and troubleshooting...

>From my signed domain when I query www.isc.org (w/ +dnssec) I get the ad flag >as expected. I don't see that flag when I query whitehouse.gov (w/ +dnssec) >and I know that zone is signed. Is anyone else seeing this behavior? Also, is there a link that addresses troubleshooting or diagnosing

Re: multiple IP address in Address Record in BIND

On 4/17/2011 2:49 PM, Ben Croswell wrote: In the bind 8 days people would put the same address multiple times and then other addresses as well to "weight" the responses. -Ben Croswell On Apr 17, 2011 2:45 PM, "Eivind Olsen" > wrote: >> Hi, >> we have internal doma

Re: question on minimal file permissions

On Apr 18 2011, Tony Finch wrote: Zone files that are managed by bind need to be writable by BIND (mode 644 and owned by BIND). BIND does not overwrite zone file in place! For those that it does manage (type slave/stub, or type master with DNS updates allowed) it is the directory containing t

Re: slave timers

On Mon, 18 Apr 2011, hugo hugoo wrote: I am testing the migration bind8 to Bind9 and the working for slave zones. To do this, I have put the following values to the timers in the master zone. $ORIGIN com. toto 3600IN SOA ns1.toto.com. postmaster.toto.com. ( 2

slave timers

Dear all, I am testing the migration bind8 to Bind9 and the working for slave zones. To do this, I have put the following values to the timers in the master zone. $ORIGIN com. toto 3600IN SOA ns1.toto.com. postmaster.toto.com. ( 2011041404 302 3600 604800 360

Re: SOA RNAME Value

I do not understand why I did not get similar test and log results as you indicate below but I appreciate your feedback! Thank you!! On Thu, 2011-04-14 at 17:39 +0100, Tony Finch wrote: > Justin Krejci wrote: > > > > So I am wondering if this is normal/expected behavior for BIND and if so > > sh

Re: question on minimal file permissions

hostmas...@g-net.be wrote: > > 4 dr--r--r-- 2 bind bind 4096 2011-04-18 14:50 . You should set execute permission on the directory so that bind can traverse it. Tony. -- f.anthony.n.finchhttp://dotat.at/ Rockall, Malin, Hebrides: South 5 to 7, occasionally gale 8 at first in Rockall and Ma

Re: question on minimal file permissions

On 4/18/11 2:17 PM, hostmas...@g-net.be wrote: > > and when I configure my zone like this in named.conf.local : > > zone "zone.be" { > type master; > file "/dnszones/db.zone.be.signed"; > auto-dnssec maintain; > key-directory "/dnskeys/"; > sig-validity-in

Re: max-cache-size rule of thumb?

Dennis Perisa wrote: > Is there a rule of thumb when setting max-cache-size? e.g. max physical > memory * 0.4 > Is there even a need to set max-cache-size on a server with plenty of > memory > (>10GB) running only BIND? I'd normally not recommend to limit the cache size - with normal use, it shou

Re: max-cache-size rule of thumb?

On Mon, 18 Apr 2011, Dennis Perisa wrote: Hi all, Is there a rule of thumb when setting max-cache-size? e.g. max physical memory * 0.4 Is there even a need to set max-cache-size on a server with plenty of memory (>10GB) running only BIND? Regards Dennis Dennis, since getting the answers f

Re: question on minimal file permissions

On Mon, 2011-04-18 at 11:47 +0100, Tony Finch wrote: > hostmas...@g-net.be wrote: > > > > The reason I ask is because I'm setting up a DNS sec server and for easy > > key rollover and manageability I have created several new directories on > > a usb stick for example. Key files and zone files now

max-cache-size rule of thumb?

Hi all, Is there a rule of thumb when setting max-cache-size? e.g. max physical memory * 0.4 Is there even a need to set max-cache-size on a server with plenty of memory (>10GB) running only BIND? Regards Dennis ___ bind-users mailing list bind-users@

Re: question on minimal file permissions

hostmas...@g-net.be wrote: > > The reason I ask is because I'm setting up a DNS sec server and for easy > key rollover and manageability I have created several new directories on > a usb stick for example. Key files and zone files now all have 774 > permissions , owned by bind:bind , but I was won

question on minimal file permissions

Hi all , I'm running bind 9.7 on Ubuntu server 10.04LTS , and I was wondering if there is documentation on minimal file permissions needed for bind-config files/zone files. The reason I ask is because I'm setting up a DNS sec server and for easy key rollover and manageability I have created sev