I changed our tsig key and broke the world. Actually, the DNS's
are happy. DHCP appears to be happy, but I am generating bad
keys.
I wrote a script as follows:
#! /bin/sh
/usr/local/sbin/dnssec-keygen -a hmac-md5 -b 512 -n HOST keyname
It produced a beautiful-looking key that bind was happy
On 04/27/2011 04:40 AM, /dev/rob0 wrote:
With one KSK and one ZSK per zone, we're looking at *12* keys to go
in the connected sites' trusted-keys. Errr, no, I guess I only need
the KSKs, but still, that's 6. I'd prefer that it be fewer than that.
One sounds simpler, in fact.
But the
While writing this, a compromise came to me. :) I can run forward
zones as children of a single TLD, and use 168.192.in-addr.arpa. as
parent for all my reverse zones. :)
If you're setting up your own DNS root server, you could sign that root
zone, have your clients enter that island of trust
Torinthiel writes:
Try deleting the space. Just this. dnssec-keygen inserts space for
readability purposes only. If you still have original *.key and
*.private files, you can check it yourself, that the Key field in
*private contains exactly the same as *.key, minus the space.
It actually had
Hi,
i want to implement a bind server that only answer query on
www.google.comhttp://www.google.com and for the rest answer 127.0.0.17.
my solution:
www.google.comhttp://www.google.com IN CNAME
www.google.comhttp://www.google.com.
*.com IN A 127.0.0.17
*.fr
Hi,
How to declare multiple signed key paths in key-directory. When i declare as
follows, named not starting.
key-directory {/var/named/zones;/root/ramesh/Largezone;}
Please clarify me.
Thanks Regards,
Ramesh
___
bind-users mailing list
rams brames...@gmail.com wrote:
How to declare multiple signed key paths in key-directory. When i declare as
follows, named not starting.
key-directory {/var/named/zones;/root/ramesh/Largezone;}
You can specify a key-directory inside a zone statement if you want the
keys for that zone to be
In message 4db7b21d.8010...@data.pl, Torinthiel writes:
On 04/27/11 05:40, /dev/rob0 wrote:
On Tue, Apr 26, 2011 at 10:15:18AM +0100, Phil Mayers wrote:
On 04/26/2011 02:13 AM, /dev/rob0 wrote:
Is there any
reason why I can't use the parent zone's KSK for the dynamic
zone? Better yet,
Bonjour,
J'aimerai mettre à jour mes zones via le méchanisme Dynamic DNS Update en
fonction des machines qui se connectent sur mes différentes cartes réseau.
Mon serveur est équipé de trois cartes ethernet avec différents subnet qui ne
sont pas accessibles les uns des autres et j'ai besoin que
Bonjour,
J'aimerai mettre à jour mes zones via le méchanisme Dynamic DNS Update en
fonction des machines qui se connectent sur mes différentes cartes réseau.
Mon serveur est équipé de trois cartes ethernet avec différents subnet qui ne
sont pas accessibles les uns des autres et j'ai besoin que
In message BANLkTi=jzsrn3xbgsbg5oiymxbyren6...@mail.gmail.com, rams writes:
Hi,
How to declare multiple signed key paths in key-directory. When i declare as
follows, named not starting.
key-directory {/var/named/zones;/root/ramesh/Largezone;}
The syntax is key-directory quoted_string;
If each of your three adapters get their IP's from DHCP, why don't you
configure the DHCP server to update DDNS instead of the client (i.e. - a
separate ddns-domainname statement for each DHCP subnet)? That way you can
specify the zone to update dynamically based on the subnet each adapter gets
Hi all.
Well, I'm stumped.
This is causing non-delivery of mail for the affected domain because it
is blocking fallback from IPv6 to IPv4 for the domain. The problem
smells like misconfigured IPv6 somewhere along the way, but all the
servers involved (that have IPv6 addresses) seem to be
Hi everbody ,
we are unable to lookup the domain goelexports.com
[root@D1OKH680RL ~]# dig goelexports.com
; DiG 9.2.4 goelexports.com
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 63082
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0,
On Wed, 2011-04-27 at 17:45 +0530, kshitij mali wrote:
we are unable to lookup the domain goelexports.com
;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 63082
A trace shows the likely problem:
dns2-rz-ap:[log]$ dig +trace goelexports.com
[...]
;; Received 505 bytes from
In message 1fd98bf0-1d91-419b-beca-9958295de...@bluewin.ch, Flex Banana write
s:
Bonjour,
J'aimerai mettre =E0 jour mes zones via le m=E9chanisme Dynamic DNS =
Update en fonction des machines qui se connectent sur mes diff=E9rentes =
cartes r=E9seau.
Mon serveur est =E9quip=E9 de trois
In message 1303906294.2246.93.camel@karl, Karl Auer writes:
Hi all.
Well, I'm stumped.
This is causing non-delivery of mail for the affected domain because it
is blocking fallback from IPv6 to IPv4 for the domain. The problem
smells like misconfigured IPv6 somewhere along the way, but
In message banlktik70mdfrhcbfi+7ye_sibccoge...@mail.gmail.com, kshitij mali w
rites:
Hi everbody ,
we are unable to lookup the domain goelexports.com
goelexports.com is delegated to the following nameservers which do not
exist.
Mark
goelexports.com.172800 IN NS
Karl Auer ka...@biplane.com.au wrote:
Using our local caching, recursive BIND9 nameservers, we get SERVFAIL on
a particular domain, namely mailergoat.rsi.co.jp. But from other
places, we get NOERROR (which is the correct answer, because there is a
A record with that name). However, from some
On 27/04/2011 15:03, Karl Auer wrote:
On Wed, 2011-04-27 at 17:45 +0530, kshitij mali wrote:
we are unable to lookup the domain goelexports.com
;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 63082
A trace shows the likely problem:
dns2-rz-ap:[log]$ dig +trace goelexports.com
[...]
;;
In message 4db829e3.5010...@mailclub.fr, Laurent Bauer writes:
On 27/04/2011 15:03, Karl Auer wrote:
On Wed, 2011-04-27 at 17:45 +0530, kshitij mali wrote:
we are unable to lookup the domain goelexports.com
;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 63082
A trace shows the
Assuming a case where there is an empty CNAME chain, but no error,
should getaddrinfo() return EAI_NONAME or EAI_FAIL?
For example:
; DiG 9.8.0 www.apple.com
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 64776
;; flags: qr rd ra; QUERY: 1,
Greetings
I have 2 systems master and slave, the slave seems to not allow the zone
transfer.
master 192.168.1.2
//
// mydomain.com
zone mydomain.com {
type master;
file domain.db;
allow-transfer { 192.168.96.3; };
allow-update
On 04/28/11 05:10, jeffrey j donovan wrote:
Greetings
I have 2 systems master and slave, the slave seems to not allow the zone
transfer.
It's the master that doesn't allow zone transfer. You have
allow-transfer and allow-update in mydomain.com (which I guess is
transfering correctly, at
24 matches
Mail list logo
