> -Original Message-
> From: Peter Andreev [mailto:andreev.pe...@gmail.com]
> Sent: den 17 augusti 2011 16:16
> To: Fredrik Poller
> Subject: Re: rndc: 'addzone' failed: permission denied
>
> 2011/8/17 Fredrik Poller :
> >> -Original Message-
> >> From: bind-users-bounces+fredrik.p
On Wed, Aug 17, 2011 at 04:45:38PM -0400, bl ton wrote:
> We had a syntax error in our inverse zone file using GENERATE and
> extra dash were added to the scope so '199--222' instead of
> '199-222':
>
> $GENERATE 199--222 $ PTR 10-100-60-$.dhcp-bl.indiana.edu.
Ouch! Sorry to hear this!
> I wou
We had a syntax error in our inverse zone file using GENERATE and extra dash
were added to the scope so '199--222' instead of '199-222':
$GENERATE 199--222 $ PTR 10-100-60-$.dhcp-bl.indiana.edu.
I would assume named will check the syntax error and refuse to load this
zone just like it normally do
Would be nice if the error output or log would indicate such failures.
Frank
-Original Message-
From: bind-users-bounces+frnkblk=iname@lists.isc.org
[mailto:bind-users-bounces+frnkblk=iname@lists.isc.org] On Behalf Of
Tony Finch
Sent: Wednesday, August 17, 2011 9:31 AM
To: Fredrik
Hi bind-users,
I would like to clarify something. I have 14 locations each using a
private class c address, and a single dns server which I have just moved
from bind8 to bind9.
I am getting a lot of these:
Aug 17 13:33:13 mail2 named[18610]: client 192.168.16.3#55546: RFC 1918
response from
On Wed, 17 Aug 2011, Marc Lampo wrote:
I did indeed deliberately remove the old DNSKEY,
Before RRSIG's generated with it got expired from the cache.
But to my surprise, the validating caching name server
still replies correctly !
Meaning that that it actually does not re-verify,
once data was f
Yes. It is correct behavior.
There is no revoke method for a publisher. I don't think adding one would be
wise.
--Michael (from an iPhone)
On Aug 17, 2011, at 7:18, "Marc Lampo" wrote:
> Hello,
>
> Experimenting with key roll-over timing conditions,
> with a Bind 9.7.3 setup, I noticed, t
Marc Lampo wrote:
> Meaning that that it actually does not re-verify,
> once data was found to be OK and allowed in the cache.
The point of a cache is to avoid network round trips to re-fetch or
re-validate data while it is in the cache. The DNS protocol tells the
cache how long the zone publish
Marc Lampo wrote:
>
> Experimenting with key roll-over timing conditions, with a Bind 9.7.3
> setup, I noticed, today, that this version does not re-validate DNSSEC
> data, once something makes it into its cache.
>
> I wonder though, if that is correct ?
Yes. When you publish a signed zone you mu
Paul,
I did indeed deliberately remove the old DNSKEY,
Before RRSIG's generated with it got expired from the cache.
But to my surprise, the validating caching name server
still replies correctly !
Meaning that that it actually does not re-verify,
once data was found to be OK and allowed in the ca
On Wed, 17 Aug 2011, Marc Lampo wrote:
It looks like once DNSSEC'd data validates correctly,
that version of Bind will keep reusing that data (until TTL expires).
Or when the RRSIG expiry time is reached, whichever comes first.
While it may make sense, to save on CPU cycles,
I am unsure if t
To use `rndc addzone`, named needs to be able to write to the zone
configuration file in its working directory, called 3bf305731dd26307.nzf
for the _default view. Both named and the user invoking rndc need to be
able to read the rndc.key file which is usually in /etc. You need to
create the zone's
Hello,
Experimenting with key roll-over timing conditions,
with a Bind 9.7.3 setup, I noticed, today, that this
version does not re-validate DNSSEC data, once
something makes it into its cache.
I wonder though, if that is correct ?
What I noticed :
- some data (with "long" TTL) is queried for a
> -Original Message-
> From: bind-users-bounces+fredrik.poller=zetup...@lists.isc.org
> [mailto:bind-users-bounces+fredrik.poller=zetup...@lists.isc.org] On Behalf
> Of Torinthiel
> Sent: den 17 augusti 2011 15:45
> To: bind-users@lists.isc.org
> Subject: Re: rndc: 'addzone' failed: permiss
On 2011-08-17 15:24, Fredrik Poller wrote:
Hello,
I'm trying to use the new addzone feature in rndc, but all I get is the
following error message:
# rndc addzone 'example.com in external { type slave; file "example.com";
masters { 192.168.142.133; }; };'
rndc: 'addzone' failed: permission den
Hello,
I'm trying to use the new addzone feature in rndc, but all I get is the
following error message:
# rndc addzone 'example.com in external { type slave; file "example.com";
masters { 192.168.142.133; }; };'
rndc: 'addzone' failed: permission denied
rndc is configured and works well with o
16 matches
Mail list logo
