Hi,
I just tried firing up BIND 9.10.0a2 on one of our recursive
servers, and after a relatively short while I got:
Feb 17 09:34:26 oliven named[19939]: name.c:534: REQUIREname) != ((void
*)0)) (((const isc__magic_t *)(name))-magic == ((('D') 24 | ('N') 16
| ('S') 8 | ('n'))
On 17 February 2014 01:17, houguanghua houguang...@hotmail.com wrote:
I want to override the IP address of NS, for I want to use other authority
DNS which isn't registered.
For that you use forwarding. Create a zone statement for the zone in
question and forward the queries to a different name
Did you configure bind with the patched version of openssl ?
On 14 Feb 2014, at 19:43, Sergio Ramirez srami...@seciu.edu.uy wrote:
Hi,
We want to sign zones with bind using an HSM Luna PCI Safenet card.
The command 'dnssec- keyfromlabel' fails:
# /usr/local/sbin/dnssec-keyfromlabel -v
Yes,
./configure --enable-threads --with-openssl=/usr/local/ssl
--with-pkcs11=/usr/lunapci/lib/libCryptoki2.so
In /usr/local/ssl directory is the patched (vendor + bind) openssl.
A detail: the openssl version 1.0.0e and the bind patch is for 1.0.0f
--
Sergio R.
- Mensaje original
pc1# /usr/local/ssl/bin/openssl engine
(dynamic) Dynamic engine loading support
(4758cca) IBM 4758 CCA hardware engine support
(aep) Aep hardware engine support
(atalla) Atalla hardware engine support
(cswift) CryptoSwift hardware engine support
(LunaCA3) Luna CA3 engine support
(chil) CHIL
On 02/17/2014 11:37 AM, Kevin Darcy wrote:
Ugh, that mixes apples (recursive resolution) and oranges (iterative
resolution).
Out of curiosity, what bad thing do you think will happen if you mix
these two functions?
Doug
___
Please visit
Bad performance, bad reliability, clandestine IP-over-DNS tunnels
between networks that are supposed to be isolated...
Is that enough?
Understanding the pros and cons of iterative versus recursive resolution
is one of the few things still separating us from the MCSE savages...
Use a stub zone if you want to override published NSes _without_
crossing the very-important boundary between iterative and recursive
resolution.
Actually no - use static-stub (newer versions of BIND) - otherwise the
NS records received from the zone may override the NS that you want to use.
To clarify, it's sometimes necessary to mix iterative and recursive
resolution in the same nameserver instance, maybe even the same view.
Oftentimes, there simply is no choice, because the source of the zone
information doesn't make an authoritative nameserver available, only a
forwarder (thus
Indeed. Regular stub only overrides the parent's delegation NS
records; static-stub overrides the apex NS records of the zone as
well. My uses of the words stub (which I intended to cover both forms
of stubbing) and published (which I intended to cover both the
delegating and apex records)
Thanks a lot. It's a good solution.
Date: Mon, 17 Feb 2014 09:09:13 +
Subject: Re: how to modify the cache
From: sjc...@gmail.com
To: houguang...@hotmail.com
CC: bind-users@lists.isc.org
On 17 February 2014 01:17, houguanghua houguang...@hotmail.com wrote:
I want to override the IP
11 matches
Mail list logo
