Did you try re-running configure with ‘--with-maxminddb=/usr’ and then
recompiling?
What does 'named -V’ report when you do this?
--with-maxminddb is used to find the header (include) files, the library and
the database. These should all be relative to a common prefix which is what
you
You walk up to me, virtually on the internet, and say "I work for Barclays
Bank" or "I'm a prince from Nigeria" my patience is a lot larger than my
trust...
Yes, example.com is a real thing. It's recommended for written examples in
documentation. For some reason people think they can copy and
Dear All,
I posted my question originally at GitLab issue area because I thought it’s
maybe a bug. But it isn’t.
I compiled commit c77fcc61 (HEAD -> v9_18, origin/v9_18) with configure options
--enable-geoip --with-maxminddb=/usr/share/GeoIP
when i run named -V there is:
default paths:
I am ridiculed by an ISC member for using a reserved domain according to
For the record, assuming you mean me, I am not affiliated with the gold folk at
ISC.
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this
Suppose I was working on a problem for Barclays Bank
In that case I would think Barclays Bank's Platinum Enterprise BIND Support
contract would cover answering such questions.
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the
I've been using open source for decades. Long enough that I rarely need to
use lists for help.
Here's the RFC mentioning reserved domain name use:
https://www.rfc-editor.org/rfc/rfc2606.html
I am ridiculed by an ISC member for using a reserved domain according to
the purpose in the RFC and then
Well, then don’t expect people will want to help you. If you need to hide the
information and you need help then you should be prepared to pay for the
support. Coming to open source list asking for help for free and expect other
people to help you is just plain arrogant behavior. Again, Bert
Perhaps you are unaware of the use of this domain as a generic filler.
https://example.com/
I don't know why so many people assume the DNS information
will be openly shared. Suppose I was working on a problem for Barclays
Bank, do you suppose they would be thrilled with me posting
their
The values in the file dsset-example.com generated by signing the zone are not
good.
If they are 'not good' then it's possible you are using an outdated dsset
file. (And you are hiding domain names; I doubt example.com has been delegated
to you.)
dnssec-signzone creates dsset- files when
I think I see the problem now. The values in the file dsset-example.com
generated by signing the zone are not good. I believe this was the bad
value being provided as reported by the registrar. It was mentioned
in a user's comment on the DNSSEC guide that using the dsset file
wasn't the thing
That's helpful. Very similar to what I found a minute ago on
https://blog.apnic.net/2019/05/23/how-to-deploying-dnssec-with-bind-and-ubuntu-server/
with their example:
dig @localhost dnskey irrashai.net | dnssec-dsfromkey -f – irrashai.net
I've done this for my domain and both of my DS keys
If you have the public key file you can do:
dnssec-dsfromkey Kexample.com.+013+55640.key
example.com. IN DS 55640 13 2
CF681BA4D66B41912B4DC525ADFC948218EC3DBA724F266D25BD1702BE8A8BA9
Or you can query the auth nameserver like this:
dig @localhost example.com. DNSKEY | egrep "IN\sDNSKEY\s257" |
You don’t put DS into child zone, the DS record goes to parent zone,
so your question doesn’t make sense in this context.
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working
Let's put it another way:
Using tools like host or dig, can I look up my DS without it talking to the
domain registrar?
If it is always getting from the domain registrar, I can't see how to check
the DS is set up all right purely within bind.
On Mon, May 16, 2022 at 10:16 AM Anand Buddhdev
Hi Felicia.
As the previous responder said, don't think of entire servers being one or
the other, it's individual zones.
IMHO the terms "primary" and "secondary" are just as meaningful as the
terms "master" and "slave", but without the emotional and historical
baggage. You just have to give
On 16/05/2022 15:07, frank picabia wrote:
Hi Frank,
I have dsset-example.com showing two DS keys with algorithm 8.
I included both .key files in my DNS. Only digest 1 comes back
in a dig query.
I use dnssec-signzone tool to sign the zone file.
The domain registrar says there is a problem
I have dsset-example.com showing two DS keys with algorithm 8.
I included both .key files in my DNS. Only digest 1 comes back
in a dig query.
I use dnssec-signzone tool to sign the zone file.
The domain registrar says there is a problem with the digest 2 value.
It's copied directly from the
Coding a zone statement within the dhcp config file tells dhcp where to
send DDNS updates to. This has traditionally been a method used to update a
truly stealth (hidden) DNS master/primary zone.
However, in the case of using bind DNS servers to provide DNS for Windows
Active Directory, this can
On 16/05/22 21:34, Matthijs Mekking wrote:
Hi Nik,
On 16-05-2022 07:49, Nick Tait via bind-users wrote:
Hi there.
Ever since I updated my BIND configuration to use the new
dnssec-policy feature (a year or so ago) my KSK/CSK rollovers have
been a complete shambles. My problems stem from the
On 16/05/22 20:05, Angus Clarke wrote:
As mentioned in a separate reply to Grant, the goal is to have
(amongst other things) local recursors "find" the locally deployed
authoritative servers through NS records. What hasn't been mentioned
is that I am also looking to simplify configuration
Hi Nik,
On 16-05-2022 07:49, Nick Tait via bind-users wrote:
Hi there.
Ever since I updated my BIND configuration to use the new dnssec-policy
feature (a year or so ago) my KSK/CSK rollovers have been a complete
shambles. My problems stem from the inference (based documentation and
Thanks for taking the time Nick and Grant,
As mentioned in a separate reply to Grant, the goal is to have (amongst other
things) local recursors "find" the locally deployed authoritative servers
through NS records. What hasn't been mentioned is that I am also looking to
simplify configuration
22 matches
Mail list logo
