as far as using the resolver. Can
you do host address lookups at all there?
You can suppress the check by using -i local on named-checkzone
(see the man page). But it would be better to fix the configuration
problem, of course.
--
Chris Thompson
Email: [EMAIL PROTECTED
nameserver externally) reminds us
-- for edu rather than com/net, but there can't really be a
difference, can there? the nameservers are just a subset --
glue promotion is still happening. One has to wonder what soon
means,
--
Chris Thompson
Email: [EMAIL PROTECTED
to represent all the other
usual stuff. After all, the SOA record isn't syntactically valid
either.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
about them until it comes back.
In fact, it's such a bad idea that I'm not really sure why BIND continues
to allow omitting file for a type slave (or stub) zone, or at least why
it doesn't issue a big fat warning about about it.
--
Chris Thompson
Email: c...@cam.ac.uk
the resulting binary on a workstation without trouble,
but it is under very light load there.)
The C compiler is the Sun Studio 10 one, if that matters.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https
the answer fit.
Both entirely legal, of course.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
debugging interfaces only]; };
recursion no;
for our authoritative-only nameservers. (Some individual zones then have
overrides on allow-query.)
I think a lot of your confusion is due to thinking that the cache
includes the authoritative zone data. It doesn't.
--
Chris Thompson
Email: c
2821 gives
no sanction for that. Section 5.1 in RFC 5321 makes it even more explicit.
You can, of course, turn off this particular check in BIND by specifying
check-mx-cname ignore; in the options or zone statements.
--
Chris Thompson
Email: c...@cam.ac.uk
._tcp for clients.
But would this satisfy the OP? The RDATA of an SRV record isn't meant to
reference a CNAME any more than that of an MX record is.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https
the changes at the two registries
mentioned.
Weird huh?
See promoting glue to answer, and the evils thereof, passim.
In particular
https://lists.isc.org/pipermail/bind-users/2008-December/074107.html
https://lists.isc.org/pipermail/bind-users/2008-December/074164.html
--
Chris Thompson
Email: c
On Feb 1 2009, Niall O'Reilly wrote:
[...]
You need to read the documentation for the commands
involved. Try
# man netstat
# man grep
# man wc
Can I suggest
$ man netstat
$ man grep
$ man wc
instead?
:-) / 2
--
Chris Thompson
Email: c...@cam.ac.uk
A records does
not, and after that SOA and NS lookups work OK as well.
Hmmm...
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Feb 6 2009, Mark Andrews wrote:
In message prayer.1.3.1.0902051754210.4...@hermes-2.csi.cam.ac.uk,
Chris Thompson writes:
[...]
More info about the not consistently bit. With nothing about
them in the cache (rndc flushname advocaat.pro) looking up SOA or
NS records for them gives SERVFAIL
.host.com.
_sip._udp.as.host.com. SRV 0 1 5060 as2.host.com.
then a client is meant to try as1 2/3 of the time, and as2 1/3 of
the time. The intended consequences of using a zero weight value
are spelled out in detail in RFC 2782, but there is no need to
rely on them.
--
Chris Thompson
Email: c
to behave
like this.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
be the difference on both? thank you
Are you *sure* they are both running BIND 9.5.0-P2 ? Much the most likely
explanation is that the one producing short statistics is a pre 9.5 version.
I don't believe that BIND 9.5.x even includes any code to generate the old
format.
--
Chris Thompson
Email: c
-up to say that ISC have kindly provided me with
a fix that works:
2559. [bug] dnssec-dsfromkey could compute bad DS records when
reading from a K* files. [RT #19357]
which will presumably be in the next 9.6.x version.
--
Chris Thompson
Email: c...@cam.ac.uk
a bug? Do others see the same effect?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Resurrecting part of a thread from last September, when I wrote:
On Sep 23 2008, Stephane Bortzmeyer wrote:
On Tue, Sep 23, 2008 at 02:07:43PM +0100,
Chris Thompson c...@hermes.cam.ac.uk wrote
a message of 20 lines which said:
[*] How do I know? Well dlv.isc.org uses NSEC records
could have stuck or nearly-stuck
transfers going on. rndc status will tell you how many. You may
need to adjust max-transfer-time-out/max-transfer-idle-out
rather than transfers-out.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
the naming convention used,
you have to agree it with the delegating authority (unless you are
in the happy position of *being* the delegating authority as well).
All too likely, they will not offer you any choice in the matter.
--
Chris Thompson
Email: c...@cam.ac.uk
is slightly different from a channel
that you could set up yourself with severity dynamic. The
latter would revert to severity info when you used rndc notrace,
but default_debug magically turns itself off completely.
--
Chris Thompson
Email: c...@cam.ac.uk
(and should) test a new named.conf for syntax errors in
advance by using the named-checkconf program.
2. BIND 9.2.2 is very very old. The whole of the 9.2.x series is EOL
(and that was after 9.2.9). It's long past time that you upgraded.
--
Chris Thompson
Email: c...@cam.ac.uk
TYPE65535
record.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
...
But this is getting off-topic for bind-users.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
@ 86400 ::1
(db.localhost-rev)
; Like empty zone, but modified for reverse lookup of localhost (IPv4 or IPv6)
@ 86400 SOA localhost. . 0 28800 7200 604800 86400
@ 0 NS localhost.
@ 86400 PTR localhost.
--
Chris Thompson
Email: c...@cam.ac.uk
quite upset about the security implications.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Apr 3 2009, R Dicaire wrote:
On Fri, Apr 3, 2009 at 10:55 AM, Chris Thompson c...@cam.ac.uk wrote:
This one is hardy perennial, of course, but I've been working on an
index zone in a certain local DNS context recently, and thinking
how convenient it would have been if BIND had provided one
On Apr 3 2009, Niall O'Reilly wrote:
Or Google for vixie metazone (without the quotes).
... and it tells me I probably wanted to know about nosedrops
(Vista-methasone) ... :-)
[yes, OK, and some real links as well]
--
Chris Thompson
Email: c...@cam.ac.uk
the same
thing already. Also, a suggestion to ISC that they use lrand48() on
Solaris, in the same way as they use arc4random() if that is available.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https
caching?
RFC 2308 is not clear.
How could $TTL override the SOA's min TTL? The $TTL value doesn't exist
in the compiled zone, and of course $TTL could occur many times in the input,
with different arguments. Maybe you mean the TTL value of the SOA record
or something like that?
--
Chris Thompson
.
Is there any way to limit the zone-transfer to require both key and
known IP using allow-transfer?
Yup. Use
allow-transfer { !{!11.22.33.44}; key secret-key; };
Now sit down with a cold, cold drink and puzzle out why that works!
--
Chris Thompson
Email: c...@cam.ac.uk
inconsistent: since when has the rdata part
of an A or record been a domain name?
The real restriction seems to be that the rdata consists of a single
lexical item.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
It seems that even in the most recent versions of BIND, rndc supports
only the hmac-md5 algorithm. Given that MD5 is being deprecated all over
the place (I am thinking of draft-ietf-dnsext-tsig-md5-deprecated-02
in particular), is this wise?
--
Chris Thompson
Email: c...@cam.ac.uk
, is a perfectly reasonable requirement.
What you need to do is to add a prereq requiring the RRset to exist
(prereq yxrrset mandy11.example.com A) or for it to have particular
contents (prereq yxrrset mandy11.example.com A 192.168.255.42)
before it is deleted.
--
Chris Thompson
Email: c...@cam.ac.uk
are the TYPE65535 records actually for?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
for a deleted key, but are not required
or used when resigning.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
BIND imposes the same restriction on the key-directory value as it does
on directory, i.e. that it has to be an absolute path or .. I don't
see why this should be necessary: why can't it be a path relative to the
directory setting? (Just as file values in zone statements can be.)
--
Chris
On Jun 11 2009, Jeremy C. Reed wrote:
On Thu, 11 Jun 2009, Chris Thompson wrote:
We have recently turned on DNSSEC validation (using dlv.isc.org) in our
main university-wide recursive nameservers, which are running BIND 9.6.1rc1.
No-one is actually complaining, but the counts I am seeing
nameservers.
Just to expand on that a bit: the DS record in the parent zone correctly
describes the KSK in the child zone, and the RRSIGs in 8.84.in-addr.arpa
appear to be correct ... except that they all expired over 15 months ago!
--
Chris Thompson
Email: c...@cam.ac.uk
servers.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
in the ARM.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
out an argument has such a
wide-ranging effect that might not have been intended. rndc freezeall,
say, would have been a better idea.)
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
Responding to Queries
for NSEC3 Owner Names mandates the response you are seeing.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
can find a one-character TLD.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
.
- propagation of what?
Who knows? But AFAIK MIT don't actually *intend* bitsy.mit.edu to be
an open recursive nameserver, although it is one. (Somewhat worrying
from our POV, as it's one of the official slaves for cam.ac.uk.)
--
Chris Thompson
Email: c...@cam.ac.uk
- if so I can't work out which entry in the
CHANGES file it corresponds to.
Both 9.6.0 and 9.6.1 give REFUSED if one attempts to delete the
last KSK (although they let you remove all the ZSKs).
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing
validation you can do on an RSASHA1
key record (the most popular type), absent the signatures that use it.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Jul 15 2009, Mark Andrews wrote:
In message prayer.1.3.1.0907141701530.27...@hermes-2.csi.cam.ac.uk,
Chris Thompson writes:
In BIND 9.6.0 one could take an unsigned zone and add an initial
KSK and ZSK to it using nsupdate (and if the right files were in the
key directory, it would sign
.
Unfortunately I failed to get a core dump of named in the non-responding
state (I need to review my procedures for that!) so I haven't got enough
to report to bind-bugs. This is an appeal to ask if anyone has seen
anything similar.
--
Chris Thompson
Email: c...@cam.ac.uk
for some time,
even though the correct record has been added. How to deal with this case?
Do the delete and the add in the same update transaction:
nsupdate EOF
update delete ...
update add ...
send
EOF
--
Chris Thompson
Email: c...@cam.ac.uk
out DNSSEC,
won't they?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
to *reply*
to v6 queries without *generating* them. (For the record, I have the
same issue than Gilles.)
Would
server ::/0 { bogus yes; };
work?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https
, or will the
numbers start dropping as higher-level domains get their signed
delegation procedures going?
Anyway, congratulations and thanks to ISC for providing this service.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users
draft-livingood-dns-redirect-00 over on the dnsop mailing list -
see http://www.ietf.org/mail-archive/web/dnsop
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Aug 3 2009, Danny Mayer wrote:
Chris Thompson wrote:
[...]
You are misinterpreting what I said. Of course erroneous glue needs to be
corrected. But there is no need for the servers to return IP addresses
provided for glue as an *answer* to a query, as the *.gtld-servers.net ones
do, rather
On Aug 3 2009, JINMEI Tatuya / 神明達哉 wrote:
At 03 Aug 2009 11:52:10 +0100,
Chris Thompson c...@cam.ac.uk wrote:
will believe this answer (and cache it). This would only be proper
behaviour if the *.gtld-servers.net were slaving (possibly stealth slaving)
potomacnetworks.com - which of course
is (comfortably) later than the next
time you expect to resign the zone in the same way. (I am assuming that
you are using offline signing only.)
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
On Aug 14 2009, Paul Wouters wrote:
On Fri, 14 Aug 2009, Chris Thompson wrote:
I'm running into a strange issue where when signing a zone with
re-using signatures, that sometimes 1 RRSIG record ends up with
a validity time of almost nothing. This happens for instance when
signing (and re
only makes the
interval less, by up to the -j amount, never more.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
hints file if you are using a fake root for
a network isolated from the Internet. Otherwise, it's largely a matter of
taste. Personally, I prefer to keep one in my configurations for the small
amount of extra flexibility that provides.
--
Chris Thompson
Email: c...@cam.ac.uk
for months without interruption.
We hit our master once a day, in the
early hours but that's just habit and I've always thought we were a bit
hyperactive.
I think so too.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind
+norec when appropriate?).
Query logging will help you track them down if you are really concerned.
At 0.4%, I wouldn't worry.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
to transient network
errors or delays, but I have no idea whether they are likely to be local
or at at the dlv.isc.org server end.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo
.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
only be treated as a hint, anyway).
What I would like to see is for more reverse zones to go away, by use
of the scheme I describe in
http://people.pwf.cam.ac.uk/cet1/prune-reverse-zones
(There probably ought to be a date in that - it was written last April.)
--
Chris Thompson
Email: c
On Sep 30 2009, Mark Andrews wrote:
In message prayer.1.3.2.0909291446310.21...@hermes-1.csi.cam.ac.uk,
Chris Thompson writes:
DNSSEC certainly adds to the aggravation of having lots of piddling little
reverse zones. Some people may just decide not to bother signing reverse
zones (reverse
-of-least-surprise that
the same rules should apply to the $ORIGIN argument as well. And of
course, there are people relying on that behavior as well, especially
within $INCLUDE'd files.
[*] Hi there, se TLD administrators! :-)
--
Chris Thompson
Email: c...@cam.ac.uk
, options, logging,
zone. But not acl because the elements there do not (in general) start
with keywords.
For the whole truth, you need to look at lib/isccfg/namedconf.c and
lib/isccfg/parser.c and work out in exactly which cases cfg_parse_mapbody
in the latter gets called :-(
--
Chris Thompson
Email
that it will be out before 9.7.0b2 is...
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
).
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
of clients to change their DNS
resolver IP address.
Put the authoritative-only nameservers at the new IP addresses, keeping
the recursive ones at the original IP addresses.
Been there, done that!
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users
.)
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
. You have a lot of errors to
correct.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
into 9.5.2.)
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
.
[It's never been entirely clear to me why these functions have to be
combined, especially given that server [ipaddr/len] {bogus yes;};
can be used to block outgoing queries.]
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users
-insensitivity). Ever since I first
saw you recommend this, I have wondered why did I ever think TXT records
were the right way to do it? ...
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
is fortunate
timing.
(But it's not too obvious to me that adding support for a new signing
algorithm should necessarily be considered a major functional change.)
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users
?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
transfers generally, at least allow
them on the loopback interface.) Then start using masterfile-format
raw, and forget about thinking of zone files are something human
readable ...
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users
I
have forgotten as well.)
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
a shorter key and see if that works.
Just to clarify, does this also apply to HMAC-MD5 (block size = 64 bytes,
digest size = 16 bytes) ?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
is what I know:
running 'pfiles' on named on the two complaining
show 1023 files the happy ones are showing less
than that. This tells me there's a limit of 1024
somewhere.
[... rest snipped ...]
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users
voice heard.
We hear you. Expect a decision in the next few days.
So, has the decision been made?
[I am tentatively planning on going to 9.7 in production round about Easter,
in good time for the RSASHA256-signed root zone in July, but it would be
nice to have a fall-back option.]
--
Chris
or was invalid.
But the CHANGES files list *three* security fixes (2827, 2828 2831),
none of which seem to be superficially the same vulnerability. So is
the two above a mistake?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users
in the query pattern that might
explain this, without success so far. If anyone else has seen a similar
effect as a result of upgrading, please let me know.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
not to be the case ...
(Using -m record was motivated by a unfreed-memory-at-shutdown abort
that we observed with 9.6.1-P1 -- and not since -- and reported on
bind9-bugs as RT #20675.)
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
(where the DLV records
always come in pairs with digesttype=1 and digesttype=2). [Self
registration at dlv.isc.org asks for DNSKEY records in the first
place, of course.]
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users
there be an additional @parent.name.server argument?
Not necessary if the nameserver you are sending the dig request to
is DNSSEC-aware, and therefore following RFC 4035 section 3.1.4.1.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
is faked ...
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
;
Regardless of Shumon's particular case, this looks like something
that is going to bite more nameservers in the next few years, as
caches expand to accommodate increasing numbers of RRSIG records
(which are not small).
--
Chris Thompson
Email: c...@cam.ac.uk
clear ... :-)
The explanations are just my guesses, of course.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
, though).
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
rndc command?
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
that).
--
Chris Thompson University of Cambridge Computing Service,
Email: c...@ucs.cam.ac.ukNew Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
___
bind-users mailing list
bind-users@lists.isc.org
https
as bad as still running BIND 8. Not *quite* ... :-)
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
problems, as
others have suggested. And firewall software might be mangling certain
outgoing queries, or the responses to them, making them appear to time
out.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
earlier.
Of course, in an ideal world I would have taken cache dumps, etc, but
these are operationally significant servers and it was more important
to get reverse lookup working again asap.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
On Mar 27 2010, Michael Sinatra wrote:
On 03/25/10 05:21, Chris Thompson wrote:
I'll be reporting this to bind-bugs, but I thought I would mention it here
in case others can confirm the effect.
Our two main ecursive nameservers used DNSSEC validation via dlv.isc.org.
In the past we have had
1 - 100 of 290 matches
Mail list logo