Solved: Including the key was incorrect. This works fine:
controls {
inet ::1 allow {
localhost;
} ;
Dave
--
David Forrest
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
.
Dave
--
David Forrest e-mail: drf at maplepark dot com
Maple Park Development http://www.maplepark.com
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
paths on all
zone files just cuts out any question. Usually the slave server will get a
new copy master fairly quickly if you don't save it but it is cleaner if
it has a fairly recent copy locally.
Dave
--
David Forrest e-mail: drf at maplepark dot com
St. Louis
On Tue, 14 Jan 2014, LuKreme wrote:
On 14 Jan 2014, at 09:02 , David Forrest d...@maplepark.com wrote:
On Tue, 14 Jan 2014, LuKreme wrote:
On 13 Jan 2014, at 20:36 , Mark Andrews ma...@isc.org wrote:
In message 8919443e-8f62-48cd-8da4-9c9632fc5...@kreme.com, LuKreme writes:
OK, I am
I slaved the root zone without a file statement in my named.conf for the
slaved file and it worked. I added the file statement later to my
named.con as I wanted a local copy for quicker startup. I think I may
have touched the file to get it started though. When I finally looked at
it, I
--
David Forrest
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
xAxgH0fG7TZ7zEJOUwCITlWkj1lrU4rH0xVNQaQKYez2pcF+CnGJzy7C
A4SYBRdVXAU/slxu56ahvi7GNS7PHkGJiUVUJh65iEpS2HY3qOdv3CUn jRA=
(...)
--
David Forrest
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind
and
serve your own 5.168.192.in-addr.arpa. as I do. I don't expect it to
transfer out as it only has meaning in an internal view.
Dave
--
David Forrest e-mail: drf at maplepark dot com
St. Louis, Missouri
___
Please visit https://lists.isc.org
.
This was on the list a few days ago:
https://dougbarton.us/DNS/2317.html
Dave
--
David Forrest
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
://pastebin.com/S9LM6a59
Does your customer have a SPF record with old info (you show no TXT or SPF
RRs) ?
Dave
--
David Forrest St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind
On Sun, 17 Feb 2013, Vernon Schryver wrote:
In any case, some naming and shaming seems appropriate. Basic
Naming and shaming seems excessive for a free service.
Dave
--
David Forrest St. Louis, Missouri
___
Please visit https://lists.isc.org
.
Dave
--
David Forrest
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
signed site, I use the available recursing
validating oarc server.
dig +dnssec @bind.odvr.dns-oarc.net maplepark.com
and get the flags returned in a crontab script that checks it daily for
the ad flag.
Dave
--
David Forrest e-mail drf @ maplepark.com
Maple Park Development
queries
--
David Forrest
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
and/or +[no]recurse
--
David Forrest St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Wed, 21 Dec 2011, Peter Andreev wrote:
Ok, may be I'm a paranoid and worrying about trifles, but news about
compiled in hints astonished me.
The test shown here may calm you (if it shows refusal):
https://www.dns-oarc.net/oarc/articles/upward-referrals-considered-harmful
Dave
--
David
://www.cymru.com/Documents/bogon-bn-agg.txt; # Aggregated
list.
Here's a script I use:
http://www.maplepark.com/~drf/consults/Getblackhole
--
David Forrest
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
null;
};
...
category lame-servers { null; };
The new ARM gave me the hint of the config change.
Dave
--
David Forrest
St. Louis, Missouri___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
--
David Forrest
Maple Park Development Corporation
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
IN A 194.176.105.223
nsb.nhs.uk. 76348 IN A 80.2.101.230
;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Fri Jun 17 09:17:37 2011
;; MSG SIZE rcvd: 108
[drf@maplepark ~]$
--
David Forrest
St. Louis, Missouri
be. In the example, a
max-cache-size of .4*10GB leaves a residual pool that far exceeds BIND's
requirements. The answer must be determined empirically; If performance
is adversely affected then (and only then) limit the cache size .
Dave
--
David Forrest
Maple Park Development Corporation
On Thu, 14 Apr 2011, Alan Clegg wrote:
On 4/14/2011 10:23 AM, hugo hugoo wrote:
I know that if bind is installed via apt-get install (I am using debian
linux version), there is automatically a bind9 startup script in
/etc/init.d/ directory.
Since named just works and I do everything else
On Thu, 14 Apr 2011, Alex wrote:
Hi,
I would figure this is a FAQ, but I can't find it. My apologies if I
somehow missed searching properly.
Where can I find a description of what the variables at the end of the
line in the query log mean? For example:
14-Apr-2011 17:27:54.277 queries: client
set it
up.
Dave
--
David Forrest e-mail drf @ maplepark.com
Maple Park Development Corporation http://xen.maplepark.com
St. Louis, Missouri(Sent by ALPINE 2.01 FEDORA 11 LINUX)
___
bind-users mailing list
bind-users
On Wed, 1 Dec 2010, lst_ho...@kwsoft.de wrote:
Zitat von David Forrest d...@maplepark.com:
On Tue, 16 Nov 2010, Mark Andrews wrote:
snipped
Isn't sufficient to configure the root trust anchor inside managed-keys
{};
statement? If I understand correctly the key should be automatically
On Fri, 12 Nov 2010, Phil Mayers wrote:
On 12/11/10 12:49, David Forrest wrote:
and, on checking named.conf, I found the entry for br. as:
trusted-keys {
br. 257 3 5
AwEAAdDoVnG9CyHbPUL2rTnE22uN66gQCrUW5W0NTXJBNmpZXP27w7PMNpyw3XCFQWP/XsT0pdzeEGJ400kdbbPqXr2lnmEtWMjj3Z/ejR8mZbJ/6OWJQ0k
for the message and found it in
./bin/named/server.c but didn't go any further as my invocation hack
worked for me and it just seemed to be a log info message. YMMV.
Dave
--
David Forrest e-mail d...@maplepark.com
Maple Park Development Corporation http://xen.maplepark.com
able to
get the external addresses by specifying the server address to be the
external IP (via host or dig). Most don't need them though. It does
require separate zone files though. I don't mind sharing my .conf file -
just email me.
Dave
--
David Forrest e-mail d
it directly from the command line though, so running from
the command line as root should not have that ownership problem. You
might check the actual install directory as you might be running the old
executable.
Dave
--
David Forrest e-mail d...@maplepark.com
Maple Park
On Thu, 9 Sep 2010, Lyle Giese wrote:
David Forrest wrote:
On Thu, 9 Sep 2010, Lyle Giese wrote:
I am trying to install bind 9.7.1-P2 from source on a SLES 10 SP3 server.
When I run named from the command line, it runs, but fails to open and
write any of the zone files it downloaded
On Sat, 17 Jul 2010, Lyle Giese wrote:
OK I am confused a bit. Can someone shed just a bit of light on this
for me? (This is such a new topic not much is available in searches yet)
IANA put out anchors2keys python script and I have that working. If I
include the resulting files into
this instead.
additional-from-cache no; //
https://www.dns-oarc.net/oarc/articles/upward-referrals-considered-harmful
zone .
[zone ... ]
}
and it has been working well. I do use all private addresses for my
internal network and that does require a separate zone file.
Dave
--
David
time: 0 msec
;; SERVER: 192.168.102.9#53(192.168.102.9)
;; WHEN: Tue Jun 1 04:56:13 2010
;; MSG SIZE rcvd: 107
--
David Forrest
Maple Park Development Corporation
St. Louis, Missouri
___
bind-users mailing list
bind-users@lists.isc.org
https
; };
--
David Forrest
St. Louis, Missouri
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
and that may be the problem. I have:
create 0644 named named
in my logrotate.conf and it rotates properly.
And I have no pre or postrotate scripts.
Dave
--
David Forrest
Maple Park Development Corporation
St. Louis, Missouri
___
bind-users mailing list
bind
Logged:
Nov 19 12:13:45 maplepark named[23329]: validating @0x17b7980:
dlv.isc.org SOA: got insecure response; parent indicates it should be
secure
What does this mean?
--
David Forrest
St. Louis, Missouri
___
bind-users mailing list
bind-users
On Thu, 19 Nov 2009, Jeremy C. Reed wrote:
On Thu, 19 Nov 2009, David Forrest wrote:
Logged: Nov 19 12:13:45 maplepark named[23329]: validating @0x17b7980:
dlv.isc.org SOA: got insecure response; parent indicates it should be secure
What does this mean?
This is documented in the ARM
On Mon, 26 Oct 2009, net...@royal.net wrote:
Hello,
Is it possible to dump all Bind cache's content into a file?
Thanks.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
rndc dumpdb
--
David
What do I have to do to correct whatever is causing this log message from
named (9.6.1-P1-RedHat-9.6.1-4.P1.fc11)?
validating @0x7f9f2c60c200: dns1.registeredsite.com.dlv.isc.org DS: must be
secure failure
Thanks in advance,
Dave
--
David Forrest
St. Louis, Missouri
On Tue, 25 Aug 2009, Jeremy C. Reed wrote:
On Tue, 25 Aug 2009, David Forrest wrote:
What do I have to do to correct whatever is causing this log message from
named (9.6.1-P1-RedHat-9.6.1-4.P1.fc11)?
validating @0x7f9f2c60c200: dns1.registeredsite.com.dlv.isc.org DS: must be
secure failure
are there
from the various dig versions that have been released?
Thank you.
my dig (version DiG 9.6.1b1) returns RC 0 on both an answer and a
connection timeout, and would seem to require a string parsing for a
useful branch. F9 64 system.
Dave
--
David Forrest
St. Louis, Missouri
or so without
any and then they recur for a couple of days.
Dave
--
David Forrest
St. Louis, Missouri
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
; };
--
David Forrest
St. Louis, Missouri
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
David Forrest e-mail d...@maplepark.com
Maple Park Development Corporation http://www.maplepark.com
St. Louis, Missouri
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
on the list a while back and it works
well and drops around a thousand queries a day.
iptables -A INPUT -i $LOCALIF -j DROP -p udp --dport domain -m u32 --u32
0220...@1216=10220...@2024=00220...@21=0x00020001
--
David Forrest
St. Louis, Missouri
___
bind
at the
firewall. They amount to about 1000 per day, and demanded some sort of
attention to make my logs readable.)
The script via cron runs daily mailing the output and it serves my
purposes for a very small office network.
--
David Forrest
St. Louis, Missouri
On Tue, 27 Jan 2009, Luis Silva wrote:
Hi all,
I'm having a question related to querying external servers that hope you
could answer me. I'm sending a iterative query for an external server and
the server is sending a referral answer but only with the authoritive name
servers. After that, i
On startup of named 9.6.0 I get the following message:
Jan 17 11:55:20 maplepark named[13014]: max open files (1024) is smaller than
max sockets (4096)
Is this a problem for a small internal network dns server?
Dave
--
David Forrest e-mail d...@maplepark.com
St. Louis
fix it.
I'm dead sure someone will tell if I'm wrong, and maybe even if I'm not.
--
David Forrest e-mail drf @ maplepark.com
Maple Park Development Corporation http://www.maplepark.com
St. Louis, Missouri
___
bind-users mailing list
49 matches
Mail list logo