bind user wrote:
Thanks for that detailed explanation, Doug...after years of running
Unix/Bind blind (because it just worked), I'm finally understanding why
things are the way they are. -AK
You're welcome, and I'll take the latter as a compliment. I try very
hard to make things just work for
Apisa, Kathy (US - MABS) wrote:
I am running bind 9,4.2-P2
You'll want to upgrade that to 9.4.3-P1 for better security,
performance, etc.
on windows and can resolve all external Domains names
Really? You've tried them ALL? :)
with the exception of www.lmsintl.com http://www.lmsintl.com/
harry Chuang wrote:
HI ALL,
My AIX5.3 systerm does have /dev/random and /dev/urandom:
Are you chroot'ing your named process, and if so, is there a
/dev/random in the chroot file structure?
hope this helps,
Doug
___
bind-users mailing list
Lalvani, Hiro wrote:
Could any one of help me, regarding this fix in BIND 9.2. I am unable to find
function same function in BIND 9.2 or could any one just share the
corresponding related the code architecture between BIND9.2 and BIND 9.3.
Jeremy C. Reed wrote:
On Wed, 21 Jan 2009, Rich Goodson wrote:
And I'm expected to know this, how?
Rich, you read into the text what you wanted it to say (as you
indicated in another message) but failed to try to understand what was
actually there. The behavior you're saying you thought the
Niall O'Reilly wrote:
On Wed, 2009-01-21 at 19:14 -0600, Jeremy C. Reed wrote:
Maybe we should just remove the immediately part.
Any suggestions would be appreciated.
If you're going to make a change, adding a little more
information wouldn't hurt, would it?
The output of
wiskbr...@hotmail.com wrote:
Hello;
I have two DMZ BIND/DNS servers running whose purpose is to allow
lookups via them from my otherwise incapable internal network.
I've recently upgraded only one of them from BIND 9.5.0-P2 to BIND
9.5.1-P1. Both servers are running Sparc/Solaris 9.
Joe Baptista wrote:
So a little more testing using firefox as an application gives us some
interesting results. Using the .TM TLD I entered http://tm/ into my
browsers. It did not work. Firefox replaced http://tm/ with
http://www.tm.com/ - which is not the web site I wanted to reach.
In
Mark Andrews wrote:
In message 497cae4b.4020...@dougbarton.us, Doug Barton writes:
Joe Baptista wrote:
So a little more testing using firefox as an application gives us some
interesting results. Using the .TM TLD I entered http://tm/ into my
browsers. It did not work. Firefox replaced http
Jeff Lasman wrote:
I've read the relevant parts of DNS and Bind over and over again, and
I'm still going crazy. I've searched this list going back about three
years. I've googled. Each step confuses me more frown.
It would help if you described in more detail what you've tried, and
what
Jan Arild Lindstrøm wrote:
Hi,
more findings ...
BIND 9.6.1b1
No matter what I set in named.conf, it starts to give out of memory when
recursive
clients pass 1000. I see that 1000 is the default value for recursive-clients.
Did you try backing up to 9.6.0-P1 to see if the same
dev_n...@zoho.com wrote:
If named is invoked successfully on startup, then the contents of the
PID file will be overwritten with the new PID value.
If named *isn't* invoked successfully on startup, then that's a separate
error condition that should be detected and dealt
Rich Goodson wrote:
If you're really looking to cover all bases, there's a little gotcha in
Solaris (even in 10) that will make this startup script fail if it's
invoked with sh (as most startup scripts that I've seen are).
Yeah, I was trying to avoid shell portability concerns to try to
avoid
Any reason you have chosen gas vs. TSIG? Is this for a windows
environment?
On May 14, 2009, at 7:37 AM, Peter Fraser petros.fra...@gmail.com
wrote:
HI All
I have been working to get dynamic updates working with bind-9.6 and
FreeBSD 7 So far I have done the following:
1. Compiled bind
Last night I imported 9.6.1rc1 to FreeBSD 8-current for inclusion in
the upcoming 8-release. (Side note, hopefully 9.6.1 will go to release
status first.) :) It seems to be compiling fine on all of our
platforms except IA64 where I'm getting the following error building
lib/bind9
In file
E Johnson wrote:
From what I have read so far, I can see that this might be a very
flame-worthy question, so please don't hurt me, I'm just a beginner...
I have read every howto that I can find on setting up a DNS server for a
very small, 12 seats, network. The DNS server just needs to be
Rick Dicaire wrote:
joans4nz wrote:
What is the working directory?
Take a look at the ownership and perms on /var/named/etc/namedb/dump
Making that message go away (one way or another) is on my list, but
since it's basically harmless it's not a high priority.
It will be when you want
Alans wrote:
Hi,
I want to know when we need hardware upgrade.
How many queries will use 50% of cpu and memory?
FYI this question is impossible to answer without a lot more details.
Doug
___
bind-users mailing list
bind-users@lists.isc.org
Howdy,
Doing some work on adding DLZ options to the FreeBSD ports and came
across the following: http://bind-dlz.sourceforge.net/mysql_driver.html
Is the advice to run BIND single threaded with dlz-mysql still valid?
Any other caveats to dlz setup?
Doug
Doug Barton wrote:
Howdy,
Doing some work on adding DLZ options to the FreeBSD ports and came
across the following: http://bind-dlz.sourceforge.net/mysql_driver.html
Is the advice to run BIND single threaded with dlz-mysql still valid?
Any other caveats to dlz setup?
I've not seen
Mark Andrews wrote:
In message 4ab9c360.7090...@dougbarton.us, Doug Barton writes:
I recently added DLZ options to the BIND ports on FreeBSD, and a user
has filed the following problem report:
http://www.freebsd.org/cgi/query-pr.cgi?pr=139051
Does anyone have any comment on the patch
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
On FreeBSD 8-RC1 we're seeing the following problem (reported by a user):
http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/138061
The attached patch, provided by a user named Volker
(vol...@vwsoft.com) reportedly fixes this problem.
Is this
Kevin Darcy wrote:
John Horne wrote:
On Thu, 2009-10-15 at 10:47 +0200, Adam Tkac wrote:
On Thu, Oct 15, 2009 at 09:06:56AM +0100, John Horne wrote:
How can I see the TTL value using nslookup?
I'm not sure how force nslookup to show TTL but the `dig` utility is
far more
Gil Vidals wrote:
Hello,
I have a master and slave running bind 9.4.3,
You should upgrade to version 9.4.3-P3 which has fixes for some
security issues.
and there is a problem
with the outside world resolving new domains that I add to my name
servers. Here is the sequence:
1) add new
Taylor, Gord wrote:
The company I work for uses a vendor solution which implements BIND
under the hood, though it's abstracted with a GUI interface. Knowing
which bugs may exist in the current release of BIND would be nice to
know; for example, if it's a feature of BIND we use, we may want
Pamela Rock wrote:
Hit the wrong key, sorry about that...
I've got a closed lab testing BIND and I've got an interesting problem with
IPv6 queries. Now I have 3 systems all running IPv4 and IPv6. IPv4 queries
work fine across all systems. IPv6 UDP queries work fine as well. When I
Pamela Rock wrote:
For all it's worth, using wireshark, I can see IPv6 UDP queries successfully
traversing in/out. Ping6 works successfully. There is no firewall running
anywhere(IPv4 or 6). Still get
[r...@dig-client ~]# dig -6 a test.domain @bindserver6 +tcp
socket.c:4922:
I'm getting the failures logged below on all the recent versions of
BIND. I went back and tested 9.6.1-P1 and it fails too, so it doesn't
look like something that was introduced with the latest patches.
This is on FreeBSD 9-current, and I don't think my args for configure
are particularly exotic.
Mark Andrews wrote:
In message 4b1313c7.1040...@dougbarton.us, Doug Barton writes:
I'm getting the failures logged below on all the recent versions of
BIND. I went back and tested 9.6.1-P1 and it fails too, so it doesn't
look like something that was introduced with the latest patches
gmspro wrote:
What's the main difference between zone and domain?
In what context? Unfortunately both terms get used by various
people/vendors in different ways. A little more detail is needed to
answer your question (although if you're talking strictly DNS terms
Chris' answer was quite
On Tue, 8 Dec 2009, kalpesh varyani wrote:
Hi all,
Can anyone please tell me is there any other command by which i can
stop the name-server without loosing the recent updates. I know that I can
do this by issuing 'rndc stop' but for some reason I am not able to .
Using rndc is
On Fri, 11 Dec 2009, Mark Andrews wrote:
In message 20091210.162242.460114267490885968.fujiw...@pyon.org, fujiw...@wid
e.ad.jp writes:
I'm using BIND 9.7.0b3 an DLV (dns-lookaside auto;).
The named tried to write managed-keys.bind file into the named's
working directory.
The current BIND 9
Chris Buxton wrote:
On Dec 13, 2009, at 5:40 PM, Doug Barton wrote:
On Fri, 11 Dec 2009, Mark Andrews wrote: To repeat my primary
objection, if the named user can write to the configuration
directory it can change the contents of named.conf. That's a
security problem.\
So don't put
While this reminder is timely and helpful, more welcome would be the
news that BIND 9.6.2 is going to have actual support for
RSASHA{256|512}. My cursory reading of the 9.6.2b1 code does not seem
to indicate that it does, although I would be happy to be proven wrong.
I personally don't think it's
fujiw...@wide.ad.jp wrote:
I'm using BIND 9.7.0b3 an DLV (dns-lookaside auto;).
FYI I recently committed the port for 9.7.0rc1. Hopefully this will
make it easier for you to continue testing. Please try the port and
let me know if you have any problems with it.
The named tried to write
Chris Thompson wrote:
(Evan Hunt)
Adding SHA-2 to 9.6.x would violate our policy of making major
functional changes only in major releases, so I don't expect we'll
do that. Given the odd circumstances you mentioned, I won't say for
certain that we won't--but I doubt it.
9.7.0 is going to
Simon Dodd wrote:
Thanks for the replies, everyone; I think the consensus is that having
ARIN redelegate is the correct solution, and that's fine by me. (As
mentioned, my marching orders were to do this without redelegating, but
if that's the correct way to do it, I can make that case.)
It IS
Evan Hunt wrote:
BIND 9.6.2 is in the b1 phase atm, which means that there is plenty
of time to get SHA2 in there and get the release out before a signed
root goes live. I encourage the folks at ISC to do so, and if you
agree I encourage you to make your voice heard.
We hear you.
That's
Nadir,
If it's crashing, it's not working normally. :)
The advice Matthew gave is the right solution, but let's do some more
digging. Do the following:
/etc/rc.d/named stop
ps -ax | grep named
You may see a syslog line for the logging socket in the chroot
directory but you should not see a
On 2/5/2010 3:16 PM, Keith Christian wrote:
Version - bind 9.5.1 on CentOS 5.x. Is there a way to log either the
IP of clients requesting lookups of a particular domain?
In other words, I'd like to know the IP of clients trying to resolve
app01.foocompany.net (for example.)
There is
On 2/5/2010 2:41 PM, fddi wrote:
Hello I wanted to ask how could be possible in some way
to have 2 or more multi master name servers authoritative for one domain,
instead of the classical master slave model.
Yes.
--
Improve the effectiveness of your Internet presence with
a
a zone file for your netblock already?
4. What nameservers do you have the zone configured on now?
... and just in case it's not obvious yet, what you posted won't work,
which is why we need to dig a little deeper.
hth,
Doug
-Original Message-
From: Doug Barton [mailto:do
On 02/13/10 18:42, kalpesh varyani wrote:
Hi Rick,
I am aware that it is a somewhat odd (but not incorrect, am I right ?)
to put a non-recursive name server in the resolv.conf
There are certain very specific circumstances where you might want to do
this, but in general I can't see any reason
On 02/18/10 16:20, ic.nssip wrote:
Hi Mark,
This is what I suspect too.
Syslog gives me this record when I start BIND:
named[14380]: [ID 873579 daemon.notice] built with '--with-openssl=yes'
'--enable-largefile' '--sysconfdir=/usr/local/etc'
'--localstatedir=/usr/local/var'
Since no PREFIX
On 02/19/10 23:07, Daniel Morgan wrote:
I have a couple of BIND servers that I have inherited. I'm getting some
upstream complaints that one of them is issuing duplicate queries on
occasions - probably about a dozen times a day.
You didn't mention what version of BIND you're running. I'm
On 02/20/10 08:54, kalpesh varyani wrote:
Thanks Dave for pointing this out.
the first server did not fail, it behaved as per its configuration.
But for a stub resolver, which cannot follow referrals, isnt it logical
for it to detect referrals and move on to the next name server in the
On 02/23/10 23:01, sasa sasa wrote:
Hello,
for a 192.168.199.64/26 in zone file to delegate to a customer;
should i put subnet number:
64/26 IN NS ns1.example.com.
64/26 IN NS ns2.example.com.
or host ranges:
64-126 IN NS ns1.example.com.
64-126 IN NS ns2.example.com.
.
.
On 3/2/2010 8:38 AM, donovan jeffrey j wrote:
On Jan 14, 2010, at 8:43 AM, pollex wrote:
I do not see any activity in the thread... is everyone on holidays?
Regards
nope not dead just sleeping :)
... pining for the fjords.
--
... and that's just a little bit of history
I noticed that the patchfix releases of BIND came out today, so
congratulations on that. :) However I was confused by the existence of
both a 9.6.2-P1 and a 9.6-ESV (with the same code inside). Is 9.6.2-P1
the last release on the 9.6 branch? For the purpose of following a
branch in the FreeBSD
On 03/16/10 20:57, Mark Andrews wrote:
In message 4ba04e63.8090...@dougbarton.us, Doug Barton writes:
I noticed that the patchfix releases of BIND came out today, so
congratulations on that. :) However I was confused by the existence of
both a 9.6.2-P1 and a 9.6-ESV (with the same code inside
On 03/16/10 22:17, Mark Andrews wrote:
ESV's are supposed to be releases which are stable, no dot-o-itis.
I'm not suggesting that they should be the latter, thus my comment that
what I _thought_ would happen is that once the dot-releases were done in
a given branch the -ESV would start. Frankly
First off, please don't grab an unrelated message and reply to it when
starting a new thread. Please actually post a new message.
In the process of cleaning up a much neglected PTR file
Bind: 9.6.2.1
OS: CentOS 5.4
Current PTR in this format: (1 tab between entries)
$ORIGIN
On 03/20/10 16:46, michael peters wrote:
I've been reading documentation, searching the archives, searched Google
for the answer, but have found nothing that solves the problem.
I have an Ubuntu 9.10 system with BIND 9.6.1 installed for my internal
DNS system.
You'll want to update to at
On 03/20/10 17:11, michael peters wrote:
zone 0.253.150.10.in-addr.arpa in {
type master;
file /etc/bind/10.150.253.0.rev;
};
zone 0.0.16.172.in-addr.arpa in {
type master;
file /etc/bind/172.16.0.0.rev;
};
This is your problem, you're not
On 03/21/10 08:29, michael peters wrote:
That did the trick! Thank you so much for your assistance.
Glad it worked out for you.
Doug
--
... and that's just a little bit of history repeating.
-- Propellerheads
Improve the effectiveness of your Internet
When I try to resolve mail.wilmot.me.uk against my local resolver (which
happens to be BIND 9.6.2-P1 atm) I get the expected result:
host mail.wilmot.me.uk
mail.wilmot.me.uk is an alias for wilmot.me.uk.mail.aaisp.net.uk.
wilmot.me.uk.mail.aaisp.net.uk has address 81.187.30.19
On 04/09/10 13:27, Alex wrote:
Hi,
I'm interested in implementing an updated Cymru bogon list,
Why don't you take a step back and let us know what you're trying to
accomplish first.
Doug
--
... and that's just a little bit of history repeating.
--
On 04/09/10 13:28, David Forrest wrote:
Doug: I think it is a server error that is being reported because
the status is NXDOMAIN instead of the expected NOERROR.
Well that's all you really had to say. :) I admit that I didn't catch
the NXDOMAIN bit when I looked at the dig output, I was
On 04/09/10 14:23, Kevin Oberman wrote:
The FreeBSD default configuration does this,
Let's be clear on what this is please, since I don't think the OP's
post was clear about what he wanted to implement. :)
The default named.conf for FreeBSD implements local, empty zones for
various things that
On 04/09/10 20:50, Alex wrote:
Hi,
Let's be clear on what this is please, since I don't think the OP's
post was clear about what he wanted to implement. :)
I'm really interested in security, reducing resources, and making sure
the server is current with today's standards. I'd like to make
On 04/10/10 02:27, Hedy Dargère wrote:
Hi,
I'm not an expert with Bind but I have to make a specific bindzone for a
domain.
And excuse me for my english :o/
What is the situation ?
==
- the domain name is ag2s.fr
- for now, this domain has 2 DNS : ns6.oleane.net/
On 4/13/2010 6:42 PM, Jason Davis wrote:
Hello,
Is their an easy way to rdns a /20. I can only find examples for a /24
You need to create individual zones for each /24.
--
... and that's just a little bit of history repeating.
-- Propellerheads
On 4/22/2010 5:30 AM, Tom Schmitt wrote:
Thank you for your answer.
But this doesn't work: With match-destination and match-clients I can only
define the same match-clients statement for both destionation interfaces, not
differrent one.
The only workaround I see how to rech my goal by
On 04/23/10 08:15, hugo hugoo wrote:
Hello all,
I plan to use BIND as caching DNS.
But I need to could redirect a specific record to a specific IP.
How can I do this?
This redirection must only be applied for one record.
Ex: a query for www.ABCD.com http://www.ABCD.com must be
On 04/25/10 13:19, hugo hugoo wrote:
Yes I need more help on this item.
Your answer seems to indicate thate there is no way to only redirect
www.abcd.com to IP 1.2.3.4
That's essentially correct.
toto.www.abcd.com will either be redirected to the same IP (zone file
with * A 1.2.3.4)
It
On 05/03/10 08:37, fddi wrote:
Hello I have one domain
test.com with namserver ns.test.com (10.0.0.1)
and a subdomain
cr.test.com with nameserver ns.cr.test.com (10.1.0.1)
my problem is that if I update hostnames inside test.com zone
updates are not seen by cr.test.com
On 05/03/10 09:34, Ray Van Dolson wrote:
I believe having edns-udp-size set at 512 gives us maximum
compatibility with anything out there behind a broken firewall, etc,
though we should look at removing the limit at some point in the future
when possible.
Doing this will simply perpetuate
On 05/03/10 16:46, Ray Van Dolson wrote:
On Mon, May 03, 2010 at 04:20:30PM -0700, Doug Barton wrote:
On 05/03/10 09:34, Ray Van Dolson wrote:
I believe having edns-udp-size set at 512 gives us maximum
compatibility with anything out there behind a broken firewall, etc,
though we should look
On 5/20/2010 12:51 PM, Hauke Lampe wrote:
Did you load the unsigned zone into BIND before? It should have logged a
warning about that record.
named-checkzone would be useful here as well.
hth,
Doug
--
... and that's just a little bit of history repeating.
On 05/28/10 13:53, Michelle Konzack wrote:
Hello Evan,
Am 2010-05-28 18:33:14, hacktest Du folgendes herunter:
Operating System is Debian GNU/Linux 5.0 Lenny with bind9 in version
1:9.7.0.dfsg.P1-1~bpo50+1
I get the same problem on Ubuntu, which is Debian-based. /dev/random
runs out of
On 06/02/10 01:31, Techi wrote:
but, my question is still not answered.
Why on earth such huge defference in the number of connections on the firewall
with the max-cache-size on and off? I still don't get it.
Imagine the cache as a bucket. With a large bucket the chances of the
answer that
On 06/04/10 11:19, JINMEI Tatuya / 神明達哉 wrote:
The DO bit is always set whenever the server includes an EDNS OPT RR
(I thought it was based on the specification, but don't remember which
sentence of which RFC says so).
Given that concern about whether or not it's a good idea to always send
On 06/04/10 19:40, Paul Vixie wrote:
Doug Bartondo...@dougbarton.us writes:
I have a guess at why ISC would want to enable it by default, and even in
the presence of an option to turn it off I'm still Ok with that default.
But if it's not a standards requirement to have it on, giving the
On 06/04/10 21:58, Paul Vixie wrote:
Doug Bartondo...@dougbarton.us writes:
With my business hat on though I can see at least 2 possible use cases for
DO=0. The first being related to this thread, I can't/won't fix/remove the
firewall today, I just want my resolver to work.
it works. it's
On 06/05/10 07:22, Mark Andrews wrote:
In message4c09c562.7030...@dougbarton.us, Doug Barton writes:
The resolver works. It figures out that it can't make the new style
queries and falls back to the old style queries. If the user is really
worried they can turn off EDNS and with that DO
On 06/06/10 17:14, Kevin Oberman wrote:
I am using godaddy.com for my .org domains and as per the customer support
replies, they donot support DNSSEC and thus cannot add DS records for my
domains.
Which other registrars people are using that allow DS records.
Thanks
-dani
Last I checked,
On 06/13/10 06:15, sasa sasa wrote:
Hi list,
Is it ok to upgrade from 9.4.2 to 9.7.0-P2 directly?
Yes, but you should do some testing before you install the new version
on your live, production system. There are some differences in the
defaults for named.conf, and when upgrading to a new
On 06/11/10 02:51, John Marshall wrote:
BIND 9.7.1rc1
FreeBSD 8.1-PRERELEASE
I've just stepped into the world of nsupdate (instead of doing the
freeze/edit/thaw dance). I have had success using TSIG (nsupdate -k)
but I would like to use TKEY-GSS (nsupdate -g). When I try to do that,
On 06/13/10 13:00, Merton Campbell Crockett wrote:
Microsoft's nslookup is broken. What alternative applications that can
be installed and used in a Windows XP environment that will continue to
work in a Windows 7 environment after a decision is made to upgrade Windows?
In the past I've
On 06/13/10 14:08, Merton Campbell Crockett wrote:
On Jun 13, 2010, at 1:08 PM, Doug Barton wrote:
On 06/13/10 13:00, Merton Campbell Crockett wrote:
Microsoft's nslookup is broken. What alternative applications that can
be installed and used in a Windows XP environment that will continue
On 06/13/10 15:55, Merton Campbell Crockett wrote:
Providing access to the web-based tools to IT personnel might not be
that big of a challenge;
Excellent!
however, the problem remains: Using nslookup
is an ingrained behavior for the general user.
I would assert that the general user has
On 06/15/10 09:53, Martin McCormick wrote:
Is there any kind of dummy A record one can stuff in to
a zone which satisfies this requirement such that one can then
use aliases or CNAME records for the valid hosts in the zone?
localhost A 127.0.0.1
hth,
Doug
--
On Wed, 30 Jun 2010, Bind wrote:
Hello
I compiled Bind971 on FreeBSD 8 (amd64).
FYI, you may get better results by using /usr/ports/dns/bind97.
!--
/* Font Definitions */
Not sure why you included this.
./configure --prefix=/opt/
--enable-threads --sysconfdir=/opt/config
On 07/05/10 12:01, Alans wrote:
BE CARFUL: my antivirus detects certain .png files on that website as
potential viruses, please don't open it in the browser.
The Website is:
Just in case it isn't obvious, this is an attempt to get you to click
that link precisely BECAUSE the site is infected
On Tue, 13 Jul 2010, Marco Davids (SIDN) wrote:
Hi,
Can anyone explain to me why the 'ad'-flag is set for this query?
dig +dnssec -t RRSIG www.forfunsec.org
I'm using 9.7.1-P1 with dlv and I'm not seeing the AD flag on that. What
version of BIND are you using?
Doug
--
Improve
On Wed, 14 Jul 2010, Marco Davids (SIDN) wrote:
On 07/13/10 23:58, Doug Barton wrote:
Can anyone explain to me why the 'ad'-flag is set for this query?
dig +dnssec -t RRSIG www.forfunsec.org
I'm using 9.7.1-P1 with dlv and I'm not seeing the AD flag on that. What
version of BIND are you
On Fri, 9 Jul 2010, Tomasz Chmielewski wrote:
Hi,
I'm about to set up bind with GeoIP patches.
What I'm not sure, is how do you guys handle high availability?
Suppose I have zones for Americas and Europe,
Just to be clear, you're saying that you have 2 different zones, one
with the
On Wed, 14 Jul 2010, Lyle Giese wrote:
I would replace example.com in the SOA with @
I generally recommend against doing this unless you are explicitly
planning to use the same zone file with multiple zones. There is no
advantage to using @ in a one-zone file, and unnecessary obfuscation is
On Sat, 17 Jul 2010, Stephane Bortzmeyer wrote:
On Sat, Jul 17, 2010 at 08:49:04AM -0500,
Lyle Giese l...@lcrcomputer.net wrote
a message of 30 lines which said:
What is the difference between managed-keys and trusted-keys?
managed-keys are automatically updated *if* the zone manager
On Sat, 17 Jul 2010, Stephane Bortzmeyer wrote:
On Sat, Jul 17, 2010 at 01:36:05PM -0700,
Doug Barton do...@dougbarton.us wrote
a message of 24 lines which said:
*if* the zone manager follows
RFC 5011 (which, as far as I know, the root does not use
yet).
How could it, when this is the first
On 07/18/10 12:28, Matthew Seaman wrote:
Think I'll just drop the external-chaos view. Some script kiddie
working out I'm running the latest version of bind is likely to be lower
risk and a lot less harmful than dealing with broken dnssec chains of trust.
I agree, and to take it one step
On Fri, 23 Jul 2010, Prabhat Rana wrote:
So as can be seen we are using the top level domain as the PTR zone
file for all the 10.x.x.x (10/8)address. However it appears in the
masters nodes, they don't have a top level zone file and have
basically broken down the top level to numerous sub
On Fri, 23 Jul 2010, Peter Laws wrote:
Except that the 2 masters are simply different interfaces on the same
master
Why do you think that would be helpful? Or are you just testing the
multi-master configuration in the hopes of adding actual diversity down
the road?
Doug
--
On Thu, 22 Jul 2010, Peter Laws wrote:
BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
9.3.x has been EOL for a long time now, FYI.
--
Improve the effectiveness of your Internet presence with
a domain name makeover!http://SupersetSolutions.com/
Computers are useless.
On 08/02/10 14:43, Denis BUCHER wrote:
Dear all,
I have a simple question, when reloading Bind, I get these messages, and
later on in the logs, the transfer seems to work with IPv4.
Aug 2 23:24:13 cirrus named[1581]: network unreachable resolving
'(host)/A/IN': 2001:620::4#53
Aug 2
On 08/11/2010 13:43, Carlos Vicente wrote:
One of our recursive resolvers, running 9.7.0-P2
You're a minor version and 2 patches behind the times. Download
9.7.1-P2, and while it's compiling read the Changelog to see if anything
there applies. Worst case scenario is that you reproduce the bug
On 9/21/2010 7:46 AM, Kalman Feher wrote:
It may well be analogous to that (though I disagree), but the quote does not
substantiate why knowing public information is bad. In the example above,
you've simply saved your switchboard and the caller some time. If you don't
want someone to know it,
On 9/27/2010 7:46 AM, Jerry Kemp wrote:
IMHO, the primary benefit of chrooting is security.
another, less painful option, again IMHO, is to run BIND in a jail if
you are using BSD,
The default configuration in FreeBSD is to run it chroot'ed. Given that
it's very unlikely that the chroot will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/2/2010 5:08 PM, online-reg wrote:
| Hi All: One more conf issue on bind 9.7.1-P2
| After running rndc-confgen and reloading BIND I?m getting this error:
| WARNING: key file (/etc/namedb/rndc.key) exists, but using default
| configuration file
On 10/2/2010 3:15 PM, online-reg wrote:
IME the best way to do this on a Unix'y system is to use hard links.
That way if you ever need to change one of them to be its own file
it's trivial to do so. Also IME, BIND doesn't react well to having
multiple slave zones sharing the same file, but that
1 - 100 of 324 matches
Mail list logo