On 04/28/2011 13:16, Chuck Swiger wrote:
On Apr 28, 2011, at 11:52 AM, Doug Barton wrote:
Agreed. Akamai's EdgeSuite doesn't provide IPv6 records at
this time, but e3191.c.akamaiedge.net does have an A record.
I understand what you're saying, but I've always referred to such a
thing
Assuming a case where there is an empty CNAME chain, but no error,
should getaddrinfo() return EAI_NONAME or EAI_FAIL?
For example:
; DiG 9.8.0 www.apple.com
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 64776
;; flags: qr rd ra; QUERY: 1,
On 04/19/2011 17:11, Mark Andrews wrote:
In message4dadfb29.6080...@dougbarton.us, Doug Barton writes:
I have had 2 reports now of people using BIND 9.8.0 on FreeBSD compiled
against openssl 1.0.0d not being able to chroot unless they copy
$PREFIX/lib/engines/libgost.so into the chroot
On 04/20/2011 00:25, listus...@gmail.com wrote:
Hello all,
We have a couple of BIND 8 DNS servers that we want to decommission,
obviously we need to migrate the domains to other DNS servers first,
which ordinarily involves zone transfer and domain re-delegation.
Redelegation, yes. I'm not
I have had 2 reports now of people using BIND 9.8.0 on FreeBSD compiled
against openssl 1.0.0d not being able to chroot unless they copy
$PREFIX/lib/engines/libgost.so into the chroot environment.
Traditionally, copying libs into the chroot directory has not been
necessary, so I'm curious.
On 4/11/2011 8:55 PM, Parashar Singh wrote:
Hi Friends,
I'm using bind 9.7.I want to delegate all wild card (*) request to
another name server. Hence whenever any request, say a.example.com
http://a.example.com or b.example.com http://b.example.com or
c.example.com http://c.example.com comes to
On 4/8/2011 5:07 AM, Rodney Hives wrote:
When you have hundreds / thousands of existing zones (from shared
hosting) from users it is sometimes impossible to go in a fix all of the
mistakes.
s/impossible/a matter of actually doing the work/
Please stop foisting your broken stuff on the rest of
On 04/01/2011 14:07, Kevin Oberman wrote:
Date: Fri, 1 Apr 2011 08:56:14 +0200
From: Matus UHLAR - fantomasuh...@fantomas.sk
Hasn't FreeBSD incorporated BIND9.4-ESV ?
Define incorporated :)
The 7.4-RELEASE has 9.4-ESV-R4. But the OP is on an older version of
FreeBSD.
You can always
On 03/29/2011 00:32, Oleksii Krykun wrote:
Hi,
I used BIND 9.4.3-P2 on FreeBSD 7.2-RELEASE
7.2 is past EOL. Please see
http://www.freebsd.org/security/security.html#sup for more information.
My recommendation would be to use at least 8.2-RELEASE. At that point
you may wish to upgrade to
On 03/09/2011 11:52, pollex wrote:
Hi, I want to know in your experience what is the best operating
system to run bind for an ISP. We currently have Debian for the 5
Cache servers and for the 2 Authoritative servers.
We have around 111851 success querys in the cache servers and around
7267 zones
On 02/26/2011 18:56, Dennis Perisa wrote:
Hi folks,
I'm looking for suggestions to substantially improve reload times on a
slave that is serving 50,000 zones (mostly customer zones).
'rndc reload' is being executed on the slave every 15 minutes.
Yeah, don't do that. :) Is this being done to
On 2/13/2011 8:06 AM, fddi wrote:
I do not know why you really don't liket this mysql solution.
It isn't a matter of not liking it. Given that you have steadfastly
refused to answer any of the questions from people who are trying to
help you, my feeling is that you have decided that you want
On 02/11/2011 01:51 PM, fddi wrote:
I understand you, but the advantage of having mysql backend is that
if one of the two servers dies, the other keeps running with up to
date informations, and can also be updated wit new informations. When
the other server comes up again it will automatically
On 02/12/2011 02:04 PM, Matus UHLAR - fantomas wrote:
2011/2/12 Matus UHLAR - fantomasuh...@fantomas.sk:
Is it possible to add additional zones as empty?
On 12.02.11 11:15, Terry. wrote:
depends on what is empty.
exactly the same what is used by disable-empty-zones option.
I'd like to have
On 02/11/2011 07:21 PM, Terry. wrote:
2011/2/11 Joshua Frugéjfru...@lsu.edu:
running bind 9.6.3 installed from ports on Freebsd 7.3 (amd64)
Getting this error in my local log
10-Feb-2011 21:12:13.711 general: rbtdb.c:1506: INSIST(((unsigned
int)(((node)-references)-refs)) == 0 node-data ==
You're combining too many variables. Whilst on the same platform
(presumably FreeBSD 7) install dns/bind94, run your tests. Then
deinstall that, and install dns/bind96; then run your tests.
I suspect that what you're seeing is actually a problem in BIND 9.4,
irrespective of platform. The
On 12/08/2010 11:51, Martin McCormick wrote:
I wrote:
Who is supposed to own /var/named?
I received a response from a kind soul from this list
who reminded me of a directive new to bind9.7.1 that lets you
determine where the managed-keys.bind file lives. I set up
On 11/22/2010 13:57, Jack Tavares wrote:
And the answer to that is, apparently, no.
I don't speak for ISC so you should not take my statement(s) as relevant
to the future of what may or may not happen with libbind.
Meanwhile, is your question based on idle curiosity, or is there some
On Thu, 11 Nov 2010, Carlos Vicente wrote:
Has anybody had this problem?
# /etc/init.d/named restart
Stopping named: . [FAILED]
Starting named: named: already running [ OK ]
Not sure what mechanism your linux distro is using, but
On 10/31/2010 9:41 AM, Alans wrote:
On 10/31/2010 05:48 PM, Alan Clegg wrote:
On 10/31/2010 4:48 AM, Alans wrote:
Instead of saying how many views can I get, I think you would be much
better off saying why am I trying to implement more views.
I'm trying to implement something similar to
On 10/16/2010 4:58 AM, Klaus Malorny wrote:
Hi,
for one project we are using the traditional file based approach,
where we update the zone files and call rndc to notify Bind about the
changes. At some point I asked myself whether we could avoid calling
rndc over and over and instead directly
http://dougbarton.us/DNS/bind-users-FAQ.html#nslookup-evil
--
Breadth of IT experience, and| Nothin' ever doesn't change,
depth of knowledge in the DNS. | but nothin' changes much.
Yours for the right price. :) | -- OK Go
http://SupersetSolutions.com/
If you would like to create a new thread your best bet is to store the
list address in your e-mail address book and then create a new message
to the list. By replying to someone else's message and changing the
subject you cause your message to appear hidden behind the message you
replied to
On 10/5/2010 12:14 PM, Stewart Dean wrote:
In the standard 'yum install bind' installation, I see there are
/var/named/data and /var/named/slaves directories. What are they for? I
do so like to follow standards particularly if there is a good reason :)
I am not familiar with the way that your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/2/2010 5:08 PM, online-reg wrote:
| Hi All: One more conf issue on bind 9.7.1-P2
| After running rndc-confgen and reloading BIND I?m getting this error:
| WARNING: key file (/etc/namedb/rndc.key) exists, but using default
| configuration file
On 10/2/2010 3:15 PM, online-reg wrote:
IME the best way to do this on a Unix'y system is to use hard links.
That way if you ever need to change one of them to be its own file
it's trivial to do so. Also IME, BIND doesn't react well to having
multiple slave zones sharing the same file, but that
On 9/27/2010 7:46 AM, Jerry Kemp wrote:
IMHO, the primary benefit of chrooting is security.
another, less painful option, again IMHO, is to run BIND in a jail if
you are using BSD,
The default configuration in FreeBSD is to run it chroot'ed. Given that
it's very unlikely that the chroot will
On 9/21/2010 7:46 AM, Kalman Feher wrote:
It may well be analogous to that (though I disagree), but the quote does not
substantiate why knowing public information is bad. In the example above,
you've simply saved your switchboard and the caller some time. If you don't
want someone to know it,
On 08/11/2010 13:43, Carlos Vicente wrote:
One of our recursive resolvers, running 9.7.0-P2
You're a minor version and 2 patches behind the times. Download
9.7.1-P2, and while it's compiling read the Changelog to see if anything
there applies. Worst case scenario is that you reproduce the bug
On 08/02/10 14:43, Denis BUCHER wrote:
Dear all,
I have a simple question, when reloading Bind, I get these messages, and
later on in the logs, the transfer seems to work with IPv4.
Aug 2 23:24:13 cirrus named[1581]: network unreachable resolving
'(host)/A/IN': 2001:620::4#53
Aug 2
On Fri, 23 Jul 2010, Prabhat Rana wrote:
So as can be seen we are using the top level domain as the PTR zone
file for all the 10.x.x.x (10/8)address. However it appears in the
masters nodes, they don't have a top level zone file and have
basically broken down the top level to numerous sub
On Fri, 23 Jul 2010, Peter Laws wrote:
Except that the 2 masters are simply different interfaces on the same
master
Why do you think that would be helpful? Or are you just testing the
multi-master configuration in the hopes of adding actual diversity down
the road?
Doug
--
On Thu, 22 Jul 2010, Peter Laws wrote:
BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
9.3.x has been EOL for a long time now, FYI.
--
Improve the effectiveness of your Internet presence with
a domain name makeover!http://SupersetSolutions.com/
Computers are useless.
On 07/18/10 12:28, Matthew Seaman wrote:
Think I'll just drop the external-chaos view. Some script kiddie
working out I'm running the latest version of bind is likely to be lower
risk and a lot less harmful than dealing with broken dnssec chains of trust.
I agree, and to take it one step
On Wed, 14 Jul 2010, Lyle Giese wrote:
I would replace example.com in the SOA with @
I generally recommend against doing this unless you are explicitly
planning to use the same zone file with multiple zones. There is no
advantage to using @ in a one-zone file, and unnecessary obfuscation is
On Sat, 17 Jul 2010, Stephane Bortzmeyer wrote:
On Sat, Jul 17, 2010 at 08:49:04AM -0500,
Lyle Giese l...@lcrcomputer.net wrote
a message of 30 lines which said:
What is the difference between managed-keys and trusted-keys?
managed-keys are automatically updated *if* the zone manager
On Sat, 17 Jul 2010, Stephane Bortzmeyer wrote:
On Sat, Jul 17, 2010 at 01:36:05PM -0700,
Doug Barton do...@dougbarton.us wrote
a message of 24 lines which said:
*if* the zone manager follows
RFC 5011 (which, as far as I know, the root does not use
yet).
How could it, when this is the first
On Tue, 13 Jul 2010, Marco Davids (SIDN) wrote:
Hi,
Can anyone explain to me why the 'ad'-flag is set for this query?
dig +dnssec -t RRSIG www.forfunsec.org
I'm using 9.7.1-P1 with dlv and I'm not seeing the AD flag on that. What
version of BIND are you using?
Doug
--
Improve
On Wed, 14 Jul 2010, Marco Davids (SIDN) wrote:
On 07/13/10 23:58, Doug Barton wrote:
Can anyone explain to me why the 'ad'-flag is set for this query?
dig +dnssec -t RRSIG www.forfunsec.org
I'm using 9.7.1-P1 with dlv and I'm not seeing the AD flag on that. What
version of BIND are you
On Fri, 9 Jul 2010, Tomasz Chmielewski wrote:
Hi,
I'm about to set up bind with GeoIP patches.
What I'm not sure, is how do you guys handle high availability?
Suppose I have zones for Americas and Europe,
Just to be clear, you're saying that you have 2 different zones, one
with the
On 07/05/10 12:01, Alans wrote:
BE CARFUL: my antivirus detects certain .png files on that website as
potential viruses, please don't open it in the browser.
The Website is:
Just in case it isn't obvious, this is an attempt to get you to click
that link precisely BECAUSE the site is infected
On Wed, 30 Jun 2010, Bind wrote:
Hello
I compiled Bind971 on FreeBSD 8 (amd64).
FYI, you may get better results by using /usr/ports/dns/bind97.
!--
/* Font Definitions */
Not sure why you included this.
./configure --prefix=/opt/
--enable-threads --sysconfdir=/opt/config
On 06/15/10 09:53, Martin McCormick wrote:
Is there any kind of dummy A record one can stuff in to
a zone which satisfies this requirement such that one can then
use aliases or CNAME records for the valid hosts in the zone?
localhost A 127.0.0.1
hth,
Doug
--
On 06/13/10 06:15, sasa sasa wrote:
Hi list,
Is it ok to upgrade from 9.4.2 to 9.7.0-P2 directly?
Yes, but you should do some testing before you install the new version
on your live, production system. There are some differences in the
defaults for named.conf, and when upgrading to a new
On 06/11/10 02:51, John Marshall wrote:
BIND 9.7.1rc1
FreeBSD 8.1-PRERELEASE
I've just stepped into the world of nsupdate (instead of doing the
freeze/edit/thaw dance). I have had success using TSIG (nsupdate -k)
but I would like to use TKEY-GSS (nsupdate -g). When I try to do that,
On 06/13/10 13:00, Merton Campbell Crockett wrote:
Microsoft's nslookup is broken. What alternative applications that can
be installed and used in a Windows XP environment that will continue to
work in a Windows 7 environment after a decision is made to upgrade Windows?
In the past I've
On 06/13/10 14:08, Merton Campbell Crockett wrote:
On Jun 13, 2010, at 1:08 PM, Doug Barton wrote:
On 06/13/10 13:00, Merton Campbell Crockett wrote:
Microsoft's nslookup is broken. What alternative applications that can
be installed and used in a Windows XP environment that will continue
On 06/13/10 15:55, Merton Campbell Crockett wrote:
Providing access to the web-based tools to IT personnel might not be
that big of a challenge;
Excellent!
however, the problem remains: Using nslookup
is an ingrained behavior for the general user.
I would assert that the general user has
On 06/06/10 17:14, Kevin Oberman wrote:
I am using godaddy.com for my .org domains and as per the customer support
replies, they donot support DNSSEC and thus cannot add DS records for my
domains.
Which other registrars people are using that allow DS records.
Thanks
-dani
Last I checked,
On 06/04/10 21:58, Paul Vixie wrote:
Doug Bartondo...@dougbarton.us writes:
With my business hat on though I can see at least 2 possible use cases for
DO=0. The first being related to this thread, I can't/won't fix/remove the
firewall today, I just want my resolver to work.
it works. it's
On 06/05/10 07:22, Mark Andrews wrote:
In message4c09c562.7030...@dougbarton.us, Doug Barton writes:
The resolver works. It figures out that it can't make the new style
queries and falls back to the old style queries. If the user is really
worried they can turn off EDNS and with that DO
On 06/04/10 11:19, JINMEI Tatuya / 神明達哉 wrote:
The DO bit is always set whenever the server includes an EDNS OPT RR
(I thought it was based on the specification, but don't remember which
sentence of which RFC says so).
Given that concern about whether or not it's a good idea to always send
On 06/04/10 19:40, Paul Vixie wrote:
Doug Bartondo...@dougbarton.us writes:
I have a guess at why ISC would want to enable it by default, and even in
the presence of an option to turn it off I'm still Ok with that default.
But if it's not a standards requirement to have it on, giving the
On 06/02/10 01:31, Techi wrote:
but, my question is still not answered.
Why on earth such huge defference in the number of connections on the firewall
with the max-cache-size on and off? I still don't get it.
Imagine the cache as a bucket. With a large bucket the chances of the
answer that
On 05/28/10 13:53, Michelle Konzack wrote:
Hello Evan,
Am 2010-05-28 18:33:14, hacktest Du folgendes herunter:
Operating System is Debian GNU/Linux 5.0 Lenny with bind9 in version
1:9.7.0.dfsg.P1-1~bpo50+1
I get the same problem on Ubuntu, which is Debian-based. /dev/random
runs out of
On 5/20/2010 12:51 PM, Hauke Lampe wrote:
Did you load the unsigned zone into BIND before? It should have logged a
warning about that record.
named-checkzone would be useful here as well.
hth,
Doug
--
... and that's just a little bit of history repeating.
On 05/03/10 08:37, fddi wrote:
Hello I have one domain
test.com with namserver ns.test.com (10.0.0.1)
and a subdomain
cr.test.com with nameserver ns.cr.test.com (10.1.0.1)
my problem is that if I update hostnames inside test.com zone
updates are not seen by cr.test.com
On 05/03/10 09:34, Ray Van Dolson wrote:
I believe having edns-udp-size set at 512 gives us maximum
compatibility with anything out there behind a broken firewall, etc,
though we should look at removing the limit at some point in the future
when possible.
Doing this will simply perpetuate
On 05/03/10 16:46, Ray Van Dolson wrote:
On Mon, May 03, 2010 at 04:20:30PM -0700, Doug Barton wrote:
On 05/03/10 09:34, Ray Van Dolson wrote:
I believe having edns-udp-size set at 512 gives us maximum
compatibility with anything out there behind a broken firewall, etc,
though we should look
On 04/25/10 13:19, hugo hugoo wrote:
Yes I need more help on this item.
Your answer seems to indicate thate there is no way to only redirect
www.abcd.com to IP 1.2.3.4
That's essentially correct.
toto.www.abcd.com will either be redirected to the same IP (zone file
with * A 1.2.3.4)
It
On 04/23/10 08:15, hugo hugoo wrote:
Hello all,
I plan to use BIND as caching DNS.
But I need to could redirect a specific record to a specific IP.
How can I do this?
This redirection must only be applied for one record.
Ex: a query for www.ABCD.com http://www.ABCD.com must be
On 4/22/2010 5:30 AM, Tom Schmitt wrote:
Thank you for your answer.
But this doesn't work: With match-destination and match-clients I can only
define the same match-clients statement for both destionation interfaces, not
differrent one.
The only workaround I see how to rech my goal by
On 4/13/2010 6:42 PM, Jason Davis wrote:
Hello,
Is their an easy way to rdns a /20. I can only find examples for a /24
You need to create individual zones for each /24.
--
... and that's just a little bit of history repeating.
-- Propellerheads
On 04/10/10 02:27, Hedy Dargère wrote:
Hi,
I'm not an expert with Bind but I have to make a specific bindzone for a
domain.
And excuse me for my english :o/
What is the situation ?
==
- the domain name is ag2s.fr
- for now, this domain has 2 DNS : ns6.oleane.net/
When I try to resolve mail.wilmot.me.uk against my local resolver (which
happens to be BIND 9.6.2-P1 atm) I get the expected result:
host mail.wilmot.me.uk
mail.wilmot.me.uk is an alias for wilmot.me.uk.mail.aaisp.net.uk.
wilmot.me.uk.mail.aaisp.net.uk has address 81.187.30.19
On 04/09/10 13:27, Alex wrote:
Hi,
I'm interested in implementing an updated Cymru bogon list,
Why don't you take a step back and let us know what you're trying to
accomplish first.
Doug
--
... and that's just a little bit of history repeating.
--
On 04/09/10 13:28, David Forrest wrote:
Doug: I think it is a server error that is being reported because
the status is NXDOMAIN instead of the expected NOERROR.
Well that's all you really had to say. :) I admit that I didn't catch
the NXDOMAIN bit when I looked at the dig output, I was
On 04/09/10 14:23, Kevin Oberman wrote:
The FreeBSD default configuration does this,
Let's be clear on what this is please, since I don't think the OP's
post was clear about what he wanted to implement. :)
The default named.conf for FreeBSD implements local, empty zones for
various things that
On 04/09/10 20:50, Alex wrote:
Hi,
Let's be clear on what this is please, since I don't think the OP's
post was clear about what he wanted to implement. :)
I'm really interested in security, reducing resources, and making sure
the server is current with today's standards. I'd like to make
On 03/21/10 08:29, michael peters wrote:
That did the trick! Thank you so much for your assistance.
Glad it worked out for you.
Doug
--
... and that's just a little bit of history repeating.
-- Propellerheads
Improve the effectiveness of your Internet
First off, please don't grab an unrelated message and reply to it when
starting a new thread. Please actually post a new message.
In the process of cleaning up a much neglected PTR file
Bind: 9.6.2.1
OS: CentOS 5.4
Current PTR in this format: (1 tab between entries)
$ORIGIN
On 03/20/10 16:46, michael peters wrote:
I've been reading documentation, searching the archives, searched Google
for the answer, but have found nothing that solves the problem.
I have an Ubuntu 9.10 system with BIND 9.6.1 installed for my internal
DNS system.
You'll want to update to at
On 03/20/10 17:11, michael peters wrote:
zone 0.253.150.10.in-addr.arpa in {
type master;
file /etc/bind/10.150.253.0.rev;
};
zone 0.0.16.172.in-addr.arpa in {
type master;
file /etc/bind/172.16.0.0.rev;
};
This is your problem, you're not
I noticed that the patchfix releases of BIND came out today, so
congratulations on that. :) However I was confused by the existence of
both a 9.6.2-P1 and a 9.6-ESV (with the same code inside). Is 9.6.2-P1
the last release on the 9.6 branch? For the purpose of following a
branch in the FreeBSD
On 03/16/10 20:57, Mark Andrews wrote:
In message 4ba04e63.8090...@dougbarton.us, Doug Barton writes:
I noticed that the patchfix releases of BIND came out today, so
congratulations on that. :) However I was confused by the existence of
both a 9.6.2-P1 and a 9.6-ESV (with the same code inside
On 03/16/10 22:17, Mark Andrews wrote:
ESV's are supposed to be releases which are stable, no dot-o-itis.
I'm not suggesting that they should be the latter, thus my comment that
what I _thought_ would happen is that once the dot-releases were done in
a given branch the -ESV would start. Frankly
On 3/2/2010 8:38 AM, donovan jeffrey j wrote:
On Jan 14, 2010, at 8:43 AM, pollex wrote:
I do not see any activity in the thread... is everyone on holidays?
Regards
nope not dead just sleeping :)
... pining for the fjords.
--
... and that's just a little bit of history
On 02/23/10 23:01, sasa sasa wrote:
Hello,
for a 192.168.199.64/26 in zone file to delegate to a customer;
should i put subnet number:
64/26 IN NS ns1.example.com.
64/26 IN NS ns2.example.com.
or host ranges:
64-126 IN NS ns1.example.com.
64-126 IN NS ns2.example.com.
.
.
On 02/19/10 23:07, Daniel Morgan wrote:
I have a couple of BIND servers that I have inherited. I'm getting some
upstream complaints that one of them is issuing duplicate queries on
occasions - probably about a dozen times a day.
You didn't mention what version of BIND you're running. I'm
On 02/20/10 08:54, kalpesh varyani wrote:
Thanks Dave for pointing this out.
the first server did not fail, it behaved as per its configuration.
But for a stub resolver, which cannot follow referrals, isnt it logical
for it to detect referrals and move on to the next name server in the
On 02/18/10 16:20, ic.nssip wrote:
Hi Mark,
This is what I suspect too.
Syslog gives me this record when I start BIND:
named[14380]: [ID 873579 daemon.notice] built with '--with-openssl=yes'
'--enable-largefile' '--sysconfdir=/usr/local/etc'
'--localstatedir=/usr/local/var'
Since no PREFIX
On 02/13/10 18:42, kalpesh varyani wrote:
Hi Rick,
I am aware that it is a somewhat odd (but not incorrect, am I right ?)
to put a non-recursive name server in the resolv.conf
There are certain very specific circumstances where you might want to do
this, but in general I can't see any reason
a zone file for your netblock already?
4. What nameservers do you have the zone configured on now?
... and just in case it's not obvious yet, what you posted won't work,
which is why we need to dig a little deeper.
hth,
Doug
-Original Message-
From: Doug Barton [mailto:do
On 2/5/2010 3:16 PM, Keith Christian wrote:
Version - bind 9.5.1 on CentOS 5.x. Is there a way to log either the
IP of clients requesting lookups of a particular domain?
In other words, I'd like to know the IP of clients trying to resolve
app01.foocompany.net (for example.)
There is
On 2/5/2010 2:41 PM, fddi wrote:
Hello I wanted to ask how could be possible in some way
to have 2 or more multi master name servers authoritative for one domain,
instead of the classical master slave model.
Yes.
--
Improve the effectiveness of your Internet presence with
a
Nadir,
If it's crashing, it's not working normally. :)
The advice Matthew gave is the right solution, but let's do some more
digging. Do the following:
/etc/rc.d/named stop
ps -ax | grep named
You may see a syslog line for the logging socket in the chroot
directory but you should not see a
Chris Thompson wrote:
(Evan Hunt)
Adding SHA-2 to 9.6.x would violate our policy of making major
functional changes only in major releases, so I don't expect we'll
do that. Given the odd circumstances you mentioned, I won't say for
certain that we won't--but I doubt it.
9.7.0 is going to
Simon Dodd wrote:
Thanks for the replies, everyone; I think the consensus is that having
ARIN redelegate is the correct solution, and that's fine by me. (As
mentioned, my marching orders were to do this without redelegating, but
if that's the correct way to do it, I can make that case.)
It IS
Evan Hunt wrote:
BIND 9.6.2 is in the b1 phase atm, which means that there is plenty
of time to get SHA2 in there and get the release out before a signed
root goes live. I encourage the folks at ISC to do so, and if you
agree I encourage you to make your voice heard.
We hear you.
That's
Chris Buxton wrote:
On Dec 13, 2009, at 5:40 PM, Doug Barton wrote:
On Fri, 11 Dec 2009, Mark Andrews wrote: To repeat my primary
objection, if the named user can write to the configuration
directory it can change the contents of named.conf. That's a
security problem.\
So don't put
While this reminder is timely and helpful, more welcome would be the
news that BIND 9.6.2 is going to have actual support for
RSASHA{256|512}. My cursory reading of the 9.6.2b1 code does not seem
to indicate that it does, although I would be happy to be proven wrong.
I personally don't think it's
fujiw...@wide.ad.jp wrote:
I'm using BIND 9.7.0b3 an DLV (dns-lookaside auto;).
FYI I recently committed the port for 9.7.0rc1. Hopefully this will
make it easier for you to continue testing. Please try the port and
let me know if you have any problems with it.
The named tried to write
On Tue, 8 Dec 2009, kalpesh varyani wrote:
Hi all,
Can anyone please tell me is there any other command by which i can
stop the name-server without loosing the recent updates. I know that I can
do this by issuing 'rndc stop' but for some reason I am not able to .
Using rndc is
On Fri, 11 Dec 2009, Mark Andrews wrote:
In message 20091210.162242.460114267490885968.fujiw...@pyon.org, fujiw...@wid
e.ad.jp writes:
I'm using BIND 9.7.0b3 an DLV (dns-lookaside auto;).
The named tried to write managed-keys.bind file into the named's
working directory.
The current BIND 9
gmspro wrote:
What's the main difference between zone and domain?
In what context? Unfortunately both terms get used by various
people/vendors in different ways. A little more detail is needed to
answer your question (although if you're talking strictly DNS terms
Chris' answer was quite
I'm getting the failures logged below on all the recent versions of
BIND. I went back and tested 9.6.1-P1 and it fails too, so it doesn't
look like something that was introduced with the latest patches.
This is on FreeBSD 9-current, and I don't think my args for configure
are particularly exotic.
Mark Andrews wrote:
In message 4b1313c7.1040...@dougbarton.us, Doug Barton writes:
I'm getting the failures logged below on all the recent versions of
BIND. I went back and tested 9.6.1-P1 and it fails too, so it doesn't
look like something that was introduced with the latest patches
Pamela Rock wrote:
For all it's worth, using wireshark, I can see IPv6 UDP queries successfully
traversing in/out. Ping6 works successfully. There is no firewall running
anywhere(IPv4 or 6). Still get
[r...@dig-client ~]# dig -6 a test.domain @bindserver6 +tcp
socket.c:4922:
Pamela Rock wrote:
Hit the wrong key, sorry about that...
I've got a closed lab testing BIND and I've got an interesting problem with
IPv6 queries. Now I have 3 systems all running IPv4 and IPv6. IPv4 queries
work fine across all systems. IPv6 UDP queries work fine as well. When I
Gil Vidals wrote:
Hello,
I have a master and slave running bind 9.4.3,
You should upgrade to version 9.4.3-P3 which has fixes for some
security issues.
and there is a problem
with the outside world resolving new domains that I add to my name
servers. Here is the sequence:
1) add new
201 - 300 of 324 matches
Mail list logo