At Tue, 5 Oct 2010 09:19:49 -0400, Atkins, Brian (GD/VA-NSOC) wrote:
I asked a similar question 2 weeks ago and got a non-response (e.g., a
response with no real information).
From what I've read, everyone seems to frown on over-riding cache times,
but I haven't seen any specifics as to
At Tue, 5 Oct 2010 10:45:04 -0400, Nicholas Wheeler wrote:
I think Brian's OP was about a max-ttl override ... Which is the
opposite. The only disadvantages I see is a potential waste of
bandwidth (and it violates the protocol).
max-ttl is (very) different from min-ttl. max-ttl might (or
At Fri, 1 Oct 2010 07:05:40 -0600, Nicholas F Miller wrote:
It is interesting, when I try an update from a client all I get are
denies. When I try an update using nsupdate -g from the DNS server I
will get a REFUSED but I will also get a DNS/h...@domain kerb ticket
from the keytab.
If you're trying to grant update rights to a specific machine (rather
than every machine in the realm), something like:
grant d...@realm. subdomain dnsname.;
might work better, where d...@realm is (eg) the Kerberos principle
corresponding to your DC and dnsname is the tree to which you want
Sorry, I spent most of the last two weeks locked in a conference room
and mostly off net, still catching up.
At Mon, 27 Sep 2010 07:54:54 -0600, Nicholas F Miller wrote:
DNS Standard query TKEY
At Fri, 17 Sep 2010 09:17:09 -0600, Nicholas F Miller wrote:
I was wondering if it is possible to use the tkey-gssapi-credential
and update-policy on a Windows install of bind. It strikes me that
running bind on a Windows server, snapped into the AD it will serve
DNS to, should be the
At Fri, 17 Sep 2010 13:18:42 -0600, Nicholas F Miller wrote:
Does anyone have instructions on how to setup a Linux bind server to
use GSS-TSIG against an AD? I have found many articles from people
having issues with it but none that had good instructions on how to
get it working. Last year
At Wed, 24 Jun 2009 18:23:52 +, Evan Hunt wrote:
On Wed, Jun 24, 2009 at 05:45:33PM +0200, holger.zule...@arcor.net wrote:
I have some issues with dnssec-signzone under BIND 9.7.0a1.
I'm using different algorithms for key- and zone signing keys.
You can use multiple algorithms in
At Tue, 26 May 2009 15:12:15 +0200, Adam Tkac wrote:
has PGP key been changed?
Current ISC key located on http://oldwww.isc.org/about/openpgp/pgpkey2006.txt
has different ID - 1BC91E6C.
Would it be possible to publish updated PGP key, please?
The new key is in the worldwide
At Mon, 9 Feb 2009 20:11:20 -0500, Peter Fraser wrote:
I have been working to get dynamic updates working with bind-9.5 and
FreeBSD 7 So far I have done the following:
1. COmpiled bind with GSSAPI enabled.
2. Added these to named.conf
At Thu, 8 Jan 2009 09:10:42 -0500, David Coulthart wrote:
Would someone be able to provide some more details as to what
particular configurations of BIND this affects? My interpretation is
it only impacts recursive nameservers that have DNSSEC validation
And not even all of
At Wed, 07 Jan 2009 09:51:07 +1000, Da Rock wrote:
I'm trying to find some more clarification on how to use kerberos for
dnssec. I thought it may have been possible a while ago, was told there
was only tsig, then found a reference to it in the Administrators guide.
I've been trying to find
No obvious reason why it shouldn't work with ms-subdomain.
Next step is probably a protocol trace to see what's happening on the
wire. wireshark/tshark is pretty good for this kind of analysis.
Probably best to run named with -g while you're doing the trace and
capture the output as well (if
At Fri, 26 Dec 2008 14:28:13 +0100, Nico De Ranter wrote:
Dec 26 13:55:33 dns named: configuring TKEY: not implemented
The error suggests that you don't really have GSSAPI enabled
(dst_gssapi_acquirecred() returns that error when called with GSSAPI
support disabled). Check your build
Mail list logo