Re: Resign a zone

2011-11-08 Thread Torinthiel
and upload it to bind, did you remember to change SOA and reload master? Regards, Torinthiel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https

Re: ZSK pre-publish

2011-10-03 Thread Torinthiel
-signzone, or is it possible only with careful manual inclusion? Regards, Torinthiel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org

Re: Max number of views and performance.

2011-08-24 Thread Torinthiel
to me like a recipe for disaster. The time to run through all of the match-clients statements would probably be excessive, and the memory requirements would likely be huge. And one question remains: Why would anyone need such a setup. Torinthiel signature.asc Description: OpenPGP digital

Re: rndc: 'addzone' failed: permission denied

2011-08-17 Thread Torinthiel
'very liberal' mean a+rwX, or something else? Bind might be trying to write as a user you are not expecting. Regards, Torinthiel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list

Re: authoritative server is not caching?

2011-07-19 Thread Torinthiel
cannot cache anser from itself. Cache is for answers a server has received from somewhere, while authoritative answers come directly from zone data. Torinthiel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

Re: master slave different site different resolution

2011-07-14 Thread Torinthiel
normal master-slave setup, which leads to zone maintenance problems. Regards, Torinthiel Date: Thu, 14 Jul 2011 17:42:56 +0800 Subject: Re: master slave different site different resolution From: short...@gmail.com To: d_gabri...@hotmail.it CC: bind-users@lists.isc.org 2011/7/14

Re: SPF implementation schedule.

2011-07-12 Thread Torinthiel
is *mailserver's* side to query for said SPF records and act accordingly. And this does not belong to ISC, but to your mailserver's provider. Postfix can do this by external plugins, some others probably as well but I haven't tested it. Regards, Torinthiel On Mon, Jul 11, 2011 at 7:42 PM, Eivind Olsen eiv

Re: SPF implementation schedule.

2011-07-12 Thread Torinthiel
deeper). Note, I've not tested it deeply, so it might be wrong. Regards, Torinthiel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org

Re: about AUTHORITY SECTION

2011-07-07 Thread Torinthiel
, and the NS records are there just in case - to notify you that you got your answer from authorative ns and what other authorative ns'es are. Torinthiel signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman

Re: DNS is tainted

2011-06-08 Thread Torinthiel
keys, or trying to debug some specific DNS problem. Answers go out and are returned, that's most of what's expected from DNS. Torinthiel 1) ns1.google.com is authoritative nameserver only, which shouldn't answer this query. 2) the TTL is decreased each time, if it's a real authority answer

Re: Compromised BIND?

2011-05-31 Thread Torinthiel
name only different folder, or as named .exe with space appended to base name. Looks great if you have hidded extensions, as it seems you have two files with name named. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users

Re: DNSSEC submit of DLV vs DNSKEY records?

2011-05-05 Thread Torinthiel
is now signed and if you can put DS in .com than putting it in DLV as well is overkill. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind

Re: does authority named require the external name servers?

2011-05-02 Thread Torinthiel
to submitted queries. So it will work correctly, although you won't be able to resolve anything from that box. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman

Re: does authority named require the external name servers?

2011-05-02 Thread Torinthiel
On 05/02/11 14:20, Jeff Pang wrote: 2011/5/2 Jeff Pang jeffrp...@gmail.com: 2011/5/2 Torinthiel torinth...@data.pl: Authority named never sends queries on it's own, only responds to submitted queries. Doesn't it execute iterative query from the root server? For example, given

Re: AXFR/IN' denied

2011-04-27 Thread Torinthiel
, at least nothing you've written says otherwise), but you don't have these in reverse zones. Torinthiel master 192.168.1.2 // // mydomain.com zone mydomain.com { type master; file domain.db; allow-transfer { 192.168.96.3; }; allow

Re: the valid content of TXT RR

2011-04-22 Thread Torinthiel
. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Migrate domains to different DNS servers

2011-04-20 Thread Torinthiel
DNS. Possible problem: glue records. With internal NS and no access to registrar you have no way to update glue records, so domain will still be delegated to old servers. Regards, Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https

Re: DNS record delegation

2011-04-10 Thread Torinthiel
and other records as well. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS queries with 3 networks

2011-04-08 Thread Torinthiel
The only way would be to create 3 different zone files, with those addresses, and 3 different views on this sever, each having a different zone file and configured for different networks I don't have bind ARM on-hand, but there was a section on views. Regards, Torinthiel

Re: A beginners question regarding a caching-only name server

2011-04-08 Thread Torinthiel
. And if you want to limit who can use your server recursively, its better to use option {allow-recursion{ 192.168.239.0/24;};} Regards, Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: A beginners question regarding a caching-only name server

2011-04-08 Thread Torinthiel
connectivity. Regards, Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Change Query Type on nslookup

2011-04-06 Thread Torinthiel
for any of the tools. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9 And Short Name resolution Problem

2011-04-01 Thread Torinthiel
bind to either not use IPv6 or at least prefer IPv4. liste-on-v6 {none;} in named.conf does not help, and I'm not much surprised, as it's about listening and not querying. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users

Re: Zone File IP address/Hostname

2011-04-01 Thread Torinthiel
zones is absolutely normal, and there are no reasons to require more than one IP address with that. Torinthiel root:/var/named# cat named.conf options { listen-on-v6 { none; }; listen-on { 192.168.5.5; }; directory /var/named; }; zone 0.0.127.in-addr.arpa { type

Re: Trouble loading a zone file after updating BIND

2011-03-31 Thread Torinthiel
On 03/31/11 04:54, Mike Diggins wrote: The A records for the two nameservers exist in the sub.Domain.CA zone file. I can fix the error by adding the two nameserver A records to the Domain.CA zone file but I'm wondering why this is an error with 9.7, and not 9.2.1, and is this the correct way

Re: Error in bind manpage?

2011-03-27 Thread Torinthiel
On 03/27/11 09:07, Mark Andrews wrote: Could you please send it to bind9-bugs. That way it will be tracked. Thanks for the pointer, did that. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users

Re: problem for validate the script dnssec to isc dlv

2011-03-27 Thread Torinthiel
debuguers response and writing conseil for new areas zone) Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: problem for validate the script dnssec to isc dlv

2011-03-27 Thread Torinthiel
On 03/27/11 20:45, fakessh @ wrote: That would be the key with id 47103 in your case. The one that has SEP flag, the one that only signs DNSKEY records and not others. Regards, Torinthiel http://www.mail-archive.com/bind-users@lists.isc.org/msg09107.html This is your word i reread

Re: problem validate key of isc dlv

2011-03-21 Thread Torinthiel
convince admins to deploy DNSSec or drop those nameservers. Then it should work. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Master ns on internal lan

2011-03-20 Thread Torinthiel
either use ip/length or (even better) use TSIG keys as authentication. Regards, Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: problem validate key of isc dlv

2011-03-20 Thread Torinthiel
create zone. and what is this other publication of another DS I have no idea what do you mean by this sentence. Torinthiel Le lundi 21 mars 2011 à 08:25 +1100, Mark Andrews a écrit : In message 1300650238.6651.15.camel@localhost.localdomain, fakessh @ writes : hello bind network and duru

Re: About name servers registration

2011-03-10 Thread Torinthiel
-servers.net which right now returns dns[1-4].registrar-servers.com, so not the ones you've typed. And, as your servers don't answer for dig ns dnsbed.com @ns1.dnsbed.com then I guess my original assumption of your domain has been wrong. Bujt the procedure still is same. Torinthiel

Re: about AUTHORITY SECTION

2011-03-04 Thread Torinthiel
for servers which are not authorative for a given zone. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Having trouble with logging syntax

2011-03-03 Thread Torinthiel
/var/log/query.log version 3 size 5m; You want 3 versions, so why separate keyword from its parameter? Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: inconsistency dnssec debuguers response and writing conseil for new areas zone

2011-03-01 Thread Torinthiel
. This might, or might not be related to providing DNSSEC by other OVH branches and for other registries. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: inconsistency dnssec debuguers response and writing conseil for new areas zone

2011-03-01 Thread Torinthiel
On 03/01/11 21:52, fakessh @ wrote: as I now know what key DS uses. That would be the key with id 47103 in your case. The one that has SEP flag, the one that only signs DNSKEY records and not others. Regards, Torinthiel signature.asc Description: OpenPGP digital signature

Re: why dig +short for NS doesn't get the result

2011-02-28 Thread Torinthiel
instructs dig to only write extract of ANSWER section. your reply is in authorative section. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Help on recursive set up

2011-02-23 Thread Torinthiel
named.conf has related config (and/or comments). Regards,  Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about some oddities in the logs

2011-02-22 Thread Torinthiel
hint; } not enough for you? Regards,   Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: bind and IPV6

2011-02-22 Thread Torinthiel
. - Can anybody give some feedback on the IPV6 compliancy? IS bind-9.6-ESV-R3 totally compliant with IPV6? Yes. But a different issue might be is your system (the box Bind runs on, network, routers, firewalls) IPv6 compliant. Torinthiel ___ bind-users

Re: mx selection order

2011-02-22 Thread Torinthiel
those failed. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about some oddities in the logs

2011-02-22 Thread Torinthiel
Dnia 2011-02-22 13:29 Eivind Olsen napisał(a): On Tue, 22 Feb 2011 08:59:51 +0100, Torinthiel torinth...@data.pl wrote: Hmm, looks to me as the box listed as client sends some strange notify messages. Notify normally should contain SOA, so that receiving NS can tell if it has outdated zone

Re: Please Help

2011-02-16 Thread Torinthiel
198.41.0.4 (which is a.root-servers.net's IP address) Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: multi-master with mysql backend

2011-02-14 Thread Torinthiel
up a more complicated script, that tries to ping the other server and runs master config generation, freeze, soa change, thaw, reload and send you an email - and you have fully automated HA. Torinthiel ___ bind-users mailing list bind-users

Re: bind on vps

2011-02-13 Thread Torinthiel
I use this registers or must I leave it blank? I case it is convenient setup a domain name at VPS dns, what can I put there? Those are the PTR records. For DNS you probably don't need them For email you definitely do, for WWW probably not. Regards, Torinthiel

Re: bind on vps

2011-02-13 Thread Torinthiel
On 02/13/11 17:16, Walter Alejandro Iglesias wrote: On Sun, Feb 13, 2011 at 02:13:48PM +0100, Torinthiel wrote: On 02/13/11 12:52, Walter Alejandro Iglesias wrote: It will be a web hosting sever. I wrote my own web client panel and my own bash scripts to automate the upload of new client's

Re: syntax/format of zone on slave $ORIGIN/paragraph - sorted?

2011-02-11 Thread Torinthiel
your.zone.dump maybe add +noall +answer to get rid of (most) comments and useless stuff. And you will get double SOA record, at start and end of file. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo

Re: syntax/format of zone on slave $ORIGIN/paragraph - sorted?

2011-02-09 Thread Torinthiel
and www.example.com. a 1.2.3.4 are completely equivalent. Now, why would you want to look into slave files, except for verifying that the zone transfer succeeded? Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org

Re: about the file command

2011-02-08 Thread Torinthiel
Dnia 2011-02-08 17:40 Terry. napisał(a): Hi list, Can BIND's file command referer to more than one zone file? For example, zone test.nsbeta.info { type master; file a.db; file b.db; }; When a record doesn't exist in a.db, BIND will continue to look

Re: Delegation question

2011-02-04 Thread Torinthiel
it on production environment. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Some dnssec-signzone questions

2011-02-01 Thread Torinthiel
? Regards,  Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Some dnssec-signzone questions

2011-02-01 Thread Torinthiel
On 02/01/11 19:44, Paul Wouters wrote: On Tue, 1 Feb 2011, Torinthiel wrote: To clarify things, I'm using BIND 9.7.2-P2. First is about input file: you can specify on the command line either the signed version of the zone, or the unsigned one. What I'd like to do hovever, is to use both

Re: Recursive DNS problem

2011-01-28 Thread Torinthiel
that one of those I've already pointed to contains this information, but also that a different one states this information. But it was RFC for certain. Regards,  Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org

Re: Recursive DNS problem

2011-01-27 Thread Torinthiel
, or the server needs fixing and adding another servers is necessary. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Forward using CNAME record

2011-01-25 Thread Torinthiel
on the way. The web server must be  configured to handle it. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: get a domain's dns records

2011-01-21 Thread Torinthiel
information about nsbeta.info Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: how to proper include DS record on key dnssec

2011-01-14 Thread Torinthiel
Dnia 2011-01-14 03:11 fakessh @ napisał(a): hello bind network and hello dnssec network admin. thank you for answered, I think I found a solution to my problem. $INCLUDE directive is that I have to handle example: $INCLUDE /var/named/keys/dsset-fakessh.eu. fakessh.eu YOU don't do

Re: bind 9 multiple masters setup

2011-01-12 Thread Torinthiel
) to initiate that connection, it can't change zones by itself. You could of course copy zone files to slaves by some means (rsync? scp?) and then rndc reload the slave, but a) why? b) it really isn't a slave anymore, at least not in DNS terms. Torinthiel

Re: DNSSEC's sorted zone

2011-01-12 Thread Torinthiel
can be generated without sorting. Of course RRSIGs on NSEC need NSEC, so indirectly need sorting too. For NSEC3 (which you are using) sorting makes no sense. Signing only needs to sort hashed names to generate NSEC3 records. No need to sort actual records in zone. Torinthiel

Re: DNSSEC Keys - and trying to not leaving them around

2011-01-12 Thread Torinthiel
screwed. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: NSEC3 ISSUE

2011-01-08 Thread Torinthiel
of bind are you using? My wild guess is that it's not recent enough to recognize NSEC3 signatures. Bind 9.4.3 was not, and I got exactly the same symptoms. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo

Re: bind replication

2010-12-31 Thread Torinthiel
zones. You could also try rndc reconfig, but I think it will only load new zonesm the ones just added in configuration, not never wersions of old zones). Regards,  Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman

Re: ignoring incorrect nameservers in authority section

2010-12-30 Thread Torinthiel
. If not for that flag, then yes, I'd consider it a lame response, although probably someone more knowledgeable than me should judge this. Regards,  Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo

Re: ignoring incorrect nameservers in authority section

2010-12-30 Thread Torinthiel
Dnia 2010-12-30 11:45 Torinthiel napisał(a): Dnia 2010-12-30 18:03 p...@mail.nsbeta.info napisał(a): Sunil Shetye writes: Case 2: Lame Server Reply === $ dig +norecurse @a.iana-servers.net. example.org. ;; flags: qr ra

Re: Does anyone know where to find the ISC signing keys for source packages?

2010-12-28 Thread Torinthiel
. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: auto update signatures dnssec

2010-12-28 Thread Torinthiel
to give the user runing bind (probably named) rights to write to /var/named/renelacroute.fr.hosts.jnl directory. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: bind 9.7.2-P3 does not resolve www.microsoft.com

2010-12-28 Thread Torinthiel
don't have a hard time believing this. Although, if it works when VM is duplicated but has no traffic, it looks like something else to me (maybe two completely different errors, but with similar apperance) Torinthiel ___ bind-users mailing list bind-users

dnssec-lookaside != auto

2010-12-19 Thread Torinthiel
. secspider.cs.ucla.edu looks interesting. Can anyone shed some light if this is my mistake, not having something in configuration, or a general bind error? Regards, Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo

Re: dnssec-lookaside != auto

2010-12-19 Thread Torinthiel
On 12/20/10 01:32, Mark Andrews wrote: In message 4d0e8340.9060...@data.pl, Torinthiel writes: Hello everyone, I've recently updated bind to version 9.7.2_p3. Upgraded from what? From 9.4.3_p5 I've been using DLV before that, specifically dlv.isc.org, with two entries