Resolving .gov w/dnssec

2010-04-22 Thread Timothe Litt
I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and 9.6-ESV configured as valdidating resolvers. Using dig, I get a connection timeout error after a long (~10 sec) delay. +cdflag provides an immediate response. state.gov does not get this error. Note that it uses different nameservers

Re: Views on differrent interfaces

2010-04-22 Thread Tom Schmitt
Thank you for your answer. But this doesn't work: With match-destination and match-clients I can only define the same match-clients statement for both destionation interfaces, not differrent one. The only workaround I see how to rech my goal by only using these commands is to define a third

Re: Resolving .gov w/dnssec

2010-04-22 Thread Paul Wouters
On Thu, 22 Apr 2010, Timothe Litt wrote: I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and 9.6-ESV configured as valdidating resolvers. Using dig, I get a connection timeout error after a long (~10 sec) delay. +cdflag provides an immediate response. Is anyone else seeing this?

Drawing complex deployments

2010-04-22 Thread Todd Snyder
Good day all, This isn't strictly BIND related, but I think it might have some relevance to the members of this list. I am working to document/diagram a very complex BIND deployment (multiple views, forwards, delegations, servers and environments) and I'm looking for

Re: Drawing complex deployments

2010-04-22 Thread Jeff Pang
On Thu, Apr 22, 2010 at 10:15 PM, Todd Snyder tsny...@rim.com wrote: I am working to document/diagram a very complex BIND deployment (multiple views, forwards, delegations, servers and environments) If you can share the document after finishing it we will appreciate that. Thanks. -- Jeff

Re: Resolving .gov w/dnssec

2010-04-22 Thread Torsten
Am Thu, 22 Apr 2010 10:03:43 -0400 (EDT) schrieb Paul Wouters p...@xelerance.com: On Thu, 22 Apr 2010, Timothe Litt wrote: I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and 9.6-ESV configured as valdidating resolvers. Using dig, I get a connection timeout error after a long

Re: Resolving .gov w/dnssec

2010-04-22 Thread Chris Thompson
On Apr 22 2010, Paul Wouters wrote: On Thu, 22 Apr 2010, Timothe Litt wrote: I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and 9.6-ESV configured as valdidating resolvers. Using dig, I get a connection timeout error after a long (~10 sec) delay. +cdflag provides an immediate

Re: Resolving .gov w/dnssec

2010-04-22 Thread Joe Baptista
Looks like the future of the DNSSEC make work project includes resolution failures here and there. More security - less stability - guaranteed slavery. I wounder if it's a fair trade. we'll see .. regards joe baptista On Thu, Apr 22, 2010 at 10:52 AM, Chris Thompson c...@cam.ac.uk wrote: On

RE: Resolving .gov w/dnssec

2010-04-22 Thread Timothe Litt
So, others are also seeing this, and it's not unique to bind or my corner of the internet. Thanks. It seems to have been going on for weeks, so it isn't going to fix itself. Who do I report this to so that it gets resolved? FWIW, I tried +vc - from here, it doesn't help. Also, one sometimes

Re: Views on differrent interfaces

2010-04-22 Thread Doug Barton
On 4/22/2010 5:30 AM, Tom Schmitt wrote: Thank you for your answer. But this doesn't work: With match-destination and match-clients I can only define the same match-clients statement for both destionation interfaces, not differrent one. The only workaround I see how to rech my goal by

Re: Resolving .gov w/dnssec

2010-04-22 Thread Paul Wouters
On Thu, 22 Apr 2010, Chris Thompson wrote: I have the same problems with our validating unbound instance. I suspect that this has to do with dig +dnssec +norec dnskey uspto.gov @dns1.uspto.gov. dig +dnssec +norec dnskey uspto.gov @sns2.uspto.gov. failing with timeouts, while dig +dnssec

Re: Resolving .gov w/dnssec

2010-04-22 Thread Nate Itkin
On Thu, Apr 22, 2010 at 08:06:03AM -0400, Timothe Litt wrote: I'm having trouble resolving uspto.gov with bind 9.6.1-P3 and 9.6-ESV configured as valdidating resolvers. [snip] Is anyone else seeing this? Ideas on how to troubleshoot? Not specifically, but I log a lot of errors resolving in

Re: Resolving .gov w/dnssec

2010-04-22 Thread Casey Deccio
On Thu, Apr 22, 2010 at 11:17 AM, Nate Itkin bind-us...@konadogs.netwrote: Not specifically, but I log a lot of errors resolving in usps.gov. USPS clearly has configuration issues. A representative sample from my logs: 19-Apr-2010 11:04:23.072 lame-servers: no valid RRSIG resolving '

BIND-9.7.0 noanswer_response sideways referral

2010-04-22 Thread Lou Picciano
Bind Users: Wonder if anyone has seen this, and can offer an insight? We've recently installed BIND-9.7.0 onto a server who's configuration under BIND-9.3.6-p1 had been working AOK. It is a pretty simple 'Split View' server - problem is that a DIG request on the 'INTERNAL' view - which does

Re: Resolving .gov w/dnssec

2010-04-22 Thread Michael Sinatra
On 4/22/10 8:55 AM, Timothe Litt wrote: So, others are also seeing this, and it's not unique to bind or my corner of the internet. Thanks. It seems to have been going on for weeks, so it isn't going to fix itself. Who do I report this to so that it gets resolved? I have had good luck