Re: Panic Time! Key Generation Question

2011-04-27 Thread Martin McCormick
Torinthiel writes: > Try deleting the space. Just this. dnssec-keygen inserts space for > readability purposes only. If you still have original *.key and > *.private files, you can check it yourself, that the Key field in > *private contains exactly the same as *.key, minus the space. It actually

[Bind 9.8.0] RPZ deny ALL

2011-04-27 Thread iharrathi.ext
Hi, i want to implement a bind server that only answer query on www.google.com and for the rest answer 127.0.0.17. my solution: www.google.com IN CNAME www.google.com. *.com IN A 127.0.0.17 *.fr

key directory in named.conf

2011-04-27 Thread rams
Hi, How to declare multiple signed key paths in key-directory. When i declare as follows, named not starting. key-directory {"/var/named/zones";"/root/ramesh/Largezone";} Please clarify me. Thanks & Regards, Ramesh ___ bind-users mailing list bind-use

Re: key directory in named.conf

2011-04-27 Thread Tony Finch
rams wrote: > How to declare multiple signed key paths in key-directory. When i declare as > follows, named not starting. > > key-directory {"/var/named/zones";"/root/ramesh/Largezone";} You can specify a key-directory inside a zone statement if you want the keys for that zone to be stored in a

Re: shared KSK for static zone and dynamic subzone?

2011-04-27 Thread Mark Andrews
In message <4db7b21d.8010...@data.pl>, Torinthiel writes: > On 04/27/11 05:40, /dev/rob0 wrote: > > On Tue, Apr 26, 2011 at 10:15:18AM +0100, Phil Mayers wrote: > >> On 04/26/2011 02:13 AM, /dev/rob0 wrote: > >>> Is there any > >>> reason why I can't use the parent zone's KSK for the dynamic > >>>

Mise à

2011-04-27 Thread Flex Banana
Bonjour, J'aimerai mettre à jour mes zones via le méchanisme Dynamic DNS Update en fonction des machines qui se connectent sur mes différentes cartes réseau. Mon serveur est équipé de trois cartes ethernet avec différents subnet qui ne sont pas accessibles les uns des autres et j'ai besoin que

Dynamic DNS Update depuis mes cartes ethernet

2011-04-27 Thread Flex Banana
Bonjour, J'aimerai mettre à jour mes zones via le méchanisme Dynamic DNS Update en fonction des machines qui se connectent sur mes différentes cartes réseau. Mon serveur est équipé de trois cartes ethernet avec différents subnet qui ne sont pas accessibles les uns des autres et j'ai besoin que

Re: key directory in named.conf

2011-04-27 Thread Mark Andrews
In message , rams writes: > Hi, > How to declare multiple signed key paths in key-directory. When i declare as > follows, named not starting. > > key-directory {"/var/named/zones";"/root/ramesh/Largezone";} The syntax is "key-directory ;" Each zone can only have one key-directory. key-director

Re: Dynamic DNS Update depuis mes cartes ethernet

2011-04-27 Thread Christopher Cain
If each of your three adapters get their IP's from DHCP, why don't you configure the DHCP server to update DDNS instead of the client (i.e. - a separate ddns-domainname statement for each DHCP subnet)? That way you can specify the zone to update dynamically based on the subnet each adapter gets an

Stumped - SERVFAIL vs NOERROR?

2011-04-27 Thread Karl Auer
Hi all. Well, I'm stumped. This is causing non-delivery of mail for the affected domain because it is blocking fallback from IPv6 to IPv4 for the domain. The problem smells like misconfigured IPv6 somewhere along the way, but all the servers involved (that have IPv6 addresses) seem to be answerin

BIND error: opcode: QUERY, status: SERVFAIL

2011-04-27 Thread kshitij mali
Hi everbody , we are unable to lookup the domain "goelexports.com" [root@D1OKH680RL ~]# dig goelexports.com ; <<>> DiG 9.2.4 <<>> goelexports.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63082 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHO

Re: Panic Time! Key Generation Question

2011-04-27 Thread Mark Andrews
In message <201104270737.p3r7bad4013...@x.it.okstate.edu>, Martin McCormick wri tes: > Torinthiel writes: > > Try deleting the space. Just this. dnssec-keygen inserts space for > > readability purposes only. If you still have original *.key and > > *.private files, you can check it yourself, that

Re: BIND error: opcode: QUERY, status: SERVFAIL

2011-04-27 Thread Karl Auer
On Wed, 2011-04-27 at 17:45 +0530, kshitij mali wrote: > we are unable to lookup the domain "goelexports.com" > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63082 A trace shows the likely problem: dns2-rz-ap:[log]$ dig +trace goelexports.com [...] ;; Received 505 bytes from 192.58.128.30#

Re: Mise à

2011-04-27 Thread Mark Andrews
In message <1fd98bf0-1d91-419b-beca-9958295de...@bluewin.ch>, Flex Banana write s: > Bonjour, > > J'aimerai mettre =E0 jour mes zones via le m=E9chanisme Dynamic DNS = > Update en fonction des machines qui se connectent sur mes diff=E9rentes = > cartes r=E9seau. > > Mon serveur est =E9quip=E9 de

Re: Stumped - SERVFAIL vs NOERROR?

2011-04-27 Thread Mark Andrews
In message <1303906294.2246.93.camel@karl>, Karl Auer writes: > > Hi all. > > Well, I'm stumped. > > This is causing non-delivery of mail for the affected domain because it > is blocking fallback from IPv6 to IPv4 for the domain. The problem > smells like misconfigured IPv6 somewhere along the

Re: BIND error: opcode: QUERY, status: SERVFAIL

2011-04-27 Thread Mark Andrews
In message , kshitij mali w rites: > Hi everbody , > > we are unable to lookup the domain "goelexports.com" goelexports.com is delegated to the following nameservers which do not exist. Mark goelexports.com.172800 IN NS ns.hostsearchindia.com. goelexports.com.172800

Re: Stumped - SERVFAIL vs NOERROR?

2011-04-27 Thread Tony Finch
Karl Auer wrote: > > Using our local caching, recursive BIND9 nameservers, we get SERVFAIL on > a particular domain, namely "mailergoat.rsi.co.jp". But from other > places, we get NOERROR (which is the correct answer, because there is a > A record with that name). However, from some places outside

Re: BIND error: opcode: QUERY, status: SERVFAIL

2011-04-27 Thread Laurent Bauer
On 27/04/2011 15:03, Karl Auer wrote: > On Wed, 2011-04-27 at 17:45 +0530, kshitij mali wrote: >> we are unable to lookup the domain "goelexports.com" >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63082 > > A trace shows the likely problem: > > dns2-rz-ap:[log]$ dig +trace goelexports.c

Re: BIND error: opcode: QUERY, status: SERVFAIL

2011-04-27 Thread Mark Andrews
In message <4db829e3.5010...@mailclub.fr>, Laurent Bauer writes: > On 27/04/2011 15:03, Karl Auer wrote: > > On Wed, 2011-04-27 at 17:45 +0530, kshitij mali wrote: > >> we are unable to lookup the domain "goelexports.com" > >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63082 > > > > A t

Empty CNAME chain, should getaddrinfo() return EAI_NONAME or EAI_FAIL?

2011-04-27 Thread Doug Barton
Assuming a case where there is an empty CNAME chain, but no error, should getaddrinfo() return EAI_NONAME or EAI_FAIL? For example: ; <<>> DiG 9.8.0 <<>> www.apple.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64776 ;; flags: qr rd ra; QUERY

AXFR/IN' denied

2011-04-27 Thread jeffrey j donovan
Greetings I have 2 systems master and slave, the slave seems to not allow the zone transfer. master 192.168.1.2 // // mydomain.com zone "mydomain.com" { type master; file "domain.db"; allow-transfer { 192.168.96.3; }; allow-update

Re: AXFR/IN' denied

2011-04-27 Thread Torinthiel
On 04/28/11 05:10, jeffrey j donovan wrote: > Greetings > > I have 2 systems master and slave, the slave seems to not allow the zone > transfer. It's the master that doesn't allow zone transfer. You have allow-transfer and allow-update in mydomain.com (which I guess is transfering correctly, at