Hello,
To be precise :
bind.odvr.dns-oarc.net. validates
but seems to ignore expired (but otherwise valid) signatures.
unbound.odvr.dns-oarc.net. validates without ignoring expired signatures.
Kind regards,
Marc Lampo
Security Officer
EURid vzw/asbl
-Original Message-
From: Spain, D
>Does this also stop a slave from checking when it receives a
>notify? The documentation isn't clear on that.
configure master not to send notifies then. Alternatively, you can
deny notifies from master. But the first Mark's question is still
important:
What are you trying to achieve?
On 03.02.
[ Quoting at 13:32 on Feb 6 in "Re: bind crash with ..." ]
> >needed to go in production. (Sadly bind bugs aren't searchable on the
> >internet).
> >
> >So to work around this I thought: kill the SOA timers (messing with the
> >zone is not an option) and only use notifies. But then bind crashes :
Spain, Dr. Jeffry A. wrote:
>
> Checking your two name servers, 8.8.8.8 (google-public-dns-a.google.com)
> doesn't appear to offer DNSSEC validation, and 78.46.213.227
> (rms.coozila.com) doesn't respond to my query at all.
It's worse than that. Google Public DNS doesn't support DNSSEC at all, so
Samer Khattab wrote:
> What is BIND internal logic when such a series of queries are received, and
> why it would not answer to all requests.
Each query in progress from a given client must have a different ID, so
queries with the same ID are logically the same query which only needs one
reply.
>> Feb 4 15:53:46 nsb0s named[9090]: zone jspain.us/IN (signed): zone serial
>> (2012013003) unchanged. zone may fail to transfer to slaves.
> I suspect that is is benign. Had you just thawed the server/zone?
After a review of the logs over the past several days, I see that this message
occurr
I know this is a bind list, but does anyone know any public information about
when/if Microsoft is going to release a SHA2 compatible DNS server so it can be
used as a validating DNSSEC resolver without forwarders? Since the root trust
anchor is published in SHA2, currently it can't be used (unl
> I know this is a bind list, but does anyone know any public information about
> when/if Microsoft is going to release a SHA2 compatible DNS server so it can
> be used as a validating DNSSEC resolver without forwarders? Since the root
> trust anchor is published in SHA2, currently it can't be u
On 2/6/2012 1:35 PM, Gaurav kansal wrote:
> Can anyone please tell me why TYPE50 RR is showing in response
> coming from .in domain
Because your version of DIG does not understand NSEC3 records.
http://tools.ietf.org/html/rfc5155
AlanC
--
a...@clegg.com | 1.919.355.8851
signature.as
Thanks Alan.
I got it.
But why I am getting two NSEC3 records for .in domain?? Shouldn't I
get one NSEC3 RR only
9sf2fomuor72m596ccsodg86639e6odr.in. 86400 IN TYPE50 \# 39
0101000104D399EAAB144F26941DE035CEBAF0F6DDC54DA445170C24
05870007220290
9sf2fomuor72m596ccsodg86639e6odr
On Feb 6 2012, Gaurav kansal wrote:
Thanks Alan.
I got it.
But why I am getting two NSEC3 records for .in domain?? Shouldn't I
get one NSEC3 RR only
Because the "in" servers are denying the existence of a signed delegation
for "nknsec.in", while (because the zone uses opt-out) al
In message <001301cce503$0716a950$1543fbf0$@nic.in>, Gaurav kansal writes:
> Thanks Alan.
> I got it.
>
> But why I am getting two NSEC3 records for .in domain?? Shouldn't I
> get one NSEC3 RR only
Because that is what is required. We are sending the proof thay that a DS
record does
Hi,
I got a server with 16GB memory, want to install 2 BIND on CentOS, one cache
only and another authoritative.
Is it better to install 2 OS virtually and run BIND in them or run 2 instances
of BIND on the same OS? I mean what is the best practice to take advantage of
the hardware resources wit
δΊ 2012-2-7 15:09, sasa sasa ει:
I got a server with 16GB memory, want to install 2 BIND on CentOS, one cache
only and another authoritative.
Is it better to install 2 OS virtually and run BIND in them or run 2 instances
of BIND on the same OS? I mean what is the best practice to take advantage
14 matches
Mail list logo