Re: Troubleshooting BIND stops responding

2017-03-30 Thread Alan Clegg
On 3/30/17 6:02 AM, Mark Elkins wrote: > Stopping right here, Recursive lookup and Authoritative services are > completely different services - and require different servers > (preferably, though you could run multiple incidents of nameservers on a > single server - but that can get ugly).

Re: Troubleshooting BIND stops responding

2017-03-30 Thread Mark Elkins
On 30/03/2017 06:35, i.chu...@volga.ttk.ru wrote: > Greetings to everyone! > > I'm an engineer at local ISP and we have to provide 2 DNS servers running > BIND for our clients. We have logs full of various BIND errors but are > unable to gain full understanding of the problem. The main problem

Re: Zones not being recognised as Signed

2017-03-30 Thread J T
Hi Mark, Thank you for responding. What do you mean by zone apex? If we assume one of the domains that fails to be seen as signed is " example.co.uk" then would the apex be the domain name with no prefixes ? I've changed the domain name but this is part of what I have in my signed zone file for

Re: Zones not being recognised as Signed

2017-03-30 Thread J T
Please ignore the * in the copy pasted records. It seems the list converts color text to be *TEXT* hehe On 31 March 2017 at 00:11, J T wrote: > Hi Mark, > > Thank you for responding. What do you mean by zone apex? > > If we assume one of the domains that fails to be seen

Re: Zones not being recognised as Signed

2017-03-30 Thread J T
Hi Mark, I think I found the problem. Seems Webmins code for handling the signing was't dealing with NSEC3PARAM records properly. Essentially when merging the signed records back in to the original host file it was only putting NSEC, NSEC3 and RRSIG. It wasnt handling NSEC3PARAM at all. The zones

Zones not being recognised as Signed

2017-03-30 Thread J T
Hi, I have 5 signed zones ( 2 x .email, 2 x .com and 1 x .co.uk ). I used Webmin to do the heavy lifting of signing/resigning etc. Only 2 of the 5 zones are recognised as (DNSSEC Signed) by BIND on restart/zone application and that fact is reported in the system logs. I’m trying to work out

Re: bind-dyndb-ldap integration

2017-03-30 Thread Hika van den Hoven
Hi All, I have another question related to bind-dyndb-ldap. Maybe someone can give me some hint(s). bind-dyndb-ldap seems now to be working, only before I used several ACL's in named.conf. Also I have some master and server definitions and some keys for the zone transfer and the comunication

Re: Zones not being recognised as Signed

2017-03-30 Thread Mark Andrews
In message