Let's say I have this setup :
BIND 9.4 named.conf includes a master.zones file with the following:
...
zone ns1.yourdomain.com {
type master;
file master/external/n/ns1.yourdomain.com.signed;
};
zone ns2.yourdomain.com {
I'd like to get your feedback on the following thoughts regarding DNSSEC HW
support.
Any layer 2 or 3 devices forwarding frames or packets should not be affected by
the implementation of DNSSEC regardless of the type of protocol (TCP/UDP) or
the query size (large or small).
Layer 4 devices
Sam Wilson wrote:
In article mailman.814.1268703621.21153.bind-us...@lists.isc.org,
Gary Wallis wgg1...@gmail.com wrote:
Let's say I have this setup :
BIND 9.4 named.conf includes a master.zones file with the following:
...
zone ns1.yourdomain.com {
type master
Alan Clegg wrote:
Gary Wallis wrote:
[other stuff snipped out]
Regarding my main question:
How to delegate signing authority from parent yourdomain.com to child
ns1.yourdomain.com.
Insert the DS records from the child into the parent and re-sign the parent.
I still have to setup a DNSSEC
Jack Tavares wrote:
Hello -
What is the default build on linux (2.6) with regard to threads.
If I don't explicitly enable or disable threads, does named
run threaded or unthreaded?
Threaded.
Thanks
--
jack
groups wrote:
I should have been more specific.. What dnssec tools do the folks at ISC
recommend.. I am scheduled for a 5 day class in Arlington, VA in May 2010
Thx
Charles
Greetings list..
I have recently assumed responsibility and did a
complete rebuild of a Master DNS server running
Alexander Fortin wrote:
Hi folks. I'm having problems trying to set up a DNS forwarding zone for
PTRs records.
The weird thing is that normal DNS zones are working fine, but using
same configurations for the correspondent *.in.addr.arpa zone doesn't
work. Very strange to me seems that
Hope this is helpful:
Your d.c.b.a.in-addr.arpa zone may not have the correct data in it.
Since dig shows no answer for that specific query.
If you have not already learn how to use:
named-checkconf
named-checkzone
Check your named.conf and all files therein included, then check again.
Angela Perez wrote:
Hi,
I'm just writing to confirm that I have the correct understanding of
the relationship between delegation and recursion.
A bit of background: I'm responsible for an Internet-facing server
that has the following requirements. It should support recursion for
known (DMZ)
Phil Mayers wrote:
On 17/05/10 16:02, arcan...@free.fr wrote:
Hi all,
Like a lot of people over the web, I am looking for a clean
multi-master (multi-primary) solution that allow dynamic updates.
Interesting. What's the use-case for this?
From my personal experience the most common use of
Hoover Chan wrote:
I'm new to this list but have been having trouble looking for information on
this topic.
A pointer please to information on how to use BIND to translate a domain name to
a target URL. For example, www.domain -
http://www.someother.domain/folder1/folder2/index.html.
Thanks
DNS people,
CentOS 5 BIND rpm (9.3.6-P1-RedHat-9.3.6-4.P1.el5 ) widespread problem
reports for a significant number of domains on amazonaws.com.
+trace fails but direct dig returns valid data, please look through
the output below since it is shorter than trying to summarize:
[r...@node1vm
--[ UxBoD ]-- wrote:
Hi,
Am having a issue when transferring a zone from a Win2K8 server and receiving
the error:
failed while receiving responses: unexpected error
Now I know why it is happening, just not how to cure it. We have our primary
business zones which are within a view and
Chris Buxton wrote:
On Nov 16, 2010, at 12:44 PM, Gary Wallis wrote:
IPAM is an Infloblox proprietary system that Cricket Liu is involved with.
No.
IPAM = IP Address Management. It is not a product, but rather a product
category. I believe the term was coined by Lucent, or whoever owned QIP
John Williams wrote:
If I have a Linux host with multiple IP's, is there a way to utilize the DIG
command such that the query appears like it's coming from different IP
addresses?
So If I have 10 virtual IP's, is there a way to control the source IP of the
query?
I've referenced the DIG
Gary Wallis wrote:
John Williams wrote:
If I have a Linux host with multiple IP's, is there a way to utilize
the DIG command such that the query appears like it's coming from
different IP addresses?
So If I have 10 virtual IP's, is there a way to control the source IP
of the query?
I've
Alan Clegg wrote:
On 1/1/2011 9:15 AM, Gary Wallis wrote:
You will need to setup one virtual IP for each extra view.
Not since very versions of BIND that are long-since EOL'd. The FAQ goes
into how to use TSIG keys to deal with picking the right one.
This is what no one here addresses
Alan Clegg wrote:
...
Given choices, I think I'm in agreement with you: I'd chose to not do
views.
Based on the posts here, the OP is going to do views. The best thing to
do is provide the best method of replicating those views to the machines
that are providing slave services without using
Thanks guys for all the feedback.
Yes seems like RIPE is involved, and The Planet (TP) refuses to fix
delegation or say they can't 'cause of RIPE, but sounds funny to me, and
I know that many TP tech support staffers know next to nil about DNS.
Have fun with DNS in 2011. Cheers!
Gary
Henry Hartley wrote:
My apologies if this gets to the list twice. I tried to post it through
the web interface but it seems to have been dropped by whatever
screening gets applied.
I'm not sure if I've misunderstood the use of CNAME or if I've simply
done something wrong.
I have two
Gary Wallis wrote:
Henry Hartley wrote:
...
In the second case, which is NOT working, I have a similar CNAME
record but instead of web.me.com, it's on tumblr.com. So, I have this
(this is the actual domain):
www.ioanamorosan.com. CNAME ioanamorosan.tumblr.com.
If you go directly
p...@mail.nsbeta.info wrote:
Gary Wallis writes:
Do not confuse your forwarding with HTTP rewriting.
One is just about DNS records (CNAME, A or otherwise.) The other
happens on the server side (see Apache rewrite engine docs.)
This is nothing about rewrite, but webserver's virtual host
fddi wrote:
thank you for hte thread you pointed me.
Actaully I do not have performance issue, but I just need DNS multi-master.
I could succesfully apply mysql-bind patches.
I have only one zone with few hosts.
thank you very much
Riccardo
On 2/8/11 3:30 PM, Terry. wrote:
2011/2/8
Is there a way to check names via the command line (like with a
named-checkzone type tool.)
I need to validate zone info BEFORE trying to load, log frag:
10-Jul-2012 11:36:02.199 general: zone growXeg.com/IN/external: loading
master file master/external/g/growXeg.com: bad name (check-names)
On 7/10/2012 13:08, Chris Thompson wrote:
On Jul 10 2012, I wrote:
On Jul 10 2012, Gary Wallis wrote:
Is there a way to check names via the command line (like with a
named-checkzone type tool.)
[...]
Check out the -k option of named-checkzone. It defaults to warn anyway,
but you may want
On 7/10/2012 17:04, Evan Hunt wrote:
Well, I have to take that back. As far as I can see the -k option of
named-checkzone has no effect at all, despite the man page, at least
with BIND 9.8.3-P1.
Thank you. Maybe this will be fixed?
It would be great to have named-checkzone be an authoritative
to a hot spare in some other datacenter? In this case
would the running NSs have to have the changed NS A record also match?
Any comments and best practice solution info very welcome.
Thank you,
Gary Wallis
___
Please visit https://lists.isc.org/mailman
DNS experts,
What are the drawbacks, if any, of running only master name servers for
the set of authoritative NSs?
For example given:
[root@rc37 unxsVZ]# dig latimes.com NS +short
dns1.tribune.com.
dns2.tribune.com.
dns4.tribune.com.
dns3.tribune.com.
Where all 4 dnsN servers are in fact
Hello,
What are the drawbacks, if any, of running only master name servers for
the set of authoritative NSs?
For example given:
[root@rc37 unxsVZ]# dig latimes.com NS +short
dns1.tribune.com.
dns2.tribune.com.
dns4.tribune.com.
dns3.tribune.com.
Where all 4 dnsN servers are in fact masters
Thank you Tony and Joseph,
I think you have explained this well, and most importantly, exposed the
underlying issues.
Best regards,
Gary
On 7/14/2014 06:27, Tony Finch wrote:
Gary Wallis wgg1...@gmail.com wrote:
What are the drawbacks, if any, of running only master name servers
Hi,
This pdf is a very good intro with very valid best practices:
http://www.enog.org/presentations/enog-6/196-FerencCsorba-IPv6-Fundm-BestPracts.pdf
Cheers!
Gary Wallis
Unixservice, LLC.
On 12/16/2015 00:09, John W. Blue wrote:
I have found https://ipv6.he.net to be helpful.
John
Sent
On 7/28/2016 14:00, Chris Buxton wrote:
Kirk,
Have a look at the commercial offerings. All of them offer a GUI and an API for
managing BIND servers, including managing zones and records. Some of them are
limited to managing their own appliances. Some of them do offer the ability to
overlay
32 matches
Mail list logo