. secspider.cs.ucla.edu looks interesting.
Can anyone shed some light if this is my mistake, not having something
in configuration, or a general bind error?
Regards,
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo
On 12/20/10 01:32, Mark Andrews wrote:
In message 4d0e8340.9060...@data.pl, Torinthiel writes:
Hello everyone,
I've recently updated bind to version 9.7.2_p3.
Upgraded from what?
From 9.4.3_p5
I've been using DLV before that, specifically dlv.isc.org, with two
entries
.
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
to give the user runing bind (probably named) rights to
write to /var/named/renelacroute.fr.hosts.jnl directory.
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
don't have a hard time believing this.
Although, if it works when VM is duplicated but has no traffic, it looks
like something else to me (maybe two completely different errors, but with
similar apperance)
Torinthiel
___
bind-users mailing list
bind-users
. If not for that flag, then yes, I'd
consider it a lame response, although probably someone more knowledgeable
than me should judge this.
Regards,
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo
Dnia 2010-12-30 11:45 Torinthiel napisał(a):
Dnia 2010-12-30 18:03 p...@mail.nsbeta.info napisał(a):
Sunil Shetye writes:
Case 2: Lame Server Reply
===
$ dig +norecurse @a.iana-servers.net. example.org.
;; flags: qr ra
zones.
You could also try rndc reconfig, but I think it will only load new zonesm
the ones just added in configuration, not never wersions of old zones).
Regards,
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
of bind are you using? My wild guess is that it's not
recent enough to recognize NSEC3 signatures. Bind 9.4.3 was not, and I
got exactly the same symptoms.
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo
) to initiate that
connection, it can't change zones by itself.
You could of course copy zone files to slaves by some means (rsync?
scp?) and then rndc reload the slave, but
a) why?
b) it really isn't a slave anymore, at least not in DNS terms.
Torinthiel
Dnia 2011-01-14 03:11 fakessh @ napisał(a):
hello bind network and hello dnssec network admin.
thank you for answered,
I think I found a solution to my problem.
$INCLUDE directive is that I have to handle
example:
$INCLUDE /var/named/keys/dsset-fakessh.eu. fakessh.eu
YOU don't do
information about nsbeta.info
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
on the way. The web server must be
configured to handle it.
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
, or the server needs fixing and adding another servers is
necessary.
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
that one of those I've already
pointed to contains this information, but also that a different one states
this information. But it was RFC for certain.
Regards,
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
?
Regards,
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
it on production environment.
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Dnia 2011-02-08 17:40 Terry. napisał(a):
Hi list,
Can BIND's file command referer to more than one zone file?
For example,
zone test.nsbeta.info {
type master;
file a.db;
file b.db;
};
When a record doesn't exist in a.db, BIND will continue to look
and
www.example.com. a 1.2.3.4
are completely equivalent.
Now, why would you want to look into slave files, except for verifying
that the zone transfer succeeded?
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
your.zone.dump
maybe add +noall +answer to get rid of (most) comments and useless stuff.
And you will get double SOA record, at start and end of file.
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo
I use this registers or
must I leave it blank? I case it is convenient setup a domain
name at VPS dns, what can I put there?
Those are the PTR records. For DNS you probably don't need them For
email you definitely do, for WWW probably not.
Regards,
Torinthiel
On 02/13/11 17:16, Walter Alejandro Iglesias wrote:
On Sun, Feb 13, 2011 at 02:13:48PM +0100, Torinthiel wrote:
On 02/13/11 12:52, Walter Alejandro Iglesias wrote:
It will be a web hosting sever. I wrote my own web client
panel and my own bash scripts to automate the upload of new
client's
up a more complicated script, that tries to ping the
other server and runs master config generation, freeze, soa change, thaw,
reload and send you an email - and you have fully automated HA.
Torinthiel
___
bind-users mailing list
bind-users
198.41.0.4 (which is a.root-servers.net's IP address)
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
hint; }
not enough for you?
Regards,
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
.
- Can anybody give some feedback on the IPV6 compliancy?
IS bind-9.6-ESV-R3 totally compliant with IPV6?
Yes.
But a different issue might be is your system (the box Bind runs on, network,
routers, firewalls) IPv6 compliant.
Torinthiel
___
bind-users
those
failed.
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Dnia 2011-02-22 13:29 Eivind Olsen napisał(a):
On Tue, 22 Feb 2011 08:59:51 +0100, Torinthiel torinth...@data.pl
wrote:
Hmm, looks to me as the box listed as client sends some strange notify
messages. Notify normally should contain SOA, so that receiving NS can
tell if it has outdated zone
named.conf has related config (and/or comments).
Regards,
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
instructs dig to only write extract of ANSWER section. your reply
is in authorative section.
Torinthiel
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
. This might, or might
not be related to providing DNSSEC by other OVH branches and for other
registries.
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
/var/log/query.log version 3 size 5m;
You want 3 versions, so why separate keyword from its parameter?
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
for servers which are not authorative for a given zone.
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-servers.net
which right now returns dns[1-4].registrar-servers.com, so not the ones
you've typed.
And, as your servers don't answer for
dig ns dnsbed.com @ns1.dnsbed.com
then I guess my original assumption of your domain has been wrong. Bujt the
procedure still is same.
Torinthiel
either use ip/length or (even better) use
TSIG keys as authentication.
Regards,
Torinthiel
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
create zone.
and what is this other publication of another DS
I have no idea what do you mean by this sentence.
Torinthiel
Le lundi 21 mars 2011 à 08:25 +1100, Mark Andrews a écrit :
In message 1300650238.6651.15.camel@localhost.localdomain, fakessh @
writes
:
hello bind network and duru
convince admins to deploy DNSSec or drop those nameservers.
Then it should work.
Torinthiel
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On 03/27/11 09:07, Mark Andrews wrote:
Could you please send it to bind9-bugs. That way it will be tracked.
Thanks for the pointer, did that.
Torinthiel
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users
debuguers response and writing conseil for new areas zone)
Torinthiel
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On 03/27/11 20:45, fakessh @ wrote:
That would be the key with id 47103 in your case. The one that has SEP
flag, the one that only signs DNSKEY records and not others.
Regards,
Torinthiel
http://www.mail-archive.com/bind-users@lists.isc.org/msg09107.html
This is your word
i reread
On 03/31/11 04:54, Mike Diggins wrote:
The A records for the two nameservers exist in the sub.Domain.CA zone
file. I can fix the error by adding the two nameserver A records to the
Domain.CA zone file but I'm wondering why this is an error with 9.7, and
not 9.2.1, and is this the correct way
bind to either not use IPv6 or at least prefer IPv4.
liste-on-v6 {none;} in named.conf does not help, and I'm not much
surprised, as it's about listening and not querying.
Torinthiel
signature.asc
Description: OpenPGP digital signature
___
bind-users
zones is absolutely normal, and there are no
reasons to require more than one IP address with that.
Torinthiel
root:/var/named# cat named.conf
options {
listen-on-v6 { none; };
listen-on { 192.168.5.5; };
directory /var/named;
};
zone 0.0.127.in-addr.arpa {
type
for any of the tools.
Torinthiel
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
The only way would be to create 3 different zone files, with those addresses,
and 3 different views on this sever, each having a different zone file and
configured for different networks
I don't have bind ARM on-hand, but there was a section on views.
Regards,
Torinthiel
. And if you want
to limit who can use your server recursively,
its better to use option {allow-recursion{ 192.168.239.0/24;};}
Regards,
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
connectivity.
Regards,
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
and other records as well.
Torinthiel
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
DNS.
Possible problem: glue records. With internal NS and no access to registrar
you have no way to update glue records, so domain will still be delegated to
old servers.
Regards,
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https
.
Torinthiel
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
, at least nothing you've written says otherwise),
but you don't have these in reverse zones.
Torinthiel
master 192.168.1.2
//
// mydomain.com
zone mydomain.com {
type master;
file domain.db;
allow-transfer { 192.168.96.3; };
allow
to
submitted queries. So it will work correctly, although you won't be able
to resolve anything from that box.
Torinthiel
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
On 05/02/11 14:20, Jeff Pang wrote:
2011/5/2 Jeff Pang jeffrp...@gmail.com:
2011/5/2 Torinthiel torinth...@data.pl:
Authority named never sends queries on it's own, only responds to
submitted queries.
Doesn't it execute iterative query from the root server?
For example, given
is now signed and if you can put DS in .com than putting it
in DLV as well is overkill.
Torinthiel
signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind
name only different folder, or as named
.exe with space appended to base name. Looks great if you have hidded
extensions, as it seems you have two files with name named.
Torinthiel
signature.asc
Description: OpenPGP digital signature
___
bind-users
keys, or
trying to debug some specific DNS problem. Answers go out and are
returned, that's most of what's expected from DNS.
Torinthiel
1) ns1.google.com is authoritative nameserver only, which shouldn't answer
this query.
2) the TTL is decreased each time, if it's a real authority answer
, and the NS records are there just in
case - to notify you that you got your answer from authorative ns and
what other authorative ns'es are.
Torinthiel
signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman
is *mailserver's* side to query for
said SPF records and act accordingly. And this does not belong to ISC,
but to your mailserver's provider. Postfix can do this by external
plugins, some others probably as well but I haven't tested it.
Regards,
Torinthiel
On Mon, Jul 11, 2011 at 7:42 PM, Eivind Olsen eiv
deeper).
Note, I've not tested it deeply, so it might be wrong.
Regards,
Torinthiel
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
normal master-slave setup, which leads to zone
maintenance problems.
Regards,
Torinthiel
Date: Thu, 14 Jul 2011 17:42:56 +0800
Subject: Re: master slave different site different resolution
From: short...@gmail.com
To: d_gabri...@hotmail.it
CC: bind-users@lists.isc.org
2011/7/14
cannot cache anser from itself. Cache is for
answers a server has received from somewhere, while authoritative
answers come directly from zone data.
Torinthiel
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
'very liberal' mean a+rwX, or something else? Bind
might be trying to write as a user you are not expecting.
Regards,
Torinthiel
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
to me like a recipe for disaster. The time to run
through all of the match-clients statements would probably be excessive,
and the memory requirements would likely be huge.
And one question remains: Why would anyone need such a setup.
Torinthiel
signature.asc
Description: OpenPGP digital
-signzone, or is it possible only with careful manual inclusion?
Regards,
Torinthiel
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org
and upload it to bind, did
you remember to change SOA and reload master?
Regards,
Torinthiel
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https
65 matches
Mail list logo