dnssec-lookaside != auto

. secspider.cs.ucla.edu looks interesting. Can anyone shed some light if this is my mistake, not having something in configuration, or a general bind error? Regards, Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo

Re: dnssec-lookaside != auto

On 12/20/10 01:32, Mark Andrews wrote: In message 4d0e8340.9060...@data.pl, Torinthiel writes: Hello everyone, I've recently updated bind to version 9.7.2_p3. Upgraded from what? From 9.4.3_p5 I've been using DLV before that, specifically dlv.isc.org, with two entries

Re: Does anyone know where to find the ISC signing keys for source packages?

. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: auto update signatures dnssec

to give the user runing bind (probably named) rights to write to /var/named/renelacroute.fr.hosts.jnl directory. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: bind 9.7.2-P3 does not resolve www.microsoft.com

don't have a hard time believing this. Although, if it works when VM is duplicated but has no traffic, it looks like something else to me (maybe two completely different errors, but with similar apperance) Torinthiel ___ bind-users mailing list bind-users

Re: ignoring incorrect nameservers in authority section

. If not for that flag, then yes, I'd consider it a lame response, although probably someone more knowledgeable than me should judge this. Regards,  Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo

Re: ignoring incorrect nameservers in authority section

Dnia 2010-12-30 11:45 Torinthiel napisał(a): Dnia 2010-12-30 18:03 p...@mail.nsbeta.info napisał(a): Sunil Shetye writes: Case 2: Lame Server Reply === $ dig +norecurse @a.iana-servers.net. example.org. ;; flags: qr ra

Re: bind replication

zones. You could also try rndc reconfig, but I think it will only load new zonesm the ones just added in configuration, not never wersions of old zones). Regards,  Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman

Re: NSEC3 ISSUE

of bind are you using? My wild guess is that it's not recent enough to recognize NSEC3 signatures. Bind 9.4.3 was not, and I got exactly the same symptoms. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo

Re: bind 9 multiple masters setup

) to initiate that connection, it can't change zones by itself. You could of course copy zone files to slaves by some means (rsync? scp?) and then rndc reload the slave, but a) why? b) it really isn't a slave anymore, at least not in DNS terms. Torinthiel

Re: how to proper include DS record on key dnssec

Dnia 2011-01-14 03:11 fakessh @ napisał(a): hello bind network and hello dnssec network admin. thank you for answered, I think I found a solution to my problem. $INCLUDE directive is that I have to handle example: $INCLUDE /var/named/keys/dsset-fakessh.eu. fakessh.eu YOU don't do

Re: get a domain's dns records

information about nsbeta.info Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Forward using CNAME record

on the way. The web server must be  configured to handle it. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Recursive DNS problem

, or the server needs fixing and adding another servers is necessary. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Recursive DNS problem

that one of those I've already pointed to contains this information, but also that a different one states this information. But it was RFC for certain. Regards,  Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org

Some dnssec-signzone questions

? Regards,  Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Delegation question

it on production environment. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: about the file command

Dnia 2011-02-08 17:40 Terry. napisał(a): Hi list, Can BIND's file command referer to more than one zone file? For example, zone test.nsbeta.info { type master; file a.db; file b.db; }; When a record doesn't exist in a.db, BIND will continue to look

Re: syntax/format of zone on slave $ORIGIN/paragraph - sorted?

and www.example.com. a 1.2.3.4 are completely equivalent. Now, why would you want to look into slave files, except for verifying that the zone transfer succeeded? Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org

Re: syntax/format of zone on slave $ORIGIN/paragraph - sorted?

your.zone.dump maybe add +noall +answer to get rid of (most) comments and useless stuff. And you will get double SOA record, at start and end of file. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo

Re: bind on vps

I use this registers or must I leave it blank? I case it is convenient setup a domain name at VPS dns, what can I put there? Those are the PTR records. For DNS you probably don't need them For email you definitely do, for WWW probably not. Regards, Torinthiel

Re: bind on vps

On 02/13/11 17:16, Walter Alejandro Iglesias wrote: On Sun, Feb 13, 2011 at 02:13:48PM +0100, Torinthiel wrote: On 02/13/11 12:52, Walter Alejandro Iglesias wrote: It will be a web hosting sever. I wrote my own web client panel and my own bash scripts to automate the upload of new client's

Re: multi-master with mysql backend

up a more complicated script, that tries to ping the other server and runs master config generation, freeze, soa change, thaw, reload and send you an email - and you have fully automated HA. Torinthiel ___ bind-users mailing list bind-users

Re: Please Help

198.41.0.4 (which is a.root-servers.net's IP address) Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about some oddities in the logs

hint; } not enough for you? Regards,   Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: bind and IPV6

. - Can anybody give some feedback on the IPV6 compliancy? IS bind-9.6-ESV-R3 totally compliant with IPV6? Yes. But a different issue might be is your system (the box Bind runs on, network, routers, firewalls) IPv6 compliant. Torinthiel ___ bind-users

Re: mx selection order

those failed. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Question about some oddities in the logs

Dnia 2011-02-22 13:29 Eivind Olsen napisał(a): On Tue, 22 Feb 2011 08:59:51 +0100, Torinthiel torinth...@data.pl wrote: Hmm, looks to me as the box listed as client sends some strange notify messages. Notify normally should contain SOA, so that receiving NS can tell if it has outdated zone

Re: Help on recursive set up

named.conf has related config (and/or comments). Regards,  Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: why dig +short for NS doesn't get the result

instructs dig to only write extract of ANSWER section. your reply is in authorative section. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: inconsistency dnssec debuguers response and writing conseil for new areas zone

. This might, or might not be related to providing DNSSEC by other OVH branches and for other registries. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Having trouble with logging syntax

/var/log/query.log version 3 size 5m; You want 3 versions, so why separate keyword from its parameter? Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: about AUTHORITY SECTION

for servers which are not authorative for a given zone. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: About name servers registration

-servers.net which right now returns dns[1-4].registrar-servers.com, so not the ones you've typed. And, as your servers don't answer for dig ns dnsbed.com @ns1.dnsbed.com then I guess my original assumption of your domain has been wrong. Bujt the procedure still is same. Torinthiel

Re: Master ns on internal lan

either use ip/length or (even better) use TSIG keys as authentication. Regards, Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: problem validate key of isc dlv

create zone. and what is this other publication of another DS I have no idea what do you mean by this sentence. Torinthiel Le lundi 21 mars 2011 à 08:25 +1100, Mark Andrews a écrit : In message 1300650238.6651.15.camel@localhost.localdomain, fakessh @ writes : hello bind network and duru

Re: problem validate key of isc dlv

convince admins to deploy DNSSec or drop those nameservers. Then it should work. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Error in bind manpage?

On 03/27/11 09:07, Mark Andrews wrote: Could you please send it to bind9-bugs. That way it will be tracked. Thanks for the pointer, did that. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users

Re: problem for validate the script dnssec to isc dlv

debuguers response and writing conseil for new areas zone) Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: problem for validate the script dnssec to isc dlv

On 03/27/11 20:45, fakessh @ wrote: That would be the key with id 47103 in your case. The one that has SEP flag, the one that only signs DNSKEY records and not others. Regards, Torinthiel http://www.mail-archive.com/bind-users@lists.isc.org/msg09107.html This is your word i reread

Re: Trouble loading a zone file after updating BIND

On 03/31/11 04:54, Mike Diggins wrote: The A records for the two nameservers exist in the sub.Domain.CA zone file. I can fix the error by adding the two nameserver A records to the Domain.CA zone file but I'm wondering why this is an error with 9.7, and not 9.2.1, and is this the correct way

Re: BIND 9 And Short Name resolution Problem

bind to either not use IPv6 or at least prefer IPv4. liste-on-v6 {none;} in named.conf does not help, and I'm not much surprised, as it's about listening and not querying. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users

Re: Zone File IP address/Hostname

zones is absolutely normal, and there are no reasons to require more than one IP address with that. Torinthiel root:/var/named# cat named.conf options { listen-on-v6 { none; }; listen-on { 192.168.5.5; }; directory /var/named; }; zone 0.0.127.in-addr.arpa { type

Re: Change Query Type on nslookup

for any of the tools. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS queries with 3 networks

The only way would be to create 3 different zone files, with those addresses, and 3 different views on this sever, each having a different zone file and configured for different networks I don't have bind ARM on-hand, but there was a section on views. Regards, Torinthiel

Re: A beginners question regarding a caching-only name server

. And if you want to limit who can use your server recursively, its better to use option {allow-recursion{ 192.168.239.0/24;};} Regards, Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: A beginners question regarding a caching-only name server

connectivity. Regards, Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS record delegation

and other records as well. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Migrate domains to different DNS servers

DNS. Possible problem: glue records. With internal NS and no access to registrar you have no way to update glue records, so domain will still be delegated to old servers. Regards, Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https

Re: the valid content of TXT RR

. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: AXFR/IN' denied

, at least nothing you've written says otherwise), but you don't have these in reverse zones. Torinthiel master 192.168.1.2 // // mydomain.com zone mydomain.com { type master; file domain.db; allow-transfer { 192.168.96.3; }; allow

Re: does authority named require the external name servers?

to submitted queries. So it will work correctly, although you won't be able to resolve anything from that box. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman

Re: does authority named require the external name servers?

On 05/02/11 14:20, Jeff Pang wrote: 2011/5/2 Jeff Pang jeffrp...@gmail.com: 2011/5/2 Torinthiel torinth...@data.pl: Authority named never sends queries on it's own, only responds to submitted queries. Doesn't it execute iterative query from the root server? For example, given

Re: DNSSEC submit of DLV vs DNSKEY records?

is now signed and if you can put DS in .com than putting it in DLV as well is overkill. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind

Re: Compromised BIND?

name only different folder, or as named .exe with space appended to base name. Looks great if you have hidded extensions, as it seems you have two files with name named. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users

Re: DNS is tainted

keys, or trying to debug some specific DNS problem. Answers go out and are returned, that's most of what's expected from DNS. Torinthiel 1) ns1.google.com is authoritative nameserver only, which shouldn't answer this query. 2) the TTL is decreased each time, if it's a real authority answer

Re: about AUTHORITY SECTION

, and the NS records are there just in case - to notify you that you got your answer from authorative ns and what other authorative ns'es are. Torinthiel signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman

Re: SPF implementation schedule.

is *mailserver's* side to query for said SPF records and act accordingly. And this does not belong to ISC, but to your mailserver's provider. Postfix can do this by external plugins, some others probably as well but I haven't tested it. Regards, Torinthiel On Mon, Jul 11, 2011 at 7:42 PM, Eivind Olsen eiv

Re: SPF implementation schedule.

deeper). Note, I've not tested it deeply, so it might be wrong. Regards, Torinthiel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org

Re: master slave different site different resolution

normal master-slave setup, which leads to zone maintenance problems. Regards, Torinthiel Date: Thu, 14 Jul 2011 17:42:56 +0800 Subject: Re: master slave different site different resolution From: short...@gmail.com To: d_gabri...@hotmail.it CC: bind-users@lists.isc.org 2011/7/14

Re: authoritative server is not caching?

cannot cache anser from itself. Cache is for answers a server has received from somewhere, while authoritative answers come directly from zone data. Torinthiel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

Re: rndc: 'addzone' failed: permission denied

'very liberal' mean a+rwX, or something else? Bind might be trying to write as a user you are not expecting. Regards, Torinthiel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list

Re: Max number of views and performance.

to me like a recipe for disaster. The time to run through all of the match-clients statements would probably be excessive, and the memory requirements would likely be huge. And one question remains: Why would anyone need such a setup. Torinthiel signature.asc Description: OpenPGP digital

Re: ZSK pre-publish

-signzone, or is it possible only with careful manual inclusion? Regards, Torinthiel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org

Re: Resign a zone

and upload it to bind, did you remember to change SOA and reload master? Regards, Torinthiel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https