On 11/28/2011 4:33 PM, Bill Owens wrote:
>
> I think that if I had to use a Windows workstation my first installs
would be the ISC binary kit and wireshark, since AFAIK Windows doesn't
come with a packet capture program either. . .
>
There is one. I forget what it's called. I think it's in one
On 11/28/2011 1:03 PM, wbr...@e1b.org wrote:
> Todd wrote on 11/24/2011 11:29:14 AM:
>
>> I don't understand why Windows doesn't include dig by default, even
>> now. Free software hate?
>
> And grep and logrotate! At least the GnuWin32 project has a good version
> of grep.
>
I have a good v
> > > I don't understand why Windows doesn't include dig by default, even now.
> > > Free software hate?
> > And grep and logrotate! At least the GnuWin32 project has a good version
> > of grep.
> I think that if I had to use a Windows workstation my first installs would be
> the ISC binary
On Mon, Nov 28, 2011 at 01:03:15PM -0500, wbr...@e1b.org wrote:
> Todd wrote on 11/24/2011 11:29:14 AM:
>
> > I don't understand why Windows doesn't include dig by default, even
> > now. Free software hate?
>
> And grep and logrotate! At least the GnuWin32 project has a good version
> of grep
-bounces+jlightner=water@lists.isc.org] On Behalf Of
wbr...@e1b.org
Sent: Monday, November 28, 2011 1:03 PM
To: Todd Snyder
Cc: bind-users-bounces+wbrown=e1b@lists.isc.org; bind-users@lists.isc.org
Subject: RE: Bind 9.9.0b2 inline signing...
Todd wrote on 11/24/2011 11:29:14 AM:
> I do
Todd wrote on 11/24/2011 11:29:14 AM:
> I don't understand why Windows doesn't include dig by default, even
> now. Free software hate?
And grep and logrotate! At least the GnuWin32 project has a good version
of grep.
Confidentiality Notice:
This electronic message and any attachments may
On 11/24/2011 11:21 AM, Jan-Piet Mens wrote:
> Jeffry,
>
>> I have had a tendency to dig axfr from my Windows workstation
>
> +1 to you for using `dig' on Windows; most don't even know it exists
> and suffer the `nslookup' pain. ;-)
>
It comes with the Windows version of BIND9.
Danny
_
> I don't understand why Windows doesn't include dig by default, even now.
> Free software hate?
I wonder if it some kind of intellectual property issue. Microsoft has to be
able to sell Windows and therefore must consider any added costs related to
including a component that they do not own a
>
> > I have had a tendency to dig axfr from my Windows workstation
>
> +1 to you for using `dig' on Windows; most don't even know it exists
> and suffer the `nslookup' pain. ;-)
>
First thing I do on a new windows box is download the BIND package and throw
dig on the box ... well, right after
Chris Thompson wrote:
>
> If we are trying to turn Tony's ad hoc command into something publishable,
See the loadzone, axfrzone, and cleanzone functions in
http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/conf/bind/bin/nsdiff
Writing code to process arbitrary zones is a rather different job from a
q
Jeffry,
> I have had a tendency to dig axfr from my Windows workstation
+1 to you for using `dig' on Windows; most don't even know it exists
and suffer the `nslookup' pain. ;-)
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-us
> dig axfr dotat.at | grep -v RRSIG. Tony.
> dig axfr dotat.at | grep -v RRSIG | grep -v TYPE65534 | grep -v DNSKEY | grep
> -v NSEC3PARAM. JP.
> dig axfr zone | awk '$4 !~ "^NSEC$|^NSEC3$|^RRSIG$" {print}'. Shumon.
Thank you, gentlemen. These are very helpful. As we are primarily Windows
users,
On Nov 24 2011, Shumon Huque wrote:
On Thu, Nov 24, 2011 at 02:29:05PM +0100, Jan-Piet Mens wrote:
On Thu Nov 24 2011 at 13:52:32 CET, Tony Finch wrote:
> I use `dig axfr dotat.at | grep -v RRSIG`
... | grep -v TYPE65534 | grep -v DNSKEY | grep -v NSEC3PARAM
hoping, of course, that n
On Thu, Nov 24, 2011 at 02:29:05PM +0100, Jan-Piet Mens wrote:
> On Thu Nov 24 2011 at 13:52:32 CET, Tony Finch wrote:
>
> > I use `dig axfr dotat.at | grep -v RRSIG`
>
> ... | grep -v TYPE65534 | grep -v DNSKEY | grep -v NSEC3PARAM
>
> hoping, of course, that no owner name is called 'RR
Jan-Piet Mens wrote:
> On Thu Nov 24 2011 at 13:52:32 CET, Tony Finch wrote:
>
> > I use `dig axfr dotat.at | grep -v RRSIG`
>
> ... | grep -v TYPE65534 | grep -v DNSKEY | grep -v NSEC3PARAM
I think it is more useful to see those records than to spend effort
stripping them out.
> hoping,
On Thu Nov 24 2011 at 13:52:32 CET, Tony Finch wrote:
> I use `dig axfr dotat.at | grep -v RRSIG`
... | grep -v TYPE65534 | grep -v DNSKEY | grep -v NSEC3PARAM
hoping, of course, that no owner name is called 'RRSIG' et. al. ;-)
-JP
__
Spain, Dr. Jeffry A. wrote:
>
> From time to time I want to review the current state of the zone files.
> I have been accustomed with v9.8 to taking a copy of a signed zone file
> and stripping out the DNSSEC-related records in a text editor for easy
> review.
I use `dig axfr dotat.at | grep -v R
> Now, you can *also* turn on DDNS and use nsupdate on an inline-signing
> zone... but, if you're going to be using DDNS anyway, then I'm unclear what
> operational need is being served by separating the data. With or without
> inline-singing, your master file will be overwritten, and you'll h
On Wed Nov 23 2011 at 20:21:00 CET, Evan Hunt wrote:
> Correct, but... let me start by explaining the situation in releases prior
> to 9.9, without the inline-signing feature.
And would you now kindly do all of us and all future readers a favor and
copy/paste that text *verbatim* into the ARM? Th
> Evan: I'd like to ask for clarification. My understanding is that
> "inline-signing yes:" is necessary to cause bind to keep separate signed
> and unsigned zone files, and that the source of the unsigned zone file
> can be a disk file in the case of a master, or a zone transfer in the
> case of
Message-
From: bind-users-bounces+spainj=countryday@lists.isc.org
[mailto:bind-users-bounces+spainj=countryday@lists.isc.org] On Behalf Of
Evan Hunt
Sent: Wednesday, November 23, 2011 12:01 PM
To: Jan-Piet Mens
Cc: bind-users@lists.isc.org
Subject: Re: Bind 9.9.0b2 inline signing...
> > I did something similar, using nsupdate to modify the unsigned zone
> > instead of a manual edit. [...] "rndc reload" is not necessary.
>
> `rndc reload' never is necessary if you use DDNS to update master zones.
True, but in that situation 'inline-signing' isn't necessary either.
--
Eva
On Tue Nov 22 2011 at 20:34:46 CET, Spain, Dr. Jeffry A. wrote:
> I did something similar, using nsupdate to modify the unsigned zone
> instead of a manual edit. [...] "rndc reload" is not necessary.
`rndc reload' never is necessary if you use DDNS to update master zones.
-JP
_
Kevin: I did something similar, using nsupdate to modify the unsigned zone
instead of a manual edit. The myzone.db, myzone.db.jnl, myzone.db.signed, and
myzone.db.signed.jnl files all get updated appropriately. "rndc reload" is not
necessary. It is interesting to note that the serial number in t
the zone going to be the new normal?
Thanks,
-Kevin
Kevin McConville
University at Albany
-Original Message-
From: Jan-Piet Mens [mailto:jpm...@gmail.com] On Behalf Of Jan-Piet Mens
Sent: Tuesday, November 22, 2011 1:02 PM
To: McConville, Kevin
Cc: bind-users@lists.isc.org
Subject: Re: Bin
> 22-Nov-2011 11:25:28.320 general: notice: all zones loaded
> 22-Nov-2011 11:25:28.320 general: notice: running
This looks to me as though you've cycled the server, which isn't
currently allowed. Evan pointed out recently here that it can actually
corrupt the zone...
My experience is that, after
26 matches
Mail list logo