[SPAM] named lacking /dev/random or or equivalent on aix5.3
HI ALL, My AIX5.3 systerm does have /dev/random and /dev/urandom: dns8:/#cd /dev dns8:/dev#ls -l *rand* crw-r--r--1 root system 39, 0 Dec 16 13:42 random crw-r--r--1 root system 39, 1 Dec 16 13:42 urandom and dns8:/#odmget CuDvDr | grep -p random CuDvDr: resource = ddins value1 = random value2 = 39 value3 = the error messages still came out as follows: dns8:#./named -g -d 99 09-Jan-2009 11:41:46.954 set maximum stack size to 2147483646: You must use the keyboard to create entropy, since your system is lacking /dev/random (or equivalent) 09-Jan-2009 11:41:46.954 set maximum data size to 2147483647: You must use the keyboard to create entropy, since your system is lacking /dev/random (or equivalent) 09-Jan-2009 11:41:46.954 set maximum core size to 2147483647: You must use the keyboard to create entropy, since your system is lacking /dev/random (or equivalent) 09-Jan-2009 11:41:46.954 set maximum open files to -1: You must use the keyboard to create entropy, since your system is lacking /dev/random (or equivalent) 09-Jan-2009 11:41:47.133 load_configuration: You must use the keyboard to create entropy, since your system is lacking /dev/random (or equivalent) and I test many bind versions including 9.2.9,9.4.2-p2,9.4.3,9.5.0-p2 and 9.6.0,all the versions came out the same errors as above. When named is running,it often hangs.All the requests were dropped.It is a issue in dnssec feature.When I disabled dnssec feature,the named runns well. How to solve the problem? thanks. harry ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: named lacking /dev/random or or equivalent on aix5.3
harry Chuang wrote: HI ALL, My AIX5.3 systerm does have /dev/random and /dev/urandom: Are you chroot'ing your named process, and if so, is there a /dev/random in the chroot file structure? hope this helps, Doug ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
[openSuSE 11.1] the working directory is not writable
Hi, I have read some postings here in the group that states to set the group writability for the named directory. But it still keeps logging the error message from the topic. Log: Jan 9 11:55:53 vmhost named[11970]: starting BIND 9.5.0-P2 -t /var/ lib/named -u named Jan 9 11:55:53 vmhost named[11970]: found 1 CPU, using 1 worker thread Jan 9 11:55:53 vmhost named[11970]: loading configuration from '/etc/ named.conf' Jan 9 11:55:53 vmhost named[11970]: the working directory is not writable My working directory is /var/lib/named and the permissions ara as follows: vmhost:/var/lib # ls -l named total 52 -rw-r--r-- 1 named named 192 Jul 4 2001 127.0.0.zone -rw-rw-r-- 1 named named 260 Jan 7 13:01 192.168.100.zone -rw-rw-r-- 1 named named 230 Jan 6 22:35 192.168.150.zone -rw-rw-r-- 1 named named 217 Jan 6 22:35 192.168.178.zone -rw-rw-r-- 1 named named 467 Jan 9 11:30 behrens.de drwxr-xr-x 2 named named 4096 Jan 6 20:51 dev drwxr-xr-x 2 named named 4096 Dec 9 20:40 dyn drwxr-xr-x 3 named named 4096 Jan 9 11:55 etc -rw-r--r-- 1 named named 158 Jul 4 2001 localhost.zone drwxr-xr-x 2 named named 4096 Jan 9 11:32 log -rw-r--r-- 1 named named 2878 Dec 9 20:40 root.hint drwxr-xr-x 2 named named 4096 Dec 9 20:40 slave drwxr-xr-x 4 named named 4096 Jan 6 18:21 var vmhost:/var/lib # ls -l drwxrwxr-x 8 named named 4096 Jan 9 11:30 named I have added g+w permissions to the zone files and behrens.de, but this also doesn't help. My named.conf looks like this: options { # The directory statement defines the name server's working directory directory /var/lib/named; # Write dump and statistics file to the log subdirectory. The # pathenames are relative to the chroot jail. dump-file /var/log/named_dump.db; statistics-file /var/log/named.stats; ... What am I doing wrong ? Are the dump-file and statistics-file entries the reason ? Thanks Lothar ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Unable to get authenticated negative responses from BIND 9.6.0 w/ NSEC3?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I realise this just has to be a user error, but sofar I've been completely unsuccessful in getting an authenticated response from a 9.6.0 recursive server with trusted keys correctly configured. I've done this: * Signed the zones: parent is signed with NSEC semantics, key algorithm is RSASHA1 child1.parent is signed with NSEC, key algorithm is RSASHA1 child2.parent is signed with NSEC3, key algorithm is NSEC3RSASHA1 * Created the secure delegations: the DS records for child1.parent and child2.parent both use the correct algorithm numbers (5 and 7 respectively) * Configured a trusted key for parent in a recursive server: The trusted key is correctly configured, because I'm able to validate positive responses from all three zones (which also proves that the delegations are correctly secured via the DS records). I'm also able to validate negative responses from parent and child1.parent. And, yes, I have dnssec-enable yes; dnssec-validation yes; in relevant places. But I fail to validate the interesting case, i.e. a negative response from child2.parent containing NSEC3 records as the proof. I get the response, with all the NSEC3s and their RRSIGs. But no AD bit. Anyone done this recently who can give me a suggestion to where I may go wrong? Johan -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFJZy3KKJmr+nqSTbYRAgR9AKCioFf7n+IZmKfH0qenvlZnnh6FpQCeLl0e w3pw5x1lyPwkJnM3iRGjiP4= =tnBX -END PGP SIGNATURE- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind 9.6.0p1- Windows - The service did not respond to the start or control request in a timely fashion.
Hi all. Maybe it's not a new issue, but... I have a Windows 2003 SP2 with a 9.4.2 release that worked fine for years. Today I wanted to upgrade my release to 9.6. I installed it but when I try to start the service the system says: Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 1/8/2009 Time: 1:45:55 PM User: N/A Computer: S-MI-DNS Description: The ISC BIND service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. No other messages in Event Viewer. I reinstalled the 9.4.2 version and everything returned to work... Does someone know why (and the solution)? Thanks in advance. Stefano Chiesa ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Zone transfer updates
fuker _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ *** Barnsley MBC Disclaimer: This e-mail and any files attached are confidential for the use of the intended recipient. If you have received this e-mail in error please notify the sender as soon as possible and delete the communication from your system without copying, disseminating or distributing the same in any way by any means. Any views or opinions expressed belong solely to the author and do not necessarily represent those of the Council or any of its educational establishments. In particular, the Council or education establishments will not accept liability for any defamatory statements made by email communications. Recipients are responsible for ensuring that all e-mails and files sent are checked for viruses. The Council or educational establishments will not accept liability for damage caused by any virus transmitted by this e-mail. No guarantees are offered on the security, content and accuracy of any e-mails and files received. Be aware that this e-mail communication may be intercepted for regulatory, quality control, or crime detection purposes unless otherwise prohibited. The content of this email and any attachment may be stored for future Reference. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Zone transfer updates
spam _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ *** Barnsley MBC Disclaimer: This e-mail and any files attached are confidential for the use of the intended recipient. If you have received this e-mail in error please notify the sender as soon as possible and delete the communication from your system without copying, disseminating or distributing the same in any way by any means. Any views or opinions expressed belong solely to the author and do not necessarily represent those of the Council or any of its educational establishments. In particular, the Council or education establishments will not accept liability for any defamatory statements made by email communications. Recipients are responsible for ensuring that all e-mails and files sent are checked for viruses. The Council or educational establishments will not accept liability for damage caused by any virus transmitted by this e-mail. No guarantees are offered on the security, content and accuracy of any e-mails and files received. Be aware that this e-mail communication may be intercepted for regulatory, quality control, or crime detection purposes unless otherwise prohibited. The content of this email and any attachment may be stored for future Reference. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users