[SPAM] named lacking /dev/random or or equivalent on aix5.3

[harry Chuang]

HI ALL,

My AIX5.3 systerm does have /dev/random and /dev/urandom：

dns8:/#cd /dev
dns8:/dev#ls -l *rand*
crw-r--r--1 root system   39,  0 Dec 16 13:42 random
crw-r--r--1 root system   39,  1 Dec 16 13:42 urandom

and

dns8:/#odmget CuDvDr | grep -p random
CuDvDr:
resource = ddins
value1 = random
value2 = 39
value3 = 

the error messages still came out as follows:

dns8:#./named -g -d 99

09-Jan-2009 11:41:46.954 set maximum stack size to 2147483646: You must use the 
keyboard to create entropy, since your system is lacking
 /dev/random (or equivalent)


09-Jan-2009 11:41:46.954 set maximum data size to 2147483647: You must use the 
keyboard to create entropy, since your system is lacking
 /dev/random (or equivalent)


09-Jan-2009 11:41:46.954 set maximum core size to 2147483647: You must use the 
keyboard to create entropy, since your system is lacking
 /dev/random (or equivalent)


09-Jan-2009 11:41:46.954 set maximum open files to -1: You must use the 
keyboard to create entropy, since your system is lacking
 /dev/random (or equivalent)



09-Jan-2009 11:41:47.133 load_configuration: You must use the keyboard to 
create entropy, since your system is lacking
 /dev/random (or equivalent)


and I test many bind versions including 9.2.9,9.4.2-p2,9.4.3,9.5.0-p2 and 
9.6.0,all the versions came out the same errors as above.

When named is running,it often hangs.All the requests were dropped.It is a 
issue in dnssec feature.When I disabled dnssec feature,the named runns well.

How to solve the problem?

thanks.
harry
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: named lacking /dev/random or or equivalent on aix5.3

[Doug Barton]

harry Chuang wrote:
 HI ALL,
 
 My AIX5.3 systerm does have /dev/random and /dev/urandom：

Are you chroot'ing your named process, and if so, is there a
/dev/random in the chroot file structure?


hope this helps,

Doug
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

[openSuSE 11.1] the working directory is not writable

[Lothar Behrens]

Hi,

I have read some postings here in the group that states to set the
group writability for the named directory.
But it still keeps logging the error message from the topic.

Log:

Jan  9 11:55:53 vmhost named[11970]: starting BIND 9.5.0-P2 -t /var/
lib/named -u named
Jan  9 11:55:53 vmhost named[11970]: found 1 CPU, using 1 worker
thread
Jan  9 11:55:53 vmhost named[11970]: loading configuration from '/etc/
named.conf'
Jan  9 11:55:53 vmhost named[11970]: the working directory is not
writable

My working directory is /var/lib/named and the permissions ara as
follows:

vmhost:/var/lib # ls -l named
total 52
-rw-r--r-- 1 named named  192 Jul  4  2001 127.0.0.zone
-rw-rw-r-- 1 named named  260 Jan  7 13:01 192.168.100.zone
-rw-rw-r-- 1 named named  230 Jan  6 22:35 192.168.150.zone
-rw-rw-r-- 1 named named  217 Jan  6 22:35 192.168.178.zone
-rw-rw-r-- 1 named named  467 Jan  9 11:30 behrens.de
drwxr-xr-x 2 named named 4096 Jan  6 20:51 dev
drwxr-xr-x 2 named named 4096 Dec  9 20:40 dyn
drwxr-xr-x 3 named named 4096 Jan  9 11:55 etc
-rw-r--r-- 1 named named  158 Jul  4  2001 localhost.zone
drwxr-xr-x 2 named named 4096 Jan  9 11:32 log
-rw-r--r-- 1 named named 2878 Dec  9 20:40 root.hint
drwxr-xr-x 2 named named 4096 Dec  9 20:40 slave
drwxr-xr-x 4 named named 4096 Jan  6 18:21 var

vmhost:/var/lib # ls -l

drwxrwxr-x 8 named  named  4096 Jan  9 11:30 named

I have added g+w permissions to the zone files and behrens.de, but
this also doesn't help.

My named.conf looks like this:

options {

# The directory statement defines the name server's working
directory

directory /var/lib/named;

# Write dump and statistics file to the log subdirectory.  The
# pathenames are relative to the chroot jail.

dump-file /var/log/named_dump.db;
statistics-file /var/log/named.stats;

...

What am I doing wrong ?

Are the dump-file and statistics-file entries the reason ?

Thanks

Lothar
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Unable to get authenticated negative responses from BIND 9.6.0 w/ NSEC3?

[Johan Ihren]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I realise this just has to be a user error, but sofar I've been  
completely unsuccessful in getting an authenticated response from a  
9.6.0 recursive server with trusted keys correctly configured.


I've done this:

* Signed the zones:

parent is signed with NSEC semantics, key algorithm is RSASHA1
child1.parent is signed with NSEC, key algorithm is RSASHA1
child2.parent is signed with NSEC3, key algorithm is NSEC3RSASHA1

* Created the secure delegations:

the DS records for child1.parent and child2.parent both use the  
correct algorithm numbers (5 and 7 respectively)


* Configured a trusted key for parent in a recursive server:

The trusted key is correctly configured, because I'm able to validate  
positive responses from all three zones (which also proves that the  
delegations are correctly secured via the DS records). I'm also able  
to validate negative responses from parent and child1.parent.


And, yes, I have dnssec-enable yes; dnssec-validation yes; in  
relevant places.


But I fail to validate the interesting case, i.e. a negative response  
from child2.parent containing NSEC3 records as the proof. I get the  
response, with all the NSEC3s and their RRSIGs. But no AD bit.


Anyone done this recently who can give me a suggestion to where I may  
go wrong?


Johan

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFJZy3KKJmr+nqSTbYRAgR9AKCioFf7n+IZmKfH0qenvlZnnh6FpQCeLl0e
w3pw5x1lyPwkJnM3iRGjiP4=
=tnBX
-END PGP SIGNATURE-
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Bind 9.6.0p1- Windows - The service did not respond to the start or control request in a timely fashion.

[Chiesa Stefano]

Hi all.
Maybe it's not a new issue, but...

I have a Windows 2003 SP2 with a 9.4.2 release that worked fine for
years.
Today I wanted to upgrade my release to 9.6.
I installed it but when I try to start the service the system says:

Event Type: Error
Event Source:   Service Control Manager
Event Category: None
Event ID:   7000
Date:   1/8/2009
Time:   1:45:55 PM
User:   N/A
Computer:   S-MI-DNS
Description:
The ISC BIND service failed to start due to the following error: 
The service did not respond to the start or control request in a timely
fashion. 

No other messages in Event Viewer. I reinstalled the 9.4.2 version and
everything returned to work...
Does someone know why (and the solution)?

Thanks in advance.


Stefano Chiesa
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Zone transfer updates

[Matthew Holdsworth (1)]

fuker
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

*** Barnsley MBC Disclaimer:
This e-mail and any files attached are confidential for the use of the intended 
recipient.  If you have received this e-mail in error please notify the sender 
as soon as possible and delete the communication from your system without 
copying, disseminating or distributing the same in any way by any means.

Any views or opinions expressed belong solely to the author and do not 
necessarily represent those of the Council or any of its educational 
establishments.  In particular, the Council or education establishments will 
not accept liability for any defamatory statements made by email communications.

Recipients are responsible for ensuring that all e-mails and files sent are 
checked for viruses.  The Council or educational establishments will not accept 
liability for damage caused by any virus transmitted by this e-mail.  No 
guarantees are offered on the security, content and accuracy of any e-mails and 
files received.  Be aware that this e-mail communication may be intercepted for 
regulatory, quality control, or crime detection purposes unless otherwise 
prohibited.

The content of this email and any attachment may be stored for future Reference.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Zone transfer updates

[Matthew Holdsworth (1)]

spam
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

*** Barnsley MBC Disclaimer:
This e-mail and any files attached are confidential for the use of the intended 
recipient.  If you have received this e-mail in error please notify the sender 
as soon as possible and delete the communication from your system without 
copying, disseminating or distributing the same in any way by any means.

Any views or opinions expressed belong solely to the author and do not 
necessarily represent those of the Council or any of its educational 
establishments.  In particular, the Council or education establishments will 
not accept liability for any defamatory statements made by email communications.

Recipients are responsible for ensuring that all e-mails and files sent are 
checked for viruses.  The Council or educational establishments will not accept 
liability for damage caused by any virus transmitted by this e-mail.  No 
guarantees are offered on the security, content and accuracy of any e-mails and 
files received.  Be aware that this e-mail communication may be intercepted for 
regulatory, quality control, or crime detection purposes unless otherwise 
prohibited.

The content of this email and any attachment may be stored for future Reference.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users