Re: Configuring CNAME for nosslsearch.google.com
Hi together, thanks for these many hints. Wow! So many mistakes in a few lines. Here ist now my config file: -%- @ IN SOA localhost. root.localhost. ( 2012050900 7200 1800 1209600 300 ) 1800IN NS localhost. 1800IN A 216.239.32.20 ;nosslsearch.google.com. -%- And here my dig answer: -%- root@tobias-xps:/home/tobias# dig @localhost www.google.com ; DiG 9.8.1-P1 @localhost www.google.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 51300 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.google.com.IN A ;; ANSWER SECTION: www.google.com. 1800IN A 216.239.32.20 ... -%- That looks good. Are there any more mistakes or hints not mentioned yet? Greetings, Tobias ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
DNSSEC
Hi, I have a some queries regarding dnssec.Kindly clear me out it. 1) DNSSEC is required for authoritative dns or is it for caching dns or for both? 2) If we enable DNSSEC , do we face any performance problem while concerning with throughput? 3) What is actual flow of dnssec? Regards, Ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: DNSSEC
DNSSEC is done on Authoritative side. Caching DNS only check whether that particular domain is signed or not, only if that caching DNS is designed to do so. As we don't signed our records on fly in DNSSEC, so DNSSEC doesn't increase the load but ya it increases the size of the response of the query. By Flow what do you mean to say? -Original Message- From: bind-users-bounces+gaurav.kansal=nic...@lists.isc.org [mailto:bind-users-bounces+gaurav.kansal=nic...@lists.isc.org] On Behalf Of Ben Sent: Wednesday, May 09, 2012 11:29 AM To: bind-users@lists.isc.org Subject: DNSSEC Hi, I have a some queries regarding dnssec.Kindly clear me out it. 1) DNSSEC is required for authoritative dns or is it for caching dns or for both? 2) If we enable DNSSEC , do we face any performance problem while concerning with throughput? 3) What is actual flow of dnssec? Regards, Ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind caching dns
Matthew Seaman wrote: Not to my knowledge. It should be possible to write an agentx plugin that translates from the XML data provided natively, but you'll have to write your own MIBs since the standard one from RFC1612 seems to have received little development since. Indeed RFC3197 (https://www.ietf.org/rfc/rfc3197.txt) tells a cautionary tale. I've been using a net-snmp subagent called B9Agent, with good success. It doesn't parse the XML statistics data but uses the statistics-file instead. For more details, see http://www.l3jane.net/wiki/factory%3Ab9agent_en Regards Eivind Olsen ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: DNSSEC
Gaurav Kansal gaurav.kan...@nic.in wrote: DNSSEC is done on Authoritative side. Signing is done on authority servers. It's straightforward with inline-signing mode, or if you maintain your zone with dynamic updates. Caching DNS only check whether that particular domain is signed or not, only if that caching DNS is designed to do so. Validation is done on caches. In my experience validation is a pretty untroublesome feature to enable, provided you aren't completely hammering your name servers. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ Hebrides: Northeasterly 4 or 5, increasing 5 to 7 except in northwest. Moderate. Showers. Good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNSSEC
In article mailman.736.1336590990.63724.bind-us...@lists.isc.org, Tony Finch d...@dotat.at wrote: Gaurav Kansal gaurav.kan...@nic.in wrote: DNSSEC is done on Authoritative side. Signing is done on authority servers. It's straightforward with inline-signing mode, or if you maintain your zone with dynamic updates. Caching DNS only check whether that particular domain is signed or not, only if that caching DNS is designed to do so. Validation is done on caches. In my experience validation is a pretty untroublesome feature to enable, provided you aren't completely hammering your name servers. It's only untroublesome until someone screws things up on their auth server. When one of your users can't access something.gov, they'll complain to YOU, even though it's mostly out of your hands. This is true for other problems on auth servers as well, of course. But DNSSEC is new enough that there tend to be more failures of this kind, even by organizations that until now have seemed to know what they're doing. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNSSEC
Hi, How's your experience with DNSSEC while using it with caching dns and authoritative dns ? If we are using DNSSEC enable with caching resolver, and remote domain is not DNSSEC enabled so in that case , do we face any problem, means any failure or something? Regards, Ben Gaurav Kansalgaurav.kan...@nic.in wrote: DNSSEC is done on Authoritative side. Signing is done on authority servers. It's straightforward with inline-signing mode, or if you maintain your zone with dynamic updates. Caching DNS only check whether that particular domain is signed or not, only if that caching DNS is designed to do so. Validation is done on caches. In my experience validation is a pretty untroublesome feature to enable, provided you aren't completely hammering your name servers. Tony. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNSSEC
In article mailman.738.1336594400.63724.bind-us...@lists.isc.org, Ben benjo11...@gmail.com wrote: If we are using DNSSEC enable with caching resolver, and remote domain is not DNSSEC enabled so in that case , do we face any problem, means any failure or something? No. If the domain doesn't have DNSSEC enabled, there's nothing for the resolver to check. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
measuring dns query
all, im looking for a way to measure dns queries and am looking for an opensource solution if possible. any suggestions? i want to measure the time it takes for 1DNS query in bind vs. dns Active-Directory integrated. thanks, B ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
