Re: rndc zonestatus meaning
In message 102153bef555e7489ca5d54165c431a301301...@exchbsi02.ttt.co.th, Jittinan S uwanruengsri writes: Hi, 1. #rncd zonestatus example.com name: example.com type: master files: /usr/local/named/zone/example.com.zone serial: 2013122402 signed serial: 2013122405 nodes: 5 last loaded: Fri, 29 Aug 2014 08:00:15 GMT secure: yes inline signing: yes key maintenance: automatic next key event: Mon, 01 Sep 2014 04:56:09 GMT next resign node: ns.example.com/NSEC next resign time: Sat, 20 Sep 2014 19:55:13 GMT dynamic: yes frozen: no 2. example.com.zone $ORIGIN . $TTL 86400 ; 1 day example.com IN SOA ns.example.com. hostmaster.example.com. ( 2013122402 ; serial 86400 ; refresh (1 day) 7200 ; retry (2 hours) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS ns.example.com. $ORIGIN example.com. ns A 10.10.10.203 sub NS ns.sub DS 19264 8 1 ( EA38AD65596500B2D6A4BC04478FFD5C13FF7600 ) DS 19264 8 2 ( A68BF3856CA9AF1A669EA10DEC8BA72E174108EEB5AA D1CF5A3C919E5AB9B60B ) DS 36579 7 1 ( 83F190FDEBF79DFEC93571D2C06240834C059414 ) DS 36579 7 2 ( EAFB90C1EB610CF566EC677A381D5F9DCAFB8B0E2B6D $ORIGIN sub.example.com. ns A 10.10.10.204 $ORIGIN example.com. www A 2.2.2.2 3. how does bind count number of nodes in zonestatus ?(Mine is 5) They are counted by the database implementation. example.com, ns.example.com, sub.example.com. ns.sub.example.com and www.example.com would be the 5 nodes in this zone. 4. What is nex key event? This is the next time something needs to be done with respect to the keys for this zone based on the times stored in the .private files. Named will re-read the keys and workout what to do at this time. 5. What is next resign node? Next re-sign rrset would be a better description. It is the next RRset that is due to be re-signed based on sig-validity-interval and the timestamps in the RRSIGs. In the example above the NSEC record for ns.example.com is the next RRset that needs to be re-signed. 6. Where can I get more information about DNSSec of Bind 9.10-P2 beside BIND 9 Administrator Reference Manual because personally, I think it does not has detials enough? Thank You Jittinan -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc zonestatus meaning
3. how does bind count number of nodes in zonestatus ?(Mine is 5) The number of nodes in the zone database that have data (not counting NSEC3 nodes). In your case: example.com, ns.example.com, sub.example.com, ns.sub.example.com, and www.example.com makes five. 4. What is nex key event? The next time the zone keys are scheduled to be refreshed. At that time, named will perform the equivalent of rndc loadkeys on itself to see whether it needs to make any changes to the DNSKEY rrset. 5. What is next resign node? The next RRSIG that's scheduled to be refreshed. 6. Where can I get more information about DNSSec of Bind 9.10-P2 beside BIND 9 Administrator Reference Manual because personally, I think it does not has detials enough? I don't know of any detailed guides I can point you to at this time. However, ISC provides a thorough training course on the subject; see http://www.dns-co.com/services/training. http://tools.ietf.org/html/draft-ietf-dnsop-dnssec-key-timing-04 has guidance about scheduling key rollovers that you may find useful. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Logs problem with Bind 9.9.4
bugger off with your dictatorship do not bring it here like you take it every list you go to, well, those that you have not been kicked off of that is On 8/2/14, Reindl Harald h.rei...@thelounge.net wrote: why do you reply off-list, in HTML and top-posting? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Logs problem with Bind 9.9.4
maybe he will, when you learn to stop being so offensive and abusive on every list you decide to join, and to tink a cvertain blacklsit operator on this list a few days ago said you were well behaved, hrmmm are you paying him you off so he wont list you again in his rbl On 8/3/14, Reindl Harald h.rei...@thelounge.net wrote: jesus christ learn to use mailing-lists, stop to reply in private and strip your qutes Am 02.08.2014 um 10:29 schrieb ahmed salim: On Sat, Aug 2, 2014 at 10:24 AM, Reindl Harald h.rei...@thelounge.net mailto:h.rei...@thelounge.net wrote: why do you reply off-list, in HTML and top-posting? Am 02.08.2014 um 08:09 schrieb ahmed salim: the logging is (syslog) so you can filter in rsyslog.conf https://www.google.at/search?q=rsyslog+filter+messages now your configuration block is working fine I'm just wondering how to disable IPv6 logs??? what about show us what you are talking about? nobody but you knows what you see on your screen http://www.catb.org/esr/faqs/smart-questions.html#beprecise I tried is to disable it by editing /etc/sysconfig/named and make (OPTIONS=-4) but I still getting them in my logs thank you for your help stripped full quote OK, sorry for not being precise the IPv6 logs is some thing like this: error (network unreachable) resolving 'videolan.org/DS/IN http://videolan.org/DS/IN': 2001:500:b::1#53 error (network unreachable) resolving 'px.owneriq.net/A/IN http://px.owneriq.net/A/IN': 2600:1401:2::1#53 is there any solution to stop these logs ??? if you don't have working ipv6 just disable the stack /etc/sysctl.conf: net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1 after reboot you should no longer have ipv6 link local addresses and so BIND realizes at startup that ipv6 is not supported ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Logs problem with Bind 9.9.4
who do you think you are that you believe you have to decide which sort of private mails i accept in case someone asks for help on a public list? it's not dictatorship to not like private respones excluding the list and refer to basic guidlines for using a mailing list the only offensive and abusive thing is after the first answer continue to respond in private - if you would open your eyes you would see technical answers below what you dediced to quote a cvertain blacklsit operator on this list a few days ago said you were well behaved - no *yesterday* 2014-08-07 and look how old the mails you respond today are you are bored and dig around in old mails which are not your business and *that* is *really abusive* - if you think that sort of dig around in messages from someone you don't like and quote him selective days later leads to let you look smarter you are wrong so if you have nothing to say go back from where you came Am 08.08.2014 um 12:11 schrieb Nick Edwards: bugger off with your dictatorship do not bring it here like you take it every list you go to, well, those that you have not been kicked off of that is On 8/2/14, Reindl Harald wrote: why do you reply off-list, in HTML and top-posting? Am 08.08.2014 um 12:14 schrieb Nick Edwards: maybe he will, when you learn to stop being so offensive and abusive on every list you decide to join, and to tink a cvertain blacklsit operator on this list a few days ago said you were well behaved, hrmmm are you paying him you off so he wont list you again in his rbl On 8/3/14, Reindl Harald wrote: jesus christ learn to use mailing-lists, stop to reply in private and strip your qutes On Sat, Aug 2, 2014 at 10:24 AM, Reindl Harald wrote: why do you reply off-list, in HTML and top-posting? signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Logs problem with Bind 9.9.4
[Intentional top post] Moderator to the white courtesy phone please... Folk come to this list for discussions and advice on using BIND, not for A: discussions of mailing list etiquette or B: pissing matches. W On Fri, Aug 8, 2014 at 6:33 AM, Reindl Harald h.rei...@thelounge.net wrote: who do you think you are that you believe you have to decide which sort of private mails i accept in case someone asks for help on a public list? it's not dictatorship to not like private respones excluding the list and refer to basic guidlines for using a mailing list the only offensive and abusive thing is after the first answer continue to respond in private - if you would open your eyes you would see technical answers below what you dediced to quote a cvertain blacklsit operator on this list a few days ago said you were well behaved - no *yesterday* 2014-08-07 and look how old the mails you respond today are you are bored and dig around in old mails which are not your business and *that* is *really abusive* - if you think that sort of dig around in messages from someone you don't like and quote him selective days later leads to let you look smarter you are wrong so if you have nothing to say go back from where you came Am 08.08.2014 um 12:11 schrieb Nick Edwards: bugger off with your dictatorship do not bring it here like you take it every list you go to, well, those that you have not been kicked off of that is On 8/2/14, Reindl Harald wrote: why do you reply off-list, in HTML and top-posting? Am 08.08.2014 um 12:14 schrieb Nick Edwards: maybe he will, when you learn to stop being so offensive and abusive on every list you decide to join, and to tink a cvertain blacklsit operator on this list a few days ago said you were well behaved, hrmmm are you paying him you off so he wont list you again in his rbl On 8/3/14, Reindl Harald wrote: jesus christ learn to use mailing-lists, stop to reply in private and strip your qutes On Sat, Aug 2, 2014 at 10:24 AM, Reindl Harald wrote: why do you reply off-list, in HTML and top-posting? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Logs problem with Bind 9.9.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 8/2/14 9:55 AM, Reindl Harald wrote: jesus christ learn to use mailing-lists, stop to reply in private and strip your qutes Constructive comments are welcome on bind-users. Criticism that does not further the discussion does not belong on the lists and doesn't help anybody. Please try to be positive, community-minded, and aware of the fact that not everybody has the same experience or habits when communicating via public mailing lists. Please back off, take a deep breath, and remember that we are here to discuss BIND. Michael McNally ISC Support List Moderator -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJT5RQGAAoJEDsbHdIEoEIyw/EIAKEGMka3cqVJjHFsA1ZqBqas lYf00xgkbNof6vtuHK/PONb5vAIYHrbJLO9vZQ3ziVT4hLGkKjbrKYxsVOsrQMQD u0oapajME6Khn7AlPdn4+PT+bcXz714URo7TgNzPrkddDbt4Z/UhaSBhO4C9GPw0 9roVXMhApoW7cGmKMCthT5ciMyDUuBw7zjI7cA3U5B+i0n1Wfb3hWoWlWHKYvSqM Sou8qgLUMfgFDdjnenRQBMllvBE3fQkRU4mnnJaXfHyI7tWovv1x9pGGFPCc0WGY UYGOUHtZl6evwKciJMSz1TaWJiktPBWP2+LD8fppS5G7ALRJ5pgZ/2up/0WZP08= =IruA -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users