Re: Does anyone remember ...
Red Cricket writes: > Does anyone remember a project involving DNS at UCS where someone set up a > dns server(s) to do arithmetic? If so can you reply with a link or > something? > > Thanks I assume you mean Bert's Secure Reverse Polish DNS Calculator (BSRPDNSC) https://bert.secret-wg.org/Tools/index.html#Tool_3. It seems to be offline on the moment. jaap ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Monitor DNS queries toward Root severs
Daniel Dawalibi writes: > > Hello > > > > Is there any tool or configuration that allows us to monitor/graph the > number of outbound DNS queries toward the Root servers? http://dnstop.measurement-factory.com/ jaap ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dig md - Feature? Bug? What's going on?
Matthew Horsfall (alh) writes: Attempting to 'dig' for 'md' does something really weird. What am I missing? The dot. Use dig md. so dig doesn't take the md as the obsoleted RR type md for mail destination. There are more of those name clashes such as MX, CH etc. jaap ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dnssec validation issue
Eray Aslan writes: On Thu, Jun 18, 2015 at 07:26:28PM -0700, Carl Byington wrote: On Fri, 2015-06-19 at 11:10 +1000, Mark Andrews wrote: To use the keys in /etc/named.iscdlv.key set dnssec-validation auto; New centos rpms at http://www.five-ten-sg.com/mapper/bind with a default named.conf that should actually work. With the root zone and most TLDs signed, I do not think it makes sense to use DLV anymore. While a typical DNSSEC resolver configuration has DLV enabled, I personally make the effort to disable it. Furthermore, the whole dlv register is going to disappear in 2017 as announced at https://www.isc.org/blogs/dlv/. jaap ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: com.google how did they do that
Evan Hunt writes: On Thu, Apr 02, 2015 at 09:46:16PM -0500, Grant Taylor wrote: I think I saw a tweet with a figure around $185,000 US Dollars.I wonder if that is on the low side. I believe that's the fee to apply, per domain. Proof of ability to provision and run a registry business to ICANN specifications over the long term is sold separately. If people are interested, have a look at http://newgtlds.icann.org. jaap ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: AXFR root zone
I ask because I have indeed written a script which I will be running on the order of once per day, and which needs to be able to suck down a copy of the root zone. May I rely on this continuing to some of the root-servers allow an axfr, but you are probably better off looking at http://www.internic.net, especially http://www.internic.net/domain/. jaap ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Building a fresh named.root
You too are missing some A and records! Here is mine: Use bufsize=4096 or at least something around 700, else the answer doesn't fitand is truncated. jaap dig +bufsize=4096 . ns @198.41.0.4 ; DiG 9.8.4-P1 +bufsize=4096 . ns @198.41.0.4 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 33099 ;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 23 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 518400 IN NS d.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS m.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS a.root-servers.net. . 518400 IN NS f.root-servers.net. ;; ADDITIONAL SECTION: d.root-servers.net. 360 IN 2001:500:2d::d d.root-servers.net. 360 IN A 199.7.91.13 j.root-servers.net. 360 IN 2001:503:c27::2:30 j.root-servers.net. 360 IN A 192.58.128.30 h.root-servers.net. 360 IN 2001:500:1::803f:235 h.root-servers.net. 360 IN A 128.63.2.53 g.root-servers.net. 360 IN A 192.112.36.4 k.root-servers.net. 360 IN 2001:7fd::1 k.root-servers.net. 360 IN A 193.0.14.129 b.root-servers.net. 360 IN A 192.228.79.201 c.root-servers.net. 360 IN A 192.33.4.12 i.root-servers.net. 360 IN 2001:7fe::53 i.root-servers.net. 360 IN A 192.36.148.17 m.root-servers.net. 360 IN 2001:dc3::35 m.root-servers.net. 360 IN A 202.12.27.33 e.root-servers.net. 360 IN A 192.203.230.10 l.root-servers.net. 360 IN 2001:500:3::42 l.root-servers.net. 360 IN A 199.7.83.42 a.root-servers.net. 360 IN 2001:503:ba3e::2:30 a.root-servers.net. 360 IN A 198.41.0.4 f.root-servers.net. 360 IN 2001:500:2f::f f.root-servers.net. 360 IN A 192.5.5.241 ;; Query time: 19 msec ;; SERVER: 198.41.0.4#53(198.41.0.4) ;; WHEN: Thu Feb 14 16:24:06 2013 ;; MSG SIZE rcvd: 699 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bug in Bind 9.8 or am I doing something wrong?
Mark, you remark somewhere that: Additionally .local is reserved for mDNS .. Make me wonder who reserved .local and specifically earmaked it to be used for mDNS. Iana http://www.iana.org/domains/root/db/ doesn't seem to know about this. Can you give some references? jaap ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: caching of expired RRSIG's ?
I agree for the consequence of those cache misses. But doesnot that mean that RFC4035 needs amended to state : remove atomic entry if *all* its RRSIGs get invalid (because now it states : any = at least one) And it implicitly confirms that these statements in the RFC do apply to expired RRSIG's in the cache. You might want to address these questionsto dnsop/dnsex since this is more a queastion about the RFC then something bind specific. jaap ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dns-sec and Maintaining Human Sanity
That is, if one can get the latest version to compile under FreeBSD8.0. So far, the configure process is one dependency after another and I have yet to see it actually finish so that is shades of years gone by when installing software was an art on good days. Use the port, see /usr/ports/dns/openddnssec. jaap ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users