> On 01-Oct-2009, at 16:03, Scott Haneda wrote:
>> Is it also correct, I only need a NS glue record for the actual NS
>> itself. There does not need to be a glue record for very zone that I
>> am providing DNS for?
On 01.10.09 18:25, Matthew Pounsett wrote:
> The only case where glue *must* be
Yeah, I just ran a few queries and can't figure out what exactly it's
complaining about.
Matt
It's making a observation ("i" in a blue circle) that there were
not additional records for ns1.nacio.com being returned by
ns1.hostwizard.com presumable because ns1.hostwizard.com doesn't
serve the zo
You really want to work out what is being blocked, EDNS?, responses
bigger that 512 bytes? DNSSEC? fragmented responses? With a clean
path all of these should succeed but only the last one won't have
"tc" set. This does a plain DNS query, a EDNS query that limits
the response to 512 bytes, a DNS
On Fri, 2 Oct 2009, Mark Andrews wrote:
zone "ca." IN {
type stub;
masters { 192.228.22.190; 192.228.22.189; };
};
To make the test signed ca work you need to replace the NS RRet
with the names of the nameservers that serve the signed CA zone.
At the moment you end up with t
In message <73e2882f-00b3-41cb-b46d-351774486...@conundrum.com>, Matthew Pounse
tt writes:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> On 01-Oct-2009, at 19:03, Scott Haneda wrote:
>
> > So I see my NS is listed in the additional section. This to me
> > tells me there is in fact
Hello all,
For the last couple days I've been trying to figure out how to get
dnssec implemented within my environment. A simplified description of my
network is as follows: cloud -> Nokia IP330(Check Point) -> BigIP F5 ->
debian -> named.
My problem seems to be that when asking for dnssec-re
In message , Paul Wou
ters writes:
>
> Hi,
>
> I've been trying to configure bind to use a stub zone, for which I
> have keys configured. When I do this, I see a ServFail, with the
> logs pointing to:
>
> 01-Oct-2009 11:00:03.053 lame-servers: info: not insecure resolving 'xeleranc
> e.ca/DNSKE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01-Oct-2009, at 19:03, Scott Haneda wrote:
So I see my NS is listed in the additional section. This to me
tells me there is in fact glue, so I should consider the report at http://intodns.com/hostwizard.com
to be inaccurate?
Yeah, I just r
In message <200910011237.09...@zmi.at>, Michael Monnerie writes:
> On Donnerstag 01 Oktober 2009 Mark Andrews wrote:
> > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 Specifies which hosts are allowed to =
> get answers
> > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 from the cache. =A0If
> > allow-query-cache is n
On Oct 1, 2009, at 3:25 PM, Matthew Pounsett wrote:
On 01-Oct-2009, at 16:03, Scott Haneda wrote:
Is it also correct, I only need a NS glue record for the actual NS
itself. There does not need to be a glue record for very zone that
I am providing DNS for?
The only case where glue *must*
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01-Oct-2009, at 16:03, Scott Haneda wrote:
Is it also correct, I only need a NS glue record for the actual NS
itself. There does not need to be a glue record for very zone that
I am providing DNS for?
The only case where glue *must* be pre
On 01.10.09 19:10, Sven Eschenberg wrote:
> Funny enough, I did not have any allow-query at all, but adding
> allow-query {any;} did indeed change the behavior. But allow-query-cache
> obviously defaults to localhost, localnets and was triggering the
> behavior that confused me.
OK, again: d
Hello, I believe I understand what a glue record is, and why I would
need one. I would like some clarification if possible.
While I am not the hugest fan of the dns report services, this report
was brought to my attention:
http://www.intodns.com/hostwizard.com
It says I am missing glue for
Funny enough, I did not have any allow-query at all, but adding
allow-query {any;} did indeed change the behavior. But allow-query-cache
obviously defaults to localhost, localnets and was triggering the
behavior that confused me.
Inbetween I overhauled the config, setting all the options expli
On 30.09.09 14:59, Louis Luciano (qipman) wrote:
> Does anyone know what might be causing these messages?
>
> 30-Sep-2009 08:20:56.071 client 10.10.10.10#44554: transfer of
> 'domain.com/IN': send: socket is not connected
apparently a client that requested transfer but closed connection.
Do you h
On 30.09.09 15:59, Sven Eschenberg wrote:
> When I had no allow-query statement at all in my config, everything
> worked find (includign recursion) for all clients, that were in subnets
> directly attached to the server. The external view (authoriative, non
> recursive) did work for every cli
Hi,
I've been trying to configure bind to use a stub zone, for which I
have keys configured. When I do this, I see a ServFail, with the
logs pointing to:
01-Oct-2009 11:00:03.053 lame-servers: info: not insecure resolving
'xelerance.ca/DNSKEY/IN': 193.110.157.135#53
When I disable the truste
On Donnerstag 01 Oktober 2009 Mark Andrews wrote:
> Specifies which hosts are allowed to get answers
> from the cache. If
> allow-query-cache is not set then
> allow-recursion is used if set, otherwise
> allow-query is used if set unless
> recursion no; is set i
18 matches
Mail list logo
