Context: BIND 9.7.0
I have made use of views on a single server for providing
suitable/selective responses to internal, external and guest clients.
This setup has been working for years but is now broken for clients
querying from a guest network (via the guest view) unless the queries
have
Hello list,
In my logs I see numerous line like these:
Mar 16 04:59:13 mx02 named[4606]: unexpected RCODE (SERVFAIL)
resolving 'hotmeil.com/MX/IN': 10.2.1.3#53
Mar 16 04:59:14 mx02 named[4606]: unexpected RCODE (SERVFAIL)
resolving 'hotmeil.com/MX/IN': 10.0.1.3#53
Mar 16 04:59:15 mx02
On 16.03.10 09:45, Ruben Laban wrote:
In my logs I see numerous line like these:
Mar 16 04:59:13 mx02 named[4606]: unexpected RCODE (SERVFAIL)
resolving 'hotmeil.com/MX/IN': 10.2.1.3#53
Mar 16 04:59:14 mx02 named[4606]: unexpected RCODE (SERVFAIL)
resolving 'hotmeil.com/MX/IN':
On Tue, 16 Mar 2010 08:14:40 + (UTC), John Marshall wrote:
Client: 192.168.25.71 is querying the PTR record for its own address.
Server: 172.25.24.16 is querying itself for the DS record for the
parent of the zone which the client is querying (Why?).
There is no DS record in
In message 20100316090709.gc7...@fantomas.sk, Matus UHLAR - fantomas writes:
On 16.03.10 09:45, Ruben Laban wrote:
In my logs I see numerous line like these:
Mar 16 04:59:13 mx02 named[4606]: unexpected RCODE (SERVFAIL)
resolving 'hotmeil.com/MX/IN': 10.2.1.3#53
Mar 16 04:59:14 mx02
On 16.03.10 09:45, Ruben Laban wrote:
In my logs I see numerous line like these:
Mar 16 04:59:13 mx02 named[4606]: unexpected RCODE (SERVFAIL)
resolving 'hotmeil.com/MX/IN': 10.2.1.3#53
Mar 16 04:59:14 mx02 named[4606]: unexpected RCODE (SERVFAIL)
resolving
I'd like to get your feedback on the following thoughts regarding DNSSEC HW
support.
Any layer 2 or 3 devices forwarding frames or packets should not be affected by
the implementation of DNSSEC regardless of the type of protocol (TCP/UDP) or
the query size (large or small).
Layer 4 devices
I'd like to get your feedback on
the following thoughts regarding DNSSEC HW support.
Any layer 2 or 3 devices forwarding frames or packets
should not be affected by the implementation of DNSSEC
regardless of the type of protocol (TCP/UDP) or the query
size (large or small).
Layer 4
On 2010-03-16 15:57, prock...@yahoo.com wrote:
I'm trying to figure out how many tests I need to run for an
individual product (layer 2, 3, 4, and 7) before I can say it is
completely DNSSEC compliant.
By definition, any layer 2, 3 and 4 product is DNSSEC-agnostic: DNS with
or without
In article mailman.814.1268703621.21153.bind-us...@lists.isc.org,
Gary Wallis wgg1...@gmail.com wrote:
Let's say I have this setup :
BIND 9.4 named.conf includes a master.zones file with the following:
...
zone ns1.yourdomain.com {
type master;
Hi,
We have a recurring problem with recursive domain resolution using a
bind 9.6 caching server. An example of such a zone is ecb.eu. The
problem seems due to a misconfiguration on their side where all the
(supposedly authorative) NS records listed in their zone file do not
answer requests
Sam Wilson wrote:
In article mailman.814.1268703621.21153.bind-us...@lists.isc.org,
Gary Wallis wgg1...@gmail.com wrote:
Let's say I have this setup :
BIND 9.4 named.conf includes a master.zones file with the following:
...
zone ns1.yourdomain.com {
type master;
In article mailman.828.1268758483.21153.bind-us...@lists.isc.org,
Gary Wallis wgg1...@gmail.com wrote:
I would be nice to know what a zone apex is since what I have found on
the web so far is pretty self-referential.
The resource record set for the zone name itself (e.g. SOA and NS) is
the
In article mailman.828.1268758483.21153.bind-us...@lists.isc.org,
Gary Wallis wgg1...@gmail.com wrote:
Sam Wilson wrote:
In article mailman.814.1268703621.21153.bind-us...@lists.isc.org,
Gary Wallis wgg1...@gmail.com wrote:
Let's say I have this setup :
BIND 9.4 named.conf
Gary Wallis wrote:
[other stuff snipped out]
Regarding my main question:
How to delegate signing authority from parent yourdomain.com to child
ns1.yourdomain.com.
Insert the DS records from the child into the parent and re-sign the parent.
I still have to setup a DNSSEC resolver to be
Hello all,
I have a problem with a CIDR IN-ADDR.ARPA delegation of a /28 netblock.
Domain names and IP numbers have been edited for privacy purposes.
I've had my local ISP make me a CIDR in-addr.arpa delegation for the block
192.168.33.112/28 to my name servers:
ns1.mydomain.dom
Alan Clegg wrote:
Gary Wallis wrote:
[other stuff snipped out]
Regarding my main question:
How to delegate signing authority from parent yourdomain.com to child
ns1.yourdomain.com.
Insert the DS records from the child into the parent and re-sign the parent.
I still have to setup a DNSSEC
On Mar 16, 2010, at 11:39 AM, Niobos wrote:
On 2010-03-16 15:57, prock...@yahoo.com wrote:
I'm trying to figure out how many tests I need to run for an
individual product (layer 2, 3, 4, and 7) before I can say it is
completely DNSSEC compliant.
By definition, any layer 2, 3 and 4 product is
What do the CNAMEs look like in 33.168.192.in-addr.arpa, or, if that's
not a delegated zone, the closest-enclosing zone of that?
- Kevin
On 3/16/2010 3:19 PM, Lister wrote:
In message slrnhpummo.2ter.j...@rwpc12.mby.riverwillow.net.au, John Marshall
writes:
On Tue, 16 Mar 2010 08:14:40 + (UTC), John Marshall wrote:
Client: 192.168.25.71 is querying the PTR record for its own address.
Server: 172.25.24.16 is querying itself for the DS record for the
Hello -
What is the default build on linux (2.6) with regard to threads.
If I don't explicitly enable or disable threads, does named
run threaded or unthreaded?
Thanks
--
jack
___
bind-users mailing list
bind-users@lists.isc.org
In message 20100316131539.ga10...@fantomas.sk, Matus UHLAR - fantomas writes:
On 16.03.10 09:45, Ruben Laban wrote:
In my logs I see numerous line like these:
Mar 16 04:59:13 mx02 named[4606]: unexpected RCODE (SERVFAIL)
resolving 'hotmeil.com/MX/IN': 10.2.1.3#53
Mar 16
In message 4b9fad0c.1090...@um.edu.mt, Gilbert Cassar writes:
Hi,
We have a recurring problem with recursive domain resolution using a
bind 9.6 caching server. An example of such a zone is ecb.eu. The
problem seems due to a misconfiguration on their side where all the
(supposedly
Jack Tavares wrote:
Hello -
What is the default build on linux (2.6) with regard to threads.
If I don't explicitly enable or disable threads, does named
run threaded or unthreaded?
Threaded.
Thanks
--
jack
On Wed, 17 Mar 2010, 09:03 +1100, Mark Andrews wrote:
In message slrnhpummo.2ter.j...@rwpc12.mby.riverwillow.net.au, John
Marshall
writes:
I don't understand this. If the client needs an answer from
25.168.192.in-addr.arpa. and we are hosting that zone and its parent
zone (both
In message 20100316234500.ga99...@rwpc12.mby.riverwillow.net.au, John Marshal
l writes:
On Wed, 17 Mar 2010, 09:03 +1100, Mark Andrews wrote:
In message slrnhpummo.2ter.j...@rwpc12.mby.riverwillow.net.au, John Marsh
all
writes:
I don't understand this. If the client needs an answer
Mark Andrews writes:
In message 20100316234500.ga99...@rwpc12.mby.riverwillow.net.au, John Marsh
al
l writes:
On Wed, 17 Mar 2010, 09:03 +1100, Mark Andrews wrote:
In message slrnhpummo.2ter.j...@rwpc12.mby.riverwillow.net.au, John Mar
sh
all
writes:
I don't understand this.
BIND 9.4-ESV-R1 is now available.
BIND 9.4-ESV-R1 is revision 1 of the extended release version
for BIND 9.4. It is recommended that all BIND 9.4.x users
upgrade to BIND 9.4-ESV-R1.
BIND 9.4-ESV-R1 can be downloaded from
BIND 9.6-ESV is now available.
BIND 9.6-ESV is a extended release version for BIND 9.6.
BIND 9.6-ESV can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.6-ESV/bind-9.6-ESV.tar.gz
The PGP signature of the distribution is at
BIND 9.7.0-P1 is now available.
BIND 9.7.0-P1 is a recommended patch for BIND 9.7.0. It addresses
excessive query traffic generated when there is a break in the
DNSSEC trust chain as a result of a configuration error. It is
recommended for anyone using DNSSEC validation
BIND 9.6.2-P1 is now available.
BIND 9.6.2-P1 is a recommended patch for BIND 9.6.2. It addresses
excessive query traffic generated when there is a break in the
DNSSEC trust chain as a result of a configuration error. It is
recommended for anyone using DNSSEC validation
I noticed that the patchfix releases of BIND came out today, so
congratulations on that. :) However I was confused by the existence of
both a 9.6.2-P1 and a 9.6-ESV (with the same code inside). Is 9.6.2-P1
the last release on the 9.6 branch? For the purpose of following a
branch in the FreeBSD
In message 4ba04e63.8090...@dougbarton.us, Doug Barton writes:
I noticed that the patchfix releases of BIND came out today, so
congratulations on that. :) However I was confused by the existence of
both a 9.6.2-P1 and a 9.6-ESV (with the same code inside). Is 9.6.2-P1
the last release on the
On Wed, 17 Mar 2010, 11:11 +1100, Mark Andrews wrote:
In message 20100316234500.ga99...@rwpc12.mby.riverwillow.net.au, John
Marshal
l writes:
In message slrnhpummo.2ter.j...@rwpc12.mby.riverwillow.net.au, John
Marsh
all
writes:
If I grant the guest clients access to the
On 03/16/10 20:57, Mark Andrews wrote:
In message 4ba04e63.8090...@dougbarton.us, Doug Barton writes:
I noticed that the patchfix releases of BIND came out today, so
congratulations on that. :) However I was confused by the existence of
both a 9.6.2-P1 and a 9.6-ESV (with the same code
In message 4ba0595b.8090...@dougbarton.us, Doug Barton writes:
On 03/16/10 20:57, Mark Andrews wrote:
In message 4ba04e63.8090...@dougbarton.us, Doug Barton writes:
I noticed that the patchfix releases of BIND came out today, so
congratulations on that. :) However I was confused by the
In message 20100317041842.gb99...@rwpc12.mby.riverwillow.net.au, John
Marshall writes:
[queries log]
17-Mar-2010 14:04:11.140 queries: client 172.25.24.18#42640:
view internal: query: 168.192.in-addr.arpa IN DS + (172.25.24.17)
Named has fallen back to plain DNS talking to itself.
I'll need
On 03/16/10 22:17, Mark Andrews wrote:
ESV's are supposed to be releases which are stable, no dot-o-itis.
I'm not suggesting that they should be the latter, thus my comment that
what I _thought_ would happen is that once the dot-releases were done in
a given branch the -ESV would start. Frankly
38 matches
Mail list logo