On 07/07/2010 08:24 PM, L. Gabriel Somlo wrote:
view global {
zone example.org {
type master;
file example.org.signed;
allow-update {
key foo;
};
};
The problem is that, when I attempt
You need auto-dnssec maintain in the zone statement
Right, or auto-dnssec allow.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Hi Nico,
Could it be that the signature of the AXFR message is created at request
time on the master (actually when the answer is build), but the
validation on the client side is obviously only made at the end of the
transfer?
The RFC2845 suggests that this is possible, but I'm not fluent enough
Hello,
This was my first guess as well, but since the TSIG fudge is set to 300
seconds then all zonetransfers which take more the 5 minutes would fail
if this was true.
/Nico
On tor, 2010-07-08 at 10:28 +0200, Gilles Massen wrote:
Hi Nico,
Could it be that the signature of the AXFR
On Thu, 2010-07-08 at 10:37 +0200, Matus UHLAR - fantomas wrote:
Hello,
please, if you are writing a new post, send it as new mail and not
as reply/followup on old mail. It makes people with threading clients
angry and they can also in such case miss your e-mail.
Thank you.
On 07.07.10
Hi,
I install bind as a cache server on Solaris 10, Sun Sparc T5140. It has
problem,
bind always hang out when named reach to 5-600 Mb ('prstat' check). I have
several servers and all have this problem even when i install bind in zone or
try with a 64bit version. T5140's a powerful server
On Thu, Jul 8, 2010 at 4:30 PM, khanh rua duonghoahoc_k4...@yahoo.com wrote:
Hi,
I install bind as a cache server on Solaris 10, Sun Sparc T5140. It has
problem, bind always hang out when named reach to 5-600 Mb ('prstat' check).
How did you determine that it hang?
If you enable query log,
On 07.07.10 20:43, Kebba Foon wrote:
I have been experience DNS resolutions problems these past few days, if
i run nslookup i get this error:
;; connection timed out; no servers could be reached
with dig +trace i get:
; DiG 9.6-ESV-R1 @my ns server ip espn.com
Hello,
We are running BIND 9.7.0, and use a split view such that there is a
difference depending on whether you are within our site campus or not.
For all the other zones we support we simply 'include' the zone file
into both views. Generally this seems to work fine.
However, when checking the
On 08.07.10 12:26, John Horne wrote:
We are running BIND 9.7.0, and use a split view such that there is a
difference depending on whether you are within our site campus or not.
For all the other zones we support we simply 'include' the zone file
into both views. Generally this seems to work
On Thu, 2010-07-08 at 07:34 -0400, Alan Clegg wrote:
On 7/8/2010 7:26 AM, John Horne wrote:
However, when checking the SOA serial number of our reverse zone we are
seeing different values depending on whether we are inside or outside of
the campus. This zone is maintained internally by MS
On Thu, 2010-07-08 at 13:37 +0200, Matus UHLAR - fantomas wrote:
I think you can for example configure one view as slave of the other view,
with
sending notifies from master to slave and using no zone file for the slave
part.
Interesting idea. I will look into that.
Thanks,
John.
--
On 7/8/2010 7:58 AM, John Horne wrote:
You need to specify different file locations for each of the slaved
zones (even if the data is the same) in each view.
Okay, but why? As said this generally works, it just seems a bit out of
step between the views.
Because BIND won't do what you are
Hello to all.
I have recently set up a slave DNS server
(bind-9.3.6) on a CentOS 5.x Linux box. The
master is our Windows server and, really, it
directly serves our AD infrastructure, and
forwards external queries to our ISP''s DNS
servers.
I got the basic set-up correct, I believe.
khanh rua wrote:
Hi,
I install bind as a cache server on Solaris 10, Sun Sparc T5140. It has
problem,
bind always hang out when named reach to 5-600 Mb ('prstat' check). I have
several servers and all have this problem even when i install bind in zone or
try with a 64bit version.
2010/7/8 John Horne john.ho...@plymouth.ac.uk
[..]
Both views use the same zone file (which currently contains 3330257 as
the serial number), and the zone is configured to use a single master.
If I use rndc to reload the zone in both views, then nothing changes. If
I stop and restart the
On Thu, 2010-07-08 at 07:34 -0400, Alan Clegg wrote:
On 7/8/2010 7:26 AM, John Horne wrote:
However, when checking the SOA serial number of our reverse zone we are
seeing different values depending on whether we are inside or outside of
the campus. This zone is maintained internally by MS
You need to specify different file locations for each of the slaved
zones (even if the data is the same) in each view.
Does that apply for master zones which are common (i.e. the same data)
to both views as well?
In my experience, you can use a shared file for mastering. We have adopted the
Not necessarily. A zone transfer is composed of a sequence of
DNS response messages, each of which may have a TSIG signature
record (from what I've seen BIND adds a signature to every
response message). If each of those response messages is
generated, delivered, and verified within the fudge
BIND 9.7.1-P1 is now available.
BIND 9.7.1-P1 is a maintenance release for BIND 9.7.
BIND 9.7.1-P1 addresses two backwards compatibility issues introduced in
BIND 9.7.0:
1) BIND 9.7.x expected negative responses to be in a certain format,
one that matches what
On Jul 8, 2010, at 3:42 PM, Peter Laws wrote:
BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
From the host itself, a slave for all my zones, I can resolve all my
zones. I cannot, however, resolve anything else.
For example, if I dig google.com I get a timeout.
Further, if I do a blank dig, I
Yep, zone for hint is right. No interesting messages service named
checkconfig (which RH has helpfully set up to run named-checkconf and
named-checkzone) shows that all is well.
:-(
On 07/08/10 15:55, Warren Kumari wrote:
On Jul 8, 2010, at 3:42 PM, Peter Laws wrote:
BIND
In article mailman.1990.1278588398.21153.bind-us...@lists.isc.org,
John Horne john.ho...@plymouth.ac.uk wrote:
Hello,
We are running BIND 9.7.0, and use a split view such that there is a
difference depending on whether you are within our site campus or not.
For all the other zones we
Hi all,
Does anyone know what algorithm BIND uses to order the NS records in a
DNS reply? e.g.
dig @66.6.49.217 NS yahoo.com
yahoo.com. 160275 IN NS ns6.yahoo.com.
yahoo.com. 160275 IN NS ns8.yahoo.com.
yahoo.com. 160275 IN
Successive queries give different orderings of nameservers. I though
it was decreasing RTT order, but wanted to confirm.
It's configurable (see the documentation of the rrset-order statement
for details), but in this particular case it appears to be round-robin.
Successive queries give me
25 matches
Mail list logo
