Hello everybody,
bind9 1:9.6.ESV.R1+dfsg-0+lenny2
dhcp3-server3.1.1-6+lenny4
I am having a lot of "timed out" errors in my syslogs, that I want to
solve. Below is the output of egrep 'named|dhcpd' /var/log/syslog
http://debian.pastebin.com/hyD915BA
I know the _ character is giving
If I have two domains, say a.us and b.com
a.us is (dnssec) signed and the parent domain has a copy of the DS keys.
Is there a way to have host.b.com run dnssec aware queries against a.us?
I was thinking of setting up and using the ISC trust anchor with both
domains. Would that work? Are there
I am having trouble resolving the host name cod.ed.gov which I believe
may be dnssec related. If I run dig with the +cdflag option I get what
appears to be a proper response:
; <<>> DiG 9.7.1-P2-RedHat-9.7.1-2.P2 <<>> +cdflag cod.ed.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opco
On Wed, Sep 15, 2010 at 7:34 AM, Timothy Holtzen wrote:
> I am having trouble resolving the host name cod.ed.gov which I believe
> may be dnssec related
...
> in my logs I am getting the messages:
>
> validating @0x2ab727eb5810: cod.ed.gov A: got insecure response; parent
> indicates it should
On Wed, 15 Sep 2010, sami's strat wrote:
>
> a.us is (dnssec) signed and the parent domain has a copy of the DS keys.
> Is there a way to have host.b.com run dnssec aware queries against a.us?
You don't need or want the ISC DLV trust anchor for that, since there is a
chain of trust to the root and
Thanks Casey!
The link to dnsviz.net also explains part of why I was getting
confused. It appears that there are not any DS records at the root
(yet?) for the .gov level. This explains why when I did a dig with
+sigchase +topdown options it was failing to validate way earlier in the
chain.
Hello,
A question about ns selection in bind. It seems up to bind 9.5, it
selects the ns with the lowest rtt, but there were some changes in
bind 9.6 that makes it doing random selection, from https://www.isc.org/software/bind/new-features/9.6
:
"As a security improvement to make forgery a
Hello, I have set up a new BIND/named server, being backed by DLZ in this case,
though I don't think that will have any bearing on my question.
This NS is not publicly known or listed as an NS anywhere as of yet, so it is
only my own testing that has hit the machine. If I perform a dig request,
From the output of your dig command you show that you are running a MacOSX
system. Are you running the firewall on this system also? That may be dropping
the TCP communication.
Be aware that Apple's DNS server configrration throws every bell and whistle
into the config. If you really are seriou
Hi,
I'm having a problem with my caching DNS servers. I'm on bind 9.4.3-p5, threads
enabled (4), running gentoo 64 bits.
For 2 days, I have some clients (mail servers receiving spams) issuing a lot of
requests on zone hosted on dead dns server. For example :
'uewchcvqhvnavkevhavecvbcvxevudvr.h
Hi,
No, I am not running any firewall on the client side at all. I can perform
lookups elsewhere that behave as I would expect. I also performed these tests
on another machine that has a more current and non Apple dig as well.
The server is RHEL, not Mac OS X. I have deployed many named serv
In message <4c90847e.4000...@powercraft.nl>, Jelle de Jong writes:
> Hello everybody,
>
> bind9 1:9.6.ESV.R1+dfsg-0+lenny2
> dhcp3-server 3.1.1-6+lenny4
>
> I am having a lot of "timed out" errors in my syslogs, that I want to
> solve. Below is the output of egrep 'named|dhcpd' /var/log
Dear All,
Please help me out for disable v6 recursive lookup from my server with
bind 9.6.1-P3.
As my server is not enabled for IPv6, it always gives warning like
"network unreachable resolving .. " log.
Regards,
Bal Krishna
___
bind-user
In message , balk
ris...@subisu.net.np writes:
> Dear All,
>
> Please help me out for disable v6 recursive lookup from my server with
> bind 9.6.1-P3.
> As my server is not enabled for IPv6, it always gives warning like
> "network unreachable resolving .. " log.
>From the man page for named.
14 matches
Mail list logo
