Since upgrading our main recursive nameservers to BIND 9.7.2-P2 (and
using a trust anchor for the root and lookaside via dlv.isc.org) I am
seeing a scatter of warning messages like this:
Oct 1 19:47:19 dnssec: warning: validating @1c29d580:
115.197.101.95.IN-ADDR.ARPA PTR:
can't validate exist
With a managed-keys statement including keys for "." and for
"dlv.isc.org", the managed-keys.bind file is normally updated
every hour for "dlv.isc.org" and every day for "." (the
respective TTLs of their DNSKEY RRsets, presumably). But
sometimes this updating simply stops completely, until
BIND is
> Evan, I had this same message and it continued on every start.
That's a bug, then. Thank you.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/
On Sun, 3 Oct 2010, Evan Hunt wrote:
On Fri, Oct 01, 2010 at 10:29:34PM +, Jack Tavares wrote:
Hello
While starting up bind I get the following 2 messages
01-Oct-2010 15:13:15.304 set up managed keys zone for view external, file
'3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f
The slave files do not carry the "@" I presume you are using on
the master -- the zone-transfer data includes the specific domain
names -- so the slave files can't be shared even if they could be
shared.
Maybe you can write a program that translates the slave data
into the sharable format, and ev
On Fri, Oct 01, 2010 at 10:29:34PM +, Jack Tavares wrote:
> Hello
> While starting up bind I get the following 2 messages
> 01-Oct-2010 15:13:15.304 set up managed keys zone for view external, file
> '3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys'
> and
> 01-Oct-2010 1
The slave files do not carry the "@" I presume you are using on
the master -- the zone-transfer data includes the specific domain
names -- so the slave files can't be shared even if they could be
shared.
Maybe you can write a program that translates the slave data
into the sharable format, and ev
| Hi All: One more conf issue on bind 9.7.1-P2
| After running rndc-confgen and reloading BIND I?m getting this error:
| WARNING: key file (/etc/namedb/rndc.key) exists, but using default
| configuration file (/etc/namedb/rndc.conf)
| rndc: connection to remote host closed
| This may indicate that
IME the best way to do this on a Unix'y system is to use hard links.
That way if you ever need to change one of them to be its own file
it's trivial to do so. Also IME, BIND doesn't react well to having
multiple slave zones sharing the same file, but that may have improved
in more recent versions,
* Mark Andrews:
> * If BIND, acting as a DNSSEC validating server, has two or more
>trust anchors configured in named.conf for the same zone (such as
>example.com) and the response for a record in that zone from the
>authoritative server includes a bad signature, the v
10 matches
Mail list logo