Re: multi-master with mysql backend

2011-02-07 Thread pyh
fddi writes: Hello, I would like to configure a multi-master configuration wirh 2 hosts and I have been thinking to mysql as a backend. Is there any official or semi-official support in bind for using mysql as backend ? Any kind of documentation on this ? Try google with "bind dlz". enabl

Re: bind makes RRSIG disappear?

2011-02-07 Thread Evan Hunt
> >BIND will try to maintain the signatures in a zone if the zone is > >configured to be dynamic--i.e, if it has an update-policy or allow-update > >option. It won't create signatures where there were none, but it will try > >to keep existing RRSIGs up to date for you. > > Not that I would need i

Re: bind makes RRSIG disappear?

2011-02-07 Thread Gilles Massen
Evan, Thanks for outlining this - it's much clearer now. BIND will try to maintain the signatures in a zone if the zone is configured to be dynamic--i.e, if it has an update-policy or allow-update option. It won't create signatures where there were none, but it will try to keep existing RRSIGs

Re: bind makes RRSIG disappear?

2011-02-07 Thread Evan Hunt
> Thanks, this works indeed. > > This raises a few questions, as I'd really like to understand bind's > behavior: > > - is there any description of exactly how/when Bind assumes signing > authority over a zone? Or simply where some kind of zone-manipulating > intelligence kicks in? > > - is it p

openssl pkcs#11 engine patch

2011-02-07 Thread Emil Natan
Hi, I try to build BIND 9.7.2-P3 with HSM support needed for DNSSEC on CentOS-5 box. Following the documentation (arm97, starting from page 27) I download the openssl source (0.9.8l), apply the patch provided with BIND (bin/pkcs11/openssl-0.9.8l-patch), no errors during the "configure" and "make"

Re: bind makes RRSIG disappear?

2011-02-07 Thread Cathy Almond
Hi Gilles, You've identified a corner-case bug - the logic is incorrect in the case where the ACL holds "none" instead of being empty. There's no compile-time option - but we are treating what you've reported to us as a bug (RT #23120). It is currently under investigation/discussion. Many thank

Re: Public Advisory on DNSSEC Failures with New DS Records

2011-02-07 Thread Cathy Almond
Stephane, It looks like something went awry on the website. We've fixed it. Thanks for the heads-up. Cathy On 07/02/11 08:49, Stephane Bortzmeyer wrote: > On Fri, Feb 04, 2011 at 04:11:03PM -0800, > Larissa Shapiro wrote > a message of 37 lines which said: > >> The full advisory is located

Re: Public Advisory on DNSSEC Failures with New DS Records

2011-02-07 Thread Stephane Bortzmeyer
On Fri, Feb 04, 2011 at 04:11:03PM -0800, Larissa Shapiro wrote a message of 37 lines which said: > The full advisory is located at: > > https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record It is no longer a _public_ advisory. The above URL redirects to

multi-master with mysql backend

2011-02-07 Thread fddi
Hello, I would like to configure a multi-master configuration wirh 2 hosts and I have been thinking to mysql as a backend. Is there any official or semi-official support in bind for using mysql as backend ? Any kind of documentation on this ? thank you Riccardo _