+ / let me guess / you use Smart Signing ?
Weird, this week, in my verification of DNSSEC'd domains by our registrars
I picked up exactly the same error :
no RRSIG on the SOA.
They filed a bug report to ISC about this.
Might be related to this Smart Signing thing -
can you confirm you are also
I just built a Windows 7 64-bit system and did the following
steps to make the `dig' program available for use:
* opened ftp://ftp.isc.org/isc/bind9/9.8.0-P2/BIND9.8.0-P2.zip
* copied dig.exe and the DLL files to a folder
* added the folder's path to the system's PATH environment variable
Hello,
I have a problem resolving manage.logicboxes.com with bind. I tried
versions 9.7.3, 9.7.1-P2 and 9.6-ESV-R1, all of them return a SERVFAIL
with a pretty long query time :
; DiG 9.7.1-P2 manage.logicboxes.com
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY,
The servers for manage.logicboxes.com return SERVFAIL to A queries. Named
doesn't parse any further than seeing the SERVFAIL.
Mark
; DiG 9.6.0-APPLE-P2 ns manage.logicboxes.com
@D.SERVICE.AFILIASDNS.com
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: SERVFAIL, id:
The Dependence Walker utility says that MSVCR80.DLL can
not be resolved...
After my original post, I ran Dependence Walker against the
dig.exe that runs fine on my Win7 64-bit laptop and inspected
the properties of the MSVCR80.DLL library to which it linked.
The Details tab showed:
Product
In message 201106300758.aaa27...@nasdaq.hpl.hp.com, Andris Kalnozols writes:
I just built a Windows 7 64-bit system and did the following
steps to make the `dig' program available for use:
* opened ftp://ftp.isc.org/isc/bind9/9.8.0-P2/BIND9.8.0-P2.zip
* copied dig.exe and the DLL files
On 29.06.11 16:16, iharrathi@orange-ftgroup.com wrote:
When i start Bind on server2 i do it with -n 4 ( to use 4 thread) and
on server1 i start bind with -n 8. And i see then on munin that the
load is shared on all cores.
start it with -n 4 on server 1 and see if there will be any
We saw the problem that is described in 9.8.0-P2 in a few hours. I
understand the resolution was a bug fix.
What made it intermittent? I am trying to recreate it on a different
server and I can't. Once it happened, I could identify it quite
quickly, but I try the same test and it does not fail.
So anyone know if a certification is still in the works to be released this
summer? And if it will be BIND, DHCP, AFTR, all of them...? I'd love to see
a BIND cert specifically.
http://www.isc.org/services/certification
--
Jon F.
pikel@gmail.com
* Mark Andrews ma...@isc.org:
In message 20110630031511.gn14...@mail.incertum.net, Stefan Foerster writes:
* Mark Andrews ma...@isc.org:
Contact the adminstrator of the server and request that they stop
disabling dnssec. dnssec-enable yes; is the default for all
version except 9.3.x.
I have domain example.net in production, and have recently acquired
example.us and example.info.
For whatever reason, I want example.us to simply mirror example.net, which
is dynamically udpdated (and dnssec). And I want example.us to be zero
maintenance. (Well, OK I know I need separate DNSSEC
I have a similar set up to that and it works. Have you checked the logs to
make sure the zone properly loaded? I'm assuming the zone data you posted
below is from the example.us zone but your first question makes it sound
like you put it in a seperate zone. That would explain the SERVFAIL if the
Hi Jon,
On 6/30/2011 10:41 AM, Jon F. wrote:
So anyone know if a certification is still in the works to be released this
summer? And if it will be BIND, DHCP, AFTR, all of them...? I'd love to see
a BIND cert specifically.
http://www.isc.org/services/certification
It is still in the works,
Sounds great. I keep checking every now and then. It'll be nice to finally
get a cert recognizing competency in BIND (or really DNS in general). I'm
sure there will be notice through the mailing list once it's available.
Thanks.
On Thu, Jun 30, 2011 at 4:45 PM, Sue Graves sgra...@isc.org wrote:
On Jun 30 2011, eugene tsuno wrote:
We saw the problem that is described in 9.8.0-P2 in a few hours. I
understand the resolution was a bug fix.
I take it you are referring to RT #24650, fixed by change #3121 (affects
everyone, crashes BIND) rather than RT #24631, fixed by change #3120
In message BANLkTim=maau1y+xh7yzibmrznvx30z...@mail.gmail.com, Jon F. write
s:
I have a similar set up to that and it works. Have you checked the logs to
make sure the zone properly loaded? I'm assuming the zone data you posted
below is from the example.us zone but your first question makes it
You know I was thinking and I guess the original poster could actually do
the zone mimicking by just adding the .us zone statement to named.conf but
point it to the same zone name as the already built zone. In the zone, just
use the @ instead of pointing to an actual name. Then it can be read for
In message banlktimxqxzfurpp9jggga9xvhsb72k...@mail.gmail.com, Jon F. write
s:
You know I was thinking and I guess the original poster could actually do
the zone mimicking by just adding the .us zone statement to named.conf but
point it to the same zone name as the already built zone. In the
Ah. Good point. My bad.
On Thu, Jun 30, 2011 at 8:42 PM, Mark Andrews ma...@isc.org wrote:
In message banlktimxqxzfurpp9jggga9xvhsb72k...@mail.gmail.com, Jon F.
write
s:
You know I was thinking and I guess the original poster could actually do
the zone mimicking by just adding the .us
19 matches
Mail list logo