On Wed, Nov 30, 2011 at 12:18:04AM -0500, Alan Clegg wrote:
On 11/30/2011 12:15 AM, vishesh kumar wrote:
Hi All
I am trying to generate keys for signing vishesh.com
http://vishesh.com domain using following command (for testing purpose)
dnssec-keygen -a RSASHA1 -b 768 -n ZONE
Am Wed, 30 Nov 2011 09:40:44 +0100
schrieb Adam Tkac at...@redhat.com:
On Wed, Nov 30, 2011 at 12:18:04AM -0500, Alan Clegg wrote:
On 11/30/2011 12:15 AM, vishesh kumar wrote:
Hi All
I am trying to generate keys for signing vishesh.com
http://vishesh.com domain using following
On 11/29/2011 11:53 PM, Doug Barton wrote:
On 11/29/2011 15:33, Chris Thompson wrote:
With a mixture of small and large zones, signed and unsigned, choosing
sensible values for max-journal-size can become rather tedious (unless
one is prepared to to say disc space is cheap, make them
On 11/29/2011 11:33 PM, Chris Thompson wrote:
With a mixture of small and large zones, signed and unsigned, choosing
sensible values for max-journal-size can become rather tedious (unless
one is prepared to to say disc space is cheap, make them all BIGNUM).
We sort of did this accidentally.
On 11/30/2011 01:23, Phil Mayers wrote:
On 11/29/2011 11:53 PM, Doug Barton wrote:
On 11/29/2011 15:33, Chris Thompson wrote:
With a mixture of small and large zones, signed and unsigned, choosing
sensible values for max-journal-size can become rather tedious (unless
one is prepared to to say
On 11/29/2011 11:33 PM, Chris Thompson wrote:
With a mixture of small and large zones, signed and unsigned, choosing
sensible values for max-journal-size can become rather tedious (unless
one is prepared to to say disc space is cheap, make them all BIGNUM).
On 30.11.11 09:32, Phil Mayers
On 30/11/2011 10:32, Phil Mayers wrote:
We sort of did this accidentally. max-journal-size wasn't being set on
our servers - the .jnl file for imperial.ac.uk was nearly 2Gb... oops.
The value I set it to eventually was pretty big - 128M globally - which
on our biggest zones seems to give ~2
On 30/11/11 10:09, Matus UHLAR - fantomas wrote:
Well, that's way too much. The main point of journal is imho to provide
I think this is a decision for each operator to make themselves.
___
Please visit
hello, bind-users,
I found a bug at openssl patch in bind 9.7.3.
pk11_active_add function should be called with the active list lock protection
in pk11_get_private_rsa_key function at hw_pk11so_pub.c file, but it is not
locked.
the other question is that why pFuncList-C_Finalize is commented in
On 30/11/11 10:09, Matus UHLAR - fantomas wrote:
Well, that's way too much. The main point of journal is imho to provide
On 30.11.11 11:51, Phil Mayers wrote:
I think this is a decision for each operator to make themselves.
I was trying to explain that there are reasonable limits over which
In article mailman.403.1322655086.68562.bind-us...@lists.isc.org,
Matus UHLAR - fantomas uh...@fantomas.sk wrote:
On 30/11/11 10:09, Matus UHLAR - fantomas wrote:
Well, that's way too much. The main point of journal is imho to provide
On 30.11.11 11:51, Phil Mayers wrote:
I think this is a
On Wed, Nov 30, 2011 at 11:09:48AM +0100, Matus UHLAR - fantomas wrote:
Well, that's way too much. The main point of journal is imho to
provide IXFR, and IXFR is only worth using when its size is smaller
than AXFRs.
That means jnl should not get (much) bigger than zone file itself.
(unless,
On 30/11/11 12:10, Matus UHLAR - fantomas wrote:
On 30/11/11 10:09, Matus UHLAR - fantomas wrote:
Well, that's way too much. The main point of journal is imho to provide
On 30.11.11 11:51, Phil Mayers wrote:
I think this is a decision for each operator to make themselves.
I was trying to
Hi,
I am facing this issue while compiling 9.7.4-p1 in solaris 10 box.Please
suggest me what could be the issue.
./configure --prefix=/opt/bind971-NXD-1 --enable-threads
--enable-largefiles --disable-openssl-version-check
configure: WARNING: unrecognized options: --enable-largefiles
checking
On 30/11/2011 17:27, jagan padhi wrote:
Hi,
I am facing this issue while compiling 9.7.4-p1 in solaris 10 box.Please
suggest me what could be the issue.
./configure --prefix=/opt/bind971-NXD-1 --enable-threads
--enable-largefiles --disable-openssl-version-check
configure: WARNING:
On Wed, 30 Nov 2011, jagan padhi wrote:
checking build system type... sparc-sun-solaris2.10
checking for a sed that does not truncate output... ./configure: line 4579:
/usr/bin/cmp: cannot execute binary file
What does this tell you?
file /usr/bin/cmp
(Maybe you have /usr/bin/cmp for
On Mon 28.Nov.11 14:39, Doug Barton wrote:
On 11/28/2011 10:20, Dan McDaniel wrote:
I'm setting up a new DNS server. We have two offices linked by a VPN.
I'm trying to decide whether to have everything under a single domain
(example.com) or to split them into sub-domains (office1.example.com,
On Nov 30, 2011, at 4:09 AM, Matus UHLAR - fantomas wrote:
On 11/29/2011 11:33 PM, Chris Thompson wrote:
I wonder if an external tool to trim the journal would be an option? You'd
need a timestamp on records (relying on the RRSIGs mean it only works for
signed). Not sure about the locking
On Nov 30, 2011, at 3:01 AM, Torsten Segner wrote:
In RHEL there is a RPM package called unuran.
It's a random number generator daemon using either a piece of hardware or
/dev/urandom as source. Running this will provide enough entropy to create
lots of keys.
I'd be rather wary of keys
Hello 张海阔,
I've opened a bug ticket for this one. I don't know that bind-users is a good
place to continue discussions, but consider perhaps bind-workers (which is more
for coders).
I'll send you a link to the bug in separate message.
--Michael
On Nov 30, 2011, at 6:09 AM, 张海阔 wrote:
On Wed, 2011-11-30 at 13:45 -0600, Michael Graff wrote:
On Nov 30, 2011, at 3:01 AM, Torsten Segner wrote:
In RHEL there is a RPM package called unuran.
It's a random number generator daemon using either a piece of hardware or
/dev/urandom as source. Running this will provide enough
On Tue, 2011-11-29 at 15:36 +0200, Mark Elkins wrote:
When does 'EDNS' get brought into the picture?
A 'dig' with '+dnssec' works just fine (more than 512 bytes over udp) -
but a dig without '+dnssec' and actually asking for the 'dnskey' records
for a domain - which is over 512 bytes - does a
In message 1322689151.15146.69.ca...@mjelap.posix.co.za, Mark Elkins writes:
On Tue, 2011-11-29 at 15:36 +0200, Mark Elkins wrote:
When does 'EDNS' get brought into the picture?
A 'dig' with '+dnssec' works just fine (more than 512 bytes over udp) -
but a dig without '+dnssec' and actually
On Wed, 30 Nov 2011, Michael Graff wrote:
On Nov 30, 2011, at 3:01 AM, Torsten Segner wrote:
In RHEL there is a RPM package called unuran.
It's a random number generator daemon using either a piece of hardware or
/dev/urandom as source. Running this will provide enough entropy to create lots
I'd be rather wary of keys made from /dev/urandom but I am often times a
paranoid security freak.
Inexpensive USB-attachable RNG: http://www.entropykey.co.uk/
Jeffry A. Spain
Network Administrator
Cincinnati Country Day School
___
Please visit
25 matches
Mail list logo