Hello,
The authoritative NS for nknsec.in. *does* give answers with corresponding
RRSIGs !
$ dig @ns1.nknsec.in. test.nknsec.in. +dnssec +short
10.1.27.25
A 5 3 360 20120204072952 20120105072952 16755 test.nknsec.in.
DcLPb3hVDqal64UQe3Vk4NjbMRwSSWHNy4r/Bk42M2WQLZYBt9p7NpIT
6g1AVdP2vyFs2q4CbA
It is working.
--
$ dig test.nknsec.in +dnssec
; <<>> DiG 9.8.1 <<>> test.nknsec.in +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4578
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL:
Dear Fajar,
Below logs taken from Internal DNS server running in Microsoft DNS. I checked
with client AV status, everything is fine( system is up to date with DAT from
Mcafee AV and no threat found in the complete scan output).
But really no idea.. why it happens.. Client is pointed to use
On Wed, Jan 11, 2012 at 12:11 PM, babu dheen wrote:
>
> Hi,
>
> I enabled the logs in DNS server and i found below lines from this client
> continiously..
>
> 1/10/2012 9:14:30 AM 0FDC PACKET 05B489B0 UDP Snd
> 1f23 Q [0005 A D NOERROR] TXT (7)version(4)bind(0)
> 1/10/2012 9
Dear All,
I had purchased a new domain especially for DNSSEC testing.
But when I ask my registry to insert my DS keys in .in zone file, I got the
answer that .in is still not ready for this although .in is signed.
I tried to authenticate my domain through ISC dlv.
I upload my DS key there
In message <4f0cebb5.3040...@dougbarton.us>, Doug Barton writes:
> On 01/10/2012 17:34, Mark K. Pettit wrote:
> > There are some caveats to trying to use "interface-interval" to pick up new
> IPs. If your BIND drops privileges (e.g., by using the "-u" command-line op
> tion to named), you might
Hi,
I enabled the logs in DNS server and i found below lines from this client
continiously..
1/10/2012 9:14:30 AM 0FDC PACKET 05B489B0 UDP Snd
1f23 Q [0005 A D NOERROR] TXT (7)version(4)bind(0)
1/10/2012 9:14:30 AM 0FDC PACKET 07342360 UDP Rcv c63c
Q [0005
On Jan 10, 2012, at 5:53 PM, Doug Barton wrote:
> On 01/10/2012 17:34, Mark K. Pettit wrote:
>> In my environment (FreeBSD) we've worked around this problem (just recently,
>> in fact), and I can provide more details if there's any interest.
>
> well I'm definitely interested. :)
The short answ
On 01/10/2012 18:38, Mark K. Pettit wrote:
> On Jan 10, 2012, at 5:53 PM, Doug Barton wrote:
>
>> On 01/10/2012 17:34, Mark K. Pettit wrote:
>>> In my environment (FreeBSD) we've worked around this problem (just
>>> recently, in fact), and I can provide more details if there's any interest.
>>
>>
On 01/10/2012 17:34, Mark K. Pettit wrote:
> There are some caveats to trying to use "interface-interval" to pick up new
> IPs. If your BIND drops privileges (e.g., by using the "-u" command-line
> option to named), you might have a problem getting BIND to bind() to the new
> IP addresses.
>
>
There are some caveats to trying to use "interface-interval" to pick up new
IPs. If your BIND drops privileges (e.g., by using the "-u" command-line
option to named), you might have a problem getting BIND to bind() to the new IP
addresses.
For example, on FreeBSD if you use "-u" to drop privil
On Jan 10, 2012, at 3:00 PM, michoski wrote:
> On 1/9/12 11:38 PM, "babu dheen" wrote:
>> Can anyone help me how to find bind & microsoft DNS software version using
>> dig or nslookup command remotely?
>
> There are various fingerprinting methods you can use, with widely varying
> degrees of ac
Hello,
I have a question on updating zones to slave servers. I have this
zone on my master:
$ORIGIN .
$TTL 38400 ; 10 hours 40 minutes
184.16.172.in-addr.arpa IN SOA ns0.domain.com. (
1262345699
10800
3600
Hello all. I had to cancel my static external ip because my ISP wants
too much money for it and it did not justify to pay for that kind of
price since we are a small firm. I tried to negotiate but we all know
how hard is to convince a corporate monopoly executive to get down from
the clouds to
On 1/9/12 11:38 PM, "babu dheen" wrote:
> Can anyone help me how to find bind & microsoft DNS software version using
> dig or nslookup command remotely?
There are various fingerprinting methods you can use, with widely varying
degrees of accuracy, but the most polite way is to use the SOA:
$ di
On 1/9/12 5:12 PM, "Bostjan Skufca" wrote:
> is binding to all interfaces at once already supported in bind9? I know named
> binds to each at-the-moment-available IP address but in HA environment with
> virtual interfaces a "rndc reload" is necessary for named to pick up a new
> interface, which l
Irwin Tillman wrote:
>
> What's the recommended approach?
My empty zone is:
@ SOA localhost. root.localhost. 1 1h 1000 1w 1h
NSlocalhost.
I also have a "localhost." zone (RFC 2606) which is:
@ SOA localhost. root.localhost. 1 1h 1000 1w 1h
NSlocalhost.
A 127.0.0.1
On Tue, January 10, 2012 08:04, Drunkard Zhang wrote:
> I am designing a big deploy system, which will implement via DNS. The
> demond is misc, one of them is conditionally resolve, which means that
> if one CDN node near unavailable, or latency increased significantly,
> no matter why, I want bind
2012/1/10 Drunkard Zhang
> I am designing a big deploy system, which will implement via DNS. The
> demond is misc, one of them is conditionally resolve, which means that
> if one CDN node near unavailable, or latency increased significantly,
> no matter why, I want bind to give another second bes
On 10.01.12 13:08, babu dheen wrote:
Can anyone help me how to find bind & microsoft DNS software version using dig
or nslookup command remotely?
fpdns could guess that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to
On 10.01.12 15:04, Drunkard Zhang wrote:
I am designing a big deploy system, which will implement via DNS. The
demond is misc, one of them is conditionally resolve, which means that
if one CDN node near unavailable, or latency increased significantly,
no matter why, I want bind to give another se
On 01/10/2012 01:12 AM, Bostjan Skufca wrote:
Hi everyone,
is binding to all interfaces at once already supported in bind9? I know
named binds to each at-the-moment-available IP address but in HA
environment with virtual interfaces a "rndc reload" is necessary for
named to pick up a new interfac
22 matches
Mail list logo