On Thu, 19 Dec 2013, Evan Hunt wrote:
You're using inline-signing? Which server do you have doing the signing?
Only the master has 'auto-dnssec maintain' in the zone config.
Name servers can get out of sync because the slaves haven't refreshed
recently, but in that case I would expect the m
On Wed, Dec 18, 2013 at 08:06:22PM -1000, Antonio Querubin wrote:
> Currently the serial numbers are all in sync. What I don't understand is
> what condition cause them to get out of sync (ie. the slave's serial
> number exceeds the master's serial number).
You're using inline-signing? Which s
On Wed, 18 Dec 2013, Alan Clegg wrote:
On Dec 18, 2013, at 11:05 AM, Antonio Querubin wrote:
Is there a way to keep the serial numbers synced between the primary
and slaves for auto-maintained zones? Every once in a while the
primary and slaves somehow get out of sync and the logs start
ge
I'm soory. not DLG, but DLZ.
> Date: Thu, 19 Dec 2013 03:07:44 +
> Subject: Re: missing ‘additional section’
> From: sjc...@gmail.com
> To: houguang...@hotmail.com
> CC: bind-users@lists.isc.org
>
> On 19 December 2013 00:48, houguanghua wrote:
> > If DLG isn't enabled (bind9+view + zone fi
On 19 December 2013 00:48, houguanghua wrote:
> If DLG isn't enabled (bind9+view + zone file , no DB is used), the
> additional section is right. Maybe it's a bug of Bind DLG.
What is DLG?
> What I wanted is as follows :
> $ dig @10.3.103.177 www.ctyun.cn
> ; <<>> DiG 9.6-ESV-R10-P1 <<>> @10.3.
If DLG isn't enabled (bind9+view + zone file , no DB is used), the additional
section is right. Maybe it's a bug of Bind DLG.
What I wanted is as follows :
$ dig @10.3.103.177 www.ctyun.cn
; <<>> DiG 9.6-ESV-R10-P1 <<>> @10.3.103.177 www.ctyun.cn
; (1 server found)
;; global options: +cmd
;; Got
> You can look at the sequence of changes to the signed zone by using
>
> dig ixfr=2013120400 adi.com @[yourauthserver]
>
> or by applying named-journalprint to the .signed.jnl file, unless the
> journal has been pruned as a result of exceeding the max-journal-size
> setting. But this won't te
On Dec 18, 2013, at 11:05 AM, Antonio Querubin wrote:
> Is there a way to keep the serial numbers synced between the primary and
> slaves for auto-maintained zones? Every once in a while the primary and
> slaves somehow get out of sync and the logs start generating error messages
> about the
On 18 December 2013 15:19, houguanghua wrote:
>
> When I do a DIG, ‘additional section’ isn’t in the response. My bind
> environment is: bind 9.8.6P1 + mysql (OS: Centos).
>
> Is there any way to enable the Additional Section? Thanks.
>
What are you expecting to see in the additional section?
Yo
* Matus UHLAR - fantomas [2013-12-18 09:46:33 +0100]:
> On 17.12.13 17:05, Davis, Donald W wrote:
> >Sorry if this is the wrong forum for a Windows question.
>
> not for a windows questions...
>
> >Can clearing the Cache on Windows Domain Controller DNS server have any
> >impact on forwarding,
Is there a way to keep the serial numbers synced between the primary and
slaves for auto-maintained zones? Every once in a while the primary and
slaves somehow get out of sync and the logs start generating error
messages about the mis-match. The mis-match also gets noticed by various
DNS sani
Thomas Schulz wrote:
> Checking the resulting serial number, I find that it is 2013120423. The
> serial number in the static zone file is 2013120400. Why did it bump it
> up to 23? I expected something like 02.
Have a look at the sig-signing-signatures option which says (by default)
that named s
On Dec 18 2013, Alan Clegg wrote:
On Dec 18, 2013, at 10:17 AM, Thomas Schulz wrote:
I have a question about the serial number as modified by inline signing.
I have a static zone, adi.com, that I am setting up for dnssec. I added
inline-signing yes;
key-directory "dnssec";
On Dec 18, 2013, at 10:17 AM, Thomas Schulz wrote:
> I have a question about the serial number as modified by inline signing.
> I have a static zone, adi.com, that I am setting up for dnssec. I added
>inline-signing yes;
>key-directory "dnssec";
>auto-dnssec maintain;
> t
Dear all,
When I do a DIG, ‘additional section’ isn’t
in the response. My bind environment is: bind 9.8.6P1 + mysql (OS: Centos).Is
there any way to enable the Additional
Section? Thanks.
$dig @10.3.103.178 www.ctdns.cn
; <<>> DiG 9.6-ESV-R10-P1
<<>> @10.3.103.178 www.ctdns.cn; (1 server
missing ‘additional section’
Dear all,
When I do a DIG, ‘additional section’ isn’t
in the response. My bind environment is: bind 9.8.6P1 + mysql (OS: Centos).Is
there any way to enable the Additional
Section? Thanks.
$dig @10.3.103.178 www.ctdns.cn
; <<>> DiG 9.6-ESV-R10-P1
<<>> @10.3.103
I have a question about the serial number as modified by inline signing.
I have a static zone, adi.com, that I am setting up for dnssec. I added
inline-signing yes;
key-directory "dnssec";
auto-dnssec maintain;
to my named.conf file after generating the keys and then did a r
On 17.12.13 17:05, Davis, Donald W wrote:
Sorry if this is the wrong forum for a Windows question.
not for a windows questions...
Can clearing the Cache on Windows Domain Controller DNS server have any
impact on forwarding, even if only for a few seconds?
but surely for windows DNS question
18 matches
Mail list logo
