On Mon, Jan 20, 2014 at 12:46 PM, Graham Clinch wrote:
> Thanks for the replies - and noticing the missing 'NS'!
>
> From my rather brain-busting afternoon reading, I believe this situation
> is covered by section 4.4 of RFC 6840, which requires a validator to ensure
> the NS type bit is set for a
In message , Tony
Finch writes:
> Graham Clinch wrote:
> >
> > I'm seeing a dnssec validation error that I can't pin down, for the domain:
> > newsletter.postbank.de.
>
> Looks like a bug in BIND to me. It works out that there is no DS in the
> parent then gets muddled. I note that postbank.de
On Jan 20, 2014, at 1:22 PM, Chris Buxton wrote:
>> Problem: This morning, by happenstance, both were rebooted a few minutes
>> apart and suddenly, nobody could access anything. Finally figured out that
>> named on both was not responding (queries timed out). Killed named (which
>> was immedi
On 01/20/2014 11:21 AM, Jim Pazarena wrote:
Thank you for this. I am familiar with the setup; I suppose that my
question was unclear.
Can the SAME named.conf handle BOTH the /24 cname assignments AND
the /25 in-addr.arpa records.
Which sounds like a dumb question, but I thought named may not li
In article ,
Jim Pazarena wrote:
> Thank you for this. I am familiar with the setup; I suppose that my
> question was unclear.
>
> Can the SAME named.conf handle BOTH the /24 cname assignments AND
> the /25 in-addr.arpa records.
>
> Which sounds like a dumb question, but I thought named may n
Let us know how that goes - never tried it, but it seems like it would
work - it's just going to trigger a lookup to itself for the other zone
I'd say.
-John
From: Jim Pazarena
To: bind-users@lists.isc.org
Date: 01/20/2014 02:21 PM
Subject:Re: classless ptr setup
Sent by:
On Jan 19, 2014, at 7:30 PM, houguanghua wrote:
> Would you please tell me which RFC depicts the policy of 'additional
> section'? and how bind server deals with 'additional section'?
>
> Sometimes the number of 'additional section' is more than numbe of
> 'authority section'. I don't know h
On Jan 17, 2014, at 6:45 PM, Larry Stone wrote:
> Background: I have been using my Macintosh as a server…
[…]
> Problem: This morning, by happenstance, both were rebooted a few minutes
> apart and suddenly, nobody could access anything. Finally figured out that
> named on both was not respond
Thank you for this. I am familiar with the setup; I suppose that my
question was unclear.
Can the SAME named.conf handle BOTH the /24 cname assignments AND
the /25 in-addr.arpa records.
Which sounds like a dumb question, but I thought named may not like it.
But I'll set it up and see if named c
In your zone file for the class c (x.y.z), you'd create a delegation like
this in the zone file:
; For 0-127
0/25 NS some.server.
0/25 NS some.other.server.
1 CNAME 1.0/25.z.y.x.in-addr.arpa.
2 CNAME 2.0/25.z.y.x.in-addr.arpa.
...
; For 128 on...
128/25 NS some.server.
128/
Hi--
On Jan 20, 2014, at 10:43 AM, Jim Pazarena wrote:
> I have a full /24, which I would like to separate into two /25's, and
> assign each half to two of my customers. The snag is that *I* maintain
> the DNS for each of these customers.
>
> Is it possible to create the classless setup within m
I have a full /24, which I would like to separate into two /25's, and
assign each half to two of my customers. The snag is that *I* maintain
the DNS for each of these customers.
Is it possible to create the classless setup within my system so that it
starts with the /24 but can assign the two cla
Hi List (& Chris & Tony),
What *does* matter is that the NSEC3 "proves" that there are no NS
records as well (as no DS ones) for newsletter.postbank.de (despite
the fact that the NS records are included in the referral). Note the
absence of opt-out in the NSEC3.
Thanks for the replies - and no
Hello,
We can't get working whitelist with rpz.
On a Ubuntu 12.04.4 LTS Server we have bind9 9.8.1-P1 and some rpz with
'policy CNAME xxx.xxx.xx' working fine. Now we have a whitelist with 'policy
No-Op' but the whitelist will be ignored.
Configs:
Response-policy {
zone "whitelist.rpz" po
On Jan 20 2014, Graham Clinch wrote:
I'm seeing a dnssec validation error that I can't pin down, for the
domain: newsletter.postbank.de.
Neither of http://dnsviz.net/ and
http://dnssec-debugger.verisignlabs.com/ report finding a problem, but
two (ubuntu packaged) versions of bind report a fa
Graham Clinch wrote:
>
> I'm seeing a dnssec validation error that I can't pin down, for the domain:
> newsletter.postbank.de.
Looks like a bug in BIND to me. It works out that there is no DS in the
parent then gets muddled. I note that postbank.de is in the middle of a
double-signature ZSK rollo
Hi List,
I'm seeing a dnssec validation error that I can't pin down, for the
domain: newsletter.postbank.de.
Neither of http://dnsviz.net/ and
http://dnssec-debugger.verisignlabs.com/ report finding a problem, but
two (ubuntu packaged) versions of bind report a failure validating the
delega
17 matches
Mail list logo