Re: how to modify the cache

In article , Ben Croswell wrote: > What you say is true, but the OP wasn't clear in who owned the record he > wanted to override. I assumed it was someone else's or you would just > change authoritative source that you own. Of course. But it's still the case that you can configure your own re

Using a HSM card to sign zone

Hi, We want to sign zones with bind using an HSM Luna PCI Safenet card. The command 'dnssec- keyfromlabel' fails: # /usr/local/sbin/dnssec-keyfromlabel -v 9 -E LunaCA3 -a RSASHA1 -l KSK1-testdnssec -f KSK testdnssec. dnssec-keyfromlabel: warning: ENGINE_load_private_key failed dnssec-keyfroml

RE: Same internal and external zone

There is nothing that precludes you from having the same zone on different DNS servers. You make each "authoritative" so that any look up that hits that DNS server gets that server's records. You can then have separate entries for some items and the same for others. We do that here with at

Re: Same internal and external zone

Can you not delegate xyz.xyz.example.com to route 53 on your internal name server? -- Josh Smith KD8HRX Email/jabber: juice...@gmail.com Phone: 304.237.9369(c) Sent from my iPhone. > On Feb 14, 2014, at 12:53 PM, Sarath wrote: > > Hi All, > > I have a situation where the same domain for ex

Re: Same internal and external zone

Sarath wrote: > > The internal xyz.example.com is on an internal host (private address ) > which is the default DNS server for all internal hosts (all hosts use > this DNS server in their resolve.conf ) And the external xyz.example.com > is on another public ip server (aws route 53 ). > > The prob

Same internal and external zone

Hi All, I have a situation where the same domain for example xyz.example.com is both internal and external. The internal xyz.example.com is on an internal host (private address ) which is the default DNS server for all internal hosts (all hosts use this DNS server in their resolve.conf ) And t

Re: how to modify the cache

Are you trying to override the IP address locally, or are you just trying to get the correct value into cache? John On Fri, Feb 14, 2014 at 8:52 AM, houguanghua wrote: > Hi all, > Bind provides rndc tools to operate the cache. But how to change a record > in the cache. For example: > to modify

Re: how to modify the cache

What you say is true, but the OP wasn't clear in who owned the record he wanted to override. I assumed it was someone else's or you would just change authoritative source that you own. On Feb 14, 2014 10:20 AM, "Barry Margolin" wrote: > In article , > Ben Croswell wrote: > > > You can't modify

Re: how to modify the cache

In article , Ben Croswell wrote: > You can't modify cache. If that was allowed you could cache poison any > domain you wanted. "poisoning" refers to putting incorrect records into the cache of some *other* server. If you operate the server itself, you can put anything you want into its memor

Re: how to modify the cache

You can't modify cache. If that was allowed you could cache poison any domain you wanted. On Feb 14, 2014 8:52 AM, "houguanghua" wrote: > Hi all, > Bind provides rndc tools to operate the cache. But how to change a record > in the cache. For example: > to modify origin record " *www.abc.com*

Re: how to modify the cache

On 14 February 2014 13:52, houguanghua wrote: > Who can tell me how to do?Thanks. You can't and shouldn't need to edit the cache. All you can do is clear it. If you want to change the response back to the client then look into RPZ, however by doing so you may break DNSSEC validation and end up n

how to modify the cache

Hi all, Bind provides rndc tools to operate the cache. But how to change a record in the cache. For example: to modify origin record " www.abc.com A IN 219.142.3.1 " into "www abc.com A IN 143.3.1.20". I just know that using "rndc flush" to clear the cache, but don't know how to modify

Re: BUG? Wildcard lookup masked by more specific record of alternative type

On 14 February 2014 12:01, Tony Finch wrote: > Terry Burton wrote: >> Is the following expected or is it a bug? > > It is correct. See RFC 4592 for the full explanation of how wildcards work. For sake of Google... RFC 4592 3.3.1 defines "The closest encloser is the node in the zone's tree of ex

Re: BUG? Wildcard lookup masked by more specific record of alternative type

Terry Burton wrote: > > Is the following expected or is it a bug? It is correct. See RFC 4592 for the full explanation of how wildcards work. Tony. -- f.anthony.n.finchhttp://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or mod

BUG? Wildcard lookup masked by more specific record of alternative type

Hi, Is the following expected or is it a bug? All the best, Terry ; This wildcard allows the lookup of "test.domain A": ; *.domain IN A 1.2.3.4 ; ; This TLSA record breaks the lookup of "test.domain A": ; _443._tcp.test.domain IN TLSA 1 0 1 83cfeec8dbe315e9f93e9ec87beda3619033876f1f9672