In article ,
Ben Croswell wrote:
> What you say is true, but the OP wasn't clear in who owned the record he
> wanted to override. I assumed it was someone else's or you would just
> change authoritative source that you own.
Of course. But it's still the case that you can configure your own
re
Hi,
We want to sign zones with bind using an HSM Luna PCI Safenet card.
The command 'dnssec- keyfromlabel' fails:
# /usr/local/sbin/dnssec-keyfromlabel -v 9 -E LunaCA3 -a RSASHA1 -l
KSK1-testdnssec -f KSK testdnssec.
dnssec-keyfromlabel: warning: ENGINE_load_private_key failed
dnssec-keyfroml
There is nothing that precludes you from having the same zone on different DNS
servers. You make each "authoritative" so that any look up that hits that DNS
server gets that server's records. You can then have separate entries for
some items and the same for others.
We do that here with at
Can you not delegate xyz.xyz.example.com to route 53 on your internal name
server?
--
Josh Smith
KD8HRX
Email/jabber: juice...@gmail.com
Phone: 304.237.9369(c)
Sent from my iPhone.
> On Feb 14, 2014, at 12:53 PM, Sarath wrote:
>
> Hi All,
>
> I have a situation where the same domain for ex
Sarath wrote:
>
> The internal xyz.example.com is on an internal host (private address )
> which is the default DNS server for all internal hosts (all hosts use
> this DNS server in their resolve.conf ) And the external xyz.example.com
> is on another public ip server (aws route 53 ).
>
> The prob
Hi All,
I have a situation where the same domain for example xyz.example.com is both
internal and external.
The internal xyz.example.com is on an internal host (private address ) which is
the default DNS server for all internal hosts (all hosts use this DNS server in
their resolve.conf ) And t
Are you trying to override the IP address locally, or are you just trying
to get the correct value into cache?
John
On Fri, Feb 14, 2014 at 8:52 AM, houguanghua wrote:
> Hi all,
> Bind provides rndc tools to operate the cache. But how to change a record
> in the cache. For example:
> to modify
What you say is true, but the OP wasn't clear in who owned the record he
wanted to override. I assumed it was someone else's or you would just
change authoritative source that you own.
On Feb 14, 2014 10:20 AM, "Barry Margolin" wrote:
> In article ,
> Ben Croswell wrote:
>
> > You can't modify
In article ,
Ben Croswell wrote:
> You can't modify cache. If that was allowed you could cache poison any
> domain you wanted.
"poisoning" refers to putting incorrect records into the cache of some
*other* server. If you operate the server itself, you can put anything
you want into its memor
You can't modify cache. If that was allowed you could cache poison any
domain you wanted.
On Feb 14, 2014 8:52 AM, "houguanghua" wrote:
> Hi all,
> Bind provides rndc tools to operate the cache. But how to change a record
> in the cache. For example:
> to modify origin record " *www.abc.com*
On 14 February 2014 13:52, houguanghua wrote:
> Who can tell me how to do?Thanks.
You can't and shouldn't need to edit the cache. All you can do is clear it.
If you want to change the response back to the client then look into
RPZ, however by doing so you may break DNSSEC validation and end up
n
Hi all,
Bind provides rndc tools to operate the cache. But how to change a record in
the cache. For example:
to modify origin record " www.abc.com A IN 219.142.3.1 " into "www
abc.com A IN 143.3.1.20".
I just know that using "rndc flush" to clear the cache, but don't know how to
modify
On 14 February 2014 12:01, Tony Finch wrote:
> Terry Burton wrote:
>> Is the following expected or is it a bug?
>
> It is correct. See RFC 4592 for the full explanation of how wildcards work.
For sake of Google...
RFC 4592 3.3.1 defines "The closest encloser is the node in the zone's
tree of ex
Terry Burton wrote:
>
> Is the following expected or is it a bug?
It is correct. See RFC 4592 for the full explanation of how wildcards work.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or mod
Hi,
Is the following expected or is it a bug?
All the best,
Terry
; This wildcard allows the lookup of "test.domain A":
;
*.domain IN A 1.2.3.4
;
; This TLSA record breaks the lookup of "test.domain A":
;
_443._tcp.test.domain IN TLSA 1 0 1
83cfeec8dbe315e9f93e9ec87beda3619033876f1f9672
15 matches
Mail list logo