Mark,
That looks like a nice format for it.
I'd still like to see named.conf mark some zones as
uneditable via rdnc, just in case I want to allow a
peer institution to add/remove zone where I'm the
secondary, I want some mechanism to prevent them from
accidently deleting zones I'm actually the
Hello.
I'm trying to figure out how can named be built with --enable-native-pkcs11
and run without the PKCS#11 provider library.
Our use-case is that given how OpenSSL does not support PKCS#11 properly,
we would like to use the the native-pkcs11 if using some HSM, but by default
run named
Tomas Hozza tho...@redhat.com wrote:
Right now it is not possible, and when named is built with
--enable-native-pkcs11
it can not run without HSM and some PKCS#11 provider library.
Would using SoftHSM solve your problem?
http://www.opendnssec.org/softhsm/
On Wed, Aug 06, 2014 at 05:14:53PM +0100, Tony Finch wrote:
Right now it is not possible, and when named is built with
--enable-native-pkcs11 it can not run without HSM and some PKCS#11
provider library.
Would using SoftHSM solve your problem?
http://www.opendnssec.org/softhsm/
- Original Message -
Tomas Hozza tho...@redhat.com wrote:
Right now it is not possible, and when named is built with
--enable-native-pkcs11
it can not run without HSM and some PKCS#11 provider library.
Would using SoftHSM solve your problem?
No. We don't want to install
- Original Message -
On Wed, Aug 06, 2014 at 05:14:53PM +0100, Tony Finch wrote:
Right now it is not possible, and when named is built with
--enable-native-pkcs11 it can not run without HSM and some PKCS#11
provider library.
Would using SoftHSM solve your problem?
Personally I'd like to extend UPDATE
allow-addzone { acl; };
allow-delzone { acl; };
e.g.
nsupdate
new zone
server addresss [port]
key name:secret
[masters list]
[allow-query acl]
[allow-transfer acl]
[allow-update acl]
On Wed, Aug 06, 2014 at 02:02:33PM -0400, Tomas Hozza wrote:
As far as I understand, without native-pkcs11 OpenSSL is used for crypto
operations if the provided PKCS#11 library did not support some operation, or
if the PKCS#11 provider library was not provided/was not available at all.
With
I manage a small group of cache only servers for an ISP. We run Bind 9.7 and
have noticed that several domains our customers would like to access are
unavailable from our cache servers. These same domains work on other provider
networks such as Verizon or Google.
What I have found is that
interesting, that is indeed wrong configured
http://www.intodns.com/losscontrol360.com
on the other hand all my recursive bind 9.9.4 nameservers
resolve it as well my homeserver which is using the caching
named on the office as forwarder
also the unbound instance running as caching server on
our
On 07/08/2014 06:03, Jared Empson wrote:
What our cache server receives:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 38342
;; flags: qr ; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1280
;; QUESTION SECTION:
Am 07.08.2014 um 00:33 schrieb Noel Butler:
Apart from stupid SOA values, losscontrol360.com seems OK
OK? the failing NS query is caused by the errors below
this domain only works by luck from time to time
[harry@srv-rhsoft:~]$ dig NS losscontrol360.com
; DiG 9.9.4-P2-RedHat-9.9.4-15.P2.fc20
You are in fact correct Harry, I never bothered with a whois, had I done
so I would have picked it up, put it down to too early in the morning,
so this problem is out of Jared's control, unless he also manages that
domain.
Ohh and nice to see you are actually behaving yourself on this list :)
In message 3a1ebfdb-a033-4e07-be61-9f6ba6916...@zitomedia.com, Jared Empson w
rites:
I manage a small group of cache only servers for an ISP. We run Bind 9.7
You run BIND 9.7.0 and haven't applied any of the maintainence releases
to BIND 9.7.
and have noticed that several domains our
Jared Empson
Systems Administrator
Zito Media
814.260.9450
On Aug 6, 2014, at 7:28 PM, Mark Andrews ma...@isc.org wrote:
In message 3a1ebfdb-a033-4e07-be61-9f6ba6916...@zitomedia.com, Jared Empson
w
rites:
I manage a small group of cache only servers for an ISP. We run Bind 9.7
-users/attachments/20140806/fb91d94d/attachment-0001.bin
--
Message: 3
Date: Thu, 07 Aug 2014 08:33:28 +1000
From: Noel Butler noel.but...@ausics.net
To: bind-users@lists.isc.org
Subject: Re: ISP caching server setup
Message-ID: a9847490b6c454bd815621f7818b6
I have a server that is only running bind 9.8.2 (Centos 6.5). It has
2Gb memory and free reports ~1.7Gb used.
I am looking at replacing this server with an armv7 board running
Redsleeve (until Centos 7 is out and stable for armv7). I have a choice
of boards, one with 1Gb memory ($60) and
I have upgrade the bind version on one of my cache servers to 9.9.5. This has
resolved the issue of non-authoritative responses not being passed on to
clients.
Thank you for your assistance.
Jared Empson
Systems Administrator
Zito Media
814.260.9450
On Aug 6, 2014, at 8:45 PM, Jared Empson
On Thu, Aug 7, 2014 at 10:39 AM, Robert Moskowitz r...@htt-consult.com wrote:
I have a server that is only running bind 9.8.2 (Centos 6.5). It has 2Gb
memory and free reports ~1.7Gb used.
I am looking at replacing this server with an armv7 board running Redsleeve
(until Centos 7 is out and
19 matches
Mail list logo