Hi
I am running BIND 9.10 and I have looked through various options including
DLZ and RPZ but I am still not sure if they can do what I need or if i need
to look at something different. Here is my scenario and I would appreciate
if you could advice me.
- I do have 6 different Geo ACLs and a
Hello,
It helps only for dnssec-keyfromlabel tool that accepts -l parameter,
but for dnssec-signzone i didn't find any reference. And the main problem
is automatically internal signing with auto-dnssec.
On 08/04/15 18:21, Jeremy C. Reed wrote:
My question is about auto-dnssec feature that
In article mailman.1916.1428507901.26362.bind-us...@lists.isc.org,
William Clarke wcla...@simons-rock.edu wrote:
Barry,
Thanks you. I appreciate your response Barry. I'm fairly new to Bind and
DNS and have gotten a bit lost. Is there any way you can provide a
little more information for
Barry,
Thanks you. I appreciate your response Barry. I'm fairly new to Bind and
DNS and have gotten a bit lost. Is there any way you can provide a
little more information for me? Am I not correct in saying that I'm
already using TSIG keys in the include lines?
My question is about auto-dnssec feature that maintain zone by
internally signing RRs. How this feature will work without a PIN since
BIND needs access to private key when it needs to resign automatically
and i did't find a way to provide the PIN throught configuration files
?
Hi,
Does
WOW!!! Thank you so much Barry... external zone is now transferring.
Thank you thank you thank you...
William Clarke
ITS System Administrator
Bard College at Simon's Rock
84 Alford Road
Great Barrington, MA 01230
(413) 528-7428 (voice)
(413) 528-7405 (fax)
wcla...@simons-rock.edu
On 4/8/2015
Hello,
I'm trying to configure bind 9.10.2 to work with native pkcs#11 linked
to nShield Connect HSM.
When accesing keys in HSM a PIN code is required as keys are protected
by a softcard.
dnssec-keyfromlabel command accepts reading PIN from file (using
pin-source keyword),but others
like
In article mailman.1910.1428503936.26362.bind-us...@lists.isc.org,
William Clarke wcla...@simons-rock.edu wrote:
Resending because the message was over 40K... I removed most of the
internal\external zones and logs to shorten the message.
We have a split DNS chrooted master\slave setup
without having
to reload BIND. I want to keep it as dynamic as possible.
Any input please ?
Regards
-- next part --
An HTML attachment was scrubbed...
URL:
https://lists.isc.org/pipermail/bind-users/attachments/20150408/1b7aa0ee/attachment-0001.html
I have load balancers (I know, run away now) acting as authoritative
servers for a GSLB zone. The sub-zone is delegated properly from my
main zone which runs BIND. All my clients are using the BIND server
as their caching resolver.
Every once in a while, my mail server gets back a 'NOANSWER'
Hi Barry
I would rather not do that through editing text files unless it is the last
option. I want this dynamic and scalable . Down the road users will have
option to change their view as such simultaneous read/write might happen
Regards
On Apr 8, 2015 4:42 PM, Barry Margolin bar...@alum.mit.edu
I forgot to mention, this is on RHEL 6.6's package of bind, named -V
returned BIND 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2, so I don't
think 9.10's prefetch feature is involved.
On Wed, Apr 08, 2015 at 03:25:16PM -0400, Chuck Anderson wrote:
I have load balancers (I know, run away now) acting as
In article mailman.1922.1428521124.26362.bind-us...@lists.isc.org,
Chuck Anderson c...@wpi.edu wrote:
I have load balancers (I know, run away now) acting as authoritative
servers for a GSLB zone. The sub-zone is delegated properly from my
main zone which runs BIND. All my clients are using
[root@new-dns1 etc]# cat named.conf
zone 0.0.127.in-addr.arpa {
type master;
file db.127.0.0;
};
You're missing the directory directive, BIND doesn't know where your
files are.
Above the zone statement add:
directory /var/named;
On 8 April 2015 at 22:56, Reindl Harald h.rei...@thelounge.net wrote:
looks like you did not open port 53 on the servers firewall
You're missing a whole swaythe of required declarations for BIND to be
able to handle recursion.
There are numerous examples via google, first one that is returned
Ok, I corrected that and was able to restart named w/o any errors:
[root@new-dns1 etc]# service named restart
Stopping named:[ OK ]
Starting named:[ OK ]
[root@new-dns1 etc]#
Now, I should have a working
In message db674f946c0ead4fba6416e62b3321671b25f...@x2008mb3.infoblox.com,
Brian Alaimo writes:
sounds good. thanks
[Entire digest deleted]
Please trim your posts especially when you reading the list as a digest.
Please update the subject when you you are reading the list as a digest.
Prakash,
There certainly is infact i just came across the same issue. Find the latest
documentation for bind and search the pdf for format. It'll show you the
syntax, basically you need to add:
masterfile-format text;
to each view or you can specify it for each zone.
Example:
zone
On Wed, Apr 08, 2015 at 03:58:00PM -0400, Barry Margolin wrote:
In article mailman.1922.1428521124.26362.bind-us...@lists.isc.org,
Chuck Anderson c...@wpi.edu wrote:
1. On TTL expiry, BIND sends an 'ANY' query for the RR in question to
the authoritative servers for the zone (load
You have a file not found error. Specify the working directory
and where file names are relative to or use absolute file names.
options {
directory /var/named;
};
Mark
In message CAOqzdMruo=N33U5r5jh-93CRpqfek83uUy5182QCm_XfOm=0...@mail.gmail.com
, Samad Agha writes:
Hey Gurus,
In message calmep077vbgbupjgnylqzw2lfnk0xap8u9nmaym5mpztqr4...@mail.gmail.com
, Steven Carr writes:
On 8 April 2015 at 22:56, Reindl Harald h.rei...@thelounge.net wrote:
looks like you did not open port 53 on the servers firewall
You're missing a whole swaythe of required declarations for
On Wed, Apr 08, 2015 at 11:01:30PM +0100, Steven Carr wrote:
You're missing a whole swaythe of required declarations for BIND
to be able to handle recursion.
Not so. In fact named with an empty named.conf has built-in hints,
plus default settings, which makes it work fine.
The
On Thu, Apr 09, 2015 at 12:00:36AM -0400, William Clarke wrote:
Prakash,
There certainly is infact i just came across the same issue. Find the latest
documentation for bind and search the pdf for format. It'll show you the
syntax, basically you need to add:
masterfile-format text;
Hi,
Few days back, I configured Bind 9.10.1 as slave, it is working but getting
data in binary form. I have several zone files. I will have to compile each
file to get it
in txt form. There is any way to get all zone files in txt format as I was
getting in older versions.
Please
Hey Gurus,
I'm a newbie and am trying to set up the simplest DNS server, just a
working version, nothing fancy yet. Below is the steps I've taken already:
1- Set up my /etc/named.conf as follows:
[root@new-dns1 named]# cd /etc
[root@new-dns1 etc]# cat named.conf
zone 0.0.127.in-addr.arpa {
Dear Evan /William,
Thanks both you, It is working.
With best regards
Prakash
- Original Message -
From: Evan Hunt e...@isc.org
Date: Thursday, April 9, 2015 10:06 am
Subject: Re: configured bind 9.10.1 as slave gettting data in binary form
To: William Clarke
In article mailman.1925.1428526813.26362.bind-us...@lists.isc.org,
Chuck Anderson c...@wpi.edu wrote:
I will now go back to the load balancer vendor and see if they can
make it answer 'ANY' queries correctly.
Don't hold your breath. Load balancers have been notoriously inept DNS
servers for
Am 08.04.2015 um 23:52 schrieb Samad Agha:
Ok, I corrected that and was able to restart named w/o any errors:
[root@new-dns1 etc]# service named restart
Stopping named:[ OK ]
Starting named:[ OK ]
Hi All,
Problem is solved for now. Reindl Harald pointed out that my port 53 is not
open. Sure enough I went on the new dns server and issued the command
$service iptables stop, and all was working like a charm after that.
Thank you guys, seriously the service you have set up is so valuable for
Dear Clarke,
Thank you very much, it is working and getting data in txt form.
Regards
Prakash
On 04/09/15 09:31 AM, William Clarke wcla...@simons-rock.edu wrote:
Prakash,
There certainly is infact i just came across the same issue. Find the latest
documentation for bind
30 matches
Mail list logo
