On Fri, Sep 07, 2018 at 06:15:59PM +0200, Mark Elkins wrote:
> I kinda also wonder why the command simply doesn't output to stdout by
> default. The *only* reason I've ever run the command "rndc secroots" is
> to look at the output, that is, checking for the correct DNSKEY
> root-anchors - which I
I'm aware of: rndc managed-keys status
I'm also aware of: rndc secroots -
(a Hypen at the end of "rndc secroots" will send output to stdout)
I'm just not sure how long the 'hyphen' argument has been around for but
vaguely remember a similar discussion from long ago.
It looks like someone else
Mark Elkins wrote:
> I kinda also wonder why the command simply doesn't output to stdout by
> default.
Historical reasons :-) BIND 9.11 and later have `rndc managed-keys` which
is rather more user-friendly. I get the impression that the root rollover
guides are using `rndc secroots` because
I kinda also wonder why the command simply doesn't output to stdout by
default. The *only* reason I've ever run the command "rndc secroots" is
to look at the output, that is, checking for the correct DNSKEY
root-anchors - which I then need to use "cat" to see... if the file is
correctly created...
Hi Mark,
Dne 7.9.2018 v 10:49 Mark Elkins napsal(a):
> It would probably have been more helpful (speeded up finding the
> problem) if the error message "file 'named.secroots': permission denied"
> also gave the directory name that it was trying to write to? Just a thought.
> Sometimes we don't
Hi,
also a few notes to it.
Dne 7.9.2018 v 04:05 Brent Swingle napsal(a):
> This matter has been resolved with input from Evan. I was able to add a file
> path for secroots to the named.conf file and push the output file to a temp
> directory that was not permission restricted.
>
>
It would probably have been more helpful (speeded up finding the
problem) if the error message "file 'named.secroots': permission denied"
also gave the directory name that it was trying to write to? Just a thought.
Sometimes we don't see the obvious.
On 09/06/2018 10:58 PM, Brent Swingle wrote:
On Thu, Sep 6, 2018 at 5:56 PM John W. Blue wrote:
So that file is full of nothing but queries and no responses which, sadly, is
useless.
Run:
tcpdump -s0 -n -i eth0 port domain -w /tmp/domaincapture.pcap
You don't need all of the extra stuff because -s0 captures the full packet.
On
8 matches
Mail list logo
