Re: Operation Cancelled Error

2012-07-12 Thread Carsten Strotmann (private)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Ben, On 7/12/12 10:32 AM, Ben wrote: Still, my question is open.. I'm not from ISC, but I have an idea what causes this (but I'm not an authoritative source). You can look up the BIND source code. Every caching DNS Server (BIND or other

Re: BIND, DNSSEC AD

2012-06-30 Thread Carsten Strotmann (private)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello John, On 6/29/12 4:52 PM, John Williams wrote: The purpose behind this is not to protect the internal AD DNS from hijacking. But rather to allow internal clients to run DNSSEC related queries without having to reference external resolvers.

Re: Understanding cause of DNS format error (FORMERR)

2012-06-24 Thread Carsten Strotmann (private)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Gabriele, On 6/24/12 5:57 AM, Gabriele Paggi wrote: Hello Carsten, Thanks for your reply! about the FORMERR. This might be caused by a Firewall or other middlebox that truncates the large answer containing the NS record set for this

Re: Understanding cause of DNS format error (FORMERR)

2012-06-24 Thread Carsten Strotmann (private)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Jeffry, On 6/22/12 1:25 PM, Spain, Dr. Jeffry A. wrote: From what I observed I would conclude that dns11.one.microsoft.com is a Windows DNS server since it behaves like mine except for the AA flag not being set in theirs. It might even be a

Re: Understanding cause of DNS format error (FORMERR)

2012-06-24 Thread Carsten Strotmann (private)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, On 6/24/12 10:07 AM, Carsten Strotmann (private) wrote: It might even be a new Windows 2012 DNS server, and it might be an issue with this new version. This is just speculation, but if it is an issue with Windows 2012 DNS, it might

Re: Understanding cause of DNS format error (FORMERR)

2012-06-23 Thread Carsten Strotmann (private)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Gabriele, On 6/22/12 11:22 AM, Gabriele Paggi wrote: I'm a BIND novice and I'm trying to understand what causes my BIND9 resolver (bind97-9.7.0-10.P2) to return an error when queried for the A record of

Re: Understanding cause of DNS format error (FORMERR)

2012-06-23 Thread Carsten Strotmann (private)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Gabriele, On 6/22/12 11:22 AM, Gabriele Paggi wrote: I'm a BIND novice and I'm trying to understand what causes my BIND9 resolver (bind97-9.7.0-10.P2) to return an error when queried for the A record of

Re: MS AD 2008R2 and bind

2012-01-03 Thread Carsten Strotmann (private)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Christian, On 1/3/12 11:00 AM, Melbinger Christian wrote: So this is presumably not a problem of the bind servers themselves, but still, does anyone have an idea how to get rid of the error messages? Anyone know the checkbox to unset? I

Re: rndc addzone|delzone

2012-01-01 Thread Carsten Strotmann (private)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 1/1/12 1:18 PM, DNSbed.com wrote: On Sun, 1 Jan 2012 13:05:41 +0100, Jan-Piet Mens jpmens@gmail.com wrote: Has anyone tried the new features of rndc addzone|delzone with BIND-9.7? Will the zone added|deleted get transfered between master

Re: rndc reload has no effect?

2011-12-31 Thread Carsten Strotmann (private)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/31/11 8:09 AM, Ken Peng wrote: Today I setup a new name system, BIND 9.7.3 with multi-views, zone transfer are going based on different TSIG-Keys. I have found a strange problem that when I edited the zone file, anded a record, increased

Take your DNSSEC with a grain of salt ...

2011-12-31 Thread Carsten Strotmann (private)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, because it was a recurring question in the ISC/Men Mice DNSSEC trainings this year, I've taken some time to write down my knowledge on NSEC3 use of the salt and iteration parameters: