Hello,
I am running bind 9.8 with GSS-TSIG on a SuSE Enterprise 11 PL 1 Server.
For my forward zones I have the following rules:
zonecp.test {
type master;
file forward/cp.test;
notify yes;
update-policy {
Hello,
i run bind 9.8.0-P1 with GSS-TSIG in a CHROOT-Enviroment without any errors
on our testsystem (SuSE Linux Enterprise 11)
I start it with the minus -g -d 10 option (and also without) and cant see
any errors. I tried it with strace -f and so far I can guess - no errors.
But when I stop
Hello,
I run bind 9.8 with GSS-TSIG in serveral domains with update-policy list for
secure updatesand all is working fine.
Before my bind was in a CHROOT enviroment. But with using GSS-TSIG it seems
to need a lot more libraries.
I tried to find them all with doing some straces but I do not
in the named.conf) do not work
One of the first things that was missed was dev/urandom for example.
Is there any one out that use a GSS-TSIG Bind WITH CHROOT-Enviroment?
thanx so far,
cheers,
Juergen
2011/5/23 Tony Finch d...@dotat.at
Juergen Dietl isclist...@googlemail.com wrote:
I run bind 9.8 with GSS
Hello,
I try to make an nslookup from the client. The server dont know the zone and
for this it should do recursion to another DNS-Server
options {
dump-file /var/log/named_dump.db;
notify-source xx.x.xxx.xxx port 53;
notify yes;
listen-on port 53 { xx.x.xxx.xxx;
Hello Phil,
thanx a lot for your help.
allow-recursion {any;}; .Works now.
allow-query {any;};
did also work.
Is this a new behavior? Because in 9.7.3 I dont have to allow querys.
thanx a lot,
cheers,
Juergen
2011/5/16 Phil Mayers p.may...@imperial.ac.uk
On 16/05/11 11:00, Juergen
...@isc.org
In message BANLkTim7k4KYxYoz=awj9mwtczvxb32...@mail.gmail.com, Juergen
Dietl
writes:
Hello Mark,
thanx for your anwer.
Your first sentence maybe help me to understand why this is the
client=B4s
credential that it needs in the rule:
WS-YBCL150939\$\@EXAMPLE.COM
So fist
Hello Mark
i am not that professional in bind. Normally I am a CISCO expert but now I
also do the bind for 6 months. I cannot imagine why this post should help
me.
What do this match-type external mean? I am not aware of running any
external daemon. Or was this just for the ACLs problem from
of Colorado at Boulder
On May 11, 2011, at 7:08 AM, Juergen Dietl wrote:
Hello,
and thanx for all your answeres.
I want to ask the question again in a shorter way:
If I look in the log the client tells the dns-server:
request has valid signature: WS-YBCL150939\$\@EXAMPLE.TEST
when
that the client
really only can update itsself?
Do you have a link where I can read more about the ms-self feature?
thanx a lot
cheers,
2011/5/12 Phil Mayers p.may...@imperial.ac.uk
On 12/05/11 09:33, Juergen Dietl wrote:
Hello Mark
i am not that professional in bind. Normally I am a CISCO
2011/5/12 Mark Andrews ma...@isc.org
I suggest that you look at the documentation for external and use
it.
Hello Mark,
thanx a lot for your explanation. One last question.
What do you mean with your sentence above? Do you mean that?:
+++
Hello,
i run GSS-TSIG on a SuSE Enterprise 11 Server using bind 9.8 latest version.
I have 3 domains:
example1.test
example2.test
example3.test
I created 3 keys and merge them with ktutil.
Now I want to use update policy:
For this I have the follwoing rule:
update-policy {
grant * subdomain
Hello,
and thanx for all your answeres.
I want to ask the question again in a shorter way:
If I look in the log the client tells the dns-server:
request has valid signature: WS-YBCL150939\$\@EXAMPLE.TEST
when I now put in the rule:
grant WS-YBCL150939\$\@EXAMPLE.TEST subdomain example.test.
Hello Mark,
thanx for your anwer.
Your first sentence maybe help me to understand why this is the client´s
credential that it needs in the rule:
WS-YBCL150939\$\@EXAMPLE.COM
So fist is the hostname then the slash makes the $-sign just to be a normal
letter and not variable for example, and the
Hello,
as far as I know I can only put one tkey-gssapi-credential in the
named.conf. Now at bind 9.8 there is something new:
* Added a tkey-gssapi-keytab option. If set, dynamic updates will be
allowed for any key matching a Kerberos principal
in the specified keytab file.
-- Forwarded message --
From: Juergen Dietl isclist...@googlemail.com
Date: 2011/4/13
Subject: Re: GSS-TSIG with a change root enviroment
To: Abdulla Bushlaibi abushla...@ies.etisalat.ae
Hello,
thanx for the -g hint. Now I see the same thing I saw yesterday in the
syslog
16 matches
Mail list logo