Eventually, if you have done the parent delegations (through where you register
your zone) and have updated the new NS records to point only to the new spot,
the old zone will only be used by that provider, and nowhere else. So, if com
points to the new set of name servers, and example.com has
On Jun 13, 2012, at 5:02 PM, Dan Letkeman wrote:
I understand the concept, as I have read many documents like that. I
am more interested in a real world example of how much free memory for
caching is recommended for an average server.
Dan.
It depends on many things, but what I'd do to
have 8GB RAM. I don't know if its better to
start with 1GB (1/8th of RAM)?
thanks
blr
On Thu, May 31, 2012 at 8:17 PM, Michael Graff mgr...@isc.org wrote:
Hmm, I don't quite think this is a good idea. BIND 9 (since 9.5) manages
memory quite well, but it will happily consume all you have
Hmm, I don't quite think this is a good idea. BIND 9 (since 9.5) manages
memory quite well, but it will happily consume all you have and go into swap.
I'd set it high enough (on a dedicated machine) to use plenty of RAM, but low
enough to not cause other OS components to swap out or BIND
Some signature methods require this, some do not. RSA should not (in general)
but RSA encryption in practice may. Signing is different, in that you know
both halves (encrypted and cleartext) so it should not require padding.
I think DSA does require randomness in signing.
--Michael
On May
more than 4k will exceed the default settings for EDNS0 UDP responses.
If you dig @ your server, with +tcp, do you get a reply? If not, perhaps you
are not allowing TCP connections to port 53?
What error you are getting may be of help.
--Michael
On Feb 29, 2012, at 1:20 PM, Darvin Denmian
to help me :)
Regards!
On Wed, Feb 29, 2012 at 4:25 PM, Michael Graff mgr...@isc.org wrote:
more than 4k will exceed the default settings for EDNS0 UDP responses.
If you dig @ your server, with +tcp, do you get a reply? If not, perhaps
you are not allowing TCP connections to port 53
It is a known issue, and is indeed a bug. We're working on it already, so stay
tuned.
--Michael
On Feb 14, 2012, at 12:44 PM, Alex wrote:
Hi,
I have a fedora16 x86_64 box and named keeps dying with an assertion failure:
14-Feb-2012 13:24:41.137 general: critical: rbtdb.c:1619:
Key management (and how BIND 9 in the form of named handles issues like this)
is likely too large a topic to address before 9.9.0 is out. I don't think the
management has gotten worse from 9.8 to 9.9 though.
We're hoping to make key management the next major focus area in bind 9, now
that we
As Evan mentioned earlier, we are coming close to releasing a final BIND 9.9.0.
It's scheduled to go to our Forum members on the 7th of February and as a
public release about a week later.
Some inline signing defects were resolved earlier this week, and we've released
9.9.0RC2. This release
This is one of the reasons we are doing things differently in BIND 10. BIND 9
had some early stuff (under doc directory) but it was never fully fleshed out.
--Michael
On Jan 26, 2012, at 10:58 AM, Cong Guo wrote:
Hello,
How can I get the design documents of Bind9, like the ones for
You want BIND 9.9 (currently 9.9.0rc1) with inline signing. This will do
exactly what you want, I think.
--Michael
On Jan 11, 2012, at 9:31 AM, Howard Leadmon wrote:
OK, in an attempt to start using DNSSEC over here, I suppose I bit myself
in the backside, and even spending some time
ISC is also, by pure luck, offering a web seminar on inline signing in BIND 9.9
today. While the first one starts in 15 minutes as I write this message, there
are a total of three sessions today.
Head on over to http://www.isc.org/webinar to find out the times and
information on how to join.
I see many valid IP addresses in your list. But that said, are the responses
going back large individually, or is it the number of them that is large?
If you think this is attempting to crash the server with a single large answer,
that's different than if your server is getting a lot of
On Nov 18, 2011, at 4:44 AM, G.W. Haywood wrote:
Never in several machine decades have I had to do anything like that
for BIND. The fact that people are even talking about it is of some
concern to me. Twice in approximately the last month I have had one
particular server go down for no
believe the daemon
checks once every 100ms or so.
--Michael
On Dec 1, 2011, at 5:17 AM, Jan-Piet Mens wrote:
On Wed Nov 30 2011 at 20:45:30 CET, Michael Graff wrote:
For my VM environment, I bought a USB random source, and share it
across the VMs with a little daemon I wrote.
Would you
On Nov 30, 2011, at 4:09 AM, Matus UHLAR - fantomas wrote:
On 11/29/2011 11:33 PM, Chris Thompson wrote:
I wonder if an external tool to trim the journal would be an option? You'd
need a timestamp on records (relying on the RRSIGs mean it only works for
signed). Not sure about the locking
On Nov 30, 2011, at 3:01 AM, Torsten Segner wrote:
In RHEL there is a RPM package called unuran.
It's a random number generator daemon using either a piece of hardware or
/dev/urandom as source. Running this will provide enough entropy to create
lots of keys.
I'd be rather wary of keys
Hello 张海阔,
I've opened a bug ticket for this one. I don't know that bind-users is a good
place to continue discussions, but consider perhaps bind-workers (which is more
for coders).
I'll send you a link to the bug in separate message.
--Michael
On Nov 30, 2011, at 6:09 AM, 张海阔 wrote:
Do you see that each time named starts or just on the first load of the zone?
What happens if you send a query to the server with dig +dnssec?
On Nov 10, 2011, at 14:23, McConville, Kevin kmcconvi...@albany.edu wrote:
I know that this isn’t the forum for betas, which is why I put off-topic
Are you saying you cannot compile from source, or that you must use the vendor
supplied version of bind?
On Nov 7, 2011, at 10:04, Aleksander Kurczyk aleksanderkurc...@o2.pl wrote:
I'm using Mac OS X 10.4.11 Tiger on G4 400 MHz PPC Mac and BIND 9.7.4 is the
last version that I'm able to use.
I opened a ticket on Tony's behalf so we can track the crash problem and the
other defects he mentioned. As I told him there, the master functionality is
still a work in progress, and the code's not there yet. Soon.
Thank you Tony for giving this a try as an alpha! Your time is appreciated.
On Sep 29, 2011, at 4:06 PM, Bill Owens wrote:
I've obviously been asleep and not following along with the announcements of
new features in BIND 9.9 until today
I'm happy you read it, and hope to see you at the forum/customer webinar next
week! I'll be speaking, and will bring my fireproof
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2011-09-28 9:36 AM, feralert wrote:
Thanks Jeff,
But I really only wrote that as an example :) . The real question
is what is best or what is recommended, two A RR (one for domain,
one for www) or a single A RR for domain and a CNAME RR for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2011-08-30 12:06 PM, Klaus Darilion wrote:
Unfortunately I fail to find the options where I can configure the
number of retransmissions, timeouts and number of transactions -
please give me some hints.
I don't believe there are external knobs
Yes. It is correct behavior.
There is no revoke method for a publisher. I don't think adding one would be
wise.
--Michael (from an iPhone)
On Aug 17, 2011, at 7:18, Marc Lampo marc.la...@eurid.eu wrote:
Hello,
Experimenting with key roll-over timing conditions,
with a Bind 9.7.3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I am very interested in hearing what you are looking for. I have some
thoughts about performance measurements, mostly to answer the age-old
question, Are my servers working well?
Would you release the patches, and if so, would you be willing to work
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2011-07-14 2:28 PM, Chris Thompson wrote:
So is there anything that could go wrong if the style sheet reference *was*
relative rather than absolute?
Not that I can see. It's probably that we never considered that use case.
Send in a bug
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 6/29/11 8:19 AM, Eivind Olsen wrote:
Really? I thought you said the 64 bit server had a CPU with 1.6GHz cores,
and the 32 bit server had 2.33GHz cores?
Benchmarking on different machine types, even if they are identical
speed, can be affected by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We've been working on the start-up time of BIND 9, when many many zones
are configured.
By many, I mean in the 10k to 1m range.
If you are someone who has a large number of zones loaded into BIND 9,
and would like to try out some test code to see if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 6/29/11 9:08 AM, Sven Eschenberg wrote:
Maybe some bind developer can shed a light on this:
Does bind use epoll()?
AIO (as in Posix RT extensions)
BIND 9 uses epoll() I believe, but AFAIK does not touch AIO. I've not
touched that code
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 6/29/11 9:16 AM, iharrathi@orange-ftgroup.com wrote:
Do i have to use bind compiled and running on 32 bit server to have
better performance rather than bind compiled and running on 64 bit server?
No matter what, what gets you the best
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 6/29/11 3:00 PM, Sven Eschenberg wrote:
One thing that just popped up my mind:
Does it increase performance, when you, let's say, bind multiple IPs to
the same NIC and make bind listen to all of those IPs, while of course
taking care to fix the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 6/29/11 4:28 PM, Sven Eschenberg wrote:
P.S.: If all parts of bind were optimized towards multicore processing and
the pattern of queries fits, yes, then the 8 core machine could probably
outrun the 4 core machine, even when having a slower
34 matches
Mail list logo