Re: Help with dig to check NS servers for DNSSEC setup

2011-11-15 Thread Sam Wilson
In article mailman.90.1321303169.68562.bind-us...@lists.isc.org, Eduardo Bonsi beart...@pacbell.net wrote: I am checking my DNS setup from inside using dig and I am getting everything ok but I need a second opinion from outside of the server to see if my ns1 and ns2 are responding ok to

Help with dig to check NS servers for DNSSEC setup

2011-11-14 Thread Eduardo Bonsi
I am checking my DNS setup from inside using dig and I am getting everything ok but I need a second opinion from outside of the server to see if my ns1 and ns2 are responding ok to setup DNSSEC. Thanks! user:~ user1$ dig bonsi.org ; DiG 9.6-ESV-R4-P3 bonsi.org ;; global options: +cmd ;;

RE: Help with dig to check NS servers for DNSSEC setup

2011-11-14 Thread Adamiec, Lawrence
Here are some results using the same commands you used. # dig bonsi.org ; DiG 9.6.1-P3 bonsi.org ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 1462 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;bonsi.org.

RE: Help with dig to check NS servers for DNSSEC setup

2011-11-14 Thread lst_hoe02
Zitat von Adamiec, Lawrence ladam...@kentlaw.edu: Here are some results using the same commands you used. # dig @63.200.45.18 ns1.bonsi.org soa ; DiG 9.6.1-P3 @63.200.45.18 ns1.bonsi.org soa ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status:

Re: Help with dig to check NS servers for DNSSEC setup

2011-11-14 Thread Stephane Bortzmeyer
On Mon, Nov 14, 2011 at 12:38:44PM -0800, Eduardo Bonsi beart...@pacbell.net wrote a message of 123 lines which said: if my ns1 and ns2 are responding ok to setup DNSSEC. ... user:~ user1$ dig bonsi.org dig, by default, does not request DNSSEC data. If you want to test with DNSSEC, add

Re: Help with dig to check NS servers for DNSSEC setup

2011-11-14 Thread Eduardo Bonsi
Since my servers are getting status refused from outside, could someone shine me a light what is wrong here? Here is a copy of my named conf file for the master. Thanks! // // Include keys file key rndc-key { algorithm hmac-md5; secret yyxx-not-the-real-key-xmc/xxx/z/x==;

Re: Help with dig to check NS servers for DNSSEC setup

2011-11-14 Thread Barry Margolin
In article mailman.95.1321308136.68562.bind-us...@lists.isc.org, Eduardo Bonsi beart...@pacbell.net wrote: Since my servers are getting status refused from outside, could someone shine me a light what is wrong here? Here is a copy of my named conf file for the master. You have the same

Re: Help with dig to check NS servers for DNSSEC setup

2011-11-14 Thread Eduardo Bonsi
Barry; Thanks, I fixed that! I am also not sure if that will help with the server fail or status refused issue when checked from outside. Eduardo On 11/14/11 6:58 PM, Barry Margolin wrote: In articlemailman.95.1321308136.68562.bind-us...@lists.isc.org, Eduardo Bonsibeart...@pacbell.net