the testing from with this named.conf:
include /var/named/rdrop.blocks;
include /var/named/peak.blocks;
options {
directory /var/named;
pid-file /var/run/named/pid;
listen-on { 127.0.0.1; };
listen-on-v6 { ::1; };
allow-query {
127.0.0.1
On 4/18/12 10:46 AM, Carlos Ribas wrote:
Is your recursive resolver also authoritative for raindrop.us?
If so, you will not get the ad flag. You can
test with DNS-OARC resolver [1]:
# dig +dnssec +multiline @149.20.64.20 raindrop.us
Why would 149.20.64.20 return ad then? It's not
Because this IP has dnssec enabled and raindrop.us is signed :-)
Regards,
-
Carlos Eduardo Ribas
2012/4/18 Alan Batie a...@peak.org
On 4/18/12 10:46 AM, Carlos Ribas wrote:
Is your recursive resolver also authoritative for raindrop.us?
If so, you
Alan: Comments on your configuration file:
I believe that managed-keys... and zone . { type hint... are built into bind
9.9.0 recursive resolvers and therefore not needed. You can enable the built in
root trust anchor by changing dnssec-validation from yes to auto.
I think that listen-on {
On 4/18/12 11:14 AM, Spain, Dr. Jeffry A. wrote:
Alan: Comments on your configuration file:
I also forgot to remove the nameserver entries from resolv.conf after
installing bind. Sigh. Sorry to bother everyone...
Though I am still curious about this from the end of sigchase output:
Launch
Isn't the DS for the zone: . what the managed-keys clause provides?
Though putting it back in didn't make the warning go away, so I must be
missing something else here...
Any difference with dnssec-validation auto and removing the managed-keys and
root hint zone? Jeff.
Why would 149.20.64.20 return ad then? It's not authoritative either...
As I understand it, you need a dnssec-enabled recursive resolver to get an AD
flag returned. An authoritative-only server will never return an AD flag. Jeff.
___
Please visit
On 4/18/12 11:48 AM, Spain, Dr. Jeffry A. wrote:
Isn't the DS for the zone: . what the managed-keys clause provides?
Though putting it back in didn't make the warning go away, so I must be
missing something else here...
Any difference with dnssec-validation auto and removing the
Though I am still curious about this from the end of sigchase output:
Launch a query to find a RRset of type DS for zone: .
;; NO ANSWERS: no more
;; WARNING There is no DS for the zone: .
Isn't the DS for the zone: . what the managed-keys clause provides?
Now I think I see what you mean. It
On 4/18/12 12:18 PM, Spain, Dr. Jeffry A. wrote:
;; WARNING There is no DS for the zone: .
Isn't the DS for the zone: . what the managed-keys clause provides?
Now I think I see what you mean. It is my understanding that DS records exist
in parent zones and refer to child zones that are to
candidate includes fixes for all major defects reported
in inline signing and other features.
We prefer to give at least two weeks between the final RC and the release.
However, due to our use of improved code testing in our development process,
and that most of the inline signing bugs were
On 01/31/2012 16:06, Michael Graff wrote:
Some inline signing defects were resolved earlier this week, and we've
released 9.9.0RC2. This release candidate includes fixes for all major
defects reported in inline signing and other features.
I haven't seen a public announcement about this yet
-bounces+howard=leadmon@lists.isc.org] On Behalf Of Doug
Barton
Sent: Tuesday, January 31, 2012 9:15 PM
To: Michael Graff
Cc: bind-users@lists.isc.org
Subject: Re: BIND 9.9.0 RC2 -- call for testing
On 01/31/2012 16:06, Michael Graff wrote:
Some inline signing defects were resolved earlier
Please ignore. Internal test from ISC.
-Dan Mahoney
ISC Operations
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
isn't important,
even though nslookup tends to think it is.
In general, I'd recommend debugging/testing DNS lookups with a proper tool
like dig, and not nslookup which has a couple of snags which can easily
confuse more than it helps.
Regards
Eivind Olsen
Hi Eivind Olsen,
The command to did test is
/usr/local/nom/bin/resperf -d
/usr/local/nom/examples/dnsperf/queryfile-example-100thousand -s localhost -P
result.txt
queryfile-example-100thousand or queryfile-example-3million are provided by
Nominum. Each line on file is a input to query so
run with query 3-millions - maximum throughput ~ 16000 - named process ~ 600
MB
So named cache ramains ~ 600 Mb. although many times i run the testing command.
*** Now, what i want to know is, does resperf tool use the query which was used
in previous command. For Example: If query 1 run 65000
run with query 100-thousand - maximum throughput ~ 9000 - named
process ~ 450 MB
run with query 100-thousand - ran out query data errors
run with query 3-millions - maximum throughput ~ 9000 - named process
~ 400 MB
run with query 3-millions - maximum throughput ~ 16000 - named process
~ 500
test
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
This is a test. Please disregard.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Wed, Dec 17, 2008 at 12:36:44PM +0100,
Holger Honert holger.hon...@signal-iduna.org wrote
a message of 113 lines which said:
check out dig eith the zone-transfer option (man dig):
He asked for information about a DOMAIN NAME, which may or may not be
also a ZONE. If it is not a zone, zone
Hello Fred,
try
dig -t any domain.com @your-server
dig -t any domain.com @your-server +vc
and
dig --help
Regards
Peter
Fred Zinsli wrote:
Hello all
Well I have a basic setup going and it seems to function.
What I am wanting to know is, is there a way of getting all of the
Hi Fred,
check out dig eith the zone-transfer option (man dig):
The -t option sets the query type to type. It can be any valid
query type which is supported in BIND 9. The default
query type is A, unless the -x option is supplied to indicate a
reverse lookup. A zone transfer can
Hi Fred,
check out dig with the zone-transfer option (man dig):
The -t option sets the query type to type. It can be any valid
query type which is supported in BIND 9. The default
query type is A, unless the -x option is supplied to indicate a
reverse lookup. A zone transfer can
dig @nameserver zone axfr
For example:
dig @10.10.10.10 my.domain.com axfr
you need to allow zone transfer.
On Wed, Dec 17, 2008 at 1:50 AM, Fred Zinsli fred.zin...@shooter.co.nz wrote:
Hello all
Well I have a basic setup going and it seems to function.
What I am wanting to know is, is
Hello all
Well I have a basic setup going and it seems to function.
What I am wanting to know is, is there a way of getting all of the
information pertaining to a specific domain name.
Currently I am using nslookup and dig, but I only seem to get basic
information.
IE, dig domain.com only
101 - 126 of 126 matches
Mail list logo