Re: verifying bind-9.10.0 download

2014-05-05 Thread mm half 


Thanks Evan.  Corrupted downloads.  Had to change the default gateway to get a 
valid source download. 

On Friday, May 2, 2014 9:07 PM, Evan Hunt  wrote:
 
On Fri, May 02, 2014 at 05:50:45PM -0700, mm half wrote:
> I have downloaded bind-9.10.0.tar.gz from the ISC download site, imported in 
> the pgpkey2013.txt located at:   
> https://www.isc.org/downloads/software-support-policy/openpgp-key/ , and 
> can't seem to get any of the signature files to pass the verify test using 
> gpg :
> 
> 
> gpg --verify bind-9.10.0.tar.gz.asc bind-9.10.0.tar.gz
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: Signature made Tue Apr 29 16:12:28 2014 EDT using RSA key ID 189CDBC5
> gpg: BAD signature from "Internet Systems Consortium, Inc. (Signing key, 
> 2013) "

Works fine for me.  Check the fingerprint on the tarball, it should be:

SHA256(bind-9.10.0.tar.gz)=
acc2f5cc58c121f927e02c23e7e3e2e4876139eaac4a9df71800d4a38917c887

-- 
Evan Hunt -- e...@isc.org

Internet Systems Consortium, Inc.___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to setup a backup NameServer?

2014-05-05 Thread houguanghua 
kevin,
 
It sounds not a bad idea. Thanks a lot.
 
Backup server's delay can be added by manually. Thus in normal situation, the 
'backup' server is seldom visited.
 
Thanks all of you.
 
Guanghua

> Date: Sun, 04 May 2014 14:06:23 -0400
> From: Kevin Darcy 
> To: bind-users@lists.isc.org
> Subject: Re: How to setup a backup NameServer?
> Message-ID: <5366819f.7030...@chrysler.com>
> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
> 
> Forwarder selection has been based on RTTs for quite a while now. So, if 
> what you're trying to protect against is your "primary" forwarders being 
> DoS'ed, why not just define your "primary" and "backup" forwarders in 
> the same forwarder list? Due to RTT calculations, the "backup" 
> forwarders would normally not be used (much), if they're slower, but in 
> the DoS scenario, the queries would automatically fail over.
> 
> If your "backup" forwarders are *not* significantly slower than your 
> "primary" ones, then *all*the*more*reason* for them to be in the 
> forwarder list, in order to provide ongoing DoS protection. (Unless 
> they're more expensive to use, perhaps? In that case, you might want 
> into some sort of rate-limiting-based and/or load-balancer-based solution).
> 
>  - Kevin
> 
> On 5/3/2014 9:15 PM, houguanghua wrote:
> > Dave,
> >
> > sorry for the delay reply.
> >
> > These zones are not owned by ISP, such as: yahoo.com, facebook.com...
> > If such backup dns server is ready, ISP will talk to these WEB sites 
> > to keep synchronization with their authority NSs.
> > It's maybe a huge project.
> >
> > Thanks,
> > Guanghua hou
> >
> >
> > >
> > > Message: 1
> > > Date: Tue, 29 Apr 2014 22:08:22 -0700
> > > From: Dave Warren 
> > > To: bind-users@lists.isc.org
> > > Subject: Re: How to setup a backup NameServer?
> > > Message-ID: <53608546.4050...@hireahit.com>
> > > Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
> > >
> > > On 2014-04-29 18:50, houguanghua wrote:
> > > > A lot of zones will be supported. All popular zones in the ISP.
> > > > Maybe the best solution is to hire some custom programming to develop
> > > > private system.
> > >
> > > How will you obtain copies of "all popular zones"? Are you just talking
> > > about zones you host, or things like Google?
> > >
> > > --
> > > Dave Warren


  ___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users