Re: installation issues
Rajesh M <24x7ser...@24x7server.net> wrote: > > however after installation i am getting the same error as earlier > > The ISC BIND service failed to start due to the following error: > ISC BIND is not a valid Win32 application. Googling for the error message produces this KB article: https://support.microsoft.com/en-us/kb/812486 Tony. -- f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode Fair Isle: Cyclonic at first in northwest, otherwise southeasterly 4 or 5, backing northeasterly 5 or 6. Slight or moderate. Mainly fair. Good, occasionally poor. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
playing with 9.10.3/Keyper+ and ECDSA
Hi, I was wondering if some of you have already did some experiments with 9.10.3 and the AEP Keyper+ (openssl-1.01l patched) in order to create ECDSA keys and sign zone. I was surprised I was able without issues to create key objectss in the HSM with command : > pkcs11-keygen -a ECDSAP256SHA256 -p -l TESTECC1 but when I try to create keys from this key objects, I have an unexpected message: > dnssec-keyfromlabel -a ECDSAP256SHA256 -l TESTECC1 -E pkcs11 test dnssec-keyfromlabel: fatal: failed to get key test/ECDSAP256SHA256: algorithm is unsupported It is strange it is supported by pkcs11-keygen but not by dnssec-keyfromlabel. This is the only algorithm with that kind of behaviour. This is my first test with ECDSA, am I missing something ??? If I don't use the Keyper+, I can create ECDSA keys and sign zones with that keys, strange isn't it ? Regards. Vincent. -- Vincent Levigneron A.F.N.I.C. vincent.levigne...@nic.fr ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND 9.11 / edns-client-subnet
Hi everyone, I was wondering whether some folks on the mailing list had a look at the ECS implementation in BIND 9.11, and if they had any feedback to share? Cheers, -- Nico ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.11 / edns-client-subnet
On Mon, May 09, 2016 at 04:38:13PM +0200, Nico CARTRON wrote: > I was wondering whether some folks on the mailing list had a look at the ECS > implementation in BIND 9.11, > and if they had any feedback to share? Perhaps you should tell us how it works for you, what your testing has found, and contribute to the development of great open source software? Thanks! Bert ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.11 / edns-client-subnet
Hi Bert, On 9 May 2016 at 17:11:54, bert hubert (bert.hub...@netherlabs.nl) wrote: On Mon, May 09, 2016 at 04:38:13PM +0200, Nico CARTRON wrote: > I was wondering whether some folks on the mailing list had a look at the ECS > implementation in BIND 9.11, > and if they had any feedback to share? Perhaps you should tell us how it works for you, what your testing has found, and contribute to the development of great open source software? well, I am just starting the tests now, so cannot tell - yet :) I will definitely report once I have progressed, but in the meantime, any feedback from others would be appreciated. BTW Bert, does PowerDNS support it? ;) I saw (https://github.com/PowerDNS/pdns/issues/573) that’s it’s on git master, does that mean it’s publicly available? Cheers, -- Nico___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.11 / edns-client-subnet
On Mon, May 09, 2016 at 05:24:50PM +0200, Nico CARTRON wrote: > > Perhaps you should tell us how it works for you, what your testing has > > found, and contribute to the development of great open source software? > well, I am just starting the tests now, so cannot tell - yet :) > I will definitely report once I have progressed, but in the meantime, any > feedback from others would be appreciated. Let me comment on my snark a bit before I promise to no longer pollute this technical list with such remarks. Any appliance vendor is a net loss of revenue and reputation for the open source world unless you contribute back. It does not sustain our software otherwise. And in fact, by branding BIND (which is a magnificent collection of DNS functionality, which you ship) as "the most common victim" of security issues, you are hurting open source. [1] Your non-public sales stories are worse. Given that, I found it a bit rich for you (from a non-company email address!) to ask the community that supplies you with free software to give you some free testing too. It would be great to see some testing from you perhaps. For example, how DID you achieve 27 million queries/second? > BTW Bert, does PowerDNS support it? ;) > I saw (https://github.com/PowerDNS/pdns/issues/573) that’s it’s on git > master, does that mean it’s publicly available? Yes - see my off list reply. Bert (will resume lurking here) [1] http://www.efficientip.com/hybrid-dns-whitepaper/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.11 / edns-client-subnet
Hi Bert, On 9 May 2016 at 21:24:42, bert hubert (bert.hub...@netherlabs.nl) wrote: On Mon, May 09, 2016 at 05:24:50PM +0200, Nico CARTRON wrote: > > Perhaps you should tell us how it works for you, what your testing has > > found, and contribute to the development of great open source software? > well, I am just starting the tests now, so cannot tell - yet :) > I will definitely report once I have progressed, but in the meantime, any > feedback from others would be appreciated. Let me comment on my snark a bit before I promise to no longer pollute this technical list with such remarks. ouch, did not see this one coming. Let me answer to your remarks below. Any appliance vendor is a net loss of revenue and reputation for the open source world unless you contribute back. It does not sustain our software otherwise. Just because you’ve not heard of something does not mean this does not happen. And bare in mind that we’re using other non-DNS softwares, so we contributed to other fields. And in fact, by branding BIND (which is a magnificent collection of DNS functionality, which you ship) as "the most common victim" of security issues, you are hurting open source. [1] Your non-public sales stories are worse. I don’t see how calling BIND “the most common victim” is hurting open source. We push for software diversity, which is always good. Given that, I found it a bit rich for you (from a non-company email address!) to ask the community that supplies you with free software to give you some free testing too. I’ve always used my private email address for mailing lists, that’s easier. And unless I re-read my previous email incorrectly, I did not ask for “some free testing”, but for feedback from others. It would be great to see some testing from you perhaps. For example, how DID you achieve 27 million queries/second? That’s 17 million QPS. If you’re around at the RIPE meeting in Copenhagen, I’ll be more than happy to discuss it with you. > BTW Bert, does PowerDNS support it? ;) > I saw (https://github.com/PowerDNS/pdns/issues/573) that’s it’s on git > master, does that mean it’s publicly available? Yes - see my off list reply. Thank you, but I did not receive this off-list reply. With the above being said, can we please come back to the original topic and not pollute this list? We can continue off-list or talk in Copenhagen if you wish to.___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Maintain task frequency
Hello bind users, I am preparing some scripts to maintain some cache dns servers and I am thinking about the most appropriate frequency of these tasks: - to generate the root hints file (root cache). - to clear the cache with rndc flush - to generate the stats file with rndc stat Thank you in advance for your comments -- jamm Aviso de Privacidad: http://www.telmex.com/web/acerca-de-telmex/aviso-triara AVISO DE CONFIDENCIALIDAD: Este correo electrónico, incluyendo en su caso, los archivos adjuntos al mismo, pueden contener informacion de carácter confidencial y/o privilegiada, y se envian a la atención única y exclusivamente de la persona y/o entidad a quien va dirigido. La copia, revisión, uso, revelación y/o distribución de dicha informacion confidencial sin la autorización por escrito de Triara está prohibida. Si usted no es el destinatario a quien se dirige el presente correo, favor de contactar al remitente respondiendo al presente correo y eliminar el correo original incluyendo sus archivos, asi como cualesquiera copia del mismo. Mediante la recepción del presente correo usted reconoce y acepta que en caso de incumplimiento de su parte y/o de sus representantes a los términos antes mencionados, Triara tendrá derecho a los daños y perjuicios que esto le cause. CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended only for the person or entity to which it is addressed and may contain confidential and /or privileged material. Any review, use, disclosure or distribution of such confidential information without the written authorization of Triara is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. By receiving this e-mail you acknowledge that any breach by you and/or your representatives of the above provisions may entitle Triara to seek for damages. 05/09/16 17:53:58 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Maintain task frequency
On Mon, May 09, 2016 at 05:54:22PM -0500, Jorge Alberto Martínez Melo wrote: > I am preparing some scripts to maintain some cache dns servers and > I am thinking about the most appropriate frequency of these tasks: > - to generate the root hints file (root cache). Never. You'll get new root hints every time you upgrade, if the hints have in fact changed. Even if you don't upgrade, it doesn't matter. Having a wrong address in hints means that you might try contacting a bad IP address at startup. Once you have found an actual root server you'll never go back to the hints. And you can find actual root servers listed in hints files which date back far before the BIND 9 project's existence. For ease of management you might want to remove the "zone '.'" statements from your recursive resolvers. That way you'll only use the built-in hints, and every time you upgrade, such as for the latest security issue, you've got the new hints. There's a recent article at the ISC KB about root hints, you might want to read that also. It should be easy to find at https://kb.isc.org/ , searching for "root hints". > - to clear the cache with rndc flush Oh my! Never, unless you have some good reason to do it. Why do you think that should be a scheduled task? > - to generate the stats file with rndc stat Never. See the statistics-channels functionality, which is far superior to the "rndc stats" output, in real time as needed, and designed to be easily parsed by automated tools. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Maintain task frequency
On Mon, 9 May 2016 17:54:22 -0500, Jorge Alberto Mart?nez Melo wrote: Hello bind users, I am preparing some scripts to maintain some cache dns servers and I am thinking about the most appropriate frequency of these tasks: - to generate the root hints file (root cache). - to clear the cache with rndc flush - to generate the stats file with rndc stat Thank you in advance for your comments -- jamm If I interpret your question correctly - here are my answers: 1) root hints - There is nothing you need to do, as BIMD will get the information when it starts, based on the hints that are built into the code. And the hints information rarely changes. 2) Clear cache - There is no need to clear the cache, as BIND will remove automatically any entry whose TTL has expired. 3) Generating stets - I have no answer for this. You can generate stats at any interval you want. The interval might depend upon how busy the DNS server is. --Barry Finkel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
