Thank you all.
I've confirmed that the problem is firewall related. I've replaced my current
Untangle firewall with a simplest Linux NAT iptables firewall and everything
works perfectly, without any complains.
Thank you very much for your kind help/suggestions.
Shi
Hi,
When using 9.7.0a3 with dnssec-signzone and PKCS#11, one can use the genkey.sh
as a tool to generate keys. It is however hardcoded to RSASHA1. (We needed
NSECRSASHA1)
The below tiny patch addresses this.
Related, the dnssec-signzone command created a zone with algo 5 DNSKEY's with
NSEC3 re
1) Confirm whether you need to forward at all. If you don't need to,
then remove the forwarders entries and that should take care of the
errors in your log.
2) If you *must* use forwarders, look at the part of the config that you
didn't show us, and determine whether there is something there (e.
In message <865284.37771...@web36203.mail.mud.yahoo.com>, Shi Jin writes:
>
> > "host unreachable" is one of the clearer error messages, so
> > you need
> > to do some digging. From the box that you've set up bind9
> > on you'll
> > need to use dig to query the ISP's name servers. If that
> > wor
> "host unreachable" is one of the clearer error messages, so
> you need
> to do some digging. From the box that you've set up bind9
> on you'll
> need to use dig to query the ISP's name servers. If that
> works, then
> you'll have to use tcpdump on that box to find out what
> named is doing.
>
>
What is "unfortunate" about BIND picking a forwarder based on real,
up-to-date information about the thing that the end-user ultimately
cares about -- how quickly the queries get answered?
Surely this is better than hardcoding a bunch of assumptions into your
forwarding configs, assumptions th
Shi Jin wrote:
> Hi there,
>
> I've setup a DNS server running bind9 in my LAN and set it up to ISP provided
> DNS servers as the forwarders. Currently this DNS server works in the sense
> both internal and external names are resolved without any problem. However,
> for each DNS query, the sysl
On Sep 21 2009, Matus UHLAR - fantomas wrote:
I have moved authoritative server to new IP address. I have changed the DNS
name pointing to it so the NS would point to the new IP.
Now I looked at the traffic and it seems that there are ~4 of 1000 recursive
requests sent to it.
And do you know
On Sep 21 2009, Matus UHLAR - fantomas wrote:
IIRC, slave zones transferred to BIND8 had header that informed us when was
the zone transferred and from where.
Do I remember correctly?
Yes.
If so, when was this feature removed
It has never been in BIND 9.
> Try
> dig @216.171.238.66 hp.com
> to see if the .66 host answers to your queries. Maybe you
> got a wrong IP
> there? Try the same for .67, the other DNS.
>
Thank you very much. I tried what you suggested and it seems that these two
servers work perfectly. In fact, I can simply set my DNS t
On Montag 21 September 2009 Shi Jin wrote:
> However, it looks to me like the ISP provided DNS server
> (216.171.238.66) was not able to resolve any of the names and all the
> resolving is done at the top level servers. Is my understanding
> correct?
Try
dig @216.171.238.66 hp.com
to see if the .6
Hi there,
I've setup a DNS server running bind9 in my LAN and set it up to ISP provided
DNS servers as the forwarders. Currently this DNS server works in the sense
both internal and external names are resolved without any problem. However, for
each DNS query, the syslog shows entries of
dhcp-
Hello,
I have moved authoritative server to new IP address. I have changed the DNS
name pointing to it so the NS would point to the new IP.
Now I looked at the traffic and it seems that there are ~4 of 1000 recursive
requests sent to it.
Are there any known resolvers that can iterate through NS
Hello,
IIRC, slave zones transferred to BIND8 had header that informed us when was
the zone transferred and from where.
Do I remember correctly? If so, when was this feature removed and why?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-
14 matches
Mail list logo
