Mark, Mat,
Mat wrote:
> End users will get confused by this, but then there are plenty of
> other possibilities with and without DNS they may get confused about.
> I think providing help to them should be dealt with by the OS instead
> of bloating DNS. Upon return of any error by DNS (or any other
hi,
when i was in IPv4 environment test the dynamic update ,the result is
completely sucess,there is the result(rangi type is the new type i added):
[r...@localhost named]# host -t rangi 4086:0002:0010:::1
0001.0010.0002.4086.rangiid.arpa has RANGI record
2001:da8:215:1800
Additionally you can detect a DNSSEC failure by asking
queries with and without the CD bit set.
Most DNSSEC failures can be diagnosed with dig, knowing the
current time and date and access to named.conf for the trust
anchors. There are actually easier to d
On 3/10/2010 4:45 PM, ic.nssip wrote:
I've got the idea!
So even I have no statement "recursion yes", the server is still
recursive as time I dont specify "recursion no;"
It is going to make no difference if I'll add "recursion yes;" on
options.
No difference.
Is "localnets" a term I really
Hi Gilles,
this question came up as well at a DNSSEC workshop I attended recently. IMHO
redirecting to a website will cause similar misuse to what wildcard records
have caused. One might argue a new RCODE would be the right thing but really,
the SERVFAIL is actually correct. The server at the o
I've got the idea!
So even I have no statement "recursion yes", the server is still recursive
as time I dont specify "recursion no;"
It is going to make no difference if I'll add "recursion yes;" on options.
Is "localnets" a term I really need to use?
Currently I'm using an ACL defined for "ac
Hello all,
If a the validation of a signed RR fails, the answer from the validating
resolver to the requestor is SERVFAIL, if I understood correctly. To the
average end user who isn't aware that DNS exists this translates to
"it's broken". Possibly even "my ISP is broken" if the neighbor's ISP
doe
Lightner, Jeff wrote:
> Modern being?
Actually
In the 9.4 CHANGES file I find:
--- 9.4.0a4 released ---
[...]
2006. [security]Allow-query-cache and allow-recursion now default
to the builtin acls "localnets" and "localhost".
This is
Lightner, Jeff wrote:
> Modern being?
According to CHANGES file:
--- 9.5.0a6 released ---
2206. [security] "allow-query-cache" and "allow-recursion" now
cross inherit from each other.
If allow-query-cache is not set in named.conf then
a
Modern being?
-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf
Of Alan Clegg
Sent: Wednesday, March 10, 2010 2:25 PM
To: bind-users@lists.isc.org
Subject: Re: recursion
ic.nssip wrote:
> I
ic.nssip wrote:
> If there is no option "recursion yes (or no);" specified in named.conf,
> is the server still recursive?
> Is "recursion" activated by default if option recursion (yes|no) is
> missing in named.conf?
In modern BIND, "allow-recursion" defaults to:
"{ localhost; loc
On 3/10/2010 11:37 AM, ic.nssip wrote:
If there is no option "recursion yes (or no);" specified in
named.conf, is the server still recursive?
Is "recursion" activated by default if option recursion (yes|no) is
missing in named.conf?
Yes, recursion is "activated" by default, but who is or is not
If there is no option "recursion yes (or no);" specified in named.conf, is the
server still recursive?
Is "recursion" activated by default if option recursion (yes|no) is missing in
named.conf?
Thank you,
Julian
___
bind-users mailing list
bind-users
Hello,
in Bind 9.6.2 the zone statistics looked like that:
4.3.2.1.e164.arpa/IN
IN
3
0
0
0
0
0
0
0
0
On Mar 10 2010, Sam Wilson wrote:
In article ,
wrote:
dig was added to Solaris 9. It is not native to Solaris 8 or older.
That would explain why it's only where Chris found it on some of our
range of Solarises (vintage or only slightly worn).
Yes, I did overestimate how long it's been th
In article ,
Mark Andrews wrote:
> In message <20100309154017.4801c...@the-damian.de>, Torsten writes:
> > Am Wed, 10 Mar 2010 00:44:46 +1100
> > schrieb Mark Andrews :
> >
> > >
> > > In message <20100309142153.016c7...@the-damian.de>, Torsten writes:
> > > > Hi,
> > > >
> > > > I'm a bit cl
In article ,
wrote:
> dig was added to Solaris 9. It is not native to Solaris 8 or older.
That would explain why it's only where Chris found it on some of our
range of Solarises (vintage or only slightly worn).
> Chris Thompson wrote:
> > On Mar 9 2010, Sam Wilson wrote:
> >
> > ...
17 matches
Mail list logo
