On Fri, 9 Jul 2010, Tomasz Chmielewski wrote:
Hi,
I'm about to set up bind with GeoIP patches.
What I'm not sure, is how do you guys handle high availability?
Suppose I have zones for Americas and Europe,
Just to be clear, you're saying that you have 2 different zones, one
with the Europea
On Wed, 14 Jul 2010, Marco Davids (SIDN) wrote:
On 07/13/10 23:58, Doug Barton wrote:
Can anyone explain to me why the 'ad'-flag is set for this query?
dig +dnssec -t RRSIG www.forfunsec.org
I'm using 9.7.1-P1 with dlv and I'm not seeing the AD flag on that. What
version of BIND are you usi
On 07/13/10 23:58, Doug Barton wrote:
>> Can anyone explain to me why the 'ad'-flag is set for this query?
>>
>> dig +dnssec -t RRSIG www.forfunsec.org
>
> I'm using 9.7.1-P1 with dlv and I'm not seeing the AD flag on that. What
> version of BIND are you using?
>
Hi Doug,
I use BIND 9.7.0rc1,
On Tue, 13 Jul 2010, Marco Davids (SIDN) wrote:
Hi,
Can anyone explain to me why the 'ad'-flag is set for this query?
dig +dnssec -t RRSIG www.forfunsec.org
I'm using 9.7.1-P1 with dlv and I'm not seeing the AD flag on that. What
version of BIND are you using?
Doug
--
Improve t
That should work fine, as long as
a) this view definition appears in named.conf before any more general
view (since views are matched in order),
b) the "zone1" ACL is defined to include all of the address ranges that
should get the "private" root zone, and
c) "db.lockdown" contains a root zone w
On Mon, 12 Jul 2010, Richard Tom wrote:
What would delay a slave responding to a notify? More importantly, what
would delay a slave from transferring a zone after verifying the master's
serial for the zone is newer than the serial the slave has?
I've looked over the bug fixes as accumulated
Hi,
Can anyone explain to me why the 'ad'-flag is set for this query?
dig +dnssec -t RRSIG www.forfunsec.org
How does a validating resolver determine that such an answer is secure?
Thank you.
--
Marco Davids
___
bind-users mailing list
bind-users@li
At Thu, 8 Jul 2010 02:30:25 -0700 (PDT),
khanh rua wrote:
> I install bind as a cache server on Solaris 10, Sun Sparc T5140. It
> has problem, bind always hang out when named reach to 5-600 Mb
> ('prstat' check). I have several servers and all have this problem
> even when i install bind in zone
On 7/13/2010 1:11 PM, Shiva Raman wrote:
Dear All
This is in reference to the performance tuning , i had already gone
through the mailing list archives , but could not find answer to my
specific query mentioned here.
Right now i am using queryperf to test the performance with sample query
fi
Dear All
This is in reference to the performance tuning , i had already gone through
the mailing list archives , but could not find answer to my
specific query mentioned here.
I had installed bind as a caching name server for test purposes and
planning to test performance that could give me
Kalman Feher wrote:
> Ok now I see it.
> The response appears ok, but the log entry is odd. I see the same on my test
> box (9.7.1 not patched to P1 yet).
I saw this on earlier 9.7 as well.
> A brief thread on this occurred earlier
> in the year (archived here):
> http://newsgroups.derkeiler.com
Ok now I see it.
The response appears ok, but the log entry is odd. I see the same on my test
box (9.7.1 not patched to P1 yet). A brief thread on this occurred earlier
in the year (archived here):
http://newsgroups.derkeiler.com/Archive/Comp/comp.protocols.dns.bind/2010-03
/msg00282.html
On 13
Kalman Feher wrote:
> It looks like normal NSEC to me, unless you are referring to an isolated
> copy of the domain not accessible to the public:
Yes, indeed, sorry about that. I should keep my playgrounds tidier. The
actual zone is located on nssec.restena.lu, and is publicly queriable
(even wit
It looks like normal NSEC to me, unless you are referring to an isolated
copy of the domain not accessible to the public:
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22416
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: versio
Hello,
I have a signed zone (dnssec.lu) with NSEC3 / no optout, signed through
OpenDNSSEC. The zone contains a wildcard with a TXT and A record.
Each time the server is queried for something where the QNAME is matched
by the wildcard, but the QTYPE is not, named logs a warning: "expected
covering
;
-- next part --
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/bind-users/attachments/20100713/178f7aef/at
tachment-0001.html>
--
Message: 3
Date: Tue, 13 Jul 2010 00:43:14 -0500
From: Larry Brower
Sub
Not helped...
view "internal-in" in {
match-clients { zone1; };
recursion yes;
zone "." {
type master;
file "db.lockdown";
};
};
-Original Message-
From: Nadir Aliyev [mailto:na...@ultel.net]
Sent: Tuesday, July 13, 2010 3:28 PM
Its maybe sily just for you. But not for all.
For example,
I authorize users via radius with 2 way: without acl and with guest acl.
So I give same dns servers to all users, but I give public ip to the normal
users and private ip to the users with guest acl for purpose redirecting all
dns requests
18 matches
Mail list logo
