On Fri, Aug 27, 2010 at 11:22 PM, Scott Simpson
wrote:
> I have a master DNS server with two different views: "internal" and
> "external". How do I do a zone transfer of the two different views? The
> following on the slave only grabs the internal view:
>
Use two TSIG keys, one for each view, to
I have a master DNS server with two different views: "internal" and
"external". How do I do a zone transfer of the two different views? The
following on the slave only grabs the internal view:
view "external" {
match-clients { any; };
allow-transfer { none; };
allow-query { any; };
On Fri, 27 Aug 2010, Evan Hunt wrote:
"Non-obvious" isn't the point. We thought of having the file be named
directly after the view, but view names are allowed to include characters
that are forbidden in file names. Before opening the file we'd have to
check the name's legality, ensure it does
> I'm having a hard time following the motivation behind these changes. Why
> is the filename non-configurable and non-obvious?
"Non-configurable" may change.
"Non-obvious" isn't the point. We thought of having the file be named
directly after the view, but view names are allowed to include ch
On Thu, 26 Aug 2010, Rob Foehl wrote:
My next step is going to be to experiment with the rndc addzone/delzone
feature in the 9.7.2 betas, which hopefully should avoid any need to attempt
a reconfig during normal use. That aside, is there anything else I could be
doing to speed things up?
I
On 08/27/2010 11:32 AM, Alan Clegg wrote:
On 8/27/2010 11:42 AM, CT wrote:
Per my isc class and the book I received by Jeremy C. Reid ..
you still need to "include" your keys in the zone file either
via
$include/KSK
$include/ZSK1
$include/ZSK2
or
(cat *.key> allkeys) which is what I have done
I just migrated my dns server to bind 9.7.1-P2
KSK
dnssec-keygen -r /dev/urandom -a RSASHA256 -b 2048 -f KSK $zone
ZSK
dnssec-keygen -r /dev/urandom -a RSASHA256 -b 1024 $zone
SIGN
dnssec-signzone -S -C -g -a -H 10 -3 -K $zone
Per my isc class and the book I received by Jeremy C. Reid ..
you
On 8/27/2010 11:42 AM, CT wrote:
> Per my isc class and the book I received by Jeremy C. Reid ..
> you still need to "include" your keys in the zone file either
>
> via
> $include /KSK
> $include /ZSK1
> $include /ZSK2
> or
> (cat *.key > allkeys) which is what I have done..
> $include /allkeys
>
> On Thu, 26 Aug 2010 23:17:29 +1000, Karl Auer said:
> > That said, a non-zero SOA TTL certainly seems to be common, perhaps the
> > norm.
On 26.08.10 16:52, Alexander Gall wrote:
> I don't think so. This was an issue for the org zone as well (with
> further implications for DNSKEY records), se
On 24.08.10 16:56, Gordon A. Lang wrote:
> After several successful "update delete ..." nsupdate sends to the master
> DNS server, verified with dig, the "rndc dumpdb -zones" command produced
> named_dump.db file still showing the deleted records. This was repeatable
> and persistent (over the hal
Hello,
please configure your mailer to wrap lines below 80 characters per line.
72 to 75 is usually OK.
Thank you.
On 24.08.10 09:49, Len Conrad wrote:
> We just had a problem where a BIND9 running on our postfix MX
> 451-rejected-as-unknown-domain all msgs from @sender.domain for 9 days.
>
> "
Probably. I'd like to get Michael's feedback... I have not heard of
this from anyone else have either of you?
On Aug 26, 2010, at 3:22 PM, Rob Foehl wrote:
I've been experimenting with loading a large number of master zones
(on the order of 250,000) in a single BIND instance, and have
12 matches
Mail list logo
