-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 01/18/2011 12:26 AM, p...@mail.nsbeta.info wrote:
>
> Hi,
> I saw this piece from named.stats:
> [XXX.com]
> 812922 auth queries rejected
> 116 recursive queries rejected
> 4 transfer requests reject
Hi,
I saw this piece from named.stats:
[XXX.com]
812922 auth queries rejected
116 recursive queries rejected
4 transfer requests rejected
80 update requests rejected
922732 queries resulted in successful answer
Hi,
How to query for a A or CNAME record with TSIG key?
I want to test the different rrdate for a domain name in different views.
Thanks.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Dnia 2011-01-17 15:53 someone napisał(a):
>If it *is* the only way...
>It will result in a tough week...
>Not what I wanted to hear indeed ;)
Maybe having a zone file for external view, and sed'ing the IPs to get file
for internal view would get you an easier to maintain solution? You still
ha
If it *is* the only way...
It will result in a tough week...
Not what I wanted to hear indeed ;)
Ty.
-Ursprüngliche Nachricht-
Von: Phil Mayers [mailto:p.may...@imperial.ac.uk]
Gesendet: Montag, 17. Januar 2011 15:46
An: someone
Cc: bind-users@lists.isc.org
Betreff: Re: AW: Dns doctorin
On 17/01/11 14:30, someone wrote:
Running internal stuff over nat and the firewall is bad practice and should
be avoided as it uselessly loads the firewall, increases the complexity of
the rules and creates bottlenecks on a fast network backbone.
Ah, I see. I misunderstood what you were trying
Have you tried more sane times?
Those don't look like sensible times even for a test, which is probably why
BIND isn't signing. I think you are below the sensitivity level for BIND to
sign automatically.
If you want to test, try using hours or days as values. When initially
testing I used lifetim
Running internal stuff over nat and the firewall is bad practice and should
be avoided as it uselessly loads the firewall, increases the complexity of
the rules and creates bottlenecks on a fast network backbone.
You might be correct for home systems where running over your firewall and
NAT for e
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
I have my test zone example configured with option auto-dnssec maintain;
zone "example" {
type master;
file "var/zone/example";
allow-update { loopback; };
allow-transfer { trusted; loopback; };
auto-d
On 17/01/11 00:23, someone wrote:
If you have any ideas how to do dns doctoring with bind9 (or netfilter)
please give me some hints ;)
Have you considered that this will break DNSSEC, and as time goes by,
may not work at all (if clients become full validating DNSSEC resolvers)?
I'm a little
10 matches
Mail list logo
