In message <4d6d7268.1080...@chrysler.com>, Kevin Darcy writes:
> I got a trouble ticket on this too.
>
> From the looks of things, Cisco is using GSSes to load-balance this
> site. GSSes return SERVFAIL if all of the resources behind the
> load-balancer are down (which it determines via a hea
See my other post. This is designed-in behavior for Cisco GSSes, since
there is no "service unavailable, try again later" RCODE.
I got a trouble ticket on this too.
From the looks of things, Cisco is using GSSes to load-balance this
site. GSSes return SERVFAIL if all of the resources behind the
load-balancer are down (which it determines via a heartbeat mechanism).
So I think this is a "simple" case of a website (or clu
On 03/01/11 21:52, fakessh @ wrote:
> as I now know what key DS uses.
That would be the key with id 47103 in your case. The one that has SEP
flag, the one that only signs DNSKEY records and not others.
Regards,
Torinthiel
signature.asc
Description: OpenPGP digital signature
__
I was not able to resolve first and got the the same result as you got:
$ dig +trace tools.cisco.com
; <<>> DiG 9.6.1-P3 <<>> +trace tools.cisco.com
;; global options: +cmd
. 63808 IN NS a.root-servers.net.
. 63808 IN NS l.root-
In message <1299012754.7.430.camel@localhost.localdomain>, "fakessh @" writ
es:
> as I now know what key DS uses.
>
> I logged into my account and I moved isc dlv record SHA1 DS,
> and I thought to receive a new record or something like that.
>
> well no reply from the ISC is :
> A corres
Ring Cisco and complain that their nameservers are broken for the
zone.
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13389
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;tools.cisco.com. IN A
;; Query time: 204 msec
Hi Team,
ISC will be conducting two BIND 9.8 Feature Webinars on March 2nd at 8:00 am
PST and 4:00 pm PST. Please up using this URL:
http://www.isc.org/webinars
This is a new "feature" ISC, where we are educating our constituents as each
new BIND feature is released. Stay tuned for BIND 9.9,
I should add that tools.cisco.com was resolvable at one time, so either
Cisco's behavior has changed, or our firewall's behavior has changed. We
obviously haven't upgraded our BIND version in a while (9.4.3P3), so I don't
think the problem is BIND.
-Original Message-
From: Mike Bernhardt [
as I now know what key DS uses.
I logged into my account and I moved isc dlv record SHA1 DS,
and I thought to receive a new record or something like that.
well no reply from the ISC is :
A corresponding DNSKEY already exists for this record.
All comments are welcome to help me find a solution
For some reason, we can no longer resolve tools.cisco.com. there are several
clues to the problem but I can't put them together. Here is some dig output.
I know that the time stamps don't all match up below, but the results are
typical:
[root@ns1 ~]# dig +trace -b 148.165.3.10 tools.cisco.com
; <
On 03/01/11 20:17, fakessh @ wrote:
> is the repeat isc dlv seems to accept the flag DS
> in my case i have to a file dsset-fakessh.eu
> but the file contains two keys DS and i don't know which to use
The DS you have are both for the same key, only one is SHA1 and other
SHA256. You could try an
Le mardi 01 mars 2011 à 09:34 +0100, Laurent Bauer a écrit :
> On 28/02/2011 23:35, fakessh @ wrote:
> >> This is not handled yet. The .FR zone has been signed since september
> >> 2010, but submitting DS for child zones will be supported later this year.
> >> See http://operations.afnic.fr for m
__
Introduction
BIND 9.8.0 is the first production release of BIND 9.8.
This document summarizes changes from BIND 9.7 to BIND 9.8. Please see
the CHANGES file in the source code release for a complete list of all
c
On Mon, Feb 28, 2011 at 09:30:10PM +, Jack Tavares wrote:
> Recap:
> running named with "-n 1" will spin up one worker thread
> and approx 4 other threads.
Hello,
> Is there an official discussion or explanation of what these
> other threads do?
official explanation can be found in BIND sour
On 28/02/2011 23:35, fakessh @ wrote:
>> This is not handled yet. The .FR zone has been signed since september
>> 2010, but submitting DS for child zones will be supported later this year.
>> See http://operations.afnic.fr for more information.
>>
> thank you for taking the trouble to answer me.
16 matches
Mail list logo
