Chris,
> Can one use BIND 9.9 "inline signing"
> with the unsigned version provided by a DLZ interface?
there's no reason why you shouldn't be able to.
Your BIND 9.9 inline signer would AXFR from BIND DLZ without trouble,
but your signer won't be notified by DLZ; you'd have to "manually"
issue N
? 2012-10-31 23:05, Kobus Bensch ??:
Can anybody point me in the direction of a good guide on setting up
BIND split horizon DNS and DNSSEC?
Take a look at:
http://www.dnssec.lk/docs/DNSSEC_in_6_minutes.pdf
___
Please visit https://lists.isc.org/mailma
In message <5091adef.1040...@dougbarton.us>, Doug Barton writes:
> On 10/31/2012 03:56 PM, Mark Andrews wrote:
> > You are equating a practice that was techically wrong, and known
> > to be wrong from the get go, with one that has never been techically
> > wrong.
>
> Yes, I'm making exactly the s
On Oct 29 2012, Feng He wrote:
于 2012-10-29 9:58, kavin 写道:
Now,I want transfer the zone data from the master dns serverto slave
dns server ,the master dns use bind-dlz+mysql and the slave dns server
use bind+file.
AFAIK, BIND DLZ doesn't send a notify message to slave, so both your
master an
On 10/31/2012 03:56 PM, Mark Andrews wrote:
> You are equating a practice that was techically wrong, and known
> to be wrong from the get go, with one that has never been techically
> wrong.
Yes, I'm making exactly the same judgment that typical users make. "It
works, so it must be Ok."
The fact
In message <5091a8bc.70...@dougbarton.us>, Doug Barton writes:
> On 10/31/2012 03:22 PM, Chris Thompson wrote:
> > On Oct 31 2012, Kevin Darcy wrote:
> >
> > [...snip...]
> >> I know of at least 2 commerically-available DNS maintenance systems
> >> that, by default, do not allow what they call "d
On 10/31/2012 03:22 PM, Chris Thompson wrote:
> On Oct 31 2012, Kevin Darcy wrote:
>
> [...snip...]
>> I know of at least 2 commerically-available DNS maintenance systems
>> that, by default, do not allow what they call "dotted hostnames", by
>> which they mean a name which is at least 2 labels be
On Oct 31 2012, Kevin Darcy wrote:
[...snip...]
I know of at least 2 commerically-available DNS maintenance systems
that, by default, do not allow what they call "dotted hostnames", by
which they mean a name which is at least 2 labels below a zone cut, e.g.
"foo.bar" in the "example.com" zone. T
On Oct 31 2012, Phil Mayers wrote:
On 10/31/2012 06:51 PM, Doug Barton wrote:
It may or may not be strictly necessary to do this depending on
everything else you have in the zone, but it's safer in the long term to
do it this way.
Are you suggesting it's best of the OP creates "l2.example.co
On 10/31/2012 5:15 PM, Phil Mayers wrote:
On 10/31/2012 06:51 PM, Doug Barton wrote:
It may or may not be strictly necessary to do this depending on
everything else you have in the zone, but it's safer in the long term to
do it this way.
Are you suggesting it's best of the OP creates "l2.exam
On 10/31/2012 06:51 PM, Doug Barton wrote:
It may or may not be strictly necessary to do this depending on
everything else you have in the zone, but it's safer in the long term to
do it this way.
Are you suggesting it's best of the OP creates "l2.example.com" as a
sub-zone?
Why it this nece
The system hung long enough to have timed out on every
possible DNS that it could have tried so it should have gotten
to one.
Barry Margolin writes:
> Did the problem coincide with Hurricane Sandy? That would explain
> inability to reach many east coast servers. Resolvers should work aroun
On 10/31/2012 10:12 AM, wbr...@e1b.org wrote:
> I have a zone file for example.org that has entries for a subdomain
> l2.example.org like this:
>
> vpn.l2 IN A10.1.2.3
>
> Now they want to add a subdomain below l2, ie. ad.l2.eboces.org with hosts
> such as dc.ad.l2.eboces.org
A
Phil wrote on 10/31/2012 02:15:16 PM:
> You terminology is a bit confusing here. "subdomain" is imprecise.
Sorry, I meant it as a piece of the FQDN.
> Specify what *zones* you want, and where you want the delegations, and
> it should be easy to see what will work and not.
> Yes, if I've unde
Phil Mayers wrote:
>
> No. Zone cuts can be at any label inside a zone.
Provided "inside" does not include the zone apex :-)
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, r
Martin, what do you see if you do a packet capture on the host where you're
running dig? How 'bout at the border of your network? Obviously traffic's
not making it through, but where? Any sort of split routing paths that
might be involved?
John
On Wed, Oct 31, 2012 at 8:54 AM, Martin McCormick
On 31/10/12 17:12, wbr...@e1b.org wrote:
I have a zone file for example.org that has entries for a subdomain
l2.example.org like this:
vpn.l2 IN A10.1.2.3
Now they want to add a subdomain below l2, ie. ad.l2.eboces.org with hosts
such as dc.ad.l2.eboces.org
You terminology is
In article ,
Carsten Strotmann wrote:
> Hello Martin,
>
> Martin McCormick writes:
>
> > I described a case where one of our remote campuses can't
> > resolve a number of remote domains. One example is noaa.gov. It
> > also successfully resolves random remote domains without
> > seemingly any
M. Meadows wrote:
>
> Does anyone know why dig brownmackie.com +nssearch only returns 5 auth
> nameserver soa records? A check of whois shows they have 7 auth
> nameservers.
Two of them do not respond to queries for brownmackie.com.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Forties, Cromar
I have a zone file for example.org that has entries for a subdomain
l2.example.org like this:
vpn.l2 IN A10.1.2.3
Now they want to add a subdomain below l2, ie. ad.l2.eboces.org with hosts
such as dc.ad.l2.eboces.org
In the zone file for example.org, I can add NS and glue recor
Hi
Can anybody point me in the direction of a good guide on setting up BIND split
horizon DNS and DNSSEC?
Thanks in advance
Kobus
--
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
Does anyone know why dig brownmackie.com +nssearch only returns 5 auth
nameserver soa records?
A check of whois shows they have 7 auth nameservers.
A dig -t NS brownmackie.com @ shows 7
nameservers are delegated authority for the domain.
Is this a limitation of +nssearch?
Can +nssearch only
Hello Martin,
Martin McCormick writes:
> I described a case where one of our remote campuses can't
> resolve a number of remote domains. One example is noaa.gov. It
> also successfully resolves random remote domains without
> seemingly any rime or reason.
>
> Here is a bad dig trace for n
I described a case where one of our remote campuses can't
resolve a number of remote domains. One example is noaa.gov. It
also successfully resolves random remote domains without
seemingly any rime or reason.
Here is a bad dig trace for noaa.gov
; <<>> DiG 9.7.7 <<>> @localhost +trace no
24 matches
Mail list logo
