Re: How to measure the impact of enabling DNSSEC?

2013-01-22 Thread Mark Andrews
In message , Augie Schwer wri tes: > > Would measuring the number of SERVFAIL entries in the "query-errors" > category be a good indicator of what impact enabling DNSSEC has? > > I am replaying some production traffic at a test instance; once with DNSSEC > enabled and once with it disabled and

Re: MNAME not a listed NS record

2013-01-22 Thread Barry S. Finkel
On 1/19/2013 6:00 AM, bind-users-requ...@lists.isc.org wrote: On Jan 16, 2013, at 1:01 PM, Chuck Swiger wrote: >On Jan 16, 2013, at 12:40 PM, Dave Warren wrote: >>Is there anything technically wrong with having a SOA MNAME field that isn't listed as a NS record? > >Sure. The SOA MNAME is exp

How to measure the impact of enabling DNSSEC?

2013-01-22 Thread Augie Schwer
Would measuring the number of SERVFAIL entries in the "query-errors" category be a good indicator of what impact enabling DNSSEC has? I am replaying some production traffic at a test instance; once with DNSSEC enabled and once with it disabled and then counting the number of entries logged via the

Re: lame-servers: error (FORMERR) resolving [something]

2013-01-22 Thread Mark Andrews
In message <20130122142136.ga21...@fantomas.sk>, Matus UHLAR - fantomas writes: > On 22.01.13 11:18, Daniele wrote: > >My router doesn't maintain a DNS cache, so it must be my IPS's fault. > > > >The last questions, if it's possible: what happens when my 'named' starts > >an iterative query? Does

Re: lame-servers: error (FORMERR) resolving [something]

2013-01-22 Thread Warren Kumari
On Jan 22, 2013, at 5:18 AM, Daniele wrote: > Ok! Thank you all! > > My router doesn't maintain a DNS cache, And what are you basing this upon? W > so it must be my IPS's fault. > > The last questions, if it's possible: what happens when my 'named' starts an > iterative query? Does it arri

Re: lame-servers: error (FORMERR) resolving [something]

2013-01-22 Thread Matus UHLAR - fantomas
On 22.01.13 11:18, Daniele wrote: My router doesn't maintain a DNS cache, so it must be my IPS's fault. The last questions, if it's possible: what happens when my 'named' starts an iterative query? Does it arrive to the real root-server (first of all), it should, but it appears that it does no

Re: lame-servers: error (FORMERR) resolving [something]

2013-01-22 Thread Daniele
Ok! Thank you all! My router doesn't maintain a DNS cache, so it must be my IPS's fault. The last questions, if it's possible: what happens when my 'named' starts an iterative query? Does it arrive to the real root-server (first of all), or is it processed by some other cache-server on the path?