> I installed FreeBSD 9.1 on 3 virtually identical HP rack servers.
^^^
It seems this box is missing a Kerberos (krb5) library, but I don't know
what it's called on FreeBSD. Maybe compare a list of installed packages
on the servers and install what's
I installed FreeBSD 9.1 on 3 virtually identical HP rack servers.
two of the servers compile bind 9.9.2-P1 as expected.
One however dies because of a bunch of undefined references in
a library file.
a proper ./configure was issued, along with a make; on ALL 3!
I am stumped, and would appreciate s
As a fan of BIND's statistics-server I was tempted to see if I could
reduce the size of the data (XML) named produces by adding an option to
produce JSON. The patch [1] (which is terribly quick and dirty) does that.
[1] https://gist.github.com/jpmens/4958763
Accessing the URI /json on named would
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
BIND 10 - 1.0.0 Release Candidate
Welcome to the first release candidate toward the first production
BIND 10 1.0.0 release. BIND 10 provides a C++ library for DNS
(with python wrappers) and several cooperating daemons for providing
authoritat
Thank you Mark
Regards,
David
-Original Message-
From: Mark Andrews [mailto:ma...@isc.org]
Sent: February-14-13 5:39 PM
To: David Sherman
Cc: bind-us...@isc.org
Subject: Re: NSEC3/NSEC transition
In message , David Sherman writes:
> Thank you, Mark
>
> Is it safe to keep -u option
In message , David Sherman writes:
> Thank you, Mark
>
> Is it safe to keep -u option for dnssec-signzone in all cases, regardless o=
> f current actual NSEC/NSEC3 chains.
>
> Thanks,
> David
I had forgotten about "-u". Being a appliance vendor you may want to
use it all the time as you have
Thank you, Mark
Is it safe to keep -u option for dnssec-signzone in all cases, regardless of
current actual NSEC/NSEC3 chains.
Thanks,
David
-Original Message-
From: Mark Andrews [mailto:ma...@isc.org]
Sent: February-14-13 3:23 PM
To: David Sherman
Cc: bind-us...@isc.org
Subject: Re:
In message , David Sherman writes:
> Hi,
>
> If dynamic signing is used with BIND 9.8, what is the recommended procedure t
> o switch from NSEC3-signed zone to NSEC-signed without changing existing DNSK
> EYs (currently RSA/SHA-512 algorithms are used for both ZSK and KSK)?
> Any specific options
Daniel wrote on 02/14/2013 02:52:55 PM:
> Just make the new server a slave of the old one, let it do zone
transfers of
> all of the old zones, then change the config on the new one from slave
to
> master.
I wonder if that wasn't done once before which is why the zone files don't
appear to be "
On 2/14/13 1:46 PM, "Mailinglists" wrote:
> I'm looking to migrate all of the zone data from one installation of Bind to
> another...hardware move. One machine is very old but running a pretty modern
> version of Bind 9.6-ESV-R8. The other server is running Bind 9.8.2 and is in
> use, so I'm mer
On 14 February 2013 19:46, Mailinglists wrote:
> I'm looking to migrate all of the zone data from one installation of Bind to
> another...hardware move. One machine is very old but running a pretty modern
> version of Bind 9.6-ESV-R8. The other server is running Bind 9.8.2 and is in
> use, so I
I'm looking to migrate all of the zone data from one installation of Bind to
another...hardware move. One machine is very old but running a pretty modern
version of Bind 9.6-ESV-R8. The other server is running Bind 9.8.2 and is in
use, so I'm merging existing zone data with new data, although no
David Sherman wrote:
>
> If dynamic signing is used with BIND 9.8, what is the recommended
> procedure to switch from NSEC3-signed zone to NSEC-signed without
> changing existing DNSKEYs (currently RSA/SHA-512 algorithms are used for
> both ZSK and KSK)? Any specific options for dnssec-signzone?
Running bind rooted on FC 16 using the standard package.
The ca file is located in /var/named/chroot/var/named/named.ca
The hints are not built in.
[shawn@www ~]$ strings /usr/sbin/named | grep A.ROOT-SERVERS.NET
returns nothing.
Centos is RedHat EL (free version) which is a stable version of
Hi,
If dynamic signing is used with BIND 9.8, what is the recommended procedure to
switch from NSEC3-signed zone to NSEC-signed without changing existing DNSKEYs
(currently RSA/SHA-512 algorithms are used for both ZSK and KSK)?
Any specific options for dnssec-signzone?
Thanks,
David
___
On 02/14/2013 10:26 AM, Jaap Akkerhuis wrote:
You too are missing some A and records! Here is mine:
Use bufsize=4096 or at least something around 700, else the answer
doesn't fitand is truncated.
I was thinking it was something like that. Thanks.
jaap
dig +bu
On 02/14/2013 10:18 AM, Tony Finch wrote:
Robert Moskowitz wrote:
More records 1/3/2013 than in the named.ca stub which IF my version has
it builtin raises the question about keeping current at this time in the
Internet (and trusting Redhat to roll in new builtin hints as they go).
No ne
You too are missing some A and records! Here is mine:
Use bufsize=4096 or at least something around 700, else the answer
doesn't fitand is truncated.
jaap
dig +bufsize=4096 . ns @198.41.0.4
; <<>> DiG 9.8.4-P1 <<>> +bufsize=4096 . ns @198.41.0.4
;; global options: +cmd
Robert Moskowitz wrote:
>
> More records 1/3/2013 than in the named.ca stub which IF my version has
> it builtin raises the question about keeping current at this time in the
> Internet (and trusting Redhat to roll in new builtin hints as they go).
No need to worry. They are only hints, and
On 02/14/2013 09:47 AM, Tony Finch wrote:
Robert Moskowitz wrote:
Which begs the next question I was going to ask. How often should I download
a fresh named.zone?
Never. If you keep BIND reasonably up-to-date its built-in hints will work
fine.
More records 1/3/2013 than in the named.c
On 02/14/2013 09:38 AM, Tony Finch wrote:
Robert Moskowitz wrote:
On 02/14/2013 09:05 AM, Warren Kumari wrote:
BIND now comes with a baked in roots file (in the imaginatively named
lib/dns/rootns.c )
Not (at least by that name) in the Redhat/Centos 6.3 bind 9.8.2.
That is a source file name
On 02/14/2013 09:34 AM, Warren Kumari wrote:
On Feb 14, 2013, at 9:28 AM, Robert Moskowitz wrote:
On 02/14/2013 09:05 AM, Warren Kumari wrote:
BIND now comes with a baked in roots file (in the imaginatively named
lib/dns/rootns.c )
Not (at least by that name) in the Redhat/Centos 6.3 bind
Robert Moskowitz wrote:
>
> Which begs the next question I was going to ask. How often should I download
> a fresh named.zone?
Never. If you keep BIND reasonably up-to-date its built-in hints will work
fine.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Forties, Cromarty: East, veering southe
On 02/14/2013 09:19 AM, Christian Tardif wrote:
You're right. CentOS 6.3 does not have named.root. They just call it
named.ca. That's actually the same file thing. You just need to refer
to the right file name for hints.
Note below that I did see the named.ca which is from their namecaching
Robert Moskowitz wrote:
> On 02/14/2013 09:05 AM, Warren Kumari wrote:
> > BIND now comes with a baked in roots file (in the imaginatively named
> > lib/dns/rootns.c )
>
> Not (at least by that name) in the Redhat/Centos 6.3 bind 9.8.2.
That is a source file name which is compiled into the binary
Oops ignore that earlier send. Hit wrong button...
On 02/14/2013 08:42 AM, Steven Carr wrote:
On 14 February 2013 13:35, Robert Moskowitz wrote:
What went wrong here?
Which do I use?
Not sure what is up with your dig response (can you post the contents)
but it works for me and if your dig s
On Feb 14, 2013, at 9:28 AM, Robert Moskowitz wrote:
>
> On 02/14/2013 09:05 AM, Warren Kumari wrote:
>> BIND now comes with a baked in roots file (in the imaginatively named
>> lib/dns/rootns.c )
>
> Not (at least by that name) in the Redhat/Centos 6.3 bind 9.8.2.
Nope -- it is in lib/dns/r
On 02/14/2013 09:05 AM, Warren Kumari wrote:
BIND now comes with a baked in roots file (in the imaginatively named
lib/dns/rootns.c )
Not (at least by that name) in the Redhat/Centos 6.3 bind 9.8.2.
There is no need for a named.root file, and is just another thing to go wrong…
Is there an
You're right. CentOS 6.3 does not have named.root. They just call it
named.ca. That's actually the same file thing. You just need to refer to
the right file name for hints.
Christian...
On 02/14/2013 08:35 AM, Robert Moskowitz wrote:
The Centos 6.3 bind and bind-chroot do not seem to come with
BIND now comes with a baked in roots file (in the imaginatively named
lib/dns/rootns.c )
There is no need for a named.root file, and is just another thing to go wrong…
W
On Feb 14, 2013, at 8:35 AM, Robert Moskowitz wrote:
> The Centos 6.3 bind and bind-chroot do not seem to come with a named.
On 14 February 2013 13:35, Robert Moskowitz wrote:
> What went wrong here?
>
> Which do I use?
Not sure what is up with your dig response (can you post the contents)
but it works for me and if your dig still isn't working use the one
from FTP.
sjcarr@elmo:~ $ dig . ns @198.41.0.4
; <<>> DiG 9.8
The Centos 6.3 bind and bind-chroot do not seem to come with a
named.root. Does have a named.ca, though.
So from my old named.root.hints include (also not provided; where did I
get this?) I tried:
wget ftp://ftp.rs.internic.net/domain/named.root
And got a nice looking named.root last updat
Christian Tardif wrote:
>
> Back to a DNS problem, I came back to this thread. If I do a "dig +norec", I
> still don't get the final answer but then, I get a whole bunch of information
> (the NS records for the requested zone, and the A records relativey to these
> NS records)
That means the loc
33 matches
Mail list logo
