김기중 부재중 자동응답: RE: bind-users Digest, Vol 1496, Issue 1

2013-04-11 Thread 김기중
NAVER - http://www.naver.com/ 김기중(gijoong@nhn.com) 님은 현재 부재중입니다. 보내신 메일 은 저장되어 있으므로 다시 보내실 필요는 없습니다. 김기중(gijoong@nhn.com) 님이 남기신 메시지 입니다. 4/5(금) 부터 4/14(일) 까지 연수로 자리를 비웁니다. 라이브 생중계는 박성규 부장님, RMC 는 장세

Re: Caching server - named process is limit at 500MB

2013-04-11 Thread Jaco Lesch
Chu Had the same issue in the past on Solaris 8 and 9 day as the default compiled binaries is 32-bit which seem to limit memory usage to 512 MB. You can modify the configure script/source to use more memory in 32-bit, but I will suggest you to move to 64-bit versions of BIND. When we migrate

Caching server - named process is limit at 500MB

2013-04-11 Thread Chu Ha Khanh
Hi, We deploy bind 9.x.x cache server, solaris 10 sparc on a system that servicing large customers. We face an issue that bind process on a server is limit at 500MB. If number of request to the server is increase, bind is hang and unable to response queries. We recognize the named process is

Re: signature expiration

2013-04-11 Thread Tony Finch
Alan Clegg wrote: > > I use dynamic zones and never concern myself with expired signatures. > You can also use inline signing to remove this "hassle". Yes! > Better solution: Sign them more often. Why not sign them twice a day? > I personally don't think that extending the signature validity p

Re: signature expiration

2013-04-11 Thread Alan Clegg
On Apr 11, 2013, at 8:34 AM, Noel Butler wrote: > Sign them for longer, I typically use 90 days > > On Thu, 2013-04-11 at 12:14 +, hugo hugoo wrote: >> Hello, >> >> Can anyone tell me why signatures in dnssec mut be renewed every 30 days? >> What are the modifications made on a zone with

Re: signature expiration

2013-04-11 Thread Tony Finch
hugo hugoo wrote: > Can anyone tell me why signatures in dnssec mut be renewed every 30 > days? The limited lifetime of the signatures reduces your exposure to a replay attack. After the signature has expired an attacker cannot fool a victim by giving them the stale data. > What are the modific

Re: signature expiration

2013-04-11 Thread Noel Butler
Sign them for longer, I typically use 90 days On Thu, 2013-04-11 at 12:14 +, hugo hugoo wrote: > Hello, > > Can anyone tell me why signatures in dnssec mut be renewed every 30 > days? > What are the modifications made on a zone with a resign? > > Thanks in advance for the clarifications. >

signature expiration

2013-04-11 Thread hugo hugoo
Hello, Can anyone tell me why signatures in dnssec mut be renewed every 30 days?What are the modifications made on a zone with a resign? Thanks in advance for the clarifications. Hugo, ___ Please visit https://li