Re: resolving-problem

On 07/24/13 00:35, Shawn Bakhtiar wrote: Do you run your name servers from behind a firewall, or is your firewall (iptables) turned on? We run our name servers from behind a firewall, my network computers give the same problem when I run dig +trace www.fransiplus.com

Re: permissions for DNSSEC zone signing

On 07/23/2013 04:48 PM, David Newman wrote: On 7/23/13 3:44 PM, Mark Andrews wrote: In message <51ef00af.4090...@networktest.com>, David Newman writes: FreeBSD 9.1-RELEASE-p4, BIND 9.9.3-P1 ESV installed from ports [...] zone "example.org" { type master; file "master/exa

Re: permissions for DNSSEC zone signing

On 7/23/13 3:44 PM, Mark Andrews wrote: > In message <51ef00af.4090...@networktest.com>, David Newman writes: >> FreeBSD 9.1-RELEASE-p4, BIND 9.9.3-P1 ESV installed from ports >> >> What are the correct directory and file permissions for DNSSEC static >> zone signing with bind? >> >> By default,

Re: permissions for DNSSEC zone signing

In message <51ef00af.4090...@networktest.com>, David Newman writes: > FreeBSD 9.1-RELEASE-p4, BIND 9.9.3-P1 ESV installed from ports > > What are the correct directory and file permissions for DNSSEC static > zone signing with bind? > > By default, everything in /var/named/etc/namedb is owned by

Re: resolving-problem

In message , "Ejaz" writes: > > Thank you so much for your email and support, > > Pls, See, the dig + trace output when use ns1.nesma.net.sa, at the end it > say connection timedout. so please can you to find out the problem is from > where??? > > > [root@ns1 ~]# dig +trace www.fransiplus.

permissions for DNSSEC zone signing

FreeBSD 9.1-RELEASE-p4, BIND 9.9.3-P1 ESV installed from ports What are the correct directory and file permissions for DNSSEC static zone signing with bind? By default, everything in /var/named/etc/namedb is owned by bind except for the master directory. For example: drwxr-xr-x bind wheel dynami

Re: IPv4 not working reverse on > /24 cidr

On Mon, Jul 22, 2013 at 12:17:12PM -0400, Barry Margolin wrote: > In article , > Ryan Pavely wrote: > > > So that would suggest any time any block > a /24 is hosted you > > must actually host the parent zone, pointing to the larger cidr, > > and then have your normal files for each cider in th

Re: Question about cache reload

- Original Message - > Firstly you should not use NSEC3 unless you NEED to use NSEC3, NSEC > is more than sufficient for most zones. NSEC3 is more expensive > for both servers and clients. 99.999% of zones (forward and reverse) > DO NOT need to use NSEC3. They derive NO benefit from N

Re: Question about cache reload

- Original Message - > I have just set up DNSSEC on bind 9.9.3. I had set up the zone and > put a DS record out at the registrar. Several days later I found > that I had set up the keys incorrectly using only NSEC verses NSEC3 > so i changed the keys. I deleted the old keys and DS reco

Re: Can I change the zone file from command line?

I'm not sure I understand your concern. nsupdate will only update the records you tell it to update. So, if you have a "static" record, then don't target it with nsupdate and you should be fine. When you dial a telephone number, do you worry that your dialing may have "consequences" against te

Re: resolving-problem

Don't confuse dig +trace with what is happening or not at your name server. When trace is enabled, dig performs the queries needed itself from the location the dig is run. So, in other words, if your system is not allowed to send or receive DNS packets, then you'll never be able to perform a

RE: resolving-problem

Do you run your name servers from behind a firewall, or is your firewall (iptables) turned on? We run our name servers from behind a firewall, my network computers give the same problem when I run dig +trace www.fransiplus.com The only place I can run the dig +trace www.fransiplus.com without

Re: NAMED LOGS

Hi Carl, > There seems to be a common idea in many educational institutions that > sending unwanted traffic in the name of research is ok. Which is why I have so many educational institutions are blacklisted in my firewall.. I nolonger report abuse, I simply add to the BL permanently now. 2 are

Re: NAMED LOGS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 2013-07-23 at 14:42 +1000, Mark Andrews wrote: > You just cost the rw adminstrators time and money investigation the > source of unexpected traffic. You cost everyone on the list some > time and money helping out the rw administrators. There

Re: New warning message...

On 7/23/13 7:36 AM, "Matus UHLAR - fantomas" wrote: >> In article , >> Matus UHLAR - fantomas wrote: >>> No, it does not. If a mail gets delivered to address, which is sending it >>> further ("forwarding it"), the envelope sender has to be changed, because >>> it's not the original sender who s

Re: New warning message...

In article , Matus UHLAR - fantomas wrote: No, it does not. If a mail gets delivered to address, which is sending it further ("forwarding it"), the envelope sender has to be changed, because it's not the original sender who sends the another mail. Forwarding without changing envelope address is

RE: Can I change the zone file from command line?

In that case how about other entries from same zone? I m talking about any consequences on static entries or the ones which I dont want to me dynamic. On 23 Jul 2013 16:45, "Kumar, Naveen, Vodafone Group" < naveen.kuma...@vodafone.com> wrote: > > > Manish, > > ** ** > > You can configure the z

Re: Can I change the zone file from command line?

Well, I am trying to configure DNS System Monitoring stuff with Nagios plugins. This monitor the server status and if any of th link fails remove the said IP from zone and reload the zone. This entry would have low TTL so that traffic would be routed to new entry instantly. Lets say I have two ISP

Re: NAMED LOGS

* Mark Andrews [2013-07-23 06:42]: >> The method is described here (Figure 4): >> http://homes.cs.washington.edu/~gribble/papers/king.pdf >> >> Using a delegation is a technical detail. It's not different than >> sending a query directly to the zone servers. > > Send queries for domains that the s

RE: resolving-problem

Thank you so much for your email and support, Pls, See, the dig + trace output when use ns1.nesma.net.sa, at the end it say connection timedout. so please can you to find out the problem is from where??? [root@ns1 ~]# dig +trace www.fransiplus.com , .