Reading this my mind with to: "Monitor it with Nagios, Fix it with Cfengine" --
http://www.sladder.org/?p=261
Which probably first raises the question on whether you use Cfengine and you
have Cfengine managing your DNS?
For me the answer is yes...but haven't had a situation where we would wan
Stephane Bortzmeyer wrote:
>
> 24-Jul-2013 07:39:25.480 zone example/IN (signed): Key
> example/RSASHA256/46747 missing or inactive and has no replacement: retaining
> signatures.
>
> Which I do not understand. They key is there:
>
> % ls -lt /tmp/bind/Kexample.+008+46747*
> -rw-r--r-- 1 bortzme
In message <20130724094623.gb12...@nic.fr>, Stephane Bortzmeyer writes:
> On Mon, Jul 22, 2013 at 12:39:53PM +0200,
> Matus UHLAR - fantomas wrote
> a message of 28 lines which said:
>
> > This was discussed here already, and imho this is anti-spf bullshit
> > like all those "spf breaks forwa
On 7/24/13 2:29 AM, Stephane Bortzmeyer wrote:
> I'm trying "auto-dnssec maintain;" with a BIND 9.9.3-P1. My
> configuration is:
>
> options {
> directory "/tmp/bind";
> key-directory "/tmp/bind";
Not sure if this is the problem, but have you tried with
"managed-keys-directory" i
On 7/24/2013 5:50 AM, Stephane Bortzmeyer wrote:
On Tue, Jul 23, 2013 at 02:30:49PM -0400,
Kevin Darcy wrote
a message of 565 lines which said:
When you dial a telephone number, do you worry that your dialing may
have "consequences" against telephone numbers that you *didn't*
dial? Seems v
Hi Dan,
At 03:07 24-07-2013, McDonald, Dan wrote:
SPF RR types are already standards track - see RFC 6652. An
informational rfc warning that the standard is not being adopted
should be seen as a call to fix the admins, not discard the standard.
The SPF specification is not on the Standards Tra
On Wed, Jul 24, 2013 at 10:52:51AM -0400,
James Chase wrote
a message of 64 lines which said:
> However if I try to ping dns3.mandala-designs.com from different
> network locations it still returns the IP address of our old server,
Probably the usual problem with in-zone name servers: glue no
This isn't exactly a bind issue but I recently changed our slave dns server
to a new IP address in a remote location for our domain 'mandala-designs.com'.
I updated our dns record in bind to point to the new location of our dns
server: dns3.mandala-designs.com at 192.241.200.20. I added the PTR for
In message <20130724093737.ga12...@nic.fr>, Stephane Bortzmeyer writes:
> On Mon, Jul 22, 2013 at 03:01:47PM +1000,
> Mark Andrews wrote
> a message of 56 lines which said:
>
> > It SHOULD have record of type SPF as per RFC 4408. Named will
> > complain if both types are not present.
>
> Th
On Jul 24, 2013, at 4:48 AM, "Stephane Bortzmeyer" wrote:
> On Mon, Jul 22, 2013 at 12:39:53PM +0200,
> Matus UHLAR - fantomas wrote
> a message of 28 lines which said:
>
>> This was discussed here already,
[...]
>> The SPF RR is already
>> here and is preferred over TXT that is generik RR t
On Tue, Jul 23, 2013 at 02:30:49PM -0400,
Kevin Darcy wrote
a message of 565 lines which said:
> When you dial a telephone number, do you worry that your dialing may
> have "consequences" against telephone numbers that you *didn't*
> dial? Seems very unlikely.
OK, but switching from a static
On Mon, Jul 22, 2013 at 12:39:53PM +0200,
Matus UHLAR - fantomas wrote
a message of 28 lines which said:
> This was discussed here already, and imho this is anti-spf bullshit
> like all those "spf breaks forwarding" FUD. The SPF RR is already
> here and is preferred over TXT that is generik RR
On Mon, Jul 22, 2013 at 03:01:47PM +1000,
Mark Andrews wrote
a message of 56 lines which said:
> It SHOULD have record of type SPF as per RFC 4408. Named will
> complain if both types are not present.
Then, named is now wrong, since RFC 6686.
___
I'm trying "auto-dnssec maintain;" with a BIND 9.9.3-P1. My
configuration is:
options {
directory "/tmp/bind";
key-directory "/tmp/bind";
};
zone "example" {
type master;
file "example";
inline-signing yes;
auto-dnssec maintain;
};
Apparently, ev
14 matches
Mail list logo
