On 2014-05-29 at 00:59 -0400, Phil Pennock wrote:
> The new DNSKEY had id=33768 and when I deployed it, Bind signed the SOA
> with it but nothing else.
Bind 9.10 ARM (PDF-only??):
"However, if the new key is replacing an existing key of the same
algorithm, then the zone will be re-signed increm
Is there an easy way in the named.conf logging to
have ALL logging go to local2 ?
I've created:
logging {
channel syslog-local2 {
syslog local2;
print-category yes;
print-severity yes;
};
category default { syslog-local2; };
category general {
On 2014-05-28 at 13:02 +1000, Mark Andrews wrote:
> If you want to finish transitioning to RSASHA256 just generate a
> zone signing key RSASHA256. Named will sort things out. You may
> end up with 3 sets of signatures for a while. Don't worry about
> it.
The new DNSKEY had id=33768 and when I d
Hello dear bind people,
I have produced a second part in the DNS-firewall howto
1. is howto setup a DNS-firewall part 1:
http://www.isc.org/wpcontent/uploads/2014/05/dns-firewall-howto.pdf
2. is new "Arming the DNS-firewall howto" and now lives at:
https://app.younited.com/?shareObject=ed24f5
Rack Space appears to have fixed the issue."dig
www.wip.rackspace.com NS" now returns NO DATA instead of NXDOMAIN.
I wonder how many more are lurking out there.
We are still getting a trickle in of complaints about slowness and
failures that appear to be related t
In message <20140528151909.ga66...@redoubt.spodhuis.org>, Phil Pennock writes:
> On 2014-05-28 at 13:02 +1000, Mark Andrews wrote:
> > In message <20140528012734.ga55...@redoubt.spodhuis.org>, Phil Pennock
> > writes:
> > > The registrar for my zone "xn--qck5b9a5eml3bze.jp" required a DNSSEC
> >
On 2014-05-28 at 13:02 +1000, Mark Andrews wrote:
> In message <20140528012734.ga55...@redoubt.spodhuis.org>, Phil Pennock writes:
> > The registrar for my zone "xn--qck5b9a5eml3bze.jp" required a DNSSEC
> > KSK update; good practice on their part.
>
> For most zones you never need to roll DNSSEC
Agreed that _DNS and BIND_ is the first place to start. After that, two
books I've liked are Jan-Piet Mens' _Alternative DNS Servers_ (free at
http://mens.de/:/altdnsbook) and Ron Aitchison's _Pro DNS and BIND_ (both
versions). The latter is probably the most current book out there at the
moment.
Hello Mark,
Sorry but I was referring to 9.10.0-P1. I've forgotten the last zero.
> On 28/05/2014, at 11:53, "Mark Andrews" wrote:
>
>
> Please, please, please use the FULL version when reporting or
> commenting.
>
> BIND 9.10-P1 does not exist. BIND 9.10 is a feature set of which
> BIND 9.1
Please, please, please use the FULL version when reporting or
commenting.
BIND 9.10-P1 does not exist. BIND 9.10 is a feature set of which
BIND 9.10.0 is the initial release and BIND 9.10.x (x>0) are
maintenance releases or if you want to use Microsoft terminology
Service Packs. BIND 9.10.X-PY
Thanks for the info. I don’t know how I missed the 9.10-p1 update.
_
Nicholas Miller, OIT, University of Colorado at Boulder
On May 28, 2014, at 8:36 AM, Vinícius Ferrão wrote:
> I've had the same crash those days. Just check if you hav
On 28.05.14 14:04, Baird, Josh wrote:
I realize that it is considered a bad practice for any authoritative
servers to perform recursion.
But it's not bad practice for recursive servers to provide authoritative
service for your own domains.
(like it's very bad when athletes dring much of alc
In message , "Baird, Josh" writes:
> Hi,
>
> I have historically hosted authoritative slave zones on my internal caching/r
> ecursive servers to override recursion for internal zones. These servers are
> not directly reachable from the internet. Generally speaking, I realize tha
> t it is cons
I've had the same crash those days. Just check if you have the latest 9.10
version. I wasn't running 9.10-p1.
Sent from my iPhone
> On 28/05/2014, at 10:30, "Nicholas F Miller"
> wrote:
>
> Not that they are related but we had a crash of bind about seven hours after
> installing 9.10:
>
> n
Hi,
I have historically hosted authoritative slave zones on my internal
caching/recursive servers to override recursion for internal zones. These
servers are not directly reachable from the internet. Generally speaking, I
realize that it is considered a bad practice for any authoritative serv
Not that they are related but we had a crash of bind about seven hours after
installing 9.10:
named[20831]: name.c:534: REQUIREname) != ((void *)0)) && (((const
isc__magic_t *)(name))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 |
('n')) failed, back trace
Back to 9.9.5 for now.
16 matches
Mail list logo
