On Thu, Aug 7, 2014 at 10:39 AM, Robert Moskowitz wrote:
> I have a server that is only running bind 9.8.2 (Centos 6.5). It has 2Gb
> memory and free reports ~1.7Gb used.
>
> I am looking at replacing this server with an armv7 board running Redsleeve
> (until Centos 7 is out and stable for armv7)
I have upgrade the bind version on one of my cache servers to 9.9.5. This has
resolved the issue of non-authoritative responses not being passed on to
clients.
Thank you for your assistance.
Jared Empson
Systems Administrator
Zito Media
814.260.9450
On Aug 6, 2014, at 8:45 PM, Jared Empson
I have a server that is only running bind 9.8.2 (Centos 6.5). It has
2Gb memory and free reports ~1.7Gb used.
I am looking at replacing this server with an armv7 board running
Redsleeve (until Centos 7 is out and stable for armv7). I have a choice
of boards, one with 1Gb memory ($60) and one
gt; ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17193
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;losscontrol360.com <http://losscontrol360.com>.INA
>>
>
Jared Empson
Systems Administrator
Zito Media
814.260.9450
On Aug 6, 2014, at 7:28 PM, Mark Andrews wrote:
>
> In message <3a1ebfdb-a033-4e07-be61-9f6ba6916...@zitomedia.com>, Jared Empson
> w
> rites:
>>
>> I manage a small group of cache only servers for an ISP. We run Bind 9.7
>
> You
In message <3a1ebfdb-a033-4e07-be61-9f6ba6916...@zitomedia.com>, Jared Empson w
rites:
>
> I manage a small group of cache only servers for an ISP. We run Bind 9.7
You run BIND 9.7.0 and haven't applied any of the maintainence releases
to BIND 9.7.
> and have noticed that several domains our c
You are in fact correct Harry, I never bothered with a whois, had I done
so I would have picked it up, put it down to too early in the morning,
so this problem is out of Jared's control, unless he also manages that
domain.
Ohh and nice to see you are actually behaving yourself on this list :)
Am 07.08.2014 um 00:33 schrieb Noel Butler:
> Apart from stupid SOA values, losscontrol360.com seems OK
OK? the failing NS query is caused by the errors below
this domain only works by luck from time to time
[harry@srv-rhsoft:~]$ dig NS losscontrol360.com
; <<>> DiG 9.9.4-P2-RedHat-9.9.4-15.P2.
On 07/08/2014 06:03, Jared Empson wrote:
What our cache server receives:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38342
;; flags: qr ; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1280
;; QUESTION SECTION:
;losscontrol
interesting, that is indeed wrong configured
http://www.intodns.com/losscontrol360.com
on the other hand all my recursive bind 9.9.4 nameservers
resolve it as well my homeserver which is using the caching
named on the office as forwarder
also the unbound instance running as caching server on
our
I manage a small group of cache only servers for an ISP. We run Bind 9.7 and
have noticed that several domains our customers would like to access are
unavailable from our cache servers. These same domains work on other provider
networks such as Verizon or Google.
What I have found is that t
On Wed, Aug 06, 2014 at 02:02:33PM -0400, Tomas Hozza wrote:
> As far as I understand, without native-pkcs11 OpenSSL is used for crypto
> operations if the provided PKCS#11 library did not support some operation, or
> if the PKCS#11 provider library was not provided/was not available at all.
>
> W
>
> Personally I'd like to extend UPDATE
>
> allow-addzone { acl; };
> allow-delzone { acl; };
> e.g.
> nsupdate
> new zone
> server addresss [port]
> key name:secret
> [masters ]
> [allow-query ]
> [allow-transfer ]
> [allow-update ]
- Original Message -
> On Wed, Aug 06, 2014 at 05:14:53PM +0100, Tony Finch wrote:
> > > Right now it is not possible, and when named is built with
> > > --enable-native-pkcs11 it can not run without HSM and some PKCS#11
> > > provider library.
> >
> > Would using SoftHSM solve your proble
- Original Message -
> Tomas Hozza wrote:
>
> > Right now it is not possible, and when named is built with
> > --enable-native-pkcs11
> > it can not run without HSM and some PKCS#11 provider library.
>
> Would using SoftHSM solve your problem?
No. We don't want to install SoftHSM by def
On Wed, Aug 06, 2014 at 05:14:53PM +0100, Tony Finch wrote:
> > Right now it is not possible, and when named is built with
> > --enable-native-pkcs11 it can not run without HSM and some PKCS#11
> > provider library.
>
> Would using SoftHSM solve your problem?
>
> http://www.opendnssec.org/softhsm
Tomas Hozza wrote:
> Right now it is not possible, and when named is built with
> --enable-native-pkcs11
> it can not run without HSM and some PKCS#11 provider library.
Would using SoftHSM solve your problem?
http://www.opendnssec.org/softhsm/
http://ftp.isc.org/isc/bind9/9.10.0-P2/doc/arm/Bv9
Hello.
I'm trying to figure out how can named be built with --enable-native-pkcs11
and run without the PKCS#11 provider library.
Our use-case is that given how OpenSSL does not support PKCS#11 properly,
we would like to use the the native-pkcs11 if using some HSM, but by default
run named without
Mark,
That looks like a nice format for it.
I'd still like to see named.conf mark some zones as
uneditable via rdnc, just in case I want to allow a
peer institution to add/remove zone where I'm the
secondary, I want some mechanism to prevent them from
accidently deleting zones I'm actually the
19 matches
Mail list logo
