Mark Andrews wrote:
>
> And the issue almost certainly is not providing a complete enough
> change root environment. Gost dynamically loads the crypto engine
> after named starts.
I have a lot of sympathy for anyone who encounters this problem because it
took me a long time to work out what the
Hello , guys, I would like to know how to properly update my chroot bind
version.
I still can not get some nice doc / info about it.
Im using:
[root@centos-dns1 ~]# named -v
BIND 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3
running on a
[root@centos-dns1 ~]# uname -a
Linux centos-dns1.virtual.com.ar 2.6
And the issue almost certainly is not providing a complete enough
change root environment. Gost dynamically loads the crypto engine
after named starts.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Thanks
Larry Stewart, CISSP
Contractor - ManTech
Network Engineer
Office: 520-538-4227
DSN: 879-4227
Cell phone: 520-227-8251
larry.c.stewart@mail.mil
-Original Message-
From: Tony Finch [mailto:fa...@hermes.cam.ac.uk] On Behalf Of Tony Finch
Sent: Monday, July 27, 2015 1:58 PM
To:
Stewart, Larry C Sr CTR DISA JITC (US) wrote:
> Thank you that was the trick. What impact does that have on crypto
> operations used by BIND?
GOST is the Russian equivalent of NIST. They publish cryptography
standards, amongst other things. There are RFCs describing how to
use GOST crypto with T
Thank you that was the trick. What impact does that have on crypto operations
used by BIND?
Larry Stewart, CISSP
Contractor - ManTech
Network Engineer
Office: 520-538-4227
DSN: 879-4227
Cell phone: 520-227-8251
larry.c.stewart@mail.mil
-Original Message-
From: Tony Finch [mailto:fa.
> Indeed. But why does it query for NS?
When you don't specify a name, dig looks up ./NS by default.
When the code for this was originally written, I guess it didn't
occur to anyone that you might have specified a type but not a name.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, I
"Matthew Horsfall (alh)" writes:
> Attempting to 'dig' for 'md' does something really weird. What am I
> missing?
The dot. Use "dig md." so dig doesn't take the md as the obsoleted
RR type md for mail destination.
There are more of those name clashes such as MX, CH etc.
jaap
___
On Mon, Jul 27, 2015 at 04:33:06PM +0100, Tony Finch wrote:
> It isn't a very good idea to use the same key for zone transfers and
> for rndc. It is common to allow zone transfers to third parties, and
> you don't want them to be able to fiddle with your name server!
Sometimes, in my experience, p
Matthew Horsfall (alh) wrote:
> On Mon, Jul 27, 2015 at 12:19 PM, Matthew Horsfall (alh)
> wrote:
> > Attempting to 'dig' for 'md' does something really weird. What am I missing?
>
> Ah, md is an obsolete RRTYPE. Nevermind! (Just like typing "dig a".)
Indeed. But why does it query for NS?
;; Q
On Mon, Jul 27, 2015 at 12:19 PM, Matthew Horsfall (alh)
wrote:
> Attempting to 'dig' for 'md' does something really weird. What am I missing?
Ah, md is an obsolete RRTYPE. Nevermind! (Just like typing "dig a".)
-- Matthew Horsfall (alh)
___
Please vis
Attempting to 'dig' for 'md' does something really weird. What am I missing?
mhorsfall@dumai:~$ dig m
; <<>> DiG 9.9.5-4.3ubuntu0.2-Ubuntu <<>> m
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44519
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0,
Managed Pvt nets wrote:
>
> Jul 27 14:40:24 hostname named[6016]: zone myzone.co.zw/IN: transferred
> serial 2015072400: TSIG 'rndc-key'
It isn't a very good idea to use the same key for zone transfers and
for rndc. It is common to allow zone transfers to third parties, and
you don't want them t
Stewart, Larry C Sr CTR DISA JITC (US) wrote:
> I am having issues with bind failing to start due to a crypto failure
> when I compile with the --with-openssl option when I have openssl
> version 1.0.2d or 1.0.2c
>
> Is anyone aware of any compatibility issues between bind and openssl
> version 1
I am using a prebuilt binary will give compiling it myself a try and see what
that yields.
Larry Stewart, CISSP
Contractor - ManTech
Network Engineer
Office: 520-538-4227
DSN: 879-4227
Cell phone: 520-227-8251
larry.c.stewart@mail.mil
-Original Message-
From: bind-users-boun...@lists
On 24/07/2015 6:07:09 PM, "John Miller" wrote:
On Fri, Jul 24, 2015 at 11:52 AM, Mark Elkins wrote:
On Fri, 2015-07-24 at 15:44 +, Managed Pvt nets wrote:
>
>
> On 24/07/2015 5:05:24 PM, "Alan Clegg" wrote:
>
> > Possible problems:
> >Mismatched keys.
> >Mismatched key names.
On 24/07/15 17:52, Mark Elkins wrote:
> TSIG is a step towards better security. Rather learn how to use it than
> go backwards. I see TSIG as a step towards DNSSEC...
I also agree with this principle. At the RIPE NCC we've been trying to
get all the operators we provide secondary for to use TSIG.
17 matches
Mail list logo
