> On 5 Jan 2017, at 22:09, Lars Kulseng wrote:
>
> Any other thoughts on the naming of the zone? If I wanted to obfuscate the
> name, I could use a reserved TLD like .test or .invalid. This would never
> appear in the wild.
Ah. Well. You explained your reason for obfuscating the zone name ve
Personally I'd just ask named.
% rndc status
version: BIND 9.11.0
running on rock.dv.isc.org: Darwin x86_64 12.6.0 Darwin Kernel Version 12.6.0:
Wed Mar 18 16:23:48 PDT 2015; root:xnu-2050.48.19~1/RELEASE_X86_64
boot time: Fri, 30 Dec 2016 04:42:08 GMT
last configured: Fri, 30 Dec 2016 04:42:08
Server boot time is reported in the HTTP statistics channel.
For example, with this in named.conf:
statistics-channels { inet * port allow { localhost; }; };
$ curl http://localhost:/json/v1/status
{
"json-stats-version":"1.2",
"boot-time":"2017-01-05T22:01:35.313Z",
"config-time":
tor. 5. jan. 2017 kl. 16:54 skrev Tony Finch :
> Lars Kulseng wrote:
> >
> > I wasn't aware that the ACL-clause could include TSIG-keys as well as
> > IP-addresses. So far I've been using the masters-clause to make the
> actual
> > list of servers and keys, but also using the server-clause. Perha
ps -C named -o start,lstart is the time since the process was started.
One can also force BIND to “reset” with a SIGHUP without actually stopping and
starting the daemon.
This will cause (among many other things) the pid file to be reset. (You can
also find a “general: notice: running” about t
I don't know the official answer, but I can tell you the PS method reports to
me November, which is the last time named was started; whereas the pid file
date shows noon today, a few hours ago.
Ryan Pavely
Cologix
http://www.cologix.com/
On 1/5/2017 3:54 PM, Jonathan Reed wrote:
Hi,
Hi,
I'm running rndc stats and trying to determine how long the stats are good
for. I'm querying the server start time by a couple methods but they're not
the same. Which one should I rely on?
$ date -r /var/run/named/named.pid
Sun Jan 1 03:38:04 EST 2017
$ ps -C named -o lstart=
Sat Dec 24 12:0
On 5 January 2017 at 14:36, Lars Kulseng wrote:
>
> I wasn't aware that the ACL-clause could include TSIG-keys as well as
> IP-addresses.
>
As I understand it, you have to be careful mixing TSIG keys and IP
addresses within an ACL, as it's "first match wins"
So if you have a key and an IP liste
Lars Kulseng wrote:
>
> I wasn't aware that the ACL-clause could include TSIG-keys as well as
> IP-addresses. So far I've been using the masters-clause to make the actual
> list of servers and keys, but also using the server-clause. Perhaps the
> server-clause is unnecessary, and I can simply refe
On Thu, Jan 5, 2017 at 6:11 AM, Tony Finch wrote:
> Debarghya Mandal wrote:
>>
> do, you'll have to write a custom back-end, or use some other more
> scriptable DNS software such as PowerDNS.
>
Thanks, Tony - I didn't quite have the guts to recommend PowerDNS on
the BIND list!
John
--
John Mi
-- Forwarded message -
From: Lars Kulseng
Date: tor. 5. jan. 2017 kl. 15:34
Subject: Re: Need feedback on RPZ service setup
To: Tony Finch
tor. 5. jan. 2017 kl. 14:24 skrev Tony Finch :
Lars Kulseng wrote:
> I am setting up BIND to be used as a way to disseminate RPZ-zones fo
From: Tony Finch
> BIND will only send NOTIFY to a zone's advertised name servers -
"stealth
> slaves" like your consumers have to rely on the SOA refresh timer.
Why not use also-notify to specify client servers?
Confidentiality Notice:
This electronic message and any attachments may contain
Lars Kulseng wrote:
> I am setting up BIND to be used as a way to disseminate RPZ-zones for use
> by third parties. I would like some feedback on my setup.
Overall it sounds very sensible to me. A few notes...
> Access control is done by using TSIG-keys, with separate keys for: updates,
> M1->S
I am setting up BIND to be used as a way to disseminate RPZ-zones for use
by third parties. I would like some feedback on my setup. Any pitfalls I
may encounter would be great to hear about.
The system will only serve up RPZ-zones to external parties that will
zone-transfer the RPZ-zone to use in
Debarghya Mandal wrote:
>
> 1. Is there a way to load custom DNS record from zone file?
https://tools.ietf.org/html/rfc3597
Handling of Unknown DNS Resource Record (RR) Types
It isn't very pretty, though :-)
> 2. Once bind loads that data, for certain zones, for A//CNAME request
> types I
15 matches
Mail list logo
