On 05/09/2017 03:15 AM, Tony Finch wrote:
The classic solution is to make one view a slave of the other. Configure
the slave zone with `masters { localhost key my-tsig; };` and configure
the master view with `match-clients { key my-tsig; };`.
OK, I think I've got this nailed down. I had to mo
devz...@web.de wrote:
>
> i´m curious why it doesn`t work with rpz zone like normal zones.
The RPZ machinery (mostly) works between getting an answer and returning
it to a client, which is why it is called "response policy". At the moment
it is a one-shot thing, but you are asking for RPZ to appl
that would subvert the idea of rpz overriding, as i would need to create zone
files for zones i want to manage in rpz zone.
i´m curious why it doesn`t work with rpz zone like normal zones.
is that considered to be a bug, a missing feature or possibly intentional ?
roland
> Gesendet: Dienstag,
devz...@web.de wrote:
>
> We use lot`s of CNAME aliasses for server virtual host name aliasses, i.e.
>
> myserver IN A 1.2.3.4
> myserver-vhost1IN CNAME myserver.
> myserver-vhost2IN CNAME myserver.
> myserver-vhost3IN CNAME myserver.
>
>
Hi there,
On Tue, 9 May 2017, Paul Seward wrote:
... I'm not so much asking for a fix as asking how I can find more
information. ...
grep '\(released\|security\)' bind-9.10.5/CHANGES | head -n 90
--
73,
Ged.
___
Please visit https://lists.isc.org/
Paul Seward wrote:
>
> I thought I might get that sort of response, I'm not so much asking for a
> fix as asking how I can find more information.
It'll be one of the 42 CVEs in the table at the top of this page:
https://kb.isc.org/article/AA-00913/74/BIND-9-Security-Vulnerability-Matrix.html
I t
Hello,
we have lots of internal extra zones on our dns for development overrides.
I came across RPZ in bind, which looks interesting to us because we could drop
tons of extra zones and put everything in a rpz-development-override zone file.
I tried RPZ and i can successfully put in an A record
Hi Jim,
I thought I might get that sort of response, I'm not so much asking for a
fix as asking how I can find more information.
We're in the process of migrating from this version of bind to something
more recent - and may well use this incident as a lever to speed up some of
the political hurdl
Gordon Messmer wrote:
> On 05/08/2017 03:26 AM, Tony Finch wrote:
> > You can't have zones in different views (which sre by implication
> > different zones, or different versions of the same zone) pointing to the
> > same files on disk, because updates to one version will corrupt the other
> > ve
Hi all,
We've got some recursive-only servers running bind 9.8.1 on CentOS 6.9
(using 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.1 from the CentOS repos)
They've unexpectedly quit a couple of times in the last month, leaving
errors like this in the logs:
09-May-2017 09:12:56.747 dnssec: info: validati
Am 09.05.2017 um 06:52 schrieb Gordon Messmer:
>> You might also want to take a look at the dnssec-keymgr utility:
>> https://ftp.isc.org/isc/bind9/9.11.1/doc/arm/man.dnssec-keymgr.html
>
> That looks great. Red Hat is shipping bind 9.9, so I hadn't seen it.
> I'd imagine it doesn't actually dep
11 matches
Mail list logo
