dns cache issue

With new windows update last day, we notice something strange, our local DNS cache server timeout on lookups. For example lookup google.com, 1 minute later fails timeout looking up, but since it has already looked it up it should have returned answer from cache yes? google has a 5min TTL, my cache

Re: bind keyfile lookup failures

named is looking for K files that match the DNSKEY records in the zone and is not finding them. Removing K files too early or having them in the wrong place will produce these errors. You can work out which DNSKEY record matches the number with dig +rrcomments or dig +multiline. [beetle:~/git/bi

bind keyfile lookup failures

I've had bind 9.9.4 doing dnssec for a few years now. All the zones are configured with: key-directory "/var/named/keys"; auto-dnssec maintain; inline-signing yes; I just added a bunch of zones, and 8 of them are failing with: dns_dnssec_findzonekeys2: error reading priv

Re: repeated 16 hour interval spike in authoritative PTR lookups

In article , jm9386 wrote: > also the vast majority - over 95% of the queries we are seeing are coming > from open resolvers on the Internet - distributed all over the world. It > seems awfully suspicious for resolvers all over the world to decide to query > PTR records for our ISP related in-a

Re: repeated 16 hour interval spike in authoritative PTR lookups

also the vast majority - over 95% of the queries we are seeing are coming from open resolvers on the Internet - distributed all over the world. It seems awfully suspicious for resolvers all over the world to decide to query PTR records for our ISP related in-addr.arpa space every 16 hours. -- S

repeated 16 hour interval spike in authoritative PTR lookups

We have been noticing repeated LARGE spikes in in-addr.arpa queries for PTR records in arpa zones we are authoritative for. It looks like network scanning, or data mining, perhaps nmap processes or something. It started roughly beginning of December and re-occurs roughly every 16 hours. Im wond

BIND DNS rate-limit: qps-scale understanding

Hey bind-users, I have a few questions concerning qps-scale. Referencing: http://www.zytrax.com/books/dns/ch7/hkpng.html#rate-limit

Re: SSL cert for lists.isc.org expired on Saturday, December 29, 2018

On 01/01/2019 07:08, Noel Butler wrote: I thought that Let's Encrypt wanted to roll / revalidate SSL certs every 90 days.  IIRC they have automation for apache and DNS tools when it comes to revalidation. acme.sh FTW On a personal site I've just used the Apache "mod_md" module which does