rndc signing -nsec3param 1 0 10 03F92714 example.net.|
||Thx
CT
On 10/18/18 12:05 PM, CT wrote:
All.
Not much on the subject other than a few posts.
didn't find anything in my last ARM search either..
Thx
CT
___
Please visit https://lists.isc.org/mailma
All.
Not much on the subject other than a few posts.
didn't find anything in my last ARM search either..
Thx
CT
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-
On 10/01/2011 04:40 AM, Matthew Seaman wrote:
On 01/10/2011 09:25, CT wrote:
I have a few static zones that I sign via script
keydir = directory for both KSK and ZSK
$zone = zone file
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
Fetching KSK 4054/RSASHA256 from key
s are published, how do I make 1 standby
Thx
CT
To be more specific , can I do this with the dnssec-signzone tool versus a
$include/stand-by-key
in the zone file
Thx
CT
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
s are published, how do I make 1 standby
Thx
CT
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On 09/01/2011 11:53 PM, Vbvbrj wrote:
On 01.09.2011 19:01, CT wrote:
so did you end up setting up a slave zone (for the internal AD DNS)
on your public DNS server ?
No, for now I just left the AD DNS (Microsoft DNS) instead of BIND. I
didn't have time to move all DNS servers to BIND and
On 09/01/2011 07:59 AM, Vbvbrj wrote:
I had the same question a while ago. Using bind with forward only to an
AD DNS will get to errors for infrastructure, because of BIND caching
unable to disable for this forwarded zone. Also BIND does not redirect
all updates queries to AD DNS, while in an AD
Hello,
Do add "forward only;" to this zone statement.
Is this name server available/visible to the Internet ?
--> add "allow-query" statement to limit who can query for your internal
zone.
Kind regards,
Marc Lampo
Security Officer
EURid
-Original Message---
x.1; // ad server 1
xxx.xxx.xxx.2; // ad server 2
};
};
*****
Thx
CT
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
On 7/28/2011 4:58 PM, Kevin Darcy wrote:
On 7/28/2011 12:26 PM, CT wrote:
I am wondering what might be a good "workaround" for this
legacy setup...
Will do my best to explain..
IP Space
- 1 Class B Global Unique (used Externally and Internally)
- 1 Class B RFC1918
DNS Setup
Ex
ple-ext.com. since a valid PTR zone already exists..
The only solution that I have come up with is to manually
put the "external" PTR records in the AD PTR Zone file.
Not sure if there is a resolution to do in MS DNS but will ask the same
question in tha
On 05/12/2011 08:15 PM, Mark Andrews wrote:
In message<4dcc225f.8000...@obsd.us>, CT writes:
Primary Name server
bind- 9.7.3
OS- CentOS 5.6
Authoritative for 2 zones using DNSSEC
This may be an obvious question but I will ask anyway.. :)
I want to change the name of the serve
ew keysets to the registrar.
Thx
CT
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
with slaves to make sure named.conf are correct
Other than that are there any gotchas.. ??
I am wondering if I will have to "unsign" my zones
and the upload new keysets to the registrar.
Thx
CT
___
bind-users mailing list
bind-users@lists.isc
On 11/22/2010 01:01 AM, Ben McGinnes wrote:
On 22/11/10 5:05 PM, Doug Barton wrote:
On 11/21/2010 21:58, Ben McGinnes wrote:
On 22/11/10 7:12 AM, Doug Barton wrote:
On Thu, 18 Nov 2010, CT wrote:
- BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
Really old, definitely needs upgrading.
That just
Kevin Darcy wrote, On 11/18/2010 02:19 PM:
On 11/18/2010 1:36 PM, CT wrote:
I am looking for a best practices for dns query logging
Versions in use on Linux...
- BIND 9.7.1-P2
- BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
The minimum logging statement in my test named.conf (bind 9.7.1-P2
I am looking for a best practices for dns query logging
Versions in use on Linux...
- BIND 9.7.1-P2
- BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
The minimum logging statement in my test named.conf (bind 9.7.1-P2)
logging
{
category lame-servers { null; };
category resolver
Sukman wrote, On 10/30/2010 12:42 AM:
Looking to write a script to create the PTR records..
Not much on the Web..
I had some script that may help you... :)
Example of input file to be generated:
InstitutTeknologiBandung192.168.0.154 router2.id192.168.0.153
router1.id
local 192.168
Looking to write a script to create the PTR records..
Not much on the Web..
Thx
CT
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
All..
We have 2008 M$ dns servers (running M$ DNS ) and bind servers on Linux
We are looking to tweak the M$ servers down to the same "level" as
the bind servers.. if possible..
the bind logging statement
-
category lame-servers { null; };
category resolver { null; };
categor
On 10/07/2010 05:40 PM, Eivind Olsen wrote:
--On 7. oktober 2010 16.55.54 -0500 groups wrote:
One party thinks that disabling query logging will give enormous
performance gains, while 30% is a lot.. IMHO it is very negligible in CPU
cycles when the named process only is taking up > 10% CPU..
an
Hardware: Dell PowerEdge 2850
OS: RHEL 5.5 32 bit (no X)
Bind: BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
RAM:2 Gig
Processes: Bind, ntp, ssh
My question(s):
1) How do I deternine the number of threads Bind is currently using ?
per the man page
-
On 08/27/2010 11:32 AM, Alan Clegg wrote:
On 8/27/2010 11:42 AM, CT wrote:
Per my isc class and the book I received by Jeremy C. Reid ..
you still need to "include" your keys in the zone file either
via
$include/KSK
$include/ZSK1
$include/ZSK2
or
(cat *.key> allkeys) which i
I just migrated my dns server to bind 9.7.1-P2
KSK
dnssec-keygen -r /dev/urandom -a RSASHA256 -b 2048 -f KSK $zone
ZSK
dnssec-keygen -r /dev/urandom -a RSASHA256 -b 1024 $zone
SIGN
dnssec-signzone -S -C -g -a -H 10 -3 -K $zone
Per my isc class and the book I received by Jeremy C. Reid ..
you
I have successfully built on CentOS 5.5 (32bit)
(I do a very simple install with no desktop.. )
BIND 9.7.1-P2 built with '--prefix=/usr/local'
'--sysconfdir=/etc/namedb' '--disable-openssl-version-check'
'--with-openssl=yes'
Some notes I had made
---
Compiling from source is very simple once
Overview
- internal DNS server with RFC1918 IP (old ip)
- wish to move to a global unique IP but still remain internal (new ip)
- keep the same name
Clients would still use the old IP until the migration had been completed.
What would be the preferred method to "forward" all requests from
the ol
old zone file
---
$ORIGIN .
$TTL 3600
example.com IN SOA ns.example.com. root.example.com (
2010071402 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
Hello,
I'm having a bit of difficulty setting up bind on FC11 (x64) which I'm
using in a standalone network environment (i.e. no external network
connectivity; essentially a closed dev network). I loaded the package
from Red Hat and started it running as a service after building my zone
files
28 matches
Mail list logo
