On Mon, 2025-05-12 at 15:20 +0100, Ondřej Surý wrote:
>
> > On 12. 5. 2025, at 15:11, MCBRIDE, DAVID W.
> > wrote:
> >
> > The alternative is to disable the creation of all empty zones
> > entirely with `empty-zones-enable no;`, however, this is
> &
safety feature in BIND that prevents private DNS
queries for any unconfigured private zones from being passed up to the
DNS root?
(I've had a skim of the BIND changelog since the older version that I'm
running, and didn't see any headline entries indicating a change in
this area.)
Hope
Thank you so much for the detailed explanation!
Wish you all a great weekend.
Kind regards
David Carvalho
-Original Message-
From: Mark Andrews
Sent: 21 November 2024 22:23
To: David Carvalho
Cc: bind-users
Subject: Re: Simple question - trailing "." in zone file
The final
e same way. Both versions 9.16-9..on
Oracle Linux.
The official documentation doesn't use the trailing "."
What are the differences, if any?
Thanks!
Kind regards
David
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the de
Why not? It clearly shows that arguing this 'free' argument is a bit narrow.
Because the scenarios are completely different. By using open source
software you enter a legal contract.
No that is not the point of open source software. The point of open source
software is that the code is available
I get the point you're trying to make. I just don't think a volunteer
crosswalk and a car accident is an appropriate analogy for open source
software.
The whole point of open source software is that you as a user get software
for free and if something goes wrong you are free to collaborate to fix
My kid would know better than to take free candy. And if he did he would
know there is a risk involved for which only he would be responsible.
On Fri, Aug 23, 2024 at 3:12 PM Marc wrote:
> >
> > That being said. It's preposterous to complain about free software.
> >
> >
>
> So if some store own
Software problems make some people angry but they make me very happy.
Some people are underpaid and work under tremendous pressure leading to
anger. It's understandable.
That being said. It's preposterous to complain about free software.
On Fri, Aug 23, 2024 at 1:52 PM Tim Daneliuk wrote:
> O
to use my custom TLD server for the .net domain.
Best Regards,
David Farje
On Wed, Jun 26, 2024 at 10:58 AM Cuttler, Brian R (HEALTH) via bind-users <
bind-users@lists.isc.org> wrote:
> Running Bind 9.18.18 on Ubuntu 22.04
>
>
>
> We would like to use root servers within our o
I frontend DoH and DoT traffic with nginx and use that for
analytics/statistics.
Cheers,
David
On Wed, May 22, 2024 at 11:08 AM Havard Eidnes via bind-users <
bind-users@lists.isc.org> wrote:
> Hi,
>
> I recently had reason to enable BIND 9.18.27 to do DoT and DoH
> (done v
like libdns, ldns, or
getdns.
Cheers,
David
On Wed, May 22, 2024 at 7:47 AM Robert Wagner wrote:
> Sorry if this has already been hashed through, but I cannot find anything
> in the archive. Is there any chance someone can make dig and nslookup
> DNSSEC aware and force it to use DoT or
that much about the parent setup.
Anyway, thanks and regards!
David
From: bind-users On Behalf Of Petr Menšík
Sent: 21 April 2023 10:59
To: bind-users@lists.isc.org
Subject: Re: DNSSEC and forward zone
Would it make sense to create a subdomain for internal use, but have the main
zone
nssec, and even if
they were, the key would be different than that on the outside servers, which
is the same domain.
Not optimistic
Regards
David
-Original Message-
From: bind-users On Behalf Of Petr Špacek
Sent: 19 April 2023 10:35
To: bind-users@lists.isc.org
Subject: Re: DNSSE
Anyway, It is working using your suggestion. Apparently everything is also fine
from the outside.
But I’ll have to check Petr Špaček post and study more.
Thanks!
David
From: Darren Ankney
Sent: 19 April 2023 10:27
To: David Carvalho
Cc: Bind Users Mailing List
Subject: Re: DNSSEC
Hi and thanks for the reply.
Does it make sense to not validate my parent domain entirely? Wouldn’t that
also stop exterior validation when I request it?
Thanks!
David
From: Darren Ankney
Sent: 19 April 2023 10:27
To: David Carvalho
Cc: Bind Users Mailing List
Subject: Re: DNSSEC
y internal dns servers, I guess not using DNSSEC?
Can this only be accomplished by adding these entries to my parent domain?
Thanks!
Kind regards
David Carvalho
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this s
aok after restarting the service.
Thank you all who took the time to clarify me about this.
Kind regards
David Carvalho
-Original Message-
From: Mark Andrews
Sent: 14 April 2023 02:35
To: David Carvalho
Cc: Evan Hunt ; bind-users@lists.isc.org
Subject: Re: dnssec-validation?
&
are (again) my named.conf on the primary and secondary server to
find why dnssec-validation needs to be off on the primary.
Thanks!
David
-Original Message-
From: Mark Andrews
Sent: 14 April 2023 02:35
To: David Carvalho
Cc: Evan Hunt ; bind-users@lists.isc.org
Subject: Re: dnssec-
me I reconfigure and reload, I would stick with this version.
Regards
David
-Original Message-
From: Evan Hunt
Sent: 13 April 2023 18:08
To: David Carvalho
Cc: bind-users@lists.isc.org
Subject: Re: dnssec-validation?
On Thu, Apr 13, 2023 at 11:38:15AM +0100, David Carvalho wrote:
> P
Hello and thank you for the reply.
I can confirm my current dns servers have already EPEL repo enabled and
jemalloc package is available.
I'll setup my test machine accordingly to be able to install BIND 9.18. Will it
also provide named-chroot (is it really necessary?)
Thanks!
stick with provided packages.
Kind regards
David
-Original Message-
From: Ondřej Surý
Sent: 13 April 2023 14:40
To: David Carvalho
Cc: Bind Users Mailing List
Subject: Re: Fully automated DNSSEC with BIND 9.16
> On 13. 4. 2023, at 15:25, David Carvalho via bind-users
> wrote:
&g
Hello.
Both content and timestamps. I've been told previously here that there is a bug
prior to version 9.16.30. I'm using 9.16.23, no update available yet.
No, not removing 😉
Regards
David
-Original Message-
From: bind-users On Behalf Of Jan-Piet Mens
Sent: 13 April 202
rt?
Kind regards,
David Carvalho
-Original Message-
From: Evan Hunt
Sent: 12 April 2023 18:08
To: David Carvalho
Cc: bind-users@lists.isc.org
Subject: Re: dnssec-validation?
On Wed, Apr 12, 2023 at 05:41:33PM +0100, David Carvalho via bind-users
wrote:
> After reverting my primary dns
uot;SERVFAIL" to my client queries. I don't think I tested
dnssec-validation to no when dnssec was enabled, nor if this makes much
sense, but I can try.
Kind regards
David
On Wed, Apr 12, 2023 at 05:41:33PM +0100, David Carvalho via bind-users
wrote:
> After reverting my prima
mandatory? Any help appreciated.
Regards
David
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-use
Thank you so much!
Regards
David
-Original Message-
From: bind-users On Behalf Of Matthijs
Mekking
Sent: 11 April 2023 13:03
To: bind-users@lists.isc.org
Subject: Re: Fully automated DNSSEC with BIND 9.16
On 4/11/23 13:14, David Carvalho wrote:
> Hello and thank you so much for y
e top domain?
I'll have to read more about ZSK, KSK and CSK rollovers. All of this is new to
me so far.
Thanks!
David Carvalho
-Original Message-
From: bind-users On Behalf Of Matthijs
Mekking
Sent: 11 April 2023 11:16
To: bind-users@lists.isc.org
Subject: Re: Fully automated D
in?
2. Do Parental Agents help with this?
3. Which format should I use when providing the key to the top level
domain?
dnssec-dsfromkey /var/named/Kexample.com.+013+61141.key
or
grep DNSKEY /var/named/Kexample.com.+013+61141.key
Kind regards
David Carvalho
--
V
Hi.
Thanks for the reply. Very useful information!
Kind regards
David Carvalho
From: Jiaming Zhang
Sent: 24 March 2023 12:33
To: David Carvalho ; 'Petr Menšík' ;
bind-users@lists.isc.org
Subject: Re: dnssec-keygen not available in Bind9.16-utils package?
Hello Davi
Brilliant!
Thank you so much!
Regards
David
From: Petr Menšík
Sent: 24 March 2023 11:05
To: David Carvalho ; bind-users@lists.isc.org
Subject: Re: dnssec-keygen not available in Bind9.16-utils package?
I have tried it on fresh RHEL 8.7.0, which should be similar to what you get on
Thank you so much for your help.
Unfortunately it seems bind-utils 9.11 and 9.16 can not co-exist (at least in
Oracle Linux 8). I had problems with dependencies and didn’t force anything
until having more information.
Thanks once again!
Regards
David Carvalho
From: bind-users On Behalf
rward?
Thanks.
Os melhores cumprimentos
David Alexandre M. de Carvalho
═══
Especialista de Informática
Departamento de Informática
Universidade da Beira Interior
-Original Message-
From: bind-users On Behalf Of Jan-Piet Mens
Sent: 20 March 2023 18:12
To: bind-users@lists.is
be only available in version 9.11, and if I try
to install I get problems with dependencies .
Does anyone have some experience with this?
Kind regards
David
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this softwa
It helps a lot!!
I think I understand now.
Have a great day!
Regards
David
From: Greg Choules
Sent: 25 January 2023 10:34
To: David Carvalho
Cc: bind-users@lists.isc.org
Subject: Re: recursion yes/no?
Hi David.
With "minimal-responses", usually I would set it to "n
t
default behaviour when using "dig" can be useful.
Thank you!
Kind regards.
David
Os melhores cumprimentos
David Alexandre M. de Carvalho
═══
Especialista de Informática
Departamento de Informática
Universidade da Beira Interior
-Original Message-
From: Evan Hun
understand, there is no downside in maintaining this setting, right?
Thank you!
Kind regards.
David
From: Greg Choules
Sent: 24 January 2023 18:12
To: David Carvalho
Cc: bind-users@lists.isc.org
Subject: Re: recursion yes/no?
Hi David.
"recursion yes;" tells named that it
y differ in IPs and "master/slave" setting.
My questions:
Should I use recursion on both? (Bear in mind that I also want them to
provide chache to clients)
Why do I need "dig +norec" to get the exact output on my slave server?
Kind regards
David
--
Visit https://li
quite confident before I mess
with my servers.
Thanks.
David
-Original Message-
From: Mark Andrews
Sent: 13 January 2023 22:48
To: David Carvalho
Cc: bind-users@lists.isc.org
Subject: Re: Can not query localhost
Now you went from Oracle Linux 6 to Oracle linux 9.16 (b.t.w. no one keeps
keys-directory "/var/named/dynamic";
and everything worked. Still don't understand exactly why, I will continue
to investigate, but any feedback is welcome.
Thanks
Regards
David
-Original Message-----
From: bind-users On Behalf Of David
Carvalho via bind-users
Sent: 13 January
quot;, tcpdump shows it trying to connect to top
level IPs
And I keep getting SERVFAIL.
Regards.
David
-Original Message-
From: Marco
Sent: 13 January 2023 11:33
To: bind-users@lists.isc.org
Cc: David Carvalho
Subject: Re: Can not query localhost
Am 13.01.2023 schrieb David Carv
follows
listen-on port 53 { 127.0.0.1; my.ip.; };
listen-on-v6 port 53 { ::1; };
The configuration is as in the previous server, so I have no idea what I am
missing.
Any ideas?
regards
David
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
.ubi.pt internet address = 193.136.66.1
dns2.di.ubi.pt internet address = 193.136.66.2
I believe my records are properly created, so I need to understand this before
considering the steps bellow.
Thanks and best regards
David
My reverse file again:
$TTL 86400
@ IN SOA di.ubi.pt. po
works, 2 of them under my control.
I'll have to read more carefully your suggestions to see if I find an
alternative way to achieve this only by
modifying my zone files, without messing up my current setup. I'll let you know
how it goes.
Thanks once again.
David
> On 11/4/22 2:0
dr.arpa. zone that references the
>0-28.66.136.193.in-addr.arpa. zone.
Yes! But I never heard of intermediate zone before. As far as I know, my top
domain forwards all "di.ubi.pt" requests to me and that works.
Regards
David
-Original Message-
From: bind-users On Behalf
27;ll have to study more about some things you guys wrote. This is getting
complicated 😉
Regards
David
-Original Message-
From: bind-users On Behalf Of Grant Taylor
via bind-users
Sent: 04 November 2022 16:36
To: bind-users@lists.isc.org
Subject: Re: Reverse lookups not working when Interne
@lists.isc.org
Subject: Re: Reverse lookups not working when Internet connection failed.
On 04.11.22 15:41, David Carvalho via bind-users wrote:
>We've had an internet failure for a few days last week and as services
>got online I found the following:
>
>Dns queries about my.domain from my.
is
available? What could I be missing?
Thanks and regards.
David
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more informat
Thanks, Bruce, but no luck. There aren’t any builds for Rocky Linux 9 yet.
Regards,
Dave
From: David C. Templeton
Sent: Monday, August 29, 2022 7:53 AM
To: Bruce Johnson
Cc: Ondřej Surý ; bind-users@lists.isc.org
Subject: RE: Move from Development to Production
Thanks, Bruce. I’ll try it out
Thanks, Bruce. I’ll try it out.
Regards,
Dave
From: Bruce Johnson
Sent: Friday, August 26, 2022 4:28 PM
To: David C. Templeton
Cc: Ondřej Surý ; bind-users@lists.isc.org
Subject: Re: Move from Development to Production
CAUTION: This email originated from outside of the organization. Do not
says, "Software published in this Copr should be considered unstable."
Is it recommended for a production environment?
Regards,
Dave
-Original Message-
From: Ondřej Surý
Sent: Friday, August 26, 2022 2:33 PM
To: David C. Templeton
Cc: bind-users@lists.isc.org
Subject: Re:
I'm running Rocky Linux 9 servers. I've successfully downloaded, built, and
tested BIND from bind-9.18.4.tar.gz on a development server. How do I go about
packaging it for deployment to a production server that has no compilers
installed?
Regards,
Dave
--
Visit https://lists.isc.org/mailman/l
On 8/18/20 5:55 PM, Mark Andrews wrote:
> If you are getting RST responses check your firewall settings. RST is often
> forged
> when TCP is blocked. The root servers normally accept TCP connections.
>
> % dig +tcp gmail.com @a.root-servers.net +dnssec
Bingo. This query failed before adding a
bind 9.11.5.P4 on Debian 10
Greetings. I recently had to migrate a nameserver from FreeBSD to
Debian. It works fine most of the time but I've noticed a few
intermittent resolution failures.
After "gmail.com" failed to resolve I took a packet capture using
tcpdump to listen to the result of the co
erent but that is always to be expected when working within any Apple O/S
environment.
David
CONFIDENTIALITY NOTICE: This communication contains information intended for
the use of the individuals to whom it is addressed and may contain information
that is privileged, confidential or exempt
Authoritative.
Any advice would be helpful!
David Chandler
CONFIDENTIALITY NOTICE: This communication contains information intended for
the use of the individuals to whom it is addressed and may contain information
that is privileged, confidential or exempt from other disclosure under
applicable
!
- Mensagem Original
--
Assunto: dnssec-signzone
De: "David Alexandre M. de Carvalho"
Data:Seg, Abril 6, 2020 4:05 pm
Para:bind-users@lis
group to "named", and they are both readable.
Could anyone please tell me what am I doing wrong?
also, do I need to generate those 2 .key and .private files if I intend to sign
my several reverse zones?
Thank you very much!
Regards
Os melhores cumprimentos
David Alexandre
Thanks for the reply.
Actually my setup is just like 1) zone delegation
Am 03.04.20 um 15:20 schrieb David Alexandre M. de Carvalho:
> Where can I find about alternatives to point 2?
in the part you quoted from me
> I have a windows subdomain configured in that way, never realized there
Hi!
Where can I find about alternatives to point 2?
I have a windows subdomain configured in that way, never realized there was a
better way.
Thanks and regards.
Os melhores cumprimentos
David Alexandre M. de Carvalho
---
Especialista de Informática
e
respective IP network. Can I use the same
Keypair in all of them?
3) Are the files /etc/named.root.key file and /etc/named.iscdlv.key already
being used? I compared them to the result
of the DNSKEY dig query but they are different.
Thank you so much for your time!
Best regards
Von: bind-users im Auftrag von Warren Kumari
Gesendet: Freitag, 20. März 2020 18:15
An: bind-users
Betreff: Re: How to get random subset of large rrset (30+ IPs for round robin)?
On Fri, Mar 20, 2020 at 1:04 PM Matus UHLAR - fantomas
wrote:
>
> >On Fri, Mar 20, 2020 at 3:14
one A record it only returns a random subset of all these IPs.
Has someone an idea on how to achieve the latter?
Thanks a lot in advance!
David
Geschäftsführer: Christoph Ostermann (CEO), Oliver Koch, Steffen Schneider,
Hermann Schweizer, Tim Ulbricht.
Amtsgericht Kempten/Allgäu, Registernummer: 106
About a week-and-a-half ago, I wrote into the list, looking for some
help configuring RPZ. I wanted to have a name server (zurg) in a special
network that, when queried for two specific hosts (andy and sid) in a
zone, would give replies from its own information, while forwarding on all
other
On Tue, 28 May 2019, Carl Byington via bind-users wrote:
Hi, Carl - thanks for replying.
On zurg, add a new dns zone rpz.ncdot.gov
Your suggestion didn't work for me.
To test your suggestion, I had to add a "forwarders" statement to get
zurg to query buzz/woody; prior to testing,
On Tue, 28 May 2019, Grant Taylor via bind-users wrote:
Hello, Grant! Thanks for replying.
On 5/28/19 10:16 AM, David Bank wrote:
To recap what I'm attempting to create: a host in the 10. network knows
to ask buzz or woody for DNS resolution, and if such a host wants to
re
Hello to the list. Long-time BIND user here - a big "Thank You!" to ISC
for all they do.
I'm finding myself out past the limits of my knowledge, and I'm asking for
help. My environment is BIND 9.11.2, on SLES 12 SP4.
I'm thinking of using the Response Policy Zones feature to solve a
problem,
After recently improving the tracking of errors coming from commands
running from scripts, we found that a large number of “rndc reconfig”
requests (about 15-20% of all requests) error out with exit status 1
and the message:
rndc: ‘reconfig' failed: unexpected end of input
The “unexpected end of
Did the serial number get incremented?
On Wed, 27 Sep 2017, Stefan F?rster wrote:
Hello world,
I was seeing a strange problem where sometimes, changes to a file included in
a zone are not applied. Configuration is:
- internal and external view
- external zones with "auto-dnssec maintain" an
system is just slow :) But
the Microsoft platform in general is the problem not just one single end of
life platform :) Unfortunately we definitely can't drop support for all of
Microsoft lol
David Erickson
david.erick...@verizon.com
-Original Message-
From: bind-users [ma
On 2016-10-02 21:22, Reindl Harald wrote:
>
>
> Am 02.10.2016 um 22:42 schrieb David Ford:
>> On 2016-10-02 12:59, Reindl Harald wrote:
>>>
>>>> IOW, can a given *IP* appear in more than one A record? I realize
>>>> that this does have the problem t
On 2016-10-02 12:59, Reindl Harald wrote:
>
>> IOW, can a given *IP* appear in more than one A record? I realize
>> that this does have the problem that the reverses would resolve to
>> hostX not
>> test
>
> on IP should only have on PTR - period
>
> avoid anything else than PTR/A-matching if the m
y" data so I decided to try here. Its not breaking anything, I just
found it ironic that ISC's data mining was not honoring the TTL's in the
reverse zone delegations. Also, I found it annoying that they were
asking for the same reverse tens to hundreds of times over the cou
i have a project i'm in the middle of developing a project that uses
postgresql as the dlz backend and has a web interface. it works for most
day-to-day operations for zone edits (GUI zone add/remove not yet in
place) and it is multi-user concurrent and uses a small middleware to
replicate to multi
hen a client went away, its
record also got removed. But I am not sure if this is the real UL
implementation in BIND. I am also not sure about the LLQ feature.
Thanks.
David
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
t
work.
I have been researching to see what 's out there or what's the common
practice. Though this is a pretty common but so far I haven't turned
up any promising leads. I did find Avahi but not sure if this is one.
Any one has any suggestions?
Thanks.
David
On Sun, Mar 13,
Hi Everyone,
Is this the right place ask general DNS-SD questions? If not, can
someone point me to the right list? I can't seem to find one.
Thanks.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bin
d PTR records? In other words, is there any downside if I
don't have PTR records in my zone files?
David
On Mon, Feb 22, 2016 at 4:04 PM, Mark Andrews wrote:
>
> This is named trying to talk to nameservers over IPv6 and being
> told by the OS that they are unreachable.
>
>
53
Feb 22 15:27:38 dli-centos7 named[2170]: error (network unreachable)
resolving './NS/IN': 2001:dc3::35#53
Feb 22 15:27:38 dli-centos7 named[2170]: error (network unreachable)
resolving './NS/
I don't have a zone file that have these records defined. Any idea?
David
amed[13882]: client 10.4.3.101#52612
(rack1.com): transfer of 'rack1.com/IN': IXFR ended
Any idea why it's denied?
David
On Fri, Feb 19, 2016 at 11:19 AM, John W. Blue wrote:
> "kick off" as in update the zone and not by using dig.
>
> John
>
> Sent from Nine
&
/var/named";
allow-query {
10.4.1/24;
127.0.0.1;
};
};
For VM2 named.conf
options {
directory "/var/named";
allow-query {
10.4.3/24;
127.0.0.1;
};
};
On Fri, Feb 19, 2016 at 12:33 PM, John Miller wrote:
> Hi David,
>
> Somethin
Hi John,
Nothing in the /var/log/messages indicates transfer problems. In fact
I don't think the transfer ever started by itself for some reason
until I manually used "dig" to initiate.
David
On Fri, Feb 19, 2016 at 9:00 AM, John W. Blue wrote:
> Hello David,
>
>
dnsserver3.rack3.com.
$ORIGIN rack3.com.
dnsserver3 A 10.4.3.101
$TTL 3600 ; 1 hour
node1 A 10.4.3.11
TXT "001395d7d2a164c7efde811584bbc470b9"
On Fri, Feb 19, 2016 at 8:59 AM, John Miller wrote:
>
have to either restart the VM2 or use dig to start the
zone transfer.
Can anyone spot anything obviously wrong here? Do I need to post my
zone file and named.conf?
Thanks.
David
___
Please visit https://lists.isc.org/mailman/listinfo
8#53
Non-authoritative answer:
Name: dc01.home.carolinaky.com
Address: 69.133.101.121
I'm confused.
Thanks,
David
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@list
for the cluster?
2. Does it make sense to have one master authoritative DNS server and
two other slaves to cover the cluster and meet the HA requirement?
Thanks.
David
On Tue, Jan 19, 2016 at 10:14 AM, Chris Buxton wrote:
> On Jan 16, 2016, at 9:33 PM, David Li wrote:
>>
>> Hi,
&g
ble to set up a cluster of BIND servers (> 2) for each VLAN
subnet with one of them as master the rest as slaves?
Thanks!
David
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-u
We are also one of those services that will reject mail if DNS records
don't line up sufficiently to a) satisfy RFC requirements for DNS and b)
are clearly mismatched with your DNS A/MX/PTR/SPF and who you pretend to
be in HELO/EHLO
Those two simple rules block more than 92% of incoming spam attem
A newly minted ZSK signs a domain's SOA but not its A or MX records.
What basic config step did I miss?
For the domain 'trikids123.com' I created and installed a new ZSK with a
key ID of 28053 using these commands:
dnssec-keygen -a 8 -b 1024 trikids123.com
chown bind:bind * # this is bind910 on
On 7/31/15 4:33 AM, Tony Finch wrote:
> David Newman wrote:
>> On 7/30/15 10:37 AM, Evan Hunt wrote:
>>> On Thu, Jul 30, 2015 at 10:30:33AM -0700, David Newman wrote:
>>>>
>>>> Hidden primary (not authoritative for this zone): Key still in zone
>
&g
On 7/30/15 10:37 AM, Evan Hunt wrote:
> On Thu, Jul 30, 2015 at 10:30:33AM -0700, David Newman wrote:
>> After that second procedure (and also chown'ing the keyfiles to the bind
>> user), the command 'dig +dnssec +multi dnskey example.com' gives
>> different r
On 7/30/15 9:06 AM, Evan Hunt wrote:
> On Wed, Jul 29, 2015 at 07:29:29PM -0700, David Newman wrote:
>> It's a static zone. The zone file did not have the key in it.
>
> ... oh, it's inline-signing.
Sorry, I also didn't mention that this is a hidden primary serve
On 7/29/15 6:24 PM, Evan Hunt wrote:
> On Wed, Jul 29, 2015 at 05:56:20PM -0700, David Newman wrote:
>> 29-Jul-2015 17:18:19.439 general: warning:
>> dns_dnssec_keylistfromrdataset: error reading private key file
>> example.com/RSASHA256/36114: file not found
>
> Dele
I created then loaded then deleted a ZSK, all within an hour, so there's
no backup. Yes, that was a dumb thing to do.
Now when reloading that zone, named.log complains about the missing ZSK:
29-Jul-2015 17:18:19.439 general: warning:
dns_dnssec_keylistfromrdataset: error reading private key file
s.htm
http://public-dns.tk/nameserver/us.html
with response times between 38-48 msec, seem to be:
204.97.212.10
173.232.2.245
4.2.2.6
173.232.2.249
173.232.2.236
68.87.66.196
204.11.64.239
Let's hope this list stays working for another few years.
--
David C. R
ervers.com//IN': 208.67.220.220#53
I'm not sure what to make of it. Is there something that has changed
requiring an update on my end, or is this just an issue with the remote? I have
an older bind 9.9.1 running.
--
David C. Rankin, J.D.,P.E.
__
Mark,
Thanks. I found where this was discussed here previously (Jan. 2003);
apologies for not being thorough.
- David Covey
Deophysical Institute, University of Alaska Fairbanks
> To: David Covey
> Cc: bind-us...@isc.org
> From: Mark Andrews
> Subject: Re: nsupda
Hello all,
I don't quite see how to dynamically manage multiple views of a
zone. Specifically I have a zone name with both 'internal' and 'external'
views that I'd like to manage with the nsupdate command. Is there a
way to specify the zone+view using nsupdate?
Tel.:+420.226204627
daniel.rysl...@dialtelecom.cz
---
www.dialtelecom.cz
Dial Telecom, a.s.
Jednoduše se připojte
---
On 02/08/2015 10:06 PM, Eliezer Croitoru wrote:
Hey David,
Do you have any logs enabled in you
Hi
I am running bind on slackware 14.1 x86_64 for my own websites, but
also as a standard DNS for my other systems to use.
I have my /etc/resolv on my laptop pointing at it. It's always worked
flawlessly until a few months ago, when sometimes a domain would fail
to resolve. Just occasionally.
T
3525]: exceeded max queries resolving
'knurow.eu.org/A'
Dec 10 08:27:36 198.206.x.x named[13525]: exceeded max queries resolving
'lb.z.optimix.asia/NS'
Dec 10 08:31:04 198.206.x.x named[13525]: exceeded max queries resolving
'NS4-AUTH.ALLTEL.NET/A'
David A. Evan
1 - 100 of 359 matches
Mail list logo
