Where is the documentation for how to interpret log file content?
You might want to begin your journey at [1], followed by [2].
At least for querylogs you should find what you're looking for, many (most?)
other logs will require a bit of experience to interpret.
-JP
[1] https://kb.i
10 ; include "/etc/bind/named.conf.local";
It is at this point, IMNSHO, that anybody attempting to configure a software of
the complexity of a BIND name server should begin to ask themselves what the
'include' directive might actually be. It is then, that said person would
probably begin looking
Are you leveraging your existing configuration management tools (e.g.
Puppet, Ansible, Chef)?
Ansible (my choice of poison) works well for this type of situation I find,
particularly because a lot of work can be done via Jinja templating. This
trivial example hopefully illustrates what I mean:
After the first automated
name change, my zone file was unformatted. I lost the comments and more
than 500 occurrences of the ORIGIN parameter were inserted.
Configuring dynamic DNS updates on a zone means that named takes control over
how the zone file is (periodically) rewritten to disk. There
IPv6 PTR records are simply reversed.
easier said than done, for some of us. I use BIND's arpaname(1) utility which
does the work for me:
$ arpaname 2001:db8::1
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.B.D.0.1.0.0.2.IP6.ARPA
-JP
--
Visit https://lists.isc.org/mailman/listinfo/
1. since I use HSM(now is softhsm) to store the DNSSEC key, does it more
insecure to convert the key(s) from HSM to .private file with
dnssec-keyfromlabel ?
keys are not actually 'converted' with this utility; instead the .private file
links to the corresponding private (and typically unexportab
Apr 30 05:33:48 keef named[7473]: catz: zone 'gshapiro.net' uses an invalid
primary (no IP address assigned)
Apr 30 05:33:48 keef named[7473]: catz: error "failure" while trying to
generate config for zone 'gshapiro.net'
The way I read this is it's complaining about `gshapiro.net', i.e. one of
And yes, you can automate this with nsupdate to old and new catalog,
Brilliant, Petr, thank you.
I saw some of the loviest log messages this week during coo from k-catz to
t-catz:
zone t-catz/IN: transferred serial 10: TSIG 't'
catz: t-catz: reload start
catz: updating
Any ideas?
is this the point at which I confess I've only now read about Change of
Ownership (coo) [1]?
-JP
[1] https://bind9.readthedocs.io/en/latest/chapter6.html#change-of-ownership-coo
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC fu
I'm in the process of migrating a modest number of zones from one signer
(OpenDNSSEC) to another (Knot-DNS). (The KSKs are identical so that should not
be an issue for this question.)
Each of the signers have a catalog (manually maintained for ODS, automatically
for Knot) which is transferred
I'd like to stop them from sending notifies when they transfer in a
zone. Neither "notify no;" nor "notify primary-only;" seems to do
it.
Maybe set `notify no' (or `notify explit') globally in options{} and then
enable notify on a case-by-case on statically configured zones on the
secondary?
1. Everytime I restart the service, it seems all these files are recreated.
How did you observe this? Just by file timestamps or actual content? And just
to be sure to ask the obvious: you are not manually removing these files are
you? :)
-JP
--
Visit https://lists.isc.org/mailman/listi
Have you checked whether there is a bind.*dnssec-utils package? I stumbled
across this with a RHEL-type Linux recently...
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptio
I always was quite sure that Bind will request XFR from the Primary that sent
the NOTIFY.
my understanding has always been that the primaries are tried in configured
order.
Looking forward to hear which is actually correct. :)
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-
is it possible to restrict dynamic dns updates to one domain?
I think 'name' is what you're after:
grant key-name name host1.example.de. A;
You will be aware that the type list can take multiple space-separated values.
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-u
You would probably need to attach your entire named.conf file (with
sensitive bits (keys and the like) redacted
named-checkconf -px
is your friend: prints out the named.conf and included files in canonical form
if no errors were detected and obscures shared secrets by replacing them with
str
What is possible is to have BIND use PKCS#11 to use the keys stored in SoftHSM.
I should have added that a key rollover is possible from one to another. The
basic idea is to create new keypairs in BIND (dnssec-keygen) and then import
them key into SoftHSM for a rollover in OpenDNSSEC. Once that
is there a known hack to extract keys from opendnssec/openhsm to use for
bind bitw inline-signing?
Assuming you mean SoftHSM (i/o openhsm), no, I don't think so, at least not
when using its default settings. (That is one of the main features of an HSM --
to keep the keys safe -- although there a
I'm stumped. I have a zone which had a default $TTL of 86400 and I want to
reduce it to 3600. This is normally not a problem, but the TTL of the DNSKEY
RRset won't budge from 86400.
What is the correct method to change a zone's DNSKEY TTL when it's already been
signed with inline-signing yes; aut
Retried my named.conf with BIND 9.19.7-dev (Development Release)
which reports:
26-Oct-2022 21:31:42.021 /private/tmp/b/named.conf:11: 'inline-signing
yes;' must also be configured explicitly for zones using dnssec-policy without
a configured 'allow-update' or 'update-policy'. See
ht
The change is that with 9.16, if the requested name is a CNAME, only the
CNAME value is returned by dig, while with 9.11 dig would return both the CNAME
value and the IP of the CNAME.
as others have said, this needs more details, but I wonder whether you might
now be querying a server which has
the 'inline-signing yes;' is needed IN ADDITION to 'dnssec-policy' in order to
_not_ overwrite original zone files/data on signing.
I cannot confirm that (9.17.22):
% ls -1
example.aa
named.conf
% cat named.conf
options {
directory ".";
listen-on port 5301 { 127.0.0.2; };
The inline-signing feature will not go away.
Thanks, Matthijs, I stand corrected. I believe I had seen that in ISC
documentation and/or issues, but I will now stop saying that. :)
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds t
A Beginner's Guide to DNSSEC with BIND 9.
Well done! A few comments, if I may:
1. in your zone stanzas you use the term "master" (type: master, ... masters
{}). BIND has been updated already a while ago to support the term primary, e.g. `type
primary;' and `primaries {};' (likewise for 'secon
Maybe in the future dnssec-signzone won't generate the deprecated entry to
begin with.
BIND 9.16.0 stopped generating SHA1 digests [1] :
"DS and CDS records are now generated with SHA-256 digests only, instead of
both SHA-1 and SHA-256. This affects the default output of dnssec-dsfromk
Using nsupdate when I try to delete an MX record for a domain, I get REFSUED.
REFUSED is also reported when attempting to update a non-dynamic zone. Are you
sure the zone you're trying to update is actually dynamic?
How do I remove and replace the MX record for a domain with nsupdate?
del o
20220317-a4qe._domainkeyTXT (
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAA
^ begin comment
OCAQ8AMIIBCgKCAQEAmEsWuQCj+OenaSQ3dM6WItExor
The bit from the first semicolon to the end of the line was missing.
Is that expected behavior?
A semicolon begins a comm
26-May-2022 10:06:14.458 debug 3: zone penguinpee.nl/IN/external:
zone_rekey failure: unexpected error (retry in 600 seconds)
One of the first things BIND does, if I'm reading lib/dns/zone.c correctly, is
to attempt to lock the keys, and if it fails it emits that diagnostic.
Assuming the signin
(putting this back on list)
thank you for the feedback,now I have already start the slave server
[root@bind-master-centos7 ~]# dig kaixinduole.com +nssearch
SOA ns1.kaixinduole.com. shawn.kaixinduole.com. 2022041566 3600 900 604800
86400 from server 52.130.145.30 in 0 ms.
SOA ns1.kaixinduole.com
2. [image: image.png]
In this screenshot you've shown the result of `cat named.conf', but where's the
zone definition for kaixinduole.com? What we are seeing here is a recursive
server.
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC f
I just modified the serial number
this is not currently a problem, but please note that you've changed the first
four digits which are likely to 2023.
Also if the zone is reloaded there's no need to restart named.
Actually nothing changed ,
Indeed. Are you doing these changes on the
All queries are from the same client whose ip is 192.168.100.126, but why the
port which each query from is so different?
The source port is random and it should be different.
I disabled the recursion of bind 9 ,but all the Recursion Desired flag was set
'+', this confused me. >
If you add
the domain name is kaixinduole.com
Querying the SOA record for kaixinduole.com shows the SOA serial number
is less than what you showed in the screenshot:
;; ANSWER SECTION:
kaixinduole.com.21600 IN SOA ns1.kaixinduole.com.
shawn.kaixinduole.com. (
20220
(I've tried to reformat some of this; it was illegible to me and I'm probably
misreading some of it)
www IN CNAME www.baidu.com.
[root@centos7 ~]# dig www.kaixinduole.com# it should be cname to
You've not specified an address for dig to use so it's using you
dnssec-policy default;
Slightly off-topic, but I believe ISC reccomend using a custom policy instead
of `default' in case the default changes in future.
view "internal" {
zone "penguinpee.nl" {
typeprimary;
file"dynamic/penguinpee.nl.internal.zone";
};
};
view "
Does the $GENERATE directive in BIND zone files do what you need?
The $GENERATE statement is executed when loading the zone file results in an
expanded in-memory version of the zone being used. That can get quite large.
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to u
DLZ are loadable modules
I should have pointed to the documentation [1] and some example modules [2].
-JP
[1] https://github.com/isc-projects/bind9/tree/main/contrib/dlz/example
[2] https://github.com/isc-projects/bind9/tree/main/contrib/dlz/modules
--
Visit https://lists.isc.org/mailm
Does anyone know whether it's possible to generate with Bind these
kind of A records automatically on the authoritative side
BIND has DLZ, Dynamically Loadable Zones, which is an extension which allows
zone data to be retrieved from basically anywhere. DLZ are loadable modules
written in the C l
I am ridiculed by an ISC member for using a reserved domain according to
For the record, assuming you mean me, I am not affiliated with the gold folk at
ISC.
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this
Suppose I was working on a problem for Barclays Bank
In that case I would think Barclays Bank's Platinum Enterprise BIND Support
contract would cover answering such questions.
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the de
The values in the file dsset-example.com generated by signing the zone are not
good.
If they are 'not good' then it's possible you are using an outdated dsset
file. (And you are hiding domain names; I doubt example.com has been delegated
to you.)
dnssec-signzone creates dsset- files when sig
Is there a guide on transitioning the DNSSEC signing algorithm,
One of the best concise instructions on doing this was written by Tony Finch
while at Cambridge, and I have used this [1] successfully a few times.
My recommendation: print it out, and use a red pen to tick off the individual
point
Fun is a sufficient reason.
Definitely.
IATA airport codes to LOC:
% dig +short CDG.air.jpmens.net LOC
49 0 46.073 N 2 33 0.000 E 119.00m 1m 1m 10m
and more fun with an associated TXT:
% dig +short CDG.air.jpmens.net TXT
"cc:FR; m:Paris; t:large, n:Charles de Gaulle International Airport
Ansible's template module is what you'd probably use for #1, the service
module (with handlers) for #2, and #3 comes out of the box when you use
Ansible.
While you might find existing roles and playbooks on the internets, I
would strongly recommend to vet them carefully in a test environment
give or take some kludgery in the scripts that manage the config files
as Warren pointed out, configuration management can go a long way in
helping to get that set up; judicious use of templating, for instance,
can actually produce configs for NSD, BIND, and Knot. :)
-JP
include /etc/nginx/conf.d/*.conf;
Bind seems to lack an equivalent syntax. That means that even if I copy
a self-contained zone file to the zones directory, I still have to
manually register the zone in the named.conf.local file.
That should be pretty trivial to template together with Ansible
I did not get this... am I posting this to wrong mailing list?
This has been discussed several times on this list within the past few weeks.
You should check the archives.
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-use
Is there an echo in here?
More like an endless loop.
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo
> This might make you sad if you have lots of zones or large zones.
.. or even just want to look at what was transferred (whitout having to
recurse to a `dig axfr').
I see no reason to omit 'file' (except on a diskless slave ;-)
-JP
___
Please
> but I believe it's optional otherwise.
You are correct (of course). I had inline signing enabled.
For a non-signed zone I note the transfer indeed works without a 'file'
specification, and I note it's not stored on file anywhere (just in
core).
Thanks for clarifying.
-JP
_
> Change the filenames on the slave, or just don't have a "file" option
> in the slave zone configuration.
I was going to yell "TIL from Evan, that 'file' is optional for a
slave", but
/etc/named.conf:545: zone 'example.com': missing 'file' entry
This is on 9.10.3. Did I misunderstand y
Mark,
> may want to add a "_dns-update._udp.example.net SRV" record pointing
> to the nameservers as someone convinced the router vendor(s) that
> this is how you do it
Is this a standard? Other than [1], which insinuates it's an Apple-only
thing, the Goog turns up only 55 hits for "_dns-update
> My lesson is - besides just working out the configuration - testing
> RFC5011 takes more patience than just about any other feature of
> DNS/DNSSEC. RFC5011 is the most wall-clock driven mechanism we have.
Yup. I learned that as well.
As a side note: can you imagine my surprise when, after wai
Edward,
the subject of this message piqued my interest ;-)
> 17-Apr-2015 10:17:02.083 starting BIND 9.10.0 -g -c rfc5011.conf
Very ouch. Much pain. Lots frustration. Many hairpulls. Mucho crash. ;)
Upgrade to 9.10.2 [1] in which Evan fixes the CVE we discovered on
RFC5011 rolls and, thankfully,
> 2001:67c:2e8:5::c100:c6#53: Transfer completed: 0 messages, 0 records, 0
>
> Is there any logic to this that I'm missing?
s/completed/failed/ on error cannot be particularly difficult to
implement.
-JP
___
Please visit https://lists.isc.org/m
> I'm sure it was not cheap.
Peanuts compared to their buying .app for $25m. [1] Here's a list of the
other TLDs they've got so far: [2]
> Brace yourself! There are many here now, and more coming.
The list of delegated strings [3] increases almost daily, yes. (And I
can't stop laughing.)
(*shamefaced*) Your message popped up as 'new' which is why I answered
before noticing it had been answered already. :(
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
> carter bind # named-checkzone espersunited.com db.espersunited.com
> dns_master_load: db.espersunited.com:37: www.espersunited.com: CNAME and
> other data
> zone espersunited.com/IN: loading from master file db.espersunited.com
> failed: CNAME and other data
> zone espersunited.com/IN: not loaded
> but getting rndc: 'addzone' failed: permission denied, nothing on the logs,
> only received control channel command 'addzone zone.local { type slave;
> file "slaves/zone.local"; masters { 172.31.199.154; }; };' even after rndc
> trace 99.
>
> allow-new-zones yes;
>
> tried with chmod 777 for /var
> how can I subscribe in bind-developer channel ? (bind9 version ),,,
> because I want to modify bind code
bind-workers ? [1]
-JP
[1] https://lists.isc.org/mailman/listinfo/bind-workers
___
Please visit https://lists.isc.org/mailman/listinfo/bi
> how can I install bind as a named server after I have made my
> modification to it's source code without using "yum"
First you ./configure, specifying the options you want to use; pay
particular attention to installation paths. (The best way to determine
how your existing BIND was configured is
> { "text": "snipped" }
;-)
> Evan has merged this into master
I know -- he's kept me busy looking and testing, and it looks very good.
> and it will go out in 9.10, sometime
> later this year. (We're also putting it into our new subscription
> branch, which should be available for subscriptio
> Does our DNS-server support SPF-type records? Or do we put SPF-info in a
> TXT-record?
BIND has supported SPF records since 9.4 I think, so yes. Their
functionality is identical (i.e. define both if you want/need both)
name ttl class TXT text
name ttl class SPF
> I get this for all my secondaries for my reverse domain:
>
> client 63.68.132.50 view external: bad zone transfer request:
> '192-26.67.83.208.in-addr.arpa/IN': non-authoritative zone
> (NOTAUTH): 23 Time(s)
The zone is either not defined in the view the client is accessing,
and/or it wasn't lo
> That just means there's no data to graph yet. Send your server a few
> queries and try it again.
Duh. Didn't occur to me, because I was looking for the list of
authoritative zones served by named.
Other than that, the output looks very sexy.
(Are people really interested in the 'Tasks' list?
Shane,
> Yes, we had discovered and fixed this in the master branch (patch
> attached). Apologies for the brokenness!
I've applied that, and it does indeed look better, but not good enough :)
See screen shot [1]. No worries, though: I'll wait until you release
(and I'm more looking forward to yo
> I installed FreeBSD 9.1 on 3 virtually identical HP rack servers.
^^^
It seems this box is missing a Kerberos (krb5) library, but I don't know
what it's called on FreeBSD. Maybe compare a list of installed packages
on the servers and install what's
As a fan of BIND's statistics-server I was tempted to see if I could
reduce the size of the data (XML) named produces by adding an option to
produce JSON. The patch [1] (which is terribly quick and dirty) does that.
[1] https://gist.github.com/jpmens/4958763
Accessing the URI /json on named would
Evan,
On Sat Jan 26 2013 at 03:51:17 CET, Evan Hunt wrote:
> I'd love it if you'd try it, actually, find out how hard it is to modify
> your tools to use the new schema, and send feedback.
I think the XSL is broken (see attached patch), at least Chrome & Safari
say the document is empty and Fire
Evan,
On Sun Jan 27 2013 at 00:10:28 CET, Evan Hunt wrote:
> Delzone just means delete the zone from named, not delete the zone file
> from the filesystem. (And I reckon we can do a good deal more harm by
> deleting files you wanted to keep than by leaving files for you to delete
> yourself...)
Hello,
we have a few BIND (9.9) slave servers, each slaving a couple of hundred
thousand small zones (a dozen records in each). A file included into
named.conf is periodically generated from a database, and named is
reconfigured (rndc reconfig) to load new slave zones.
I'm considering replacing t
> Note that the log message related to outgoing zone transfers from named,
The shame! That's what I get for being at it 17 hours non-stop. I
overlooked the -out. Sorry and thank you, Tony.
-JP
___
Please visit https://lists.isc.org/mailman/listi
On Fri Jan 25 2013 at 13:45:58 CET, Ben Croswell wrote:
> A common issue is the secondary not being allowed to query the master for
> the SOA of the zone. Ensure the master has an allow-query that includes the
> secondary.
The BIND slave can query the PowerDNS master (for the SOA over UDP and
for
Hello,
I'm seeing quite a number of messages like
xfer-out: debug 3: client 192.168.1.2#54688 (example.com): zone
transfer setup failed
BIND 9.9.2P1 here, configured with:
request-ixfr no;
transfer-format many-answers;
transfers-in 100;
transfers-per-ns
> Could "CLI utility" be man(1) and info(1)? :-)
It could, yes, but `b10-msg NNN` isn't going to break BIND 10's
development budget (I hope), and I feel it to be more practical than
scrolling through a man page with 900+ error-messages in it. ;)
But even a simple text file installed on the serve
> Is using syslog a sane default for new installations or when using
> official vendor packages with their startup scripts?
I for one would not want to miss BIND9's logging to auto-rotated files:
file "/var/named/log/named.log" versions 10 size 5m;
Other than that, I'd say logging via
> Is there anything technically wrong with having a SOA MNAME field
> that isn't listed as a NS record?
Not at all; that works fine.
> The server listed as MNAME will host the zone and is authoritative
> for the zone, but out of latency concerns it isn't ideal to have
> other resolvers querying t
> GitNamed is a project that manage name server by git. you can clone
> the git repo to any workstation, edit zone file, commit and push it.
> the data will push to the master and slave name server on the fly.
Very interesting; thanks for sharing.
I hear the Fedora Project does something along si
> Thanks, Phil. Those were my thoughts as well. For the present,
> I'll write my own monitoring plugin to parse the XML data.
If you need some inspiration, I wrote a bit of C code [1] which does
that rather effectively. It doesn't do what you want, but it may get you
started. ;-)
-JP
> I do as well, and this will be documented in the next version of this
> document.
I believe you've mentioned that here before. Several times. Today. ;-)
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
fr
> YPYMAYTYP
Zero results from my favorite search engine -- congratulations. ;-)
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists
Chris,
> Can one use BIND 9.9 "inline signing"
> with the unsigned version provided by a DLZ interface?
there's no reason why you shouldn't be able to.
Your BIND 9.9 inline signer would AXFR from BIND DLZ without trouble,
but your signer won't be notified by DLZ; you'd have to "manually"
issue N
> They are currently being block from connecting to 443 since these
> servers are only DNS. Is there any reason for clients to connect to
> tcp 443 for any type of DNS resolution?
Sounds a bit as though your clients think the BIND box is a HTTP origin
server... I'd look into what programs they're
> After upgrade to Bind V9.9.1-P2:
> [root@localhost ~]# file /var/named/zzy4.com.dom
> /var/named/zzy4.com.dom: data
Use named-compilezone to convert from one to the other.
You can force the previous text-transfers by setting this option on a
per/zone or globally:
masterfile-format text
> > Check the 'allow-transfer' option in your named.conf.
>
> I don't have this option. Should I include it?
If you want to provide zone transfers, you include it. If you don't,
leave it out. (You might also want to glance at BIND's Administrator's
Reference [ARM] while you're at it ...)
> IIRC that will add the zone to the master, the question, as I heard it,
> was to add it to the slave server, to avoid disturbing the owner of
> the slave to manually editing the slave config.
With `rndc addzone' you specify whether you are adding a master or slave
zone, just as you would in na
> Which mean, my DNS partner need his own rndc key which let him add/remove
> zones as slave?
You are the master. He is the slave. You have an rndc key for his slave
server, so that you can add a slave zone on his server. [Substitute
he/his by she/hers if required.]
And vice versa. :)
Grab a rec
> I find it realy annoying, if I have ask every time the owner of the Slave,
> to add a new zone.
Assuming your version of BIND is new enough, look at `rndc addzone' with
which you can add and remove zones at run-time w/out having to edit
`named.conf'.
-JP
> 20-Jul-2012 15:26:40.181 config: error:
> /var/named/etc/namedb/conf/zone_0.conf:1529: zone 'x.net':
> already exists previous definition:
> /var/named/etc/namedb/conf/zone_0.conf:1529
> 20-Jul-2012 15:26:46.270 general: error: reloading configuration
> failed: failure
That looks very suspic
> no A record, but if I log into my server, where I have:
Is your name server configured to use views? Looks to me as though a
view is "hiding" your answer.
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> That's really odd...
I note that on the master zone you have
allow-query { local; };
Does "local" contain the slave's address? It must be allowed to query
the SOA record of the zone to transfer.
-JP
___
Please visit https://l
> Yes. That´s the problem. I have this statement defined, but it still
> try to connect using the wrong IP. Any ideas?
I misunderstood then. Try `transfer-source'.
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to uns
> Is it possible to configure my slave to receive zones using an
> specific interface from master?
Your slave's zone stanza looks like this:
zone "example.net" {
type slave;
file "...";
masters { 10.1.1.1; };
};
The `masters' statem
> > Building BIND is easy; turning it into an installable RPM not so.
> > I highly recommend fpm [1] which makes building an RPM trivial. :)
>
> Any advice or tricks for making a DEB for Ubuntu?
Yes: use fpm. :)
> So far my plan was to copy the source directory to each server and just
> run "ma
> While it's always better to compile and install from the latest
> stable version, it's also nice to use their package management
> system especially when you have to deal with multiple systems.
Building BIND is easy; turning it into an installable RPM not so.
I highly recommend fpm [1] which mak
> The serialnumber in the SOA record is lower than the serial number BIND
> pretends to load in the logs. But why would BIND log to load the right
> zone, but use an old one?
Because it's loading the wrong file?
Have you (or somebody else) changed `directory' option or path to master
zone file?
> We have a script that generates the zonefiles for bind. This script is
> working correct, i.e. the files are correctly generated and have no
> syntax errors. When adding e.g a CNAME to our database, the script
> generates a correct file, including this CNAME. BIND reloads this file
> with its cor
> Probably nothing. I believe the default format for slave zones is now
> compiled rather than text. Remove all the zone files on the slave and
> reload it.
... after defining `masterfile-format text;' :-)
-JP
___
Please visit https://lists.isc
>
> 2) When I tried a test master BIND in a VM, there was not enough entropy
>to generate DNSSEC keys.
Entropy has been discussed frequently on this list. As a quick
workaround, I recommend running http://www.issihosts.com/haveged/
-JP
___
> I need to understand the difference between configuring bind views and
> having multiple instances of bind. I have 5 network interfaces on my server
> and I want to have 2 instances of DNS server (just for testing) and I don't
> know which one to do ?
BIND views are powerful, but configuring the
1 - 100 of 181 matches
Mail list logo
