Re: rndc signing -nsec3param

2012-08-11 Thread Nate Itkin
On Sun, Aug 12, 2012 at 11:43:47AM +0800, GS Bryan wrote: > On Sun, Aug 12, 2012 at 2:15 AM, Nate Itkin wrote: > > On Sun, Aug 12, 2012 at 01:17:11AM +0800, GS Bryan wrote: > >> How to exactly use the 'rndc signing -nsec3param' command? > >> The usage

Re: rndc signing -nsec3param

2012-08-11 Thread Nate Itkin
m I right? So what kind of command I should enter if I were to use > SHA-256 for hashing, opt-out is turned on, iteration is done 15 times, > and salt is FF? > Does it looks like this: 'rndc signing -nsec3param 2 1 15 FF example.com' > ? > > -- > Bryan S.G.

Re: Controlling many DNS servers using rndc

2011-01-04 Thread Nate Itkin
x27;rndc '. But I was looking for much > more efficient/parallel way to do this.. > thoughts? Either of these should work for you. http://outflux.net/unix/software/gsh http://guichaz.free.fr/gsh/ - Nate Itkin ___ bind-users mailing list bi

Re: named won't restart

2010-11-21 Thread Nate Itkin
med: named: already running [ OK ] I've seen it on Fedora Laughlin and bind-9.7.2-3.P2 See if this command works: # rndc status If not, that may be part of the problem. Next would be to verify that /etc/rndc.key is consistent with /etc/named.conf. - Nate Itkin

Re: Resolving .gov w/dnssec

2010-04-22 Thread Nate Itkin
.100.25#53 Hopefully someone on the list knows a clueful USPS administrator they can contact. - Nate Itkin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: dnssec-signzone error after updating to 9.6.2-P1

2010-03-29 Thread Nate Itkin
is the KSK (typically the -k option with dnssec-signzone)? I can replicate your symptoms and the error message by removing the KSK from a zone file. Nate Itkin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: dnssec-signzone error after updating to 9.6.2-P1

2010-03-29 Thread Nate Itkin
ith 1): named-checkzone xxx.xxx.gov.au db.xxx.xxx.gov.au dnssec-signzone -g -v 1 -o xxx.xxx.gov.au db.xxx.xxx.gov.au Nate Itkin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

please explain error: expected covering NSEC3, got an exact match

2010-03-29 Thread Nate Itkin
external: expected covering NSEC3, got an exact match Thank you, Nate Itkin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

b

2010-03-29 Thread Nate Itkin
If someone would kindly explain what this error message means, I would appreciate it. I'm running BIND 9.6.2-P1 and I get quite a few of these: 28-Mar-2010 21:02:27.467 dnssec: warning: client 200.160.7.134#6363: view external: expected covering NSEC3, got an exact match Thank you, Nate