On Sun, May 9, 2010 at 11:48 AM, Peter Janssen wrote:
> as per the header of Dig output…
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 9
>
Curious, I too get 9 but only 8 RRs are shown:
; <<>> DiG 9.7.0-P1 <<>> +dnssec @rdb.ardynet.com ardynet.com ns
; (2 servers found)
;;
On Sun, May 9, 2010 at 11:24 AM, Peter Janssen wrote:
> ;; ADDITIONAL SECTION:
> ns.nic.se. 3600IN A 212.247.7.228
> ns.nic.se. 3600IN 2a00:801:f0:53::53
> ns2.nic.se. 3600IN A 194.17.45.54
> ns3.nic.se.
2009/7/1 Joan Marc Riera :
> we have some troubles with restart and stop.
>
> bind does not stop and I think it's because of a wrong kill argument on the
> stop) case.
This isn't a bind problem per se, have you talked to the debian
maintainer, or filed a bug report with debian?
--
aRDy Music and
On Tue, Jun 23, 2009 at 10:10 PM, Mark Andrews wrote:
> Yes the updates are slow because we had some disasters with the
> automation but we intend to turn that on again soon. That being
> said you really do need to check that the new data has been published
> before you start the wait periods. Th
On Tue, Jun 23, 2009 at 8:10 PM, Mark Andrews wrote:
>
> Even if the update were published on the master instananeously
> you still need to wait for the zone to transfer to all the
> slaves and for the old DLV records to timeout of caches.
Even 24 hrs after? My zone ttls are s
Hi folks...Yesterday I performed a DNSSEC KSK rollover, updated DLV
with the new keys, and confirmed successful updates to DLV via their
script. According to DLV all zones are good. Upon completing this, I
then removed the old keys from the DLV db for each zone I have
registered.
Now when I attempt
Hi folks, bind 9.6.1...I'm looking in the ARM but I dont see a logging
category specific to control channel communications.
In syslog I have (generated by an mrtg script):
named[7837]: received control channel command 'stats'
What category does this fall under?
Thanks
--
aRDy Music and Rick Dic
Hi folks, while looking at a stats dump from bind 9.6.1 I see:
++ Per Zone Query Statistics ++
but there are no stats showing for this, how is this enabled (if at all)?
Thanks
--
aRDy Music and Rick Dicaire present:
http://www.ardynet.com
http://www.ardynet.com:9000/ardymusic.ogg.m3u
On Sat, Jun 13, 2009 at 10:03 PM, Evan Hunt wrote:
> Why would you want them both? If you don't mind the drawbacks of NSEC,
> why take on the operational and computational burdens of NSEC3?
I don't know why, I'm simply not knowledgeable enough in DNSSEC deployment.
Currently I'm using bind 9.4.x,
Hi folks,
Can both nsec and nsec3 records be used simultaneously in a zone file,
or is it an either/or?
Thanks
--
aRDy Music and Rick Dicaire present:
http://www.ardynet.com
http://www.ardynet.com:9000/ardymusic.ogg.m3u
___
bind-users mailing list
bind-
Hi folks, just upgraded from 9.4x to 9.6.1, and looking at my
query.log I'm seeing entries appended with -EC, -ED , -EDC, etc.
What does this indicate, and where can I read up on what they mean?
Thanks
--
aRDy Music and Rick Dicaire present:
http://www.ardynet.com
http://www.ardynet.com:9000/ard
On Tue, May 5, 2009 at 2:34 PM, Stephane Bortzmeyer wrote:
> I get a SERVFAIL when trying to resolve ".gov":
I get:
; <<>> DiG 9.4.3-P2 <<>> +dnssec SOA gov.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32204
;; flags: qr rd ra; QUERY: 1, ANSWER
On Mon, May 4, 2009 at 3:16 PM, Stephen Carville
wrote:
> Anyone here have experience or an informed opinion in using a database
> backend to BIND?
I've been using the pgsql sdb backend for 5+ years, wrote my own php
front end to it.
Its been solid.
--
aRDy Music and Rick Dicaire present:
http:
On Sun, Apr 5, 2009 at 8:48 PM, Mark Andrews wrote:
> Named is still able to return answers if you tell it not to
> validate the answers by setting CD=1 in the query. This flag
> is usually used when you have a validating resolver using another
> validating resolver to
On Sun, Apr 5, 2009 at 7:02 PM, Evan Hunt wrote:
> vigilant; this particular failure won't occur again. And we were already
> in the process of making dlv.isc.org substantially more robust, so
> hopefully any similar breakages that might have come along in the future
> will be stopped before the
On Sun, Apr 5, 2009 at 5:40 PM, Mark Andrews wrote:
>> Shouldn't the behaviour for DLV lookups be such that if the query
>> can't be answered by the DLV server, then fall back to a non-dnssec
>> lookup?
>
> No.
May I ask why?
I'm sure something was learned from whatever caused the DLV serv
Hi folks, last night the ISC server responsible for responding to DLV
lookups was apparently down. Since all lookups were failing due to a
lack of response from this server, bind couldn't resolve anything at
all. I had to comment out a couple lines in named.conf to restore
function.
bind-9.4.3-P2
On Fri, Apr 3, 2009 at 2:08 PM, Alan Clegg wrote:
> The entire list of zones is available in XML format in the statistics
> channel in 9.5
>
> Yep, you need to parse for it, but it's there...
Hah beautiful, why reinvent the wheel :)
I've not yet moved to 9.5 simply because I haven't had the time
On Fri, Apr 3, 2009 at 12:25 PM, Chris Thompson wrote:
> BIND already creates an internal view "_bind" with class CH to contain
> the zones version.bind, hostname.bind, authors.bind, etc. I was thinking
> in terms of zones.bind living there as well.
I'd forgotten about this.
> Of course there's
On Fri, Apr 3, 2009 at 10:55 AM, Chris Thompson wrote:
> This one is hardy perennial, of course, but I've been working on an
> "index zone" in a certain local DNS context recently, and thinking
> how convenient it would have been if BIND had provided one for me
> (under class CHAOS, name "zones.bi
On Fri, Mar 13, 2009 at 4:59 PM, JINMEI Tatuya / 神明達哉
wrote:
> Please try 9.6.1b1, which we expect to be released next week. It has a
> new experimental feature just for that purpose:
Is this feature going to be back ported to 9.4 and 9.5 releases as well?
--
aRDy Music and Rick Dicaire pres
While testing TSIG zone xfers I came across the following:
The master server shows the zone was xferred out with TSIG, but the
slave server shows only that the zone was xferred in, no mention of
TSIG.
Is this normal?
My logging statements on both servers:
Server:
channel "myxferout" {
file "/etc
On Thu, Mar 12, 2009 at 7:43 AM, My Name wrote:
> I want to setup a forwarder and each incoming query (in fact only A or )
> should be sent to two different upstream servers.
Why?
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.is
I've been using the key file name as key name in named.conf for
simplicity, but I find that distros tend to use a default filename for
a host key, so can I just use the key contents and assign it an
arbitrary name in named.conf?
--
aRDy Music and Rick Dicaire present:
http://www.ardynet.com
http:
On Sat, Mar 7, 2009 at 8:44 PM, Bill Landry wrote:
> I have to admit that I am a bit baffled by this one. I can query
> against my bandwidth providers name servers (Comcast) and get name
> resolution just fine for the hostname www.malware.com.br:
Check firewall settings. Connection timed out is
I haven't found any documentation on this, but is it possible to
implement dnssec/signed zones if the zone data exists in an sql db
instead of a zone file?
I know I can modify an sql table for a zone to have additional fields
(for sdb use) for the additional RR types, but will the sdb interface
re
On Fri, Mar 6, 2009 at 11:46 PM, Evan Hunt wrote:
> BIND 9 has, I believe, always had some support for automatic signing in the
> case of zone updates--at least as far back as 9.3, and I haven't looked at
> anything earlier. Basically, if you have a signed zone and you insert a
> new record, tha
Hi folks, searched the docs, and list archives and have found only one
reference in the archive regarding implementing the automated
resigning of zones. From a listmail response by Mark Andrews dated Tue
Oct 14 23:39:45 UTC 2008 in response to Subject: Gritty details of
automatic resigining in 9.6?
28 matches
Mail list logo
