Hi,
Does BIND9 allow per zone dnssec setting? I wanted to forward requests for
certain zone to remote resolvers which doesn't support DNSSEC and also disable
dnssec validation for that particular zone because forward-only resolver will
return SERVFAIL to the client when the remote resolves don't
Thanks Even. Sounds like "dnssec-validation auto" is a more future-proof
option for what want it. I will use that instead.
On Wednesday, June 12, 2019, 5:25:51 PM PDT, Evan Hunt
wrote:
On Wed, Jun 12, 2019 at 11:40:27PM +0000, Shawn Zhou via bind-users wrote:
> The
Hi,
The default BIND9 installation for CentOS7 has dnssec-validation set to "yes"
and it also includes managed-keys as well. Do those managed-keys get updated
automatically? It is not clear from reading
https://ftp.isc.org/isc/dnssec-guide/html/dnssec-guide.html#dnssec-validation-explained
tha
I am seeing occasional SERVFAILs when I flush BIND cache then run test queries
with dig.
Can someone let me know how BIND picks the authoritative server to query?
>From what I know, BIND picks an authoritative server by assign random RTT to
>authoritative servers then queries the one with smalle
Hello all,
Does anyone use BIND 9.11.0-P3 in recursive setup with edns client subnet
support?When I dig against a local recursive resolver (BIND 9.11.0-P3) with
'+subnet=' option, it doesn't send 'Client subnet' option to the authoritative
server which also runs the same version of BIND; however
Hi Mukund,I filed a bug ISC-Bugs #45846. I wonder if what I saw was due to
config issues or not. Does anyone also have similar problems?
On Thursday, August 17, 2017, 7:09:07 PM PDT, Mukund Sivaraman
wrote:
On Fri, Aug 18, 2017 at 01:14:50AM +, Shawn Zhou wrote:
> Hello, I
Hello,
BIND on my resolvers reaches the max open file limit and I am getting lots of
SERVFAILs
http://pastebin.com/SxRsHLff
After I increased the max-socks (-s 8192) to 8192, I no longer saw the file
limit error from the log anymore; however, I am still many SERVFAILs.
Our resolvers were doing a
Hello,
I am testing filter- option with Bind 9.9.6-P2. I think there is a bug in
the documentation on
https://kb.isc.org/article/AA-00576/0/Filter--option-in-BIND-9-.html.
I believe for the "filter- on, IPv4 source, no +dnssec" table on the page,
for query "a0--4" type "any", the
Thanks Cathy. The link you provided is very useful.
On Friday, October 17, 2014 12:36 AM, Cathy Almond wrote:
On 16/10/2014 23:52, Shawn Zhou wrote:
> Thanks Mark. That's what I was looking for!
>
>
> On Thursday, October 16, 2014 3:36 PM, Mark Andrews wrote:
&g
Thanks Mark. That's what I was looking for!
On Thursday, October 16, 2014 3:36 PM, Mark Andrews wrote:
2fd63cf5 (Mark Andrews 2003-04-10 02:16:11 + 279)
tcp-listen-queue ;
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742
This is for one of our masters which has about 20K zones and handles zone
transfer traffic from few hundred of our slaves.
On Thursday, October 16, 2014 2:27 PM, Barry Margolin
wrote:
In article ,
Shawn Zhou wrote:
> Hello,
> While I was investigating potential SYN fl
Hello,
While I was investigating potential SYN flooding warning messages on my Linux
box for our DNS traffic,I was very surprised to see the backlog was set to very
small numbers for BIND tcp sockets.
strace showed backlog was '10' for listening socket for port 53 and '128' for
listening socket
gt;amir
>
>
>On Saturday, May 3, 2014 4:42:30 AM UTC+8, Shawn Zhou wrote:
>> I was hoping that BIND 9.10 would outperform BIND 9.9.4b1 on RHEL 6.5 but I
>> was surprised to see so much performance drop from BIND 9.10.
>>
>>
>> We have been able to send test
imeout for each one of those upstream transactions.
>Default value is 10 seconds.
>
>Does that answer your question?
>
>
- Kevin
>
>On 5/19/2014 6:15 PM, Shawn Zhou wrote:
>
>
>>
>>I
I am looking at some scripts that use IO::Socket::INET and IO::Select for
testing BIND.
UDP sockets are created use use IO::Socket::INET and sockets are polled via
IO::Select at 6-second interval.
my $sock = IO::Socket::INET->new(
PeerHost => $server,
PeerPort =
Thanks for explanation and solution!
I just tested the change and worked fine.
On Tuesday, May 6, 2014 7:32 AM, Tony Finch wrote:
Shawn Zhou wrote:
>
>
>> Any problem has problem building BIND 9.10 for FreeBSD? We are using the
>> same process that worked for building 9.9.
I was hoping that BIND 9.10 would outperform BIND 9.9.4b1 on RHEL 6.5 but I was
surprised to see so much performance drop from BIND 9.10.
We have been able to send test traffic with 180K qps against 9.9.4b1 without
seeing query drops but with 9.10, the query drop rate was 18%. Both of the
num
Any problem has problem building BIND 9.10 for FreeBSD? We are using the same
process that worked for building 9.9.4 to build 9.10 on FreeBSD 6.x/7.x but we
are getting "ld: invalid BFD target" error.
https://www.dropbox.com/s/jciafakcwu68p6f/build_bind.txt
Snippet of the compilation log:
gcc
18 matches
Mail list logo
