Mukund Sivaraman wrote:
>
> Mark pointed out on our internal bug ticket that RFC 2308 section 3
> requires "no data" replies from signed zones to have an SOA RR in the
> authority section.
Aha! Thanks for pointing that out :-)
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Biscay: Northerly or
Hi Tony, Yang
On Tue, Jul 28, 2015 at 10:41:49PM +0100, Tony Finch wrote:
> However the weirdness in the NSEC3 record is not what is upsetting BIND,
> and it might be a bug. A noerror response with just NSEC3 and RRSIG(NSEC3)
> in the authority section should (I think) be treated as a type 3 nodat
On Wed, Jul 29, 2015 at 08:13:38AM +0200, Matus UHLAR - fantomas wrote:
> On 29.07.15 03:06, Yang Yu wrote:
> >I configured bind to forward queries to 8.8.8.8
>
> do you have any reason to do this?
> BIND can resolve properly itself, it does not need to forward queries to
> anyone unless you are f
On 29.07.15 03:06, Yang Yu wrote:
I configured bind to forward queries to 8.8.8.8
do you have any reason to do this?
BIND can resolve properly itself, it does not need to forward queries to
anyone unless you are firewalled (in such case, do you really need BIND?)
without forwarding you apparent
Yang Yu wrote:
>
> the query error log can be replicated with "dig www.vip.icann.org ds"
> This sounds like a DNSSEC validation issue, but why would I get DNS
> format error in the log
This is weird and interesting.
The name servers for vip.icann.org are doing some kind of minimal covering
NSEC3
On Wed, Jul 29, 2015 at 2:17 AM, Lightner, Jeff
wrote:
> http://www.vip.icann.org/DS?
Your email client made it a hyperlink, not me. That's the response for
DS record.
>>>
I configured bind to forward queries to 8.8.8.8
dig www.vip.icann.org ds @8.8.8.8 returns SERVFAIL (NOERROR with +cd),
but 4
http://www.vip.icann.org/DS?
The http:// and /DS wouldn't be part of DNS name itself so you can't dig for
that. You'd have to point a browser (or command line tool like wget or curl)
to get that web page.
The vip IS part of the DNS name. Did you try "dig www.vip.icann.org"? It
works for m
Jim Pazarena wrote:
> I see in my logs "DNS format error from 205.178.190.53#53 resolving
> excelwetsuits.com/MX for client 207.34.147.83#54521: invalid response"
> The client is *my* mail server IP.
>
> I am wondering is this error on MY side or their's ?
Theirs.
; <<>> DiG 9.9.4rc1 <<>> ns ex
The problem is that their servers are returning non-authoritative
answers from the cache without also adding the NS records for the
child zone to allow the interative resolver to find a authoritative
answer. The parent server is configured as a recursive server not
a authoritative server.
On top
In message <50f2fa04b0ce44d496491214ac8eb...@internal.corp.ds>, "ic.nssip" writ
es:
> Hello everyone,
>
> I hope somebody can tell me why I'm getting so many "DNS format error" =
> on a DNS Server running BIND 9.7.0 on a Solaris 10 machine.
> The server is resolving fine queries for normal traffi
On Tue, Apr 27, 2010 at 07:40:20PM -0600, ic.nssip wrote:
> I hope somebody can tell me why I'm getting so many "DNS format
> error" on a DNS Server running BIND 9.7.0 on a Solaris 10 machine.
> The server is resolving fine queries for normal traffic. Is just
> syslog that gets tones of messages
11 matches
Mail list logo
