RE: Regarding EDNS Responses.

In message <001501ca5785$257c7220$21011...@china.huawei.com>, Ashwin writes: > > Hi All, > > RFC 2671 mentions in Section 5.3 > > Responders who do not understand these protocol extensions are > expected to send a response with RCODE NOTIMPL, FORMERR, or > SERVFAIL. > > However the above ment

Re: Regarding EDNS Responses.

It's not a perfect world. Even getting back a EDNS response does not indicate that the server understands EDNS. In message <002301ca579c$56deb0f0$21011...@china.huawei.com>, Ashwin writes: > > In message <001501ca5785$257c7220$21011...@china.huawei.com>, Ashwin writes: > > > > Hi All, > > > >

RE: 2 simultaneous hung Bind boxes

Hi! On some of our (linux based) DNS server's the BIND just hangs; the combination was fairly old hardware and fairly new OS/BIND. Couldn't figure it out either until I came up with https://www.isc.org/node/302. At least you could try it, I found no harm on setting the /proc/sys/net/core/xfrm_

Reasons for not resolving

Hello, There are few websites that our DNS (BIND 9.4.2 on CentOS 5) is not resolving while others like 4.2.2.2 does, I wonder what could be the reasons for this? Regards, Alans ___ bind-users mailing list bind-users@lists.isc.org https://lists.i

RE: Reasons for not resolving

I looked more and I figure out that we can't ping or browse any of these hosts http://www.ip-adress.com/reverse_ip/96.31.75.113 (they all are on one IP) it's confusing because when I search in google for host names it appears in the result which means it's not down fir everyone!! Any ideas? Kin

Reverse DNS & slave server

Just simple question. I'm setting up slave dns server, my question, is do I need to transfer Reverse zone too ? or just domain zone is enough? thank you for any help ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/l

Re: 2 simultaneous hung Bind boxes

Justin Shore wrote: > The boxes are running fairly old Bind code, 9.5.1b2. Tomorrow I will > upgrade to 9.6.1rc1 (unless people believe 9.7.0b1 is ready for use). I would recommend not using beta or release candidate code in your deployment. If you want something that will stand up to customer

Re: ISC BIND 9.7.0b1 is now available

On Tue, Oct 20, 2009 at 08:29:20PM +, Evan Hunt wrote a message of 836 lines which said: >BIND 9.7.0b1 is now available. Apparently, support for the new algorithms RSASHA256 and RSASHA512 is not included? Is it planned for 9.7 or shall I wait 9.8? % bind/bin/dnssec/dn

Re: 2 simultaneous hung Bind boxes

Nikkilä wrote: Hi! On some of our (linux based) DNS server's the BIND just hangs; the combination was fairly old hardware and fairly new OS/BIND. Couldn't figure it out either until I came up with https://www.isc.org/node/302. At least you could try it, I found no harm on setting the /proc/s

Re: ISC BIND 9.7.0b1 is now available

> Apparently, support for the new algorithms RSASHA256 and RSASHA512 is > not included? Is it planned for 9.7 or shall I wait 9.8? That will be in 9.7.0b2. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ bind-users mailing list bind-

Re: ISC BIND 9.7.0b1 is now available

On Oct 28 2009, Evan Hunt wrote: Apparently, support for the new algorithms RSASHA256 and RSASHA512 is not included? Is it planned for 9.7 or shall I wait 9.8? That will be in 9.7.0b2. You aren't going to wait for the RFC? - it doesn't seem to be out yet. Or maybe you are predicting that it

Re: ISC BIND 9.7.0b1 is now available

On Wed, Oct 28, 2009 at 03:17:54PM +, Chris Thompson wrote a message of 13 lines which said: > You aren't going to wait for the RFC? It is in AUTH48 (the last step before publication, theoretically meaning that the people involved have 48 h to make remarks). After all, ldns already has

New BIND server

Hello BIND users, I have setup a new Ubuntu 9.04 server with BIND9. I have looked at a few tutorial and how to’s like this one: https://help.ubuntu.com/community/BIND9ServerHowto but would like to get your tips and tricks to secure your BIND servers before putting it into production.

Re: New BIND server

On Wed, Oct 28, 2009 at 11:27 AM, NéoSynergix | Martin Dubreuil wrote: > but would like to get your tips and tricks to secure your BIND servers > before putting it into production. A little vague here. You haven't defined what your intentions are. Is this an authoritative only server for zones? R

RE: New BIND server

Yes sorry, This DNS server is only to resolve our local hosted domain names - authoritative only server - WITH no recursion -Original Message- From: Rick Dicaire [mailto:kri...@gmail.com] Sent: 28 octobre 2009 12:01 To: martin.dubre...@neosynergix.com Cc: bind-users@lists.isc.org Subj

Re: Reasons for not resolving

Alans, Why would you use Google to determine whether a web site is up or not? It's not even clear to me that you're having a DNS problem. It's rather bad practice to have lots of reverse-records in the DNS for a given address (e.g. 96.31.75.113), and can even cause problems with oversized resp

Re: Reverse DNS & slave server

アルベルト wrote: Just simple question. I'm setting up slave dns server, my question, is do I need to transfer Reverse zone too ? or just domain zone is enough? Sort of impossible to answer, without more information. Why did you set up a slave server in the first place? Redundancy? Performanc

Re: New BIND server

On 28.10.09 11:27, NéoSynergix | Martin Dubreuil wrote: > I have setup a new Ubuntu 9.04 server with BIND9. > > but would like to get your tips and tricks to secure your BIND servers > before putting it into production. What do you mean secure? Default installation should not allowanything that m

RE: New BIND server

> > > > > > > > > > > > > > > > > Hello BIND users, I have setup a new Ubuntu 9.04 server with BIND9. I have looked at a few tutorial and how to's like this one: https://help.ubuntu.com/community/BIND9ServerHowto but would like to get your tips and tri

Re: New BIND server

Yeah, look it over, but take the zone-transfer restrictions and version-obfuscation stuff with a bit of a grain of salt. Those parts are a little too PHSCSE (Pointy-Haired So-Called Security Expert)-ish for my tastes, verging on Theater. At least they finally got rid of the "bogon" stuff. Chr

Re: ISC BIND 9.7.0b1 is now available

> You aren't going to wait for the RFC? - it doesn't seem to be out yet. > Or maybe you are predicting that it will be out before 9.7.0b2 is... It's out now (RFC 5702), so this is a moot point--but we were mainly waiting for IANA to pick the final codepoints, not so much for the RFC to be finalize

Re: Reverse DNS & slave server

In article , $B%"%k%Y%k%H(B wrote: > Just simple question. > > I'm setting up slave dns server, my question, is do I need to transfer > Reverse zone > too ? or just domain zone is enough? > > thank you for any help You need to transfer any zones that are delegated to the slave server. Th

Re: ISC BIND 9.7.0b1 is now available

On Oct 28 2009, Evan Hunt wrote: You aren't going to wait for the RFC? - it doesn't seem to be out yet. Or maybe you are predicting that it will be out before 9.7.0b2 is... It's out now (RFC 5702), so this is a moot point--but we were mainly waiting for IANA to pick the final codepoints, not s

Re: ISC BIND 9.7.0b1 is now available

> Will you be adding RSASHA256 support in the 9.5.x and 9.6.x series? It > might be a bit optimistic to expect everyone to move to 9.7.x by 2010-07-01, > if that's when the root zone is going to be *really* signed (with RSASHA256, > according to current reports). Not 9.5.x, as it lacks NSEC3 supp

how to debug

HI, I have already analysis where to add new RR,and how to make it works. But i don't contact automake tool before, so reading so large configure and makefiles make me feel so bad. I try to understand ,but it just myself alone to do this , so anyone can give some guide how to debug the source

Re: how to debug

In message , aihua zhang writes: > > HI, > > I have already analysis where to add new RR,and how to make it works. > But i don't contact automake tool before, so reading so large configure > and makefiles make me feel so bad. I try to understand ,but it just myself > alone to do this , so

RE: Reasons for not resolving

Kevin, Thanks for your explanation, yarnandwaste.com cannot be resolved, below is dig +trace result: [r...@ns2 ~]# dig yarnandwaste.com +trace ; <<>> DiG 9.4.2 <<>> yarnandwaste.com +trace ;; global options: printcmd . 437569 IN NS B.ROOT-SERVERS.NET. .