Context: BIND 9.7.0
I have made use of views on a single server for providing
suitable/selective responses to internal, external and guest clients.
This setup has been working for years but is now broken for clients
querying from a guest network (via the guest view) unless the queries
have checkin
Hello list,
In my logs I see numerous line like these:
Mar 16 04:59:13 mx02 named[4606]: unexpected RCODE (SERVFAIL)
resolving 'hotmeil.com/MX/IN': 10.2.1.3#53
Mar 16 04:59:14 mx02 named[4606]: unexpected RCODE (SERVFAIL)
resolving 'hotmeil.com/MX/IN': 10.0.1.3#53
Mar 16 04:59:15 mx02 named[460
On 16.03.10 09:45, Ruben Laban wrote:
> In my logs I see numerous line like these:
>
> Mar 16 04:59:13 mx02 named[4606]: unexpected RCODE (SERVFAIL)
> resolving 'hotmeil.com/MX/IN': 10.2.1.3#53
> Mar 16 04:59:14 mx02 named[4606]: unexpected RCODE (SERVFAIL)
> resolving 'hotmeil.com/MX/IN': 10.0.
On Tue, 16 Mar 2010 08:14:40 + (UTC), John Marshall wrote:
>
> Client: 192.168.25.71 is querying the PTR record for its own address.
> Server: 172.25.24.16 is querying itself for the DS record for the
> parent of the zone which the client is querying (Why?).
> There is no DS recor
In message <20100316090709.gc7...@fantomas.sk>, Matus UHLAR - fantomas writes:
> On 16.03.10 09:45, Ruben Laban wrote:
> > In my logs I see numerous line like these:
> >
> > Mar 16 04:59:13 mx02 named[4606]: unexpected RCODE (SERVFAIL)
> > resolving 'hotmeil.com/MX/IN': 10.2.1.3#53
> > Mar 16 04
> > On 16.03.10 09:45, Ruben Laban wrote:
> > > In my logs I see numerous line like these:
> > >
> > > Mar 16 04:59:13 mx02 named[4606]: unexpected RCODE (SERVFAIL)
> > > resolving 'hotmeil.com/MX/IN': 10.2.1.3#53
> > > Mar 16 04:59:14 mx02 named[4606]: unexpected RCODE (SERVFAIL)
> > > resolvin
I'd like to get your feedback on the following thoughts regarding DNSSEC HW
support.
Any layer 2 or 3 devices forwarding frames or packets should not be affected by
the implementation of DNSSEC regardless of the type of protocol (TCP/UDP) or
the query size (large or small).
Layer 4 devices (sm
I'd like to get your feedback on the following thoughts regarding DNSSEC HW
support.
Any layer 2 or 3 devices forwarding frames or packets should not be affected by
the implementation of DNSSEC regardless of the type of protocol (TCP/UDP) or
the query size (large or small).
Layer 4 devices (s
> > I'd like to get your feedback on
> the following thoughts regarding DNSSEC HW support.
> >
> > Any layer 2 or 3 devices forwarding frames or packets
> should not be affected by the implementation of DNSSEC
> regardless of the type of protocol (TCP/UDP) or the query
> size (large or small).
> >
On 2010-03-16 15:57, prock...@yahoo.com wrote:
> I'm trying to figure out how many tests I need to run for an
> individual product (layer 2, 3, 4, and 7) before I can say it is
> completely DNSSEC compliant.
By definition, any layer 2, 3 and 4 product is DNSSEC-agnostic: DNS with
or without SEC-ext
In article ,
Gary Wallis wrote:
> Let's say I have this setup :
>
> BIND 9.4 named.conf includes a master.zones file with the following:
>
> ...
> zone "ns1.yourdomain.com" {
> type master;
> file "master/external/n/ns1.yourdomain.com.signed";
>
Hi,
We have a recurring problem with recursive domain resolution using a
bind 9.6 caching server. An example of such a zone is ecb.eu. The
problem seems due to a misconfiguration on their side where all the
(supposedly authorative) NS records listed in their zone file do not
answer requests
Sam Wilson wrote:
In article ,
Gary Wallis wrote:
Let's say I have this setup :
BIND 9.4 named.conf includes a master.zones file with the following:
...
zone "ns1.yourdomain.com" {
type master;
file "master/external/n/ns1.yourdomain.com.signed";
In article ,
Gary Wallis wrote:
> I would be nice to know what a zone apex is since what I have found on
> the web so far is pretty self-referential.
The resource record set for the zone name itself (e.g. SOA and NS) is
the apex.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEA
In article ,
Gary Wallis wrote:
> Sam Wilson wrote:
> > In article ,
> > Gary Wallis wrote:
> >
> >> Let's say I have this setup :
> >>
> >> BIND 9.4 named.conf includes a master.zones file with the following:
> >>
> >> ...
> >> zone "ns1.yourdomain.com" {
> >> type
Gary Wallis wrote:
[other stuff snipped out]
> Regarding my main question:
>
> How to delegate signing authority from parent yourdomain.com to child
> ns1.yourdomain.com.
Insert the DS records from the child into the parent and re-sign the parent.
> I still have to setup a DNSSEC resolver to b
Hello all,
I have a problem with a CIDR IN-ADDR.ARPA delegation of a /28 netblock.
Domain names and IP numbers have been edited for privacy purposes.
I've had my local ISP make me a CIDR in-addr.arpa delegation for the block
192.168.33.112/28 to my name servers:
ns1.mydomain.dom
ns
Alan Clegg wrote:
Gary Wallis wrote:
[other stuff snipped out]
Regarding my main question:
How to delegate signing authority from parent yourdomain.com to child
ns1.yourdomain.com.
Insert the DS records from the child into the parent and re-sign the parent.
I still have to setup a DNSSEC
On Mar 16, 2010, at 11:39 AM, Niobos wrote:
On 2010-03-16 15:57, prock...@yahoo.com wrote:
I'm trying to figure out how many tests I need to run for an
individual product (layer 2, 3, 4, and 7) before I can say it is
completely DNSSEC compliant.
By definition, any layer 2, 3 and 4 product is
What do the CNAMEs look like in 33.168.192.in-addr.arpa, or, if that's
not a delegated zone, the closest-enclosing zone of that?
- Kevin
On 3/16/2010 3:19 PM, Lister wrote:
Hel
In message , John Marshall
writes:
> On Tue, 16 Mar 2010 08:14:40 + (UTC), John Marshall wrote:
> >
> > Client: 192.168.25.71 is querying the PTR record for its own address.
> > Server: 172.25.24.16 is querying itself for the DS record for the
> > parent of the zone which the client is qu
Hello -
What is the default build on linux (2.6) with regard to threads.
If I don't explicitly enable or disable threads, does named
run threaded or unthreaded?
Thanks
--
jack
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/ma
In message <20100316131539.ga10...@fantomas.sk>, Matus UHLAR - fantomas writes:
> > > On 16.03.10 09:45, Ruben Laban wrote:
> > > > In my logs I see numerous line like these:
> > > >
> > > > Mar 16 04:59:13 mx02 named[4606]: unexpected RCODE (SERVFAIL)
> > > > resolving 'hotmeil.com/MX/IN': 10.2
In message <4b9fad0c.1090...@um.edu.mt>, Gilbert Cassar writes:
> Hi,
>
> We have a recurring problem with recursive domain resolution using a
> bind 9.6 caching server. An example of such a zone is ecb.eu. The
> problem seems due to a misconfiguration on their side where all the
> (supposedl
Jack Tavares wrote:
Hello -
What is the default build on linux (2.6) with regard to threads.
If I don't explicitly enable or disable threads, does named
run threaded or unthreaded?
Threaded.
Thanks
--
jack
---
On Wed, 17 Mar 2010, 09:03 +1100, Mark Andrews wrote:
> In message , John
> Marshall
> writes:
> > I don't understand this. If the client needs an answer from
> > 25.168.192.in-addr.arpa. and we are hosting that zone and its parent
> > zone (both unsigned, both in our internal view), why are we
In message <20100316234500.ga99...@rwpc12.mby.riverwillow.net.au>, John Marshal
l writes:
> On Wed, 17 Mar 2010, 09:03 +1100, Mark Andrews wrote:
> > In message , John Marsh
> all
> > writes:
> > > I don't understand this. If the client needs an answer from
> > > 25.168.192.in-addr.arpa. and we
Mark Andrews writes:
>
> In message <20100316234500.ga99...@rwpc12.mby.riverwillow.net.au>, John Marsh
> al
> l writes:
> > On Wed, 17 Mar 2010, 09:03 +1100, Mark Andrews wrote:
> > > In message , John Mar
> sh
> > all
> > > writes:
> > > > I don't understand this. If the client needs an answer
In message <9d84df667a714fab888d578ae8967...@neo>, "Lister" writes:
> Hello all,
>
> I have a problem with a CIDR IN-ADDR.ARPA delegation of a /28 netblock.
> Domain names and IP numbers have been edited for privacy purposes.
>
> I've had my local ISP make me a CIDR in-addr.arpa delegation for t
BIND 9.5.2-P3 is now available.
BIND 9.5.2-P3 is a recommended patch for BIND 9.5.2. It addresses
excessive query traffic generated when there is a break in the
DNSSEC trust chain as a result of a configuration error. It is
recommended for anyone using DNSSEC validation and
BIND 9.4-ESV-R1 is now available.
BIND 9.4-ESV-R1 is revision 1 of the extended release version
for BIND 9.4. It is recommended that all BIND 9.4.x users
upgrade to BIND 9.4-ESV-R1.
BIND 9.4-ESV-R1 can be downloaded from
ftp://ftp.isc.org/isc/bin
BIND 9.6-ESV is now available.
BIND 9.6-ESV is a extended release version for BIND 9.6.
BIND 9.6-ESV can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.6-ESV/bind-9.6-ESV.tar.gz
The PGP signature of the distribution is at
ftp://ftp.isc.org/isc/bind9/9
BIND 9.7.0-P1 is now available.
BIND 9.7.0-P1 is a recommended patch for BIND 9.7.0. It addresses
excessive query traffic generated when there is a break in the
DNSSEC trust chain as a result of a configuration error. It is
recommended for anyone using DNSSEC validation and
BIND 9.6.2-P1 is now available.
BIND 9.6.2-P1 is a recommended patch for BIND 9.6.2. It addresses
excessive query traffic generated when there is a break in the
DNSSEC trust chain as a result of a configuration error. It is
recommended for anyone using DNSSEC validation and
I noticed that the patchfix releases of BIND came out today, so
congratulations on that. :) However I was confused by the existence of
both a 9.6.2-P1 and a 9.6-ESV (with the same code inside). Is 9.6.2-P1
the last release on the 9.6 branch? For the purpose of "following" a
branch in the FreeBSD p
In message <4ba04e63.8090...@dougbarton.us>, Doug Barton writes:
> I noticed that the patchfix releases of BIND came out today, so
> congratulations on that. :) However I was confused by the existence of
> both a 9.6.2-P1 and a 9.6-ESV (with the same code inside). Is 9.6.2-P1
> the last release o
On Wed, 17 Mar 2010, 11:11 +1100, Mark Andrews wrote:
> In message <20100316234500.ga99...@rwpc12.mby.riverwillow.net.au>, John
> Marshal
> l writes:
> > > In message , John
> > > Marsh
> > all
> > > writes:
> > > > If I grant the guest clients access to the internal view, all is well.
> > > > T
On 03/16/10 20:57, Mark Andrews wrote:
> In message <4ba04e63.8090...@dougbarton.us>, Doug Barton writes:
>> I noticed that the patchfix releases of BIND came out today, so
>> congratulations on that. :) However I was confused by the existence of
>> both a 9.6.2-P1 and a 9.6-ESV (with the same cod
In message <4ba0595b.8090...@dougbarton.us>, Doug Barton writes:
> On 03/16/10 20:57, Mark Andrews wrote:
> > In message <4ba04e63.8090...@dougbarton.us>, Doug Barton writes:
> >> I noticed that the patchfix releases of BIND came out today, so
> >> congratulations on that. :) However I was confus
In message <20100317041842.gb99...@rwpc12.mby.riverwillow.net.au>, John
Marshall writes:
> [queries log]
> 17-Mar-2010 14:04:11.140 queries: client 172.25.24.18#42640:
> view internal: query: 168.192.in-addr.arpa IN DS + (172.25.24.17)
Named has fallen back to plain DNS talking to itself.
I'll
On 03/16/10 22:17, Mark Andrews wrote:
> ESV's are supposed to be releases which are stable, no dot-o-itis.
I'm not suggesting that they should be the latter, thus my comment that
what I _thought_ would happen is that once the dot-releases were done in
a given branch the -ESV would start. Frankly
41 matches
Mail list logo
