I'm trying to setup a new 9.7.0-P1 server in order to (initially) do
DNSSEC validation lookups.
I'm using the Fedora 13 SRPM, recompiled on CentOS 5.4. SELinux is Off
currently.
when I add the following to my options {} section, I get some log
messages I don't understand...
dnssec-enable
At the top of this post I'd first like to thank Jonathan for a great reply
(which for some reason never seemed to make it onto the usenet mirror of
this group.) - exactly what I was hoping for.
S.
On 10 April 2010 4:26 AM, Jonathan de Boyne Pollard wrote
>>> What I am hoping is that somebo
On Wed, 2010-04-14 at 13:10 +0100, Mark Watts wrote:
> I'm trying to setup a new 9.7.0-P1 server in order to (initially) do
> DNSSEC validation lookups.
> I'm using the Fedora 13 SRPM, recompiled on CentOS 5.4. SELinux is Off
> currently.
>
> when I add the following to my options {} section, I ge
Mark Watts wrote:
> Apr 14 12:06:34 dns01 named[4911]: zone managed-keys.bind/IN/_meta:
> sync_keyzone:dns_journal_open -> unexpected error
Does named have permission to create files in the directory specified by
"directory" in the options block?
BIND uses an internal dynamic zone for RFC5011-u
Hello Sten Carlsen,
Am 2010-04-13 17:41:44, hacktest Du folgendes herunter:
> ;; ANSWER SECTION:
> michelle1.private.tamay-dogan.net. 10800 IN CNAME tamay-dogan.homelinux.net.
^^
> homelinux.net.1759IN
> It would appear that these are all related. Allowing outbound DNS
> queries fixed these messages.
Thanks for the report.
If you didn't want to allow outbound DNS queries, then just turn off
dnssec-lookaside. What it's doing is trying to refresh the DNSSEC key
for dlv.isc.org, but if you weren'
On Sun, Mar 28, 2010 at 11:48:37PM +0100, I wrote:
> A couple of weeks ago I upgraded my BINDs to 9.7.0 and enabled DLV.
>
> This is my first time attemting to validate DNSSEC; however, I've been
> seeing intermittent failures to resolve domains under .org which have
> been frequent enough to forc
> Well, FWIW I upgraded to 9.7.0-P1 and tried enabling DLV again and
> I've seen no repeat of the DNSSEC name resolution issues so far; it's
> early days yet (only been running DLV for three days) but certainly
> looking promissing.
I spoke too soon. I've now found a query that (at least this eve
On 04/14/10 16:28, Roy Badami wrote:
Well, FWIW I upgraded to 9.7.0-P1 and tried enabling DLV again and
I've seen no repeat of the DNSSEC name resolution issues so far; it's
early days yet (only been running DLV for three days) but certainly
looking promissing.
I spoke too soon. I've now found
My apologies if I'm posting the wrong place, or am asking a common
question. All my looking so far hasn't turned up anything very useful
in knowing what to look at, or what to modify.
---
CentOS 5, running BIND 9.3.6
i386
Hardware:
P4, 2.8Ghz, 1G memory
Sata drives - non mirrored etc.
Load is li
In message <0808710b26e7e541ad135be9553cfb6896c1b3a...@hq-ec-02.ba.ad.ssa.gov>,
"Khuu, Linh MicroTech" writes:
> I just turned on the dnssec-validation today, and I saw lots of messages:
>
> 13-Apr-2010 15:17:17.122 dnssec: debug 3: validating @202be918: 3e77469i4=
> 8du24agcu5ftfumd6iocmrk.or
> > dig www.bbc.net.uk +cd
>
> How does the last query "work"?
What I meant by that, in case it wasn't clear, was that setting the CD
flag in the query caused it query to succeed, hence strongly
suggesting that the cause of the failure in the original query was
related to DNSSEC
In message <20100414232855.gp1...@giles.gnomon.org.uk>, Roy Badami writes:
> > Well, FWIW I upgraded to 9.7.0-P1 and tried enabling DLV again and
> > I've seen no repeat of the DNSSEC name resolution issues so far; it's
> > early days yet (only been running DLV for three days) but certainly
> > lo
13 matches
Mail list logo
