In article ,
Gregory Hicks wrote:
> > Date: Thu, 15 Apr 2010 14:25:35 -0400
> > Subject: Re: logging forwarding reqs
> > From: Jonathan Reed
> > To: bind-users@lists.isc.org
> >
> > But I am still unable to determine if those reqs are asking the
> > forwarders.
> >
> > The forwarders are all W
Greg,
Usually we use forwarders so we don't always have to bother root
servers.
Because our ISP's deals with great amount of requests from all the
clients, probably most of your new requests are already in their cache
and it's much faster than query a root server, because it's on the same
network
On Apr 15 2010, Roy Badami wrote:
Actually there *is* DNSSEC involved or the query would not have
failed.
Yes, sorry. I meant to imply that there is no DNSSEC involved beyond
the verification of the covering NSEC that proves the lack of a DLV
record.
There is a bug in the BIND 9.7.0-P1 fixe
Did I misread your original problem? I thought you said it worked if
you had only one of the nameservers in resolv.conf. You didn't state
but I assume (that word again) that you meant if either of your
nameservers was there by itself it worked?
Why would a recursion issue not come into play whe
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Do I need to allow UDP/500 packets (ISAKMP) to my bind DNS servers for DNSSEC?
I've been seeing a lot of UDP/500 attempts from the general internet
to my public DNS servers, and can't figure out why. The Wikipedia page
for DNSSEC doesn't mention anything about ISAKMP or VPN tunnels.
--
deny ip a
On 4/16/2010 9:49 AM, Deny IP Any Any wrote:
> Do I need to allow UDP/500 packets (ISAKMP) to my bind DNS servers for DNSSEC?
>
> I've been seeing a lot of UDP/500 attempts from the general internet
> to my public DNS servers, and can't figure out why. The Wikipedia page
> for DNSSEC doesn't menti
On Fri, 16 Apr 2010, Deny IP Any Any wrote:
Do I need to allow UDP/500 packets (ISAKMP) to my bind DNS servers for DNSSEC?
I've been seeing a lot of UDP/500 attempts from the general internet
to my public DNS servers, and can't figure out why. The Wikipedia page
for DNSSEC doesn't mention anyth
I did some timings with BIND 9.6.1-P3 and 9.7.0-P1 on two servers:
SunOS 5.9 sun4u sparc SUNW,Sun-Blade-1500 (old hardware)
Ubuntu hardy x86_64 GNU/Linux (more modern hardware)
I had noticed long times for "rndc reload" to complete, and I wanted to
see if 9.6.1-P3 was diff
> DNSSEC and ISAKMP are not related.
Well, that's no longer entirely true... AIUI Microsoft seem to have
decided that in their DNSSEC implementation they will use IPsec (and
hence IKE with GSS-API) to secure communications from the client to
the validating resolver (rather than using GSS-TSIG, wh
In message , "Lightner
, Jeff" writes:
> Did I misread your original problem? I thought you said it worked if
> you had only one of the nameservers in resolv.conf. You didn't state
> but I assume (that word again) that you meant if either of your
> nameservers was there by itself it worked?
>
On 4/16/2010 4:03 PM, Roy Badami wrote:
>> DNSSEC and ISAKMP are not related.
>
> Well, that's no longer entirely true... AIUI Microsoft seem to have
> decided that in their DNSSEC implementation they will use IPsec (and
> hence IKE with GSS-API) to secure communications from the client to
> the
In article ,
"Nuno Paquete" wrote:
> Greg,
>
> Usually we use forwarders so we don't always have to bother root
> servers.
You only bother the root servers when the TLD's NS records aren't in
cache. Since these NS records have 2-day TTLs, you don't have to go to
the root servers very often
13 matches
Mail list logo
