I have a question about the bug that this patch fixes.
--- 9.6.2-P2 released ---
2876. [bug] Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131]
Does this bug only occur if dnssec is enabled?
or only if dnssec valida
If your primary master goes down, and you want to ensure that all of
your slaves get the *latest*available*version* of the zone, and serves
it until the master comes back up, then you would "cross-connect" all of
your slaves so that eventually they'll all sync up to that version.
*HOWEVER*, be
Hi,
I am having a dnssec problem while signing zone:
# dnssec-signzone -N INCREMENT mydomain.org
Verifying the zone using the following algorithms: RSASHA1.
Missing RSASHA1 signature for . NSEC
The zone is not fully signed for the following algorithms: RSASHA1.
dnssec-signzone: fatal: DNSSEC comp
On Thu, May 20, 2010 at 12:10:53PM -0700,
itservices88 wrote
a message of 92 lines which said:
> # dnssec-signzone -N INCREMENT mydomain.org
> Verifying the zone using the following algorithms: RSASHA1.
> Missing RSASHA1 signature for . NSEC
> The zone is not fully signed for the following alg
On 05/20/2010 09:10 PM, itservices88 wrote:
> Verifying the zone using the following algorithms: RSASHA1.
> Missing RSASHA1 signature for . NSEC
You seem to have a record for "." somewhere in your zone file.
Did you load the unsigned zone into BIND before? It should have logged a
warning about t
On 5/20/2010 12:51 PM, Hauke Lampe wrote:
Did you load the unsigned zone into BIND before? It should have logged a
warning about that record.
named-checkzone would be useful here as well.
hth,
Doug
--
... and that's just a little bit of history repeating.
--
No local script. I am using snssec-signzone that cam with the installation:
# dnssec-signzone --help
Version: 9.6.2-P1-RedHat-9.6.2-3.P1
On Thu, May 20, 2010 at 12:26 PM, Stephane Bortzmeyer wrote:
> On Thu, May 20, 2010 at 12:10:53PM -0700,
> itservices88 wrote
> a message of 92 lines which
On Thu, May 20, 2010 at 12:51 PM, Hauke Lampe
> wrote:
> On 05/20/2010 09:10 PM, itservices88 wrote:
>
> > Verifying the zone using the following algorithms: RSASHA1.
> > Missing RSASHA1 signature for . NSEC
>
> You seem to have a record for "." somewhere in your zone file.
>
In named.conf, i ha
#named-checkconf -t /var/named/chroot /etc/named.conf
#
# named-checkzone -t /var/named/chroot mydomain.org /etc/named-data/
mydomain.org
zone mydomain.org/IN: loaded serial 2010141144
OK
No error in both of the commands.
I am missing something else may be.
Thanks
On Thu, May 20, 2010 at 1:04
I'm new to this list but have been having trouble looking for information on
this topic.
A pointer please to information on how to use BIND to "translate" a domain name
to a target URL. For example, www.domain ->
http://www.someother.domain/folder1/folder2/index.html.
Thanks in advance.
-
On Thu, May 20, 2010 at 5:18 PM, Hoover Chan wrote:
> I'm new to this list but have been having trouble looking for information on
> this topic.
>
> A pointer please to information on how to use BIND to "translate" a domain
> name to a target URL. For example, www.domain ->
> http://www.someoth
Heh, thanks for the humor.
I'm used to having control over both Web server and DNS server and the way I
normally handle these things is via an Apache virtual host configuration.
However, I'm under pressure to lose control of DNS and hand it over to a
company like Go Daddy or Network Solutions
Hoover Chan wrote:
I'm new to this list but have been having trouble looking for information on
this topic.
A pointer please to information on how to use BIND to "translate" a domain name to
a target URL. For example, www.domain ->
http://www.someother.domain/folder1/folder2/index.html.
Than
Hi,
Whenever i enable:
dnssec-lookaside "." trust-anchor "DLV.ISC.ORG";
in the named.conf, restart bind, the dns resolution stops. One the same FC12
machine, dig using an outside dns server has no issues resolving with
+dnssec option. I am using bind 9.6.2 that came with FC12.
Any thoughts ?
-
In message , itse
rvices88 writes:
> Hi,
>
> Whenever i enable:
>
> dnssec-lookaside "." trust-anchor "DLV.ISC.ORG";
>
> in the named.conf, restart bind, the dns resolution stops. One the same FC12
> machine, dig using an outside dns server has no issues resolving with
> +dnssec option. I am us
Hi Bind Users,
Good day. I wish to know what is the industry standard when dealing with the
"TOTAL QPS" and how do we calculate this with BIND?
My understanding of "QPS" is the queries that a DNS server has received
regardless if it was dealt with a successful response, nxdomain or timed-out
In message <20100520192619.ga27...@laperouse.bortzmeyer.org>, Stephane Bortzmey
er writes:
> On Thu, May 20, 2010 at 12:10:53PM -0700,
> itservices88 wrote
> a message of 92 lines which said:
>
> > # dnssec-signzone -N INCREMENT mydomain.org
> > Verifying the zone using the following algorith
In message , itse
rvices88 writes:
> Hi,
>
> I am having a dnssec problem while signing zone:
>
> # dnssec-signzone -N INCREMENT mydomain.org
> Verifying the zone using the following algorithms: RSASHA1.
> Missing RSASHA1 signature for . NSEC
> The zone is not fully signed for the following algo
On May 20, 2010, at 8:34 PM, Hoover Chan wrote:
> Heh, thanks for the humor.
>
> I'm used to having control over both Web server and DNS server and the way I
> normally handle these things is via an Apache virtual host configuration.
> However, I'm under pressure to lose control of DNS and hand
Ok. I will open a bug.
Thanks
-dani
On Thu, May 20, 2010 at 8:10 PM, Mark Andrews wrote:
>
> In message ,
> itse
> rvices88 writes:
> > Hi,
> >
> > I am having a dnssec problem while signing zone:
> >
> > # dnssec-signzone -N INCREMENT mydomain.org
> > Verifying the zone using the following alg
I missed the trusted key .. Thanks
Here is the other output
# dig +cd +dnssec dlv.isc.org dnskey @localhost
; <<>> DiG 9.6.2-P1-RedHat-9.6.2-3.P1.fc12 <<>> +cd +dnssec
dlv.isc.orgdnskey @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
Hallo,
I try to setup (=prepare) the our DNS servers for the DNSSEC era.
I have a Centos 5.x with Bind 9.3.6-4. I have one problem and 2 questions.
The problem is that the specific version seems to lack support for DNSSEC
validation! named-checkconf returns the following error:
/etc/named.conf:212
22 matches
Mail list logo
