Re: "broken trust chain" for non-existing AAAA records

Zitat von Mark Andrews : Is this still with BIND 9.7.0-P1 or something more recent? If it is still BIND 9.7.0-P1 then please upgrade. There really is no point debugging validation failures in BIND 9.7.0-P1 anymore as the validator has had really extensive changes since then. Okay, compiled

clarification on SOA

Hi, I have one SOA record as follows in zone. qa.com. 86400 IN SOA ramesh.com. qa.com. ( 2009111903 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 2592000; expire (4 weeks 2 days)

Re: clarification on SOA

On Wed, 2010-12-01 at 19:05 +0530, rams wrote: > I have one SOA record as follows in zone. > > qa.com. 86400 IN SOA ramesh.com. qa.com. ( > 2009111903 ; serial > 10800 ; refresh (3 hours) > 3600 ; retry (1 hour) >

Re: clarification on SOA

On 01.12.10 19:05, rams wrote: > I have one SOA record as follows in zone. > > qa.com. 86400 IN SOA ramesh.com. qa.com. ( > 2009111903 ; serial > 10800 ; refresh (3 hours) > 3600 ; retry (1 hour) > 25920

Re: clarification on SOA

On 12/1/10 2:35 PM, rams wrote: > Hi, > > I have one SOA record as follows in zone. > > qa.com . 86400 IN SOA ramesh.com . > qa.com . ( > 2009111903 ; serial > 10800 ; refresh (3 hours) >

US DNSSEC Key

I'm being told there is an RSA verification failure on the .US domain. I''m getting details from the following; http://dnsviz.net/d/us/dnssec/ I have a signed zone under us. How does this affect my domain and other signed zones under .US? ___

Re: US DNSSEC Key

Zitat von John Williams : I'm being told there is an RSA verification failure on the .US domain. I''m getting details from the following; http://dnsviz.net/d/us/dnssec/ I have a signed zone under us. How does this affect my domain and other signed zones under .US? As far as i know you are

BIND 9.7.2-P3, 9.6.2-P3, 9.6-ESV-R3 and 9.4-ESV-R4 are now available

We've published four releases that contain various security and bug fixes. The detailed Security Advisories are located at: http://www.isc.org/advisories Guidance as to recommended upgrades are available at: http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories BIND

Re: US DNSSEC Key

On Wed, Dec 1, 2010 at 7:36 AM, John Williams wrote: > I'm being told there is an RSA verification failure on the .US domain.  I''m > getting details from the following;  http://dnsviz.net/d/us/dnssec/  I have a > signed zone under us.  How does this affect my domain and other signed zones > under

Re: DNSSEC with 9.7.2-P2

On Tue, 16 Nov 2010, Mark Andrews wrote: Isn't sufficient to configure the root trust anchor inside "managed-keys {};" statement? If I understand correctly the key should be automatically updated, shouldn't it? For 9.7 yes. I just updated to 9.7.2-P3 and got this message on start: Dec 1 1

Re: DNSSEC with 9.7.2-P2

Zitat von David Forrest : On Tue, 16 Nov 2010, Mark Andrews wrote: Isn't sufficient to configure the root trust anchor inside "managed-keys {};" statement? If I understand correctly the key should be automatically updated, shouldn't it? For 9.7 yes. I just updated to 9.7.2-P3 and got

Dynamic DNS with secondary nameserver?

Hi folks, We have an ISC DHCP server here feeding dynamic DNS updates to a BIND 9 machine and it has generally been working fine. Now I am trying to add a slave nameserver to the zone and it works fine for the static hosts but none of the dynamic DNS updates seem to propagate to the slave

Re: Dynamic DNS with secondary nameserver?

How did you tell the primary server who to notify? It should be listed in a NS RR. You can also look at the also-notify option. Is the slave allowed to transfer the zone, if not even a notify will not work. On 01/12/10 21:09, Sean Thomas Caron wrote: > Hi folks, > > We have an ISC DHCP server

Re: Dynamic DNS with secondary nameserver?

On 01/12/10 20:09, Sean Thomas Caron wrote: > ** server can't find > sph-2006-0090-test.ddns.sph.umich.edu.sph.umich.edu: SERVFAIL With NOTIFY enabled on master and slave, what you are trying to do should "just work". Do you mean to have ".sph.umich.edu" repeated?

Re: Dynamic DNS with secondary nameserver?

Hi Sten, Thanks for the response; you made me re-think the issue in such a way that I ended up solving the problem (I think). I was going to copy and paste the NS definitions in the main zone file to show how I had defined the two nameservers for the subdomain and found that I had missed

Last transfer time?

Just curious if there's an official and accurate way to determine the last sucessful transfer time of a slave zone from a BIND server. -- Chip Marshall http://weblog.2bithacker.net/ KB1QYWPGP key ID 43C4819E v4sw5PUhw4/5ln5pr5FOPck4ma4u6FLOw5Xm5l5Ui2e4t4/5ARWb7HKOen6a2Xs5IMr2g6C

Re: Last transfer time?

Just check the logs. No dia 1 de Dez de 2010, às 20:45, "Chip Marshall" escreveu: > Just curious if there's an official and accurate way to > determine the last sucessful transfer time of a slave zone from > a BIND server. > > -- > Chip Marshall > http://weblog.2bithacker.net/ KB1QY

Re: DNSSEC with 9.7.2-P2

On Wed, 1 Dec 2010, lst_ho...@kwsoft.de wrote: Zitat von David Forrest : On Tue, 16 Nov 2010, Mark Andrews wrote: Isn't sufficient to configure the root trust anchor inside "managed-keys {};" statement? If I understand correctly the key should be automatically updated, shouldn't it? For

Query status refused afer upgrading from 9.7.2-P2 to 9.7.2-P3

Dear All, My BIND is running on CentOS 5.5 64bit, I'm getting problem after upgrading from 9.7.2-P2 to 9.7.2-P3, see below to detail may upgrade process: 1. download bind 2. tar -zxvf bind.xxx 3. sudo ./configure --perfix=/usr/loca/named 4. sudo make 5. sudo make install Restart the bind service,

Re: Query status refused afer upgrading from 9.7.2-P2 to 9.7.2-P3

In message <4cf723ef.4050...@pnyet.web.id>, "David S." writes: > Dear All, > > My BIND is running on CentOS 5.5 64bit, I'm getting problem after > upgrading from 9.7.2-P2 to 9.7.2-P3, see below to detail may upgrade > process: > 1. download bind > 2. tar -zxvf bind.xxx > 3. sudo ./configure --per

Upgraded to bind 9.5.1-P3

I've just upgraded my version of bind on my Solaris 10 servers to 9.5.1-P3, and it worked for a week until the TTL's expired after 7 days. I've restarted the named daemon but it fails to update any of slave servers. It's deemed useless as currently none of my internal DNS zones are accessible vi

Re: Query status refused afer upgrading from 9.7.2-P2 to 9.7.2-P3

Hi Mark, Yes, bind work fine without allow-query statement in view. Here is my named.conf and view: options { allow-query { "trusted"; }; }; view "mynetwork" in { match-clients {"trusted"; }; recursion yes; allow-transfer { "xfer"; }; additional-from-auth yes;

Re: Upgraded to bind 9.5.1-P3

On Thu, 2010-12-02 at 17:09 +1100, Stelios Georgi wrote: > I’ve just upgraded my version of bind on my Solaris 10 servers to > 9.5.1-P3, and it worked for a week until the TTL’s expired after 7 > days. > I’ve restarted the named daemon but it fails to update any of slave > servers. It’s deemed usel

Re: Query status refused afer upgrading from 9.7.2-P2 to 9.7.2-P3

On Thu, 2010-12-02 at 13:15 +0700, David S. wrote: > Hi Mark, > > Yes, bind work fine without allow-query statement in view. > Here is my named.conf and view: > > options { > allow-query { "trusted"; }; > }; > Correct > view "mynetwork" in { > match-clients {"trusted"; }; >