Hi, all. I'm using bind-9.7.2-P3, and I want to get query log, I
pasted related configuration below:
options {
directory "/var/";
forward only;
#listen-on port 53 { 10.198.2.249; 127.0.0.1; };
forwarders {
8.8.8.8;
};
pid-file "file-n
On Oct 3 2010, I wrote:
Since upgrading our main recursive nameservers to BIND 9.7.2-P2 (and
using a trust anchor for the root and lookaside via dlv.isc.org) I am
seeing a scatter of warning messages like this:
Oct 1 19:47:19 dnssec: warning: validating @1c29d580:
115.197.101.95.IN-ADDR.ARPA
In message , Chris Tho
mpson writes:
> On Oct 3 2010, I wrote:
>
> >Since upgrading our main recursive nameservers to BIND 9.7.2-P2 (and
> >using a trust anchor for the root and lookaside via dlv.isc.org) I am
> >seeing a scatter of warning messages like this:
> >
> >Oct 1 19:47:19 dnssec: warni
Hello,
I am trying to allow the DNS-Client to do dynamic updates at the DNS-Server
using BIND. I want to use Kerberos as the security protocol. For that I have
a small test lab with a client, 3 Kerberos Server and one Suse Linux
DNS-Server. The 3 Kerberos-Server are emulated with using VM-Ware.
On 12/06/2010 02:20 PM, Jürgen Dietl wrote:
I have read that there is a special mode called User-To-User Mode. This
mode enables the client to ask for a service direct without asking for a
That's not quite how u2u works.
TGT before. I found out that my client use this special user-to-user
mod
Hello Phil,
thanx for your answer.I dont know really what the server offers because I
dont get a valid response:
Frame 2475: 168 bytes on wire (1344 bits), 168 bytes captured (1344 bits)
Ethernet II, Src: xx, Dst: Vmware_x
Internet Protocol, Src: , Dst
On 12/06/2010 03:18 PM, Jürgen Dietl wrote:
The Log-File from the DNS-SUSE-Server tells me "wrong principal". Is
there a way to find out what principal it expects?
You can configure it:
tkey-domain "YOUR.DOMAIN";
tkey-gssapi-credential "DNS/hostname.your.domain";
(I've never
Hello Phil
thanx again for your answer. So I read between the lines that even if there
were bugfixes for GSSTSIG in Bind V. 9.7.2 - it dont work. So we have to
wait until MS follow the standards? :-)
Forgive me but what is a disjoint domain environment?
thanx a lot,
cheers,
Juergen
2010/12/6 Ph
Hello,
when you read my post before I try to make GSSTSIG run in a testlab
environment with 1 Windows Kerberos-Client, 3 x Kerberos-Server (VMWare) and
1 x DNS-BIND-LINUX-Server (Suse).
Bind-Version: 9.7.2
I do this now the 3rd week. I was reading a lot of books and manuals, doing
a lot of confi
Hello Nevarez,
grats for sending it from your iPhone :-) But is there any message missing?
thanx a lot and have a nice day
cheers,
Juergen
-- Forwarded message --
From: Nevarez, Noe (DNSLB-NETWORKS)
Date: 2010/12/6
Subject: Re: Problems with Bind-Kerberos-Windows-Linux
To: Jürgen
> The client has an entry in the AD with DNS/test@test.loc. The Client,
> DNS-Server, Kerberos-Server all have a copy of the krb5.keytab. If I do a
> kinit -k -t c:\krb5.keytab DNS/test@test.loc then all seem to be ok. I
> get this message from the DNSserver: 03-Dec-2010 10:42:00.451 gener
On 12/06/2010 04:01 PM, Jürgen Dietl wrote:
Hello Phil
thanx again for your answer. So I read between the lines that even if
there were bugfixes for GSSTSIG in Bind V. 9.7.2 - it dont work. So we
have to wait until MS follow the standards? :-)
That's not what I said.
Forgive me but what is a
Hello Serjiu,
many thanx for your hint. This I was asking me too for some time. Because
the TGT is for the client name (principal) that is logged in at the moment
and the service should be always for the same principal name on any client.
So yes I will need to define 2 principals.
You wrote:
You s
> From: Drunkard Zhang
> Date: Mon, 6 Dec 2010 16:54:31 +0800
> Sender: bind-users-bounces+oberman=es@lists.isc.org
>
> Hi, all. I'm using bind-9.7.2-P3, and I want to get query log, I
> pasted related configuration below:
>
> options {
> directory "/var/";
> forward only;
>
Barry Margolin writes:
> Do you have recursion enabled on your server?
A good question. I have never explisitly disabled it and
it appears to be on.
We have an allow-query list based on ACL's so that
callers from inside our networks get both recursive and
nonrecursive lookups. Sp
On Mon, 6 Dec 2010, Martin McCormick wrote:
the config for this private zone is:
zone "r.ds" {
type master;
file "/etc/namedb/master/r.ds.zone";
allow-update {
key updsrv;
};
allow-query { any; };
#a list of slaves
include "/etc/zoneconfigs/stwnotify";
n
On Dec 6, 2010, at 9:00 AM, Jürgen Dietl wrote:
> Hello Serjiu,
> many thanx for your hint. This I was asking me too for some time. Because the
> TGT is for the client name (principal) that is logged in at the moment and
> the service should be always for the same principal name on any client. S
On Dec 6, 2010, at 9:30 AM, Martin McCormick wrote:
> Barry Margolin writes:
>
>> Do you have recursion enabled on your server?
>
> A good question. I have never explisitly disabled it and
> it appears to be on.
The default ACL for allow-recursion is { localhost; localnets; }. That means
Hi,
Running BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6
New setup/install and attempting to setup DNSSEC and clean any dirty data.
Got the zone signed and ran named-checkzone against it and got the following
(11) times:
addnode: NSEC node already exists
The .signed loads but want to have clean befor
Thanks to two list members, I immediately realized what
I needed to do to make this work correctly.
After setting up an authoritative zone for ds, I put in
the NS and A records for the master server and then put in the A
and NS records for r as a deligated zone. It all works fine,
In message , jim
writes:
> --===8614228914376772213==
> Content-Type: multipart/alternative; boundary=00163630e869ed2ed50496c3d6e6
>
> --00163630e869ed2ed50496c3d6e6
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi,
>
> Running BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6
Upgrade.
>
In article ,
Jay Ford wrote:
> On Mon, 6 Dec 2010, Martin McCormick wrote:
> > the config for this private zone is:
> >
> > zone "r.ds" {
> > type master;
> > file "/etc/namedb/master/r.ds.zone";
> >allow-update {
> > key updsrv;
> > };
> >allow-query { any; };
> > #a
Hello Sergiu,
I tried to put in 2 credential Entries in the named.conf:
tkey-gssapi-credential "DNS/test.loc"; (that was in before)
tkey-gssapi-credential "USER/test.loc", (new entry)
tkey-domain "TEST.LOC";
The system didnt like the second entry for the user. So how can I put in 2
credentials, o
23 matches
Mail list logo
