On Tue, 14 Jun 2011 14:25:12 +0200, eric...@kom.za.net wrote:
zone "194.134.41.in-addr.arpa" IN {
type master;
file
"/var/cache/bind/194.134.41.metropolitanbuntu.co.za.inv";
};
you need to ask isp to set this, this is common error at home
_
On 17/06/2011 09:21, Benny Pedersen wrote:
> On Tue, 14 Jun 2011 14:25:12 +0200, eric...@kom.za.net wrote:
>
>> zone "194.134.41.in-addr.arpa" IN {
>> type master;
>> file "/var/cache/bind/194.134.41.metropolitanbuntu.co.za.inv";
>> };
>
The reverse mapping IP addresses to name it
Hi,
I have the following problem:
1. Slave is trying to contact master for the first time but master in
unreachable:
zone ./IN: refresh: retry limit for master 10.0.15.1#53 exceeded
(source 0.0.0.0#0)
2. Master starts up (also for the first time) and gets information
about slave in the NS recor
Hello World!
I have installed bind-9.8.0-P2. I configured it with:
./configure --prefix=/usr --disable-static --enable-shared --enable-threads \
--with-libtool --with-libxml2=yes --sysconfdir=/etc --localstatedir=/var
I have created a user named and a group named, gave named somewhere to play:
Once again. Thanks to everyone for the feedback!
Marty
> To: dspa...@gmail.com
> From: ma...@isc.org
> Subject: Re: question about thehartford.com domain
> Date: Fri, 17 Jun 2011 10:40:10 +1000
> CC: dnsad...@thehartford.com; ns...@verisign-grs.com; bind-us...@isc.org
>
>
> In message <4dfa62
On 17/06/11 12:10, Andrew Benton wrote:
And it works well for every domain on the internet. Except for
www.nhs.uk - I can't resolve nhs.uk
www.nhs.uk is, currently, a CNAME to
www.prod.nhs.uk.akadns.net
You might be suffering from the bind 9.8 CNAME issue. See the recent,
repeated discussion
On 17/06/2011 09:21, Benny Pedersen wrote:
On Tue, 14 Jun 2011 14:25:12 +0200, eric...@kom.za.net
wrote:
zone "194.134.41.in-addr.arpa" IN {
type master;
file
"/var/cache/bind/194.134.41.metropolitan
On 17.06.11 11:53, Jarosław Świerczyński wrote:
> I have the following problem:
>
> 1. Slave is trying to contact master for the first time but master in
> unreachable:
>
> zone ./IN: refresh: retry limit for master 10.0.15.1#53 exceeded
> (source 0.0.0.0#0)
[...]
> client 10.0.15.1#9947: receive
Hi there,
On Fri, 17 Jun 2011 Andrew Benton wrote:
> I can't resolve one domain: nhs.uk
laptop:~$ >>> whois nhs.uk
Error for "nhs.uk".
This domain cannot be registered because it contravenes the Nominet UK
naming rules. The reason is:
the domain name contains too few parts.
On Fri, 17 Jun 2011 13:01:00 +0100
Phil Mayers wrote:
> On 17/06/11 12:10, Andrew Benton wrote:
> >
> > And it works well for every domain on the internet. Except for
> > www.nhs.uk - I can't resolve nhs.uk
>
> www.nhs.uk is, currently, a CNAME to
> www.prod.nhs.uk.akadns.net
>
> You might be s
For our zone countryday.net, which is configured with "auto-dnssec maintain"
and is running on bind 9.8.0, a ZSK rollover is in progress but seems to be
failing.
The metadata for the original key is:
; This is a zone-signing key, keyid 2750, for countryday.net.
; Created: 20110402153620 (Sat Ap
Hello Eric Kom,
Am 2011-06-17 09:46:09, hacktest Du folgendes herunter:
> The reverse mapping IP addresses to name it's seeming like no configured!
You have to ask your ISP to setup the IP addresses with the right PTR.
> Since you said that I already have the same error at home, please did
> you
Hello Eric Kom,
are you sure, you want this:
> ns1 IN A 41.134.194.90
> ns2 IN A 41.134.194.91
> ns1 IN A 10.0.0.80
> ns2 IN A 10.0.0.82
This results in a round-robing and I would not get in 50% of all cases
the right domain.
> www
Resolves from here:
[drf@maplepark ~]$ dig nhs.uk
; <<>> DiG 9.8.0-P2 <<>> nhs.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65421
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;nhs.uk.
On 17/06/11 14:33, Andrew Benton wrote:
Do you mean this patch?
Yep.
http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/ports/dns/bind98/files/patch-bin__named__query.c?rev=1.1
I've just tried it and it made no difference. I'm not convinced of this
CNAME hypothesis. Could you point me toward
Hello Metropolitan College ,
>root@nina:/home/erickom# nslookup 41.134.194.90
>Server:196.28.80.139
>Address:196.28.80.139#53
>Non-authoritative answer:
>90.194.134.41.in-addr.arpaname = ns1.metropolitanbuntu.co.za.
>Authoritative answers can be found from:
On 17/06/11 14:40, G.W. Haywood wrote:
Hi there,
On Fri, 17 Jun 2011 Andrew Benton wrote:
I can't resolve one domain: nhs.uk
laptop:~$>>> whois nhs.uk
Error for "nhs.uk".
This domain cannot be registered because it contravenes the Nominet UK
naming rules. The reason is:
On Jun 17 2011, G.W. Haywood wrote:
laptop:~$ >>> whois nhs.uk
Error for "nhs.uk".
This domain cannot be registered because it contravenes the Nominet UK
naming rules. The reason is:
the domain name contains too few parts.
WHOIS lookup made at 14:37:29 17-Jun-2011
That's j
Spain, Dr. Jeffry A. wrote:
>
> I'm sure I could solve this by removing all of the DNSSEC data and
> resigning the zone, but would prefer not to do this except as a last
> resort. If anyone has troubleshooting suggestions or other insights, I
> would be grateful for those. Thanks.
What does `rndc
Hi ,
Can we resign a signed zone with out key files? Please clarify me.
Thanks,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc
On 17/06/11 15:13, Spain, Dr. Jeffry A. wrote:
As of today (6/17/2011), RRSIG records for key 2750 are present for
every RRset in the zone. The only RRSIG record for key 33722 is for the
SOA RRset. See http://dnsviz.net/d/countryday.net/dnssec/. As I
understand the process, based on the dates in
andy:~$ dig nhs.uk
;<<>> DiG 9.8.0-P2<<>> nhs.uk
;; global options: +cmd
;; connection timed out; no servers could be reached
andy:~$
It then leaves this in /var/sys.log:
Jun 17 11:49:42 eccles named[4689]: createfetch: pop.gmail.com A
Jun 17 11:49:43 eccles named[4689]: createfetch: gmail-po
Hi!
I am having some problem with my nameserver:
It resolves forward:
!user@ks1:~$ host google.com
!google.com has address 74.125.79.147
!google.com has address 74.125.79.99
!google.com has address 74.125.79.104
!google.com mail is handled by 50 alt4.aspmx.l.google.com.
!google.com mail is handle
Spam detection software, running on the system
"lucid-nonsense.infracaninophile.co.uk", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
The admi
On 17/06/2011 16:24, Michelle Konzack wrote:
Hello Metropolitan College ,
Thanks for every things,
root@nina:/home/erickom# nslookup 41.134.194.90
Server:196.28.80.139
Address:196.28.80.139#53
Non-authoritative ans
Barry Finkel wrote:
I ran a test this morning on one of the Solaris 10 slave servers.
A query to the server showed serial numbers:
_tcp 1238
_udp842
Both of these match the zone on the MS Windows DNS Server.
I checked the zone files on the slave server:
_tcp 1239
_u
Delegation records caught us too. There used to be a
document called something like "top 10 things to pay attention
to when you upgrade from bind 8 to bind 9" which included
this gotcha, and I'd wished I'd paid real attention to it.
But it was easily fixed once the problem was understood.
We foun
On 17/06/2011 16:16, Michelle Konzack wrote:
Hello Eric Kom,
are you sure, you want this:
ns1 IN A 41.134.194.90
ns2 IN A 41.134.194.91
ns1 IN A 10.0.0.80
ns2 IN A 10.0.0.82
I use t
Hi,
Thank you for reply.
> The whole fact that master sent a notify to slave does NOT mean that the
> master is reachable from the slave, it only means that slave is reachable
> from the master.
In theory you are right. But in most cases it also means that the
master is reachable from the slave.
On 06/17/2011 09:25 PM, Spain, Dr. Jeffry A. wrote:
Our zone has 115 records, not counting DNSSEC-related records. I
originally signed it by specifying the zone file and key directory
along with "auto-dnssec maintain" in the configuration file. Looking
at all the RRSIGs, they expire for the most
Thanks, Phil.
> How big is the zone, and how did you sign it originally? If you used "rndc
> sign", then there will be little jitter in the RRSIG so they'll all tend to
> roll over together.
>For most of our zones, I signed them manually using dnssec-signzone and tuning
>the jitter for a consta
On 06/17/2011 04:51 PM, rams wrote:
Hi ,
Can we resign a signed zone with out key files? Please clarify me.
No. Keys are required for signing.
Have you lost the key files? If so you may need to transition to
unsigned, then re-sign from scratch.
_
> What does `rndc sign ` do?
Thanks, Tony. I have never run rndc sign, as the zone is configured with
auto-dnssec maintain. Before intervening in this manner, I would like to gain a
greater understanding of what is going on. Thanks. Jeff.
___
Please vi
On 06/17/2011 09:35 PM, Phil Mayers wrote:
In which case you're going to have a serious problems I think. You can't
delete a DNSKEY which has any extant RRSIGs until $MAX_TTL *after* those
RRSIGs finally disappear.
There's an RFC describing the key rotation schedules you must use in a
lot of de
Hello,
On 17.06.11 17:49, Matthew Seaman wrote:
> Spam detection software, running on the system
> "lucid-nonsense.infracaninophile.co.uk", has
> identified this incoming email as possible spam. The original message
> has been attached to this so you can view it (if it isn't spam) or label
> sim
Good Evening,
my three NS where working properly all the time. For some time I was
switching to DNSSEC and now it refuse to update the Slaves...
If I delete the cache from the Slaves it sucks automaticaly the new
Zones from the Master.
Why do the Slaves not more update?
Note: Last ye
On 06/17/11 11:44, Thomas Schweikle wrote:
Hi!
I am having some problem with my nameserver:
It resolves forward:
!user@ks1:~$ host google.com
!google.com has address 74.125.79.147
!google.com has address 74.125.79.99
!google.com has address 74.125.79.104
!google.com mail is handled by 50 alt4.a
Thomas Schweikle wrote:
> But not reverse:
> !user@ks1:~$ host 74.125.79.99
> !Host 99.79.125.74.in-addr.arpa not found: 2(SERVFAIL)
...
> !zone "in-addr.arpa" {
> ! type slave;
> ! file "/var/cache/named/root/in-addr.arpa.slave";
> ! masters { 192.5.5.241; };
> ! notify no;
> !};
You seem
Thanks, Phil. The document I used to set up the rotation schedules is "Good
Practices Guide for Deploying DNSSEC" at
http://www.enisa.europa.eu/act/res/technologies/tech/gpgdnssec. It recommends a
two-week interval between ZSK inactivation and deletion. I will carefully study
the IETF draft bel
O>> ftp IN CNAME www
img IN CNAME www
* IN CNAME www
imapIN CNAME mail
pop IN CNAME mail
pop3IN CNAME mail
smtpIN CNAME mail
n 17.06.11 16:16, Michelle Konzack wrote:
Are you sure, this is working? The "*" wildcard
The only thing I would change is making the deletion happen
sig-validity-interval after the inactivation of the key. The idea
is to have a gradual replacement of signatures as they normally
fall due for re-signing.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHO
On Fri, 17 Jun 2011 11:26:22 -0500
Lyle Giese wrote:
> > andy:~$ dig nhs.uk
> >
> > ;<<>> DiG 9.8.0-P2<<>> nhs.uk
> > ;; global options: +cmd
> > ;; connection timed out; no servers could be reached
> > andy:~$
> >
> > It then leaves this in /var/sys.log:
> >
> > Jun 17 11:49:42 eccles named[46
On Fri, 17 Jun 2011 09:22:02 -0500 (CDT)
David Forrest wrote:
> Resolves from here:
>
> [drf@maplepark ~]$ dig nhs.uk
>
> ; <<>> DiG 9.8.0-P2 <<>> nhs.uk
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65421
> ;; flags: qr rd ra; QUERY: 1, ANSWE
On 06/17/11 12:53, Metropolitan College wrote:
On 17/06/2011 16:16, Michelle Konzack wrote:
Hello Eric Kom,
are you sure, you want this:
ns1 IN A 41.134.194.90
ns2 IN A 41.134.194.91
ns1 IN A 10.0.0.80
ns2 IN A 10.0.0.82
I use to r
44 matches
Mail list logo
