Hello,
I would like to know if it is possible to configure in Bind
overlapping reverse zones. For example, load all reverse zones for
IPv4 private addressing that come configured by default with the
package Bind of my Linux distribution:
zone "10.in-addr.arpa" { type master; file "/etc/bind/
On Tue, Aug 09, 2011 at 02:52:10PM +0200, Christian Pinedo Zamalloa
wrote:
> I would like to know if it is possible to configure in Bind
> overlapping reverse zones. For example, load all reverse zones for
> IPv4 private addressing that come configured by default with the
> package Bind of my Li
Hi folks,
We are running a number of BIND 9.7.3-p3 caching nameservers. In the
last couple of months, we've observed the memory utilisation of named
increasing at a steady rate of 1-2% per day on our busiest resolver
with no indication of subsiding - on occasion, there have been large
step increa
Hi, Dennis--
On Aug 9, 2011, at 7:31 AM, Dennis Perisa wrote:
> We are running a number of BIND 9.7.3-p3 caching nameservers. In the
> last couple of months, we've observed the memory utilisation of named
> increasing at a steady rate of 1-2% per day on our busiest resolver
> with no indication o
The "nsdiff" program examines old and new versions of a DNS zone and
outputs the differences as a script for use by BIND's nsupdate program.
It allows you to continue to manually maintain flat text master files as
before, and feed the changes you make into named's easy dynamic DNSSEC
support.
This
My company (as many) run Microsoft Active Directory internally and we use BIND
for our Internet DNS presence. We have had our domain singed for some time.
Now I've been tasked to look into Signing our AD implementation. MS has their
own version of DNSSEC for their DNS but my question is would
On Aug 9, 2011, at 9:13 AM, John Williams wrote:
> My company (as many) run Microsoft Active Directory internally and we use
> BIND for our Internet DNS presence. We have had our domain singed for some
> time. Now I've been tasked to look into Signing our AD implementation. MS
> has their ow
On Wed, 03 Aug 2011 15:45:25 -0500,Barry Finkel wrote:
>
>I did not see any improvement in start-up time.
Neither did I at my first test on a primarily slave DNS with raw format
zonefiles
Next test was on a master and slave with 60K small different zones.
The master now loaded about 650 zon
--- On Tue, 8/9/11, Chris Buxton wrote:
> From: Chris Buxton
> Subject: Re: DNSSEC and MS AD
> To: "John Williams"
> Cc: bind-users@lists.isc.org
> Date: Tuesday, August 9, 2011, 5:00 PM
> On Aug 9, 2011, at 9:13 AM, John
> Williams wrote:
>
> > My company (as many) run Microsoft Active Dire
> The master now loaded about 650 zones/sec.
> The slave did not change from the usual 120 zones/sec.
Interesting, thanks for bringing that to my attention (it hadn't
occurred to me to test with a mostly-slave system).
I'm purely guessing, but I wonder if there's some rate-limiting
due to the SOA
On Tue, 9 Aug 2011 17:18:13 +,Evan Hunt wrote:
>> The master now loaded about 650 zones/sec.
>> The slave did not change from the usual 120 zones/sec.
>
>I'm purely guessing, but I wonder if there's some rate-limiting
>due to the SOA queries slaves have to send to their masters.
>
You are pr
On 08/09/2011 11:17, J. Thomsen wrote:
> On Tue, 9 Aug 2011 17:18:13 +,Evan Hunt wrote:
>
>>> The master now loaded about 650 zones/sec.
>>> The slave did not change from the usual 120 zones/sec.
>>
>> I'm purely guessing, but I wonder if there's some rate-limiting
>> due to the SOA queries s
On 08/09/2011 05:52, Christian Pinedo Zamalloa wrote:
> I would like to know if it is possible to configure in Bind
> overlapping reverse zones.
It would have taken you less time to try it than it did to write the
e-mail. :)
--
Nothin' ever doesn't change, but nothin' changes much.
On 08/09/2011 07:31, Dennis Perisa wrote:
> Hi folks,
>
> We are running a number of BIND 9.7.3-p3
9.7.4 is out.
> caching nameservers. In the
> last couple of months, we've observed the memory utilisation of named
> increasing at a steady rate of 1-2% per day on our busiest resolver
> with no
On Aug 9, 2011, at 10:07 AM, John Williams wrote:
> --- On Tue, 8/9/11, Chris Buxton wrote:
>
>> With a private version of a domain, you should not need to
>> worry about a DS record in the parent. Just make sure your
>> internal caching servers not only can find the internal
>> version of your
2011/8/9 Doug Barton :
> On 08/09/2011 05:52, Christian Pinedo Zamalloa wrote:
>> I would like to know if it is possible to configure in Bind
>> overlapping reverse zones.
>
> It would have taken you less time to try it than it did to write the
> e-mail. :)
>
and I tried it before and it worked :-
In message <37eb0c69-09a1-45a8-9d0e-1027ccbf8...@gmail.com>, Chris Buxton write
s:
> The use of internal, private namespace should be entirely transparent to any
> service other than DNS. Your mail server should not need to know about it, an
> d should not be able to detect it (other than watchin
In message
, Christian Pinedo Zamalloa writes:
> 2011/8/9 Doug Barton :
> > On 08/09/2011 05:52, Christian Pinedo Zamalloa wrote:
> >> I would like to know if it is possible to configure in Bind
> >> overlapping reverse zones.
> >
> > It would have taken you less time to try it than it did to wri
Dennis
What's the OS are you are using? What's the compiler version used and
what are the compiler options used to build the binary? How are you
measuring the memory utilization? Does the RSS of named grow over time?
thanks
Sam.
On Wed, 2011-08-10 at 00:31 +1000, Dennis Perisa wrote:
> Hi folks,
Unless I'm very mistaken, an "AD Integrated" (as opposed to
"primary"/"secondary") zone cannot be protected by DNSSEC. (remember
having read this in the MS's DNSSEC document).
Also (in that document) : max algorithm supported is 5 (RSASHA1).
This means that using MS DNS as validating caching name
20 matches
Mail list logo
