Hi,
Currently we using ipv4 network for our customers and all.By the way, we
do not block any ipv6 , so why we got ipv6 resolution as network
unreachable in logs?
On 10/05/12 09:47, Ben wrote:
Hi,
I just enable bind as caching name server and when watching logs i got
below erros.
It loo
Am 10.05.2012 um 23:52 schrieb Evan Hunt:
>>> key 22924 of framail.de has a delete date of 2012-05-07T14:55:02 set.
>>> It has been deleted from the repository at 2012-05-07T14:55:02.569706,
>>> but is still included by named 9.9.0 in the zone framail.de
>>> (as of 2012-05-10T19:51:32).
>>
>> To
Ben wrote:
> Hi,
>
> Currently we using ipv4 network for our customers and all.By the way, we
> do not block any ipv6 , so why we got ipv6 resolution as network
> unreachable in logs?
BIND believes your OS has IPv6 and tries to use it.
One option for disabling use of IPv6 in BIND is to tell BIND
Warren wrote on 05/10/2012 04:14:01 PM:
> Multiple options:
> 1: install haveged (http://www.irisa.fr/caps/projects/hipsor/) --
> this will provide you with much randomness [0].
> 2: buy a USB entropy widget (for example: http://www.entropykey.co.uk/)
> 3: See if there is a driver for your TPM --
Jan-Piet wrote on 05/11/2012 02:17:53 AM:
> Indeed, which brings on the question why BIND (still) doesn't have the
> a "negative trust anchor" feature.
So how do we implement one? Create a separate caching server with DNSSEC
validation turned off and forward all queries for the broken domain to
wbr...@e1b.org wrote:
>
> So how do we implement one? Create a separate caching server with DNSSEC
> validation turned off and forward all queries for the broken domain to it?
That won't work, because a validating server validates replies from a
forwarding server.
Tony.
--
f.anthony.n.finch
> That's what I mean with "key 22924 of framail.de has a delete date of
> 2012-05-07T14:55:02 set".
Okay. But you also said it was deleted from the repository at or before
that time, and clarified that this meant your script had deleted it. It
needs to remain in the repository until *after* all
> So how do we implement one? Create a separate caching server with DNSSEC
> validation turned off and forward all queries for the broken domain to it?
Unbound can be configured (on the fly) to ignore DNSSEC for individual
zones. From the unbound.conf(5) page:
domain-insecure:
Sets
I found this article about setting up a secondary master.
This may be useful as we are bringing up a disaster recovery site.
The author explains that the zone type should be 'slave'' so it can receive db
updates from the normal master.
Seems like that makes it a slave instead of a master for that
John wrote on 05/11/2012 11:05:58 AM:
> I found this article about setting up a secondary master.
> This may be useful as we are bringing up a disaster recovery site.
> The author explains that the zone type should be ?slave?? so it can
> receive db updates from the normal master.
> Seems like t
The concept of a "secondary" master is sound. It basically provides for
a healthy means of handling the situation where your primary master is
unusable. To enable and support a primary/backup dns master, the backup
master is initially setup as noted as a slave server. Any other slave
serve
In article ,
John Wingenbach wrote:
> The concept of a "secondary" master is sound. It basically provides for
> a healthy means of handling the situation where your primary master is
> unusable.
That's true, but the sample configurations in the OP's link did not show
this. They clearly use
thanks for the reply Daniel this is what i need.
On Thu, May 10, 2012 at 2:38 AM, Daniel Migault wrote:
> Hi,
>
> Maybe you are looking for dnsperf and resperf [1]. We have done some
> tests similar to these in [2] and [3], so maybe it helps. Replaying
> captures of traffic may also be recommende
13 matches
Mail list logo
