Bind logging

2013-10-11 Thread Paweł Ch .
Hi list, I would like to setup fail2ban service on debina 6.0. I must setup bind logging. My bind server can't log into /var/log/named/security.log # cat named.conf.options //acl for manchines in dmz100.local network acl dmz { 10.0.0.0/24; }; options { allow-query { none; }; allow-qu

Re: Bind logging

2013-10-11 Thread Brian Cuttler
I had a similar problem when moving to a newer version, the prior had run as root and logged to files in /var/log, the new version running as non-root couldn't do so. I created a subdirectory, and moved the logging in named.conf down one level, which you already have, but I set the owner of the

Need guidance on configuring DNSSEC

2013-10-11 Thread Vishal Gandhi
Hi, We are using BIND v9.8.2. Currently, we are setting up AD infrastructure for internal/local network. We've configured one controller to be the primary for this local zone (fdu.local) for DNS queries. Our primary DNS server (which indeed is a different server) is configured to hold this a

Re: Need guidance on configuring DNSSEC

2013-10-11 Thread David Newman
On 10/11/13 7:32 AM, Vishal Gandhi wrote: > We are planning to sign local zone (fdu.local). Is it required to sign > the parent zone (fdu.edu ) as well or we can live with > it unsigned? > What are pros and cons of signing parent zone (fdu.edu )? DNSSEC is based o

Re: moving DNSSEC to a hidden master

2013-10-11 Thread David Newman
On 10/4/13 10:23 AM, David Newman wrote: > On 10/3/13 5:27 PM, Sten Carlsen wrote: >> This works for me and is the standard method: >> >> rndc freeze >> update serial >> rndc thaw > > Bingo. Thanks! Sorry, spoke too soon. I followed your instructions and Mark's but I'm not seeing the zone file se

TXT Record Format with multiple records?

2013-10-11 Thread Jeffrey Walton
I want to add two unique strings for my domain in a TXT record (I currently have one message, but I need a second, distinct message). According to RFC 1035, 3.3.14 (page 20): ** 3.3.14. TXT RDATA format +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / TXT-DAT

Re: TXT Record Format with multiple records?

2013-10-11 Thread John Levine
>How, precisely, is the second (or third) string added? plugh.example TXT "foo" "bar" ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.o

Re: TXT Record Format with multiple records?

2013-10-11 Thread Jeffrey Walton
> plugh.example TXT "foo" "bar" > Thanks John. So I'm clear: (1) there is only one TXT record per host; (2) multiple TXT records are not allowed; and (3) the individual character strings are delimited with the quote character. Related: is there an escape character so a quote can be present in the