Hi,
I just tried firing up BIND 9.10.0a2 on one of our recursive
servers, and after a relatively short while I got:
Feb 17 09:34:26 oliven named[19939]: name.c:534: REQUIREname) != ((void
*)0)) && (((const isc__magic_t *)(name))->magic == ((('D') << 24 | ('N') << 16
| ('S') << 8 | ('n')
On 17 February 2014 01:17, houguanghua wrote:
> I want to override the IP address of NS, for I want to use other authority
> DNS which isn't registered.
For that you use forwarding. Create a zone statement for the zone in
question and forward the queries to a different name server. You don't
need
Did you configure bind with the patched version of openssl ?
On 14 Feb 2014, at 19:43, Sergio Ramirez wrote:
> Hi,
>
> We want to sign zones with bind using an HSM Luna PCI Safenet card.
>
> The command 'dnssec- keyfromlabel' fails:
>
> # /usr/local/sbin/dnssec-keyfromlabel -v 9 -E LunaCA3 -
Yes,
./configure --enable-threads --with-openssl=/usr/local/ssl
--with-pkcs11=/usr/lunapci/lib/libCryptoki2.so
In /usr/local/ssl directory is the patched (vendor + bind) openssl.
A detail: the openssl version 1.0.0e and the bind patch is for 1.0.0f
--
Sergio R.
- Mensaje original --
pc1#> /usr/local/ssl/bin/openssl engine
(dynamic) Dynamic engine loading support
(4758cca) IBM 4758 CCA hardware engine support
(aep) Aep hardware engine support
(atalla) Atalla hardware engine support
(cswift) CryptoSwift hardware engine support
(LunaCA3) Luna CA3 engine support
(chil) CHIL
Ugh, that mixes apples (recursive resolution) and oranges (iterative
resolution).
Use a "stub" zone if you want to "override" published NSes _without_
crossing the very-important boundary between iterative and recursive
resolution.
- Kevin
On 2/17/2014 4:09 AM, Steven Carr wrote:
O
On 02/17/2014 11:37 AM, Kevin Darcy wrote:
Ugh, that mixes apples (recursive resolution) and oranges (iterative
resolution).
Out of curiosity, what bad thing do you think will happen if you mix
these two functions?
Doug
___
Please visit https://li
Bad performance, bad reliability, clandestine IP-over-DNS tunnels
between networks that are supposed to be isolated...
Is that enough?
Understanding the pros and cons of iterative versus recursive resolution
is one of the few things still separating us from the MCSE savages...
> Use a "stub" zone if you want to "override" published NSes _without_
> crossing the very-important boundary between iterative and recursive
> resolution.
Actually no - use static-stub (newer versions of BIND) - otherwise the
NS records received from the zone may override the NS that you want to
To clarify, it's sometimes necessary to "mix" iterative and recursive
resolution in the same nameserver instance, maybe even the same view.
Oftentimes, there simply is no choice, because the source of the zone
information doesn't make an authoritative nameserver available, only a
forwarder (thu
Indeed. Regular "stub" only overrides the parent's delegation NS
records; "static-stub" overrides the apex NS records of the zone as
well. My uses of the words "stub" (which I intended to cover both forms
of "stub"bing) and "published" (which I intended to cover both the
delegating and apex rec
Thanks a lot. It's a good solution.
> Date: Mon, 17 Feb 2014 09:09:13 +
> Subject: Re: how to modify the cache
> From: sjc...@gmail.com
> To: houguang...@hotmail.com
> CC: bind-users@lists.isc.org
>
> On 17 February 2014 01:17, houguanghua wrote:
> > I want to override the IP address of NS,
12 matches
Mail list logo
