Running bind-9.3.6-4.P1.el5_5.3 on CentOS 5.5 and I'm constantly seeing the
following in my BIND logs:
general: error: isc_socket_create: fcntl/reserved: Too many open files
But I don't see why. Named only has 583 files open and I upped the max to 9
in /etc/security/limits.conf. Has anyone
Hello,
What do you guys recommend to audit every resource
record in a zone file against all the records in all the DNS servers
that host the zone file.
I want something that I feed the master zone file and then goes to each
NS server and ensures that each of the records are
On 14/03/14 12:28, Maren S. Leizaola wrote:
Hello,
What do you guys recommend to audit every resource
record in a zone file against all the records in all the DNS servers
that host the zone file.
I want something that I feed the master zone file and then goes to each
NS s
On Fri, Mar 14, 2014 at 12:33:47PM +,
Phil Mayers wrote
a message of 25 lines which said:
> dig @server zone axfr >file
> diff file file.real
diff is not clever enough, you'll find many spurious differences. Try
feeding the two files (the local one and the AXFRed one) through
named-compil
On Fri, Mar 14, 2014 at 12:33:47PM +,
Phil Mayers wrote
a message of 25 lines which said:
> dig @server zone axfr >file
> diff file file.real
If you're really paranoid, it may not be sufficient since a server may
reply differently to "normal" DNS queries and to zone file transfer
requests
Quite right I should have noted the need to canonicalise.
--
Sent from my phone with, please excuse brevity and typos___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lis
I want to confirm my understanding of security of DDNS updates.
I have a stealth master "A" feeding slave "B" and "C".
I have allow-update-forwarding { any; } specified on "B" and "C".
If a client "D" presents an update to "B" or "C" it will automatically be
forwarded to "A".
If "B" or "C" are
If you are going to forward updates use TSIG or SIG(0) to sign the
update and stop worrying about addresses. TSIG and SIG(0) are
billions and billions of times stronger authenticators than a IP
address.
"allow-update-forwarding { any; };" says forward all updates
regardless of the address they w
I agree that TSIG or SIG(0) signed updates are certainly a more desirable
approach than allowing updates via address. My DHCP server is setup to
sign all of it's updates this way. However, I have AD domain controllers
in the environment that don't currently use signed updates. Is there a
fairly
On 3/14/2014 8:28 AM, Maren S. Leizaola wrote:
Hello,
What do you guys recommend to audit every resource
record in a zone file against all the records in all the DNS servers
that host the zone file.
I want something that I feed the master zone file and then goes to each
NS serv
On 3/14/2014 9:20 PM, Stephane Bortzmeyer wrote:
On Fri, Mar 14, 2014 at 12:33:47PM +,
Phil Mayers wrote
a message of 25 lines which said:
dig @server zone axfr >file
diff file file.real
If you're really paranoid, it may not be sufficient since a server may
reply differently to "norma
On 3/14/2014 2:39 PM, Maren S. Leizaola wrote:
On 3/14/2014 9:20 PM, Stephane Bortzmeyer wrote:
On Fri, Mar 14, 2014 at 12:33:47PM +,
Phil Mayers wrote
a message of 25 lines which said:
dig @server zone axfr >file
diff file file.real
If you're really paranoid, it may not be sufficien
Hi,
We need to sign a RRSET individually out of the zone file.
The utilities dnssec-signzone and similars from other packages
check the zone before signing (SOA RR, DNSKEY RR, etc).
Before to do a piece of programa to do this, we wanted to know if
there is any tool to sign just a RRSET ?
T
On Fri, 2014-03-14 at 14:54 -0400, Kevin Darcy wrote:
> On 3/14/2014 2:39 PM, Maren S. Leizaola wrote:
> > On 3/14/2014 9:20 PM, Stephane Bortzmeyer wrote:
> >> On Fri, Mar 14, 2014 at 12:33:47PM +,
> >> Phil Mayers wrote
> >> a message of 25 lines which said:
> >>
> >>> dig @server zone a
Hello again,
today I reinstalled bind 9.9.5 without threads, but i still have the same
behavior.
My environment was rhel v6.4, bind 9.9.3-P3 and samba v4.1.
I upgraded to rhel v6.5, bind 9.9.5 and samba v4.1.5 but the problem
remains:
after a while bind 9 becomes unresponsive.
I was not able to
On 3/14/14, 12:15 PM, Sergio Ramirez wrote:
>We need to sign a RRSET individually out of the zone file.
> The utilities dnssec-signzone and similars from other packages
> check the zone before signing (SOA RR, DNSKEY RR, etc).
>
> Before to do a piece of programa to do this, we wanted to kno
On Mar 14, 2014, at 10:50 AM, Bob McDonald wrote:
> I agree that TSIG or SIG(0) signed updates are certainly a more desirable
> approach than allowing updates via address. My DHCP server is setup to sign
> all of it's updates this way. However, I have AD domain controllers in the
> environme
17 matches
Mail list logo
