Hi
I am running BIND 9.10 and I have looked through various options including
DLZ and RPZ but I am still not sure if they can do what I need or if i need
to look at something different. Here is my scenario and I would appreciate
if you could advice me.
- I do have 6 different Geo ACLs and a de
Hello,
I'm trying to configure bind 9.10.2 to work with native pkcs#11 linked
to nShield Connect HSM.
When accesing keys in HSM a PIN code is required as keys are protected
by a softcard.
dnssec-keyfromlabel command accepts reading PIN from file (using
"pin-source" keyword),but others
like dns
Resending because the message was over 40K... I removed most of the
internal\external zones and logs to shorten the message.
We have a split DNS chrooted master\slave setup running on CentOS 5.11.
I have 3 named.conf files below, Working master, working slave and a new
CentOS 7 non-working slave
In article ,
Ali Jawad wrote:
> Hi
> I am running BIND 9.10 and I have looked through various options including
> DLZ and RPZ but I am still not sure if they can do what I need or if i need
> to look at something different. Here is my scenario and I would appreciate
> if you could advice me.
>
In article ,
William Clarke wrote:
> Resending because the message was over 40K... I removed most of the
> internal\external zones and logs to shorten the message.
> We have a split DNS chrooted master\slave setup running on CentOS 5.11.
> I have 3 named.conf files below, Working master, worki
mic as possible.
Any input please ?
Regards
-- next part --
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/bind-users/attachments/20150408/1b7aa0ee/attachment-0001.html>
--
Message: 2
Date: Wed, 08 Apr 2015
> My question is about auto-dnssec feature that maintain zone by
> internally signing RRs. How this feature will work without a PIN since
> BIND needs access to private key when it needs to resign automatically
> and i did't find a way to provide the PIN throught configuration files
> ?
Hi,
D
Barry,
Thanks you. I appreciate your response Barry. I'm fairly new to Bind and
DNS and have gotten a bit lost. Is there any way you can provide a
little more information for me? Am I not correct in saying that I'm
already using TSIG keys in the include lines?
Hello,
It helps only for dnssec-keyfromlabel tool that accepts "-l" parameter,
but for dnssec-signzone i didn't find any reference. And the main problem
is automatically internal signing with "auto-dnssec".
On 08/04/15 18:21, Jeremy C. Reed wrote:
My question is about auto-dnssec feature that
In article ,
William Clarke wrote:
> Barry,
>
> Thanks you. I appreciate your response Barry. I'm fairly new to Bind and
> DNS and have gotten a bit lost. Is there any way you can provide a
> little more information for me? Am I not correct in saying that I'm
> already using TSIG keys in the
WOW!!! Thank you so much Barry... external zone is now transferring.
Thank you thank you thank you...
William Clarke
ITS System Administrator
Bard College at Simon's Rock
84 Alford Road
Great Barrington, MA 01230
(413) 528-7428 (voice)
(413) 528-7405 (fax)
wcla...@simons-rock.edu
On 4/8/2015 1
Hi Barry
I would rather not do that through editing text files unless it is the last
option. I want this dynamic and scalable . Down the road users will have
option to change their view as such simultaneous read/write might happen
Regards
On Apr 8, 2015 4:42 PM, "Barry Margolin" wrote:
> In artic
In article ,
Ali Jawad wrote:
> Hi Barry
> I would rather not do that through editing text files unless it is the last
> option. I want this dynamic and scalable . Down the road users will have
> option to change their view as such simultaneous read/write might happen
I don't think BIND has a d
I have load balancers (I know, run away now) acting as authoritative
servers for a GSLB zone. The sub-zone is delegated properly from my
main zone which runs BIND. All my clients are using the BIND server
as their caching resolver.
Every once in a while, my mail server gets back a 'NOANSWER' for
I forgot to mention, this is on RHEL 6.6's package of bind, named -V
returned "BIND 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2", so I don't
think 9.10's prefetch feature is involved.
On Wed, Apr 08, 2015 at 03:25:16PM -0400, Chuck Anderson wrote:
> I have load balancers (I know, run away now) acting a
In article ,
Chuck Anderson wrote:
> I have load balancers (I know, run away now) acting as authoritative
> servers for a GSLB zone. The sub-zone is delegated properly from my
> main zone which runs BIND. All my clients are using the BIND server
> as their caching resolver.
>
> Every once in
> [root@new-dns1 etc]# cat named.conf
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "db.127.0.0";
> };
You're missing the "directory" directive, BIND doesn't know where your
files are.
Above the zone statement add:
directory "/var/named";
__
On 8 April 2015 at 22:56, Reindl Harald wrote:
> looks like you did not open port 53 on the servers firewall
You're missing a whole swaythe of required declarations for BIND to be
able to handle recursion.
There are numerous examples via google, first one that is returned
is...
https://www.digi
Ok, I corrected that and was able to restart named w/o any errors:
[root@new-dns1 etc]# service named restart
Stopping named:[ OK ]
Starting named:[ OK ]
[root@new-dns1 etc]#
Now, I should have a working D
In message ,
Brian Alaimo writes:
> sounds good. thanks
[Entire digest deleted]
Please trim your posts especially when you reading the list as a digest.
Please update the subject when you you are reading the list as a digest.
"bind-users Digest, Vol 2086, Issue 1" is not a informative subject.
Prakash,
There certainly is infact i just came across the same issue. Find the latest
documentation for bind and search the pdf for "format". It'll show you the
syntax, basically you need to add:
masterfile-format text;
to each "view" or you can specify it for each "zone".
Example:
zo
On Wed, Apr 08, 2015 at 03:58:00PM -0400, Barry Margolin wrote:
> In article ,
> Chuck Anderson wrote:
> > 1. On TTL expiry, BIND sends an 'ANY' query for the RR in question to
> >the authoritative servers for the zone (load balancers). This
> >happens even if there is no current recursi
You have a "file not found" error. Specify the working directory
and where file names are relative to or use absolute file names.
options {
directory "/var/named";
};
Mark
In message
, Samad Agha writes:
>
> Hey Gurus,
>
> I'm a newbie and am trying to set up the simplest DNS serve
In message
, Steven Carr writes:
> On 8 April 2015 at 22:56, Reindl Harald wrote:
> > looks like you did not open port 53 on the servers firewall
>
> You're missing a whole swaythe of required declarations for BIND to be
> able to handle recursion.
"named -c /dev/null" is all that is required
On Wed, Apr 08, 2015 at 11:01:30PM +0100, Steven Carr wrote:
> You're missing a whole swaythe of required declarations for BIND
> to be able to handle recursion.
Not so. In fact named with an empty named.conf has built-in hints,
plus default settings, which makes it work fine.
The allow-recursi
On Thu, Apr 09, 2015 at 12:00:36AM -0400, William Clarke wrote:
> Prakash,
>
> There certainly is infact i just came across the same issue. Find the latest
> documentation for bind and search the pdf for "format". It'll show you the
> syntax, basically you need to add:
>
> masterfile-format tex
Hi,
Few days back, I configured Bind 9.10.1 as slave, it is working but getting
data in binary form. I have several zone files. I will have to compile each
file to get it
in txt form. There is any way to get all zone files in txt format as I was
getting in older versions.
Please reply
Hey Gurus,
I'm a newbie and am trying to set up the simplest DNS server, just a
working version, nothing fancy yet. Below is the steps I've taken already:
1- Set up my /etc/named.conf as follows:
[root@new-dns1 named]# cd /etc
[root@new-dns1 etc]# cat named.conf
zone "0.0.127.in-addr.arpa" {
Dear Evan /William,
Thanks both you, It is working.
With best regards
Prakash
- Original Message -
From: Evan Hunt
Date: Thursday, April 9, 2015 10:06 am
Subject: Re: configured bind 9.10.1 as slave gettting data in binary form
To: William Clarke
Cc: prakash , bind-use
In article ,
Chuck Anderson wrote:
> I will now go back to the load balancer vendor and see if they can
> make it answer 'ANY' queries correctly.
Don't hold your breath. Load balancers have been notoriously inept DNS
servers for many years.
--
Barry Margolin
Arlington, MA
___
Am 08.04.2015 um 23:52 schrieb Samad Agha:
Ok, I corrected that and was able to restart named w/o any errors:
[root@new-dns1 etc]# service named restart
Stopping named:[ OK ]
Starting named:[ OK ]
[root@
Problem solved.
Manual helped: "If the label contains a pin-source field, tools using
the generated key files will be able to use
the HSM for signing and other operations without any need for an
operator to manually enter a
PIN."
Thank you !
On 08/04/15 19:21, Catalin Leanca wrote:
Hello,
I
Hi All,
Problem is solved for now. Reindl Harald pointed out that my port 53 is not
open. Sure enough I went on the new dns server and issued the command
$service iptables stop, and all was working like a charm after that.
Thank you guys, seriously the service you have set up is so valuable for
n
Dear Clarke,
Thank you very much, it is working and getting data in txt form.
Regards
Prakash
On 04/09/15 09:31 AM, William Clarke wrote:
>
>
>
>
>
> Prakash,
>
> There certainly is infact i just came across the same issue. Find the latest
> documentation for bind and search the pd
34 matches
Mail list logo
