In article ,
Mark Andrews wrote:
> In message <23dee83f-7476-432b-92b9-f8d34d617...@nau.edu>, Mathew Ian Eis
> writes:
> > Howdy BIND,
> >
> > Weve been troubleshooting an issue with iOS print discovery using DNS-SD
> > for the last several weeks. We made a little bit of a breakthrough this
On Jul 30 2015, Barry Margolin wrote:
In article ,
Mark Andrews wrote:
[... snip ...]
Then iOS (or the application) is broken. Domain names should always
be compared case insensitively. Please report a bug to the app
vendor and / or Apple.
Isn't this the DNS 0x20 security enhancement? Cli
On Wed, Jul 29, 2015 at 07:29:29PM -0700, David Newman wrote:
> It's a static zone. The zone file did not have the key in it.
... oh, it's inline-signing.
Unfortunately, by its nature, inline-signing gives you less direct
control over the signed side of the zone.
There are two ways you can go go
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2014-08-06 at 13:47 -0400, Tomas Hozza wrote:
> Basically we want to enable user to use native-pkcs11 with SoftHSM
> if needed. However by default have named running without it.
RHEL7/Centos7 now has softhsm v2 available. What about a new pkcs
On 7/30/15 9:06 AM, Evan Hunt wrote:
> On Wed, Jul 29, 2015 at 07:29:29PM -0700, David Newman wrote:
>> It's a static zone. The zone file did not have the key in it.
>
> ... oh, it's inline-signing.
Sorry, I also didn't mention that this is a hidden primary server, which
may be relevant below...
On Thu, Jul 30, 2015 at 10:19:49AM -0700, Carl Byington wrote:
> RHEL7/Centos7 now has softhsm v2 available. What about a new pkcs11
> provider that is just an interface into openssl?
>
> --enable-native-pkcs11 \
> --with-pkcs11=pkcs11-openssl-shim
>
> Bind uses native pkcs11, but the default
On Thu, Jul 30, 2015 at 10:30:33AM -0700, David Newman wrote:
> After that second procedure (and also chown'ing the keyfiles to the bind
> user), the command 'dig +dnssec +multi dnskey example.com' gives
> different results depending on which nameserver gets the query:
>
> Hidden primary (not auth
We have a private internal TLD which I have our resolver pull as a slave zone
to prevent it failing dnssec. It has subdomains and normally our
resolver follows the delegations and resolves those correctly without
needing to pull slave copies.
If I use the option:
attach-cache "globalcache";
and q
> Is this a known issue with internal private TLDs and I should just give
> up on using a shared cache? Getting rid of our internal domain is a huge
> undertaking which won't be completed any time soon.
On the one hand: No, this is a bug, and I'd appreciate it if you'd
bundle up your named.conf (w
> Looked at the config.log fileand see the following messages which to me=
> look like linker errorsis that the reason for the compile failure?
>
> Few weeks back I was able to successfully compile 9.9.7 on the same machine=
> so not sure what is changed or broken on the system. Thi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> That in fact is exactly what SoftHSMv2 does.
Building bind with native pkcs11 pointing to SoftHSMv2 then requires
softhsm setup and pin code generation. Bind cannot automatically
generate/use keys, in the same manner as a default non-pkcs11 build.
1. I am running make and configure on the same Solaris 10 server..
2. I have not tried to compile the Bind 9.10.2-P3 release on Solaris 10. I will
try that and see if that works.
Thanks
Sandeep
-Original Message-
From: Thomas Schulz [mailto:sch...@adi.com]
Sent: Thursday, July 30, 20
On Thu, Jul 30, 2015 at 05:56:31PM +, Evan Hunt wrote:
>
> On the one hand: No, this is a bug, and I'd appreciate it if you'd
> bundle up your named.conf (with key secrets stripped out; you can use
> named-checkconf -px to do this automatically) and the details of the query
> you sent to bind9
On 7/30/15 10:37 AM, Evan Hunt wrote:
> On Thu, Jul 30, 2015 at 10:30:33AM -0700, David Newman wrote:
>> After that second procedure (and also chown'ing the keyfiles to the bind
>> user), the command 'dig +dnssec +multi dnskey example.com' gives
>> different results depending on which nameserver ge
14 matches
Mail list logo
