Aleks Ostapenko wrote:
>
> Then I made `rndc freeze `. But after this command - the
> signed zone file (`.signed`) still remain
> in raw format (not text readable) - so I can read it via
> `named-compilezone` utility, but unfortunately I can't change it.
Ah, I should have checked that more thorou
In article ,
Harshith Mulky wrote:
> I am trying to understand why caching is required on the bind server, when
> the client receiving the responses would be caching based on TTL values.
A typical caching server has multiple clients. If they're an ISP, it
will have thousands of clients, and p
I have successfully setup TSIG keys for "views" using a DNS master/server
pair. Zone transfers are working as expected between the 2 servers for each
view. Before we go live into production with this I need some clarification
on a couple things. Our prod servers are also allowing zone transfers to
> In message
>
> , =?UTF-8?B?0JDQu9C10LrRgdCw0L3QtNGAINCe0YHRgtCw0L/QtdC90LrQvg==?= writes:
> > Hello.
> >
> > I'm using BIND 9.9.5.
> > My steps:
> >
> >1. Sign zone using one 1 ZSK and 2 KSK: a) adding "*auto-dnssec
> >maintain;*" and "*inline-signing yes;*" directive into zone secti
In message <844475874024407090c1c2e9d5718...@mxph4chrw.fgremc.it>, "Darcy Kevin
(FCA)" writes:
From an InfoSec standpoint, of course one would prefer to use
cryptographic methods of securing DNS data, but, in the absence of that,
slaving could, arguably, be considered more secure than forwarding,
On 25 August 2016 at 21:06, Matus UHLAR - fantomas wrote:
> just IXFRs or AXFRs too?
> Isn't edns over UDP enough in many cases?
>From what I've seen in past testing any attempt to request an AXFR
against BIND using UDP gets an immediate TC response.
Steve
___
AXFR over UDP is explicitly undefined. See RFC 5936 Section 4.2. Given this, I
would have expected either a FORMERR response (interpreting the request itself
as "illegal"), or a NOTIMPL response (interpreting "undefined" as "might have
been defined by an RFC subsequent to 5936, but I don't happe
I have successfully setup TSIG keys for "views" using a DNS master/server
pair. Zone transfers are working as expected between the 2 servers for each
view. Before we go live into production with this I need some clarification
on a couple things. Our prod servers are also allowing zone transfers to
Actually, I got to thinking about this. The "other_allowed_ns" ACL is in
the global options, along with an "allow-transfer" for that ACL. So, I
*think* they will still be able to zone transfer via the global option
based on simply IP. BUT...since I have multiple views, which zones from
which views
In message <7db0887c1dbf4ce0b1590ee09d2cb...@mxph4chrw.fgremc.it>, "Darcy Kevin
(FCA)" writes:
> AXFR over UDP is explicitly undefined. See RFC 5936 Section 4.2. Given
> this, I would have expected either a FORMERR response (interpreting the
> request itself as "illegal"), or a NOTIMPL response (
Thank you John, Mukund, Barry and Dave for your insights and answers on this
Topic.
@Dave, Lets say we have a Web Page cached(when queried by User 1) and the
webpage has either moved the Link ( accessing the same Link from a different
user would result in '504 Timeout' as it was cached by the
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On 2016-08-26 07:09, project722 wrote:
syccessfully breaks dkim from gmail
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailma
Hi list
I'm searching a way to respond to IPv6-PTR-Queries like the
"$GENERATE"-mechanism for IPv4 has done it.
I read about Delegation, self-registration with "tcp-self" or using
Wildcards with the disadvantage, that every query has the same
response. Is there a (planned) way, to generate revers
14 matches
Mail list logo
