Hello,
I have a bind installation on a aws server and I'm trying to set up views
to give different responses based on the source location.
It works fine when this dns server is the first dns used by a client, I
guess because the source address used to discriminate between views is the
last hop.
If
Am 19.04.2017 um 06:52 schrieb i.chu...@volga.ttk.ru:
Hello all.
Regarding the "critical mass": I'm the one who downloads BIND from XP box
and I do it just to set it up on internal Linux machine. The reason to use
XP as PC OS is company's policy and lack of money after all. :)
P. S.: I can no
Alberto Rinaudo wrote:
> I have a bind installation on a aws server and I'm trying to set up views
> to give different responses based on the source location.
>
> It works fine when this dns server is the first dns used by a client, I
> guess because the source address used to discriminate betwee
I understand the concept, but I'm not sure I fully understand how to
configure it.
I've updated my bind to 9.11 P05 compiled with "--with-ecdsa", and as far
as I can read EDNS is enabled for authoritative bind installations
automatically.
But I'm still getting wrong answers from my installation.
He
On 04/19/2017 03:37 AM, Tony Finch wrote:
This is what the EDNS client subnet option is about. You can use it in
BIND by adding "ecs" clauses to your address match lists for views or
acls. However it isn't documented in the ARM and it has significant
problems. See
https://kb.isc.org/article/AA-01
Grant Taylor via bind-users wrote:
>
> The only occurrences I found for "ecs" on the two release notes didn't
> include more details about how to configure views to use it.
Yes, it's a bit mysterious.
> Nor did I see details on how to have BIND send ECS with queries when
> it's a recursive serve
Hi Grant,
On 19-Apr-2017 15:59 BST, wrote:
> On 04/19/2017 03:37 AM, Tony Finch wrote:
> > This is what the EDNS client subnet option is about. You can use it in
> > BIND by adding "ecs" clauses to your address match lists for views or
> > acls. However it isn't documented in the ARM and it has
On 19-Apr-2017 16:47 BST, wrote:
> On 19-Apr-2017 15:59 BST, wrote:
> [...]
> > I'd also like to see if it's possible to have dig send ECS info.
>
> +edns / +noedns , but you'll need a recent dig version.
Of course I meant +subnet / +nosubnet
--
Nico
On 04/19/2017 09:49 AM, Nico CARTRON wrote:
Of course I meant +subnet / +nosubnet
;-)
Thank you for the pointers Nico & Tony. I'm sure I'll find a way to get
myself into trouble with what you've provided.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signatur
> On Apr 19, 2017, at 8:47 AM, Nico CARTRON wrote:
>
>> Nor did I see
>> details on how to have BIND send ECS with queries when it's a recursive
>> server.
>
> As far as I know, ECS for Recursive queries is not yet implemented by ISC, or
> at least it is not publicly available.
We have impleme
On 04/19/2017 10:58 AM, Victoria Risk wrote:
We have implemented ECS for recursive queries in 9.10.5-S, the
subscriber preview edition of BIND, which will be released today. For
now, ECS recursion is available only to users with a support contract
with ISC. Development of this feature was a signi
I'm testing a bind9 v11.1.0-P5 server signing 8 small zones de novo with
ECDSAP256SHA256. The process takes about 12 hours to complete vs. signing with
RSASHA256, which is almost immediate, but signing is ultimately successful. The
server is running Ubuntu 16.04 LTS with current patches. I don't
> Install and run haveged... The problem is your system doesn't have enough
> entropy in the processor or maybe it's a VM but either way there is not
> enough entropy to produce random seeds which is why it is taking so long.
Thanks, David. The system is a Microsoft Azure VM. I assumed that whil
Upgrading from bind 9.10.3-P5 -> 9.11.1 release on linux64,
cat CHANGES
../dns/.libs/libdns.so: undefined reference to
`ERR_load_crypto_strings'
collect2: error: ld returned 1 exit status
--- 9.11.0 released ---
...
> Install and run haveged... The problem is your system doesn't have enough
> entropy
This was clearly the problem. I built a new test server with haveged installed,
and the bind9 completed ECDSAP256SHA256 signing in 5 seconds. I used 9.11.1
this time since it was just released today.
_
In message , "Spain, Dr. Jeffry A." writes:
> > Install and run haveged... The problem is your system doesn't have
> > enough entropy
>
> This was clearly the problem. I built a new test server with haveged
> installed, and the bind9 completed ECDSAP256SHA256 signing in 5 seconds.
> I used 9.11.1
On 19-Apr-17 21:43, Mark Andrews wrote:
> ...
> DSA requires random values as part of the signing process. Really
> all CPU's should have real random number sources built into them
> and new genuine random values should only be a instruction code away.
>
> Mark
Most recent ones do. See RDRAND fo
Hello,
I'm running the latest stable BIND available on Debian 8.7:
root@host:~# named -v
BIND 9.9.5-9+deb8u10-Debian (Extended Support Version)
root@host:~# dpkg -s bind9 | grep 'Version'
Version: 1:9.9.5.dfsg-9+deb8u10
https://packages.debian.org/jessie/bind9
Today the bind9 service crashed
"The tinfoil hat brigade in some distributions has resisted using them,
fearing some conspiracy to provide not-so-random numbers."
I think the NSA *did*, in fact, compromise the "Dual Elliptic Curve
Deterministic Random Bit Generator" and paid RSA to make it the default
in one of their products --
Thanks Munukd, this was the info I was looking for.
Have a great day.
On Apr 20, 2017 2:54 AM, "Mukund Sivaraman" wrote:
Hi Carlos
On Thu, Apr 20, 2017 at 12:54:47AM -0300, Carlos Pizarro wrote:
> Today the bind9 service crashed and this were the last few log lines when
> it happened:
>
> Apr
Hi Carlos
On Thu, Apr 20, 2017 at 12:54:47AM -0300, Carlos Pizarro wrote:
> Today the bind9 service crashed and this were the last few log lines when
> it happened:
>
> Apr 19 20:46:23 host named[32115]: error (unexpected RCODE REFUSED)
> resolving 'heroditus.touchtype-systems.com/A/IN':
> 2400:c
21 matches
Mail list logo
