Hello all,
dnssec-signzone (BIND 9.12.2) sometimes does lowercase DNSSEC records.
This seems a problem especially for NSEC records which are case
sensitive. dnssec-verify is moaning with errors like this:
Bad NSEC record for ipad-rigi-2.switch.ch, bit map mismatch
Example:
dnssec-signzone -o sw
Hi,
I have a bind-9.11.4 server on a fedora28 system and are frequently
seeing SERVFAIL errors like this:
26-Jul-2018 12:54:04.255 query-errors: info: client @0x7f764314a5c0
127.0.0.1#50719 (223.178.102.199.cidr.bl.mcafee.com): query failed
(SERVFAIL) for 223.178.102.199.cidr.bl.mcafee.com/IN/A a
Hi Alex,
What does your query volume look like on this server? Depending on
volume, the BIND defaults for:
- clients-per-query
- max-clients-per-query
- recursive-clients
- tcp-clients
and others may not be set high enough. Check pp. 106-108 in the
latest 9.11 manual for more details on each o
Does anyone know of a good tool that you can run on your DNS records to find
parent + child pairs where there is no NS record for the child in the parent?
Someone must have a perl script for that, right?
Thank you for any suggestions.
Vicky
___
P
Hi,
On Thu, Jul 26, 2018 at 1:57 PM, John Miller wrote:
> Hi Alex,
>
> What does your query volume look like on this server? Depending on
> volume, the BIND defaults for:
>
> - clients-per-query
> - max-clients-per-query
> - recursive-clients
> - tcp-clients
>
> and others may not be set high en
Hi,
I've made some performance adjustments although I really don't know
whether it's correct, and it doesn't seem to have solved the problem.
I also notice the SERVFAIL error seems to happen in bulk - it will
happen for a while and then stop. It definitely seems to occur more
during peak mail volu
Hi, here is some further debugging on what I believe are queries
involving SERVFAIL:
26-Jul-2018 17:44:40.168 query-errors: debug 1: client @0x7fbee80f39b0
127.0.0.1#61547 (69.248.70.96.bad.psky.me): query failed (SERVFAIL)
for 69.248.70.96.bad.psky.me/IN/A at ../../../bin/named/query.c:8580
26-Ju
> On 27 Jul 2018, at 1:34 am, Daniel Stirnimann
> wrote:
>
> Hello all,
>
> dnssec-signzone (BIND 9.12.2) sometimes does lowercase DNSSEC records.
> This seems a problem especially for NSEC records which are case
> sensitive. dnssec-verify is moaning with errors like this:
The case of the na
I have been told this is a very poor description of the problem.
What I am concerned about is, how people with a sort of lazy zone file can
assess the potential impact of QNAME minimization on their ability to answer
for all of their zones.
I have gotten two suggestions off list:
- I would use
9 matches
Mail list logo
