-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 2012-07-10 at 13:22 -0600, Kirk Hoganson wrote:
> Does anyone know of a simple way to discover how many zone files bind
> has successfully loaded after the daemon starts?
cd /var/log
rm -f named.temp*
grep 'named' messages | \
csplit --pref
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
For each major RHEL release, Redhat starts with some version of ISC
bind, and then backports patches into it from more recent versions. This
leads to an RPM containing about 50 patches. The advantage of this
approach is that customers with existing /et
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> Why not just grab the Fedora srpm and recompile on rhel6?
a) the latest fedora srpm uses systemd rather than sysv init scripts
(which are used by el4, el5, el6).
b) we want a single source rpm that will compile and run all the way
back to rhel4/ce
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 2012-07-21 at 19:34 +0200, With No Name wrote:
> I find it really annoying, if I have ask every time the owner of the
> Slave, to add a new zone.
Publish the list of zones which your friend should slave. That can be
published any number of way
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/util/bind-9.9.1-0.1.P2.fc18.src.rpm
EL4:
rpmbuild --rebuild --define 'dist .el4' \
bind-9.9.1-0.1.P2.fc18.src.rpm
EL5:
rpmbuild --rebuild --define 'dist .el5' \
bind-9.9.1-0.1.P2.fc18.src.rpm
EL6:
rpmbui
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
client 23.3.104.194#52078 (116.226.242.64.in-addr.arpa): view normal:
query (cache) '116.226.242.64.in-addr.arpa/PTR/IN' denied
client 193.108.152.26#60940 (96.226.242.64.in-addr.arpa): view normal:
query (cache) '96.226.242.64.in-addr.arpa/PTR/IN' de
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/util/bind-9.9.1-0.1.P3.fc18.src.rpm
EL4:
rpmbuild --rebuild --define 'dist .el4' \
bind-9.9.1-0.1.P3.fc18.src.rpm
EL5:
rpmbuild --rebuild --define 'dist .el5' \
bind-9.9.1-0.1.P3.fc18.src.rpm
EL6:
rpmbui
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2012-09-19 at 11:26 -0400, James Tingler wrote:
> /etc/rc.d/init.d/named start -4 tailing logs during service start:
> Sep 19 15:22:13 PROD55-DNS2 named[3676]: using default UDP/IPv4 port
> range: [1024, 65535]
> Sep 19 15:22:13 PROD55-DNS2 n
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/util/bind-9.9.2-0.1.fc18.src.rpm
EL4:
rpmbuild --rebuild --define 'dist .el4' \
bind-9.9.2-0.1.fc18.src.rpm
EL5:
rpmbuild --rebuild --define 'dist .el5' \
bind-9.9.2-0.1.fc18.src.rpm
EL6:
rpmbuild --rebui
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 2012-11-15 at 21:31 -0500, Silas Cutler wrote:
> allow-query { none; };
> allow-transfer { 10.0.0.1; };
I think the slave needs to do an SOA query before it will even try the
transfer.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/util/bind-9.9.2-0.2.P1.fc18.src.rpm
EL4:
rpmbuild --rebuild --define 'dist .el4' \
bind-9.9.2-0.2.P1.fc18.src.rpm
EL5:
rpmbuild --rebuild --define 'dist .el5' \
bind-9.9.2-0.2.P1.fc18.src.rpm
EL6:
rpmbuil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2012-12-05 at 21:04 +, Phil Mayers wrote:
> Thanks for this. One minor thing - the -P1 is missing from the
> embedded tarball. I think there might be something going on with the
> %{VERSION} macro?
major - that version was actually 9.9.2,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2013-01-09 at 14:37 +0200, Jan Gutter wrote:
> So, here's my question: is there a way to share zones between views to
> conserve memory?
One way is to put the master copy of those large zones in one view, then
define those zones in the other v
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 2013-02-05 at 17:01 -0800, Augie Schwer wrote:
> Is there a way to exclude a domain from DNSSEC validation, like
> Unbound's "domain-insecure"?
I have not tested this, but if you use RPZ to block the DS record for
nasa.gov, that should turn it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2013-02-13 at 14:15 -0500, Robert Moskowitz wrote:
> I am not up to building on my own and the few extra repos I work with
> (EPEL and rpmfusion) do not have a newer version all ready for Centos
> 6.3.
You might try
http://www.five-ten-sg.com/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/util/bind-9.9.2-0.3.P2.fc18.src.rpm
EL4:
rpmbuild --rebuild --define 'dist .el4' \
bind-9.9.2-0.3.P2.fc18.src.rpm
EL5:
rpmbuild --rebuild --define 'dist .el5' \
bind-9.9.2-0.3.P2.fc18.src.rpm
EL6:
rpmbuil
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 2013-04-04 at 12:08 -0700, pgbi...@ml1.net wrote:
> And/or point to any examples integrating with GKG.net's
> API?
I have a small python script that parses /etc/named.conf looking for
comments indicating zones that are registered with gkg.net,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> I have a small python script that parses /etc/named.conf looking for
> comments indicating zones that are registered with gkg.net, and it
> uploads the current set of keys using the gkg.net api.
http://www.five-ten-sg.com/util/gkg.upload.ds
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
There are two versions.
9.9.2-0.3.P2 is the original source code from isc.org
9.9.2-0.4.P2 adds the rrl patches from
http://www.redbarn.org/dns/ratelim
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 2013-05-10 at 11:41 -0500, Wilson, Lesley-Anne wrote:
> Has anyone here implemented Response Rate Limiting?
Yes.
> If so have you experienced any bugs with the RRL Patch for BIND 9.9.2?
No.
> Can the feature be implemented successfully with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
There are two versions.
9.9.3-0.1 is the original source code from isc.org
9.9.2-0.4.P2 is the older version with the rrl patches from
http://www.redba
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
9.9.3-0.2 is version with the rpz2+rl patches from
http://www.redbarn.org/dns/ratelimits
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Lin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I don't see where a local dns server picked up the wrong data. It is
possible that this was a temporary error that has been fixed, but I am
curious.
dig FocusFeatures.com soa +short @pdns4.ultradns.org.
pdns1.ultradns.net. hostmaster.ge.com. 20130304
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlGuo5cACgkQL6j7milTFsHa8ACfcAjO2DvF3hDbNjRA240YDl/i
J1kAnAokHUhy/n3hBv0TF
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 2013-07-23 at 14:42 +1000, Mark Andrews wrote:
> You just cost the rw adminstrators time and money investigation the
> source of unexpected traffic. You cost everyone on the list some
> time and money helping out the rw administrators.
There
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlHy7/EACgkQL6j7milTFsGtbgCfWaIKqZlzTJp9bMmJV5XW19o5
Ka0AnjBG00Iqu0SfgldEc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2013-07-31 at 17:39 -0500, IT Support wrote:
> I have running bind9 on debian, with master zone for mydomain.com i
> created internal view for resolve names on my lan, and external zone
> for resolve my host on Internet,
standard answer - post
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 2013-08-27 at 16:02 +, Nidal Shater wrote:
> when I install BIND,,,BIND won't install the /etc/named.conf file why
> ??? I think bind has problems with centos6.3
You might want to try an RPM install:
http://www.five-ten-sg.com/mapper/bin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 2013-09-06 at 13:03 -0400, David White wrote:
> It seems like comparatively few registrars actually support DNSSEC
> and/or DS records. Mine certainly does not.
I like gkg.net - supports DS records and ipv6 glue, with an API to upoad
your new
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlI7jo0ACgkQL6j7milTFsHY5wCdEhfUrUtGUbmxvnElv0HDYpZN
a/oAnjlKqkNxTm9AGHB46
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 2013-09-20 at 18:51 -0400, Howard Leadmon wrote:
> I am having a site that is trying to deliver mail being rejected, but
> they swear their DNS is right, so I am not sure if we have an issue,
> or they do.
dig smtp2.panini.it. +trace +nodnssec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 2013-09-23 at 12:03 +0800, ShanyiWan wrote:
> [root@localhost bind-9.9.4]# uname -a
> Linux localhost.localdomain 2.6.18-274.el5PAE #1 SMP Fri Jul 22
> 05:34:36 EDT 2011 i686 i686 i386 GNU/Linux
> [root@localhost bind-9.9.4]# lsb_release -a
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2013-11-13 at 16:49 -0500, Barry Margolin wrote:
> It means that users will have to wait for an arbitrary
> number of timeouts before the browser can give them an error message.
Well, the browser *could* of course give a message like "I have t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 2013-12-20 at 12:08 -0800, Leonard Mills wrote:
> That said, I have spent most of a decade as a happy customer of
> register.com, which was recently Borged by web.com (of which I know
> absolutely nothing as a customer).
I moved from register.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlLUTDoACgkQL6j7milTFsH5sgCfXRrP/D54ZM88CQnOQcNDTOPA
yZ0AoIdbMDJ96Ax05qH+H
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 2014-01-31 at 11:10 -0500, Steve Presser wrote:
> I'm trying to figure out how to do some sort of pass through
> arrangement, where the internal BIND server will first attempt to do
> the lookup with local records. If it has no local record, it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlLr2hEACgkQL6j7milTFsFxlwCePqzqoHimatBgopMsYjiPSrye
CKIAnRtYCpleIKFvwZQWg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 2014-03-18 at 00:56 +, Evan Hunt wrote:
> We haven't made it a named.conf directive though; it hadn't occurred
> to me before that anyone would want this for any purpose other than
> testing.
- From the "linux distribution packaging" viewp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlNilBIACgkQL6j7milTFsFZewCeKFT0tCkcwaePcpMCuB2DeSsI
OKEAmwTU3ylYhIsOD/Tlu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 2014-05-02 at 13:17 +0530, Gaurav Kansal wrote:
> I am trying to configure Bind 9.10 version in CentOS 6.3 using the
> following options but getting an error as shown below.
You might try the centos source rpm linked at
http://www.five-ten-sg.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlNsOggACgkQL6j7milTFsEy6QCfTkwLthvkFxh1wzgUVWRCrQDP
w/MAnjNOTN3Y1Yn/l8i+/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 2014-05-03 at 14:28 -0500, Jeremy C. Reed wrote:
> "We didn't get a OPT record in response to a EDNS query." and also
> says "We need to drop/remove the logging here when we have more
> experience."
Is there a sample dig query that can reprodu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 2014-05-08 at 01:44 +1000, Mark Andrews wrote:
> Because NS queries are not common with normal DNS lookups. For
> some reason people that deploy load balancers think they don't need
> to fix issues like this. Send something other than a A rec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlOZGZgACgkQL6j7milTFsFaaQCfTqZPzM8UYKWNUW8PLJM0juW3
uRwAnjjtoWHTKbND35vS4
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 2014-07-01 at 16:45 +0200, Reindl Harald wrote:
> 30-Jun-2014 13:24:31.717 rate-limit: limit NODATA responses to
> 69.171.248.0/24 for ns1.thelounge.net IN (1abd134b)
I also see the rate limiting kicking in for facebook ranges. I should
setup
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
version: 9.10.0-P2
dig ardownload.adobe.com. @localhost
;; ANSWER SECTION:
ardownload.adobe.com. 8743IN CNAME ardownload.wip4.adobe.com.
dig ardownload.adobe.com. @8.8.8.8
;; ANSWER SECTION:
ardownload.adobe.com. 4141IN CNAME ard
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I re-ran the dig to localhost (running bind 9.10.0-P2), and grabbed the
packets with tcpdump.
dig ardownload.adobe.com. @localhost
That sent a query to 192.150.19.247 with flags = 0, edns size = 512, and
got an NXDOMAIN answer. So I tried to reproduc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 2014-07-04 at 09:41 +1000, Mark Andrews wrote:
> Until Adobe fix their broken servers you can use a server clause to
> disable sending SIT requests to them. Obviously this does not scale.
> server { request-sit no; };
Thanks. That
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
dig phantom.eia.gov. @205.254.135.9 +dnssec +norecur
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30660
;; flags: qr aa ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
dig phantom.eia.gov. @205.254.135.9 +dnssec +nsid +norecur
;; ->>HEAD
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
dig newsrss.bbc.net.uk a @212.58.240.162 +nodnssec +norecur
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 24230
;; flags: qr aa ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: EDNS query returned status FORMERR - retry with '+no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
dig ita.doc.gov. soa +norecur @170.110.214.3 +noedns
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20034
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
dig ita.doc.gov. soa +norecur @170.110.214.3 +edns=0
;; connection timed o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I am trying to suppress the record for a name that also has an A
record, so I think this should work:
32.zz.111.2a01.rpz-ip CNAME *.
host webdir.online.lync.com.
webdir.online.lync.com has address 132.245.113.28
webdir.online.lync.com has IPv6
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The ARM says:
[ response-policy {
zone zone_name ;
[ policy given | disabled | passthru | drop | nxdomain | nodata
| cname domain ; ]
[ recursive-only yes_or_no ; ]
[ max-policy-ttl number ; ] ;
[ recursive-only
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlQjTnoACgkQL6j7milTFsFKCQCeKNbfQdF/hQ6YzLqlO388TSey
VdYAn2FKNZpBRnX9/dmjr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 2014-10-09 at 13:24 +0200, IDS Submit wrote:
> I have BIND 9.10.1 x86 and I have error on query swupdl.adobe.com
See the archives around July 3rd for previous issues with adobe.
You might add this to /etc/named.conf
// adobe servers that do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 2014-10-28 at 13:47 +0100, Akos Polster wrote:
> With bind, is it possible to resolve "example.com" locally, but "*.
> example.com" by forwarding?
Does your public example.com have NS records, or are you trying to force
forwarding to a name se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlSHZfwACgkQL6j7milTFsFb/QCfTFeTHhbxPYhhRJsNTNC5aVDa
EmIAnjVawZn1xFMEJUVvh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 2015-01-13 at 12:49 +, Phil Mayers wrote:
> Just found another; dns{0,1}.getsurfed.com are returning crazy error
> codes with "nsid" (and presumably other) edns options:
> # dig +norec +nsid @213.162.97.177 www.london-nano.com
> ;; Got a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, 2015-02-08 at 16:10 +0200, Eliezer Croitoru wrote:
> I had some issues in some old versions of CentOS 6 for a caching
> server so I have compiled bind from sources.
You might try the building the source rpm packages at
http://www.five-ten-sg.c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2015-02-11 at 12:04 +, Md. Mahbubul Alam Reyad wrote:
> Its bind-9.8.2-0.23 and the OS is Red Hat Enterprise Linux Server
> release 6.0 (kernel- 2.6.32-431.17.1.el6.x86_64)
yum list bind --showduplicates
Available Packages
bind.x86_64 32
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlTmMrwACgkQL6j7milTFsG56gCfZBmkiO8rkThamB3mq9fpJLmk
ptsAnjDyh3Ir19dwECwGw
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 2015-02-20 at 13:27 +0100, Tomas Hozza wrote:
> Since both workarounds are just temporary from our point of view, we
> would like you to really consider finishing the work so DHCP can be
> built against BIND 9.10.
Perhaps redhat.com could fund
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlTuZHYACgkQL6j7milTFsGlwwCdFSxDC3OGGRTvGabnFYfRKX4Q
6ZkAn2oTzpFfGqyGbiuae
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlV4nkUACgkQL6j7milTFsFZgwCfVhCIEvd4WDFxxQB9ek6u/34i
3CcAoIYJwXXDNZngmFTgY
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have multiple centos6 boxes running 9.10.2-P1, and almost everything
looks good. However, one box seems to not be doing dnssec validation. It
is possible that this behavior predates the latest updates and I just
never noticed it.
A and B have essent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 2015-06-19 at 11:10 +1000, Mark Andrews wrote:
> You don't have any trust anchors active.
> To use the keys in "/etc/named.iscdlv.key" set "dnssec-validation
> auto;"
Thanks!!
New centos rpms at http://www.five-ten-sg.com/mapper/bind with a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 2015-06-19 at 05:58 +, Eray Aslan wrote:
> With the root zone and most TLDs signed, I do not think it makes sense
> to use DLV anymore. While a typical DNSSEC resolver configuration has
> DLV enabled, I personally make the effort to disabl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlWcOyoACgkQL6j7milTFsEtxgCffyv16qyMMacX0h6CWO2k2q/L
qrkAn2yr6N1XURKMimvs/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have a client with 9.10.2-P1-RedHat-9.10.2-2.P1.fc22 on Fedora 22, on
a machine with a pppoe link with an mtu of 1492. The routers seem to be
properly fragmenting udp - it can receive large packets such as
dig www.byington.org +dnssec +bufsiz=4000 +
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlW315YACgkQL6j7milTFsGHDwCfa6XDemh7PaigLW8YL4hn/8lE
kWYAni1oMPpgcO96trazY
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2014-08-06 at 13:47 -0400, Tomas Hozza wrote:
> Basically we want to enable user to use native-pkcs11 with SoftHSM
> if needed. However by default have named running without it.
RHEL7/Centos7 now has softhsm v2 available. What about a new pkcs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> That in fact is exactly what SoftHSMv2 does.
Building bind with native pkcs11 pointing to SoftHSMv2 then requires
softhsm setup and pin code generation. Bind cannot automatically
generate/use keys, in the same manner as a default non-pkcs11 build.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 2015-08-07 at 02:46 +0200, Heiko Richter wrote:
> Sadly automated KSK rollover isn't supported by most registrars,
Yes, but I only need one registrar to support it :)
I have python code that uses the gkg.net API to do automated KSK
generation
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlXnX1cACgkQL6j7milTFsEnfwCcC9nJa9YqAHCKiQbPdggOlZoK
ZqoAnjBmoRpZD8aSM4rT6
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> I have a RedHat 5.11 machine and currently I am facing the issue with
> BIND vulnerability CVE-2015-5477. I cannot update my BIND using yum
> because I didn't install BIND from RedHat at the first place so I need
> to do it manually.
You might look
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlX6+HoACgkQL6j7milTFsHhlwCeKkAbd+/OG9KlcVTDJXDcCsPc
tdoAn0EnZQQo40V07J4kh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, 2015-09-27 at 15:31 -0400, Gordon Lang wrote:
> > It works fine with BIND 9.9.3 but not 9.10.3 on the same server.
Since this is rhel6, I presume you are running with selinux:
cat /etc/selinux/config
grep named /var/log/audit/audit.log | au
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 2015-10-30 at 12:38 -0400, Bill wrote:
> What I would like to do to have the ability to query a DNS server
> located behind a NAT, and have it return the IP of the NAT, and setup
> connection tracking in the NAT to pass traffic thru to the host
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 2015-11-18 at 10:47 -0500, Barry Margolin wrote:
> While that's the pedantically correct answer, in practice it doesn't
> work well when your users complain "Google DNS deals with it, why
> don't you?" Your users don't care what happens to peop
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlZwghYACgkQL6j7milTFsFEzACfRMUVu/TcMrQznlkhRLLNAja1
wqkAniTm5W8r/g8zEvDVg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
My zones are currently using algorithm 5 (RSASHA1), with two KSKs and
two ZSKs with overlapping timers. In preparation for updating to
algorithm 8 (RSASHA256), I read:
The bind-users thread "KSK signing all records; NSEC3 algorithm
status?"
https:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEAREKAAYFAlaeoWMACgkQL6j7milTFsGApwCfUPUjA6TINt/ESOEN3ZiULJxV
mkUAn0s03UrOvS0T8vt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I am working on a simple script to test various scenarios, including key
and algorithm rollovers, against (bind, unbound, ultradns, verisign,
google) resolvers using 510sg.com as a testing domain. A very simple
scenario is a bad ksk key rollover, whe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEAREKAAYFAlbgjSAACgkQL6j7milTFsHuuwCffgErdTFS3zbiyPxqbrDDGCR7
JdIAn2hr/u/BZKAMTVk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2016-03-25 at 22:15 -0400, Barry Margolin wrote:
> If you're running a resolver for a small organization, the cache isn't
> going to get huge in the first place. How many different names will 50
> users access in a day?
Looking at 6 such sma
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2016-04-25 at 13:54 -0400, Sean Son wrote:
> Reindl
> Thank you for your response. Let me see if what you provided will
> work
> with what I am trying to do.
If you are compiling any source code for rpm based distributions like
RedHat, you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2016-04-25 at 23:23 +0300, Ali Jawad wrote:
> based on a user tool the users "hundreds in corporate environment" get
> either public or private zone,
Rather than the tool writing an ACL for bind, can the tool instead
reconfigure the user's l
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Building on centos/rhel 6, the build works, but
"make test" has one failure:
S:notify:Mon May 2 11:26:31 PDT 2016
T:notify:1:A
A:System test notify
I:checking initial status (1)
I:reloading with example2 using HUP and waiting up to 45 seconds
I:ch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2016-05-04 at 14:02 -0400, Rob Heilman wrote:
> query failed (SERVFAIL) for zulily-
> com.mail.protection.outlook.com/IN/A
;; ANSWER SECTION:
zulily-com.mail.protection.outlook.com. 10 IN A 207.46.163.170
zulily-com.mail.protection.outlook.c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEAREKAAYFAldHAYsACgkQL6j7milTFsFY/QCdHoaZfVad+GZgxoKPOa5v4hIL
5noAnAwiq2r/RVOibbtW
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Those dns servers answer queries for A records, but return notimpl for
TLSA queries. And they don't understand edns.
time dig _25._tcp.spe-sony-com.mail.protection.outlook.com tlsa
@ns1-proddns.glbdns.o365filtering.com. +noedns
That runs in .1 or .
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEAREKAAYFAleOm+EACgkQL6j7milTFsFL0gCeMmH1ZIlnYXP8GmferR/qjRNT
2EcAnj6ePxuOrQewVY+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-07-28 at 12:13 -0400, Paul A wrote:
> Now what is everyone using to make sure the zones in named.conf are
> still pointing to your NS servers? I have a lot of stale DNS zones I
> want to remove.
script a loop to "dig $zone ns @8.8.8.8 +
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sat, 2016-07-30 at 21:40 +0200, Matus UHLAR - fantomas wrote:
> or simply wait till customers complain and tell them they should tell
> you when tthey migrated their zones off.
Which customers will complain?
Consider the case where you have cust
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sun, 2016-07-31 at 19:25 -0700, Dave Warren wrote:
> Or, separate your resolver and authoritative roles, in which case this
> won't be an issue. One should still monitor for zones for customers
> who have departed, obviously, but it's not likely t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 29 Jan 2009 22:33:24 -0800, Al Stu wrote:
> Analyze this.
> Query MX dns.com
> Response MX nullmx.domainmanager.com
> Query A nullmx.domainmanager.com
> Response CNAME mta.dewile.net, A 64.40.103.249
So the fact that other random fol
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
dig ns.il any +trace
ns.il. 86400 IN CNAME relay.huji.ac.il.
il. 86400 IN NS ildns.huji.ac.il.
il. 86400 IN NS ns-il.ripe.net.
il. 86400 IN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> info : i am using bind 9.2.4 upon rhel4
If you want to upgrade to a newer version, you might try
http://www.five-ten-sg.com/util/bind-9.7.4-0.2.b1.fc14.src.rpm which was
slightly hacked from the Fedora rawhide version to build on
rhel4/centos4.
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am I missing something, or are the hu NS records incomplete?
dig d.hu +trace
;; AUTHORITY SECTION:
hu. 86400 IN NS e.hu.
hu. 86400 IN NS ns-se.nic.hu.
hu. 86400 IN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I am trying to build bind 9.7.4 from source on centos6, starting with a
stock fedora14 source rpm. It seems to be working, but won't validate
against the root key, but it will against the dlv.isc.org keys.
dig org ns +dnssec @localhost
;; flags: qr r
1 - 100 of 218 matches
Mail list logo
