ecific iterative stage it was working through at the time - in
your example, the response of the authoritative "in" servers.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users t
that
these are "common in practice". Well yes, in spades! It would also be
quite inconsistent with the existing credibility rules, and with the
fact that in signed zones the delegation NS RRset is unsigned, on the
basis that it is a hint, not authoritative.
--
C
correct?
AFAIK 'rndc flush' will do the same.
If you know the domain name in question, "rndc flushname ghost.example"
should be enough. (BIND 9.9 has "rndc flushtree" as well, but I think
clobbering the cached NS records for the ghost domain should be enough
ameserver". The security functions end-to-end,
between the zone administrator (she who generates its contents and signs
it) and the validator, not point-to-point.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/li
> The default_debug channel has the special property that it only
ARM> produces output when the server's debug level is nonzero.
It's actually quite a pain that one can't define one's own channels
with that "special property".
--
Chris Thompson
Email: c...@cam.a
it up to date in most of my own nameserver configurations.]
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https
worrying about people
using buggy pre-2006 versions of OpenSSL and go back to using RSA
public exponents of 3 again most of the time. I notice that this
is what VeriSign do for the DNSKEY records in "com", "net" & "edu".
--
Chris Thompson
Email: c...@cam.ac.uk
___
On Mar 7 2012, Bill Owens wrote:
On Wed, Mar 07, 2012 at 12:13:35PM +, Chris Thompson wrote:
This is wrong (although I have seen the same thing stated in a number
of other places). When the default public exponent was changed from
3 to 2^16+1 (change 2088) the one selected by -e was
6+1 except for
the following:
com, net & edu use 3 for all DNSKEYs
gov uses 3 for its KSK and active ZSKs, 2"32+1 for an idle ZSK
cz uses 2^16+1 for its KSK, 2^32+1 for its ZSK
la my & us use 2^32+1 for all DNSKEYs
--
Chris Thompso
the SERVFAILs no longer occur.
I think this may indicate that the data structure in managed-keys.bind
cannot quite capture all the complexities of RFC 5011.
The BIND version used in the later part of this experiment was (early-access)
9.8.2rc2 but I doubt that is particularly sign
ted as deep as you like[*] without you needing to make
a zone cut.
[*] subject to the overall limit of 253 characters on the fully
qualified name
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users t
different process: instead of
"rndc reload" after updaing some of the zone files, I loop through the
list of updated zone files and run "rndc reload " for each one.
This is better, of course, if you can do it.
--
Chris Thompson
Email: c...@cam.ac.uk
of wrapping
our serials round from MMDDNN style to seconds-since-1970, the
stealth-slaving Windows DNS servers of that time (even the 2008
ilk) just could not cope, and went into a tizzy continuously trying
to fetch the zones and then rejecting them for their "smaller" serials.
uld work, but "rndc retransfer [zone]" is a lot simpler!
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
idation is off, I am
not sure why it would be bothering to (try to) fetch the DNSKEY
records.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-user
managed-keys.bind file to remove the noxious entry, and
then restarting it.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-user
anchors, which maybe
does not bode well for them ever appearing in BIND.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.
re-signing activity, but we assume it hasn't
been doing so as often as once a second...
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
ee if
you ran a sniffer during a zone transfer. You can convert it to text
format to see what's in the file with:
named-checkzone -D -f raw
The other things that changed in BIND 9.9 is that there is a new version
of the "raw" format (as in "-F raw=1" versus "-F
L directive than rely on it defaulting to
the SOA.MINTTL value (or specify all TTLs explicltly).
You probably meant "root.localhost." for the SOA.rname.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailma
ration occurs while the
zone file is being read, at startup or after e,g, an "rndc reload [zone]".
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
numbers are
reached only when the network has gone pear-shaped anyway.)
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
On May 17 2012, Daniel Deighton wrote:
On 05/17/2012 12:20 PM, Chris Thompson wrote:
[... snip ...]
named: general: error: socket: file descriptor exceeds limit (4096/4096)
last message repeated 1194 times
named: general: error: socket: file descriptor exceeds limit (4096/4096)
last message
quot;.
This works better if the files for "type slave" zones are kept
in a separate directory (or directories) from the "type master"
ones, if any.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/
ts to 16M.
got into BIND 9.5.0, but
2457. [tuning]max-cache-size is reverted to 0, the previous
default. It should be safe because expired cache
entries are also purged. [RT #18684]
was there before 9.5.1, and AFAICS it has been like that e
uot;warn" anyway,
but you may want to use "fail".
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
htt
".
Well, I have to take that back. As far as I can see the -k option of
named-checkzone has no effect at all, despite the man page, at least
with BIND 9.8.3-P1.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/
7;t check CNAME labels) ... :-(
Apologies for the FUD.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https:/
ics channel,
but not in the file written by "rndc stats".]
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
named-journalprint utility distributed with BIND. Although I
have to say I would hate to be dependent on this way of recovering a
lost zone file: you should probably be rethinking your whole backup
and recovery strategy.
--
Chris Thompson
Email: c...@cam.ac.uk
___
, i.e. on which of the the nameservers's
own addresses it arrived on.)
Thinking in terms of "listen-on" was a category error. Views don't
have separate listening apparatus. Instead the queries that come
in are farmed out to the views on the basis of their matching
conditions
AILURE));
Presumably we need to change this code
return (dst__openssl_toresult2(
"RSA_public_decrypt",
DST_R_VERIFYFAILURE));
similarly?
--
Chris Thompson
Email: c...@cam.ac.uk
__
ot;, which does
seem to happen when the nameservers for a zone behave abnormally. This
time I have got around to reporting it to bind9-bugs.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubsc
say the least.
But you should notice that the above response - rcode NOERROR with
an empty data section - is what RFC 2308 calls "NODATA", and not an
NXDOMAIN. This is because test.cloudns.tk is an "empty non-terminal"
in the name tree within the zone, and it is that which p
out with the internal defaults for category and
priority (daemon.notice). Any suppression would need to be done at the
syslog level.
But I have some difficulty understanding why anyone would want it suppressed.
It's true that BIND is a bit noisier t
, the more that the actually executing named says about
itself, the better.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.is
providing records for the number of labels between cuts.
I don't see how "safer" would apply, either.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this
ames on the basis
of a "domain part" taken to be all but the first label. It was hard work
to change it to allow the "domain part" for authorisation purposes to be
any trailing set of labels, but by ${DEITY?} it was necessary!
--
Chris Thompson
Email: c...@cam.ac.uk
__
e unsigned version provided by a DLZ interface?
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Nov 1 2012, Jan-Piet Mens wrote:
I do as well, and this will be documented in the next version of
this document.
I believe you've mentioned that here before. Several times. Today. ;-)
"What I tell you three times is true.”
The Bellman, pp Lewis Carroll
--
Chris Thompso
};
zone "232.128.in-addr.arpa" {
type slave;
file "slave/232.128.in-addr.arpa";
journal "slave-jnl/232.128.in-addr.arpa";
...
};
...
One slight niggling disadvantage is that you can't tell
named-checkzone / named-compilezone with the -j option where
to find the journ
cords for "." and the address records for the *.root-servers.net
names so referenced.
But why did it keep going on and on about it? And what made it stop?
Has anyone else seen anything similar?
--
Chris Thompson
Email: c...@cam.ac.uk
___
Ple
dig +trace +nodnssec www.isc.org
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
specifying a "file" value for the zones on the slave server?
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc
re are all sorts of possible misconfigurations using forwarders that
might provoke problems of this sort.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
, "all the publicity material
sent out by the nominator [for an award for the web site] gave the URL
as http://cam.ac.uk/ and this has been retweeted around".
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/lis
tart
all over again with the search path(s) added after a "negative" result,
but it doesn't.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-u
e yet.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
everse zones to built in empty zones
list, 64.100.IN-ADDR.ARPA ... 127.100.IN-ADDR.ARPA.
[RT #31336]
That doesn't apply if you have automatic empty zones disabled, e.g.
by "recursion no" in options, of course.
--
Chris
of the ESV status of the
BIND 9.9 series.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.o
the "journal" option in the "zone" statement.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
nclude the option
"empty-zones-enable yes;" explicitly.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
h
) an NXDOMAIN for, rather than
the unqualified one. The OP would probably have been a lot less
mystified if the message had been
Host www.undernet.org.my-domain.example not found: 3(NXDOMAIN)
rather than
Host www.undernet.org not found: 3(NXDOMAIN)
--
Chris Thompson
Email: c...@cam.ac.uk
ned version, and some an unsigned one, but I don't see
how that leads to the effect observed.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Sep 24 2013, Tony Finch wrote:
Chris Thompson wrote:
I have noticed that I get occasional (fast) SERVFAIL responses from
"dig NS iq.", e.g.
"iq" is partially signed, in the sense that some of its nameservers
deliver a signed version, and some an unsigned one, but
I have reported this problem to bind9-bugs [ISC bug #34839].
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
TXT "order!"
message.example. TXT "A paragraph of text that"
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-use
oves there is no DS
record for cam.ac.uk in the zone cam.ac.uk, which of course is true.]
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
transfer is
possible and if so whether it would fit into the UDP payload.
Of course, if the client's supplied SOA serial is the same, this
response indicates that no zone transfer is needed.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit
strange to have signing done in more than one place, yes.
The sort of scenario when you want to do signing on a slave is that
in "Example 2" in https://kb.isc.org/article/AA-00626/
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please v
rnalprint to the .signed.jnl file, unless the
journal has been pruned as a result of exceeding the max-journal-size
setting. But this won't tell you *when* each increment happened.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.
le of typing in www.p3net.net to get to his or her Web
site.
That would be more plausible if www.p3net.net actually resolved to
something, rather than giving NXDOMAIN ...
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/ma
tter.postbank.de
(despite the fact that the NS records are included in the referral).
Note the absence of opt-out in the NSEC3.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
So even when they use
the new (case-sensitive) compression rules themselves, they will
only respond to clients with different casing in the question
and answer sections if they have themselves been queried for
the same name with different casings (possibly by different
clients, of course).
-
1
150 ---1--1-- 2
Total 1076 156 5 2 27 21 216
[*] A lot more than there used to be, due to the influx of new gTLDs.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Pleas
It's not often mentioned, incidentally, that using more iterations increases
the probability of a collision. Of course, it's pretty damn small to begin
with, so that doesn't really matter. But the algorithm, described in RFC 5155
section 5, could have been better designed
error: zone playground.test/IN:
not loaded due to errors.
and the zone goes into SERVFAIL state.
The only way I found out of this was to remove the [zone-file].signed
and [zone-file].signed.jnl files manually, and *then* do "rndc reconfig".
Surely there must be something bette
On Feb 19 2014, Alan Clegg wrote:
On 2/19/14, 8:59 PM, Chris Thompson wrote:
What is the right way ... or maybe I should be asking IS there a right
way ... to change a zone that has been signed by inline signing (i.e. with
"inline-signing yes; auto-dnssec maintain;" in it zone sta
therwise.
I think I am going to have to retreat hurt from this attempt to use
inline signing, and find some other way of achieving what I want.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bin
alhost.cam.ac.uk itself, to terminate the probable iteration described
above before it goes any further.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind
On Mar 21 2014, SM wrote:
Hi Chris,
At 11:18 21-03-2014, Chris Thompson wrote:
We used to create lots of localhost.[subdomain].cam.ac.uk records, even
to the extent of adding an record just for those institutions that
had IPv6 enabled on their networks. But we have pretty much given up
not a bug. It is mandated by RFC 5155 - see
section 4.1.2.
This was really nic.at (and not example.com), wasn't it? Your domain
obfustication was half-hearted! I tried looking at it, but things
were changing too fast for me to get consistent results...
--
Chris Thompson
Email: c...@cam.
for .net?
No, they are authoritative for udrtld.net, self-consistently claiming
themselves as the only NS records for it.
This looks like a simple case of a change of nameservers for a zone not
propagating too well, because the old ones haven't stopped serving it.
--
Chris
e sure your old nameservers stop serving the
zone, or at least serve a version with the new NS records in"
situation. but the (highly anti-social, by the way) behaviour
of these nameservers makes that impossible to arrange.
--
Chris Thompson
Email: c...@cam.ac.uk
_
solv.conf (if any).
The search list is not used by default.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
would vote for 'dq' (as in, DNS query)
which has the virtue of not matching anything in the Ubuntu "did you
mean?" database.
Oh please, not another two-letter command for the benefit only of the
digit-ally challenged...
Not to mention what http://en.wikipedia.org/wiki/DQ has t
xpedites what would normally happen
when the refresh interval expires. That is, it will do an SOA query
against the master(s), and if the serial has increased attempt an
(if possible incremental) zone transfer.
--
Chris Thompson
Email: c...@cam.ac.uk
___
know about lbtest.isnlab.in,
You are always going to get inconsistent results until you fix the
delegation.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users ma
something is in the
public DNS at all, it ought to be signed. But our tribulations
summarised above (and believe me, I could go on about it at *much*
greater length! you should be grateful) have occasionally made me
regret that.
--
Chris Thompson
Email: c...@cam.ac.uk
__
l, it served me right when we later had to put an A record (sorts before
HINFO) at the apex of cam.ac.uk and I had to modify our normalised-zone-file-
comparsion program to allow for that!
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://
(Almost) no-one uses HINFO for its original purpose anywhere in
the DNS.
and I think I might get away with it.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bin
ter file has been updated. (Of course, as Phil Mayers
points out, this would cause downstream IXFRs to become AXFRs,)
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
the public DNS acquire DNAMEs pointing to that (hopefully ones
with large TTLs).
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-u
On May 14 2015, I wrote:
Now that RFCs 7434 & 7435 have been published, how do ISC see the future ...
That should be 7_5_34 & 7_5_35 of course. Curses.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org
Ls so that they will remain cached.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailma
ne is described.
Would this actually break a validating resolver with a locally defined
(unsigned) empty zone 2.0.192.IN-ADDR.ARPA ? The parent zone can produce
a proof that there is no signed delegation, but only by revealing the
signed DNAME.
--
Chris Thompson
Email: c...@cam.
copy exactly from the
query, and the owner field used in the answer section, which recent
versions of BIND make the same as that loaded from zone file (when
authoritative), or as received from an authoritative nameserver (when
from the cache).
--
Chris Thompson
Email: c...@cam.
/pipermail/dns-operations/2016-April/014765.html
which is fairly tight-lipped!
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
"Re: [the subject format for the list's
digest messages]". Maybe a scan of the message content for a copy of
the digest prologue would be a good idea as well.
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.
. If I have it right, the following works:
allow-update { !{!10/8;any;}; key update-key; };
You could make the inner {} a named ACL if that makes it clearer.
(I have tested an allow-update similar to the above -- using different
IP addresses -- with BIND 9.4.3rc1.)
--
Chris Thompso
. If I have it right, the following works:
allow-update { !{!10/8;any;}; key update-key; };
You could make the inner {} a named ACL if that makes it clearer.
(I have tested an allow-update similar to the above -- using different
IP addresses -- with BIND 9.4.3rc1.)
--
Chris Thompso
on port 53 { 127.0.0.1;74.87.108.83; };
pid-file none; statistics-file "named.stats";
datasize 20M; allow-recursion { localnets; };
allow-transfer { any;
};
};
Ack! allow-transfer should never be any
What, never? Why not?
--
Chris Thompson
Ema
er name gets fed into the
hashed data).
--
Chris Thompson
Email: [EMAIL PROTECTED]
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
nline.
--
Chris Thompson
Email: [EMAIL PROTECTED]
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Nov 20 2008, Stephane Bortzmeyer wrote:
On Thu, Nov 20, 2008 at 11:55:17AM +,
Chris Thompson <[EMAIL PROTECTED]> wrote
a message of 33 lines which said:
The text you quote is for DNS publication. But you typically do not
put KSK in the DNS, no?
Sure you do. How could a val
ewed,
or getaddrinfo() isn't getting as far as using the resolver. Can
you do host address lookups at all there?
You can suppress the check by using "-i local" on named-checkzone
(see the man page). But it would be better to fix the configuration
problem, of
72800 IN NS ns-2.hosp.utmck.edu.
;; ADDITIONAL SECTION:
harley.mc.utmck.edu.172800 IN A 165.6.131.32
ns-2.hosp.utmck.edu.172800 IN A 165.6.144.1
^
Try fixing your registration there.
--
Chris Thomp
a lot of applause.
As the recent thread ("can't see nameserver externally") reminds us
-- for edu rather than com/net, but there can't really be a
difference, can there? the nameservers are just a subset --
glue promotion is still happening. One has to wonder
d?
No. But the "..."s were clearly meant to represent "all the other
usual stuff". After all, the SOA record isn't syntactically valid
either.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
uot; in the ARM, especially the "self" rule and its variants.
--
Chris Thompson
Email: c...@cam.ac.uk
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
1 - 100 of 344 matches
Mail list logo
