I'm so sorry, but I have to trouble you guys again.
The help below helped, I have no errors from checkconf or checkzone, but
from journalctl I get:
/etc/bind/zones/db.jungersen.dk.jbk: create: permission denied
and
/etc/bind/zones/db.jungersen.dk.signed.jnl: create: permission denied
and some
work, please let me
know, I wish to keep it as tight as possible.
:-)
Danjel
On 15-03-2025 17:31, Danjel Jungersen via bind-users wrote:
I'm so sorry, but I have to trouble you guys again.
The help below helped, I have no errors from checkconf or checkzone,
but from journalctl I get:
says.
Hope that helps.
Cheers, Greg
On Wed, 19 Feb 2025 at 10:22, Danjel Jungersen via bind-users
wrote:
On 19-02-2025 11:11, Marco Moock wrote:
> Am Wed, 19 Feb 2025 10:58:14 +0100
> schrieb Danjel Jungersen via bind-users :
>
>> But if I change /et
bind or
/var/cache/bind for signed zones.
???
If bind should be denied write access to /etc/... maybe this is the way to go?
:-)
Danjel
>
>Cheers, Greg
>
>On Sat, 15 Mar 2025 at 21:25, Danjel Jungersen via bind-users <
>bind-users@lists.isc.org> wrote:
>
>> Off-lis
On 16-03-2025 21:40, Greg Choules wrote:
Hi.
From what others have said, that makes sense. For BIND's static files
to be under /etc and operational files (zone data, journals etc.) to
be somewhere else.
What are the permissions on /var/lib/bind/ and/or /var/cache/bind?
Both is root:bind and
Hi.
I have a primary and a secondary set up on debian 12.
They both seem to work.
They are authoratative for my own domain that is used to redirect local
traffic to local servers.
There are no (inbound) contact from the outside to bind.
I then have a postfix server, where I need to run a loca
On 19-02-2025 11:11, Marco Moock wrote:
Am Wed, 19 Feb 2025 10:58:14 +0100
schrieb Danjel Jungersen via bind-users :
But if I change /etc/resolv.conf to 127.0.0.1 something happens
If I do a dig or ping from my postfixbox to something that the 2 main
bind-boxes are authoratative for, it
On 19-02-2025 11:44, Mark Andrews wrote:
The posix boxes are validating the responses and your zone is not properly
delegated/signed so DNSSEC validation fails.
Is there a way to overcome this?
They are not delegated, since they are not public.
- Or am I missing something?
But explains why exte
On 20-02-2025 08:40, Mark Andrews wrote:
The zone is available publicly, but from public serveres not hosted by me
(one.com).
And points to my external ip.
My internal bind redirects local traffic directly to local servers on local
ip's.
DNSSEC is designed to stop spoofed answers being accepte
On 19 February 2025 13:01:01 CET, Mark Andrews wrote:
>You can install a negative trust anchor or sign the zone so that DNSSEC
>validation works. The zone exists in the public DNS. You can use the same key
>material or use different key material and publish multiple DS records for
>both the p
03-2025 11:18, Danjel Jungersen via bind-users wrote:
On 19-02-2025 12:04, Greg Choules wrote:
Hi Danjel.
To obtain a packet capture use tcpdump, which is probably installed
already. If not, add it using your preferred package manager.
You can dump to the screen, but I find it more useful to
11 matches
Mail list logo
