Hi list,
I have a test environment with 3 VMs running different versions of BIND -
9.7.3-P3, 9.8.1-P1 and 9.9.0rc1. On all 3 machines "rndc status" reports
unrealistic "number of zones:". For example, when the zones configured at
named.conf are 3, the number reported is "number of zones: 18" and w
On Thu, Mar 1, 2012 at 1:26 PM, Matthew Seaman <
m.sea...@infracaninophile.co.uk> wrote:
> On 01/03/2012 11:20, Emil Natan wrote:
> > Do any of you experience the same issue? Any ideas what I'm missing or
> > what's wrong?
>
> Automatic empty zones?
>
ok at the DNS and BIND reference from Cricket Liu
>
> ciao!
> Banana
>
> On Mar 1, 2012, at 1:10 PM, Emil Natan wrote:
>
>
>
> On Thu, Mar 1, 2012 at 1:26 PM, Matthew Seaman <
> m.sea...@infracaninophile.co.uk> wrote:
>
>> On 01/03/2012 11:20, Emil
On Thu, Mar 1, 2012 at 2:27 PM, Matthew Seaman <
m.sea...@infracaninophile.co.uk> wrote:
> On 01/03/2012 12:10, Emil Natan wrote:
> > On Thu, Mar 1, 2012 at 1:26 PM, Matthew Seaman <
> > m.sea...@infracaninophile.co.uk> wrote:
> >
> >> > On 01/03/2012
That should be it. And that's probably why adding and removing the custom
root.hints file does not change the count, when enabled it's the one
counted and when disabled, the build in one is counted. Thanks.
ena
On Thu, Mar 1, 2012 at 2:41 PM, Mark Andrews wrote:
>
> Built in root hints zones wi
Hi all,
I'm trying to implement DNSSEC using BIND and SoftHSM. I'm using the
pkcs11-* and dnssec-* tools to manage the keys in the HSM and sign the
zones. When I store both KSK and ZSK under single slot there is no problem
to create local key files with dnssec-keyfromlabel and sign the zone. What
Look for my answer below.
On Tue, Feb 5, 2013 at 5:16 PM, funky monkey wrote:
> One of my responsibilities has been general DNS (across platform)
> expertise in the organisation I currently work for. Over a fair amount of
> time, one thing that's repeatedly cropped up, has been the (ideally
> sel
It does not matter where the notify comes from (it well can be sent from a
slave too), named will try to transfer the zone from the first master
listed in the masters list. At least it's how it works in 9.7.x, though I
do not believe it's something that changed between the releases.
ena
On Mon, M
Hi,
I have tested Safenet's Luna SA (the network appliance and not the card) a
year ago. It did not work using the openssl patch provided with BIND, but
at the end with some assistance from the Safenet's engineers and a
proprietary engine provided by them we made it work. I presume it'll work
also
I think showing this line on start is a good thing. I'm updating our DNS
servers regularly and debugging a problem and checking the old logs it's
useful to find which version was running at the time and how it was built.
Emil
On Mon, Apr 13, 2015 at 8:19 PM, Alan Clegg wrote:
>
>
> On 4/13/15 1
Hello,
I'm investigating an issue which started after upgrading to the latest
version of BIND (bind-9.9.7-P2). I started with checking the changelog and
I read a line saying:
4061. [bug] Handle timeout in legacy system test. [RT #38573]
Where can I find more details about bug 4061 or
queryperf, supplied with BIND, found under contrib.
What we usually do is "record" some real traffic, then run queryperf on
multiple machines against a server. If I'm not mistaken similar topic was
discussed here recently so you can search the archives.
Emil
On Wed, Jun 22, 2016 at 3:34 PM, King,
On Wed, Jan 12, 2011 at 5:13 PM, dev null wrote:
> Hello,
>
> I have most of this worked out but I intend to setup bind in a
> multiple master manner.
>
> This makes me question a few things:
>
> 1. What can I use for the SOA MNAME? In the off chance a box may die,
> I am thinking of using a VIP
On Sat, Jan 15, 2011 at 6:36 AM, ju wusuo wrote:
> run queryperf on the same server and got a not bad number at around 60,000
> qps, however, the cpu and memory are far from used up, what else could be
> the limiting factors for getting higher qps numbers?
>
>
> Logging. If query log is enabled i
Hi,
I try to build BIND 9.7.2-P3 with HSM support needed for DNSSEC on CentOS-5
box. Following the documentation (arm97, starting from page 27) I download
the openssl source (0.9.8l), apply the patch provided with BIND
(bin/pkcs11/openssl-0.9.8l-patch), no errors during the "configure" and
"make"
Hi,
I have few boxes running BIND 9.7.3-P3. I do not use DNSSEC (for now) and
dynamic updates (at all) and I have them explicitly disabled in named.conf
(dnssec-enable no; dnssec-validation no; allow-update{ none; };) but I
see named still searching for managed-keys.bind file and trying to c
Using CNAME as MX is not recommended, someone might say forbidden. Check the
following thread:
https://lists.isc.org/pipermail/bind-users/2009-January/074828.html
Technically I think there is no problem to do so, BIND even has an option to
ignore such checks - check-mx-cname.
BTW you did not specif
2009/3/28 Cherney John-CJC030
> Is it possible to use nslookup or dig to look up delegation records? I
> can use them to get the nameservers for a particular domain, but I also want
> to see the nameservers it would delegate to. So far, the only way I can
> figure out to do that is to parse the
On Sun, Jul 5, 2009 at 8:37 AM, Alans wrote:
> Hi,
>
>
>
> My boss wants to know what sites are cached? Is that possible with Bind 9
> (OS: CentOS).
>
>
>
> Regards,
>
> Alans,
>
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.i
Hello,
I have BIND 9.6 (BIND 9.6.2-P2 built with '--prefix=/chroot/named'
'--enable-threads' '--with-openssl' '--enable-ipv6'
'CFLAGS=-DDIG_SIGCHASE=1') in a test environment serving a signed zone. I
see the following error in the log, repeated every 5 minutes. I understand
it indicates permission
minimal-responses affects the size and not the number of responses.
On Sep 22, 2016 23:44, "Job" wrote:
> Hi Matus,
>
> >>If you want to avoid additional queries, turn minimal_responses off.
>
> I thought setting minimal_responses = yes should lower the number of
> queries
> Do you think it is t
Hello,
I'm trying to add zone of type "forward" with rndc addzone, but it fails with:
rndc addzone zone.org '{type forward; forward only; forwarders {
192.168.20.115; }; };'
rndc: 'addzone' failed: not found
I have allow-new-zones set to yes in named.conf. Loading zones of type master
works f
Original Message
Subject: Re: rndc addzone type forward
Local Time: November 16, 2016 5:12 PM
UTC Time: November 16, 2016 3:12 PM
From: d...@dotat.at
To: Emil Natan
bind-users@lists.isc.org
Emil Natan wrote:
>
> I'm trying to add zone of type "forward" w
: November 16, 2016 5:12 PM
UTC Time: November 16, 2016 3:12 PM
From: d...@dotat.at
To: Emil Natan
bind-users@lists.isc.org
Emil Natan wrote:
>
> I'm trying to add zone of type "forward" with rndc addzone, but it fails with:
>
> rndc addzone zone.org '{type f
Hello,
I'm using dnssec-signzone to sign a zonefile. I have 3 keys stored on a HSM,
here is the meta data for the keys:
; This is a key-signing key, keyid 15464, for example.com.
; Created: 20170112162324 (Thu Jan 12 18:23:24 2017)
; Publish: 20170112162324 (Thu Jan 12 18:23:24 2017)
; Activate:
There is a difference between security policy check and performance check.
If you want to check policies, you can do it manually issuing different sorts
of queries from different locations making sure what should be answered is
answered and what should not be answered is not.
If you want to test
26 matches
Mail list logo
