w, so it would only allow queries from localnets,
even when reached via the other view. And if you're doing this with a
dynamic zone you'll want to be careful that update-policy is set the way
you really want and you're not relying on match-clients for security.)
--
Evan
load of data that the app can't use.
If neither xml/v2 *nor* xml/v3 is responding, then something's wrong.
It seems to be working okay for me.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/
I might try to work on this myself, but I thought I should toss the
> idea out for comments and suggestions first. Specifically, I suppose
> that whatever work that is done should be compatible with the DocBook
> source and other BIND9-ARM formats.
We'd certainly be glad to have
ust with DIG 9.9.2 and 9.9.4 (possibly other versions of dig
> 9.9).
>
> Has anyone ran into a similar issue? Any help would be greatly appreciated.
BIND 9.9 turns on EDNS(0) by default. Try it with "dig +noedns" -- if
it works, then that was the problem.
--
Evan Hunt -- e...@isc.
(OARC: Operations, Analysis and Research
Center.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lis
her of those assertions look familiar to me, but it would probably be
worthwhile upgrading to the most recent version (9.9.4-P1); it addressed
some race conditions that might possibly account for them.
Meantime, it's best to send bug reports to bind9-b...@isc.org. If you
can include stack
lave.
With inline-signing, slaves can sign, and in a hidden master setup,
it makes sense for them to send notifies.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri
ly break as long as you don't
cross the streams, but why risk it?)
Some discussion about scenarios in which inline-signing might be used
can be found here: https://kb.isc.org/article/AA-00626/
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
ave the slave signing, then
the slave's serial number would get ahead of the master's... but in
that case, the master should be "hidden" -- it shouldn't be listed
in the NS RRset for the zone, and a consistency check should ignore
it.
, we decided to make it a compile-time option: those who
want RRL can get it; those who don't can skip it.
RRL will be enabled by default in 9.10.0.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://l
ate new keys
if necessary; it could even send a "loadkeys" message to the server if
configured to do so.
This has been on my to-do list for quite a while, but other things
keep jumping into higher spots on the list.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
__
py() and revealed our mistake.
(And we would've gotten away with it, too, if it wasn't for those
meddling kids.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users t
orted into the 9.9
codebase.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lis
{ localnets; };
zone "example.com" {
type slave;
masters { ... };
};
};
view them {
zone "example.com" {
in-view us;
};
};
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_
long
in the future, then this existing cache data will be discarded in favor of
it.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users ma
roken trust chain resolving 'www.dnssec-failed.org/A/IN': 127.0.1.1#53
;; resolution failed: broken trust chain
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to uns
s there's a darned good reason. (Even then, we'll
generally put them beind #ifdef's, as with --enable-rrl, so you can
build without them.)
Gotta put new stuff somewhere, though, or we'd all still be using
BIND 4. :)
--
Evan Hunt -- e...@is
le to pass them unchanged. Remember rpz is deliberately limited.
As Cathy mentioned, it's possible to bypass the recursion in RPZ now.
The feature is in the rpz2 patches, which are included with BIND 9.10
and are also built into some packaged versions of BIND.
--
Evan Hunt -- e...@isc.org
In
r at least a sensible wrapper), so that DNSSEC
keys could be generated according to a configured policy rather
than command-line alphabet soup.
For generating host keys, I suggest "ddns-confgen" rather than
"dnssec-keygen".
--
Evan Hunt
ut there may be a use case for it that I've overlooked.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
are removed from the zone
- the private-type record is cleaned up
Looking at the journal file with named-journalprint confirms
that's what's happening on my test system. How are you doing
your tests?
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
, how you configured the built ("named -V" will tell
you this), and your named.conf ("named-checkconf -px" dumps a copy of
your configuration with key secrets omitted).
If the problem's in the samba DLZ module, I probably won't be able to
help you, but if it's in
s, as long as the HSM is running and the pkcs11 provider library is
accessible.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mai
re --enable-native-pkcs11 --with-pkcs11=/path/to/provider.so)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-us
ing resolver (IMR)
You *can* use it as a validating resolver, but it probably wouldn't
be very efficient and I don't know why you'd want to. :)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lis
postponed, actually; IIRC, you configure BIND
with --enable-native-pkcs11 but omit --with-pkcs11, then specify the
provider library on the command line ('named -E /path/to/libsofthsm.so').
We haven't made it a named.conf directive though; it hadn't occurred to me
before that an
g interface. Just an idea.
>
> I'm not suggesting to change the existing interface, as it will break
> existing stuff.
FYI, the "tsig-keygen" command is now available in 9.10.0b2. (Published
to the FTP site, should be on the web site shortly.)
raction with Bind.
I'd run wireshark on the link between dhcp and bind9 to see what
the update packets look like. When you tested with nsupdate, did you
use prerequisites?
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
P
either use opt-out or
> non-opt-out?
BIND doesn't currently provide a mechanism for that. If it's something
you need, please send a feature request to bind-sugg...@isc.org.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
rver and recursive server.
No. It's just checking that the client-subnet option is formatted
correctly in incoming messages. Named doesn't act on the content of the
option in any way.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
__
nt BIND. If it doesn't support
sync, use "rndc freeze ; rndc thaw ".)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-u
s to the Xapian project for the oversight: no disrespect
was intended, I simply didn't know. Apologies also to any early
adopters of delv who may be inconvenienced by the change.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
__
d it would be better to
live with an imperfect name than deal with the fallout of changing it
after it was officially released.
Anyway, now it can hang around and comiserate with resolv.conf.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
{ geoip country US; }
...
match-clients { geoipUS; };
The problem is that when the "geoipUS" ACL is merged into match-clients
for the view, the geoip information doesn't get copied correctly.
The attached patch should fix it.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
T using RSA key ID 189CDBC5
> gpg: BAD signature from "Internet Systems Consortium, Inc. (Signing key,
> 2013) "
Works fine for me. Check the fingerprint on the tarball, it should be:
SHA256(bind-9.10.0.tar.gz)=
acc2f5cc58c121f927e02c23e7e3e2e4876139eaac4a9df71800d4a38917c887
--
is sort of thing easier in BIND -- even just at
the level of "boy, it irritates me that I can't make BIND do " --
such comments will fall on welcoming ears.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https:
we're sure they aren't.
The article at https://kb.isc.org/article/AA-00340/ has guidelines on
information you can gather to help us diagnose the problem.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://l
means we don't have a clients-per-query
limit at all. If max-clients-per-query is 0, that means there's no upper
bound on clients-per-query and it can grow as big as it needs to.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Pl
s an rndc command that temporarily suppresses
DNSSEC validation below a specified name, for a configurable period of
time defaulting to one hour and not exceeding one day.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit
e/different words :-(
If the above was helpful and you feel inspired to rephrase it into
text for the ARM, I'm always happy to take your patches. :)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/m
me.
That introduces a lot of complexity, though; if a zone file is corrupt,
BIND expects to discover the fact right away, not at some random time
later on.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org
the zone from the map, or else loading from text and
creating a new map, depending on mtime -- is definitely under consideration
and may turn up in 9.11 if time permits.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit
to be Hard).
We decided to spend the time and validate map files before serving
data from them.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this
could take the ip2location data and
create a usable database from it.
I'm not aware of any tools that can create the other libGeoIP database
types (city, region, ISP, etc) -- last time I looked, only country worked.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_
ense
> given that the cache dump is only 6 MB.
What version of BIND is this? And do you use statistics-channel?
I'd be interested to see what the memory stats look like on a running
server.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
__
ed to know.
"rndc signing -nsec3param" can change your salt. Specifying "auto" as
the salt causes named to generate a salt at random.
There's currently no way to schedule it the way you can schedule
key rollovers, but you can put it in a crontab.
--
Evan Hu
> "rndc signing -nsec3param" can change your salt. Specifying "auto"
> as the salt causes named to generate a salt at random.
I forgot to mention that the "auto" feature is new in 9.10, not in
older versions.
--
Evan Hunt -- e...@isc.
#x27;s "dynDB" LDAP extension (which we
plan to include in BIND 9.11 but is currently only available as a set of
patches).
Improving DNS provisioning is a hot topic for future development, but
we're still just in the requirements-gathering phase. Would you like to
share what it
KSK, but SoftHSM for the ZSK
because it's faster. It might also enable us to drive an HSM that didn't
have a complete PKCS#11 implementation, using SoftHSM to fill in the
functional gaps. Haven't done any work on it, though.
--
Evan Hunt -- e...@isc.org
Internet Systems Consor
That's what the "shim" I mentioned would be for.
Unfortunately, I can't tell you anything about when such a thing is
likely to get written; we've got a lot of other tasks lined up
ahead of it, and not enough pairs of hands. Contributed co
subtract the previous
value for total queries from the new value, and divide by 60.
(Or every 5 minutes, or 15, or whatever.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/b
the usual re-signing period, use "rndc sign ".
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-user
ever, ISC provides a thorough training course on the subject; see
http://www.dns-co.com/services/training.
http://tools.ietf.org/html/draft-ietf-dnsop-dnssec-key-timing-04
has guidance about scheduling key rollovers that you may find useful.
--
Evan Hunt -- e...@is
hen installing python
ought to make the build work, for the time being. We'll address the
problem before final release.
Do you still have your config.log? May I see it?
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please
ke/rules.in
@@ -357,11 +357,3 @@ ALWAYS_MAKE_SYMTABLE = @ALWAYS_MAKE_SYMTABLE@
.docbook.8:
${XSLTPROC} -o $@ ${top_srcdir}/doc/xsl/isc-manpage.xsl $<
-###
-### Python executable
-###
-.SUFFIXES: .py
-.py:
- cp -f $< $@
- chmod +x $@
-
--
Evan Hunt -- e...@isc.org
92.
> That's a massive reduction in size. Did you guys suddenly delete a lot
> of code?
No, we didn't. Same compiler/linker? Same build options?
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists
QRFLAG=1
; AAFLAG=0
; TCFLAG=0
; RDFLAG=1
; RAFLAG=1
; ADFLAG=0
; CDFLAG=0
[... etc ...]
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/lis
it'd be swell if you posted it here...)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
ht
also tried to use Firefox's 'Save Page As' option to dump the
> statistics, but that resulted in the same saved file as I got with wget.
Just sending the XML is fine. The pretty formatting comes from a
stylesheet, bind9.xsl, which is served alongside the XML statistics
when the
rom the berkeley
DB. How long does it take to query the database directly?
Turning on minimal-responses reduces the number of database lookups
required for each query, which might help if the database is slow. There
may also be a bdb mailing list that can recommend database optimizations.
l
> be overflowed by one byte if the dsdir is full?
The allocated buffer size is "filenamelen + 1", which includes space for
"strlen(dsdir) + 1" if dsdir is not NULL.
The first "+ 1" is there to make room for a null terminator; the second
is there to make
se I think it's because you had an empty cache, and
sending a second query will clear the problem up. In a future release, we
may want to lift the restrictions temporarily while priming.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_
light of this new reality. (We
might arrange for SERVFAILs that occur as a result of recursion limits not
to be cached.)
When I tested this on 9.9, I got the problem with www.ibm.com on the first
query, but it succeeded on the second.
--
Evan Hunt -- e...@isc
On Tue, Dec 09, 2014 at 05:46:36PM +, Stuart Henderson wrote:
> It's 5 minutes with 9.10.1-P1 as well.
That's unexpected. I'll see if I can reproduce it.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
On Tue, Dec 09, 2014 at 05:51:58PM +, Evan Hunt wrote:
> That's unexpected. I'll see if I can reproduce it.
Okay, I can.
Part of the problem is the somewhat crazypants DNS configuration
of www.ibm.com:
$ dig +noall +answer www.ibm.com
www.ibm.com.3600
k up ns1.example.org to find that name server.
That adds a layer of recursion depth. Now, if example.org is served
out of yet another zone:
example.org. IN NS ns1.example.net.
example.org. IN NS ns2.example.net.
...that adds another layer. Named will give up after 7 such
indire
SERVFAIL responses in
the first few minutes after server startup.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
air
disadvantage with respect to the max-recursion-queries counter.
9.10.2 has a fix that should make things better. The code's already been
pushed to the git repository at source.isc.org, in case anyone wants to try
it now. I expect to release a beta version either next week or after the
hol
tually (one hopes), you
reach bottom and pop back up. If it turns out the name you asked for is
a CNAME, then you start a new stack while you resolve the CNAME target.
As long as the stack never exceeds seven layers of recursion, you're
fine.
--
Evan Hunt -- e...@isc.org
Inte
iagnose the problem if you told us what query you were
trying to resolve, and what version of BIND you're running.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs
.0.. = Authoritative: Server is not an authority for
> domain
Bad delegation, I guess. The "authoritative" server says it isn't.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/
c,
and they expire and are removed after a relatively short lifespan, not
exceeding a week.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
> Is this the 'correct' behaviour? It wasn't what I was expecting, but I
> can see how we got here.
I haven't confirmed the behavior yet, but I agree that this sounds like
a bug.
Would you mind opening a ticket at bind9-b...@isc.org?
--
Evan Hunt
try it now by cloning the git repository at source.isc.org, if
you like (I'd be happy to have your feedback on it).
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to un
On Thu, Jan 22, 2015 at 04:03:20PM +0800, Jackie Lui wrote:
> Is there any tentative schedule when 9.11 will be released?
We're aiming for third quarter of 2015.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please vis
ters in delegations. I
would guess it does, but I don't actually know.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
ith a sample configuration you can work from. I would expect to see
better performance, though still not very good. (DLZ at its best is
still quite slow.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.is
e option, then it
would print a list of the un-freed memory blocks when it asserted.
(This has some performance impact, so I don't recommend running that
way routinely, but it helps track down what went wrong.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
__
r
choosing to use select vs epoll/kqueue/devpoll. I think there were a few
other items on the "to do" list as well, but those were the big ones.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https
feature, the "in-view" zone option.
Unfortunately, it doesn't work with RPZ.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
sn't enough? If
it's not enough, I'm curious what your requirements are.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bi
> Just to clarify: it will remain okay to use a zone file for multiple
> master zones (which won't be dynamically updated)?
Yes, that's fine. It's only a problem to use a single file when
multiple different zones will be writing to it.
--
Evan Hunt -- e...@isc.org
Intern
On Tue, Feb 24, 2015 at 11:24:16PM +0100, Job wrote:
> Someone has been able to make RPZ work in view with "in-view" clause?
Unfortunately, no.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://
ly outdated. 9.9.7 will be published this week.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.
iness to ICANN specifications over the
long term is sold separately.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users
192.168.1.221; };
>file "internal/simons-rock.edu.internal.db";
Or you can allow your slave files to remain in binary format (it gives you
a roughly factor-4 speedup in loading the files, which can be significant
with large zones). When you want to look at the text version,
e from the
DNS cache, but it wasn't touching the ADB or the bad cache.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users ma
sh table.
It turned out to be a useful thing to do, though, so we eventually
decided to go ahead and put up with the inefficiency.)
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-u
hes are the number of seconds to use for
an "hour", a "day", and a "month", respectively. If you run with the
above option, named will trust a new key 60 seconds after it's seen it,
instead of waiting a full 30 days. (T
hen leave the server up and running (not forgetting
to use -T mkeytimers=H/D/M, where M is no more than 3600 seconds,
because keyroll.systems rolls its keys every hour and normal RFC
5011 processing can't handle that), and you should be in good shap
27;s a
sha256 hash of the view name, which is guaranteed to be a legal file
name because it's all hexadecimal. It's also guaranteed to be maximally
confusing.
As of BIND 9.10, it doesn't name files that way anymore. It'll still
read an existing file using that naming format
c.org (like Tony does), you can it.
If you're doing that, then you can *also* use "rndc managed-keys", which
lets you check key status and force keys to be refreshed ahead of schedule.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
__
o add better anchor tags for each option, so you could look up
"Bv9ARM.ch06.html#response-policy" or whatever, and be taken to
the corresponding section of the ARM.
Good idea, nobody's done it yet.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
be shared between views.
A view and its policy zones are tightly interconnected, and it would be
a fairly huge job to rewrite it so it wasn't that way. I'd like to
address this problem one of these days, but I don't have a good plan
yet.
--
Evan Hunt -- e...@i
ttack is doing to your resolver.)
You could also try blacklisting the clients from which the queries are
coming; they're probably infected with malware.
RPZ is also effective for this.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
P
When including a master file origin_changed was
not being properly set leading to a potentially
spurious 'inherited owner' warning. [RT #37919]
I'm not sure that upgrading will address your specific issue, but it
seems like a pretty goo
No, it's not standard at all, and unfortunately the protocol isn't
well documented.
The last person who asked this question ended up deconstructing the
C code and writing an RNDC implementation in Perl, though:
http://search.cpan.org/~wolfsage/Net-RNDC-0.003/lib/Net/RNDC.pm
--
Eva
Or
if you're on an older release, 'ddns-confgen -q -k ' does the same
thing.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
> Indeed. But why does it query for NS?
When you don't specify a name, dig looks up ./NS by default.
When the code for this was originally written, I guess it didn't
occur to anyone that you might have specified a type but not a name.
--
Evan Hunt -- e...@isc.org
Internet Syste
If it's a dynamic zone, freeze it first, then edit the zone file,
delete the key, increase the serial number, and thaw it.
If it's not dynamic, same instructions, but without the freezing
and thawing.
--
Evan Hunt -- e...@isc.org
Internet Syst
101 - 200 of 569 matches
Mail list logo
