Hi List,
not certain if this is the appropriate area for this request , so do let
me know.
I'm seeing system hangs with bind9 on a debian lenny box. They do clear
after a bit of wait
but do cause load spikes and the system becomes unresponsive.
In running strace I'm wondering if what I'm se
> I don't see specific reference to using the AD flag in queries in the
> RFCs (at least on a cursory glance), but it's a very useful feature.
We're kind of flying under the RFC's radar, as I understand it. The RFC
says the server must ignore the AD flag in a query. What we do, though,
is clear
On Wed, 6 Jan 2010, Michael Sinatra wrote:
> I tried this out and I noticed that both BIND and unbound appear to
> behave the same way when using dig in this manner. So both of the
> major validating implementations support it. I don't see specific
> reference to using the AD flag in queries
On 1/6/10 7:10 AM, Alan Clegg wrote:
Tony Finch wrote:
On Wed, 6 Jan 2010, Pamela Rock wrote:
Does that imply that +adflag sets the ad bit on the query and the
response where +dnssec only sets the ad bit on the responce?
The AD flag is meaningless in a query. In a response it tells you whethe
Tony Finch wrote:
> The AD flag is meaningless in a query. In a response it tells you whether
> the server is authoritative or not. It has nothing to do with DNSSEC.
AD bit is authenticated data. AA bit is authoritative answer.
AD has everything to do with DNSSEC.
AA has nothing to do with DNS
Tony Finch wrote:
> On Wed, 6 Jan 2010, Pamela Rock wrote:
>> Does that imply that +adflag sets the ad bit on the query and the
>> response where +dnssec only sets the ad bit on the responce?
>
> The AD flag is meaningless in a query. In a response it tells you whether
> the server is authoritativ
On Wed, 6 Jan 2010, Pamela Rock wrote:
>
> Does that imply that +adflag sets the ad bit on the query and the
> response where +dnssec only sets the ad bit on the responce?
The AD flag is meaningless in a query. In a response it tells you whether
the server is authoritative or not. It has nothing t
> AD is set when authentication is successful by the server
> to whom you
> are sending the query. The "+noadflag" says don't set
> the AD bit in the
> outbound query (which is the default).
>
> AlanC
>
Thanks. Based on that, the following:
dig +adflag gov
produces:
flags: qr rd ra ad;
Doe
Pamela Rock wrote:
> The following dig query
>
> dig gov +dnssec +noadflag @10.10.10.1
>
> produces the following flags in the header section:
>
> ;; flags: qr rd ra ad;
>
> Question - what is the relation with the +dnssec and +noadflag
> options in the query. I would think the query would pro
The following dig query
dig gov +dnssec +noadflag @10.10.10.1
produces the following flags in the header section:
;; flags: qr rd ra ad;
Question - what is the relation with the +dnssec and +noadflag options in the
query. I would think the query would produce a signed response with no ad bit
On Wednesday 06 January 2010 12:49:46 Cathy Almond wrote:
> That's what I think is possibly happening in your case - one potential
> contributing factor being the configuration settings I suggested you
> check for. Somewhat obscure - sorry :-/
No need to be sorry - thank you for taking the time t
Imri Zvik wrote:
> On Wednesday 06 January 2010 11:56:13 Cathy Almond wrote:
>> Do you use any of the following in your configuration:
>>
>> transfer-source
>> transfer-source-v6
>> notify-source
>> notify-source-v6
>> query-source
>> query-source-v6
>
> No :) my configuration is '*source*' free,
On Wednesday 06 January 2010 11:56:13 Cathy Almond wrote:
> Do you use any of the following in your configuration:
>
> transfer-source
> transfer-source-v6
> notify-source
> notify-source-v6
> query-source
> query-source-v6
No :) my configuration is '*source*' free, And anyhow, even if I had it in
Hi Imri,
Do you use any of the following in your configuration:
transfer-source
transfer-source-v6
notify-source
notify-source-v6
query-source
query-source-v6
Regards,
Cathy
Imri Zvik wrote:
> Hi,
>
> We've recently upgraded our caching servers to 9.4.3-P4/P3 (2 of them running
> 9.4.3-P4 an
14 matches
Mail list logo
