In message <20100414232855.gp1...@giles.gnomon.org.uk>, Roy Badami writes:
> > Well, FWIW I upgraded to 9.7.0-P1 and tried enabling DLV again and
> > I've seen no repeat of the DNSSEC name resolution issues so far; it's
> > early days yet (only been running DLV for three days) but certainly
> > lo
> > dig www.bbc.net.uk +cd
>
> How does the last query "work"?
What I meant by that, in case it wasn't clear, was that setting the CD
flag in the query caused it query to succeed, hence strongly
suggesting that the cause of the failure in the original query was
related to DNSSEC
In message <0808710b26e7e541ad135be9553cfb6896c1b3a...@hq-ec-02.ba.ad.ssa.gov>,
"Khuu, Linh MicroTech" writes:
> I just turned on the dnssec-validation today, and I saw lots of messages:
>
> 13-Apr-2010 15:17:17.122 dnssec: debug 3: validating @202be918: 3e77469i4=
> 8du24agcu5ftfumd6iocmrk.or
My apologies if I'm posting the wrong place, or am asking a common
question. All my looking so far hasn't turned up anything very useful
in knowing what to look at, or what to modify.
---
CentOS 5, running BIND 9.3.6
i386
Hardware:
P4, 2.8Ghz, 1G memory
Sata drives - non mirrored etc.
Load is li
On 04/14/10 16:28, Roy Badami wrote:
Well, FWIW I upgraded to 9.7.0-P1 and tried enabling DLV again and
I've seen no repeat of the DNSSEC name resolution issues so far; it's
early days yet (only been running DLV for three days) but certainly
looking promissing.
I spoke too soon. I've now found
> Well, FWIW I upgraded to 9.7.0-P1 and tried enabling DLV again and
> I've seen no repeat of the DNSSEC name resolution issues so far; it's
> early days yet (only been running DLV for three days) but certainly
> looking promissing.
I spoke too soon. I've now found a query that (at least this eve
On Sun, Mar 28, 2010 at 11:48:37PM +0100, I wrote:
> A couple of weeks ago I upgraded my BINDs to 9.7.0 and enabled DLV.
>
> This is my first time attemting to validate DNSSEC; however, I've been
> seeing intermittent failures to resolve domains under .org which have
> been frequent enough to forc
> It would appear that these are all related. Allowing outbound DNS
> queries fixed these messages.
Thanks for the report.
If you didn't want to allow outbound DNS queries, then just turn off
dnssec-lookaside. What it's doing is trying to refresh the DNSSEC key
for dlv.isc.org, but if you weren'
Hello Sten Carlsen,
Am 2010-04-13 17:41:44, hacktest Du folgendes herunter:
> ;; ANSWER SECTION:
> michelle1.private.tamay-dogan.net. 10800 IN CNAME tamay-dogan.homelinux.net.
^^
> homelinux.net.1759IN
Mark Watts wrote:
> Apr 14 12:06:34 dns01 named[4911]: zone managed-keys.bind/IN/_meta:
> sync_keyzone:dns_journal_open -> unexpected error
Does named have permission to create files in the directory specified by
"directory" in the options block?
BIND uses an internal dynamic zone for RFC5011-u
On Wed, 2010-04-14 at 13:10 +0100, Mark Watts wrote:
> I'm trying to setup a new 9.7.0-P1 server in order to (initially) do
> DNSSEC validation lookups.
> I'm using the Fedora 13 SRPM, recompiled on CentOS 5.4. SELinux is Off
> currently.
>
> when I add the following to my options {} section, I ge
At the top of this post I'd first like to thank Jonathan for a great reply
(which for some reason never seemed to make it onto the usenet mirror of
this group.) - exactly what I was hoping for.
S.
On 10 April 2010 4:26 AM, Jonathan de Boyne Pollard wrote
>>> What I am hoping is that somebo
I'm trying to setup a new 9.7.0-P1 server in order to (initially) do
DNSSEC validation lookups.
I'm using the Fedora 13 SRPM, recompiled on CentOS 5.4. SELinux is Off
currently.
when I add the following to my options {} section, I get some log
messages I don't understand...
dnssec-enable
13 matches
Mail list logo
