Re: Side-effects of edns-udp-size 512

2010-04-30 Thread Cathy Almond
Hi Ray, I'd recommend not using type 'any' in your tests - the results won't always be what you expect. ANY is a diagnostic query type - and what a recursive nameserver does when it receives it will depend on what it has already in cache - sometimes it will answer with what it has already, and so

Re: DNSSEC

2010-04-30 Thread David Miller
I assume that you are asking about providing authoritative DNS for example.com. Should you deploy DNSSEC? Yes, if you want your query responses to be validated by DNSSEC resolvers. Does this have anything to do with the DNSSEC signing of the root domain? No, not really. Unless your TLD'

DNSSEC

2010-04-30 Thread Jeff Pang
Hello, Since the global root DNS servers have deployed dnssec, as a hostmaster for the common domain like example.com, should we also deploy dnssec with named? Thanks. Regards. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/m

Re: Bind 9.7.0-P1 socket: file descriptor exceeds limit / assertion failure

2010-04-30 Thread Dale Kiefling
Hey Ezra, Thanks for the reply. ulimit -Hn and ulimit -Sn report 8192. Wasn't sure if limits.conf would help or not. Dale On Apr 30, 2010, at 4:18 PM, Ezra Taylor wrote: Dale: The limits.conf file is not going to solve your problem. Read the man page for initscript and initt

Re: Bind 9.7.0-P1 socket: file descriptor exceeds limit / assertion failure

2010-04-30 Thread Ezra Taylor
Dale: The limits.conf file is not going to solve your problem. Read the man page for initscript and inittab. On Thu, Apr 29, 2010 at 5:53 PM, Dale Kiefling wrote: > We have a Bind 9.7.0-P1 instance that is throwing the following errors: > 21-Apr-2010 16:59:00.173 general: error: so

Side-effects of edns-udp-size 512

2010-04-30 Thread Ray Van Dolson
Have been doing some testing[1] of our firewalls and DNS servers for the upcoming signing of the last root server and ran into something I'm not completely sure about. The tests in the ISC post[1] from earlier this year run fine when pointed directly at the L server (IOW, our firewalls do handle t

Re: Switching to TCP in BIND.

2010-04-30 Thread Stephane Bortzmeyer
On Wed, Apr 28, 2010 at 11:59:11AM -0400, Kevin Darcy wrote a message of 21 lines which said: > I know of no such feature. What do you mean by "spoofed" anyway? How > would you expect named to detect "spoofing", and is that its job? It seems (not tested by me) that Nominum CNS does that: when