> run with query 100-thousand -> maximum throughput ~ 9000 -> named
process ~ 450 MB
> run with query 100-thousand -> "ran out query data" errors
> run with query 3-millions -> maximum throughput ~ 9000 -> named process
~ 400 MB
> run with query 3-millions -> maximum throughput ~ 16000 -> named pr
Hi,
Why does BIND 9 set the TTL of NSEC3PARAM RR to zero ?
dnssec-signzone sets TTL of NSEC3PARAM RR to 0.
"update add zone 3600 IN NSEC3PARAM 1 1 10 001122334455" adds
NSEC3PARAM RR with TTL 0.
# I know that the TTL of NSEC3PARAM RR is trivial.
#
# RFC 5155 describes NSEC3PARAM RR is n
Introduction
BIND 9.7.3rc1 is the first release candidate of BIND 9.7.3.
This document summarizes changes from BIND 9.7.1 to BIND 9.7.3. Please
see the CHANGES file in the source code release for a complete list of
all changes.
Download
The latest development version of BIND 9 s
Introduction
BIND 9.6.3rc1 is the first release candidate for BIND 9.6.3.
This document summarizes changes from BIND 9.6.2-P2 to BIND 9.6.3.
Please see the CHANGES file in the source code release for a complete
list of all changes.
Download
The latest development version of BIND
Hi,
My bind version is bind-9.7.2-P3, resperf is
dnsperf-1.0.1.0-1-solaris-10-sparc.
On sparc 10u8 Solaris
Normally, resperf tool measures maximum throughput of caching server. So i did
a
test follow :
run with query 100-thousand -> maximum throughput ~ 9000 -> named process ~
450
MB
run
In message <7bc44907-7c33-4f7c-9868-92798b7ef...@gmail.com>, Chris Buxton write
s:
> Can't be done with just BIND. You need some kind of solution to strip =
> out the private IPv4 address space before publishing data to the outside =
> world. (Are you sure your workstations really need to have the
In message <201101241636.57884.fake...@fakessh.eu>, fakessh writes:
>
> Le lundi 24 janvier 2011 00:04, vous avez =C3=A9crit=C2 :
> > At this stage I think you will need to post the zone so we can see
> > what you have done. Also the named.conf zone clause for ovh.net.
>
> Marc thank you for yo
In message <1295898474.4615.5.camel@localhost.localdomain>, "fakessh @" writes:
> thank you for this very constructive reflection. I just changed the zone
> r13151.ovh.net it contained only fields ptr ns and I just added a field
> and . I increment the serial then all and apply rndc reload flu
On Jan 24, 2011, at 5:59 AM, Cathy Almond wrote:
>> I wonder, what are expected usages for this kinds of zones?
>> Maybe blacklists, if we have local mirrors and traffic so high that we'd get
>> blocked imediately?
>
> It's subtle.
>
> One use case is for testing new servers that aren't yet par
Can't be done with just BIND. You need some kind of solution to strip out the
private IPv4 address space before publishing data to the outside world. (Are
you sure your workstations really need to have their routable addresses
published to the outside world? Sounds dangerous to me.)
For example
thank you for this very constructive reflection. I just changed the zone
r13151.ovh.net it contained only fields ptr ns and I just added a field
and . I increment the serial then all and apply rndc reload flush
reconfig sign all zone
dig answer now seems
r13151 ~]# dig +short r13151.ovh.
> http://pastebin.com/7Be9FavZ
That zonefile seems to be for fakessh.eu, and not for ovh.net.
Your initial problem was regarding IPv6 towards r13151.ovh.net ? If so,
that's the zonefile we'll need to look at.
Regards
Eivind Olsen
___
bind-users mailin
On 24/01/11 4:08 PM, "Zbigniew Jasiński" wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> W dniu 2011-01-24 14:34, Kalman Feher pisze:
>> I assume you did add the nsec3param record via nsupdate after adding the
>> zone? I note that there is an NSEC entry there, which is not right.
On 24.01.2011 15:54, Paul Wouters wrote:
> I meant, if you have a zone example.tld. And tld. is not signed, but
> you have a testbed for a signed tld. at IP 1.2.3.4, if static-stub
> would allow you to configure a resolving bind to perform DNSSEC on
> 1.2.3.4 with a loaded trusted-key. So yes, the
Le lundi 24 janvier 2011 00:04, vous avez écrit :
> At this stage I think you will need to post the zone so we can see
> what you have done. Also the named.conf zone clause for ovh.net.
Marc thank you for your attention as you bear me, thank you very humbly
i paste my named.conf and the zone whi
So I appear to have fallen into the cracks of "stuff the internet is
completely useless for looking up". I can't come up with any useful set of
keywords, so here I am.
I'm attempting to configure DDNS between ISC DHCPD and BIND. I want DDNS for
both IPv4 and IPv6. I have this. Cool. Now, I want to
On Sat, 22 Jan 2011, JINMEI Tatuya / 神明達哉 wrote:
Does this work with DNSSEC if one loads an explicit trust anchor, even
if in the "world view" the trust anchor is missing?
I'm afraid I don't understand the question. Could you be more
specific, e.g., by using the above example.com example?
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
W dniu 2011-01-24 14:34, Kalman Feher pisze:
> I assume you did add the nsec3param record via nsupdate after adding the
> zone? I note that there is an NSEC entry there, which is not right.
>
Yes, with nsupdate. and lack of NSEC3PARAM was very odd.
> so, iiuc, the difference is that "type forward" sends queries with RD bit
> set, while "type static-stub" sends them with RD cleared... and
> the "forward first" option appears to be applicable only in forward zones.
>
> did I get it right?
Yes
>
> I use forward zones for blacklists - while I
On 24/01/11 10:53 AM, "Zbigniew Jasiński" wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> W dniu 2011-01-21 15:17, Kalman Feher pisze:
>>> Perhaps we are getting close to the problem then.
>>> Can you show the content of the key files? Specifically the metadata which
>>> the "mai
> > On 21.01.11 10:45, Sue Graves wrote:
> >> * BIND now supports a new zone type, static-stub. This allows the
> >> administrator of a recursive nameserver to force queries for a
> >> particular zone to go to IP addresses of the administrator's choosing,
> >> on a per zone basis, both globally
On 24.01.11 17:13, rams wrote:
> y resolver is returning multiple CNAMEs for same hostname. But I believe
> CNAME should not return same hostname with multiple values.
correct.
> Is this behavior is correct. Could you please clarify me.
it's not. CNAME may be the only record type for a domain, o
On 01/24/2011 12:23 PM, p...@mail.nsbeta.info wrote:
I want the result that, when clients matching vb query for s2.example.com,
they will get the answer from default view vc, since s2.example.com doesn't
exist in vb.
How to setup bind for this purpose?
Copy the records from vc to vb. You cann
Hello,
Given I have 3 views, va,vb and vc, vc is the default (matches any client).
There are three records in va and vc:
s1.example.com. IN A 11.22.33.44
s2.example.com. IN A 22.33.44.55
s3.example.com. IN A 33.44.55.66
But there is a record lost in vb, say it's s2.example.com.
I
On 24/01/11 10:56, Matus UHLAR - fantomas wrote:
> On 21.01.11 10:45, Sue Graves wrote:
>> * BIND now supports a new zone type, static-stub. This allows the
>> administrator of a recursive nameserver to force queries for a
>> particular zone to go to IP addresses of the administrator's choosing
y resolver is returning multiple CNAMEs for same hostname. But I believe
CNAME should not return same hostname with multiple values.
Ex: Configured GEOIP records as follows:
ramesh.com CNAME a.ramesh.com.
ramesh.com CNAME az.ramesh.com. Arizone configured
ramesh.com CNAME va.ramesh.com. ---
On 21.01.11 10:45, Sue Graves wrote:
> * BIND now supports a new zone type, static-stub. This allows the
> administrator of a recursive nameserver to force queries for a
> particular zone to go to IP addresses of the administrator's choosing,
> on a per zone basis, both globally or per view. I.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
W dniu 2011-01-21 15:17, Kalman Feher pisze:
>> Perhaps we are getting close to the problem then.
>> Can you show the content of the key files? Specifically the metadata which
>> the "maintain" option wants.
>
>> Since "allow" works I'm assuming that
28 matches
Mail list logo
