> According to the docs it should be possible to set NSEC3PARAM on the
> unsigned version when using inline-signer mode. The signing BIND 9.9
> should then decide to use NSEC3, which salt, opt-out, etc. based on this.
> I have tried this and could not get it to work. The only way to use NSEC3
> wit
Hi,
> "auto-dnssec" zones can now have NSEC3 parameters set prior
> to signing. [RT #23684]
According to the docs it should be possible to set NSEC3PARAM on the unsigned
version when using inline-signer mode. The signing BIND 9.9 should then decide
to use NSEC3, which salt, opt-out, etc. bas
The remote zones have IPv6 servers and named believes your machine
has IPv6 connectivity. It then attempts to connect to the remote
servers and gets back a network error saying that it can't reach
the remote machines.
The long term fix is to request IPv6 connectivity from your ISP.
Short term fi
> But if only some IP have e reverse..what about the other server who have
> received an IP in the range? Ip that can be changed every x hours.
> IF no reverse, it can be blacklisted for some reasons or having some problems
> with services asking a reverse dns resolution.
In my ip6.arpa zone, al
On Mon, 5 Mar 2012, Alex wrote:
Hi,
I have a fedora15 box with bind-9.8.2 running as master for one zone,
and having some problems with lame-servers and "network unreachable"
messages. I believe I understand what a lame-server is, but don't
understand why there would also be a "network unreacha
于 2012-3-6 10:23, Spain, Dr. Jeffry A. 写道:
I tested this by capturing network traffic on a bind 9.9.0 recursive resolver.
The commands 'rndc flush' followed by 'dig @localhost funnygamesite.com'
resulted in the following:
1. A query to m.gtld-servers.net.
2. The same referral response that you
I tested this by capturing network traffic on a bind 9.9.0 recursive resolver.
The commands 'rndc flush' followed by 'dig @localhost funnygamesite.com'
resulted in the following:
1. A query to m.gtld-servers.net.
2. The same referral response that you got below.
3. A follow-up query 500 microseco
Hi,
I have a fedora15 box with bind-9.8.2 running as master for one zone,
and having some problems with lame-servers and "network unreachable"
messages. I believe I understand what a lame-server is, but don't
understand why there would also be a "network unreachable" message
attached to it:
05-Ma
Hello,
Please see this case:
$ dig funnygamesite.com @k.gtld-servers.net
; <<>> DiG 9.7.3 <<>> funnygamesite.com @k.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35540
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
In message <1330991057.3861.10.camel@tardis>, Noel Butler writes:
>
> > In message , hugo hugoo writ
> es:
> > >
> > > Dear all,
> > >
> > > Can anyone help me with its experience on reverse dns for IPV6?
> > > Presently, when we reverse an IPV4 subnet for clients, we configure all
> =
> > >
On Tue, 2012-03-06 at 08:23 +1100, Mark Andrews wrote:
> In message , hugo hugoo writes:
> >
> > Dear all,
> >
> > Can anyone help me with its experience on reverse dns for IPV6?
> > Presently, when we reverse an IPV4 subnet for clients, we configure all=
> > the reverse for the whole subnet.
thanks for your comment.
But if only some IP have e reverse..what about the other server who have
received an IP in the range? Ip that can be changed every x hours.
IF no reverse, it can be blacklisted for some reasons or having some problems
with services asking a reverse dns resolution.
> F
root@ns0s:~ # named-checkzone
usage: named-checkzone [-djqvD] [-c class] [-f inputformat] [-F outputformat]
[-t directory] [-w directory] [-k (ignore|warn|fail)] [-n (ignore|warn|fail)]
[-m (ignore|warn|fail)] [-r (ignore|warn|fail)] [-i
(full|full-sibling|local|local-sibling|none)] [-M (ignore|
In message , hugo hugoo writes:
>
> Dear all,
>
> Can anyone help me with its experience on reverse dns for IPV6?
> Presently, when we reverse an IPV4 subnet for clients, we configure all=
> the reverse for the whole subnet.
> It is a lot of PTR's but perfectly manageable.
>
> With IPV6, the
> Can anyone help me with its experience on reverse dns for IPV6?
> Presently, when we reverse an IPV4 subnet for clients, we configure all the
> reverse for the whole subnet.
> It is a lot of PTR's but perfectly manageable.
> With IPV6, the number of IP's that we will receive is amazing
> S
Dear all,
Can anyone help me with its experience on reverse dns for IPV6?
Presently, when we reverse an IPV4 subnet for clients, we configure all the
reverse for the whole subnet.
It is a lot of PTR's but perfectly manageable.
With IPV6, the number of IP's that we will receive is amazing
On 05/03/12 17:46, David Kreindler wrote:
Are there guidelines or suggestions for setting the values of
sig-signing-nodes and sig-signing-signatures?
For what it's worth, we do "auto-dnssec maintain" with dynamic zones,
and have left them at their default. It's a big zone, and the constant
t
Thanks for the suggestion.
After 48 sets of IXFRs and more than 1200 SOA serial increments, the system
finished signing the zone.
Manually incrementing the (unsigned) SOA serial now results in just one more
set of IXFRs.
It would have been helpful if somewhere in the documentation we were warn
On 03/04/2012 01:20 PM, Chuck Anderson wrote:
> You can't, clients can decide to query whatever they want, and they
> may have other IPv6 connectivity to use responses with. can
> be queried over IPv4 just fine, just as A can be queried over IPv6.
Most clients, however, are smart enough
On 05.03.12 07:46, David Kreindler wrote:
We thought of two other differences between this zone and the others:
1. this zone has NS records with servers that are in the zone itself, and
2. our global "also-notify" option contain IP addresses that resolve to host
names in this zone.
Could the p
> We thought of two other differences between this zone and the others:
> 1. this zone has NS records with servers that are in the zone itself, and 2.
> our global "also-notify" option contain IP addresses that resolve to host
> names in this zone.
I don't have a handle on the underlying proble
We thought of two other differences between this zone and the others:
1. this zone has NS records with servers that are in the zone itself, and
2. our global "also-notify" option contain IP addresses that resolve to host
names in this zone.
Could the problem be the result of the servers notifyin
22 matches
Mail list logo
