Solved: Including the key was incorrect. This works fine:
controls {
inet ::1 allow {
"localhost";
} ;
Dave
--
David Forrest
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bin
dress in the /etc/rndc.key file, just the key.
Dave
--
David Forrest e-mail: drf at maplepark dot com
Maple Park Development http://www.maplepark.com
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to un
On Tue, 14 Jan 2014, LuKreme wrote:
On 14 Jan 2014, at 09:02 , David Forrest wrote:
On Tue, 14 Jan 2014, LuKreme wrote:
On 13 Jan 2014, at 20:36 , Mark Andrews wrote:
In message <8919443e-8f62-48cd-8da4-9c9632fc5...@kreme.com>, LuKreme writes:
OK, I am getting this error &q
It can
get quite confusing and I have found that just using full paths on all
zone files just cuts out any question. Usually the slave server will get a
new copy master fairly quickly if you don't save it but it is cleaner if
it has a fairly recent copy locally.
outines and not named itself.
Dave
--
David Forrest
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
I slaved the root zone without a file statement in my named.conf for the
slaved file and it worked. I added the file statement later to my
named.con as I wanted a local copy for quicker startup. I think I may
have touched the file to get it started though. When I finally looked at
it, I foun
2+gbpewo646pneaDVnaqnYrx2C4fiwedfiJMIhcx9
xAxgH0fG7TZ7zEJOUwCITlWkj1lrU4rH0xVNQaQKYez2pcF+CnGJzy7C
A4SYBRdVXAU/slxu56ahvi7GNS7PHkGJiUVUJh65iEpS2HY3qOdv3CUn jRA=
(...)
--
David Forrest
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users t
ve root as you appear to do and
serve your own 5.168.192.in-addr.arpa. as I do. I don't expect it to
transfer out as it only has meaning in an internal view.
Dave
--
David Forrest e-mail: drf at maplepark dot com
St. Louis, Missouri
_
ock.
This was on the list a few days ago:
https://dougbarton.us/DNS/2317.html
Dave
--
David Forrest
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-us
stebin.com/S9LM6a59
Does your customer have a SPF record with old info (you show no TXT or SPF
RRs) ?
Dave
--
David Forrest St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-use
On Sun, 17 Feb 2013, Vernon Schryver wrote:
In any case, some naming and shaming seems appropriate. Basic
Naming and shaming seems excessive for a "free" service.
Dave
--
David Forrest St. Louis, Missouri
___
Please visit https://lis
o have a logging statement of my choices.
Dave
--
David Forrest
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
d by adding a
category lame-servers { null; };
statement.
--
David Forrest
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.or
Today registrar gandi.net opened up a DNSSEC management page to allow user
management of their respective tld DS records (.com anyway).. Kudos.
Dave
--
David Forreste-mail drf @ maplepark.com
Maple Park Development Corporation http://xen.maplepark.com
St. Louis
cly available DNSSEC signed site, I use the available recursing
validating oarc server.
dig +dnssec @bind.odvr.dns-oarc.net maplepark.com
and get the flags returned in a crontab script that checks it daily for
the ad flag.
Dave
--
David Forrest e-mail drf @ maplepark.com
Ma
that.
Page 49 "queries"
--
David Forrest
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
the server with
@server and/or +[no]recurse
--
David Forrest St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On Wed, 21 Dec 2011, Peter Andreev wrote:
Ok, may be I'm a paranoid and worrying about trifles, but news about
compiled in hints astonished me.
The test shown here may calm you (if it shows refusal):
https://www.dns-oarc.net/oarc/articles/upward-referrals-considered-harmful
Dave
--
SOURCE="http://www.cymru.com/Documents/bogon-bn-agg.txt"; # Aggregated
list.
Here's a script I use:
http://www.maplepark.com/~drf/consults/Getblackhole
--
David Forrest
St. Louis, Missouri
___
Please visit https://lists.isc.org/
hing sent to this channel
null;
};
...
category lame-servers { null; };
The new ARM gave me the hint of the config change.
Dave
--
David Forrest
St. Louis, Missouri___
Please visit https://lists.isc.org/mailm
&>>/var/named/named.conf.canonical
--
David Forrest
Maple Park Development Corporation
St. Louis, Missouri
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https:
.
;; ADDITIONAL SECTION:
nsa.nhs.uk. 76348 IN A 194.176.105.223
nsb.nhs.uk. 76348 IN A 80.2.101.230
;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Fri Jun 17 09:17:37 2011
;; MSG SIZE rcvd: 108
[drf@maplepark ~]$
};
...
match-clients { some-nets; };
...
Dave
--
David Forrest
Maple Park Development Corporation
St. Louis, Missouri
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
increase of memory may be. In the example, a
max-cache-size of .4*10GB leaves a residual pool that far exceeds BIND's
requirements. The answer must be determined empirically; If performance
is adversely affected then (and only then) limit the cache size .
Dave
--
David Forrest
On Thu, 14 Apr 2011, Alex wrote:
Hi,
I would figure this is a FAQ, but I can't find it. My apologies if I
somehow missed searching properly.
Where can I find a description of what the variables at the end of the
line in the query log mean? For example:
14-Apr-2011 17:27:54.277 queries: client
On Thu, 14 Apr 2011, Alan Clegg wrote:
On 4/14/2011 10:23 AM, hugo hugoo wrote:
I know that if bind is installed via apt-get install (I am using debian
linux version), there is automatically a bind9 startup script in
/etc/init.d/ directory.
Since named "just works" and I do everything else u
On Wed, 1 Dec 2010, lst_ho...@kwsoft.de wrote:
Zitat von David Forrest :
On Tue, 16 Nov 2010, Mark Andrews wrote:
Isn't sufficient to configure the root trust anchor inside "managed-keys
{};"
statement? If I understand correctly the key should be automatically
update
ry or not in 9.7.2-P3. I am assuming it is as the make step set it
up.
Dave
--
David Forrest e-mail drf @ maplepark.com
Maple Park Development Corporation http://xen.maplepark.com
St. Louis, Missouri(Sent by ALPINE 2.01 FEDORA 11 LINUX)
__
On Fri, 12 Nov 2010, Phil Mayers wrote:
On 12/11/10 12:49, David Forrest wrote:
and, on checking named.conf, I found the entry for br. as:
trusted-keys {
"br." 257 3 5
"AwEAAdDoVnG9CyHbPUL2rTnE22uN66gQCrUW5W0NTXJBNmpZXP27w7PMNpyw3XCFQWP/XsT0pdzeEGJ400kdbbPqXr2lnmEt
Oyo6Tiab1NGbGfs513y6dy1hOFpz+peZzGsCmcaCsTAv+DP/wmm+hNx94QqhVx0bmFUiCVUFKU3TS1GP415eykXvYDjNpy6AM=";
};
The message passed through spamassassin OK and was received OK here. But
I am uncertain of my configuration of DNSSEC.
Dave
--
David Forrest e-mail drf
biggie.
I searched in the source code for the message and found it in
./bin/named/server.c but didn't go any further as my invocation hack
worked for me and it just seemed to be a log info message. YMMV.
Dave
--
David Forrest e-mail d...@maplepark.com
Maple Park Deve
public addresses. The internal machines are still able to
get the external addresses by specifying the server address to be the
external IP (via host or dig). Most don't need them though. It does
require separate zone files though. I don't mind sharing my .conf file -
just email me.
On Fri, 17 Sep 2010, Niobos wrote:
Is the current version of the ARM available online somewhere?
Thx,
Niobos
It is in the doc directory of the source for the subject binary, in html
and pdf formats.
Dave
--
St. Louis, Missouri
___
bind-users mai
On Thu, 9 Sep 2010, Lyle Giese wrote:
David Forrest wrote:
On Thu, 9 Sep 2010, Lyle Giese wrote:
I am trying to install bind 9.7.1-P2 from source on a SLES 10 SP3 server.
When I run named from the command line, it runs, but fails to open and
write any of the zone files it downloaded
F
...
I don't start it directly from the command line though, so running from
the command line as root should not have that ownership problem. You
might check the actual install directory as you might be running the old
executable.
Dave
--
David Forrest e-mail d...
On Sat, 17 Jul 2010, Lyle Giese wrote:
OK I am confused a bit. Can someone shed just a bit of light on this
for me? (This is such a new topic not much is available in searches yet)
IANA put out anchors2keys python script and I have that working. If I
include the resulting files into named.co
recursion no; // So use this instead.
additional-from-cache no; //
https://www.dns-oarc.net/oarc/articles/upward-referrals-considered-harmful
zone .
[zone ... ]
}
and it has been working well. I do use all private addresses for my
internal network and that does requ
m. 864 IN SOA a.gtld-servers.net.
nstld.verisign-grs.com. 1275386123 1800 900 604800 86400
;; Query time: 0 msec
;; SERVER: 192.168.102.9#53(192.168.102.9)
;; WHEN: Tue Jun 1 04:56:13 2010
;; MSG SIZE rcvd: 107
--
David Forrest
Maple Park Development Corporation
St. Louis, Missouri
__
category resolver { null; };
--
David Forrest
St. Louis, Missouri
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
cified and that may be the problem. I have:
create 0644 named named
in my logrotate.conf and it rotates properly.
And I have no pre or postrotate scripts.
Dave
--
David Forrest
Maple Park Development Corporation
St. Louis, Missouri
___
bind-users ma
t;allow-recursion {none;};"
doesn't do that. (Probably there are other niggling things I
have forgotten as well.)
Another slight difference: (With BIND 9.7.0rc1),
I want 'additional-from-cache no' to curtail upward-referrals and
'additional-from-cache no' is only su
On Thu, 19 Nov 2009, Jeremy C. Reed wrote:
On Thu, 19 Nov 2009, David Forrest wrote:
Logged: Nov 19 12:13:45 maplepark named[23329]: validating @0x17b7980:
dlv.isc.org SOA: got insecure response; parent indicates it should be secure
What does this mean?
This is documented in the ARM. The
Logged:
Nov 19 12:13:45 maplepark named[23329]: validating @0x17b7980:
dlv.isc.org SOA: got insecure response; parent indicates it should be
secure
What does this mean?
--
David Forrest
St. Louis, Missouri
___
bind-users mailing list
bind-users
On Mon, 26 Oct 2009, net...@royal.net wrote:
Hello,
Is it possible to dump all Bind cache's content into a file?
Thanks.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
rndc dumpdb
--
On Tue, 25 Aug 2009, Jeremy C. Reed wrote:
On Tue, 25 Aug 2009, David Forrest wrote:
What do I have to do to correct whatever is causing this log message from
named (9.6.1-P1-RedHat-9.6.1-4.P1.fc11)?
validating @0x7f9f2c60c200: dns1.registeredsite.com.dlv.isc.org DS: must be
secure failure
What do I have to do to correct whatever is causing this log message from
named (9.6.1-P1-RedHat-9.6.1-4.P1.fc11)?
validating @0x7f9f2c60c200: dns1.registeredsite.com.dlv.isc.org DS: must be
secure failure
Thanks in advance,
Dave
--
David Forrest
St. Louis, Missouri
it does, how much deviation on return messages are there
from the various dig versions that have been released?
Thank you.
my dig (version DiG 9.6.1b1) returns RC 0 on both an answer and a
connection timeout, and would seem to require a string parsing for a
useful branch. F9 64 system.
Dave
conf as the possible loss of one or two queries is
usually not significant to statistical analysis. Using inotail (which is
supposedly less processor intensive) requires the second approach as it
does not include the --follow=name option.
Dave
--
David Forrest e-mail drf @ ma
, being selfish, I have opted to continue dropping
them. I'm just a small user and it is the path of least resistence. I
have noticed the attacks are sporadic and I'll go a week or so without
any and then they recur for a couple of days.
Dave
--
David Forrest
St. Louis, Missouri
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
;
};
category edns-disabled { null; };
--
David Forrest
St. Louis, Missouri
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
4.216.205.121)
;; WHEN: Wed Feb 11 08:53:04 2009
;; MSG SIZE rcvd: 28
[...@maplepark ~]$
Note that the status is "REFUSED" and MSG SIZE is 28 bytes
And the querylog has this:
11-Feb-2009 08:53:04.195 queries: info: client 64.216.205.121#58714: view
external: query: . IN NS
I found this entry for iptables on the list a while back and it works
well and drops around a thousand queries a day.
iptables -A INPUT -i $LOCALIF -j DROP -p udp --dport domain -m u32 --u32
"0>>22&0...@12>>16=1&&0>>22&0...@2
s I have them dropped at the
firewall. They amount to about 1000 per day, and demanded some sort of
attention to make my logs readable.)
The script via cron runs daily mailing the output and it serves my
purposes for a very small office network.
--
David
On Tue, 27 Jan 2009, Luis Silva wrote:
Hi all,
I'm having a question related to querying external servers that hope you
could answer me. I'm sending a iterative query for an external server and
the server is sending a referral answer but only with the authoritive name
servers. After that, i sen
On Mon, 19 Jan 2009, JINMEI Tatuya / 神明達哉 wrote:
At Sat, 17 Jan 2009 12:06:13 -0600 (CST),
David Forrest wrote:
On startup of named 9.6.0 I get the following message:
Jan 17 11:55:20 maplepark named[13014]: max open files (1024) is smaller than
max sockets (4096)
Is this a problem for a
il is handled by 40 mx2.dnsmadeeasy.com.
--
David Forrest
Maple Park Development Corporation http://www.maplepark.com
St. Louis, Missouri
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
On startup of named 9.6.0 I get the following message:
Jan 17 11:55:20 maplepark named[13014]: max open files (1024) is smaller than
max sockets (4096)
Is this a problem for a small internal network dns server?
Dave
--
David Forrest e-mail d...@maplepark.com
St. Louis
y resolve those who do maintain their domains.
imho, the system ain't broke; so don't fix it.
I'm dead sure someone will tell if I'm wrong, and maybe even if I'm not.
--
David Forrest e-mail drf @ maplepark.com
Maple Park Development Corporation http://
58 matches
Mail list logo
