Re: GSS-TSIG updates with multiple KSPs on the same BIND server?

beros._tcp SRV 0 0 88 kdc1 SRV 0 0 88 kdc2 -- John Marshall pgpJLb6PenKSK.pgp Description: PGP signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-user

Re: GSS-TSIG updates with multiple KSPs on the same BIND server?

> server alias.name. in nsupdate but the client still picked up the original service principal (even after restarting BIND). I haven't looked at the code but I'm guessing the service principal selected may be tied to the server name 'options {hostname}' or somet

Re: BIND 9.10.1rc2 won't build on FreeBSD 10-STABLE

-357,11 +366,3 @@ .docbook.8: ${XSLTPROC} -o $@ ${top_srcdir}/doc/xsl/isc-manpage.xsl $< -### -### Python executable -### -.SUFFIXES: .py -.py: - cp -f $< $@ - chmod +x $@ - -- John Marshall pgpeQKu8INIbS.pgp Description: PGP signature ___

Re: BIND 9.10.1rc2 won't build on FreeBSD 10-STABLE

eeBSD. I cannot find > a bug report for it in FreeBSD. I opened one for NetBSD: > http://gnats.netbsd.org/49198x Thanks Jeremy for opening the NetBSD PR. -- John Marshall pgpGCgL8q3ROX.pgp Description: PGP signature ___ Please visit https://lists.

Re: BIND 9.10.1rc2 won't build on FreeBSD 10-STABLE

files. The rest of the build is fine. making all in /build/bind/bind-9.10.1rc2/bin/python make[3]: don't know how to make dnssec-checkds. Stop I guess we just work around this until the NetBSD folks can pinpoint what appears to be a bmake problem. -- John Marshall pgpYh6ASzmWGP.pgp

Re: BIND 9.10.1rc2 won't build on FreeBSD 10-STABLE

On Fri, 12 Sep 2014, 19:52 +1000, John Marshall wrote: > A FreeBSD 9.3-RELEASE system is building rc2 happily: it uses pmake: but > bmake on the 10-STABLE systems falls over with: > > making all in /build/bind/bind-9.10.1rc2/bin/python > make[3]: don't know how to make

Re: BIND 9.10.1rc2 won't build on FreeBSD 10-STABLE

On Thu, 11 Sep 2014, 23:38 +, Evan Hunt wrote: > On Fri, Sep 12, 2014 at 09:11:08AM +1000, John Marshall wrote: > > I can't build BIND 9.10.1rc2 on recent FreeBSD 10-STABLE. > > I have tried on both i386 and amd64 variants of the operating system. > > BIND 9.10.1r

BIND 9.10.1rc2 won't build on FreeBSD 10-STABLE

(the make(1) used in FreeBSD 10)? -- John Marshall pgpLMA5yg5m_j.pgp Description: PGP signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc

Re: dnssec-signzone, dsset files and deleted KSK's

On 03/08/2012 18:00, John Marshall wrote: > On 03/08/2012 09:28, John Marshall wrote: >> The behaviour of the dsset file generation appears to be unaffected by >> the smart signing switch (-S). The generated dsset file includes all >> KSK's found in the key repositor

Re: dnssec-signzone, dsset files and deleted KSK's

On 03/08/2012 09:28, John Marshall wrote: > The behaviour of the dsset file generation appears to be unaffected by > the smart signing switch (-S). The generated dsset file includes all > KSK's found in the key repository (-K) irrespective of any timing > metadata (e.g. del

dnssec-signzone, dsset files and deleted KSK's

n the key repository but the only way to exclude deleted KSK's from the dsset file seems to be to remove them from the key repository directory. Am I not driving this properly? Thank you. -- John Marshall ___ Please visit https://lists.isc.o

Re: BIND 9.8.3-P2 is now available

nd-users lately and so missed this announcement and only became aware of the release today. Thank you. -- John Marshall ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-use

comp.protocols.dns.bind

Has the newsgroup gateway been switched off or is it just broken? The most recent post for this newsgroup in Google groups is 15-Feb-2011. -- John Marshall ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo

Re: Can't get BIND to use GSSAPI from /usr/local on FreeBSD

like the place to spend my time. It includes helpful comments about /usr vs /usr/local and KTH vs MIT. -- John Marshall ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Can't get BIND to use GSSAPI from /usr/local on FreeBSD

sr/src/kerberos5/lib/libgssapi_spnego -- John Marshall ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Can't get BIND to use GSSAPI from /usr/local on FreeBSD

On Wed, 16 Jun 2010, 09:12 +1000, Mark Andrews wrote: > > In message , John Marshall > w > rites: > > On Tue, 15 Jun 2010 16:52:05 +1000, Mark Andrews wrote: > > > > > > So what was in config.log? With libgssapi_krb5 you are trying to link > > >

Re: Can't get BIND to use GSSAPI from /usr/local on FreeBSD

net.au/~john/bind971rc1/config.log> -- John Marshall ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: Can't get BIND to use GSSAPI from /usr/local on FreeBSD

On Sun, 13 Jun 2010, 12:53 -0700, Doug Barton wrote: > On 06/11/10 02:51, John Marshall wrote: > >Is there something > >else I need to do to nudge BIND in the direction of libgssapi_krb5 in > >/usr/local ? > > > >Until now I've never built BIND with gssa

Re: Can't get BIND to use GSSAPI from /usr/local on FreeBSD

On Tue, 15 Jun 2010, 10:31 +1000, Mark Andrews wrote: > > On 06/11/10 02:51, John Marshall wrote: > > > Telling configure --with-openssl=/usr/local does the trick for OpenSSL. > > > Telling configure --with-gssapi=/usr/local makes all the right kind of > > > i

Can't get BIND to use GSSAPI from /usr/local

to be told I've missed something basic. Thank you. -- John Marshall ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: DNSSEC Validating Resolver and Views

d clear this. It did. At the very moment when I had applied sufficient pressure on the Enter key to commit the "rndc flush" it occurred to me that I ought to dump the cache first. Sorry. I'll upgrade these servers to 9.7.0-P1 this afternoon and keep an eye out for this behaviour recurring. Thank you for your help. -- John Marshall ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: DNSSEC Validating Resolver and Views

On Wed, 17 Mar 2010, 09:03 +1100, Mark Andrews wrote: > In message , John > Marshall > writes: > > I don't understand this. If the client needs an answer from > > 25.168.192.in-addr.arpa. and we are hosting that zone and its parent > > zone (both unsigned, both i

Re: DNSSEC Validating Resolver and Views

On Tue, 16 Mar 2010 08:14:40 + (UTC), John Marshall wrote: > > Client: 192.168.25.71 is querying the PTR record for its own address. > Server: 172.25.24.16 is querying itself for the DS record for the > parent of the zone which the client is querying (Why?). >

DNSSEC Validating Resolver and Views

SEC things happening higher up. -- John Marshall ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: When dnssec-validation stops working?

The problem recurred. This time I decided to add the .org key to my trusted-keys and see what would happen. I added the key, reloaded the configuration (rndc reconfig), and queries are resolving properly again. -- John Marshall pgppUbJIgQaVZ.pgp Description: PGP signature

Re: When dnssec-validation stops working?

On Sun, 16 Aug 2009, 23:39 -0400, Paul Wouters wrote: > On Mon, 17 Aug 2009, John Marshall wrote: > > >named[204]: no valid RRSIG resolving 'cvsup.au.freebsd.org/A/IN': > >123.136.33.242#53 > > >What should I do to troubleshoot this if it happens again? >

When dnssec-validation stops working?

ed-keys section of the configuration. I'd be glad to be referred to any troubleshooting tips. Thank you. -- John Marshall pgpNYJ8zqRzOX.pgp Description: PGP signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/m