Hello,
I am running bind 9.8 with GSS-TSIG on a SuSE Enterprise 11 PL 1 Server.
For my forward zones I have the following rules:
zone"cp.test" {
type master;
file "forward/cp.test";
notify yes;
update-policy {
Hello,
i run bind 9.8.0-P1 with GSS-TSIG in a CHROOT-Enviroment without any errors
on our testsystem (SuSE Linux Enterprise 11)
I start it with the minus -g -d 10 option (and also without) and cant see
any errors. I tried it with strace -f and so far I can guess - no errors.
But when I stop bind
named.conf) do not work
One of the first things that was missed was dev/urandom for example.
Is there any one out that use a GSS-TSIG Bind WITH CHROOT-Enviroment?
thanx so far,
cheers,
Juergen
2011/5/23 Tony Finch
> Juergen Dietl wrote:
> >
> > I run bind 9.8 with GSS-TSIG in server
Hello,
I run bind 9.8 with GSS-TSIG in serveral domains with update-policy list for
secure updatesand all is working fine.
Before my bind was in a CHROOT enviroment. But with using GSS-TSIG it seems
to need a lot more libraries.
I tried to find them all with doing some straces but I do not really
Hello Phil,
thanx a lot for your help.
allow-recursion {any;}; .Works now.
allow-query {any;};
did also work.
Is this a new behavior? Because in 9.7.3 I dont have to allow querys.
thanx a lot,
cheers,
Juergen
2011/5/16 Phil Mayers
> On 16/05/11 11:00, Juergen Dietl wr
Hello,
I try to make an nslookup from the client. The server dont know the zone and
for this it should do recursion to another DNS-Server
options {
dump-file "/var/log/named_dump.db";
notify-source xx.x.xxx.xxx port 53;
notify yes;
listen-on port 53 { xx.x.xxx.xxx;
2011/5/12 Mark Andrews
>
>
>
> I suggest that you look at the documentation for "external" and use
> it.
>
> Hello Mark,
thanx a lot for your explanation. One last question.
What do you mean with your sentence above? Do you mean that?:
+++
external Th
100 % sure that the client
really only can update itsself?
Do you have a link where I can read more about the ms-self feature?
thanx a lot
cheers,
2011/5/12 Phil Mayers
> On 12/05/11 09:33, Juergen Dietl wrote:
>
>> Hello Mark
>>
>> i am not that professional in bind. No
rado at Boulder
>
>
>
> On May 11, 2011, at 7:08 AM, Juergen Dietl wrote:
>
> > Hello,
> >
> > and thanx for all your answeres.
> >
> > I want to ask the question again in a shorter way:
> >
> > If I look in the log the client tells the dn
Hello Mark
i am not that professional in bind. Normally I am a CISCO expert but now I
also do the bind for 6 months. I cannot imagine why this post should help
me.
What do this match-type "external" mean? I am not aware of running any
external daemon. Or was this just for the ACLs problem from Ph
gt; In message , Juergen
> Dietl
> writes:
> > Hello Mark,
> >
> > thanx for your anwer.
> >
> > Your first sentence maybe help me to understand why this is the
> client=B4s
> > credential that it needs in the rule:
> >
> > WS-YBCL150939\$\@EXAMP
Hello Mark,
thanx for your anwer.
Your first sentence maybe help me to understand why this is the client´s
credential that it needs in the rule:
WS-YBCL150939\$\@EXAMPLE.COM
So fist is the hostname then the slash makes the $-sign just to be a normal
letter and not variable for example, and the
Hello,
and thanx for all your answeres.
I want to ask the question again in a shorter way:
If I look in the log the client tells the dns-server:
request has valid signature: WS-YBCL150939\$\@EXAMPLE.TEST
when I now put in the rule:
grant WS-YBCL150939\$\@EXAMPLE.TEST subdomain example.test. ANY
Hello,
i run GSS-TSIG on a SuSE Enterprise 11 Server using bind 9.8 latest version.
I have 3 domains:
example1.test
example2.test
example3.test
I created 3 keys and merge them with ktutil.
Now I want to use update policy:
For this I have the follwoing rule:
update-policy {
grant * subdomain
Hello,
as far as I know I can only put one "tkey-gssapi-credential" in the
named.conf. Now at bind 9.8 there is something new:
* Added a "tkey-gssapi-keytab" option. If set, dynamic updates will be
allowed for any key matching a Kerberos principal
in the specified keytab file. "tkey-gssapi-cre
-- Forwarded message --
From: Juergen Dietl
Date: 2011/4/13
Subject: Re: GSS-TSIG with a change root enviroment
To: Abdulla Bushlaibi
Hello,
thanx for the -g hint. Now I see the same thing I saw yesterday in the
syslog. For any reason the syslog dont show anything since
Hello,
I set up gss-tsig and working fine with bind 9.7.3 and bind 9.8. Now I tried
it on a 2nd server that uses 2 instances of bind. One for primary one for
secondary. For this the primary bind starts with the "-t parameter" which
tells him to use a change root enviroment. If I start the bind thi
17 matches
Mail list logo
