Re: dig query

2010-01-06 Thread Pamela Rock
> AD is set when authentication is successful by the server > to whom you > are sending the query.  The "+noadflag" says don't set > the AD bit in the > outbound query (which is the default). > > AlanC > Thanks. Based on that, the following: dig +adflag gov produces: flags: qr rd ra ad; Doe

dig query

2010-01-06 Thread Pamela Rock
The following dig query dig gov +dnssec +noadflag @10.10.10.1 produces the following flags in the header section: ;; flags: qr rd ra ad; Question - what is the relation with the +dnssec and +noadflag options in the query. I would think the query would produce a signed response with no ad bit

Re: IPv6 TCP

2009-12-29 Thread Pamela Rock
> I suspect your error has more to do with the value of the > IPv6 > address and sanity checks in the Linux kernel than with > anything > else.  Use a allocated address or generate a ULA > prefix for testing > and use that. > Mark - you are right on the money!! I changed my IPv6 address, now eve

Re: IPv6 TCP

2009-12-29 Thread Pamela Rock
--- On Tue, 12/29/09, Alan Clegg wrote: > From: Alan Clegg > Subject: Re: IPv6 TCP > To: "Pamela Rock" > Date: Tuesday, December 29, 2009, 9:34 AM > Pamela Rock wrote: > > > [r...@test /]# dig ip6.test.com @bind6 +tcp > +short s

Re: IPv6 TCP

2009-12-29 Thread Pamela Rock
--- On Mon, 12/28/09, Kevin Oberman wrote: > From: Kevin Oberman > Subject: Re: IPv6 TCP > To: "Pamela Rock" > Cc: "Mark Andrews" , "Chuck Anderson" , > bind-users@lists.isc.org > Date: Monday, December 28, 2009, 10:08 PM > > Date: Mo

Re: IPv6 TCP

2009-12-28 Thread Pamela Rock
--- On Mon, 12/28/09, Mark Andrews wrote: > From: Mark Andrews > Subject: Re: IPv6 TCP > To: "Pamela Rock" > Cc: "Kevin Oberman" , "Chuck Anderson" , > bind-users@lists.isc.org > Date: Monday, December 28, 2009, 8:22 PM > > In

Re: IPv6 TCP

2009-12-28 Thread Pamela Rock
--- On Mon, 12/28/09, Kevin Oberman wrote: > From: Kevin Oberman > Subject: Re: IPv6 TCP > To: "Pamela Rock" > Cc: bind-users@lists.isc.org, "Chuck Anderson" > Date: Monday, December 28, 2009, 6:07 PM > > Date: Mon, 28 Dec 2009 13:31:50 > -0800 (

Re: IPv6 TCP

2009-12-28 Thread Pamela Rock
--- On Mon, 12/28/09, Chuck Anderson wrote: > From: Chuck Anderson > Subject: Re: IPv6 TCP > To: bind-users@lists.isc.org > Date: Monday, December 28, 2009, 3:58 PM > On Mon, Dec 28, 2009 at 07:56:56AM > -0800, Pamela Rock wrote: > > I posted this query a while a

Re: IPv6 TCP

2009-12-28 Thread Pamela Rock
IPTables and IP6Tables are turned off and not running. There is no other firewalls or filtering routers between DNS clients and servers. --- On Mon, 12/28/09, Rick Dicaire wrote: > From: Rick Dicaire > Subject: Re: IPv6 TCP > To: "Pamela Rock" > Cc: bind-users@lists.

IPv6 TCP

2009-12-28 Thread Pamela Rock
I posted this query a while ago but have not yet been able to resolve the issue... I have a DNS server and client that can ping each other using ping6.  The following query works: dig -6 test.com +notcp When I query TCP with IPv6 I get the following error: r...@test:/home/janderson/bind-9.6.

Re: strange dig behavior

2009-12-21 Thread Pamela Rock
--- On Sun, 12/20/09, Barry Margolin wrote: > From: Barry Margolin > Subject: Re: strange dig behavior > To: comp-protocols-dns-b...@isc.org > Date: Sunday, December 20, 2009, 10:59 PM > In article , > Pamela Rock > wrote: > > > I've got the following

strange dig behavior

2009-12-20 Thread Pamela Rock
I've got the following three scenarios The client can query a domain A residing on a recursive name server. The client can query a domain B on an authratative name server. When client queries domain B through the RNS, a Status: refused results. I don't know what is causing the refused. IP tabl

Re: DIG -6 +TCP

2009-11-23 Thread Pamela Rock
For all it's worth, using wireshark, I can see IPv6 UDP queries successfully traversing in/out. Ping6 works successfully. There is no firewall running anywhere(IPv4 or 6). Still get [r...@dig-client ~]# dig -6 a test.domain @bindserver6 +tcp socket.c:4922: 22/Invalid argument dig: isc_so

Re: DIG -6 +TCP

2009-11-23 Thread Pamela Rock
> > I've got a closed lab testing BIND and I've got an > interesting problem with IPv6 queries.  Now I have 3 > systems all running IPv4 and IPv6.  IPv4 queries work > fine across all systems.  IPv6 UDP queries work fine as > well.  When I test IPv6 TCP queries I get the following > failure: > > >

DIG -6 +TCP

2009-11-22 Thread Pamela Rock
Hit the wrong key, sorry about that... I've got a closed lab testing BIND and I've got an interesting problem with IPv6 queries.  Now I have 3 systems all running IPv4 and IPv6.  IPv4 queries work fine across all systems.  IPv6 UDP queries work fine as well. When I test IPv6 TCP queries I get

DIG -6 +TCP

2009-11-22 Thread Pamela Rock
I've got closed lab testing BIND and I've got an interesting problem with IPv6 queries.  Now I have 3 systems all running IPv4 and IPv6.  IPv4 queries work fine across all systems.  IPv6 UDP queries ___ bind-users mailing list bind-users@lists.

Fw: RE: dnssec enabled recursive server

2009-10-24 Thread Pamela Rock
ient > 10.10.10.10#56597: query > 23-Oct-2009 16:47:28.802 security: debug 3: client > 10.10.10.10#56597: query (cache) 'TLD/DNSKEY/IN' approved > 23-Oct-2009 16:47:28.802 client: debug 3: client > 10.10.10.10#56597: send > 23-Oct-2009 16:47:28.802 client: debug 3: client >

dnssec enabled recursive server

2009-10-23 Thread Pamela Rock
This environment is in a lab. I have a DNSSEC enabled server with a signed .TLD zone (again, in a lab). I have a client that can accurately run queries against the signed .TLD zone. So this works... DNSSEC Enabled Client => DNSSEC Enabled .TLD I'm trying to put a recursive BIND 9.6.1-P1 s