Howdy,
We’ve noticed the error message "refresh: failure trying master ...: operation
canceled” in our logs debugged from some slaves not updating DS records in some
zones.
Looking into this error over at:
https://deepthought.isc.org/article/AA-01213/0/What-causes-refresh:-failure-trying-maste
On 6/9/14, 9:05 PM, "Mark Andrews" wrote:
>
>In message , Raymond Drew Walker
>writes:
>>
>> Apologies,
>>
>> Our workaround was actually the addition of 2 lines:
>>
>>check-names master ignore;
>>check-names res
Apologies,
Our workaround was actually the addition of 2 lines:
check-names master ignore;
check-names response ignore;
Without the second ‘response’ clause, the update does not error, but does not
get applied to the record.
—
Raymond Walker
Software Systems Engineer StSp.
ITS - N
Our current workaround is to add the following to NAMED configuration:
check-names master ignore;
Is there a more preferred solution?
…or perhaps a different way of looking at this issue?
—
Raymond Walker
Software Systems Engineer StSp.
ITS - Northern Arizona University
From: Ray Walker mailt
Running BIND 9.9.5:
On moving to a hidden primary setup, dynamic updates to zones we are master for
with “unallowed characters” (underscores in our case) have started to fail with
the error "bad owner name (check-names)” In the past (pre hidden primary) they
did not fail.
In the past we have n
I have verified that this also happens intermittently with dig in BIND 9.9.5
built/configured with:
STD_CDEFINES="-DDIG_SIGCHASE=1"
export STD_CDEFINES
./configure --enable-threads --enable-largefile
—
Raymond Walker
Software Systems Engineer StSp.
ITS - Northern Arizona University
From: Ray Wal
I’m experiencing an interesting issue where sometimes when performing a
sigchase on a valid signed zone the command loops indefinitely when an expired
RRSIG exists:
Live example:
dig +sigchase +trusted-key=./trusted.keys aa.nau.edu A
Notes:
There is currently a valid RRSIG for this zone.
dig co
Running BIND 9.9.0
Upon having some DNSSEC keys run out of activity with no active
replacements, we noticed some interesting behavior with the named
process...
When a zone signing key enters it's Inactive phase, the zone still loads
on startup:
19-Jun-2012 09:54:10.176 general: zone_timer: zone
-Original Message-
From: Tony Finch
Date: Tue, 4 Oct 2011 20:30:43 +0100
To: Raymond Walker
Cc: "bind-users@lists.isc.org"
Subject: Re: DNSSEC not populating parent zone files with DS records
>Raymond Drew Walker wrote:
>
>> In testing, this pipe sets up the
-Original Message-
From: Tony Finch
Date: Mon, 3 Oct 2011 14:59:38 +0100
To: Michael Sinatra
Cc: , , Raymond Walker
Subject: Re: DNSSEC not populating parent zone files with DS records
>Michael Sinatra wrote:
>>
>> There are ways of getting the DS records into the zone(s). Here are
>
In our initial implementation of DNSSEC, we chose to try out the "auto"
functionalities in version 9.8.0 P4 ie. using "auto-dnssec maintain" in
all master zones.
When going live, we found that though all zones that we are acting as
master for would populate their own DS records, but there would be
11 matches
Mail list logo
