|
|
 Up |
|
|
  |
Author: Mark AndrewsMark Andrews
Date: Dec 26, 2008 15:18
This is *exactly* why there is a rule in RFC 1034 prohibiting
the use of CNAME with anything else. This is also why named
enforces the rule. The operators of share-ideas.com are
in violation of this rule and their nameserver does not
enforce this rule.
RFC 1034.
The domain system provides such a feature using the canonical name
(CNAME) RR. A CNAME RR identifies its owner name as an alias, and
specifies the corresponding canonical name in the RDATA section of the
RR. If a CNAME RR is present at a node, no other data should be
present; this ensures that the data for a canonical name and its aliases
cannot be different. This rule also insures that a cached CNAME can be
used without checking with an authoritative server for other RR types.
Mark
%% dig crm.share-ideas.com @ns2.hc.ru.
|
| Show full article (6.03Kb) |
|
| |
no comments
|
|
|
Author: Linux AddictLinux Addict
Date: Dec 26, 2008 12:17
This is a multi-part message in MIME format.
--===============9138268836688720276==
Content-Type: multipart/alternative;
boundary="------------000403080708090601030900"
This is a multi-part message in MIME format.
--------------000403080708090601030900
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
|
| Show full article (2.16Kb) |
|
| |
no comments
|
|
|
Author: Rob AusteinRob Austein
Date: Dec 26, 2008 10:29
At Fri, 26 Dec 2008 14:28:13 +0100, Nico De Ranter wrote:
>
> Dec 26 13:55:33 dns named[8546]: configuring TKEY: not implemented
The error suggests that you don't really have GSSAPI enabled
(dst_gssapi_acquirecred() returns that error when called with GSSAPI
support disabled). Check your build log to make sure that -DGSSAPI
was included on the command line when compiling lib/dns/gssapictx.c.
If not, you've got some kind of autoconf problem or are specifying the
wrong directory for the GSSAPI libraries, so check config.log next to
see what happened.
_______________________________________________
bind-users mailing list
bind-users@ lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
|
| |
|
no comments
|
|
|
Author: Nico De RanterNico De Ranter
Date: Dec 26, 2008 05:28
Unfortunately I can't get it to work.
When I add
tkey-gssapi-credential "DNS/....";
tkey-domain "...";
to my named.conf file, named doesn't want to start anymore. I get the
following message in /var/log/messages:
Dec 26 13:55:33 dns named[8546]: configuring TKEY: not implemented
Dec 26 13:55:33 dns named[8546]: loading configuration: not implemented
Dec 26 13:55:33 dns named[8546]: exiting (due to fatal error)
I compiled bind 9.6.0 using the following options:
./configure --with-openssl=yes \
--with-randomdev=/dev/urandom \
--prefix=/opt/bind-${BINDVER} \
--sysconfdir=/etc/bind-${BINDVER} \
--enable-threads \
--with-pkcs11 \
--with-gssapi=/usr
|
| Show full article (4.30Kb) |
|
no comments
|
|
|
Author: blrmaaniblrmaani
Date: Dec 25, 2008 15:31
Did anyone try restricting nsupdate by using tcp-wrappers? I heard
that we can restrict nsupdate using tcp-wrapper
Anyone tried this?
cheers
Maani
On Nov 17, 9:06 pm, "Jonathan Petersson"
wrote:
> --===============7939338197629145746==
> Content-Type: multipart/alternative;
> boundary="----=_Part_36617_8743902.1226973981518"...
|
| Show full article (3.92Kb) |
|
no comments
|
|
|
Author: Dmitry RybinDmitry Rybin
Date: Dec 24, 2008 22:39
Linux Addict wrote:
> Folks, I have BIND 9 running. For some reason, the external resolution
> is not working. I can telnet to root servers on port 53. Recursion is
> on. What are the other requiremnts for the server to reesolve the
> external records. Please help!!
>
TCP? You must open in firewall:
allow tcp,udp from me to any 53
allow tcp,udp from any 53 to me
|
| |
|
no comments
|
|
|
Author: Robert SpanglerRobert Spangler
Date: Dec 24, 2008 19:31
On Wednesday 24 December 2008 20:13, Scott Haneda wrote:
> Trying to help a client, they stumped me today.
OK, I get the sam answers form all the NS servers.
|
| Show full article (2.74Kb) |
|
1 Comment |
|
|
|
|
|
Author: josejavier.armenteroscaballerojosejavier.armenteroscaballero
Date: Dec 24, 2008 16:01
Estar=E9 ausente de la oficina desde el 24/12/2008 y no volver=E9 hasta el
14/01/2009.
Para cualquier asunto contacte Francisco Javier Fabian Sanchez, Francisco
Javier Fernandez Gonzalez, Javier Soria Gallego, Carlos Montero o Jose
Antonio Pulido.
___________________________________________________________________________
Este mensaje se dirige exclusivamente a su destinatario y puede contener
informaci=F3n privilegiada o confidencial. Si no es vd. el destinatario
indicado, queda notificado de que la lectura, utilizaci=F3n, divulgaci=F3n =
y/o
copia sin autorizaci=F3n est=E1 prohibida en virtud de la legislaci=F3n vig=
ente.
Si ha recibido este mensaje por error, le rogamos que nos lo comunique
inmediatamente por esta misma v=EDa y proceda a su destrucci=F3n.
El correo electr=F3nico v=EDa Internet no permite asegurar la confidenciali=
dad
de los mensajes que se transmiten ni su integridad o correcta recepci=F3n.
Telef=F3nica no asume ninguna responsabilidad por estas circunstancias.
|
| Show full article (1.86Kb) |
|
no comments
|
|
|
|
|
|
Author: Jeremy C. ReedJeremy C. Reed
Date: Dec 24, 2008 15:46
On Wed, 24 Dec 2008, Linux Addict wrote:
> Folks, I have BIND 9 running. For some reason, the external resolution is
> not working. I can telnet to root servers on port 53. Recursion is on. What
> are the other requiremnts for the server to reesolve the external records.
> Please help!!
Tell us more. Show us more.
Is your named bound to the IP (at port 53) as expected? Use netstat -an,
sockstat, lsof, fstat to see.
How are you testing? Show us your dig output from same system running
named. Also from remote system if you are testing from a client.
Make sure allow-query, allow-query-cache, allow-recursion are set as
required.
_______________________________________________
bind-users mailing list
bind-users@ lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
|
| |
|
no comments
|
|
|
|
|
