Ok Peter<div><br></div><div>Thanks a Lot for your valuable inputs and thanks too for bearing up with my silly question if any as i am new to dnssec.:)</div><div><br></div><div>Thanks & Best Regards</div><div>Parth Monga<br>
<br><div class="gmail_quote">On Mon, Apr 16, 2012 at 3:30 PM, <span dir="ltr"><<a href="mailto:pdns-users-request@mailman.powerdns.com">pdns-users-request@mailman.powerdns.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Send Pdns-users mailing list submissions to<br>
<a href="mailto:pdns-users@mailman.powerdns.com">pdns-users@mailman.powerdns.com</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://mailman.powerdns.com/mailman/listinfo/pdns-users" target="_blank">http://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:pdns-users-request@mailman.powerdns.com">pdns-users-request@mailman.powerdns.com</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:pdns-users-owner@mailman.powerdns.com">pdns-users-owner@mailman.powerdns.com</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Pdns-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: Huge PDNS+DNSSEC setup-Need help (Peter van Dijk)<br>
(Peter van Dijk)<br>
2. Re: epollmplexer.cc (Juraj Lutter)<br>
3. Re: epollmplexer.cc (Peter van Dijk)<br>
4. Re: some Solaris issues (Peter van Dijk)<br>
5. NSEC RR - pdns 2.9.22 (Sven Broeske)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Mon, 16 Apr 2012 07:41:53 +0200<br>
From: Peter van Dijk <<a href="mailto:peter.van.dijk@netherlabs.nl">peter.van.dijk@netherlabs.nl</a>><br>
Subject: Re: [Pdns-users] Huge PDNS+DNSSEC setup-Need help (Peter van<br>
Dijk)<br>
To: pdns-users Users <<a href="mailto:pdns-users@mailman.powerdns.com">pdns-users@mailman.powerdns.com</a>><br>
Message-ID: <<a href="mailto:D88E8196-1D13-4AE6-B026-86D8E27D07F6@netherlabs.nl">D88E8196-1D13-4AE6-B026-86D8E27D07F6@netherlabs.nl</a>><br>
Content-Type: text/plain; charset=iso-8859-1<br>
<br>
Hi,<br>
<br>
On Apr 15, 2012, at 15:00 , PARTH MONGA wrote:<br>
<br>
> So as you said key rollovers are not mandate,so that means if i created ksk and zsk for a domain so that will last long during a zone lifecycle till its live and secured<br>
> So i am new to dnssec can you please give me the best practice in handling keys like when should i intentionally go for a key rollover and which key is to be rollovered ksk or zsk or both and how frequent.<br>
> Please show some light on this.<br>
<br>
You asked the same two days earlier. There's no need to repeat. I cannot provide you with best practices for your organization.<br>
<br>
Kind regards,<br>
--<br>
Peter van Dijk<br>
Netherlabs Computer Consulting BV - <a href="http://www.netherlabs.nl/" target="_blank">http://www.netherlabs.nl/</a><br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Mon, 16 Apr 2012 08:04:12 +0200<br>
From: Juraj Lutter <<a href="mailto:juraj@lutter.sk">juraj@lutter.sk</a>><br>
Subject: Re: [Pdns-users] epollmplexer.cc<br>
To: Peter van Dijk <<a href="mailto:peter.van.dijk@netherlabs.nl">peter.van.dijk@netherlabs.nl</a>><br>
Cc: pdns-users Users <<a href="mailto:pdns-users@mailman.powerdns.com">pdns-users@mailman.powerdns.com</a>><br>
Message-ID: <<a href="mailto:C86D1DDD-43D6-41E8-B5DB-AD51B593D626@lutter.sk">C86D1DDD-43D6-41E8-B5DB-AD51B593D626@lutter.sk</a>><br>
Content-Type: text/plain; charset=us-ascii<br>
<br>
No. epollmplexer is still being built on Solaris for some reason.<br>
<br>
<br>
<br>
On 16 Apr 2012, at 07:40, Peter van Dijk <<a href="mailto:peter.van.dijk@netherlabs.nl">peter.van.dijk@netherlabs.nl</a>> wrote:<br>
<br>
> Hi Juraj,<br>
><br>
> On Apr 15, 2012, at 1:41 , Juraj Lutter wrote:<br>
><br>
>> is epollmplexer.cc referenced from somewhere? If not, is there any<br>
>> reason to build it? It can't be built on Solaris.<br>
><br>
><br>
> epollmplexer is used when building the recursor on Linux. On Solaris,<br>
> it will build with either portsmplexer or devpollmplexer. See pdns/Makefile-recursor<br>
> and pdns/sysdeps-recursor/ for more information.<br>
><br>
> Kind regards,<br>
> --<br>
> Peter van Dijk<br>
> Netherlabs Computer Consulting BV - <a href="http://www.netherlabs.nl/" target="_blank">http://www.netherlabs.nl/</a><br>
><br>
> _______________________________________________<br>
> Pdns-users mailing list<br>
> <a href="mailto:Pdns-users@mailman.powerdns.com">Pdns-users@mailman.powerdns.com</a><br>
> <a href="http://mailman.powerdns.com/mailman/listinfo/pdns-users" target="_blank">http://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Mon, 16 Apr 2012 08:10:48 +0200<br>
From: Peter van Dijk <<a href="mailto:peter.van.dijk@netherlabs.nl">peter.van.dijk@netherlabs.nl</a>><br>
Subject: Re: [Pdns-users] epollmplexer.cc<br>
To: pdns-users Users <<a href="mailto:pdns-users@mailman.powerdns.com">pdns-users@mailman.powerdns.com</a>><br>
Message-ID: <<a href="mailto:B3ED93DA-3568-4908-A29C-CC9D79B4EC26@netherlabs.nl">B3ED93DA-3568-4908-A29C-CC9D79B4EC26@netherlabs.nl</a>><br>
Content-Type: text/plain; charset=us-ascii<br>
<br>
Hi Juraj,<br>
<br>
On Apr 16, 2012, at 8:04 , Juraj Lutter wrote:<br>
<br>
> No. epollmplexer is still being built on Solaris for some reason.<br>
<br>
<br>
If you are doing 'make pdns_recursor' inside a pdns checkout: don't do that (we should probably document this or even make it impossible). The only recommended and supported way to build the recursor is from a recursor distribution, either acquired as a tarball called pdns-recursor-* or from typing ./dist-recursor inside a pdns checkout.<br>
<br>
If you are seeing epollmplexer trying to build in a different scenario, please let me know!<br>
<br>
Apologies for the confusion.<br>
<br>
Kind regards,<br>
--<br>
Peter van Dijk<br>
Netherlabs Computer Consulting BV - <a href="http://www.netherlabs.nl/" target="_blank">http://www.netherlabs.nl/</a><br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Mon, 16 Apr 2012 11:17:30 +0200<br>
From: Peter van Dijk <<a href="mailto:peter.van.dijk@netherlabs.nl">peter.van.dijk@netherlabs.nl</a>><br>
Subject: Re: [Pdns-users] some Solaris issues<br>
To: pdns-users Users <<a href="mailto:pdns-users@mailman.powerdns.com">pdns-users@mailman.powerdns.com</a>><br>
Message-ID: <<a href="mailto:8DA4A01F-E738-44A6-86CD-F796218B4EBA@netherlabs.nl">8DA4A01F-E738-44A6-86CD-F796218B4EBA@netherlabs.nl</a>><br>
Content-Type: text/plain; charset=us-ascii<br>
<br>
Hello Juraj,<br>
<br>
On Apr 15, 2012, at 10:26 , Juraj Lutter wrote:<br>
<br>
> On <a href="http://buildfarm.opencsw.org/~wilbury/pdns-3.1-rc2-patches/" target="_blank">http://buildfarm.opencsw.org/~wilbury/pdns-3.1-rc2-patches/</a> you can<br>
> find a patch against 3.1-rc2 which replaces call to ``rdtsc''<br>
> instruction by a call to gethrtime() function which does the same thing<br>
> and is Solaris API compliant. The patch is only for SPARC platform, on<br>
> x86 you still can use ``rdtsc''<br>
<br>
<br>
I'd be happy to apply it. I do have a question. Both historically and as a result of some of your patches, we now have checks for '__sun' and '__sun+__SVR4', and your patch uses __SPARC__. I have to ask: which check is right in which situation?<br>
<br>
Kind regards,<br>
--<br>
Peter van Dijk<br>
Netherlabs Computer Consulting BV - <a href="http://www.netherlabs.nl/" target="_blank">http://www.netherlabs.nl/</a><br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Mon, 16 Apr 2012 11:40:35 +0200<br>
From: Sven Broeske <<a href="mailto:mail@svenbroeske.de">mail@svenbroeske.de</a>><br>
Subject: [Pdns-users] NSEC RR - pdns 2.9.22<br>
To: <a href="mailto:pdns-users@mailman.powerdns.com">pdns-users@mailman.powerdns.com</a><br>
Message-ID: <<a href="mailto:4F8BE913.1030302@svenbroeske.de">4F8BE913.1030302@svenbroeske.de</a>><br>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed<br>
<br>
Hi folks,<br>
<br>
Regarding the pdns documentation it should be possible to use the NSEC<br>
RR since version 2.9.21. Therefore, I tried to create a NSEC RR with the<br>
value "<a href="http://sub.test.de" target="_blank">sub.test.de</a>. A NS SOA". Unfortunately, I get always a SERVFAIL if<br>
I try to 'dig' the domain <a href="http://test.de" target="_blank">test.de</a> on my nameserver.<br>
<br>
The log file of the pdns server shows the following problem:<br>
"Exception building answer packet (Unknown record was stored<br>
incorrectly, need 3 fields, got 4: <a href="http://sub.test.de" target="_blank">sub.test.de</a>. A NS SOA) sending out<br>
servfail"<br>
<br>
As far as I know "<a href="http://sub.test.de" target="_blank">sub.test.de</a>." should be interpreted as first field<br>
(next domain name) and "A NS SOA" as second field (list of types).<br>
<br>
The questions which are resulting:<br>
What would be the third field?<br>
Why is every RR in the "list of types" interpreted as separate field?<br>
What would be the correct configuration?<br>
<br>
Versions:<br>
pdns-backend-mysql 2.9.22-8+squeeze2<br>
pdns-server 2.9.22-8+squeeze2<br>
<br>
Linux foobar 2.6.26-2-amd64 #1 SMP Tue Jan 25 05:59:43 UTC 2011 x86_64<br>
GNU/Linux<br>
<br>
If you need further information, don't hesitate to ask.<br>
<br>
Thanks in advance.<br>
<br>
Best regards,<br>
Sven<br>
<br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com">Pdns-users@mailman.powerdns.com</a><br>
<a href="http://mailman.powerdns.com/mailman/listinfo/pdns-users" target="_blank">http://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
<br>
<br>
End of Pdns-users Digest, Vol 111, Issue 21<br>
*******************************************<br>
</blockquote></div><br></div>