9.16.13 overwrote master files
Mark Andrews
marka at isc.org
Tue Mar 30 04:45:24 UTC 2021
Carl,
can you add a “#” in front of "dnssec-policy” in bin/named/config.c
and see how that goes for you. That will comment out the default
‘dnssec-policy “none”;’.
Please let us know how that goes for you.
Mark
> On 29 Mar 2021, at 15:02, Carl Byington <carl at byington.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On Mon, 2021-03-29 at 12:54 +1100, Mark Andrews wrote:
>> What do you have in options?
>
> options {
> directory "/var/named";
> allow-recursion { "friends"; };
> dnssec-enable yes;
> dnssec-validation auto;
> bindkeys-file "/etc/named.bind.keys";
> managed-keys-directory "/var/named/dynamic";
> listen-on-v6 {any;};
> ixfr-from-differences yes;
> max-journal-size 2m;
> notify yes;
> response-policy { zone "rpz.five-ten-sg.com";}
> qname-wait-recurse no;
> rate-limit {
> responses-per-second 500;
> errors-per-second 50;
> nxdomains-per-second 500;
> qps-scale 4000;
> exempt-clients { "friends"; };
> };
> max-recursion-queries 200; qname-minimization disabled;
> fetches-per-server 50;
> fetches-per-zone 50;
> server-id hostname;
> };
>
> This is on Centos 8. I will setup a VM tomorrow for more testing on
> this. For now, reverted back to 9.16.12.
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
>
> iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYGFRRxUcY2FybEBmaXZl
> LXRlbi1zZy5jb20ACgkQL6j7milTFsFm/wCbBpzr/W/QdtUMG0hhstYcI1wpsBcA
> nRdv220ju0R0IIEgbLzfbXs8CjHX
> =+zDb
> -----END PGP SIGNATURE-----
>
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list