12-18-2001
Perhaps I'm missing something fundemental to DNS name resolution here. If I've only got my own local Nameserver in the resolv.conf and that has no information about
www.yahoo.com (or anything else for that matter), why does it not transcend all the way down to the root nameservers (which it knows about through the root hints file - the addresses are valid I can ping them) and get me a valid answer by issuing iterative queries to Nameservers until it finds an authoritative answer?
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
what is dig? Is it just a advanced type of nslookup?
how to use it?
//nicke:confused: (1 Reply)
Discussion started by: nicke30
1 Replies
2. Shell Programming and Scripting
First I would like to thank you for your time in running a great Forum!
Background - Windows/ASP/VB COM/SQL Server programmer/Webmaster.
Desire - To build similar skillset on UNIX. I am looking at learning Perl or Python (maybe Jython due to connection to Java). I have a brief background... (3 Replies)
Discussion started by: nimrod
3 Replies
3. UNIX for Dummies Questions & Answers
When I use the linux dig command such as #dig yahoo.com it resolves
but when I use the same command as root it gives me error "Segmentation Fault"
Please advise I am completly baffled. (1 Reply)
Discussion started by: Tirmazi
1 Replies
4. Solaris
Hi all,
Apologies if this is the wrong forum for this question, if it is, could some one point me to the right one please.
I am trying to compile bind-9.5.1b1 on Solaris 10
Get the error when try to configure:
checking for OpenSSL library... using OpenSSL from /usr/local/lib and... (5 Replies)
Discussion started by: callmebob
5 Replies
5. UNIX for Dummies Questions & Answers
all,
i am newbie to dns bind . Any help is very appreciated.
I am using dig command to view the records in the config. I am expecting the following comamnds to display all the A (Address records) in the zone data file.
my zone data file looks like this
-------------------
$ORIGIN .
$TTL... (2 Replies)
Discussion started by: sujathab
2 Replies
6. UNIX for Dummies Questions & Answers
Hi Guys,
I just need a confirmation if what think i know is right .
dig yahoo.com
; <<>> DiG 9.7.0-P1 <<>> yahoo.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27410
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
... (1 Reply)
Discussion started by: mtomar
1 Replies
7. IP Networking
Can I use two different DNS servers in the one command in the form of primary and secondary.
Take this for example:
dig @<primaryAddress> @<secondaryAddress> MX domain.tld
So if primary address is down, it will use the secondary address as a backup. It seems to work when testing, but thought... (1 Reply)
Discussion started by: neil_is_ere
1 Replies
8. UNIX for Advanced & Expert Users
Hi,
I have these entries in the /etc/esolv.conf:
------------
domain xxxxxx
search yyyyyy
nameserver 127.0.0.1
nameserver aaaaaaaaaaaaaaaa
nameserver bbbbbbbbbbbbbbbb
-------------
When I use 'dig' or 'nslookup' command, like 'dig yahoo.com' it uses the localhost as the server.
I... (2 Replies)
Discussion started by: chaandana
2 Replies
9. Shell Programming and Scripting
Hi,
I am testing some code to match a grep to see if one of the dns server exists but it does not seem to match:
ERROR:
=======
CRITICAL: google.com DNS : ns3.google.com NOT found
CODE:
=====
if ; then
echo "OK: google.com DNS : ns3.google.com exists"
else
echo... (5 Replies)
Discussion started by: dmccabe
5 Replies
10. Shell Programming and Scripting
Experts - I was hoping someone could help me out with the logic on this perl script.
I'm trying to run some dig commands and parse in such a way as to group them together.
Here's what I have so far.
#!/usr/bin/perl
system(clear);
my @host = qw/yahoo.com
google.com
/;
foreach... (2 Replies)
Discussion started by: timj123
2 Replies
LEARN ABOUT DEBIAN
softhsm-keyconv
SOFTHSM-KEYCONV(1) General Commands Manual SOFTHSM-KEYCONV(1)
NAME
softhsm-keyconv - converting between BIND and PKCS#8 key file formats
SYNOPSIS
softhsm-keyconv --topkcs8 --in path --out path [--pin PIN]
softhsm-keyconv --tobind --in path [--pin PIN]
--name name [--ttl ttl --ksk] --algorithm algorithm
DESCRIPTION
softhsm-keyconv can convert between BIND .private-key files and the PKCS#8 file format. This is so that you can import the PKCS#8 file
into libsofthsm using the command softhsm. If you have another file format, then openssl probably can help you to convert it into the
PKCS#8 file format.
The following files will be created when converting to BIND file format:
Kname+alg_id+key_tag.key
Public key in RR format
Kname+alg_id+key_tag.private
Private key in BIND key format
The three parts of the file name means the following:
name The owner name given by the --name argument.
alg_id A numeric representation of the --algorithm argument.
key_tag
Is a checksum of the DNSKEY RDATA.
OPTIONS
--topkcs8
Convert from BIND .private-key format to PKCS#8.
Use with --in, --out, and --pin.
--tobind
Convert from PKCS#8 to BIND .private-key format.
Use with --in, --pin, --name, --ttl, --ksk, and --algorithm.
--algorithm algorithm
Specifies which DNSSEC algorithm to use when converting to BIND format. The supported algorithms are:
RSAMD5
DSA
RSASHA1
RSASHA1-NSEC3-SHA1
DSA-NSEC3-SHA1
RSASHA256
RSASHA512
--help, -h
Shows the help screen.
--in path
The path to the input file.
--ksk This will set the flag field to 257 instead of 256 in the DNSKEY RR in the .key file. Indicating that the key is a Key Signing Key.
Can be used when converting to BIND format.
--name name
The owner name to use in the BIND file name and in the DNSKEY RR. Do not forget the trailing dot, e.g. "example.com."
--out path
The path to the output file.
--pin PIN
The PIN will be used to encrypt or decrypt the PKCS#8 file depending if we are converting to or from PKCS#8. If not given then the
PKCS#8 file is assumed to be unencrypted.
--ttl TTL
The TTL to use for the DNSKEY RR. Optional, this will default to 3600 seconds.
--version, -v
Show the version info.
EXAMPLES
To convert a BIND .private-key file to a PKCS#8 file, the following command can be used:
softhsm-keyconv --in Kexample.com.+007+05474.private
--out rsa.pem
To convert a PKCS#8 file to BIND key files, the following command can be used:
softhsm-keyconv --in rsa.pem --name example.com.
--ksk --algorithm RSASHA1-NSEC3-SHA1
AUTHOR
Written by Rickard Bellgrim.
SEE ALSO
softhsm(1), softhsm.conf(5), openssl(1), named(1), dnssec-keygen(1), dnssec-signzone(1)
SoftHSM 21 December 2009 SOFTHSM-KEYCONV(1)