08-11-2002
I own the Oreilly book on DNS/BIND I must say it's VERY helpful to understand how DNS and BIND works. The answer to your question is there and with a very good answer.
7 More Discussions You Might Find Interesting
1. Solaris
hey guys, how to add soalris box as a microsoft DNS Client ?
and how to register in the microsoft DNS ??
i managed to query from the DNS server after adding /etc/resolve.conf and editing /etc/nsswitch.conf
but i need to register the soalris server (dns Client) into Microsoft DNS automatically.... (3 Replies)
Discussion started by: mduweik
3 Replies
2. UNIX for Advanced & Expert Users
I'd like to get some opnions on choosing DNS server:
Windows DNS vs Linux BIND comparrsion:
1) managment, easy of use
2) Security
3) features
4) peformance
5) ??
I personally prefer Windows DNS server for management, it supports GUI and command line. But I am not sure about security... (2 Replies)
Discussion started by: honglus
2 Replies
3. Forum Support Area for Unregistered Users & Account Problems
When I'm trying to register it says that my e-mail adress )is banned by administrator. Why?
Thanks
PS The same problem occurs with other 2 adresses I have (1 Reply)
Discussion started by: Mihail
1 Replies
4. Red Hat
Hi,
I have a question on how to point the DNS server-1's A-record to second DNS server, which is DNS server-2. So, the computer can access other domain which only listed in the DNS server-2. The scenario is as follow:
http://img689.imageshack.us/img689/6333/12234.png
How to configure this... (4 Replies)
Discussion started by: Paris Heng
4 Replies
5. Red Hat
I am trying to setup a CentOS 6.2 server that will be doing 3 things DHCP, DNS & Samba for a very small office (2 users). The idea being this will replace a very old Win2k server. The users are all windows based clients so only the server will be Linux based.
I've installed CentOS 6.2 with... (4 Replies)
Discussion started by: FireBIade
4 Replies
6. Shell Programming and Scripting
friends
I have the following code that works perfect
while read linea
do
largo=${#linea}
echo "largo es///////////: $largo "
if
then
echo "Longitud De Registro Invalida"
echo " $linea > ERROR DE LONGITUD" >> ... (2 Replies)
Discussion started by: tricampeon81
2 Replies
7. Solaris
Hi,
We have built a new server (RHEL VM)and added that IP/hostname into dns zone configs file on DNS server (Solaris 10). Reloaded the configuration using
and added nameserver into resolv.conf on client. But when I am trying nslookup, its not getting resolved. The nameserver is not able to... (8 Replies)
Discussion started by: snchaudhari2
8 Replies
LEARN ABOUT DEBIAN
isc-hmac-fixup
ISC-HMAC-FIXUP(1) BIND9 ISC-HMAC-FIXUP(1)
NAME
isc-hmac-fixup - fixes HMAC keys generated by older versions of BIND
SYNOPSIS
isc-hmac-fixup {algorithm} {secret}
DESCRIPTION
Versions of BIND 9 up to and including BIND 9.6 had a bug causing HMAC-SHA* TSIG keys which were longer than the digest length of the hash
algorithm (i.e., SHA1 keys longer than 160 bits, SHA256 keys longer than 256 bits, etc) to be used incorrectly, generating a message
authentication code that was incompatible with other DNS implementations.
This bug has been fixed in BIND 9.7. However, the fix may cause incompatibility between older and newer versions of BIND, when using long
keys. isc-hmac-fixup modifies those keys to restore compatibility.
To modify a key, run isc-hmac-fixup and specify the key's algorithm and secret on the command line. If the secret is longer than the digest
length of the algorithm (64 bytes for SHA1 through SHA256, or 128 bytes for SHA384 and SHA512), then a new secret will be generated
consisting of a hash digest of the old secret. (If the secret did not require conversion, then it will be printed without modification.)
SECURITY CONSIDERATIONS
Secrets that have been converted by isc-hmac-fixup are shortened, but as this is how the HMAC protocol works in operation anyway, it does
not affect security. RFC 2104 notes, "Keys longer than [the digest length] are acceptable but the extra length would not significantly
increase the function strength."
SEE ALSO
BIND 9 Administrator Reference Manual, RFC 2104.
AUTHOR
Internet Systems Consortium
COPYRIGHT
Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
BIND9 January 5, 2010 ISC-HMAC-FIXUP(1)