|
|
Sponsored Content
Operating Systems
Solaris
DNS Lookup failure:
Post 302526376 by DGPickett on Tuesday 31st of May 2011 10:49:21 AM
05-31-2011
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
We need to add our remote office to our linux routing table.
Our internal office ip addresses are all in the range of 198.9.200.x
with an subnet mask of 255.255.255.0
the remote office has ip addresses in the range of 192.168.0.0 and also a subnet mask of 255.255.255.0
when i use the... (3 Replies)
Discussion started by: progressdll
3 Replies
2. UNIX for Advanced & Expert Users
Originally I had the server at home and on Comcast so I used dyndns.org for DNS.
Once the server got a bit more popular, I leased a server at a colo facility. They set up the server name in their DNS so I didn't really have any reason to manage my own DNS. DynDNS was managing the domains and I... (7 Replies)
Discussion started by: BOFH
7 Replies
3. Solaris
As i understand, host/nslookup/dig only query DNS server to resolve name to ip.
ping can query both, but it seems if ping is blocked, ping won't return IP.
traceroute can query both, but i am not able to test if traceroute is blocked, What is the result?
Neither ping/traceroute is... (3 Replies)
Discussion started by: honglus
3 Replies
4. AIX
Hello!
How do I prevent AIX sendmail from doing a DNS lookup prior sending the mail?
(we still need to have the DNS resolving on AIX level).
We are running AIX 6.1 and 5.3.
//sap4ever (1 Reply)
Discussion started by: sap4ever
1 Replies
5. Solaris
Hi Gurus
I am getting the following message continuosly in my /var/adm/messages file:
Aug 3 13:31:21 mumux102 sendmail: n6UHxxTm019703: to=postmaster, delay=3+14:00:01, xdelay=00:00:00, mailer=relay, pri=30730707, relay=fisbomrelay.fnfis.com, dsn=4.0.0, stat=Deferred: Name server:... (3 Replies)
Discussion started by: Hari_Ganesh
3 Replies
6. Programming
Hi there,
I'm trying to do an MX type lookup using getaddrinfo(), but I can't work out how to change the lookup type to MX from the standard A - can anybody tell me how to do this?
Thanks very much
John G (3 Replies)
Discussion started by: JohnGraham
3 Replies
7. Red Hat
Hi guys. Ok so let me lay out my configs. I can do a NSlookup from client to server BUT NOT a reverse lookup.
DNS server: Optimus.jaydomain.com
IP : 192.168.1.50
DNS Client: Megatron.jaydomain.com
IP : 192.168.1.60
On Sever:
# cat /etc/named.conf
//
// named.conf
//
// Provided... (4 Replies)
Discussion started by: Junaid Subhani
4 Replies
8. What is on Your Mind?
Hi.
Having a bit of quick fun putting some networking tools online.
Here is a DNS Lookup tool.
It's basically the DIG command line tool wrapped in forum formatting.
If you want more features, please post here.
I'm doing to make a few more network tools like this and move on to other... (1 Reply)
Discussion started by: Neo
1 Replies
9. Linux
Dear All ,
I am able to resolve my server using its ipaddress from other machines.
But not from the same machine.
But I have updated the DNS entry in /etc/resolv.conf.
Even SSH login from other server shows Hostname Lookup Failure.
Please help me on this.
Rj (5 Replies)
Discussion started by: jegaraman
5 Replies
10. UNIX for Beginners Questions & Answers
Hi
I have a problem in sendmail Freebsd when sending emails to yahoo as an example, I get:
Sep 5 10:05:43 local50 sm-mta: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1
Sep 5 10:05:43 local50 sm-mta: STARTTLS=client: 43926:error:1407742E:SSL... (3 Replies)
Discussion started by: rickyarge92
3 Replies
LEARN ABOUT XFREE86
dnssec-trust-anchors.d
DNSSEC-TRUST-ANCHORS.D(5) dnssec-trust-anchors.d DNSSEC-TRUST-ANCHORS.D(5) NAME
dnssec-trust-anchors.d, systemd.positive, systemd.negative - DNSSEC trust anchor configuration files SYNOPSIS
/etc/dnssec-trust-anchors.d/*.positive /run/dnssec-trust-anchors.d/*.positive /usr/lib/dnssec-trust-anchors.d/*.positive /etc/dnssec-trust-anchors.d/*.negative /run/dnssec-trust-anchors.d/*.negative /usr/lib/dnssec-trust-anchors.d/*.negative DESCRIPTION
The DNSSEC trust anchor configuration files define positive and negative trust anchors systemd-resolved.service(8) bases DNSSEC integrity proofs on. POSITIVE TRUST ANCHORS
Positive trust anchor configuration files contain DNSKEY and DS resource record definitions to use as base for DNSSEC integrity proofs. See RFC 4035, Section 4.4[1] for more information about DNSSEC trust anchors. Positive trust anchors are read from files with the suffix .positive located in /etc/dnssec-trust-anchors.d/, /run/dnssec-trust-anchors.d/ and /usr/lib/dnssec-trust-anchors.d/. These directories are searched in the specified order, and a trust anchor file of the same name in an earlier path overrides a trust anchor files in a later path. To disable a trust anchor file shipped in /usr/lib/dnssec-trust-anchors.d/ it is sufficient to provide an identically-named file in /etc/dnssec-trust-anchors.d/ or /run/dnssec-trust-anchors.d/ that is either empty or a symlink to /dev/null ("masked"). Positive trust anchor files are simple text files resembling DNS zone files, as documented in RFC 1035, Section 5[2]. One DS or DNSKEY resource record may be listed per line. Empty lines and lines starting with a semicolon (";") are ignored and considered comments. A DS resource record is specified like in the following example: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 The first word specifies the domain, use "." for the root domain. The domain may be specified with or without trailing dot, which is considered equivalent. The second word must be "IN" the third word "DS". The following words specify the key tag, signature algorithm, digest algorithm, followed by the hex-encoded key fingerprint. See RFC 4034, Section 5[3] for details about the precise syntax and meaning of these fields. Alternatively, DNSKEY resource records may be used to define trust anchors, like in the following example: . IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= The first word specifies the domain again, the second word must be "IN", followed by "DNSKEY". The subsequent words encode the DNSKEY flags, protocol and algorithm fields, followed by the key data encoded in Base64. See RFC 4034, Section 2[4] for details about the precise syntax and meaning of these fields. If multiple DS or DNSKEY records are defined for the same domain (possibly even in different trust anchor files), all keys are used and are considered equivalent as base for DNSSEC proofs. Note that systemd-resolved will automatically use a built-in trust anchor key for the Internet root domain if no positive trust anchors are defined for the root domain. In most cases it is hence unnecessary to define an explicit key with trust anchor files. The built-in key is disabled as soon as at least one trust anchor key for the root domain is defined in trust anchor files. It is generally recommended to encode trust anchors in DS resource records, rather than DNSKEY resource records. If a trust anchor specified via a DS record is found revoked it is automatically removed from the trust anchor database for the runtime. See RFC 5011[5] for details about revoked trust anchors. Note that systemd-resolved will not update its trust anchor database from DNS servers automatically. Instead, it is recommended to update the resolver software or update the new trust anchor via adding in new trust anchor files. The current DNSSEC trust anchor for the Internet's root domain is available at the IANA Trust Anchor and Keys[6] page. NEGATIVE TRUST ANCHORS
Negative trust anchors define domains where DNSSEC validation shall be turned off. Negative trust anchor files are found at the same location as positive trust anchor files, and follow the same overriding rules. They are text files with the .negative suffix. Empty lines and lines whose first character is ";" are ignored. Each line specifies one domain name which is the root of a DNS subtree where validation shall be disabled. Negative trust anchors are useful to support private DNS subtrees that are not referenced from the Internet DNS hierarchy, and not signed. RFC 7646[7] for details on negative trust anchors. If no negative trust anchor files are configured a built-in set of well-known private DNS zone domains is used as negative trust anchors. It is also possibly to define per-interface negative trust anchors using the DNSSECNegativeTrustAnchors= setting in systemd.network(5) files. SEE ALSO
systemd(1), systemd-resolved.service(8), resolved.conf(5), systemd.network(5) NOTES
1. RFC 4035, Section 4.4 https://tools.ietf.org/html/rfc4035#section-4.4 2. RFC 1035, Section 5 https://tools.ietf.org/html/rfc1035#section-5 3. RFC 4034, Section 5 https://tools.ietf.org/html/rfc4034#section-5 4. RFC 4034, Section 2 https://tools.ietf.org/html/rfc4034#section-2 5. RFC 5011 https://tools.ietf.org/html/rfc5011 6. IANA Trust Anchor and Keys https://data.iana.org/root-anchors/root-anchors.xml 7. RFC 7646 https://tools.ietf.org/html/rfc7646 systemd 237 DNSSEC-TRUST-ANCHORS.D(5)