Am 08.07.2023 um 08:48 schrieb Matthias Fechner:
If I try now to update some records remotely on the server I see in
the log of the server:
==> /var/named/var/log/named.log <==
08-Jul-2023 07:40:22.962 update-security: info: client @0x848ac0760
93.182.104.69#18475/key idefix.fechn
Am 05.07.2023 um 13:13 schrieb Matthias Fechner:
So far, nsdiff generates expected output, next step is now to apply
the changes in an automated way.
If I try now to update some records remotely on the server I see in the
log of the server:
==> /var/named/var/log/named.log <==
08-Ju
Hi Nick,
Am 04.07.2023 um 08:17 schrieb Nick Tait via bind-users:
It looks like nobody solved your /original/ problem? If you are still
looking for an answer it might help if you posted some logs? The
people on this list are good at interpreting any errors you're seeing. :-)
thanks a lot for
Am 04.07.2023 um 10:16 schrieb Matthew Seaman:
By default, the primary server will end up with a `fetchner.net` zone
data file in text format which contains the pretty much the same RRs
as your master copy in git, but reformatted into a standard style,
sorted into order and with comments
Am 02.07.2023 um 16:41 schrieb Matthew Seaman:
Personally, I maintain zone files with DNSSEC signing on FreeBSD using
the dns/p5-DNS-nsdiff port, which is a perl module written by Tony
Finch -- someone well known on this list.
You can keep your zone files in git or whatever code repository
Dear all,
I have the following problem that changes in a zone file do not get
active, no matter if I reload the zone using rndc or restarting bind
9.16.42 on FreeBSD.
If I update a zone I edit the zone file, adapt the serial in the SOA and
normally do a rndc reload fechner.net.
The
natives, including:
* The split-view thing I mentioned below.
* IP-layer network trickery, such as mangle rules (or similar) so
that the internal machines continue to use the public address, but
the packets don't actually get routed out to the Internet.
Nick.
On 7/02/23 19:45, Mat
192.168.40.142; // authoritative server 1
192.168.40.182; // authoritative server 2
};
forward only; // don't ask any other server
};
Not sure if that will break dnssec for you. There are probably other
way(s) to accomplish this, especially for a real domain on real IP
address(s).
Dear all,
I have a question regarding a setup I use at home.
It is for domain idefix.fechner.net.
I have at home a small server running with some services at it. As I do
not have a public IP, I tunnel traffic using pf on FreeBSD and openvpn
to route a public IP to my server at home.
This
Am 19.08.2022 um 14:12 schrieb Bob Harold:
RPZ should be able to do that. Read up on RPZ in the BIND manual, and
search online for more info.
thanks a lot Bob for the pointer, I will read the manual and if I have
more questions, I let you know ;)
Gruß
Matthias
--
"Programming today is a
Dear all,
I'm not sure if bind can do this, but let me explain what I would like
to do.
It is a hostname from a foreign domain, like:
test.myfritz.net
it is returning an IPv4 and IPv6 address:
host test.myfritz.net
test.myfritz.net has address 100.91.114.161
test.myfritz.net has IPv6 address
Dear all,
I followed now the series here (again, thanks a lot to make this public!):
https://www.youtube.com/watch?v=MheHMWCOTvE=PLUwyH0o3uuICgnbQj_lQajRI_CzewZr7q
Just now I only sign one domain which is using the "auto-dnssec maintain;".
What I understood from the series is that KASP does not
Am 07.04.2020 um 10:55 schrieb Matthias Fechner:
> After bind was reloaded/restarted, it automatically creates the required
> keys and fully maintain the zone, do key rollover, everything required
> fully by itself?
I got a private email pointing my to some webinars explaining the dnssec
Dear all,
is bind (version 9.16.1) able to do all DNSSEC required steps fully by
itself.
So I only create a new zone for a domain and include it like for
newdomain.de:
zone "newdomain.de" {
type master;
file "../master/newdomain.de";
...
}
After bind was reloaded/restarted, it
Dear all,
I have a domain fechner.net which is protected using DNSSEC.
The zone is managed on a server located in a data center.
Some A records are pointing to a computer that has a low speed internet
connection on the WAN site, but very fast connection on the LAN site.
If I know located in
15 matches
Mail list logo
