Re: Why does DNSVIZ complain about the NS RRSET here?

Do you know what a windows DNS admin needs to do to fix that? On 04/18/2022 5:12 pm, Mark Andrews wrote: The parent servers are configured to allow recursion (ra) and rather than returning referrals that are returning answers provided it is cached. Also it is pointless to use NSEC3 in the

Re: Bind and systemd-resolved

Thanks, had looked at 'man dig' but had assumed (oops) that only the items listed under the various OPTIONS headings were available in .digrc.  Glad to learn that @ can also be used (confirmed with testing). -Original Message- From: Ondřej Surý To: Leroy Tennison Cc:

Re: Why does DNSVIZ complain about the NS RRSET here?

The parent servers are configured to allow recursion (ra) and rather than returning referrals that are returning answers provided it is cached. Also it is pointless to use NSEC3 in the reverse trees as they contain too much structure. To find

Re: Bind and systemd-resolved

Good points, thanks. -Original Message- From: Reindl Harald To: bind-users@lists.isc.org Sent: Mon, Apr 18, 2022 12:41 am Subject: Re: Bind and systemd-resolved Am 18.04.22 um 07:26 schrieb Leroy Tennison via bind-users: > When I attempt “dig -t AXFR office.example.com -k >

Re: Bind and systemd-resolved

Leroy, here `man dig` is your friend: Unless it is told to query a specific name server, dig will try each of the servers listed in /etc/resolv.conf. When no command line arguments or options are given, dig will perform an NS query for "." (the root). It is possible to set per-user defaults

Re: How to allow recursion on my own (cross) domains only after upgrade to 9.16.27 (lack of additional-from-auth option) ?

Ok, thanks for the confirmation (no recursive clients are pointing to this server, it's only used as an authoritative server). Le lun. 18 avr. 2022 à 10:08, Mark Andrews a écrit : > > Unless you are pointing recursive clients directly at your authoritative > servers there is no need. The

Re: How to allow recursion on my own (cross) domains only after upgrade to 9.16.27 (lack of additional-from-auth option) ?

Unless you are pointing recursive clients directly at your authoritative servers there is no need. The recursive servers will lookup the CNAME target themselves. Additionally recursive servers just process the CNAME and ignore the rest of the response to prevent cache poisoning if there is more

How to allow recursion on my own (cross) domains only after upgrade to 9.16.27 (lack of additional-from-auth option) ?

Hello, I recently upgraded from Debian Buster to Debian Bullseye and I'm having a hard time having the same behavior as before with the new bind9 version. Here is my setup : - I have two DNS domain (domain A.com and domain Z.com) for which my server is authoritative (as a slave in this case), -

Re: Bind and systemd-resolved

There are a lot of extraneous details in here. This is not a BIND problem. On Mon, 18 Apr 2022, Leroy Tennison via bind-users wrote: When I attempt “dig -t AXFR office.example.com -k Kexample_dns.+157+18424.key” on the DNS server (Bind 9.11) sudoed to root I get: Why do you need to be root?

Re: How to allow recursion on my own (cross) domains only after upgrade to 9.16.27 (lack of additional-from-auth option) ?

Mark Andrews wrote: > Unless you are pointing recursive clients directly at your > authoritative servers there is no need. The recursive servers will > lookup the CNAME target themselves. Additionally recursive servers just > process the CNAME and ignore the rest of the response