Am 07.04.2020 um 10:55 schrieb Matthias Fechner:
> After bind was reloaded/restarted, it automatically creates the required
> keys and fully maintain the zone, do key rollover, everything required
> fully by itself?
I got a private email pointing my to some webinars explaining the dnssec.
I found
Thanks. I have opened a ticket with AWS support asking them to allow us to pull
slave copies of our VPC-internal zones. If they don’t do that, then making the
zones slaves will not fix our problem, because the AWS endpoints refuse to
answer iterative queries.
Thanks,
Maria
> On Apr 7, 2020,
I had been told they tried that twice and in both cases the domain controller
would not let them add the conditional forwarder. On the strength of your
having said it worked in your situation, they tried again and now it is working.
Thank you!
Maria
> On Apr 6, 2020, at 11:37 AM, Chris Buxton
Add delegations if they are missing. This is how DNS is designed to be managed.
This should have been done as part of allocating the address space initially.
--
Mark Andrews
> On 8 Apr 2020, at 02:43, bind-li...@iano.org wrote:
>
> Currently our linux caching resolvers have a forwarding
Update: I've now filed this bug/issue:
https://gitlab.isc.org/isc-projects/bind9/-/issues/1745
On Tue, Apr 7, 2020 at 8:11 AM Shumon Huque wrote:
> Hi folks,
>
> I thought I'd check here before filing a bug in the gitlab repo -- in case
> there is something I'm not understanding about
Currently our linux caching resolvers have a forwarding rule for
10.in-addr.arpa back to a small subset of our approximately 200 AD domain
controllers. We made it a stub zone at one point in the past, but ran into
intermittent resolution problems, although I don’t recall the details. We’ve
Hello bind users
> The answer is almost, as long as the zone has a DNSSEC policy configured:
>
> zone "newdomain.de" {
> type master;
> file "../master/newdomain.de";
> dnssec-policy default;
> }
>
> The only thing not yet fully automated is submitting the DS to the
> parent. You can do
Hi folks,
I thought I'd check here before filing a bug in the gitlab repo -- in case
there is something I'm not understanding about dig's intended behavior.
"dig +trace" does not appear to be following referrals with a non-empty
answer section, e.g. with CNAMEs pointing below the zone cut. I
Hi Matthias,
The answer is almost, as long as the zone has a DNSSEC policy configured:
zone "newdomain.de" {
type master;
file "../master/newdomain.de";
dnssec-policy default;
}
The only thing not yet fully automated is submitting the DS to the
parent. You can do that as soon as named
Dear all,
is bind (version 9.16.1) able to do all DNSSEC required steps fully by
itself.
So I only create a new zone for a domain and include it like for
newdomain.de:
zone "newdomain.de" {
type master;
file "../master/newdomain.de";
...
}
After bind was reloaded/restarted, it
10 matches
Mail list logo
