Re: DNSSEC migration sanity check

2020-08-19 Thread Crist Clark
Not sure I understand why you need to do anything except change the authoritative NS records in the zone and in the delegation at the registrar. You also only really need to decrease the TTL on the NS records, not all of the records in the zone. Why touch any keys and the corresponding DS records?

DNSSEC migration sanity check

2020-08-19 Thread John W. Blue via bind-users
We are in the process of moving from one IPAM vendor to another. All of our zones are DNSSEC signed and the TTL's have been lowered to 300 seconds. At a high level, the playbook is to update the registrar with names/IP addresses of the new servers and update the DSKEY. Depending on the time

Re: Error "Query section mismatch : got"

2020-08-19 Thread Matus UHLAR - fantomas
On 20 Aug 2020, at 00:41, Matus UHLAR - fantomas wrote: On Wed, Aug 19, 2020 at 7:42 AM Matus UHLAR - fantomas wrote: again, why you query for 250.0-24.199.212.125.in-addr.arpa under normal circumstances there's no point of querying that name. On 19.08.20 10:05, tale via bind-users wrote:

Re: Error "Query section mismatch : got"

2020-08-19 Thread Mark Andrews
> On 20 Aug 2020, at 00:41, Matus UHLAR - fantomas wrote: > >> On Wed, Aug 19, 2020 at 7:42 AM Matus UHLAR - fantomas >> wrote: >>> again, why you query for 250.0-24.199.212.125.in-addr.arpa >>> under normal circumstances there's no point of querying that name. > > On 19.08.20 10:05, tale

Re: Error "Query section mismatch : got"

2020-08-19 Thread Matus UHLAR - fantomas
On Wed, Aug 19, 2020 at 7:42 AM Matus UHLAR - fantomas wrote: again, why you query for 250.0-24.199.212.125.in-addr.arpa under normal circumstances there's no point of querying that name. On 19.08.20 10:05, tale via bind-users wrote: Well yes and no. While an individual user would

Re: Error "Query section mismatch : got"

2020-08-19 Thread tale via bind-users
On Wed, Aug 19, 2020 at 7:42 AM Matus UHLAR - fantomas wrote: > again, why you query for 250.0-24.199.212.125.in-addr.arpa > under normal circumstances there's no point of querying that name. > Well yes and no. While an individual user would typically not, resolvers sure will. While trying to

Re: Error "Query section mismatch : got"

2020-08-19 Thread Matus UHLAR - fantomas
On 19.08.20 17:40, Smile TV wrote: I query the PTR Resource Record that is hosted on DNS Server/ 115.84.177.8 (reverse zone: 250.0-24.199.212.125.in-addr.arpa). However, There is a difference between when querying directly the PTR RR and querying Any RR. The results of two case below:

Error "Query section mismatch : got"

2020-08-19 Thread Smile TV
Hi all! I query the PTR Resource Record that is hosted on DNS Server/ 115.84.177.8 (reverse zone: 250.0-24.199.212.125.in-addr.arpa). However, There is a difference between when querying directly the PTR RR and querying Any RR. The results of two case below: *Case 1: Query the PTR RR