Hello (again),
I was reviewing my logging configuration, implementing new categories
and generally reorganizing stuff.
From what I remember and from what I read in the documentation, using
"severity dynamic" on a channel should result in logging being disabled
for that channel as long as
On 26-05-2022 15:27, Jan-Piet Mens via bind-users wrote:
A semicolon begins a comment in a zone file [1], so yes.
-JP
[1]
https://jpmens.net/2015/10/28/the-semicolon-in-zone-master-files-some-history/
Thank you, JP. Nice blog post. Very enlightening.
On 26-05-2022 15:29, Bjørn Mork
Sandro writes:
> The bit from the first semicolon to the end of the line was missing.
>
> Is that expected behavior? I couldn't find any documentation regarding
> the usage of parentheses.
The master file format is mostly defined by RFC1035. See
20220317-a4qe._domainkeyTXT (
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAA
^ begin comment
OCAQ8AMIIBCgKCAQEAmEsWuQCj+OenaSQ3dM6WItExor
The bit from the first semicolon to the end of the line was missing.
Is that expected behavior?
A semicolon begins a
Hello,
While adding a DKIM key to my zone I was looking for information about
using parentheses for working around the string length limitation.
I looked at the way BIND puts them in my zone file for RRSIG entries and
and applied that to the TXT record:
20220317-a4qe._domainkeyTXT (
On 26-05-2022 12:00, Sandro wrote:
Thank you, Matthijs, for pointing out the bug. Do you have any
suggestion for what to try first, key separation or policy separation?
Well, I went for key separation. Let's see if it sticks. Last time I
restarted BIND everything seemed fine in the beginning
On 26-05-2022 11:05, Sandro wrote:
I'll take a look at the bug report in a minute.
Well, there are similarities between #2463 and my setup, but also
differences.
In my case, all zones are signed, internal and external. I have one
dnssec-policy defined in the options section, which is a
26-May-2022 10:06:14.458 debug 3: zone penguinpee.nl/IN/external:
zone_rekey failure: unexpected error (retry in 600 seconds)
One of the first things BIND does, if I'm reading lib/dns/zone.c correctly, is
to attempt to lock the keys, and if it fails it emits that diagnostic.
Assuming the
On 23-05-2022 16:12, Sandro wrote:
I'll do some more digging through the log files. I meanwhile increased
the severity to 'debug 3' for dnssec_debug.
I'm having some issues again. Not as severe as last time, since the
RRSIG records are all still within their validity period.
However, bind
On 26-05-2022 10:34, Matthijs Mekking wrote:
What version are you using? We had a bug with dnssec-policy and views
(#2463), but that has been fixed.
I'm using BIND 9.16.28-RH on Fedora Server. I'll take a look at the bug
report in a minute.
Since 9.16.18 you should not be able to set the
(putting this back on list)
thank you for the feedback,now I have already start the slave server
[root@bind-master-centos7 ~]# dig kaixinduole.com +nssearch
SOA ns1.kaixinduole.com. shawn.kaixinduole.com. 2022041566 3600 900 604800
86400 from server 52.130.145.30 in 0 ms.
SOA
2. [image: image.png]
In this screenshot you've shown the result of `cat named.conf', but where's the
zone definition for kaixinduole.com? What we are seeing here is a recursive
server.
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC
Sandro,
What version are you using? We had a bug with dnssec-policy and views
(#2463), but that has been fixed.
Since 9.16.18 you should not be able to set the same key-directory for
the same zone in different views.
Matthijs
On 23-05-2022 16:12, Sandro wrote:
On 23-05-2022 15:48, Tony
As far as I know, GSS-TSIG is only used for DNS updates, not zone transfers.
https://bind9.readthedocs.io/en/v9_16_5/advanced.html#dynamic-update
Sorry, don't know what capabilities AD has for securing zone transfers
beyond IP ACLs, which of course is not much security at all. I've never had
14 matches
Mail list logo
