Hi Björn.
Not sure if my (late) reply is any use to you, but yes my understanding
is that you could use localhost as the parental agent in the cases where
(a) the local machine also hosts the parent zone, or (b) it is a
recursive resolver. In the latter case the DNSSEC responses would be
The option is enabled by default however if you forward all queries then the
automatic zones won’t be created and the forwarder is responsible for
filtering. This is done like this because lots of people use forwarding to get
to the internal servers that serve these zones.
Just create empty
After the first automated
name change, my zone file was unformatted. I lost the comments and more
than 500 occurrences of the ORIGIN parameter were inserted.
Configuring dynamic DNS updates on a zone means that named takes control over
how the zone file is (periodically) rewritten to disk.
The global/view option
empty-zones-enable yes;
isn't behaving as I expected.
I had expected that it would cause empty "RFC 1918" zones to be created
for those zones for which there were not local zones defined. That is,
if there were no local zones of this type defined, it would create
Hello!
I´m using Bind 9.11 .
I´m automating my dns server with ansible (nsupdate module). To do this I
enabled the configuration directive allow-update. After the first automated
name change, my zone file was unformatted. I lost the comments and more
than 500 occurrences of the ORIGIN parameter
On 22/09/2023 15:03, Marco Davids (SIDN) via bind-users wrote:
Hi Marco,
It reminded me that that there is such thing as a .digrc file, that
perhaps not all of the readers are familiar with.
Mine has this content:
+bufsize=1232
+dnssec
+nocrypto
+multi
-t
It serves me well, mostly.
On Fri, Sep 22, 2023 at 8:46 AM Anand Buddhdev wrote:
> Hi folks,
>
> I wanted to open a GitLab issue about this, but then thought it might be
> nice to have a discussion to hear the views of users.
>
> dig 9.18.19's man page says:
>
>+crypto, +nocrypto
> This option toggles the display
Hi Anand,
Op 22-09-2023 om 14:46 schreef Anand Buddhdev:
Do you think that dig should be adjusted to suppress cryptographic
material from other records such as TLSA, SSHFP, CDNSKEY, CDS, etc, and
the man page updated to reflect this?
Great discussion! I don't have any strong opinions just
Hi folks,
I wanted to open a GitLab issue about this, but then thought it might be
nice to have a discussion to hear the views of users.
dig 9.18.19's man page says:
+crypto, +nocrypto
This option toggles the display of cryptographic fields in DNSSEC
records. The contents of these
9 matches
Mail list logo
