Re: Best DNSSEC documentation for current version?
On Mon, 21 Jun 2021, John W. Blue via bind-users wrote: Have you seen the webinar videos on ISC's youtube channel? https://www.youtube.com/user/ISCdotorg/search?query=DNSSEC No! I would not have thought to look there for this -- although I learn all kinds of other things on YT. Many thanks for pointing this out to us all. I will definitely look at this. It looks extensive! Brett ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Best DNSSEC documentation for current version?
Hello Brett, Have you seen the webinar videos on ISC's youtube channel? https://www.youtube.com/user/ISCdotorg/search?query=DNSSEC I would encourage you to attend them as they are presented. One even had a VM's for the attendees to practice the information presented and ask questions. John From: bind-users on behalf of Brett Delmage Sent: Monday, June 21, 2021 2:58 PM To: bind-users Subject: Best DNSSEC documentation for current version? I am looking to read the best documentation on DNSSEC configuration for the current versions on BIND. Is this comprehensive and up to date? https://bind9.readthedocs.io/en/latest/dnssec-guide.html This doc does not refer to any version - Am I missing that? It seems that this is an important detail to know when attempting to apply such a document. Is there anything else I have missed that isn't misleading, especially with regard to key management, on the ISC site or elsewhere? Right now I am feeling there are gaps in my knowledge and/or comprehension. I don ;t want to get further confused. Thanks for your tips! Brett ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookup / PTR record
On 2021-06-21 12:00, Matus UHLAR - fantomas wrote: On 21.06.21 09:41, techli...@phpcoderusa.com wrote: I am configuring a home office PHP webserver on my cable company's business connection that allows for servers. My cable company provides the reverse lookup / PTR record. Given that, I'm thinking I need to provide only the zone file, no reverse lookup. if your ISP provides reverse lookup, you don't need reverse zone file at all. Any thoughts are much appreciated. what is your question? You answered it it was do I need a reverse if my ISP is providing one. Thanks!! -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "The box said 'Requires Windows 95 or better', so I bought a Macintosh". ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Managing localhost
Thank you Kevin and Tony!! On 2021-06-21 10:07, Kevin Darcy via bind-users wrote: [ Classification Level: GENERAL BUSINESS ] That chapter doesn't show any PTR records, for the reverse zones of any *public* address range, pointing back to a "localhost" name. It only shows a PTR record in the reverse zone for the 127.0.0/24 private range, which is what enables a reverse lookup for 127.0.0.1. Your ISP isn't (or shouldn't be) hosting reverse zones for any range under the 127/8 private block, on your behalf. That's your responsibility; hence the term "private". And, as Tony mentioned, these days it's highly questionable whether "localhost" entries in *any* zone, forward or reverse, serve any useful purpose, and may actually cause harm. - Kevin On Mon, Jun 21, 2021 at 12:48 PM wrote: Hi, This book : https://www.oreilly.com/library/view/dns-and-bind/0596100574/ch04.html says I should manage the localhost within my zone (SOA) and reverse lookup / PTR. I do not manage my revers lookup / PTR the IP owner does that. Any thoughts on managing the localhost within the zone file and PTR? Thanks!! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Best DNSSEC documentation for current version?
On Mon, 21 Jun 2021, Ondřej Surý wrote: you haven’t said the version, but readthedocs.io has a version picker, so you can go with the version you are interested in (v9.16 and up) with “latest” referring to the latest stable branch (v9.16.xx). Thanks for letting me know about this. I seem to have missed that because I accessed the DNSSEC Guide directly from a duckduckgo search and so did not realize this docs listing site worked this way. (i thought it was just another ISC domain; I never thought to look at the root.) Brett Ondřej___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Best DNSSEC documentation for current version?
Brett, you haven’t said the version, but readthedocs.io has a version picker, so you can go with the version you are interested in (v9.16 and up) with “latest” referring to the latest stable branch (v9.16.xx). Ondřej -- Ondřej Surý (He/Him) ond...@isc.org > On 21. 6. 2021, at 21:58, Brett Delmage wrote: > > I am looking to read the best documentation on DNSSEC configuration for the > current versions on BIND. > > Is this comprehensive and up to date? > https://bind9.readthedocs.io/en/latest/dnssec-guide.html > > This doc does not refer to any version - Am I missing that? It seems that > this is an important detail to know when attempting to apply such a document. > > Is there anything else I have missed that isn't misleading, especially with > regard to key management, on the ISC site or elsewhere? Right now I am > feeling there are gaps in my knowledge and/or comprehension. I don ;t want to > get further confused. > > Thanks for your tips! > > Brett > > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Best DNSSEC documentation for current version?
I am looking to read the best documentation on DNSSEC configuration for the current versions on BIND. Is this comprehensive and up to date? https://bind9.readthedocs.io/en/latest/dnssec-guide.html This doc does not refer to any version - Am I missing that? It seems that this is an important detail to know when attempting to apply such a document. Is there anything else I have missed that isn't misleading, especially with regard to key management, on the ISC site or elsewhere? Right now I am feeling there are gaps in my knowledge and/or comprehension. I don ;t want to get further confused. Thanks for your tips! Brett ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookup / PTR record
On 21.06.21 09:41, techli...@phpcoderusa.com wrote: I am configuring a home office PHP webserver on my cable company's business connection that allows for servers. My cable company provides the reverse lookup / PTR record. Given that, I'm thinking I need to provide only the zone file, no reverse lookup. if your ISP provides reverse lookup, you don't need reverse zone file at all. Any thoughts are much appreciated. what is your question? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "The box said 'Requires Windows 95 or better', so I bought a Macintosh". ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Managing localhost
[ Classification Level: GENERAL BUSINESS ] That chapter doesn't show any PTR records, for the reverse zones of any *public* address range, pointing back to a "localhost" name. It only shows a PTR record in the reverse zone for the 127.0.0/24 private range, which is what enables a reverse lookup for 127.0.0.1. Your ISP isn't (or shouldn't be) hosting reverse zones for any range under the 127/8 private block, on your behalf. That's your responsibility; hence the term "private". And, as Tony mentioned, these days it's highly questionable whether "localhost" entries in *any* zone, forward or reverse, serve any useful purpose, and may actually cause harm. - Kevin On Mon, Jun 21, 2021 at 12:48 PM wrote: > Hi, > > This book : > https://www.oreilly.com/library/view/dns-and-bind/0596100574/ch04.html > says I should manage the localhost within my zone (SOA) and reverse > lookup / PTR. > > I do not manage my revers lookup / PTR the IP owner does that. > > Any thoughts on managing the localhost within the zone file and PTR? > > Thanks!! > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Managing localhost
techli...@phpcoderusa.com wrote: > > This book : > https://www.oreilly.com/library/view/dns-and-bind/0596100574/ch04.html says I > should manage the localhost within my zone (SOA) and reverse lookup / PTR. That advice is out of date: nowadays you should not put any localhost entries in the DNS, because it can cause problems for web browser security. Modern software should suppress queries for localhost so they never reach the DNS. https://www.dns.cam.ac.uk/news/2017-09-01-localhost.html https://datatracker.ietf.org/doc/html/rfc6761#section-6.3 Tony. -- f.anthony.n.finchhttps://dotat.at/ no one shall be enslaved by poverty, ignorance, or conformity ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Managing localhost
Hi, This book : https://www.oreilly.com/library/view/dns-and-bind/0596100574/ch04.html says I should manage the localhost within my zone (SOA) and reverse lookup / PTR. I do not manage my revers lookup / PTR the IP owner does that. Any thoughts on managing the localhost within the zone file and PTR? Thanks!! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Reverse Lookup / PTR record
Hi, I am configuring a home office PHP webserver on my cable company's business connection that allows for servers. My cable company provides the reverse lookup / PTR record. Given that, I'm thinking I need to provide only the zone file, no reverse lookup. Any thoughts are much appreciated. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Origin of reverse lookup
Reverse lookup problem resolved. Apparently my ISP did not understand I wanted to change the pointer record. Maybe I did no articulate myself very well!! On 2021-06-19 01:17, Reindl Harald wrote: Am 19.06.21 um 01:17 schrieb techli...@phpcoderusa.com: I had my ISP configure a reverse lookup years ago. They say they no longer offer that service and there is no reverse lookup for my IP. don't matter unless you try to send mails from your machine I keep running into this old reverse lookup and do not know where it is coming from. from the ISP owing the network range When I run https://intodns.com/ it shows this reverse lookup and not the one I just configured on my local box. whatever you configure on your box is irrelevant to the world unless the owner of the network range delegates the reverse zone to your server which is unlikely for most cases and impossible for a single IP Any thoughts on how I might resolve this or find who is hosting this reverse lookup? "whois ip" ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: do I need to configure a Caching Server
I am setting up a SOHO PHP web server on my business cable account that allows for running servers. This is a product for small home bound businesses. I have BIND working. The website I am hosting : http://www.keiththewebguy.com/ On 2021-06-19 01:14, Reindl Harald wrote: Am 18.06.21 um 20:28 schrieb techli...@phpcoderusa.com: I am building a home PHP hosting server for learning. I have a commercial connection to the Internet so no blocked ports and my ISP allows servers. unless you are hosting a authoritative zone aka domain on your nameserver it don't matter what your ISP allows if you are not hosting any official zone you shouldn't have the port open to the world because nobody but bots and attackers will ask your server anyways I believe I only need a Primary Master Server. Is this the case? what is your usecase to begin with? if it's just internal hostnames for your LAN maybe dnsmasq is the better solution because it can use simple hostfiles like /etc/hosts and forwards everything else to your ISP nameserver My question is, do I need to configure a Caching Server? there is nothing to configure, if you ask your named for something it's not authoritative it either forwards or doing recursion (depends on the configuration) and cache the result based on the TTL In /etc/bind/named.conf.options: [...] forwarders { 1.2.3.4; 5.6.7.8; }; [...] Do I need to set the forwarders? no let named do it's out-of-the-box job which is recursion - i can't think of any usecase where i do the work setup a nameserver and then forward everything to a crappy ISP server after stop using forwarding all random dns problems where gone and never came back ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users