Re: [dns-operations] Input from dns-operations on NCAP proposal
Dave Lawrence via dns-operations writes: > I accept that the only way to really capture > all of these queries into the global DNS is via a delegation, Brian Dickson reminded me of his CNAME proposal earlier in the thread, and I think that is also an approach worth further investigation. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] Input from dns-operations on NCAP proposal
That might not be true on some Linux distributions. Those with systemd-resolved preinstalled (Ubuntu and Fedora) send single label queries to LLMNR multicast resolution. I think it uses the search directive for list of domains for local networks, but otherwise ignores them. It is debatable whether this approach is more secure or better. On 04. 06. 22 2:18, Randy Bush wrote: Do we have any idea how many systems still use search lists? linux and freebsd installs encourage them -- Petr Menšík Software Engineer, RHEL Red Hat, http://www.redhat.com/ PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
[dns-operations] DNSSEC queries to Amazon EC2 without signatures
Is anyone from Amazon EC2 DNS team present? We have Testing Farm for Fedora project on AWS instances. Because our internal network restricts outgoing DNS packets, we always rely on resolvers provided by the network. However, our unbound test containing DNSSEC validation fails. The server does not answer to dnssec enabled query with signatures, which are required for working resolution. Another issue is bad handling of empty non-terminals. Name dig soa us-east-2.compute.internal answers without error, but dig soa compute.internal ends with NXDOMAIN status. Because Amazon is member of DNS-OARC, do you know, when such reports should be directed? Thanks! -- Petr Menšík Software Engineer, RHEL Red Hat, http://www.redhat.com/ PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations