Re: Will BIND support RFC8080? ED25519 and Ed448 for DNSSEC

2017-02-24 Thread Mark Andrews
In message , Nahual Terabits writes: > > RFC8080 introduces 2 new algorithms for DNSSEC. > > Algorithm: 15 (ED25519) and Algorithm: 16 (ED448) > > https://tools.ietf.org/html/rfc8080 > > > Will ED25519 and ED448 be

Will BIND support RFC8080? ED25519 and Ed448 for DNSSEC

2017-02-24 Thread Nahual Terabits
RFC8080 introduces 2 new algorithms for DNSSEC. Algorithm: 15 (ED25519) and Algorithm: 16 (ED448) https://tools.ietf.org/html/rfc8080 Will ED25519 and ED448 be supported by BIND anytime soon? That means including these algorithms in dnssec-keygen and the dnssec validator.

Re: [Ext] Re: Redirect only second and third level domains

2017-02-24 Thread /dev/rob0
On Fri, Feb 24, 2017 at 02:05:54PM -0500, Warren Kumari wrote: > -- > I don't think the execution is relevant when it was obviously > a bad idea in the first place. > This is like putting rabid weasels in your pants, and later > expressing regret at having chosen those particular rabid > weasels

Re: [Ext] Re: Redirect only second and third level domains

2017-02-24 Thread Warren Kumari
On Fri, Feb 24, 2017 at 1:12 PM, Edward Lewis wrote: > On 2/24/17, 03:42, "bind-users on behalf of Andrea Gabellini" wrote: > >>the server is a resolver for about 20K clients. My goal is to supply a >>courtesy page if a domain is not found. For every domain. > > No

Re: [Ext] Re: Redirect only second and third level domains

2017-02-24 Thread Edward Lewis
On 2/24/17, 03:42, "bind-users on behalf of Andrea Gabellini" wrote: >the server is a resolver for about 20K clients. My goal is to supply a >courtesy page if a domain is not found. For every domain. No approach relying on wildcards will work because of the way wildcards "work."

Re: Redirect only second and third level domains

2017-02-24 Thread Barry Margolin
In article , Andrea Gabellini wrote: > Hi, > > the server is a resolver for about 20K clients. My goal is to supply a > courtesy page if a domain is not found. For every domain. But a wildcard in the

Re: Redirect only second and third level domains

2017-02-24 Thread Warren Kumari
Yeah, what you are describing is NXDomain rewriting -- it turns out to be a really bad idea. Here are some initial documents decribing why: https://www.icann.org/en/system/files/files/sac-032-en.pdf -- ICANN Security and Stability Advisory Committee SAC 032 Preliminary Report on DNS Response

Re: Redirect only second and third level domains

2017-02-24 Thread /dev/rob0
> Il 23/02/2017 20:38, Warren Kumari ha scritto: > > What are you actually trying t odo? On Fri, Feb 24, 2017 at 09:42:17AM +0100, Andrea Gabellini wrote: > the server is a resolver for about 20K clients. My goal is to > supply a courtesy page if a domain is not found. For every domain. Ugh.

Re: switching entire DNS system to new servers and IP addresses

2017-02-24 Thread Phil Mayers
On 23/02/17 20:21, Mitchell Kuch wrote: In practice, we have encountered caching resolvers that provide non-decrementing TTL values to downstream resolvers and clients. Even That is a depressingly common residential ISP trick :o( ___ Please visit

Re: Redirect only second and third level domains

2017-02-24 Thread Reindl Harald
Am 24.02.2017 um 09:42 schrieb Andrea Gabellini: the server is a resolver for about 20K clients. My goal is to supply a courtesy page if a domain is not found. For every domain. for the sake of other admins and their services which may rely on correct working NXDOMAIN please don't do that

Re: Redirect only second and third level domains

2017-02-24 Thread Andrea Gabellini
Hi, the server is a resolver for about 20K clients. My goal is to supply a courtesy page if a domain is not found. For every domain. A query for abc.example.com or example.com (and these do not exist) has to receive the address of the courtesy web server. A query for xyz.abc.example.com (and