Hi,
So I was playing with these two statements and wanted to know something on
also-notify.
also-notify by default will update slaves about delta changes on port
TCP/53 if not explicitly set right?
e.g.
also-notify {10.0.1.2; "notify-them" port 2034;};
On 05/03/2018 12:42 PM, Darcy Kevin (FCA) wrote:
As far as I know, Domain Controllers still only maintain SRV records
DCs, likely all member servers, and possibly all workstations (or the
DHCP server on their behalf) will try to register A / and PTR
records too.
Also, updates to the
“We are aware that we should not mix the plain text configuration with these
dynamic records (and use a subdomain instead)”
So, why don’t you do that? As far as I know, Domain Controllers still only
maintain SRV records, so the “underscore zones” approach should still work.
Make
Again unicast could be any IP address or normal IP address given on server?
There is no such specification like multicast
On Thu, May 3, 2018 at 7:46 PM, Blason R wrote:
> Thanks I got it, Below link helped me understand.
>
>
Thanks I got it, Below link helped me understand.
https://deepthought.isc.org/article/AA-00518/0/How-can-I-synchronize-DNS-RPZ-firewall-policies-across-multiple-DNS-servers.html
The one thing I didnt understand is how to assign unicast address from DNS
perspective?
On Thu, May 3, 2018 at 7:36
Hi there,
Can someone please guide me on working configuration of Mater/Slave zone in
DNS RPZ for reference?
Is that available with someone? And does it work exactly as master/slave
like any other zone?
___
Please visit
Tom wrote:
> Does the "inline-signing"-mechanism also automatically renew the
> expiration-time of the RRSIGs?
Yes.
> If so: When or in which interval does BIND verify the expiration-times
> of the RRSIGs and renew them?
The documentation for sig-validity-interval says
On 02/05/2018 23:39, Rick Dicaire wrote:
> Thanks for the responses folks...so if I don't need to manage root.hints,
> can I remove the line:
>
> zone "." IN {type hint;file "root.cache";};
>
> from named.conf?
Yes, you can remove it.
Regards,
Anand
Hi list
Using latest BIND (9.12.1) with dnssec and inline-signing enabled.
SIG-VALIDITY-INTERVAL is set to 1 day (for testing).
Look the following RRSIG:
test01.example.com. 300 IN RRSIG A 8 3 300 (
20180504060124 20180503052321 1 test01.example.com.
9 matches
Mail list logo