Re: hooks in bind's DNSSEC automation to trigger external scripting of DS RECORDS updates, when CDS/CDNSKEY polling is (still) not available?

On 6/10/21 1:55 PM, Tony Finch wrote: PGNet Dev wrote: fyi, perhaps keep an eye on this: https://gitlab.isc.org/isc-projects/bind9/-/wikis/BIND-9-PKCS11 hmm, maybe, but it's my Spock eye with a single arched eyebrow hehe. well, I _did_ just suggest "keep an eye on it", not "wait for i

Re: hooks in bind's DNSSEC automation to trigger external scripting of DS RECORDS updates, when CDS/CDNSKEY polling is (still) not available?

PGNet Dev wrote: > > fyi, perhaps keep an eye on this: > > https://gitlab.isc.org/isc-projects/bind9/-/wikis/BIND-9-PKCS11 hmm, maybe, but it's my Spock eye with a single arched eyebrow Tony. -- f.anthony.n.finchhttps://dotat.at/ Thames, Dover: Southwest 4 to 6. Smooth or slight becoming

cmdns.dev.dns-oarc.net oddness with windows 10 and bind

So I redone my windows bind setup on a new system and this bug may never get fixed but I wanted to post the oddness of this bug. Bind on New PC as servers 127.0.0.1 for dns on that system cmdns.dev.dns-oarc.net reports fine except for IPv6 test OK I then have two PC's as clients to this DNS b

Re: No more support for windows

You might want to consider using the BIND9 docker image. With docker and kubernetes which has an internal load balancer you can run this on any Windows platform and don't need anything special. You point to the IP address of the kubernetes load balancer and it takes care of where to find the do

Re: RE: No more support for windows

On 09-Jun-21 18:46, Richard T.A. Neal wrote: > Evan Hunt wrote: > >>> My understanding is BIND will still run fine under WSL; it's only the >>> native Visual Studio builds that we're removing. >>> For people who want to run named on windows, WSL seems like the best way to >>> go. > Sadly no. To

Re: hooks in bind's DNSSEC automation to trigger external scripting of DS RECORDS updates, when CDS/CDNSKEY polling is (still) not available?

On 6/10/21 8:38 AM, Tony Finch wrote: I have not, and I also want to be able to do this, and I also want scripting hooks for whenever any keys change so that I can stash them somewhere safer. fyi, perhaps keep an eye on this: https://gitlab.isc.org/isc-projects/bind9/-/wikis/BIND-9-PKCS11 s

Re: hooks in bind's DNSSEC automation to trigger external scripting of DS RECORDS updates, when CDS/CDNSKEY polling is (still) not available?

PGNet Dev wrote: > > Has anyone here on-list figured out how to hook bind's internal signing > process to *trigger* and external script to exec those API pushes? I have not, and I also want to be able to do this, and I also want scripting hooks for whenever any keys change so that I can stash the

hooks in bind's DNSSEC automation to trigger external scripting of DS RECORDS updates, when CDS/CDNSKEY polling is (still) not available?

DNSSEC signing using Bind 9.16.x's internal/automated key mgmt correctly generates PublishCDS, DSChange, DSState data for the KSK .state. Subsequent published data correctly contains CDS/CDNSKEY data. Most registrars are still incapable of polling for updates, and require, at best, API push of

RE: How to setup DNS on virtual machine

Hi Gary, I have written a guide for that here: https://www.winbind.org/guides/ I know you say you’ve already installed it, but I would still recommend starting with the “Installation” guide to make sure you’ve followed current best practice (well, *my* best practice, others may well chip-in wit