Re: Resolving and caching illegal names

2023-01-25 Thread John Thurston
I hadn't had enough coffee when I wrote that. I was doing in-addr.arpa translation in my head and confusing what was the TLD of the query being submitted. If a customer is stupid enough to ask for an A-record for 10.1.2.3, then the TLD of that name is "3", not "10" . . duh. So to make the RPZ

Re: recursion yes/no?

2023-01-25 Thread Evan Hunt
On Wed, Jan 25, 2023 at 10:23:16AM -, David Carvalho wrote: > Will there be any inconvenient setting minimal-responses to no? Having > that default behaviour when using "dig" can be useful. No, it's quite harmless. Minimal-repsonses saves a bit of time when processing a query, but unless

Re: Resolving and caching illegal names

2023-01-25 Thread John Thurston
- Why *must* you forward everything to Akamai? I am forced to "forward only;" to Akamai for all external queries. It hasn't always been this way, but the decision was made "above my pay grade", and it is not open to negotiation. - Was that a real example of a daft query: 10.11.12.13 type

RHEL, Centos, Rocky, Fedora rpm 9.16.37

2023-01-25 Thread Carl Byington via bind-users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies.

RE: recursion yes/no?

2023-01-25 Thread David Carvalho via bind-users
It helps a lot!! I think I understand now. Have a great day! Regards David From: Greg Choules Sent: 25 January 2023 10:34 To: David Carvalho Cc: bind-users@lists.isc.org Subject: Re: recursion yes/no? Hi David. With "minimal-responses", usually I would set it to "no" for a purely

Re: recursion yes/no?

2023-01-25 Thread Greg Choules via bind-users
Hi David. With "minimal-responses", usually I would set it to "no" for a purely authoritative server because resolvers need all the help they can get. But for a purely recursive server I would set it to "yes" because end users don't need (any wouldn't do anything with it anyway) Authority or

Re: [KASP] Key rollover

2023-01-25 Thread Matthijs Mekking
On 1/24/23 15:18, adrien sipasseuth wrote: Hello, I don't why DSState: hidden, it's ok with some online check tools like : - https://dnssec-analyzer.verisignlabs.com/ - https://zonemaster.net/fr/run-test

RE: recursion yes/no?

2023-01-25 Thread David Carvalho via bind-users
Hello and thank you so much. " no-auth-recursive is meant for use in mixed-mode servers that handle both authoritative and recursive queries" - So I guess the default setting is intended for my purpose. Will there be any inconvenient setting minimal-responses to no? Having that default

RE: recursion yes/no?

2023-01-25 Thread David Carvalho via bind-users
Good morning and thank you so much! Now I understand. My servers are not pure authoritative, so I’ll have to keep the recursion enabled. As for the answers in Authority and Additional sections, after setting minimal-responses to no, now I get the usual output when querying. For what I

Re: [KASP] Key rollover

2023-01-25 Thread adrien sipasseuth
Hi Matthijs , my next key was generated yesterday as expected by policy (parameter "publish-safety 3d;"). My current key has been deleted from Bind (according to the logs) but it still exists on my primary server (I can still find the key and its status file). When I do a "dig DNSKEY ..." from