DNSSec mess with SHA1

2023-12-13 Thread Wolfgang Riedel via bind-users
Hi Folks, I just wonder what's your take is on the current DNSSec mess with SHA1? There are still a lot of top level domains being signed with SHA1 and look like nobody really cares? Current OS releases like RHEL9 and others simply removed SHA1 from the code so if you're running BIND with

Re: Instructions to use delv to test DNS configured domain before DS uploaded to parent

2023-12-13 Thread Brett Delmage via bind-users
and to answer my own question as I finally found the section in the manual here: https://bind9.readthedocs.io/en/latest/dnssec-guide.html#verification On Wed, 13 Dec 2023, Brett Delmage via bind-users wrote: Sorry, I pasted the wrong version (too many remote shells open today) Should be:

Re: Question about DNS / bind9 / authoritative and NXDOMAIN vs NOERROR (NODATA)

2023-12-13 Thread G.W. Haywood
Hi there, On Wed, 13 Dec 2023, Greg Choules wrote: If your server can reach the Internet it can recurse all on its own. And for extra information, I recommend you give the '+trace' option to dig. I hope that helps. Ditto. :) -- 73, Ged. -- Visit

Re: Question about DNS / bind9 / authoritative and NXDOMAIN vs NOERROR (NODATA)

2023-12-13 Thread Greg Choules via bind-users
Hi Michel. You will get an authoritative answer (AA bit = 1) if the server is either primary (master) or secondary (slave) for the QNAME (query name); in this case "reseau1.lan". From the config snip you provided this is because you have the config: zone "reseau1.lan" { type master; ... }; If

Re: Question about DNS / bind9 / authoritative and NXDOMAIN vs NOERROR (NODATA)

2023-12-13 Thread Stephane Bortzmeyer
On Wed, Dec 13, 2023 at 05:29:02PM +0100, Michel Diemer via bind-users wrote a message of 1723 lines which said: > another virtual machine that uses the first one as ics dhcp and dns > server. An important thing about DNS: there are two types of DNS servers, very different. Resolvers and

Question about DNS / bind9 / authoritative and NXDOMAIN vs NOERROR (NODATA)

2023-12-13 Thread Michel Diemer via bind-users
  ‌ Dear Bind user,   I am a teacher and trying to understand how dns works. I am spending hours reading various sources without finding satisfying information. For teaching purposes I have created a virtual machine with isc dhcp server and bind9 and another virtual machine that uses the

Re: Instructions to use delv to test DNS configured domain before DS uploaded to parent

2023-12-13 Thread Brett Delmage via bind-users
Sorry, I pasted the wrong version (too many remote shells open today) Should be: ii bind9 1:9.18.19-1~deb12u1 amd64Internet Domain Name Server ii bind9-utils1:9.18.19-1~deb12u1 amd64Utilities for BIND 9 On Wed, 13 Dec 2023, Brett Delmage wrote: I previously used

Instructions to use delv to test DNS configured domain before DS uploaded to parent

2023-12-13 Thread Brett Delmage via bind-users
I previously used delv with a manually made trust/key file to test that a DNSSEC-enabled zone was generated correctly. Despite sarching for all kinds of terms I cannot find those instructions (in readthedocs I believe). Could someone please point me there? bind9, bind9-dnsutils: 9.18.15

Re: How do I debug if the queries are not getting resolved?

2023-12-13 Thread Stacey Marshall
That's good advice Greg, I thought I'd read up some more about that in the DNSSEC guide within the Admin. Reference Manual - https://bind9.readthedocs.io/en/v9.18.20/dnssec-guide.html - only it is not mentioned within that section (dnssec-validation is). It is in the Configuration Reference -