and to answer my own question as I finally found the section in the manual
here:
https://bind9.readthedocs.io/en/latest/dnssec-guide.html#verification
On Wed, 13 Dec 2023, Brett Delmage via bind-users wrote:
Sorry, I pasted the wrong version (too many remote shells open today)
Should
Sorry, I pasted the wrong version (too many remote shells open today)
Should be:
ii bind9 1:9.18.19-1~deb12u1 amd64Internet Domain Name Server
ii bind9-utils1:9.18.19-1~deb12u1 amd64Utilities for BIND 9
On Wed, 13 Dec 2023, Brett Delmage wrote:
I previously used
I previously used delv with a manually made trust/key file to test that a
DNSSEC-enabled zone was generated correctly.
Despite sarching for all kinds of terms I cannot find those instructions
(in readthedocs I believe).
Could someone please point me there?
bind9, bind9-dnsutils: 9.18.15
On Mon, 21 Jun 2021, John W. Blue via bind-users wrote:
Have you seen the webinar videos on ISC's youtube channel?
https://www.youtube.com/user/ISCdotorg/search?query=DNSSEC
No! I would not have thought to look there for this -- although I learn
all kinds of other things on YT. Many thanks
On Mon, 21 Jun 2021, Ondřej Surý wrote:
you haven’t said the version, but readthedocs.io has a version picker,
so you can go with the version you are interested in (v9.16 and up) with
“latest” referring to the latest stable branch (v9.16.xx).
Thanks for letting me know about this. I seem to
I am looking to read the best documentation on DNSSEC
configuration for the current versions on BIND.
Is this comprehensive and up to date?
https://bind9.readthedocs.io/en/latest/dnssec-guide.html
This doc does not refer to any version - Am I missing that? It seems that
this is an important
On Sat, 5 Jun 2021, Reindl Harald wrote:
besides that - i didn't hear a serious reasoning for a native named
binary on windows these days and given there are tons of ways running a
linux binary compared to 20 years ago i call it a waste of time
* more complex code implies more errors
some
I have added the following two records
_mta-sts.BrettDelmage.ca. 180 IN TXT"v=STSv1;
id=2021060102;"
_smtp._tls.BrettDelmage.ca. 180 IN TXT"TLSRPTv1;
rua=mailto:br...@brettdelmage.ca;
to a signed zone to enable Mail Transfer Agent Strict
The internet isn’t always on and it isn’t only composed of big tech
companies with lots of resources.
like Google's gmail, which has had hours-long service outages from time to
time? ;-)___
Please visit
On Wed, 5 Aug 2020, Mark Andrews wrote:
If I use the example zone on that page *no* errors are reported.
If I modify restarchitect.com to have a A record at
_acme-challenge.restarchitect.com then errors will be reported.
I certainly did get an error originally. I would not have found this
help plea
and look like an idiot. Just not in this report, although an earlier
version led me to seeing another problem, which was good.
Brett
Mark
On 5 Aug 2020, at 08:44, Brett Delmage wrote:
I'm having a problem getting nsupdate to work, as shown below.
(Despite reading the man
I'm having a problem getting nsupdate to work, as shown below.
(Despite reading the man pages I'm not 100% clear about the exact scope of
the grant options and it may not be right. Examples would be helpful.)
I generated the key:
ddns-confgen -k acmesh-ottawatch. -z ottawatch.ca
# To
On Wed, 29 Jul 2020, Mark Andrews wrote:
Make sure you are using the CORRECT name in the dig query. You used
ddns-key.ottawatch.ca instead of ddns-update.ottawatch.ca.
Thanks Mark... so tired I didn't see that when staring at it.
(Blame grass allergies and terrible heat lately.)
Also you
nsupdate works according to updated contents of a dynamic zonefile
but dig does not report the added A record.
What am I doing stupidly here?
BIND version 1:9.16.5-1+ubuntu18.04.1
- both authoritative and local recursive
zone config:
zone "ottawatch.ca"
{
type master;
On Thu, 23 Jul 2020, Michael De Roover wrote:
For example I don't trust Manjaro's maintainers, since they screwed up
their TLS certificate renewal no less than 3 times. That's complete and
utter incompetence on their part.
How they didn't already put certbot in a cron job after the first time
On Fri, 10 Jul 2020, Mark Andrews wrote:
The file names in named.conf. "/etc/bind/dns” is a directory. Directories are not
zone files. Telling named to read a directory as a zone file is not useful. Search for
‘"/etc/bind/dns”’ and the correct the file name.
Thanks Mark. Sometimes one can
I installed
BIND 9.16.4-Ubuntu (Stable Release)
from the Ubuntu stable PPA linked to on the ISC site.
https://launchpad.net/~isc/+archive/ubuntu/bind
After restart, BIND failed with this status:
service bind9 status
● bind9.service - BIND Domain Name Server
Loaded: loaded
On Tue, 7 Jul 2020, Tony Finch wrote:
Brett Delmage wrote:
On Tue, 7 Jul 2020, Tony Finch wrote:
minimal-any yes;
Why only reduce and not eliminate?
The reason is a bit subtle. If an ANY query comes via a recursive
resolver, it is much better to give the resolver an answer so
On Tue, 7 Jul 2020, Shumon Huque wrote:
Cloudflare themselves now implement the "minimal any" behavior described
in this spec:
https://tools.ietf.org/html/rfc8482
cloudflare.com. 3789 IN HINFO "RFC8482" ""
Gee, that's a pretty minimal answer!
On Tue, 7 Jul 2020, Tony Finch wrote:
Reduce the size of responses to ANY queries, which are a favourite tool of
amplification attacks. There's basically no downside to this one, in my
opinion, but I'm biased because I implemented it.
minimal-any yes;
Why only reduce and not
Not quite on-topic, but consider this an essential element of making my
BIND signing, authoritative server and name service work well.
Does anyone know of or ideally have experience with Canadian
(CIRA-authorized) and ideally _Canadian-based_ .ca registrars that handle
DNSSEC and ipv6
On Thu, 25 Jun 2020, Chuck Aurora wrote:
On 2020-06-25 04:10, Techs-yama wrote:
Hi, bind forks !
I'm a spoon, not a fork! :)
418 I'm a teapot!
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC
On Mon, 15 Jun 2020, Evan Hunt wrote:
On Sun, Jun 14, 2020 at 06:38:38PM -0400, Brett Delmage wrote:
Is this ARM the most recent version?
No, the current stable release is 9.16. The "primary" and "secondary"
keywords were added in 9.12.
Then is the ISC ARM directory pag
After I feel I have mastered DNS and BIND after slaving over the docs and
code for years (I'm not there yet, and I have not) how am I going to
communicate this to people?
How will I be able to master anything technical anymore? Should I just
stop trying?
Thesaurus.com suggests that one
On Sun, 14 Jun 2020, Vinícius Ferrão wrote:
ISC had a statement about it a time ago:
https://twitter.com/ISCdotORG/status/942815837299253248
Thanks. I vaguely recalled something but my search didn't turn
this up.
___
Please visit
I just read
GitHub, Android, Python, Go: More Software Adopts Race-Neutral Terminology
at
https://developers.slashdot.org/story/20/06/14/173/github-android-python-go-more-software-adopts-race-neutral-terminology
The BIND 9.11 Administrator Reference Manual at
On Sat, 2 May 2020, Michael De Roover wrote:
Even if your ISP allows it, chances are that other mail servers will
reject it
Nope, not always.
My residential-class static IP mail server has never had problems
delivering mail. I've checked it many times over the years on many
blacklist
On Sat, 2 May 2020, Paul Kosinski via bind-users wrote:
How many ISPs allow traffic on port 25? My impression is that even many
(non-enterprise) business customers can't use port 25.
Mine does. It's a major Canadian independent ISP. They allow servers too.
I run postfix and secondary DNS
9.14.10 is the current stable release and 9.11.15 is the current extended
support release. Unless you know something is broken in 9.14.10 (unlikely)
that would be the version to $
You absolutely should not be running a bind version several years old, as
9.11.4 is.
But
On Mon, 23 Dec 2019, Dns Admin wrote:
Hi Brett,
./configure -h
Will give you list of the available options.
Thanks Peter! Duh, I don't know why I never tried -h here. I use/try it
(or --help) everywhere else...
I guess I didn't think that configure would report any
domain specific help.
I'm building bind-9.15.7 on Ubuntu 18.04, so I can try some of the newest
features.
I have never built bind before. I configured and compiled using the
default options just fine, after installing a few reqiasite libraries. I
was pleasantly suprised.
Next, I would like to build with the same
31 matches
Mail list logo
