Re: 'tsig-keygen' vs 'dnssec-keygen' - keysize

2018-09-04 Thread Mark Andrews
> On 5 Sep 2018, at 2:50 pm, Browne, Stuart via bind-users > wrote: > > Was adding in some new internal functionality and noted that the > 'tsig-keygen' tool doesn’t > give the ability to alter the keysize like dnssec-keygen does for generating > HMAC based tsig keys. > > I also noticed

'tsig-keygen' vs 'dnssec-keygen' - keysize

2018-09-04 Thread Browne, Stuart via bind-users
Was adding in some new internal functionality and noted that the 'tsig-keygen' tool doesn't give the ability to alter the keysize like dnssec-keygen does for generating HMAC based tsig keys. I also noticed that in 9.13, dnssec-keygen will no longer be able to generate HMAC tsig's, so I'm

Re: how to verify Pipelined TCP and DNSCOOKIE

2018-09-04 Thread Ray Bellis
On 04/09/2018 15:13, Tony Finch wrote: > `mdig` comes with BIND and does multiple concurrent queries, so you can > check pipelining behaviour like this: > > ... > > A good selection of sites near and far should nicely demonstrate > out-of-order replies. If you don't flush the cache first then

Re: how to verify Pipelined TCP and DNSCOOKIE

2018-09-04 Thread Tony Finch
Rodrigo Reyna wrote: > I don't know how to confirm [Pipelined TCP queries(RFC7766)]. > Specifically, please tell me if there is a method to check with the command > such as dig for the server on which BIND 9.11 is running. `mdig` comes with BIND and does multiple concurrent queries, so you can

how to verify Pipelined TCP and DNSCOOKIE

2018-09-04 Thread Rodrigo Reyna
Hi,there. Please someone help me. I am currently verifying the function of BIND 9.11, but I am in two troubles. 1. I don't know how to confirm [Pipelined TCP queries(RFC7766)]. Specifically, please tell me if there is a method to check with the command such as dig for the server on which BIND

how to verify Pipelined TCP and DNSCOOKIE

2018-09-04 Thread Rodrigo Reyna
Hi,there. Please someone help me. I am currently verifying the function of BIND 9.11, but I am in two troubles. 1. I don't know how to confirm [Pipelined TCP queries(RFC7766)]. Specifically, please tell me if there is a method to check with the command such as dig for the server on which BIND

Re: dig ds c10r.facebook.com returns SERVFAIL

2018-09-04 Thread Tony Finch
Laurent Bigonville wrote: > > Don't take what I said about the internal working of systemd-resolved for > granted :) > > Looking at the log that I initially provided > (https://github.com/systemd/systemd/issues/8897), it seems to revalidate the > complete chain. Yes, you are right, I shouldn't