validate-except (I typo’d it the second time, unfortunately expect and except
are both valid words).
https://downloads.isc.org/isc/bind9/9.16.6/doc/arm/Bv9ARM.pdf
validate-except
This specifies a list of domain names at and beneath which DNSSEC validation
should not be performed, regardless of
Mark,
You gave me the "let them eat cake" answer I anticipated. Also, this
isn't fixing a problem that my services produce - it is preventing a
problem that a potential MISTAKE from a large customer would cause - the
type of mistake that is inevitable at some point, but likely
short-lived. Th
> On 11 Sep 2020, at 15:04, Rob McEwen wrote:
>
> Mark,
>
> The whole usage of DNS by the anti-spam industry in our DNSBLs - is somewhat
> a hack on the DNS system from the start - I guess if you think that is wrong,
> maybe you should take that up with Paul Vixie?
And Paul will tell you to
Mark,
The whole usage of DNS by the anti-spam industry in our DNSBLs - is
somewhat a hack on the DNS system from the start - I guess if you think
that is wrong, maybe you should take that up with Paul Vixie?
And the whole purpose for MANY of us DNSBLs using ".local" in the first
place - was
On Fri, Sep 11, 2020 at 8:58 AM ShubhamGoyal wrote:
> Dear sir,
>We are running a public DNS resolver in
> Centos 8 with bind software . We enable geoip feature at configuration time
> now I want to know about
>
> "
> Dear sir,
>We are running a public DNS resolver in
> Centos 8 with bind software . We enable geoip feature at configuration time
> now I want to know about
>
> " How can we implement Geo
> log in bind R
> On 11 Sep 2020, at 11:13, Rob McEwen wrote:
>
> Mark,
>
> Most invaluement subscribers do direct queries - to hostnames that end with
> my own valid domain names that don't have this DNSSEC issue - those are the
> ONE ones that make use of public DNS and are broadcast across the internet.
Mark,
Most invaluement subscribers do direct queries - to hostnames that end
with my own valid domain names that don't have this DNSSEC issue - those
are the ONE ones that make use of public DNS and are broadcast across
the internet.
Our usage of ".local" zones for those who are RSYNC'ing ou
.local is for mDNS (RFC 6762). Do not use it for other purposes as you are
hijacking the namespace.
The best solution is to NOT change the name of the zones from those that you
use publicly. That way they have the correct DNSSEC chain of trust down from
the root. If you want to use different
Thanks, yes the second is actually the aim. We don't have secondaries
since we use ADDS and BIND simply acts as a recursive service for the
other internal domains.
On 10/09/2020 16:01, Carl Byington wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2020-09-10 at 15:35 +0100, Ben
On Thu, 2020-09-10 at 13:50 -0400, Jim Popovitch via bind-users wrote:
> On Thu, 2020-09-10 at 11:56 -0400, Rob McEwen wrote:
> > I manage an anti-spam DNSBL and I've been running into an issue in recent
> > years - that I'm FINALLY getting around to asking about. I just joined this
> > list to a
On Thu, 2020-09-10 at 11:56 -0400, Rob McEwen wrote:
> I manage an anti-spam DNSBL and I've been running into an issue in recent
> years - that I'm FINALLY getting around to asking about. I just joined this
> list to ask this question. Also, I checked the archives, but couldn't find an
> answer
I manage an anti-spam DNSBL and I've been running into an issue in
recent years - that I'm FINALLY getting around to asking about. I just
joined this list to ask this question. Also, I checked the archives, but
couldn't find an answer - at least, not one I understood.
So basically, while most
On Mon, Sep 7, 2020 at 6:01 PM Ben Lavender wrote:
> Without having to alter the TTL of the existing RRs as well as the
> default TTL. I know this can be done using cache-max-ttl to limit the
> whole cache, but can this be done for say one single or multiple defined
> domains only?
AFAIK there's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2020-09-10 at 15:35 +0100, Ben Lavender wrote:
> Anyone think they may know the answer to this?
With the cooperation of the "certain domains" master servers, just slave
the zones. The masters should be configured to send you notify messages
Anyone think they may know the answer to this?
Thanks
Ben
On 07/09/2020 23:00, Ben Lavender wrote:
Hi,
Without having to alter the TTL of the existing RRs as well as the
default TTL. I know this can be done using cache-max-ttl to limit the
whole cache, but can this be done for say one singl
16 matches
Mail list logo