Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-11 Thread raf via bind-users
On Wed, Aug 11, 2021 at 12:14:38PM -0500, Tim Daneliuk via bind-users wrote: > On 8/10/21 11:27 PM, raf via bind-users wrote: > > Does that help at all? > > Very much thank you. I have now discovered my DNS key and corresponding DS > record. I believe the DS record is what I have to provide

Failure from rate-limit

2021-08-11 Thread Peter
Hi, my servers fail to query the upstream servers with these errors: rate-limit: debug 99: rrl=0x0, HAVECOOKIE=0, result=DNS_R_SERVFAIL, fname=0x8027a5450(0), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0 The operator of the upstream servers says it is due to a configuration

Re: Debug Approach Help?

2021-08-11 Thread Tim Daneliuk via bind-users
On 8/11/21 12:49 PM, Richard T.A. Neal wrote: > There's a very good article on the ISC website which discusses BIND logging: > https://kb.isc.org/docs/aa-01526 > > I recommend reading and implementing the logging as per their suggestion > (backup or make a note of your current logging

RE: Debug Approach Help?

2021-08-11 Thread Richard T.A. Neal
There's a very good article on the ISC website which discusses BIND logging: https://kb.isc.org/docs/aa-01526 I recommend reading and implementing the logging as per their suggestion (backup or make a note of your current logging configuration options in case you want to revert in future) and

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-11 Thread Tim Daneliuk via bind-users
On 8/10/21 11:27 PM, raf via bind-users wrote: > Does that help at all? Very much thank you. I have now discovered my DNS key and corresponding DS record. I believe the DS record is what I have to provide my registrar as I understand it. --

Re: DKIM setup

2021-08-11 Thread Vinícius Ferrão via bind-users
LOL what a joke, country blocking: Original Message Details Created Date: 8/11/2021 4:56:17 PM Sender Address: fer...@versatushpc.com.br Recipient Address: john...@pharmacy.arizona.edu Subject:Re: DKIM setup

Re: DKIM setup

2021-08-11 Thread Vinícius Ferrão via bind-users
Hello. Ve is Venezuela. It’s a country. Alice is the selector name, you can have whatever you want. https://dmarcly.com/blog/what-is-dkim-selector-and-how-does-it-work-dkim-selector-explained For Office365 you should follow Office365 names which are selector1 and selector2. On 11 Aug 2021,

DKIM setup

2021-08-11 Thread Bruce Johnson via bind-users
I’m trying to set up DNS records for DKIM in our system; we have a hybrid O365/On-Prem Exchange server and separate Mailman list server, all of which send email from our domain (and are in the spf list in DNS.) I’m a little unclear on the syntax described here:

Debug Approach Help?

2021-08-11 Thread Tim Daneliuk via bind-users
I am running bind 9.16.19 on two FreeBSD 13-STABLE instances. The master is on a Digital Ocean droplet and works fine. The slave is hosted on physical machine here in our offices. This has always worked flawlessly until recently. Periodically, the slave refuses to resolve names like

Re: Add DNS records automatically for static IP's

2021-08-11 Thread Roberto Carna
Thank you so much ! El lun, 9 ago 2021 a las 13:40, tale () escribió: > > On Mon, Aug 9, 2021 at 8:46 AM Roberto Carna wrote: > > Thanks to all of you, is it possible to use nslookup in order to > > update DNS records from Linux hosts to a Windows DNS server (not BIND) > > Not nslookup, but

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-11 Thread raf via bind-users
On Wed, Aug 11, 2021 at 09:40:00AM +0200, Matthijs Mekking wrote: > > Syntax question: > > In https://bind9.readthedocs.io/en/latest/dnssec-guide.html > > the double quotes are never used in the zone stanza > > where the dnssec-policy is referred to. The double > > quotes sometimes (but not

RE: advance features of BIND DoT and DoH

2021-08-11 Thread Richard T.A. Neal
Swapneel wrote: > For DoH, please have a look at the following page[1] and BIND9 > documentation[2] and for DoT[3] > [1]: https://www.isc.org/blogs/bind-implements-doh-2021/ > [2]: > https://bind9.readthedocs.io/en/latest/reference.html?highlight=DoH#http-statement-definition-and-usage > [3]:

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-11 Thread Matthijs Mekking
Syntax question: In https://bind9.readthedocs.io/en/latest/dnssec-guide.html the double quotes are never used in the zone stanza where the dnssec-policy is referred to. The double quotes sometimes (but not always) appear in the dnssec-policy definition stanza. Are the double quotes optional in

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

2021-08-11 Thread Matthijs Mekking
Hi Tim, On 11-08-2021 04:19, Tim Daneliuk via bind-users wrote: On 8/10/21 7:32 PM, raf via bind-users wrote: To get the DS record information to convey to the registrar, after starting to use the default policy. look for the CDS record (the child version of the DS record) with dig: dig

Re: advance features of BIND DoT and DoH

2021-08-11 Thread Swapneel Patnekar
On Wed, Aug 11, 2021 at 10:04 AM Divya wrote: > > Dear Admin, > > Has anybody implemented advance features of BIND DoT and DoH, Kindly help > me to configure DoT and DoH in DNS with BIND 9.17.16+CentOS 7.9. > Hello Divya, For DoH, please have a look at the following page[1] and BIND9