Re: BIND 9.18.2 break-dnssec question

> On 2 May 2022, at 12:28, J Doe wrote: > > On 2022-04-29 01:18, Mark Andrews wrote: > >> break-dnssec is about if the client could detect the re-write or not using >> DNSSEC. If the client has DO=1 in the request and the normal response is >> signed then rewrites can be detected. If

Re: DNSSEC: Why aren't the old keys going hidden?

On 05/01/2022 8:53 pm, Mark Andrews wrote: Why should you want them to go away while you still have DS records referencing them? You also have a CDS record referencing a DNSKEY that dnssec-policy doesn’t seem to know about. sienawx.us. 2892IN CDS 49366 8 2

Re: BIND 9.18.2 break-dnssec question

On 2022-04-29 01:18, Mark Andrews wrote: break-dnssec is about if the client could detect the re-write or not using DNSSEC. If the client has DO=1 in the request and the normal response is signed then rewrites can be detected. If break-dnssec is ’no’ the rewrite will be prevented. If

Re: DNSSEC: Why aren't the old keys going hidden?

Why should you want them to go away while you still have DS records referencing them? You also have a CDS record referencing a DNSKEY that dnssec-policy doesn’t seem to know about. sienawx.us. 2892IN CDS 49366 8 2

Re: Bind and systemd-resolved

On 1/05/2022 9:13 pm, Reindl Harald wrote: Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users: I'm not 100% sure, but I wonder if disabling systemd-resolved may create issues if, for example, you are using netplan with systemd-networkd as the renderer? E.g. Will it still be possible to

DNSSEC: Why aren't the old keys going hidden?

I have 2 domains where I switched from Alg 8 to Alg 13, but the old keys don't seem to be going away. Attached are the state files, and the rndc dnssec -status outputs. Ideas? -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail:

9.16.27 (Raspberry PI package) - memory usage

Hello, I have an rPi here at home running as a second DNS server to my main (non-rPi) bind instance. The pi unfortunately only has 1G ram. I’ve set max-cache-size to 50% and verified it took effect: root@ns2:~# grep size /var/log/daemon.log May 1 12:38:23 ns2 named[6295]:

Re: Bind and systemd-resolved

Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users: I'm not 100% sure, but I wonder if disabling systemd-resolved may create issues if, for example, you are using netplan with systemd-networkd as the renderer? E.g. Will it still be possible to pick up DNS servers from IPv6 router

Re: Supporting LOC RR's

On Wed, Apr 13, 2022 at 9:39 AM Bjørn Mork wrote: > Timothe Litt writes: > > > Anyhow, it's not clear exactly what problem you're asking LOC (or > > anything) to solve. > > Which problems do LOC solve? > > I remember adding LOC records for fun?() in the previous millennium when > RFC 1876 was