> On 2 May 2022, at 12:28, J Doe wrote:
>
> On 2022-04-29 01:18, Mark Andrews wrote:
>
>> break-dnssec is about if the client could detect the re-write or not using
>> DNSSEC. If the client has DO=1 in the request and the normal response is
>> signed then rewrites can be detected. If
On 05/01/2022 8:53 pm, Mark Andrews wrote:
Why should you want them to go away while you still have DS records
referencing them?
You also have a CDS record referencing a DNSKEY that dnssec-policy
doesn’t seem to know about.
sienawx.us. 2892IN CDS 49366 8 2
On 2022-04-29 01:18, Mark Andrews wrote:
break-dnssec is about if the client could detect the re-write or not using
DNSSEC. If the client has DO=1 in the request and the normal response is
signed then rewrites can be detected. If break-dnssec is ’no’ the rewrite will
be prevented. If
Why should you want them to go away while you still have DS records referencing
them?
You also have a CDS record referencing a DNSKEY that dnssec-policy doesn’t seem
to know about.
sienawx.us. 2892IN CDS 49366 8 2
On 1/05/2022 9:13 pm, Reindl Harald wrote:
Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users:
I'm not 100% sure, but I wonder if disabling systemd-resolved may
create issues if, for example, you are using netplan with
systemd-networkd as the renderer? E.g. Will it still be possible to
I have 2 domains where I switched from Alg 8 to Alg 13, but the old keys
don't seem to be going away.
Attached are the state files, and the rndc dnssec -status outputs.
Ideas?
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 E-Mail:
Hello,
I have an rPi here at home running as a second DNS server to my main (non-rPi)
bind instance. The pi unfortunately only has 1G ram. I’ve set max-cache-size
to 50% and verified it took effect:
root@ns2:~# grep size /var/log/daemon.log
May 1 12:38:23 ns2 named[6295]:
Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users:
I'm not 100% sure, but I wonder if disabling systemd-resolved may create
issues if, for example, you are using netplan with systemd-networkd as
the renderer? E.g. Will it still be possible to pick up DNS servers from
IPv6 router
On Wed, Apr 13, 2022 at 9:39 AM Bjørn Mork wrote:
> Timothe Litt writes:
>
> > Anyhow, it's not clear exactly what problem you're asking LOC (or
> > anything) to solve.
>
> Which problems do LOC solve?
>
> I remember adding LOC records for fun?() in the previous millennium when
> RFC 1876 was
9 matches
Mail list logo