.ARPA
>
> Thanks for telling me. I used dig and extracted the question section.
>
> Sadly, arpaname is in bind9 package, so if I wanna use it, I have to
> install bind.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
>
t Internet in ZA: https://ftth.posix.co.za
<https://ftth.posix.co.za>
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
incometax.gov.in [v6 TTL 125] [v4 unexpected] [v6 nxrrset]
> ; ns02.incometax.gov.in [v6 TTL 114] [v4 unexpected] [v6 nxrrset]
> ; ns01.incometax.gov.in [v6 TTL 125] [v4 unexpected] [v6 nxrrset]
> ; ns02.incometax.gov.in [v6 TTL 114] [v4 unexpected] [v6 nxrrset]
> ; ns01.incometax.gov.in [v
ELKINS - Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
<https://ftth.posix.co.za>
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the devel
; buffers, the server would drop the new request (or send a SERVFAIL
> response). I know about the Recursive Client Rate Limiting
> (fetches-per-server, fetches-per-zone) and clients-per-query, those aren't
> what I'm asking about.
>
> Thanks,
>
> .Ben Bridges.
>
check for those issues? Thanks for any insight.--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users ma
Thanks for your reply, I certainly appreciate it.
On Tuesday, September 5, 2023 at 12:24:30 PM CDT, Fred Morris
wrote:
On Tue, 5 Sep 2023, Leroy Tennison via bind-users wrote:
>
> After some recent upgrading it was discovered that both DNS servers were
> configured as mas
;In BIND 9, it is relatively simple to switch a server from primary to
>secondary in real time: if you store the data in a file, simply redefine
>the zone type and change type primary; to type secondary;.
>
> --
>
> Fred Morris
> --
> Visit https://lists.isc.or
andby to master promotion (for publishing RPZs with
BIND) in a past life.
Respectfully...
--
Fred
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/con
th, as examples. Not the whole
config.- "rndc zonestatus ". Use the same zones you chose from above.
Let’s see what we see.Cheers, Greg
On 8 Sep 2023, at 01:24, Leroy Tennison via bind-users
wrote:
Just to clarify, the configuration I was referring to was supposed to have a
master and slav
go roll my own, can anyone point me at an existing
> solution?
>
> --
> --
> Do things because you should, not just because you can.
>
> John Thurston907-465-8591john.thurs...@alaska.gov
> Department of Administration
> State of Alaska
>
> --
> Visit https:/
t; 10.in-addr.arpa zone data.
>>
>> I recall someone once offered a bit of code to mash this zone data back
>> together, so the same information can be published from two different DNS
>> services. I've hunted through this list's archive and have not found the
&g
y earlier note, I have re-located the code I think I
stumbled across earlier
Tony Finch's "nsdiff"
Does that mean problem replaced, if not solved?
--
73,
Ged.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the develo
. Haywood via bind-users <
bind-users@lists.isc.org> wrote:
> Hi there,
>
> On Sat, 16 Sep 2023, John Thurston wrote:
>
> > A host which auto-registers in MS DNS, creates an A in foo.alaska.gov
> > and PTR in whatever.10.in-addr.arpa. MS DNS is happy to publish those.
>
ard, I'd really like to know in case I ever
come up against this myself.
(And it's the thirtieth anniversary of RFC1517. What did we miss? :)
--
73,
Ged.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software
On Sat, 16 Sep 2023 10:22:26 +0100 (BST)
"G.W. Haywood via bind-users" wrote:
> Hi there,
> ...
>I'd be surprised if the OP couldn't manage with 2^20 IPs in a segment -
> but then I guess he does work in the .gov domain.
^^^
r
> (4 bits) is to be treated as a separate DNS label. This has the potential
> to make the number of zones incredibly huge. The upside is that each level
> in the domain hierarchy now only represents 4 bits rather than 8, so it is
> more granular.
>
> That's me done for the ni
>
> zone "example.com" IN {
> type forward;
> forwarders { 127.0.0.1 port xxx; a.b.c.d port xxx; };
> forward only;
> };
>
>
> Please share any other possible solutions.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
&g
.
-BEGIN PGP SIGNATURE-
iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZQsqkxUcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsF7uwCfYDqYBEqkKXSJNn+fOSWskg/+mtsA
n0MmFNixc8j7pJChAItigVdQeouV
=nb+i
-END PGP SIGNATURE-
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to
validate the DS
response? Or would it still do the lookup in the same non-validating
way? Or would it enter infinite recursion? Must the validating resolver
be a different name server from the master server that performs the key
rollover?
Björn Persson
--
Visit https://lists.isc.org/mailman/li
g-dnssec>/./
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.is
<https://bind9.readthedocs.io/en/latest/manpages.html#cmdoption-rndc-arg-dnssec>/.
where 12345 and 54321 are the key tags of the successor and
predecessor key, respectively./
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds t
27;t stick around.
I can only assume that the reason you have rumoured state is because you
are trying to roll your ZSK to soon after the previous ZSK rollover?
Have you checked the various timing settings in the KASP definition?
Nick.
On 30/09/23 11:32, Nick Tait via bind-users wrote:
On 2
7#53(2607:d600:9000:330:75:102:160:227)
;; WHEN: Fri Oct 27 09:56:31 CDT 2023
;; MSG SIZE rcvd: 125
[root@brkr-dns2 bind-9.18.12]#
Michael Martinell
Network/Broadband Technician
Interstate Telecommunications Coop., Inc.
312 4th Street West * Clear Lake, SD 57226
Phone: (605) 874-8313
michael
'ns1.bcc.gov.bd': no more
root@ns1:/etc/bind#
I can resolve them, but only A records exist.
Please try it again.
dig a ns2.bcc.gov.bd
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid suppor
, but it will take a large company to push them to do so.
Michael Martinell
Network/Broadband Technician
Interstate Telecommunications Coop., Inc.
From: bind-users On Behalf Of Paul Stead
Sent: Saturday, October 28, 2023 11:35 AM
Cc: bind-users@lists.isc.org
Subject: Re: 9.18 BIND not iterated
hen go out to either bind-external or the domain
host's DNS to get the answer from the authoritative servers and then
there is no need to maintain external IPs in bind internal.
TIA,
Nick
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the dev
hat sounds like a sadly normal implementation but yes you can do
better* Views is a good place to look https://kb.isc.org/docs/aa-00851
* Make sure to investigate how the company VPN services handle DNS as
it may surprise you
On Fri, Nov 3, 2023 at 9:52 AM Nick Howitt via bind-users
wrote:
Hi,
On 03/11/2023 17:17, Marco M. wrote:
Am 03.11.2023 um 15:51:32 Uhr schrieb Nick Howitt via bind-users:
As this site is externally accessible as well, we also have to put an
identical entry in bind-external so we end up having many identical
entries in bind-internal and bind-external.
It seems
On 03/11/2023 17:54, Marco M. wrote:
Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:
My problem is the use of external IP's duplicated between the
internal and external masters for some IPs/FQDNs which I want to get
rid of.
Implement IPv6 and get rid of the old
On 03/11/2023 18:06, Marco M. wrote:
Am 03.11.2023 um 17:58:51 Uhr schrieb Nick Howitt via bind-users:
On 03/11/2023 17:54, Marco M. wrote:
Am 03.11.2023 um 17:48:32 Uhr schrieb Nick Howitt via bind-users:
My problem is the use of external IP's duplicated between the
internal and ext
tlook for Android <https://aka.ms/AAb9ysg>
----
*From:* bind-users on behalf of Nick
Howitt via bind-users
*Sent:* Friday, November 3, 2023 1:58:51 PM
*To:* bind-users@lists.isc.org
*Subject:* Re: How should I configure i
On 03/11/2023 19:30, Marco M. wrote:
Am 03.11.2023 um 19:18:49 Uhr schrieb Nick Howitt via bind-users:
Can the bind-internal not be made to caching only and not
authoritative? If so, how?
Of course it can, simply remove the zone configuration, but it will
then cache the records from the
against using split DNS and migration to IPv6 to
only have one address for that server.
I have those lines, but if I remove them, then presumably I cannot have
internal overrides anywhere, like a hosts file would or like dnsmasq would?--
Visit https://lists.isc.org/mailman/listinfo/bind-users to un
SMasq)*
...Actually, if we're considering all the options this needs to be
included. It may turn out that there is an easier way to achieve your
goal that doesn't use BIND.
I'm sure there are other options that I haven't thought of, but
hopefully you might find these ideas
n name it
is attempting to resolve, not an URL. In this particular case, I
would expect to see a notation about "app-measurement.com" and not
"http://etc";.
What is the significance of logging the URL and why does this happen
in only some cases ?
Thanks,
- J
-
ink I have any chance of pushing this through. Also DNSMasq does not
support replication (but it could be scripted). I could look for other
solutions but I doubt I would get anywhere in the company.
I'll spend some time investigating option F, thanks.
Nick
On 04/11/2023 02:03, Nick Tait
do:
https://www.ietf.org/archive/id/draft-ietf-add-split-horizon-authority-06.html#name-internal-only-subdomains
It's just so much easier, particularly if you are starting from scratch.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds
ritative.
Nick
On 2023-11-03 16:01, Andrew Latham wrote:
> * That sounds like a sadly normal implementation but yes you can do
> better* Views is a good place to look
https://kb.isc.org/docs/aa-00851
> * Make sure to investigate how the company VPN services handle
ely. Zones like "
internal-www.example.com", "internal-mail.example.com" and what have you
are fine because they are more specific than the general "example.com",
queries for which will just fall through to the outide world along with any
other name.
That was a bit of
ter.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://l
oal is still not achievable, unless I'm missing something.
Is there some other mechanism to achieve this end result (sharing zones between
different user populations without loading multiple copies of the zone into
memory)?
I am currently running BIND 9.16.44 by the way.
Thanks for any advice!
ing some zones between different user populations without loading
multiple copies of the zone into memory)?
I am currently running BIND 9.16.44 by the way.
Thanks for any advice!
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the developme
f Product Engineering
<https://www.linkedin.com/company/rgnets> <https://twitter.com/rgnets>
<https://www.youtube.com/channel/UCY1FGrqtlcYQGiICvgRZ5VA>
<https://www.facebook.com/rg.nets.inc> <https://www.reddit.com/r/RGNets/>
--
Visit https://lists.isc.org/mailman
e?
Anyway, I remembered seeing "ZRRSIGState: rumoured" in your ZSK state
file before you initiated your ZSK roll-over, and so I suspect that all
your issues stem from the fact that not everything was omnipresent
before you initiated the roll-over?
Nick.--
Visit https://lists.isc.org/mai
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lis
em is difficult if you only have snippets of information
to work from.
Cheers, Greg
On Mon, 20 Nov 2023 at 13:48, legacyone via bind-users <
bind-users@lists.isc.org> wrote:
> Now its not working fast again! I don't know now must be Teamviewer DNS
> delaying replies causing windows bi
first. I see no reason to
suspect BIND at the moment.
Cheers, Greg
On Mon, 20 Nov 2023 at 17:40, legacyone via bind-users <
bind-users@lists.isc.org> wrote:
> This might show the problem even more on two interfaces WAN side and LAN
> you can see 192.168.53.19 ask for routerp
rom my configuration, to avoid
potential issues in future versions of BIND?
Thanks,
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact
aving config files based on this
repo would be appreciated.
Thanks,
PJ
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more inform
56
fuZR3ArX
It seems to be an API problem or maybe I missed something ?
Gérard
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for
Please do not feel
obligated to reply outside your normal working hours.
On 3. 12. 2023, at 18:41, Gérard Parat via bind-users
wrote:
Hi,
I used this tutorial as reference to setup DNSSEC with SoftHSM2:
https://kb.isc.org/docs/bind-9-pkcs11
I installed the Debian package instead of build
.
Gérard
Le 03/12/2023 à 18:40, Gérard Parat via bind-users a écrit :
Hi,
I used this tutorial as reference to setup DNSSEC with SoftHSM2:
https://kb.isc.org/docs/bind-9-pkcs11
I installed the Debian package instead of building libp11:
libengine-pkcs11-openssl:amd64 0.4.12-0.1
It works until
ond...@isc.org
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
On 4. 12. 2023, at 0:43, Gérard Parat via bind-users
wrote:
Hi,
Weird behavior with /opt/bind9/etc/openssl.cnf.
The only difference with /etc/ssl
On 7/12/2023 1:53 am, Bhangui, Sandeep - BLS CTR via bind-users wrote:
Hi
It seems the DNSSEC delegation is broken from “.gov” to bls.gov domain
and due to which the records for bls.gov are considered as bogus and
we are having issues at our site.
It looks like we were in the process of
On 7/12/2023 9:05 am, Nick Tait via bind-users wrote:
I could be wrong, but based on the output above it looks like the
current TTL is 0, which means that doing this should provide immediate
relief.
Sorry it looks like the DNS server on the Wi-Fi network I'm connected to
has done some
s a possibility that there is a missing library and dig can't even
run. But that's unlikely -- but not impossible -- with dig installed
via standard repo commands.
--
Grant. . . .
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the devel
stance in troubleshooting the resolution issue for
>> > specific domains that are not being resolved properly. The version of
>> > BIND I am currently using is BIND 9.18.20-1.
>>
>> First, tell us if those queries are authoritative on that server or not.
>&g
> specific domains that are not being resolved properly. The version of
>>>> > BIND I am currently using is BIND 9.18.20-1.
>>>>
>>>> First, tell us if those queries are authoritative on that server or not.
>>>>
>>>> Try using dig and po
Thanks.
Brett
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https
k interface. But when typing "dig -4 pc1.reseau1.lan" the AUTHORITY bit
is always set to 0.
͏
͏
Kind Regards,
Michel Diemer
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software
server can reach the Internet it can recurse all on its own.
I hope that helps.
Greg
On Wed, 13 Dec 2023 at 16:29, Michel Diemer via bind-users <
bind-users@lists.isc.org> wrote:
>
>
> Dear Bind user,
>
> I am a teacher and trying to understand how dns works. I am spend
and to answer my own question as I finally found the section in the manual
here:
https://bind9.readthedocs.io/en/latest/dnssec-guide.html#verification
On Wed, 13 Dec 2023, Brett Delmage via bind-users wrote:
Sorry, I pasted the wrong version (too many remote shells open today)
Should be
this message.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists
—
Cheers,
Wolfgang
__
Wolfgang Riedel | Distinguished Engineer | CCIE #13804 | VCP #42559
On 15. Dec 2023, at 12:46, Wolfgang Riedel via bind-users
wrote:
Hello Petr,
The issue is not just BIND local,
have been many improvements in BIND's support for DNSSEC
over the last few years, so if this is a server that you've inherited,
it is probably worth reviewing the DNSSEC configuration options to see
if it can be improved?
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-
l 2023121601
> OK
> [root@pridns data]#
> [root@pridns data]# ll /etc/named.data/db.ynu.edu.cn.cernet
> /etc/named.data/db.ynu.edu.cn.intranet
> -rw-r--r-- 1 root root 1.3K Dec 16 16:00
> /etc/named.data/db.ynu.edu.cn.cernet
> -rw-r--r-- 1 root root 1.3K Dec 16 16:00
> /etc/n
m where
I could reproduce that scenario and see what happens. Unless it's already part
of your test suite and you know the answer, of course.
Scott
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid
://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman
6d45014945]
/lib/x86_64-linux-gnu/libc.so.6(+0x89044)[0x7f6d44aa8044]
/lib/x86_64-linux-gnu/libc.so.6(+0x10961c)[0x7f6d44b2861c]
```
Francisco--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support su
ng dnssec-policy you
should be able to change the algorithm and Bind should do a graceful roll-over?
Just make sure everything is “omnipresent” in your state files (in the keys
directory) first.
Nick. --
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this lis
ption: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/cont
O, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
Visit https://lists.isc.org/mailman/listinfo/bin
to the hidden master) re-enable outgoing
XFR.
Regards
Klaus
Von: bind-users Im Auftrag von Nick Tait via
bind-users
Gesendet: Donnerstag, 28. Dezember 2023 04:01
An: bind-users@lists.isc.org
Betreff: Re: migration from auto-dnssec to dnssec-policy deletes keys
immediately
On 28 Dec 2023, at 1
OL. I wonder if this BUG can
be fixed before EOL? After all, this is the only version of BIND 9 that
still supports the Windows platform.
Best regards,
Gentry
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this softwa
understand (and agree) that this behaviour makes the most sense,
given my confusion based on the documentation, I wonder if the
documentation could be made clearer? E.g. Add the sentence: "In the case
where the primaries option specifies a TSIG key, it is not necessary for
the received NOTI
Ders bind users,
I have already asked a similar question which was more about DNS in general ,
this one is very specific about the AA bit.
Today's question is : « "dig pc1.reseau1.lan ns" show AUTHORITY: 1 and "dig
pc1.reseau1.lan" shows AUTHORITY: 0. Which setting
are running the digs?
- the file "/etc/resolv.conf" on "pc1"
Please also re-send the digs with full output.
When you send information, please send it as text, not screenshots.
Thanks, Greg
On Sun, 14 Jan 2024 at 22:04, Michel Diemer via bind-users <
bind-users@lists.isc.
hel Diemer.
De : "Greg Choules"
A : pub.dieme...@laposte.net,bind-users@lists.isc.org
Envoyé: dimanche 14 Janvier 2024 23:28
Objet : Re: Question about authoritative server and AA Authoritative Answer
Hi Michel.
Please can you send the following information:
- name and IP address of the
t; Dear Greg,
>
> Thank you for your reply.
>
>
> Please find attached the markdown file with all the commands and text
> from the terminal.
>
> In /etc/resolv.conf I had "127.0.0.53" so I disabled the DNSStubListener
> from systemd-resolved. I hav
: 1
AUTHORITY: 1 : this is ok.
Command dig pc1.reseau1.lan
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57670
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
Why AUTHORITY: 0 and not AUTHORITY: 1 ???
De : "Greg Choules"
A : pub.dieme...@la
ROR, id: 57670
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> *Why AUTHORITY: 0 and not AUTHORITY: 1 ???*
>
> De : "Greg Choules"
> A : pub.dieme...@laposte.net,bind-users@lists.isc.org
> Envoyé: lundi 15 Janvier 2024 18:27
> Objet : Re: Q
Dear Greg,
Björn Persson gave a reply with seems satisfying.
With dig +norecurse I always get "AUTHORITY: 1".
For the sake of comprehensiveness, please find attached the files you asked for.
De : "Greg Choules"
A : pub.dieme...@laposte.net,ma...@isc.org,bind
sitting at rumored for over 48+ hours.
I saw this very helpful mailing list thread:
https://lists.isc.org/pipermail/bind-users/2022-May/106182.html
I was hopeful that after 26 hours (default settings) that this would eventually
roll over to omnipresent. However upon reading further down in the first
so I can do that but I was
attempting to sort my issues before I attempt an upgrade.
Thanks!
Jordan
From: Ondřej Surý
Date: Thursday, February 8, 2024 at 2:03 PM
To: Jordan Larson
Cc: bind-users@lists.isc.org
Subject: Re: DNSSEC setup for stealth master and multi slave/recursive -
Multiple
Thanks for the recommendation. I will step up to the latest 9.16.X and then
9.18.X and then reassess.
Is there any period I should wait between 9.16 and the 9.18 update?
Thanks!
From: Ondřej Surý
Date: Thursday, February 8, 2024 at 2:18 PM
To: Jordan Larson
Cc: bind-users@lists.isc.org
ts
> and acls
> are identical as yours seem to be. I've been told that internally they are
> very
> different and handled differently, so I had to duplicate my work (yes,
> they're
> copy+paste for me) :-(
>
> Best,
> Elmar.
>
>
> --
> Visit https
r that you have done this.
On 2024/02/08 21:56, Jordan Larson via bind-users wrote:
Greetings!
I have what is hopefully a simple question regarding proper setup
around DNS. I feel somewhat comfortable navigating around BIND but
possibly am getting confused around the DNSSEC portion.
This
ot; wrote:
Jordan Larson via bind-users wrote:
> Was I wrong to enable “inline-signing yes” for my slave zones? I would assume
> each slave would need its own DS key? Can I do that?
That sounds very wrong. Your zone shall have one DNSsec key, or set of
keys, that is the same on all slave servers
ou patch and restart monthly at a minimum and more often for
zero-days and more immediate threats. I would include among this the OS itself
as well as key infrastructure services.
Oh, and for the record, I think ISC does a very fine job ;)
--
Visit https://lists.isc.org/mailman/listinfo/bind-
* Tim Daneliuk via bind-users:
> But it did "provoke" a question. Does anyone think not restarting
> *anything* for 10 years is a good idea?
This isn't really BIND-related, so a different mailing list might be
better suited for discussing the issue of ultra high avai
.
-BEGIN PGP SIGNATURE-
iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCZcuVihUcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsEkLwCdF0KogNOgy3cYPjPU7uV7nlC8TfQA
n0bzi9A+vDq3rmi69k4zLi2QVSaG
=OPRR
-END PGP SIGNATURE-
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to
lt;https://paste.debian.net/>...)
(I also did/will tell Quad9 about it for their information.)
Cheers,
--
Matt Nordhoff
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
event that everything turns pear-shaped?
Nick.--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users ma
not execute the changes.
That way, admins can create a configuration with "dry-run" mode enabled, check
the logfiles, and if the actions in the log-file match the expectations, the
"dry-run" mode can be removed and the new configuration will become active.
Greetings
Cars
On Tue, 2024-02-27 at 16:06 +0100, Carsten Strotmann via bind-users
wrote:
> It would be nice to have a "dry-run" mode in BIND 9, where BIND 9
> would report steps it would do because of "dnssec-policy", but will
> not execute the changes.
**This** ^^^
There should
Hi Jim,
> On 27. Feb 2024, at 16:39, Jim P. via bind-users
> wrote:
>
> There should also be an option to display the current configuration in
> specific detail to easily create a new KASP (side question: why does DNS
> need a new acronym?)
The term “KASP” for “Key-and-s
Hi Ondřej,
> On 27. Feb 2024, at 16:43, Ondřej Surý wrote:
>
> Carsten, could you please fill a feature request in the GitLab?
Done, #4606.
Greetings
Carsten
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the developmen
> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Carsten
...
> It would be nice to have a "dry-run" mode in BIND 9, where BIND 9 would
> report steps it would do because of "dnssec-policy", but will not execute the
> changes.
If this Bind
401 - 500 of 2142 matches
Mail list logo
