Re: Fully automated DNSSEC with BIND 9.16

Hi Håvard Odd, it works for me. Try a literal copy/paste of the link below. Or go to https://kb.isc.org and search for packages: https://kb.isc.org/docs/isc-packages-for-bind-9 Cheers, Greg On Wed, 19 Apr 2023 at 12:03, Havard Eidnes via bind-users < bind-users@lists.isc.org> wrote: > >>

Re: Fully automated DNSSEC with BIND 9.16

>>and if I run straight "upstream" code, it's fairly straight- >>forward to upgrade to this version, modulo, of course, the fact >>that this involves building it from source. > > It may not be necessary to build from source. There are packages for > some distros maintained by ISC >

Re: Fully automated DNSSEC with BIND 9.16

For CVEs, we have own site listing each and what is affected, what is not and whether fix is already available. CVE-2022-3924 [1] is not yet released in RHEL. Of course if you look into upstream notes to check what we have fixed in our distribution, it won't work well. Watching your own

Re: Fully automated DNSSEC with BIND 9.16

On Tue, Apr 18, 2023 at 3:20 AM Havard Eidnes via bind-users wrote: >and if I run straight "upstream" code, it's fairly straight- >forward to upgrade to this version, modulo, of course, the fact >that this involves building it from source. > It may not be necessary to build from

Re: Fully automated DNSSEC with BIND 9.16

> You do not have to sift through lists. That depends entirely what one wants to do. I see a couple of scenarios where that may be required: 1) Let's say someone has flagged to you as a BIND administrator that your BIND installatin is susceptible to CVE-2022-3924. This could be done via

Re: Fully automated DNSSEC with BIND 9.16

Le 17/04/2023 à 20:40, Petr Menšík a écrit : Ondřej, it would be awesome if we could choose a higher quality release instead to use for our longer support. But we lack any good metric to choose one. So we update from time to time unless there is something stopping us. How could you

Re: Fully automated DNSSEC with BIND 9.16

Ondřej, it would be awesome if we could choose a higher quality release instead to use for our longer support. But we lack any good metric to choose one. So we update from time to time unless there is something stopping us. On 4/17/23 14:49, Ondřej Surý wrote: Petr, while I understand that

Re: Fully automated DNSSEC with BIND 9.16

You do not have to sift through lists. We provide quite detailed git branch with each change we make. It has references to bugs related too. I admit changes listed in release notes of bind9 releases are nicer. But we do not hide what and why we do changes, publish them quite nice way for c9s

Re: Fully automated DNSSEC with BIND 9.16

> Our CentOS/RHEL 8 package are not just random BIND 9 snapshot. Then please let me suggest that there is possibly an issue with identification (customer said "9.16.23") and documentation of the actual changes that are incorprorated in your distribution, compared to the upstream-maintained patch

Re: Fully automated DNSSEC with BIND 9.16

Petr, while I understand that you are trying to do a great job maintaining the BIND 9 packages for RHEL, it is what it is - a random snapshot defined not by the quality of the chosen version but by the time availability. This is made even more complicated by applying a set of patches where the

Re: Fully automated DNSSEC with BIND 9.16

DNSSEC with BIND 9.16 On 13/04/2023 17:17, David Carvalho via bind-users wrote: Hi David, Hello and thanks for the reply. I enabled this repo in Oracle Linux 8 with: dnf copr enable isc/bind Then I tried to install (dnf install isc-bind) but I got: Error: Problem: package isc-bind-1:2-3.el8

Re: Fully automated DNSSEC with BIND 9.16

Our CentOS/RHEL 8 package are not just random BIND 9 snapshot. If he wanted bleeding edge, he would use RHEL 9 or even Fedora. But he uses conservative package I am looking after. While it may have some known issues, it has all important fixes it needs. Can you please stop telling people to

RE: Fully automated DNSSEC with BIND 9.16

-Original Message- From: Anand Buddhdev Sent: 13 April 2023 16:48 To: David Carvalho Cc: 'Bind Users Mailing List' Subject: Re: Fully automated DNSSEC with BIND 9.16 On 13/04/2023 17:17, David Carvalho via bind-users wrote: Hi David, > Hello and thanks for the reply. > I enabled thi

Re: Fully automated DNSSEC with BIND 9.16

On 13/04/2023 17:17, David Carvalho via bind-users wrote: Hi David, Hello and thanks for the reply. I enabled this repo in Oracle Linux 8 with: dnf copr enable isc/bind Then I tried to install (dnf install isc-bind) but I got: Error: Problem: package isc-bind-1:2-3.el8.x86_64 requires

RE: Fully automated DNSSEC with BIND 9.16

packages. Kind regards David -Original Message- From: Ondřej Surý Sent: 13 April 2023 14:40 To: David Carvalho Cc: Bind Users Mailing List Subject: Re: Fully automated DNSSEC with BIND 9.16 > On 13. 4. 2023, at 15:25, David Carvalho via bind-users > wrote: > > I'm using 9

Re: Fully automated DNSSEC with BIND 9.16

> On 13. 4. 2023, at 15:25, David Carvalho via bind-users > wrote: > > I'm using 9.16.23 Just don't. ISC provides packages for major linux distributions (https://www.isc.org/download/), so there's really no reason to shoot yourself into foot to use a random BIND 9 snapshot provided by your

RE: Fully automated DNSSEC with BIND 9.16

To: bind-users@lists.isc.org Subject: Re: Fully automated DNSSEC with BIND 9.16 >1. Everytime I restart the service, it seems all these files are recreated. How did you observe this? Just by file timestamps or actual content? And just to be sure to ask the obvious: you are not manually remov

Re: Fully automated DNSSEC with BIND 9.16

1. Everytime I restart the service, it seems all these files are recreated. How did you observe this? Just by file timestamps or actual content? And just to be sure to ask the obvious: you are not manually removing these files are you? :) -JP -- Visit

RE: Fully automated DNSSEC with BIND 9.16

Thank you so much! Regards David -Original Message- From: bind-users On Behalf Of Matthijs Mekking Sent: 11 April 2023 13:03 To: bind-users@lists.isc.org Subject: Re: Fully automated DNSSEC with BIND 9.16 On 4/11/23 13:14, David Carvalho wrote: > Hello and thank you so much for y

Re: Fully automated DNSSEC with BIND 9.16

@lists.isc.org Subject: Re: Fully automated DNSSEC with BIND 9.16 Hello David, On 4/11/23 12:02, David Carvalho via bind-users wrote: Hello, hope everyone is fine. So it seems that going to Bind version 9.16 was the right call as it simplifies DNSSEC a lot. Nevertheless, I would like

RE: Fully automated DNSSEC with BIND 9.16

domain? I'll have to read more about ZSK, KSK and CSK rollovers. All of this is new to me so far. Thanks! David Carvalho -Original Message- From: bind-users On Behalf Of Matthijs Mekking Sent: 11 April 2023 11:16 To: bind-users@lists.isc.org Subject: Re: Fully automated DNSSEC

Re: Fully automated DNSSEC with BIND 9.16

Hello David, On 4/11/23 12:02, David Carvalho via bind-users wrote: Hello, hope everyone is fine. So it seems that going to Bind version 9.16 was the right call as it simplifies DNSSEC a lot. Nevertheless, I would like to clarify some things because our organization has a parent domain and

Fully automated DNSSEC with BIND 9.16

Hello, hope everyone is fine. So it seems that going to Bind version 9.16 was the right call as it simplifies DNSSEC a lot. Nevertheless, I would like to clarify some things because our organization has a parent domain and I host my own e-mail servers. I know they had problems while implementing