On Mon, Feb 24, 2020 at 09:47:01PM +0100, Branko Mijuskovic wrote:
> We have an authoritative DNS hidden master (bind-9.11.4-9) running behind
> the network where outgoing UDP traffic to unlisted IPs is blocked.
>
> We are using DNSSEC and I've noticed that we are getting following errors
> in the
Branko Mijuskovic wrote:
>
> But I'm curious, do you know does BIND failover to TCP if UDP timeouts
> during DNSKEY fetching?
Dunno. I have blocked both UDP and TCP on my hidden primary, and it is
refreshing its trust anchors via my recursive servers OK, so it is not
something I have had to worry
Hi Tony,
Thanks for that.
But I'm curious, do you know does BIND failover to TCP if UDP timeouts
during DNSKEY fetching?
Thanks
On Tue, Feb 25, 2020 at 12:47 AM Tony Finch wrote:
> Branko Mijuskovic wrote:
> >
> > We have an authoritative DNS hidden master (bind-9.11.4-9) running behind
> >
Branko Mijuskovic wrote:
>
> We have an authoritative DNS hidden master (bind-9.11.4-9) running behind
> the network where outgoing UDP traffic to unlisted IPs is blocked.
>
> We are using DNSSEC and I've noticed that we are getting following errors
> in the bind9 logfile: 'managed-keys-zone/defau
Hi All,
We have an authoritative DNS hidden master (bind-9.11.4-9) running behind
the network where outgoing UDP traffic to unlisted IPs is blocked.
We are using DNSSEC and I've noticed that we are getting following errors
in the bind9 logfile: 'managed-keys-zone/default: Unable to fetch DNSKEY
s
5 matches
Mail list logo
