Hi users,
We are planning to deprecate the options 'auto-dnssec' and
'inline-signing' in BIND 9.18. The reason for this is because
'dnssec-policy' is the preferred way of maintaining your DNSSEC zone.
Deprecating means that you can still use the options in 9.18, but a
warning will be logged
Le 10/08/2021 à 10:02, Matthijs Mekking a écrit :
> Hi users,
>
> We are planning to deprecate the options 'auto-dnssec' and
> 'inline-signing' in BIND 9.18. The reason for this is because
> 'dnssec-policy' is the preferred way of maintaining your DNSSEC zone.
>
> Deprecating means that you can
Le 10/08/2021 à 12:34, Matthijs Mekking a écrit :
> Hi Emannuel,
>
> Thanks for your response.
>
> On 10-08-2021 11:28, FUSTE Emmanuel via bind-users wrote:
>> Le 10/08/2021 à 10:02, Matthijs Mekking a écrit :
>>> Hi users,
>>>
>>> We are planning to deprecate the options 'auto-dnssec' and
>>>
Hi Emannuel,
Thanks for your response.
On 10-08-2021 11:28, FUSTE Emmanuel via bind-users wrote:
Le 10/08/2021 à 10:02, Matthijs Mekking a écrit :
Hi users,
We are planning to deprecate the options 'auto-dnssec' and
'inline-signing' in BIND 9.18. The reason for this is because
Hi Matthijs!
> We would like to encourage you to change your configurations to
> 'dnssec-policy'. See this KB article for migration help:
>
> https://kb.isc.org/docs/dnssec-key-and-signing-policy
Some comments to this KB article and dnssec-policy:
- The article should mention how to
Thanks, I got some more suggestions to improve the KB article, I'll
include yours to that list.
On 10-08-2021 15:28, Klaus Darilion wrote:
On 10-08-2021 13:38, Klaus Darilion wrote:
Hi Matthijs!
We would like to encourage you to change your configurations to
'dnssec-policy'. See this KB
On 8/10/21 7:51 AM, Matthijs Mekking wrote:
> Hi Klaus,
>
> On 10-08-2021 13:38, Klaus Darilion wrote:
>> Hi Matthijs!
>>
>>> We would like to encourage you to change your configurations to
>>> 'dnssec-policy'. See this KB article for migration help:
>>>
>>>
Hi Klaus,
On 10-08-2021 13:38, Klaus Darilion wrote:
Hi Matthijs!
We would like to encourage you to change your configurations to
'dnssec-policy'. See this KB article for migration help:
https://kb.isc.org/docs/dnssec-key-and-signing-policy
Some comments to this KB article and
> On 10-08-2021 13:38, Klaus Darilion wrote:
> > Hi Matthijs!
> >
> >> We would like to encourage you to change your configurations to
> >> 'dnssec-policy'. See this KB article for migration help:
> >>
> >> https://kb.isc.org/docs/dnssec-key-and-signing-policy
> >
> > Some comments to this KB
On 8/10/21 10:07 AM, Matthijs Mekking wrote:
>> So just to be sure I'm doing the right thing, I've added this to my
>> options stanza:
>>
>> dnssec-policy "default";
>>
>> Then restarted named and now all the signing magic is taken care of for
>> me for all zones? (I was not previously using
Klaus Darilion via bind-users wrote:
>
> By reading this KB I do not know how the user will be informed which DS
> (or DNSKEY) must be submitted to the parent zone. I know you to convert
> a DNSKEY to DS, but IMO the KB is very good but missest hat point.
I would expect the zone's apex CDS and
On 8/10/21 7:32 PM, raf via bind-users wrote:
> To get the DS record information to convey to the
> registrar, after starting to use the default policy.
> look for the CDS record (the child version of the DS
> record) with dig:
>
> dig CDS EXAMPLE.ORG
>
> For the default policy, you'll only
On Tue, Aug 10, 2021 at 09:19:33PM -0500, Tim Daneliuk via bind-users
wrote:
> On 8/10/21 7:32 PM, raf via bind-users wrote:
> > To get the DS record information to convey to the
> > registrar, after starting to use the default policy.
> > look for the CDS record (the child version of the DS
>
On Tue, Aug 10, 2021 at 11:24:31AM -0500, Tim Daneliuk via bind-users
wrote:
> On 8/10/21 10:07 AM, Matthijs Mekking wrote:
> >> So just to be sure I'm doing the right thing, I've added this to my
> >> options stanza:
> >>
> >> dnssec-policy "default";
> >>
> >> Then restarted named and
Dear Admin,
Has anybody implemented advance features of BIND DoT and DoH, Kindly help me
to configure DoT and DoH in DNS with BIND 9.17.16+CentOS 7.9.
With Regards
Divya
- Original Message -
From: "Ondřej Surý"
To: "klaus darilion"
Cc: bind-users@lists.isc.org
Sent: Monday,
I have a zone defined in which I permit dynamic updates. Many years ago,
I defined a key per name, and added that key into the update-policy
attribute in the zone definition.
For example:
key "foo.bar.baz.com" {
algorithm hmac-md5;
secret "12345..890";
};
zone "bar.baz.com" {
type
On Tue, Aug 10, 2021 at 08:51:04AM -0500, Tim Daneliuk via bind-users
wrote:
> On 8/10/21 7:51 AM, Matthijs Mekking wrote:
> > Hi Klaus,
> >
> > On 10-08-2021 13:38, Klaus Darilion wrote:
> >> Hi Matthijs!
> >>
> >>> We would like to encourage you to change your configurations to
> >>>
On 10-08-2021 15:51, Tim Daneliuk via bind-users wrote:
On 8/10/21 7:51 AM, Matthijs Mekking wrote:
Hi Klaus,
On 10-08-2021 13:38, Klaus Darilion wrote:
Hi Matthijs!
We would like to encourage you to change your configurations to
'dnssec-policy'. See this KB article for migration help:
18 matches
Mail list logo
