Make dig and nslookup DNSSEC aware?

2024-05-22 Thread Robert Wagner
Sorry if this has already been hashed through, but I cannot find anything in the archive. Is there any chance someone can make dig and nslookup DNSSEC aware and force it to use DoT or DoH ports - TCP 443 or 853 only? RW -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe

Re: Make dig and nslookup DNSSEC aware?

2024-05-22 Thread Robert Wagner
https://www.isc.org/blogs/bind-doh-update-2021/ BIND DoH Update Status of DNS-over-HTTPS support in BIND 9 as of March, 2021 The latest development release of BIND 9 contains a significant number of improvements to DNS-over-HTTP (DoH). www.isc.org

Re: Question about ISC BIND COPR repositories for 9.16->9.18 ESV transition

2024-06-17 Thread Robert Wagner
n the pipeline. The rollover plan and the graphic ISC's Software Support Policy and Version Numbering<https://kb.isc.org/v1/docs/aa-00896> do not seem to match. Robert Wagner From: bind-users on behalf of John Thurston Sent: Monday, June 17, 2024 1

Re: netstat showing multiple lines for each listening socket

2024-07-08 Thread Robert Wagner
instances. Looking at the process ID, you may be able to track back to the root process and determine if these are just service threads. Robert Wagner From: bind-users on behalf of Thomas Hungenberg via bind-users Sent: Monday, July 8, 2024 4:52 AM To: bind

Re: DS digest type(s)

2024-10-16 Thread Robert Wagner
ng DNSSEC algorithms? Danilo On 16. 10. 24 14:15, Robert Wagner wrote: Our preference would be to at least allow SHA-384 and SHA-512 per the CNSA 2.0 requirements: CSA_CNSA_2.0_ALGORITHMS_.PDF (defense.gov)<https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF

Re: DS digest type(s)

2024-10-16 Thread Robert Wagner
Our preference would be to at least allow SHA-384 and SHA-512 per the CNSA 2.0 requirements: CSA_CNSA_2.0_ALGORITHMS_.PDF (defense.gov) My understanding is this will be the base requirement for all US Governm

Re: DNSSEC algo rollover fails to delete old keys

2024-10-16 Thread Robert Wagner
Can do to provide instructions on how to follow the upcoming post quantum cryptography requirements? CSA_CNSA_2.0_ALGORITHMS_.PDF (defense.gov) It would be exteremely helpful. If the crypto is not ready yet,

Re: DNSSEC, OpenDNS and www.cdc.gov - DNS Compliance checker?

2024-11-04 Thread Robert Wagner
it working/functional and nothing needs to be done. Having a tool that reviews your configuration and points out issues would help us advocate for proper configuration. Kind of a SSL checker for DNS... Thanks in advance for any thoughts you can provide. Robert Wagner

Re: SIG(0) "request has invalid signature: not verified yet (NOERROR)"

2024-11-05 Thread Robert Wagner
Crypto question - You mention using RSASHA512, but the record shows ed25519 (elliptic curve) crypto. Any chance you can standardize on one or the other (RSA or ECC)? This may not be an issue, but it seems odd. Robert Wagner From: bind-users on behalf of

Re: Question about post-quantum X25519Kyber768

2025-01-02 Thread Robert Wagner
if you'd like to propose standardizing SHA-512 for use in DS records please propose this in an Internet Draft — there is a helpful page here: https://authors.ietf.org/en/home . W Robert Wagner From: bind-users on behalf of Carlos Horowicz via bind

Re: Bind and DHCP

2025-01-09 Thread Robert Wagner
I am not sure this was clear, but are you talking about DNS/DHCP for internal computers or trying to DNS for both internal and external, DHCP for internal. As mentioned below, your load (QPS) will probably determine may determine if you can support a single server. A small network supplying in

Re: localhost name lookup

2025-01-14 Thread Robert Wagner
All, I wanted to better understand the use-case of having a DNS server provide localhost lookup. I think every OS has a hosts file with localhost set for 127.0.0.1. This is an instantaneous resolution for localhost, rather than going through the process of setting of a network connection or wors

Re: localhost name lookup

2025-01-14 Thread Robert Wagner
ry 14, 2025 10:48 AM To: Robert Wagner Cc: bind-users@lists.isc.org Subject: Re: localhost name lookup This email originated from outside of TESLA Do not click links or open attachments unless you recognize the sender and know the content is safe. On Tue, Jan 14, 2025 at 6:56 AM Robert Wagner