BIND 9 isn’t setup to log these. They will fall under the stats counter
mismatch but that also captures (some) duplicate responses and late responses.
This filters out is/address pairs that named is not expecting. The question
section is tested later.
Dig will report these so you can test
On Tue, Sep 01, 2020 at 01:28:17PM -0400, Dave Lawrence wrote:
> Stephane Bortzmeyer writes:
> > P Vixie wrote
> > > you know that the plural of anecdote isn't data:
> >
> > I recently discovered this english word and I love it:
> > https://en.wiktionary.org/wiki/anecdata
>
> And one link
Hi all,
Hope everyone had a lovely summer and is well rested and ready to get back to
talking about DNS!
We intend to proceed as we did before the summer break and have sessions
lasting around an hour every 3 weeks while there is interest in having them.
The proposed schedule for the coming
On Mon, Aug 31, 2020 at 8:00 PM P Vixie wrote:
> [...] the observation that something
bad is not happening to somebody doesn't mean it's not happening to anybody.
>
May I please ask an operational question to experts: though I am only
running a small number of authoritative and recursive
Stephane Bortzmeyer writes:
> P Vixie wrote
> > you know that the plural of anecdote isn't data:
>
> I recently discovered this english word and I love it:
> https://en.wiktionary.org/wiki/anecdata
And one link more of relevance:
Thanks Viktor, this looks like a bug in writing NSECs to the final response.
On Mon, 31 Aug 2020 at 23:09, Viktor Dukhovni wrote:
>
>
> My validating resolver downstream of CF 1.1.1.1 (among others) at times
> sees "bogus" denial of existence for:
>
> _25._tcp.mx.runbox.com IN TLSA ?
>
>
The DNSSEC Deployment Initiative and the Internet Society Deploy360 Programme,
in cooperation with the ICANN Security and Stability Advisory Committee (SSAC),
are planning a DNSSEC and Security Workshop for the ICANN69 Virtual Annual
General Meeting being held from 17-22 October 2020. This
On Tue, Sep 1, 2020 at 4:24 AM Viktor Dukhovni
wrote:
> On Tue, Sep 01, 2020 at 01:48:17AM -0400, Viktor Dukhovni wrote:
> >
> > @ 1.1.1.1 _25._tcp.mx.runbox.com. IN TLSA ? ; +cd +dnssec
> [...]
>
> So I'm at a loss to explain what's happening... Haven't seen any
> anomalous replies yet
Moin!
On 1 Sep 2020, at 3:36, Paul Hoffman wrote:
On Aug 31, 2020, at 6:02 PM, Brian Dickson
wrote:
I think the only way to get meaningful data would be an active
experiment, involving an authority server (or set of servers) for a
domain set up just this way.
We disagree. Another way to
On 9/1/20 9:58 AM, Stephane Bortzmeyer wrote:
> AFAIK, Cloudflare uses Knot Resolver. I tested with another Knot
> resolver and it works:
I think they originally started the service quite close Knot Resolver
code, but they've apparently diverged quite a bit since then (I don't
know). To be sure,
On Tue, Sep 01, 2020 at 01:48:17AM -0400, Viktor Dukhovni wrote:
> Oddly enough, if I send the
> same query to CF with also the "CD" bit set, I get a better answer,
> be it this time with "AD=0":
>
> @ 1.1.1.1 _25._tcp.mx.runbox.com. IN TLSA ? ; +cd +dnssec
> runbox.com. IN SOA
On Tue, Sep 01, 2020 at 01:48:17AM -0400,
Viktor Dukhovni wrote
a message of 71 lines which said:
> * The apex wildcard record and signature identically ONLY from
> Google, Verisign and Quad9. From CloudFlare, I get the munin01
> NSEC record and signature twice, but this
On Tue, Sep 01, 2020 at 02:45:23AM +,
P Vixie wrote
a message of 22 lines which said:
> you know that the plural of anecdote isn't data:
I recently discovered this english word and I love it:
https://en.wiktionary.org/wiki/anecdata
___
Mark-san,
> Thankfully cdc.gov is also served by auth00.ns.uu.net and auth100.ns.uu.net
> and they aren’t serving a incomplete version of akam.cdc.gov.
Certainly, cdc.gov has 5 NSes. And both uu.net servers return correct
answer for covid.cdc.gov/A query.
I added two dig outputs into my text,
My validating resolver downstream of CF 1.1.1.1 (among others) at times
sees "bogus" denial of existence for:
_25._tcp.mx.runbox.com IN TLSA ?
This is because the set of NSEC records forwarded by Cloudflare for this
domain is not complete. Looking across the major public DNS services:
15 matches
Mail list logo
