Dan McCombs via dns-operations writes:
> Ah, yes, so in this case the addresses given back when no edns
> subnet is provided are the addresses of servers in eu-west, whereas
> with the resolver's own IP (or /24 subnet, or the subnet of clients
> querying it) as the edns subnet gets more expected
> On 12 Jun 2023, at 10:49 pm, Stephane Bortzmeyer wrote:
>
> Hello,
>
> I'm looking for the current percentage of encrypted DNS requests
> vs. in-the-clear ones on public resolvers having DoT/DoH/DoQ. I do not
> find public information about it. May be I searched too fast?
>
> If you work
Hi Stephane,
There's also an outstanding feature request to add this to BIND's logs so that
BIND administrators can more easily capture and report on this information. The
Gitlab ticket is here but it's been a while since I've pestered the good folks
at ISC about it!
Hi Daniel,
I also wrote a Beginner’s Guide for DNSSEC using BIND9 here:
https://www.talkdns.com/articles/a-beginners-guide-to-dnssec-with-bind-9/
I hope that helps,
Richard.
From: dns-operations On Behalf Of daniel
majela
Sent: Monday, June 12, 2023 2:37 PM
To:
--- Begin Message ---
>
> If there is a performance issue with one set of records versus another
> (you don't
> really say why the differing responses matter in your email), you might
> try contacting the nameserver operator directly to discuss the issue.
>
Ah, yes, so in this case the addresses
On Mon, Jun 12, 2023 at 10:41:12AM -0400, Viktor Dukhovni wrote:
> On Mon, Jun 12, 2023 at 10:37:22AM -0300, daniel majela wrote:
>
> > What is the best algorithm for ksk and zsk?
>
> The BCP algorithm is ECDSAP256SHA256(13). This is both more secure and
> more compact than RSA. It is in wide
--- Begin Message ---
A lot depends on the resolver as well.
In our case the statistics is skewed towards DNS-over-TLS and the reason is
that there are a lot of people
who configure their Android devices to use AdGuard DNS. If we remove
Android devices from the equation,
about 30-40% of DNS
On Mon, Jun 12, 2023 at 10:37:22AM -0300, daniel majela wrote:
> What is the best algorithm for ksk and zsk?
The BCP algorithm is ECDSAP256SHA256(13). This is both more secure and
more compact than RSA. It is in wide use:
https://stats.dnssec-tools.org/
Hi,
>I'm looking for the current percentage of encrypted DNS requests
>vs. in-the-clear ones on public resolvers having DoT/DoH/DoQ.
I suspect a lot will depend on whether the DoX resolver is used or suggested in
popular devices or operating systems or browsers.
Winfried
Hello,
detailed documentation for DNSSEC in BIND is here:
https://bind9.readthedocs.io/en/latest/dnssec-guide.html
If anything is unclear please post questions to BIND mailing list:
https://lists.isc.org/mailman/listinfo/bind-users
HTH.
Petr Špaček
Internet Systems Consortium
On 12. 06. 23
Hello,
detailed documentation for DNSSEC in BIND is here:
https://bind9.readthedocs.io/en/latest/dnssec-guide.html
If anything is unclear please post questions to BIND mailing list:
https://lists.isc.org/mailman/listinfo/bind-users
HTH.
Petr Špaček
Internet Systems Consortium
On 12. 06. 23
Hello...
My name is Daniel Majela and if possible I would like some help to
implement DNNSEC on my servers.
Today I have 3 recursive and authoritative servers.
My external authoritative zones are copied to 2 DNS servers that are in the
DMZ.
My first question is if there is a step by step way
> On Jun 12, 2023, at 2:49 PM, Stephane Bortzmeyer wrote:
> I'm looking for the current percentage of encrypted DNS requests
> vs. in-the-clear ones on public resolvers having DoT/DoH/DoQ.
I expect it will be different for each resolver, since they all have fairly
distinct user communities,
Hi Stephane,
On 6/12/23 08:49, Stephane Bortzmeyer wrote:
I'm looking for the current percentage of encrypted DNS requests
vs. in-the-clear ones on public resolvers having DoT/DoH/DoQ. I do not
find public information about it. May be I searched too fast?
Geoff gave an IEPG presentation in
Hello,
I'm looking for the current percentage of encrypted DNS requests
vs. in-the-clear ones on public resolvers having DoT/DoH/DoQ. I do not
find public information about it. May be I searched too fast?
If you work for a public DNS resolver, is there data you can share? If
you can/want/prefer
15 matches
Mail list logo