--- Begin Message ---
Hello,
to day I noticed unreachable nameserver [a-d].nic.hosting. via IPv4
approved by at least two locations by such script:
for transport in tcp notcp; do
for protocol in 4 6; do
for host in a b c d; do
printf "${host}.nic.hosting/${protocol}/${transport}:"
Am 11.06.21 um 20:00 schrieb Warren Kumari:
> So, what are people's favorite tools, especially those that you can just
> point a user at?
Warren,
you mention both important tools
- https://zonemaster.net
- https://dnsviz.net
Both are also good for automated self monitoring as they can be
Am 05.06.21 um 14:56 schrieb Mats Dufberg:
> 3. The .xa NS returns a referral to the NS of house.xa.
> 4. The resolver send a request for "www.house.xa. A" to an house.xa NS.
>
> To force the use of NS from the zone the DNS protocal has to be rewritten,
> and if that is done, why not remove
Am 04.06.21 um 17:52 schrieb A. Schulze:
> So I wonder, why do so many resolver [1] obviously do only follow a
> delegation and ignore authoritative data?
Is "being client centric" a candidate for a "dns-flag-day-2022"?
Consider .com like to intercept gmail.co
Hello,
we found the domain "xn--80atcidr8i.xn--p1ai." in one of our logs.
the TLD "xn--p1ai." delegate "xn--80atcidr8i.xn--p1ai." to two working
nameservers.
But these nameserver choose to announce "ns1.example.com" and "ns2.example.com"
as authoritative.
These names are garbage.
But most
Am 04.05.21 um 20:53 schrieb Phil Regnauld:
> On the validation side, take a look at:
>
> https://github.com/tobez/validns
validns seem to be unmaintained. Build fail with current openssl :/
___
dns-operations mailing list
Am 04.05.21 um 16:30 schrieb Anand Buddhdev:
> You might want to look at Tony Finch's nsnotifyd, which is a custom
> program that can monitor zones for changes, and run custom commands when
> changes are detected. It can also listen for NOTIFY messages and act
> immediately on zone changes. You
Simon Arlott via dns-operations:
Try doing some more queries. It's not based on the case of the query.
Looks like a load balancer and different versions of the zone. If
you query for the SOA you can get two different serial numbers.
Hi Simon,
yes, that's an other issue with that
Hello,
I've an issue resolving MX-Records for domains hosted at [ns11,ns12].jimdo.com
The servers answer same questions in different ways:
dig @ns11.jimdo.com. MIRISSIMA.DE. MX +norec
-> NOERROR, no ANSWER
dig @ns11.jimdo.com. mirissima.de. mx +norec
-> NOERROR, answer
BUT: question for an
Am 11.09.20 um 20:29 schrieb John Levine:
> Are there any published numbers estimating how well the various DNSSEC
> algorithms are supported in DNS caches and client software?
>
> Or to put it another way, were I to switch from signing with
> algorithm 8 to 13, how much would I regret it?
Hi
Arsen STASIC:
* Viktor Dukhovni [2019-10-10 20:51 (-0400)]:
On Thu, Oct 10, 2019 at 06:25:41PM -0400, Matthew Pounsett wrote:
The speculation I've seen is that Cogent refuses to treat HE as a Tier1
network in v6 because they don't try to also be one in v4, but that they
should because
Hello,
while debugging a PTR resolution problem I noticed warnings on
http://dnsviz.net/d/ip6.arpa/dnssec/ and
http://dnsviz.net/d/in-addr.arpa/dnssec/
To me, it looks like some in-addr-servers.arpa servers are unable to handle
large responses.
$ dig ip6.arpa. dnskey +dnssec
...
;; MSG SIZE
12 matches
Mail list logo