Hi,
On our pdns auth, we'd like to not serve ANY queries, not even over TCP.
Ideally, we'd like to return NOTIMPL.
In dnsdist, this is done with:
addAction(QTypeRule(DNSQType.ANY), RCodeAction(DNSRCode.NOTIMP))
However, we've removed our dnsdist (for port 53; still in use for DoT), as
Hi Atanas,
On 10/3/23 18:56, atanas argirov via Pdns-users wrote:
* testing malformed fingerprint size of (hash size +/- 2) is accepted with no
complaints from both API and pdnsutil
My question is:
* is there any validation on the SSHFP fingerprint size based on the hash type?
Apparently
Hi Andrea,
On 10/24/23 14:19, Andrea Biancalani via Pdns-users wrote:
local postal police required to blacklist a list of domains.
What kind of institution is that? Is this part of the Italian police?
Thanks,
Peter
___
Pdns-users mailing list
On 3/25/23 11:44, Christoph wrote:
>> However, I doubt this is a reasonable approach for your ACME
>> client.
Sounds like a simple enough solution to me, can you elaborate why
you doubt it is reasonable?
My understanding is that ACME is about whether there is a TXT RRset with the
On 3/25/23 14:04, Christoph wrote:
My understanding is that ACME is about whether there is a TXT RRset with the
challenge record; if it is not there, it's irrelevant whether the outcome is
NXDOMAIN or NODATA/NOERROR.
OK, now I understand where the misunderstanding comes from. Thanks for
On 3/13/23 11:41, Chris Hofstaedtler | Deduktiva via Pdns-users wrote:
* Christoph [230312 19:52]:
When there is an xNAME chain, the RCODE field is set as follows:
When an xNAME chain is followed, all but the last query cycle
necessarily had no error. The RCODE in the
Hi Klaus,
On 4/15/23 22:09, Klaus Darilion via Pdns-users wrote:
Hence, I would consider enabling IXFR for this zone, but until now I always
tried to stay away from IXFR as there were always bugs in PDNS regarding IXFR,
and according to the documentation removing of ENTs is not supported
