On 3/13/23 11:41, Chris Hofstaedtler | Deduktiva via Pdns-users wrote:
* Christoph [230312 19:52]:
When there is an xNAME chain, the RCODE field is set as follows:
When an xNAME chain is followed, all but the last query cycle
necessarily had no error. The RCODE in the ulti
On 3/25/23 11:44, Christoph wrote:
>> However, I doubt this is a reasonable approach for your ACME
>> client.
Sounds like a simple enough solution to me, can you elaborate why
you doubt it is reasonable?
My understanding is that ACME is about whether there is a TXT RRset with the
challen
On 3/25/23 14:04, Christoph wrote:
My understanding is that ACME is about whether there is a TXT RRset with the
challenge record; if it is not there, it's irrelevant whether the outcome is
NXDOMAIN or NODATA/NOERROR.
OK, now I understand where the misunderstanding comes from. Thanks for
e
Hi Klaus,
On 4/15/23 22:09, Klaus Darilion via Pdns-users wrote:
Hence, I would consider enabling IXFR for this zone, but until now I always
tried to stay away from IXFR as there were always bugs in PDNS regarding IXFR,
and according to the documentation removing of ENTs is not supported (does
Hi Atanas,
On 10/3/23 18:56, atanas argirov via Pdns-users wrote:
* testing malformed fingerprint size of (hash size +/- 2) is accepted with no
complaints from both API and pdnsutil
My question is:
* is there any validation on the SSHFP fingerprint size based on the hash type?
Apparently no
Hi Andrea,
On 10/24/23 14:19, Andrea Biancalani via Pdns-users wrote:
local postal police required to blacklist a list of domains.
What kind of institution is that? Is this part of the Italian police?
Thanks,
Peter
___
Pdns-users mailing list
Pdns-u
Hi,
On our pdns auth, we'd like to not serve ANY queries, not even over TCP.
Ideally, we'd like to return NOTIMPL.
In dnsdist, this is done with:
addAction(QTypeRule(DNSQType.ANY), RCodeAction(DNSRCode.NOTIMP))
However, we've removed our dnsdist (for port 53; still in use for DoT), as
we'v