> On 3. 5. 2022, at 14:31, Gaurav Kansal <gaurav.kan...@nic.in> wrote: > > Yup. But if the DNS infra is under my control, then definitely the keys > (which i have used for encryption) will also be with me. Am i missing > something here ? 🧐
Then you need to make the private keys available to the monitoring software. Also monitoring DNS traffic on the mirror doesn’t tell you anything **how** the DNS server sees the queries, so dnstap is going to be better solution for most deployments. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
signature.asc
Description: Message signed with OpenPGP
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
