Switching to a different dnssec-policy broke my zone.

2023-11-22 Thread Björn Persson 
My zone was previously signed with a KSK and a ZSK with unlimited
lifetime. I switched the zone over to a dnssec-policy using CSKs and
automatic key rotation. After the DS record was updated, most of the
RRSIG records were removed, leaving the zone broken to validating
resolvers.

Am I not supposed to do that, or is this a known bug, or do I need to
spend the time to write a detailed bug report?

Björn Persson


pgp6Y_w3DALQZ.pgp
Description: OpenPGP digital signatur
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Switching to a different dnssec-policy broke my zone.

2023-11-22 Thread Matthijs Mekking 

This should be possible.

Please file a bug report:

https://gitlab.isc.org/isc-projects/bind9/-/issues/new

Mention the version used and describe the steps how to reproduce.

Best regards,

Matthijs

On 11/22/23 13:20, Björn Persson wrote:

My zone was previously signed with a KSK and a ZSK with unlimited
lifetime. I switched the zone over to a dnssec-policy using CSKs and
automatic key rotation. After the DS record was updated, most of the
RRSIG records were removed, leaving the zone broken to validating
resolvers.

Am I not supposed to do that, or is this a known bug, or do I need to
spend the time to write a detailed bug report?

Björn Persson



--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Question on ISC BIND DNS Server

2023-11-22 Thread Turritopsis Dohrnii Teo En Ming 
Subject: Question on ISC BIND DNS Server

Good day from Singapore,

I have Virtualmin / Webmin web hosting server control panel. I have 2
Virtual Private Servers in Germany and 1 Virtual Private Server in
Japan.

Can I upgrade BIND DNS Server manually? Will it cause problems with
Virtualmin / Webmin?

Thank you.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
Blogs:
https://tdtemcerts.blogspot.com
https://tdtemcerts.wordpress.com
GIMP also stands for Government-Induced Medical Problems.


Virus-free.www.avg.com

<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question on ISC BIND DNS Server

2023-11-22 Thread Matus UHLAR - fantomas 

On 22.11.23 23:44, Turritopsis Dohrnii Teo En Ming wrote:

I have Virtualmin / Webmin web hosting server control panel. I have 2
Virtual Private Servers in Germany and 1 Virtual Private Server in
Japan.

Can I upgrade BIND DNS Server manually? Will it cause problems with
Virtualmin / Webmin?



I think this is question for webmin/virtualmin, but from what I know about 
webmin it tends to edit local configuration, so I guess it will edit primary 
zone file.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Question on ISC BIND DNS Server

2023-11-22 Thread Turritopsis Dohrnii Teo En Ming 
On Thu, 23 Nov 2023 at 00:07, Matus UHLAR - fantomas  wrote:
>
> On 22.11.23 23:44, Turritopsis Dohrnii Teo En Ming wrote:
> >I have Virtualmin / Webmin web hosting server control panel. I have 2
> >Virtual Private Servers in Germany and 1 Virtual Private Server in
> >Japan.
> >
> >Can I upgrade BIND DNS Server manually? Will it cause problems with
> >Virtualmin / Webmin?
>
>
> I think this is question for webmin/virtualmin, but from what I know about
> webmin it tends to edit local configuration, so I guess it will edit primary
> zone file.
>

Noted I will try to ask at the Virtualmin/Webmin mailing list.

Thank you.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users