Re: Enable systemd hardening options for named

2018-02-06 Thread Petr Menšík
Hi, More below Dne 1.2.2018 v 01:36 Ludovic Gasc napsal(a): > 2018-01-31 21:47 GMT+01:00 Petr Menšík >: > > Hi Ludovic, > > > Hi Petr, > > I didn't expect to discuss directly with the Fedora maintainer :-) > Just in case you are at DNS devroom of FOSDEM this >

Re: disable dnssec for particular domain

2018-02-06 Thread Michelle Konzack
Am DATE hackte AUTHOR in die Tasten: Ray Bellis > Perhaps, although I'm not sure why given that .eu is signed with NSEC3 > and opt-out.> On 06/02/2018 16:31, Matus UHLAR - fantomas wrote: > >> what's the difference, when the domain doesn't exist? >> >> is it because .eu is signed? > > Are you *sure

Re: disable dnssec for particular domain

2018-02-06 Thread Michelle Konzack
Hello Matus, Am 2018-02-06 hackte Matus UHLAR - fantomas in die Tasten: >>Am 2018-02-06 hackte Matus UHLAR - fantomas in die Tasten: >>> our customer uses a domain that is registered, but hidden >>> (doesn't exist in DNS). > > On 06.02.18 18:24, Michelle Konzack wrote: >>I hope you know what are y

Re: disable dnssec for particular domain

2018-02-06 Thread Ray Bellis
On 06/02/2018 16:31, Matus UHLAR - fantomas wrote: > what's the difference, when the domain doesn't exist? > > is it because .eu is signed? Perhaps, although I'm not sure why given that .eu is signed with NSEC3 and opt-out. Are you *sure* that the domain doesn't now actually exist in the DNS?

Re: disable dnssec for particular domain

2018-02-06 Thread Matus UHLAR - fantomas
Am 2018-02-06 hackte Matus UHLAR - fantomas in die Tasten: our customer uses a domain that is registered, but hidden (doesn't exist in DNS). On 06.02.18 18:24, Michelle Konzack wrote: I hope you know what are you doing, because the DNS MUST exist! Please read the general conditions for the EU

Re: disable dnssec for particular domain

2018-02-06 Thread Reindl Harald
Am 06.02.2018 um 17:24 schrieb Michelle Konzack: Good evening, Am 2018-02-06 hackte Matus UHLAR - fantomas in die Tasten: Hello, our customer uses a domain that is registered, but hidden (doesn't exist in DNS). I hope you know what are you doing, because the DNS MUST exist! Please read the

Re: disable dnssec for particular domain

2018-02-06 Thread Michelle Konzack
Good evening, Am 2018-02-06 hackte Matus UHLAR - fantomas in die Tasten: > Hello, > > our customer uses a domain that is registered, but hidden > (doesn't exist in DNS). I hope you know what are you doing, because the DNS MUST exist! Please read the general conditions for the EU Domain Registry!

Re: disable dnssec for particular domain

2018-02-06 Thread Matus UHLAR - fantomas
On 06/02/2018 16:00, Matus UHLAR - fantomas wrote: our customer uses a domain that is registered, but hidden (doesn't exist in DNS). The domain is used by multiple organizations and we are required to forward lookups for the domain to foreign internal servers. The problem is, that parent domain

Re: disable dnssec for particular domain

2018-02-06 Thread Tony Finch
Matus UHLAR - fantomas wrote: > > Is it currently possible to avoid validating this particular domain? BIND 9.11 has support for negative trust anchors, but they are supposed to be used as a temporary workaround to allow time for breakage to be fixed - you'll probably find that the NTA support is

Re: disable dnssec for particular domain

2018-02-06 Thread Ray Bellis
On 06/02/2018 16:00, Matus UHLAR - fantomas wrote: > Hello, > > our customer uses a domain that is registered, but hidden > (doesn't exist in DNS). > > The domain is used by multiple organizations and we are required to forward > lookups for the domain to foreign internal servers. > > The proble

Re: disable dnssec for particular domain

2018-02-06 Thread Reindl Harald
Am 06.02.2018 um 17:00 schrieb Matus UHLAR - fantomas: our customer uses a domain that is registered, but hidden (doesn't exist in DNS). The domain is used by multiple organizations and we are required to forward lookups for the domain to foreign internal servers. The problem is, that parent

disable dnssec for particular domain

2018-02-06 Thread Matus UHLAR - fantomas
Hello, our customer uses a domain that is registered, but hidden (doesn't exist in DNS). The domain is used by multiple organizations and we are required to forward lookups for the domain to foreign internal servers. The problem is, that parent domain (.eu) indicates that the domain is to be si

RE: Issue running "dig txt rs.dns-oarc.net" on 9.12

2018-02-06 Thread NNEX Support
[…] If you want to understand why your resolver is failing, again I'd have a look at the 'resolver' log channel.  It should have some detail about what's resulting in the SERVFAIL message. […] I took a look at the ‘resolver’ log channel.  I didn’t find any useful information there, just: fetch