> On 12 Jul 2019, at 1:00 pm, Mark Andrews wrote:
>
>
>
>> On 12 Jul 2019, at 11:12 am, Jay Ford wrote:
>>
>> I have a similar problem with zones for IPv6 ULA space. I'm running BIND
>> 9.14.3. I had hoped that validate-except would do the trick, such as:
>>
>> validate-except { "f.ip
On Fri, 12 Jul 2019, Lefteris Tsintjelis via bind-users wrote:
I believe most modern firewalls allow them now days and the speeds are pretty
huge for such packets so I guess fragmentation by itself may not be as
noticeable, but everything all together adds up, and I mean including DNSSEC
and DO
Almost my point. It comes to my attention the hard way, that MDNS is
enabled by default or by accident in some Linux distros. Check
/etc/nsswitch.conf. Let us know what you find, and thanks a lot!
Longer answer: it depends on whether MDNS is in nsswitch, and what the
ordering is.
--
Fred Mo
IANA, why is there NOT a insecure delegation for D.F.IP6.ARPA as REQUIRED by
RFC 6303?
How many times does this need to be reported before it is FIXED! Yes, it has
been reported
before.
It should take a total of less than 10 minutes to fix. Create a empty zone
called
D.F.IP6.ARPA (SOA and N
I have zero experience with dynamic zones on BIND because all of ours are
static. That said, and since nobody else has commented, it seems like it would
make sense to sync before reload.
The man says that sync writes out to the journal which shouldn't ever be a bad
thing.
John
Sent from Nine
I have a similar problem with zones for IPv6 ULA space. I'm running BIND
9.14.3. I had hoped that validate-except would do the trick, such as:
validate-except { "f.ip6.arpa"; };
but alas, no.
Extra puzzling so far is that the behavior is time-variable: delegated zones
will resolve most o
On 12/7/2019 2:42, Mark Andrews wrote:
On 12 Jul 2019, at 8:54 am, Lefteris Tsintjelis via bind-users
wrote:
On 11/7/2019 22:56, @lbutlr wrote:
On 11 Jul 2019, at 10:52, Lefteris Tsintjelis via bind-users
wrote:
On 11/7/2019 15:35, Tony Finch wrote:
Lefteris Tsintjelis via bind-users
> On 12 Jul 2019, at 8:54 am, Lefteris Tsintjelis via bind-users
> wrote:
>
> On 11/7/2019 22:56, @lbutlr wrote:
>> On 11 Jul 2019, at 10:52, Lefteris Tsintjelis via bind-users
>> wrote:
>>> On 11/7/2019 15:35, Tony Finch wrote:
Lefteris Tsintjelis via bind-users wrote:
>
> Wh
Because static-stub only overrides “where” to find the information about the
zone
not whether the zone content is valid.
With DNSSEC named will treat zone content as trusted (master/slave). Slave the
top
level internal zones. Note this doesn’t help any application that is also
performing
DNSS
On 11/7/2019 22:56, @lbutlr wrote:
On 11 Jul 2019, at 10:52, Lefteris Tsintjelis via bind-users
wrote:
On 11/7/2019 15:35, Tony Finch wrote:
Lefteris Tsintjelis via bind-users wrote:
Why would you want something like that?
https://datatracker.ietf.org/wg/dprive/about/
If you are willing
hi-
i have an environment which over time has managed to accumulate various
"internal" zones [in this specific case, "foo.local"]. eventually, these zones
will be phased out, but unfortunately in the interim, i'm stuck with this. i'm
attempting to configure them as static-stub zones:
zone "f
On 11 Jul 2019, at 10:52, Lefteris Tsintjelis via bind-users
wrote:
> On 11/7/2019 15:35, Tony Finch wrote:
>> Lefteris Tsintjelis via bind-users wrote:
>>>
>>> Why would you want something like that?
>> https://datatracker.ietf.org/wg/dprive/about/
>
> If you are willing to sacrifice speed.
On 11/7/2019 15:35, Tony Finch wrote:
Lefteris Tsintjelis via bind-users wrote:
Why would you want something like that?
https://datatracker.ietf.org/wg/dprive/about/
If you are willing to sacrifice speed. DNS responses have a pretty big
impact in browsing speed but I guess anyone choosing
Lefteris Tsintjelis via bind-users wrote:
>
> Why would you want something like that?
https://datatracker.ietf.org/wg/dprive/about/
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Great Orme Head to the Mull of Galloway: Southwesterly 3 to 5, veering
northwesterly 4 or 5, occasionally 6 later in
On 11/7/2019 13:39, Tony Finch wrote:
Encrypted DNS between resolvers and authoritative servers is still in the
process of being standardized.
On 11.07.19 15:21, Lefteris Tsintjelis via bind-users wrote:
It sounds like too much overhead already. Why would you want something
like that? Isn't DN
On 11/7/2019 13:39, Tony Finch wrote:
Encrypted DNS between resolvers and authoritative servers is still in the
process of being standardized.
It sounds like too much overhead already. Why would you want something
like that? Isn't DNSSEC enough to assure integrity?
Lefteris
_
@lbutlr wrote:
> Is it possible to setup bind to use DOH (FNS over HTTPS) rather than
> unencrypted DNS lookups? Our in addition to?
To give DoH access to clients you need a proxy such as dnsdist or doh101.
https://dotat.at/cgi/git/doh101.git
https://dnsprivacy.org/wiki/display/DP/Using+dnsdist
Is it possible to setup bind to use DOH (FNS over HTTPS) rather than
unencrypted DNS lookups? Our in addition to?
--
'An appointment is an engagement to see someone, while a morningstar is
a large lump of metal used for viciously crushing skulls. It is
important not to confuse the two.’
_
18 matches
Mail list logo
