On April 9, 2021 8:21:33 PM UTC, "John W. Blue via bind-users"
wrote:
>Sorry .. clicked send too soon.
>
>Found this via google:
>
>https://docs.gandi.net/en/domain_names/advanced_users/dnssec.html
>
>"You can not add DS keys as we compute it for you with the KSK or ZSK, then we
>send it to the
On April 9, 2021 8:23:48 PM UTC, Hugo Salgado wrote:
>Switch has a website to test the CDS processing for .ch:
> https://www.nic.ch/security/cds/
>
>for domainmail.ch it says "The CDS configuration of the domain name
>domainmail.ch will not be processed.
>[ ... ]
>The DNS query returned: "Server
Those are qname minimization queries.
Because DNS implementations (especially in load-balancers) are so broken, the
qname minimizing resolver can’t ask for:
IN NS
because that often doesn’t work, but when it asks:
_. IN A
the resolver will get the correct answer.
Unfortunately, this is the
Switch has a website to test the CDS processing for .ch:
https://www.nic.ch/security/cds/
for domainmail.ch it says "The CDS configuration of the domain name
domainmail.ch will not be processed.
[ ... ]
The DNS query returned: "Server failed to complete the DNS request".
"
You should check the
Sorry .. clicked send too soon.
Found this via google:
https://docs.gandi.net/en/domain_names/advanced_users/dnssec.html
"You can not add DS keys as we compute it for you with the KSK or ZSK, then we
send it to the registry."
So it looks like the owner of domainmail.ch must get the DS from Gan
The owner of domainmail.ch will need to give .ch an updated copy of the DS
record that contains 17870.
Once that has been accomplished .ch will start telling the open internet to
expect 17870 when talking to domainmail.ch. When the open internet matches
what it expects with what it gets then D
On 4/9/21, John W. Blue via bind-users wrote:
> It would seem that underscores is one of those characters in DNS that leads
> a double life.
>
> RFC’s say that underscores are disallowed for use in hostnames
Right. But it's **hostnames** and not everyone enforces that rule :(
> but SRV
> record
On Fri, 2021-04-09 at 19:05 +, John W. Blue via bind-users wrote:
> So the issue here is that the DS record that sit in .ch has an ID of 22048
> but the domainmail.ch servers are telling the world that the correct ID is
> 17870.
>
> Thus the DNSSEC breakage.
Of course, however there is no 2
So the issue here is that the DS record that sit in .ch has an ID of 22048 but
the domainmail.ch servers are telling the world that the correct ID is 17870.
Thus the DNSSEC breakage.
John
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Jim
Pop
Hello!
I've read the "Schacher 20200622 Support for and adoption of CDS in .ch
and .li", and studied
https://kb.isc.org/docs/dnssec-key-and-signing-policy, however I've hita brick
wall:
https://dnsviz.net/d/domainmail.ch/dnssec/
What am I missing?
I'm using the following policy and zone conf
It would seem that underscores is one of those characters in DNS that leads a
double life.
RFC’s say that underscores are disallowed for use in hostnames but SRV records
use it to indicate service type et al. And then you have the
acm-validations.aws geniuses who use it their hostnames to vali
Hi,
I've been parsing my query logs to watch for unusual/unexpected lookups, and I
notice quite a few A queries with underscores, often in patterns like
_.domainname.com
often followed by
_.xyz.domainname.com
or
_.domainname.com.mydomain.com
Can someone tell me what these are and wha
Am 09.04.21 um 08:07 schrieb rams:
Apr 09 05:19:38 named[1354]: generating session key for dynamic DNS
Apr 09 05:19:38 named[1354]: could not create /var/run/named/session.key
Apr 09 05:19:38 named[1354]: failed to generate session key for dynamic
DNS: permi...ied
/var/run point to /run whi
13 matches
Mail list logo
