Submit a issue at https://gitlab.isc.org/
> On 28 Oct 2021, at 01:00, Tom wrote:
>
> Hi
>
> Using BIND-9.16.21. I'm wondering, if it's possible to have the ECS client IP
> address in the RPZ log.
> In front of our BIND, which has an RPZ configuration, is a dnsdist, which
> inject the ECS-IP.
Hi Matthijs,
thanks for clarifications.
On Wed 27/Oct/2021 17:53:46 +0200 Matthijs Mekking wrote:
On 27-10-2021 12:54, Alessandro Vesely wrote:
I also switched to dnssec-policy. Somewhere I read that I should have
defined a policy with keys matching the existing keys. I also defined a
"co
--
Ondřej Surý (He/Him)
ond...@isc.org
> On 27. 10. 2021, at 7:03, Mayank Maheshwari M
> wrote:
>
> Hi Ondrej,
>
> Thanks for all your responses so far.
>
> As per the recommendation from BIND community we plan to proceed with an
> upgrade to latest BIND version (9.16.21) where, as per BIND
Hi Allesandro,
Your policy has three keys:
keys {
ksk key-directory lifetime unlimited algorithm rsasha256 2048;
zsk key-directory lifetime unlimited algorithm rsasha256 2048;
csk key-directory lifetime unlimited algorithm rsasha256 2048;
};
Two of them require DS rec
Hi
Using BIND-9.16.21. I'm wondering, if it's possible to have the ECS
client IP address in the RPZ log.
In front of our BIND, which has an RPZ configuration, is a dnsdist,
which inject the ECS-IP.
BIND could log the ECS-IP with the builtin "querylog" (rndc querylog
on). In the following exa
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
st 27. 10. 2021 o 11:53 Blažej Krajňák napísal(a):
>
> Hello,
>
> few days ago I updated our recursive resolvers at AS50242 from Debian
> 10 to 11 to be able to enable stale-answer afer Facebook incident.
> However, today I got bug reports f
Hi all,
I recently installed version 9.16, and have a number of doubts. During the
upgrade, named didn't want to load signed zones because of CDS/CDNSKEY
inconsistency. There were CDS records in the zone files, which I removed.
I also switched to dnssec-policy. Somewhere I read that I shou
Hello,
few days ago I updated our recursive resolvers at AS50242 from Debian
10 to 11 to be able to enable stale-answer afer Facebook incident.
However, today I got bug reports from customers. Their browser often
fail at page loading with DNS_PROBE_FINISHED_NXDOMAIN. After few
seconds (and after b
Greetings,
Hope you're all doing great.
Actually, I am using bind 9.11.28-S1, and I am facing some problems : whenever
I use the command dig +trace, I came across this error : dig: couldn't get
address for 'F.ROOT-SERVERS.NET': failure.
Does anyone have an idea why I see this error ? It is reall
9 matches
Mail list logo
