Re: test - ignore

2022-01-26 Thread Matus UHLAR - fantomas
On 26 Jan 2022, at 17.14, Matus UHLAR - fantomas wrote: Altering the body or headers at all (whch lists do) will often break the hashing. For this reason, most recent versions of mailman have an option to rewrite your mail from: On 26.01.22 17:30, Sten Carlsen wrote: When the dkim is set up

Re: Bind 9, dnssec, and .key .private files physical deletion after the key id becomes deleted from zone (the key becomes outdated)

2022-01-26 Thread Mark Andrews
DNSSEC involves lots of timing / co-ordination points and if any of them get delayed for any reason the following ones also need to be delayed. While dnssec-keygen will allow you to set all of the timers for all of a keys life, it is bad practice to do that. If you are going to set the timers

Reminder: BIND 9.11 is going EOL in March 2022

2022-01-26 Thread Victoria Risk
Hello bind-announce, BIND 9.11 is now in its last quarter of support. We are fixing critical security issues only at this point. It is time to start making plans to update if you are still running a 9.11 version. (The current release plan is published at https://kb.isc.org/docs/aa-00896

Re: 9.11, 9.16 and ESV designation

2022-01-26 Thread Victoria Risk
Hi John, > > That document was last updated on Jan 5, 2022, so this news is at least three > weeks old. I don't recall seeing anything on the "Announce" mailing list > regarding the change in ESV designation. ….. > Nor do I see any difference in the COPR packages: > > https://copr.fedorainfra

9.11, 9.16 and ESV designation

2022-01-26 Thread John Thurston
We're running mostly 9.11, with a couple of hosts running 9.16. We've been sticking with 9.11 while we waited for 9.16 to be labeled the Extended Support Version (ESV). The recent announcement of 9.18 made me go digging to learn . .. 9.16 _is_ the ESV and 9.11 is EOL and will no longer be suppo

Re: test - ignore

2022-01-26 Thread Sten Carlsen
Thanks Sten > On 26 Jan 2022, at 17.14, Matus UHLAR - fantomas wrote: > >>> On Jan 25, 2022, at 8:50 AM, Benny Pedersen wrote: >>> Authentication-Results: lists.isc.org; >>> dkim=fail reason="signature verification failed" (1024-bit key; >>> unprotected) header.d=isc.org header.i=@isc.or

Re: test - ignore

2022-01-26 Thread Matus UHLAR - fantomas
On Jan 25, 2022, at 8:50 AM, Benny Pedersen wrote: Authentication-Results: lists.isc.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=isc.org header.i=@isc.org header.b=q/vOEba5; dkim=fail reason="signature verification failed" (1024-bit

9.18.0 now available

2022-01-26 Thread Peter Davies
For those of you that may not be on the -announce list, I would like to make you aware of the following: https://lists.isc.org/pipermail/bind-announce/2022-January/001205.html -- Peter Davies Support Engineer Internet Systems Corporation pet...@isc.org 001 650-423-1460 _

Problems with (unsigned) forward zones, dnssec-validation auto and validate-except on BIND 9.16 and 9.17

2022-01-26 Thread Gehrkens . IT GmbH | Heiko Wundram
Dear list, I'm currently setting up a resolver using bind (tested with both 9.16 and 9.17), which uses multiple views to expose forwarded zones (under .lan and .local, old Windows-AD zones which I don't control and can't change.) under some of their views. All of the views have dnssec-validatio