Re: Changing DNS servers (name only) for a DNSSEC enabled domain

What new DS record? The KSKs aren’t changing, are they? Why would they? All that is changing is the NS RRset (and maybe SOA if you’re changing the MNAME). If the NS glue in the parent doesn’t agree with the canonical NS RRset in the child, this is not a DNSSEC fail. This is as easy as changing an

Re: Restrict dynamic updates to one domain - disallow subdomains

Step back and tell us what you are attempting to achieve. e.g. I want my hosts to be able to update their address records. grant admin-key subzone ANY; grant * self . A ; and use SIG(0) to sign the updates. The admin adds the public KEY record for the machine using ‘admin-ke

Re: Restrict dynamic updates to one domain - disallow subdomains

But i don't want to specify all possible hostnames in the update-policy settings . there are more than 350 hosts in the example.de domain. Am 13.02.2023 um 20:06 schrieb Jan-Piet Mens: is it possible to restrict dynamic dns updates to one domain? I think 'name' is what you're after: gr

Re: Ubuntu service file is missing Restart parameter

Hi Blažej, Just my 2 cents: I think Restart=on-failure is not a good default value. named.service may fail for different reasons. If the reason is configuration failure, I do not think it should retry many times only to result to sleep before another retries. Until manual configuration change

Re: Restrict dynamic updates to one domain - disallow subdomains

is it possible to restrict dynamic dns updates to one domain? I think 'name' is what you're after: grant key-name name host1.example.de. A; You will be aware that the type list can take multiple space-separated values. -JP -- Visit https://lists.isc.org/mailman/listinfo/bind-u

Re: Changing DNS servers (name only) for a DNSSEC enabled domain

If the IP addresses of the DNS servers (dns[123].olddomain and dns[123].newdomain) are staying the same - then you only need to send an update to change your domain from being hosted at olddomain to newdomain. Ideally, the newdomain would be created first (pointing to the same IP addresses as i

Re: [KASP] Key rollover

Hi, "You configure parental agents and named will check which DS’s are published. Named won’t complete the roll until it knows the new DS is published." => what is parental agent ? i don't find this term in Bind documentation. >From what I understand, you have to specify to Bind that the new DS i

Changing DNS servers (name only) for a DNSSEC enabled domain

Hello, in the near future I will have to change NS records for one of my domains, as DNS servers currently use an old domain (not mine), that will be phased out. DNS servers will actually remain the same, only the domain name will change. So, basically: * mydomain currently uses dns1.oldd

Restrict dynamic updates to one domain - disallow subdomains

Hello, is it possible to restrict dynamic dns updates to one domain? Allow this: update add host1.example.de 86400 a 1.1.1.1 update add host2.example.de 86400 a 2.2.2.2 Deny this: update add host1.subdomain1.example.de 86400 a 1.1.1.1 update add host2.anysubdomain.example.de 86400 a 2.2.2.2