1.1
>
> 3?but device10.1.1.1 not return A 100.67.96.26, A 100.67.96.27 to me
>
> 4?device10.1.1.1 go to qurey bd.bcebos.com. recursive itself?and get
> another record 110.242.70.8
>
> i have questions
>
> 1?why config is forward only? but bind get CNAME & A?bind do not
> return A to me?and query cn
Hi all,
I know this is a strange request. I am trying to encourage more people to
deploy DNSSEC (either authoritative or recursive/validating). Are there any
compliance or regulatory requirements that suggest/recommend the use of
DNSSEC?
The only one I know of is the very dated US OMB memo from 2
Also it does no harm. SHA1 DS are still secure. If there are both SHA1 and
SHA256 DS records present the SHA1 records are ignored by SHA256 capable
validators and no you can’t just remove the SHA256 DS record and have the DS
RRset validate.
> On 4 Apr 2023, at 20:27, Petr Menšík wrote:
>
>
ice10.1.1.1 not return A 100.67.96.26, A 100.67.96.27 to me
>
> 4?device10.1.1.1 go to qurey bd.bcebos.com. recursive itself?and get
> another record 110.242.70.8
>
> i have questions
>
> 1?why config is forward only? but bind get CNAME & A?bind do not
> return A to me?and q
i am very very sorry ,
the zone info of first mail -> zone "bd.baidubce.com." i write
wrong;
the wright info is zone "x.bd.bcebos.com."
please just see this mail,
when i use bind-9.11 for my interdns deviceip is 10.1.1.1, i config
zone "x.bd.bcebos.com."
in { type forward ; forward only;
No, unfortunately there is no way to disable it. It just creates both
digests and there is no way to disable creation of SHA-1 in bind 9.11.
dnssec-dsfromkey -2 can be used to output only SHA256 digest.
I think automated process using dsset files does not offer switches to
not generate them. W
That is because forwarder is supposed to handle only zone
"bd.baidubce.com.", but addresses response is from bd.bcebos.com zone.
Therefore it queries contents of that according to global forwarders or
iteratively. BIND9 attempts to deliver the most authoritative answer it
can, so it ignores hin
7 matches
Mail list logo
