Clients need to send both cd=0 and cd=1 queries. The two types of queries
address different failure scenarios.
I tried hard to prevent the stupid just send cd=1 advice before it was
published. Years before there was a wish to reduce the amount of work a
validating resolver does. There was bad
Thanks for fast replay.
Yes ancient, because server is also ancient - yet it should work.
I was able to pin point the issue.
Looks like I was editing zone file, saving it, cat-ing it and it was fine,
until it was "recovered" from journal file and overwrited by it each time,
later bind was not loadi
Preface: Please don’t read any judgement of DNSSEC’s value into this
question. Just looking for the opportunity to understand DNSSEC better from
some world-class experts if any care to respond.
When a client (or any DNS-speaker) is doing validation, doesn’t it set CD
on queries through a forwarder
Ancient BIND version, but won’t mention it beyond that. Others are going to.
This should work fine. Having multiple levels of labels in the zone
shouldn’t be a problem. But you’re not providing enough detail to
troubleshoot. You’re going to have to show the config and zone files to
really get any
Hello Bind Community,
Im trying to resolve sub-subdomain without making each level as separate
zone file.
I have domain.my (name of domain changed) in main zone (the host I serve it
from is ns.domain.my) - this works fine, I delegated sub domain my.domain.my
by adding:
my.domain.my IN NS ns.dom
Hi there,
On Sat, 2 Dec 2023, Mark Andrews wrote:
On Fri, 1 Dec 2023, John Thurston wrote:
> Can someone make a good case to me for continuing to perform DNSSEC
> validation on my central resolvers?
Think of a recursive server as a town water treatment plant. You
could filter and treat at ever
6 matches
Mail list logo
