Hi there,
On Thu, 31 Oct 2024, Crist Clark wrote:
Name names. DNS is out there in public.
There are a LOT of US .gov sites where the .gov is all signed, but it ends
up in $BIGCLOUDPROVIDER that is not.
www.gsa.gov
www.state.gov
www.house.gov
www.senate.gov
www.cia.gov
www.cisa.gov (*ehem*)
ww
Name names. DNS is out there in public.
There are a LOT of US .gov sites where the .gov is all signed, but it ends
up in $BIGCLOUDPROVIDER that is not.
www.gsa.gov
www.state.gov
www.house.gov
www.senate.gov
www.cia.gov
www.cisa.gov (*ehem*)
www.get.gov (not even .gov is signed?!)
Same thing for
> On 1 Nov 2024, at 09:15, Bob McDonald wrote:
>
> If a host is defined as a CNAME chain where the domain of the host is DNSSEC
> signed but the domain(S) of the target(s) in the CNAME chain are not, does
> that mean that the entry really isn't DNSSEC protected?
Correct. Every element of t
If a host is defined as a CNAME chain where the domain of the host is
DNSSEC signed but the domain(S) of the target(s) in the CNAME chain are
not, does that mean that the entry really isn't DNSSEC protected?
I can list an example dig for the host in question but I'm reluctant to do
so as it's a US
The three servers were replaced in the same exact way they were already running
including the same configuration file and all of the IP filtering, etc is the
same as they are the same IP addresses.
I did notice that for whatever reason Bind on EL9 seems to require this:
include "/etc/crypto-pol
5 matches
Mail list logo
