On 06/11/2024 03:16, Hans Mayer via bind-users wrote:
I have 3 views:
view badcountry: based on geoip ( the name is self-explanatory )
view internal: all local area networks but not the loopback interfaces
for IPv4 and IPv6
it has only two response policy zones for drop and passthru , nothing
Use a compiler that supports C(11), you are going to needed it for BIND 9.20.
You may get away with adding "#define _Atomic(x) x” to
lib/isc/include/isc/stdatomic.h.
See the attached diff. I’ve not tested this because I don’t have such an
ancient compiler
installed nor do I believe I can instal
On Tue, 5 Nov 2024, Malcolm Scott wrote:
Regardless I'll try adjusting the algorithm choice in case it does make a
difference.
So far I can report that using a ECDSAP384SHA384 key for the SIG(0) still
encounters the same failure mode. (For tedious reasons the client I chose
to test can't do
Hi Malcolm,
have you tried tweaking following configuration?
.. namedconf:statement:: sig0checks-quota
:tags: server
:short: Specifies the maximum number of concurrent SIG(0) signature checks
that can be processed by the server.
This is the maximum number of simultaneous SIG(0)-signed
Hello,
I was converting a config to use views which is when these problems
started.
The config:
---
---
---
view first {
# nothing matches this
... zones here
}; # end view fi
On Tue, 5 Nov 2024, Robert Wagner wrote:
Crypto question - You mention using RSASHA512, but the record shows
ed25519 (elliptic curve) crypto. Any chance you can standardize on one or
the other (RSA or ECC)? This may not be an issue, but it seems odd.
That's a fair question. Those choices we
Crypto question - You mention using RSASHA512, but the record shows ed25519
(elliptic curve) crypto. Any chance you can standardize on one or the other
(RSA or ECC)? This may not be an issue, but it seems odd.
Robert Wagner
From: bind-users on behalf of Malco
What changed between bind-9.18.30 and bind-9.18.31 that would cause it to not
compile? We can compile bind-9.18.30 just fine but bind-9.18.31 fails with
netmgr/udp errors:
netmgr/udp.c:813:8: warning: return type defaults to 'int' [enabled by default]
static _Atomic(isc_stdtime_t) last_udpsends
Dear all,
I've been using SIG(0) successfully for some years to deal with Lets Encrypt
dns-01 challenge/response. Clients use dnssec-keygen to make themselves a
RSASHA512 key pair; I manually add that once during setup as a KEY record to
the zone using local nsupdate on the primary NS; then cl
Hi Nick,
many thanks for your reply and pointing me a little bit more to the
solution.
I have 3 views:
view badcountry: based on geoip ( the name is self-explanatory )
view internal: all local area networks but not the loopback interfaces
for IPv4 and IPv6
it has only two response policy
> On 2 Nov 2024, at 3:14 am, Scott Bradner wrote:
>
> I have the same problem with bind version 9.20.3 (on both Sonoma & Sequoia
>
> the Sonoma attempt was on a machine that I did a clean install on Sonoma on
> and
> the only things on the machine were what came with the install, homebrew &
>
I highly recommend the following checker: https://zonemaster.se/en/run-test
On Mon, Nov 4, 2024, 3:25 PM Julian Panke via bind-users <
bind-users@lists.isc.org> wrote:
> Maybe https://dnsviz.net/ ?
>
> Mit freundlichen Grüßen
>
> Julian Panke
>
> Ursprüngliche Nachricht
> Am 04.
Can we **please** stop discussing (suspected) security issue in this or
any other public fora?
Apple needs to investigate this and while they do that we should not
provide exploits or hints how to develop them.
If you are concerned please contact Apple.
Thank you.
Petr Špaček
Internet System
13 matches
Mail list logo
