You need to tell BIND the DS is gone from the parent. See the usage for,
rndc dnssec -checkds withdrawn
On Thu, Nov 7, 2024 at 12:04 PM Τάσος Λολότσης wrote:
> Hello all,
>
> I’m currently facing an issue with DNSSEC key management in BIND and
> would appreciate any insights or experiences yo
On Thu, 7 Nov 2024, Hans Mayer via bind-users wrote:
[...]
Maybe the server does not log its own query or my config for
dnstap is not perfect.
Dnstap can log queries between the authority and the recursive, and
between the recursive and the client; and both queries and responses. At
least fo
Hello all,
I’m currently facing an issue with DNSSEC key management in BIND and would
appreciate any insights or experiences you might have.
I have configured a DNSSEC policy for my domain with the following settings:
keys {
csk key-directory lifetime P365D algorithm ecdsa256;
};
// Key ti
Hi Nick,
many thanks for your reply and your very detailed and exact explanation.
Based on your suggestion I realised that I don't get an Authoritative
Answer if I query @ the IP of eno1 interface but I get an AA flag for
@::1 and @127.0.0.1
Therefore you are right. It must query something el
Mark,
Thanks for the suggestion. That did the trick. We will be upgrading our RHEL 7
systems this year but the RHEL 8 systems will take more time. This gives us a
solution until we can get all of our DNS servers to RHEL 9.
—
Nathan
> On Nov 5, 2024, at 3:46 PM, Mark Andrews wrote:
>
> Use a c
5 matches
Mail list logo
