Re: Difference in validating behavior 9.18 / 9.20

Comparing the ARM for 9.18 and 9.20, I see the same text in both regarding time, RRSIG, and validity In DNSSEC, every record comes with at least one RRSIG, and each RRSIG contains two timestamps: one indica

Re: Difference in validating behavior 9.18 / 9.20

Hi John, About the release note you mention with the [GL #4586], this indicates the Gitlab issue that was fixed and resulted in this release note. Here it is: https://gitlab.isc.org/isc-projects/bind9/-/issues/4586 The fix for 9.18 would have been implemented here: https://gitlab.isc.org/isc-proje

Re: dnsviz.net: has errors; select the "Denial of existence" DNSSEC option to see them.

Hi, If you select the "Denial of existence" under options, then you will see the exact details behind those errors. It seems like your NSEC3 iterations count is not 0, but it should be 0 to alleviate computational burdens. See RFC9276, Sec. 3.1. Best regards Taavi smime.p7s Description:

dnsviz.net: has errors; select the "Denial of existence" DNSSEC option to see them.

Dear All, I realized that dnsviz.net is showing me 5 errors for some domain names, even some which do not exist. This is not only for one domain. I see this for some domains I manage. I am running BIND 9.18.34-dev (Extended Support Version) This is for example such an error message at dnsvi

Re: Primary/Secondary

Greg Choules via bind-users writes: > What's a "primary master" as opposed to (presumably?) a "secondary master"? Some servers will be both masters and slaves when using hierarchical replication. It is useful to define the root of the tree as "primary master" and refer to any upstream from a "s