Re: IPv6 Geolocation per /64

* Rick Dicaire: > There's also a freely available service and API at https://ip-api.com > you may find useful. I am a bit freaked out by the fact that both MaxMind (IPv6) and ip-api (IPv4) were spot on with their reported locations a few minutes ago. We are talking about two "hits" within a 10km

Running systems for years without restart (was: I am provoked ...)

* Tim Daneliuk via bind-users: > But it did "provoke" a question. Does anyone think not restarting > *anything* for 10 years is a good idea? This isn't really BIND-related, so a different mailing list might be better suited for discussing the issue of ultra high availability. If you are interest

Re: Recommendations for replacing a master server without breaking DNSSEC

* Tony Finch: > I think a procedure like this is a good way to migrate a primary > server if the old and new servers are run by the same people [...] After reading your message I think that we used pretty much the same approach, although I am fortunate for not having to work under time pressure.

Recommendations for replacing a master server without breaking DNSSEC

Hello list members. Imagine a BIND9 master-and-slave pair (let's call them Alpha and Omega, respectively) with automatic synchronisation in place. Imagine further that Alpha needs to be replaced by a brand new server Beta hosted in a different data center, which implies new hardware and IP-adresse

Re: Deprecating auto-dnssec and inline-signing in 9.18+

* Tim Daneliuk via bind-users: > I believe the DS record is what I have to provide my registrar as I > understand it. That depends on the top level domain. For example, .de uses DS records, while .com uses DNSKEY reords. Best to ask your registrar. -Ralph

Re: Origin of reverse lookup

* techli...@phpcoderusa.com: > I had my ISP configure a reverse lookup years ago. They say they no > longer offer that service and there is no reverse lookup for my IP. And what exactly is "my IP"? One could hazard a guess based on your message's headers, but it would be easier if you told us. >

Re: no port randomization with dig over IPv6 on mac os

* Jakob Dhondt: > I have just noticed that when using dig (different versions) on Mac OS > (High Sierra) over IPv6 the source port is not randomized. I may be having a senior moment, but don't IPv6 privacy extensions cover address randomization rather than port randomization? -Ralph

Re: DNSSEC / Include a subdomain's KSK data, ZSK data or both in parent domain?

On 07.12.2017 22:33, Douglas C. Stephens wrote: > My research found that only DS records for the child zone's KSK(s) > needed to be put into the parent zone. That's what I thought, thank you for your confirmation. -Ralph ___ Please visit https://lists.

DNSSEC / Include a subdomain's KSK data, ZSK data or both in parent domain?

Hello list members. I use the following configuration for a domain-subdomain pair: zone "example.com" IN { type master; file "pri/example.com.zone"; auto-dnssec maintain; inline-signing yes; }; zone "subdom.example.com" IN { type master; file "pri/subdom