x27;t going to like
customers who act like that. Those are paid to help you and to be nice to you,
yes, but don't be surprised if it diminishes the quality of the help you are
to receive.
Do consider it, in any case.
N.B.: A trademark office allowed you to get a trademark o
Same here, A returns 147.75.40.150 while returns nothing. MX has records
to Microsoft, as
addressed by Sten.
My chain is recursive to Cloudflare from vantage points at Hetzner, and from
there follows the
usual public chain.
*v...@ideapad.lan* [*~*]
$ dig vodafone.com
; <<>> DiG 9
xmagic.com (fallback)
168.119.103.78 (/32)
AS24940 (Hetzner)
Falkenstein, Germany
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org--- Begin Message ---
This is the mail system at host nixmagic.com.
I'm sorry to have to inform you that your messa
ntially just lining up. The choice to rent out a
hotel floor in
Brussels, was quite smart. This meant that, just as I could easily go there
from Antwerp,
the politicians could also quite easily go there from their offices in "de
Wetstraat / Rue de
la Loi" (the street where their of
somewhat inaccurate in retrospect, but.. oh well.
Benefit of hindsight I guess. It worked at the time, so back then it should've
been good enough. Either way, I'm glad that such Expert Groups exist. If they
can offer advisory to the politicians themselves and bicker among each other t
ut one I'd rather
push down
until needed. Nonetheless, it can handle zones and has several logic items for
deduplication (e.g. A/PTR, mobility between zone suffixes, etc).
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://list
in general, the gateway or
a forward proxy server may be able to give better results (but encrypted
traffic
would be a pain to deal with).
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-
Negative cache TTL 1 minute
IN NS LOCALHOST.
; Examples
example.net IN CNAME localhost.
Note that the public domain name records to be redirected via RPZ cannot have a
trailing
dot.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
o the operator of this network has decided to add a second DNS
server."
Your work on the ARM is amazing Suzanne, and indeed we/they are :)
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
[1] https://www.ietf.org/rfc/rfc9103
ant here, but it's about as much
head-scratching as I can partake in right now. Pretty much just shooting in
the dark I suppose.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-user
deo about that.
https://www.youtube.com/watch?v=vh6zanS_epw[1]
(Long story short, it's MaxMind's secret sauce and therefore a trade secret)
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
[1] https://www.youtube.com/watch?v=vh
regardless, which uh... I don't want to even entertain the idea of for
my business, thank you very much!
Business here, personal there. Overlap yes, but only up to a point.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https
On Tuesday, February 18, 2025 10:06:35 PM CET Peter 'PMc' Much wrote:
> On Tue, Feb 18, 2025 at 09:51:51PM +0100, Michael De Roover wrote:
> ! On Tuesday, February 18, 2025 9:38:58 PM CET Peter 'PMc' Much wrote:
> ! > Then they make a business of selling my own info
On Tuesday, February 18, 2025 8:48:15 PM CET Michael De Roover wrote:
> I find it a shame that this record is no longer in use. GeoIP is anything
> but accurate, and GPS data is not reasonable to request from servers. Not
> like you can just hook up a GPS receiver to a VPS. Even from i
eir API is. ipinfo.io has
been good for a long time, but their commercialization efforts made me look
elsewhere. That's how iplist.cc came to be in this guy's operations.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://list
in your
environment and why. Then progressively address them as they happen. Helps to
establish rationale for what you build and why.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users t
heart).
As with everything engineering, I suppose it's a variety of compromises.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
[1] https://www.youtube.com/watch?v=6bicunweBAQ
--
Visit https://lists.isc.org/mailman/listinfo/
On Monday, 10 February 2025 15:12:05 CET Turritopsis Dohrnii Teo En Ming
wrote:
> It appears to be too difficult for me to understand.
Not gonna lie, Hyper-V is anything but easy to work with, at least initially.
It was in response to this thread that I realized that I don't even remember
and n
be a physical
limit. Perhaps it's possible to mitigate this with hostapd voodoo, but I have
yet to master that myself.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs
On Sunday, February 9, 2025 12:54:53 PM CET Michael De Roover wrote:
> Perhaps this would be as good of an email as any to express that I once
> walked the corridors with this teacher-
Not sure to which extent this will be necessary, but by this I meant my own
teacher Gitte. I should
any
peers leave after the first month because they thought it was little more than
LAN parties. That is _not_ what this field is about! It's about network
engineering first, entertainment four-hundred-and-fifteenth!
Anyway, (forwarded) rants aside.. that's what it&#x
lding, alongside burnt libraries),
perhaps we
are now in an ideal position to come back to this issue with the benefit of
hindsight. I for
one look forward to seeing what people from various parts of the world have to
say about
it.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagi
ondary. How ironic that this is probably the
most suitable term here.
Long story short, context matters. Paul Vixie made the context pretty clear,
as an authoritative figure. Perhaps we were mistaken to tie slavery into this
discussion in the first place. Or perhaps the designers at the time were
mist
ve seen a lot
in both tablets and laptops, and that kind of hostile engineering is something
I strongly object to. Heh, maybe I should just go ahead and do that myself
too. Electronics, sysadmin, development... shit never ends, does it.
--
Met vriendelijke groet,
Michael De Roover
Mail: i..
.##;
192.168.##.##;
};
// Masters
// Source: https://www.zytrax.com/books/dns/ch7/masters.html
masters satellite {
192.168.##.#;
};
Hope this helps.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/li
r everything else. Additionally,
this is separated into 3 servers for the network I'm thinking of.. with 1
master and 2 slaves. It's really just a matter of slicing. Your given server
can certainly be a master for one slice, and a slave for another.
--
Met vriendelijke gr
f that is an undesirable status quo, then perhaps the matter of
actual collaboration is what deserves foreground attention.
For a long time, I've considered the IETF's standards in particular, to be the
"laws of the internet". Perhaps it wouldn't be a bad idea to
On Wednesday, 29 January 2025 11:40:50 CET Michael De Roover wrote:
> Granted, for my own domains, doing zone transfers in plain TLS over a VPN
> connection like WireGuard has never failed me either.
TCP, I meant TCP! Goodness gracious, doing an all-nighter was not a good idea.
-
On Wednesday, 29 January 2025 11:07:51 CET Stephen Farrell wrote:
> Hiya,
>
> On 29/01/2025 02:58, Michael De Roover wrote:
>
> > I appreciate the confirmation of this being about DoT/DoH
>
>
> Do we have any opinions as to whether the document (which
> I've
so, it may be
a nuance worthy of note. Granted, even that doesn't mean that there wouldn't
be any spill-over. Identifying those may be able to prove useful. For example,
it wouldn't surprise me to learn that some of these government organizations
are also using BIND? At the end
to make? If
so, to what extent? And if authenticity is to be enforced from those with
authoritative servers, to circumvent that problem if identified as such,
wouldn't that just move the ball for ISP's to employ more intrusive methods to
comply with the law?
--
Met vriendelijke
};
};
My apologies for not double-checking earlier, but I think this should be
everything.
--
Met vriendelijke groet / Best regards,
Michael De Roover
signature.asc
Description: This is a digitally signed message part.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
e, not
the actual
domain on the internet. The only major issue I've been facing with this so far,
is that AXFR
to secondary and tertiary name servers has some issues, and at least Windows 10
Home
will query those when the primary name server does not give a satisfactory
answer.
--
Met v
On Thu, 2022-12-22 at 05:19 +, Michael De Roover wrote:
> Hello,
>
> I have been running BIND 9 on my external and internal networks for a
> few years now -- as such I have a basic understanding of the most
> common RR types and activities such as zone transfers. However, I
>
Hello,
I have been running BIND 9 on my external and internal networks for a
few years now -- as such I have a basic understanding of the most
common RR types and activities such as zone transfers. However, I have
been seeing something that's been baffling me for quite a while now.
Somehow there a
Thank you all for the replies.
For what I understand after reading your replies (I might be wrong :) ),
reverse lookups fail when I have no outgoing
connection because some caching or or transfer is needed from
66.136.193.in-addr.arpa. , wich I don't control. This
is divided in several networks,
ts are set according to
algorithm and usage (ZSK or KSK)
[1] https://www.cyberciti.biz/faq/unix-linux-bind-named-configuring-tsig/
Thanks again for your time to read this email, and for your insights.
--
Met vriendelijke groet / Best regards,
Michael De Roover
--
Visit https://lis
s/ch7/xfer.html
Thank you so much for taking your time to read this, and thanks in advance for
any insights.
--
Met vriendelijke groet / Best regards,
Michael De Roover
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this
For my servers I'm using iptables rules to achieve ratelimiting. They
look as follows:
-A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -m recent --
update --seconds 600 --hitcount 4 --name DEFAULT --mask 255.255.255.255
--rsource -j DROP
-A INPUT -p tcp -m tcp --dport 25 -m state --state NEW
rg/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bin
here that the DNS protocol has no
> means to distinguish among different types of NS host. (Yes, there
> is
> the SOA MNAME, but that is not used by resolvers.) One NS is as good
> as any other NS.
These (SOA and behavior for resolvers) probably describe where I got
confused, thanks
something like that).
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.or
e:
> Absolutely right; I wrote this Linux-centric article about it:
>
> https://kb.isc.org/docs/aa-01183
>
> It has not been updated to cover nftables.
>
> Note also that this is a good reason NOT to use the NAT that
> other posters
they are usually UDP based, and every new query is going
> to create state. Read up on state table exhaustion.
>
> Steinar Haug, Nethelp consulting, sth...@nethelp.no
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/
walls are cheap and the level of effort to run a bastion host
> > are
> > significant.
>
> Firewalls are useful when you want to protect unamanaged printers and
> Windows boxes (or Web servers with a lot of crappy PHP) but a BIND
> server on a reasonably managed Unix
just have one server for DNS and that tutorial is about
> secondary DNS server too. Can you show me another tutorial with one
> server and same goal?
> The Internet DNS server for my goal is "Authoritative DNS" ?
--
Michael De Roover
___
m this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mich
are signed by
putting a green square around it (useful for signed emails from e.g.
security mailing lists), and so on. Definitely recommended!
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
.com.+008+21010.key
should give you the correct timestamp.
--
Marcel de Riedmatten
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscript
__Please visit
> https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> informat
On 2020-08-09 04:51, Evan Hunt wrote:
On Sat, Aug 08, 2020 at 09:17:09PM +0200, Jelle de Jong wrote:
This will sound counter intuitive but I want to convert a
db.powercraft.nl.signed file to db.powercraft.nl (unsigned without keys). I
do have the keys used, but not the original file that got
big and i want to get rid of all the sign keys.
named-compilezone -f raw -F text -o powercraft.nl.text powercraft.nl
/var/cache/bind/db.powercraft.nl.signed
named-checkzone -D -f raw powercraft.nl
/var/cache/bind/db.powercraft.nl.signed
Kind regards,
Jelle de Jong
repository and will look further into it.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid sup
se with those
leaked databases and whatnot.
On 7/23/20 2:39 PM, Fred Morris wrote:
Perhaps slightly OT, but here's a company which has a whole business
model based on one nonobvious (?) reason to compile from source:
https://polyverse.com/
--
Fr
tro to turn into a Gentoo for increased merit or
reasons like that. If the distro makes compiling from source (be it
upstream or their downstream version) easy, either to compare or to
actually put it to use, all the better.
(My preferred term for for crashin
s when a handful of dedicated
compilation servers can do exactly that, and a million times better?
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from thi
ribe the same thing. It's
extremely confusing.
On 7/20/20 9:05 PM, Ted Mittelstaedt wrote:
On 7/20/2020 11:23 AM, Michael De Roover wrote:
If that is true, I hereby lost all faith in humanity.. well whatever
faith I had left. This has been going on for like half a decade now.
Nobody ever we
ote:
Speaking about things to be annoyed over ..
I am still ticked that FreeBSD dropped BIND from the distribution for something
called unwinding or whatever it is.
John
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://l
from amplification attack so is there
any method in bind to stop DNS Amplification attack.
I am thinking to stop or drop ANY type queries from our DNS Recursive
resolver , so please tell me how can we drop or stop ANY type queries
from bind.
--
Met vriendelijke groet / Best regards,
Michael De
ou
want to set your PTR records to not match at least one of your A records?
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the d
t to send mails) that your IP has
a sane PTR and that the name maps back to the IP the dns system couldn't
care less
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
tion
from the DNS servers higher up the chain. And another query if needed,
saves traffic either way I suppose.
Thanks a lot for the detailed reply, I really appreciate it :)
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit
e not very well documented online (or more likely my
search terms aren't right), so yeah... I wonder why the idea of
recursion became associated with a vulnerable server in the first place.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
ptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit h
s=t>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bin
suggested alternative too, and it's
nicely terse.
https://www.thesaurus.com/browse/master?s=t
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this lis
stead. These are not the people I
want to support in my effort to end racism, which I /do/ support, and
quite heavily so.
On 6/15/20 8:00 PM, DeCaro, James John (Jim) CIV DISA FE (USA) wrote:
Or you can call the slave servers 'secondary' servers.
--
Met
et vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at http
ney[*] for small issues like this. They (and other wealthy companies)
should be paying money only for original security research and not this
nonsense.
* $100 is a helluva money in some economies...
Ondrej
--
Ondřej Surý
ond...@isc.org
--
Met vriendelijke groet / Best regards,
Michael
firm that i have been able to install
1:9.16.3-1+ubuntu18.04.1+isc+3
without bionic-backports enabled.
Case closed !-)
--
Marcel de Riedmatten
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC fun
than to fight a
packaging infrastructure.
--
Marcel de Riedmatten
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https:
is to be
installed
E: Unable to correct problems, you have held broken packages.
--
Marcel de Riedmatten
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software w
way.
Assuming that I check whether my ISP allows 25 in- and outbound first,
that could work.
On 5/2/20 6:25 PM, Brett Delmage wrote:
On Sat, 2 May 2020, Michael De Roover wrote:
Even if your ISP allows it, chances are that other mail servers will
reject it
Nope, not always.
My residential-cl
port numbers.
On Sat, 2 May 2020 15:51:58 +0200
Reindl Harald wrote:
Am 02.05.20 um 15:41 schrieb Michael De Roover:
In my experience and from what I've heard, very few.
if that would be true how comes that most mail clients still default to
25 for submission and years after closing po
it good? No, email sucks. If you can get
away with not running a mail server, don't run one. They suck so much.
But if you do, a home IP is not where you'll want to start regardless.
Get a VPS if anything.
On 5/2/20 3:51 PM, Reindl Harald wrote:
Am 02.05.20 um 15:41 schrieb Michae
even many
(non-enterprise) business customers can't use port 25.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bin
ing but
that requires a list to be hardcoded in every web browser that supports
it. It doesn't scale up at all. At that point we might as well go back
to hosts files.
On 5/2/20 9:28 AM, Reindl Harald wrote:
Am 02.05.20 um 09:00 schrieb Michael De Roover:
That's actually my biggest co
rsally. There’s
nothing they can do about DoH.
Not that it is all sunshine and rainbows in DoH-land, of course. Use of cookies
is “discouraged” but not prevented, most obviously.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please v
9/20 10:19 PM, Tony Finch wrote:
Michael De Roover wrote:
On that subject, how about DoT?
DoT is easier since you only need a raw TLS reverse proxy, and there are
lots of those, for example, nginx:
http://dotat.at/cgi/git/doh101.git/blob/HEAD:/roles/doh101/files/nginx.conf#l48
Note that if you
implementation in named by the end of
this year.
In the meantime, there are DoH proxies that can run BIND as the back-end.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
!
- Mensagem Original
--
Assunto: dnssec-signzone
De: "David Alexandre M. de Carvalho"
Data:Seg, Abril 6, 2020 4:05 pm
Para:bind-users@lis
group to "named", and they are both readable.
Could anyone please tell me what am I doing wrong?
also, do I need to generate those 2 .key and .private files if I intend to sign
my several reverse zones?
Thank you very much!
Regards
Os melhores cumprimentos
David Alexandre
Thanks for the reply.
Actually my setup is just like 1) zone delegation
Am 03.04.20 um 15:20 schrieb David Alexandre M. de Carvalho:
> Where can I find about alternatives to point 2?
in the part you quoted from me
> I have a windows subdomain configured in that way, never realized there
Hi!
Where can I find about alternatives to point 2?
I have a windows subdomain configured in that way, never realized there was a
better way.
Thanks and regards.
Os melhores cumprimentos
David Alexandre M. de Carvalho
---
Especialista de Informática
e
respective IP network. Can I use the same
Keypair in all of them?
3) Are the files /etc/named.root.key file and /etc/named.iscdlv.key already
being used? I compared them to the result
of the DNSKEY dig query but they are different.
Thank you so much for your time!
Best regards
On Tue, Dec 29, 2015, at 04:40 PM, Diggins Mike wrote:
> What happens if I do one without the other? I guess I don't fully
> understand the relationship between the name servers listed in the zone
> versus the ones found in my domain record. I'm running BIND locally, if
> that matters.
Hi Mike,
Add a "www.domain.com" zone to your local server.
OMG - YES!
Thanks !
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/
Hi Guys,
I have a requirement to replace certain records in a zone, as e.g:
To the public I want www.domain.com and mail.domain.com to resolve to
1.2.3.4 (Do note that I am not the SOA for domain.com)
To my development environment I would like www.domain.com to resolve to
5.6.7.8, but I still
Hi List,
We are currently looking at using Bind in a DNS blacklist setup to block
adult content from a network. We can scale outwards as far as we want,
but it's the up sizing that has me worried.
Here is a sample of the zone definitions (names changed :) ):
zone "domain1" { type master; fil
On Mon, 12 May 2014 12:08:09 +0100
Tony Finch wrote:
> Mart van de Wege wrote:
> >
> > The only difference I *can* see is that this particular slave zone
> > occasionally gets a lot of updates in a single day, which is when this
> > problem seems to be triggered.
&
Hi Doug,
Doug Barton writes:
> On 05/08/2014 05:53 AM, Mart van de Wege wrote:
>
>> I have a couple, all of them 'retry limit for master $foo exceeded'.
>>
>> Only 2 hits for the master that's giving trouble though, and none of
>> those around the
Tony Finch writes:
> Mart van de Wege wrote:
>> Tony Finch writes:
>> > Mart van de Wege wrote:
>> >>
>> >> How do I go about troubleshooting this issue to get a better idea of
>> >> what is going on?
>> >
>> > Are th
Tony Finch writes:
> Mart van de Wege wrote:
>>
>> How do I go about troubleshooting this issue to get a better idea of
>> what is going on?
>
> Are there any messages in your log containing the string " refresh: "?
>
(Apologies to Tony for getting thi
Hi,
I'm running a DNS server as master for our infrastructure, serving up
several thousand zones. As a service to a few customers, this server also
slaves for 19 zones.
One of these zones intermittently fails to refresh when getting a
notify, with the message 'refresh in progress, refresh check q
I want to test Bind 9.9.3b2.
Why isn't there Bind 9.9.3b2 in download link on the ISC.org?
Is there recommendation to use the version Bind 9.9.3b2?
I look in http://www.isc.org/software/bind/security/matrix that there
isn't bug in Bind 9.9.3b2.
_
On 03/03/12 12:47, dE . wrote:
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
Second, why do I get multiple DS records as response? --
You will always get a 2 DS Records in response. One for SHA-1 and
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
Second, why do I get multiple DS records as response? --
You will always get a 2 DS Records in response. One for SHA-1 and
second for SHA-256.
I was read
On 02/18/12 22:55, Jeremy C. Reed wrote:
I started writing a book introducing DNSSEC a few years ago. Would you
like to read a draft of it?
Book on DNSSEC? Ok. Thanks.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
On 02/18/12 22:14, Axel Rau wrote:
Am 18.02.2012 um 17:35 schrieb dE .:
The DS record is a signature right?
No its the hash of a DNSKEY (KSK) in the child zone. The DS is signed with a
RRSIG.
Axel
---
PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius
Thanks for the
On 02/18/12 02:41, Tony Finch wrote:
dE . wrote:
Firstly, where do we get the public key for the DS records?
A zone's DNSKEY RRset contains its public keys, and these are hashed to
make its DS records. For example,
$ dig +nottl +noall +answer DS isc.org | perl -pe 's/\s+(?!$)/ /
1 - 100 of 135 matches
Mail list logo
