On 6/5/20, 02:21, "bind-users on behalf of Chuck Aurora"
wrote:
On 2020-05-02 14:35, Reindl Harald wrote:
> Am 02.05.20 um 21:31 schrieb Chuck Aurora:
>> On 2020-05-02 13:23, Erich Eckner wrote:
>>> Will there be client-side DoT/DoH support in bind, too? E.g. will my
>>> recu
On 2020-05-02 14:35, Reindl Harald wrote:
Am 02.05.20 um 21:31 schrieb Chuck Aurora:
On 2020-05-02 13:23, Erich Eckner wrote:
Will there be client-side DoT/DoH support in bind, too? E.g. will my
recursive (or forwarding) resolver be able to resolve upstream dns
via
Well, a recursive resolver
Erich Eckner wrote:
>
> Will there be client-side DoT/DoH support in bind, too? E.g. will my recursive
> (or forwarding) resolver be able to resolve upstream dns via those?
At the moment the specifications are not yet done for encrypted DNS
between recursive and authoritative servers. It's very d
Dont flatter yourself troll, I've always been active on a number of
lists, but as I do have a life, I may not comment on every single thread
on every list.
Like I told you before stop being a f'wit and i'll have no reason to
warn anyone of how caustic you will get towards them, and we'll also
hav
Am 03.05.20 um 01:42 schrieb Noel Butler:
> Dont waste your time trying to argue with that troll
given that you *never* had to say anything useful on *any* mailing list
and only creep out of your hole when you hear my name to fire your
personal vendetta what about stay in your hole?
___
On 03-05-2020 01.59, Noel Butler wrote:
>
> On 03/05/2020 02:17, Sten Carlsen wrote:
>
>> About mail servers from residential IPs. I have done that for a
>> number of years, very rarely any issue.
>>
>
> Most SP's do this
>
>
>> The major problem was that at one time MS required a reverse
On 03/05/2020 02:17, Sten Carlsen wrote:
> About mail servers from residential IPs. I have done that for a number of
> years, very rarely any issue.
Most SP's do this
> The major problem was that at one time MS required a reverse lookup for the
> actual mail server name.
Many SP's still do t
Dont waste your time trying to argue with that troll
google his name, he's well banned on many lists, he was moderated on
this list as well, seems he's changed his user@ to get around it. He's
been quiet for a while thought he learned his lesson, but leopards never
change their spots.
On 03/05/
Am 02.05.20 um 21:31 schrieb Chuck Aurora:
> On 2020-05-02 13:23, Erich Eckner wrote:
>> Will there be client-side DoT/DoH support in bind, too? E.g. will my
>> recursive (or forwarding) resolver be able to resolve upstream dns via
>
> Well, a recursive resolver cannot use DoT/DoH for iterative
On 2020-05-02 13:23, Erich Eckner wrote:
Will there be client-side DoT/DoH support in bind, too? E.g. will my
recursive (or forwarding) resolver be able to resolve upstream dns via
Well, a recursive resolver cannot use DoT/DoH for iterative queries to
authoritative NS servers, unless authoritat
On 2020-05-02 11:32, Michael De Roover wrote:
Interesting, I wasn't aware of that. Until now I subscribed to the
whole business-only IP idea the whole time. I never thought that ISP's
or other mail servers would allow this (though granted, mine doesn't
discriminate either). Meanwhile Microsoft st
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
I assume, the (on-topic) discussion so far was about the serving part of
bind. (Correct me, if I'm wrong)
Will there be client-side DoT/DoH support in bind, too? E.g. will my
recursive (or forwarding) resolver be able to resolve upstream dn
In article you write:
>On Sat, 2 May 2020, Michael De Roover wrote:
>
>> Even if your ISP allows it, chances are that other mail servers will
>> reject it ...
>My residential-class static IP mail server has never had problems
>delivering mail. I've checked it many times over the years on many
Interesting, I wasn't aware of that. Until now I subscribed to the whole
business-only IP idea the whole time. I never thought that ISP's or
other mail servers would allow this (though granted, mine doesn't
discriminate either). Meanwhile Microsoft still blocks one of my sender
IP's (e3.nixmagi
On Sat, 2 May 2020, Michael De Roover wrote:
Even if your ISP allows it, chances are that other mail servers will
reject it
Nope, not always.
My residential-class static IP mail server has never had problems
delivering mail. I've checked it many times over the years on many
blacklist checke
About mail servers from residential IPs. I have done that for a number of
years, very rarely any issue.
The major problem was that at one time MS required a reverse lookup for the
actual mail server name. That was then fixed by the ISP and all works again.
In my part of the world it is very bad
On Sat, 2 May 2020, Paul Kosinski via bind-users wrote:
How many ISPs allow traffic on port 25? My impression is that even many
(non-enterprise) business customers can't use port 25.
Mine does. It's a major Canadian independent ISP. They allow servers too.
I run postfix and secondary DNS (bin
I'm sure that most of the list members here are aware of how net
neutrality and the internet in general works - we're internet operators
after all. What we're here for is ports and protocols, not policy or
internet culture. On that subject, we are not policy makers. Let's leave
that to politici
Am 02.05.20 um 16:39 schrieb Paul Kosinski via bind-users:
> I wasn't complaining about port 25, I was just citing it as a
> counterexample to the claim that ISPs "must" pass all traffic.
https://en.wikipedia.org/wiki/Net_neutrality
> I think that most ISPs tell customers how to set up their e
I wasn't complaining about port 25, I was just citing it as a
counterexample to the claim that ISPs "must" pass all traffic.
I think that most ISPs tell customers how to set up their email clients
(NUAs) including what port to use. Of course it seems that now most
people use Web based email like G
To put it very simply, I consider myself very lucky that I have control
over every mail client that interfaces with my mail server. Most of them
are well-behaved and use 587 for submission. My mail server has also
disabled it on port 25 to reduce spam. Port 587 on my mail server is
also only vi
Am 02.05.20 um 15:41 schrieb Michael De Roover:
> In my experience and from what I've heard, very few.
if that would be true how comes that most mail clients still default to
25 for submission and years after closing port 25 on our mailserver i
still struggle with customers smartphones still n
In my experience and from what I've heard, very few. Even if your ISP
allows it, chances are that other mail servers will reject it, since
residential areas aren't really suited for and aren't generally used for
long-term mail servers. I would recommend against running your mail
server (directl
Am 02.05.20 um 15:30 schrieb Paul Kosinski via bind-users:
> How many ISPs allow traffic on port 25? My impression is that even many
> (non-enterprise) business customers can't use port 25.
that can be easily answered by just look at your inbound MX and the
amount of dul.dnsbl.sorbs.net and pbl
How many ISPs allow traffic on port 25? My impression is that even many
(non-enterprise) business customers can't use port 25.
On Sat, 2 May 2020 09:28:54 +0200
Reindl Harald wrote:
> Am 02.05.20 um 09:00 schrieb Michael De Roover:
> > That's actually my biggest concern with DoH, ISP blocking.
I don't live in the US myself, but from what I've heard it's actually
among the least censored countries out there at the DNS level. Again, I
don't consider it right to block content, at least if said content
doesn't break local laws. If anything I'd like to actually retain my
ability to bypass
Am 02.05.20 um 09:00 schrieb Michael De Roover:
> That's actually my biggest concern with DoH, ISP blocking. It doesn't
> seem as obvious as it is with DoT, but deep packet inspection (DPI) is
> already a thing. Don't expect an ISP that wants to block DoT to not
> (want to) block DoH either. The
That's actually my biggest concern with DoH, ISP blocking. It doesn't
seem as obvious as it is with DoT, but deep packet inspection (DPI) is
already a thing. Don't expect an ISP that wants to block DoT to not
(want to) block DoH either. The crux of the problem at that point is not
the technolog
On 29 Apr 2020, at 14:19, Tony Finch wrote:
> DoT is easier since you only need a raw TLS reverse proxy, and there are
> lots of those, for example, nginx:
DOH is better because it cannot be blocked without blocking all https traffic.
(FSVO of better, of course. I am sure there is a vi/emacs spa
Thanks a lot for the detailed reply. That should be pretty
straightforward to set up then, as I'm already using nginx for some
other things and Debian appears to be using BIND 9.11.5 now. Until BIND
gets native DoT/DoH support I'll probably run it behind nginx as well then.
On 4/29/20 10:19 PM
On Wed, Apr 29, 2020 at 08:06:20PM +0200, Michael De Roover wrote:
> On that subject, how about DoT? I have mixed feelings about using 443 as a
> kitchen sink port but encrypting DNS seems like a good idea.
Native support by the end of the year, same as DoH. Also, there's a
sample configuration fo
Michael De Roover wrote:
> On that subject, how about DoT?
DoT is easier since you only need a raw TLS reverse proxy, and there are
lots of those, for example, nginx:
http://dotat.at/cgi/git/doh101.git/blob/HEAD:/roles/doh101/files/nginx.conf#l48
Note that if you enable DoT on port 853 on your
> On Apr 29, 2020, at 11:06 AM, Michael De Roover wrote:
>
> On that subject, how about DoT? I have mixed feelings about using 443 as a
> kitchen sink port but encrypting DNS seems like a good idea.
We are planning to have DoT on the same timeline as DOH, so nobody has to
choose one or the o
On that subject, how about DoT? I have mixed feelings about using 443 as
a kitchen sink port but encrypting DNS seems like a good idea.
On 4/29/20 9:40 AM, Evan Hunt wrote:
Does BIND have a DoH plugin official?
Or is there any guide to customize that one?
Not yet, but we plan to have a DoH imp
Walter Peng wrote:
>
> Does BIND have a DoH plugin official?
> Or is there any guide to customize that one?
You'll need to run a DoH proxy in front of BIND, for example
https://dnsdist.org/ - my DoH service uses
https://dotat.at/cgi/git/doh101.git
Tony.
--
f.anthony.n.finchhttp://dotat.at/
> Does BIND have a DoH plugin official?
> Or is there any guide to customize that one?
Not yet, but we plan to have a DoH implementation in named by the end of
this year.
In the meantime, there are DoH proxies that can run BIND as the back-end.
--
Evan Hunt -- e...@isc.org
Internet Systems Cons
36 matches
Mail list logo
