On 18 August 2016 at 02:07, Barry Margolin wrote:
> That's why Cloudflare's method is "RFC-compliant", but what MS is doing
> with sharepoint.com is not.
Microsoft's DNS implementation allows CNAMEs at the zone apex, correct
it's not RFC compliant, but this is Microsoft...
___
On 18 August 2016 at 01:04, anup albal wrote:
> Does that mean I setup another forwarding zone called microsoft.com or
> sharepoint.microsoft.com or both?
Ideally you should setup a completely separate caching/forwarding
server and not be using the external DNS box (NS1) for this purpose.
On the
Vin?cius Ferr?o wrote:
: OpenSSL 1.0 will continue to be supported. There's no rush to go to 1.1
release.
: I can't see this as an issue.
Tell us that when openssl 1.0 starts to disappear.
: Sent from my iPhone
: > On Aug 17, 2016, at 23:38, The Doctor wrote:
: >
: >> On Thu, Aug 18, 2016
As I read it, you have to buy the "flattening" as an extra service from
CloudFlare. Their default is to give CNAME at the apex, intentionally violating
RFCs.
What a concept: charging extra for RFC-compliance.
Well, the cost/benefits/risks of separating authoritative and recursive on
different *servers* (as opposed to different NICs, views, or whatever) is
actually a hotly-debated topic among experts. I know some non-DNS-expert
opinions, from the InfoSec side of the house, consider hardware-level
sep
I recently switched from external signing of my zone to use of BIND 9.9
inline signing. While things went fairly smoothly on the master server,
my slave ended up with a bunch of spurious DNSKEY records that came from
my previous keys (I generated new keys when I went to inline signing).
The extra
In message , The Doctor writes:
> Vin?cius Ferr?o wrote:
> : OpenSSL 1.0 will continue to be supported. There's no rush to go to 1.1 rel
> ease.
>
> : I can't see this as an issue.
>
> Tell us that when openssl 1.0 starts to disappear.
It was mostly accessor functions were missing which I wasn
I am running bind 9.8.2 on a pair of RHEL 6 DNS servers.. One server is the
master, one is the slave. My goal is to setup 2 views so that our internal
folks can resolve hostnames to internal IP's while still allowing our
external customers to resolve from the outside. Both of these servers are
exte
I think you are pretty close. One detail that you appear to be missing are is
in the linked document:
server 10.0.1.1 {
/* Deliver notify messages to external view. */
keys { external-key; };
};
Your slaves should have a similar statement in each view with the IP of the
master and the relevant
That is correct, as I have not setup the TSIG keys yet.
Also, I am still a bit confused on how this code should be implemented in
my conf file. In the example you posted that refers back to the link, where
would I place it in the context of my views on the master? Do I only need
that one stanza on
Am 16.08.2016 um 11:04 schrieb Eivind Olsen:
I'm seeing some odd problems where BIND (9.10.4-P2) has issues resolving
getsurfed.com. This is when using the "510 Software Group" BIND 9.10 for
RHEL/CentOS/Fedora.
why do you use a 3rd party package?
no problem here with bind-9.10.4-1.P2.fc24.x8
On 8/18/16 12:32 AM, Vinícius Ferrão wrote:
> OpenSSL 1.0 will continue to be supported. There's no rush to go to 1.1
> release.
>
> I can't see this as an issue.
You've never dealt with "The Doctor" before, have you?
signature.asc
Description: OpenPGP digital signature
__
Dear all,
As far as I understand, BIND is not only used for authoritative name
servers, but is also often used as a (recursive) resolver.
When receiving a response to a DNS query, does BIND match the source ip of
the response to the destination ip of the query and discard the response if
they
On 8/18/16 1:29 PM, Jim Fenton wrote:
> The extra DNSKEY records were not present in the zone file of the master
> server, so I reinitiated a zone transfer and this did not help. I
> checked the signed zone file on the master with named-checkzone and only
> the desired DNSKEY records were there.
On Thu, Aug 18, 2016 at 11:27:01AM +0200, pm8...@t-online.de wrote:
> Dear all,
>
> As far as I understand, BIND is not only used for authoritative name
> servers, but is also often used as a (recursive) resolver.
> When receiving a response to a DNS query, does BIND match the source ip of
> th
In message <9f949ee6-6386-c986-698e-e4a46e6cf...@thelounge.net>, Reindl Harald
writes:
> Am 16.08.2016 um 11:04 schrieb Eivind Olsen:
> > I'm seeing some odd problems where BIND (9.10.4-P2) has issues resolving
> > getsurfed.com. This is when using the "510 Software Group" BIND 9.10 for
> > RHEL/
16 matches
Mail list logo
