You break a chain of trust by proving there is a insecure delegation.
NXDOMAIN is not a delegation.
The point on OPTOUT is to allow the parent zone to add and remove
insecure delegations without resigning.
Mark
> On 7 Feb 2018, at 11:26 pm, Tony Finch wrote:
>
> Pruned debug logs...
>
> vali
Is it possible to tell bind to ignore very short TTLs and enforce a...say... 5
second minimum TTL?
--
This is my signature. There are many like it, but this one is mine.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
On 08.02.18 19:12, Mark Andrews wrote:
You break a chain of trust by proving there is a insecure delegation.
that should be expected :-)
and in case of private/internal domain even logical - it's not useful to
push DS records to parent, and even possible with 2 versions of the same
zone.
N
Am 08.02.2018 um 09:52 schrieb LuKreme:
Is it possible to tell bind to ignore very short TTLs and enforce a...say... 5
second minimum TTL?
no, such a feature was refused because it violates RFC's (questionable
justification for a local decision not enbaled by default) and hence on
a inboun
Hi,
Am 2018-02-08 hackte LuKreme in die Tasten:
> Is it possible to tell bind to ignore very short TTLs and enforce
> a...say... 5 second minimum TTL?
VERY SHORT TTL?
5 sec minimum?
What Du you mean with ignoring?
It is you YOU have to configure Bind9 correctly to longer TTLs.
If the NS Entry
On 2018-02-08 10:10, Michelle Konzack wrote:
> Hi,
>
> Am 2018-02-08 hackte LuKreme in die Tasten:
>> Is it possible to tell bind to ignore very short TTLs and enforce
>> a...say... 5 second minimum TTL?
>
> VERY SHORT TTL?
>
> 5 sec minimum?
>
> What Du you mean with ignoring?
> It is you YOU
Thankyou for clarification...
Am DATE hackte AUTHOR in die Tasten: Karol Augustin
> On 2018-02-08 10:10, Michelle Konzack wrote:
>> Hi,
>>
>> Am 2018-02-08 hackte LuKreme in die Tasten:
>>> Is it possible to tell bind to ignore very short TTLs and enforce
>>> a...say... 5 second minimum TTL?
>>
>>
Am 08.02.2018 um 11:10 schrieb Michelle Konzack:
Am 2018-02-08 hackte LuKreme in die Tasten:
Is it possible to tell bind to ignore very short TTLs and enforce
a...say... 5 second minimum TTL?
VERY SHORT TTL?
5 sec minimum?
What Du you mean with ignoring?
It is you YOU have to configure Bin
Hello Harald,
Am 2018-02-08 hackte Reindl Harald in die Tasten:
> you miss the topic
>
> many DNSBL's have a very short TTL and at the same time a limit of
> queries froma single IP until you need to pay for the service
>
> so if you have a inbound MX and the RBL has 2 seconds TTL and a botnet
> is
Am 08.02.2018 um 12:30 schrieb Michelle Konzack:
Hello Harald,
Am 2018-02-08 hackte Reindl Harald in die Tasten:
you miss the topic
many DNSBL's have a very short TTL and at the same time a limit of
queries froma single IP until you need to pay for the service
so if you have a inbound MX and
Matus UHLAR - fantomas wrote:
>
> and in case of private/internal domain even logical - it's not useful to
> push DS records to parent, and even possible with 2 versions of the same
> zone.
You can have a secure delegation in the parent if you sign both versions
of the zone with the same KSK. (Th
In article you write:
>you miss the topic
>
>many DNSBL's have a very short TTL and at the same time a limit of
>queries froma single IP until you need to pay for the service
This doesn't sound like a technical problem.
Is there some reason you shouldn't pay for the service you're using?
___
Am 08.02.2018 um 16:16 schrieb John Levine:
In article you write:
you miss the topic
many DNSBL's have a very short TTL and at the same time a limit of
queries from a single IP until you need to pay for the service
This doesn't sound like a technical problem.
Is there some reason you shoul
On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote:
> Hello Harald,
> Am 2018-02-08 hackte Reindl Harald in die Tasten:
> > you miss the topic
> >
> > many DNSBL's have a very short TTL and at the same time a limit of
> > queries froma single IP until you need to pay for the service
>
Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman:
On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote:
Hello Harald,
Am 2018-02-08 hackte Reindl Harald in die Tasten:
you miss the topic
many DNSBL's have a very short TTL and at the same time a limit of
queries froma single IP unt
Am 08.02.2018 um 16:39 schrieb Reindl Harald:
Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman:
On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote:
Hello Harald,
Am 2018-02-08 hackte Reindl Harald in die Tasten:
you miss the topic
many DNSBL's have a very short TTL and at the sa
On Thu, Feb 08, 2018 at 04:39:36PM +0100, Reindl Harald wrote:
>
>
> Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman:
> > On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote:
> > > Hello Harald,
> > > Am 2018-02-08 hackte Reindl Harald in die Tasten:
> > > > you miss the topic
> > >
In article ,
Reindl Harald wrote:
> frankly, even *if* i pay for the service i would call it a good citizen
> to produce less load and the "minimum-ttl" also reduces load from other
> RBL's without any restriction
If the service provider is worried about load, they should increase
their TTL
Am 08.02.2018 um 16:51 schrieb Mukund Sivaraman:
On Thu, Feb 08, 2018 at 04:39:36PM +0100, Reindl Harald wrote:
Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman:
If the RRset wants a TTL of N seconds, then that is the authoritative
instruction from the owner of the zone about how the data shou
Reindl Harald wrote:
>
> yes, you are free to decide that named don't need to support the users wish of
> such a feature. but the result is that the user stops to use named at all on a
> inbound-mailserver and is done
Or you could use patched versions from FreeBSD or Debian ...
https://svnweb.fr
Am 08.02.2018 um 17:03 schrieb Barry Margolin:
In article ,
Reindl Harald wrote:
frankly, even *if* i pay for the service i would call it a good citizen
to produce less load and the "minimum-ttl" also reduces load from other
RBL's without any restriction
If the service provider is worrie
Barry Margolin wrote:
> There are some servers that will avoid expiring records if the auth
> servers stop responding, as a fail-safe mechanism.
For instance, BIND 9.12 - https://www.isc.org/blogs/bind-9-12-almost-ready/
Tony.
--
f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode
Ir
Reindl Harald wrote:
yes, you are free to decide that named don't need to support the users wish of
such a feature. but the result is that the user stops to use named at all on a
inbound-mailserver and is done
On 08.02.18 16:07, Tony Finch wrote:
Or you could use patched versions from FreeBS
On Thu, Feb 08, 2018 at 05:05:51PM +0100, Reindl Harald wrote:
> > I doubt the zone owner is forcing you to use their zone. You can nix
> > fetches to it. If you want the zone data, then follow what the zone
> > owner requires.
>
> does not matter
It matters to us.
Mukund
___
Am 08.02.2018 um 17:10 schrieb Mukund Sivaraman:
On Thu, Feb 08, 2018 at 05:05:51PM +0100, Reindl Harald wrote:
I doubt the zone owner is forcing you to use their zone. You can nix
fetches to it. If you want the zone data, then follow what the zone
owner requires.
does not matter
It matter
Am 08.02.2018 um 17:07 schrieb Tony Finch:
Reindl Harald wrote:
yes, you are free to decide that named don't need to support the users wish of
such a feature. but the result is that the user stops to use named at all on a
inbound-mailserver and is done
Or you could use patched versions fro
On 02/08/2018 08:51 AM, Mukund Sivaraman wrote:
Also, just for argument's sake, one user wants to extend TTLs to
5s. Another wants 60s TTLs. What is OK and what is going too far?
I think what is "OK" is up to each administrator.
Obviously the zone administrators have decided that they want peo
On Thu, Feb 8, 2018 at 4:34 PM, Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:
> On 02/08/2018 08:51 AM, Mukund Sivaraman wrote:
>
>> Also, just for argument's sake, one user wants to extend TTLs to 5s.
>> Another wants 60s TTLs. What is OK and what is going too far?
>>
>
> I think
> I think what is "OK" is up to each administrator.
>
> Obviously the zone administrators have decided that they want people to
> use the 2s TTL.
>
> That being said, it is up to each individual recursive server operator
> if they want to honor what the zone administrators have published, or if
Am 09.02.2018 um 07:02 schrieb sth...@nethelp.no:
I think what is "OK" is up to each administrator.
Obviously the zone administrators have decided that they want people to
use the 2s TTL.
That being said, it is up to each individual recursive server operator
if they want to honor what the zon
30 matches
Mail list logo
