Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

Hi Tim, On 11-08-2021 04:19, Tim Daneliuk via bind-users wrote: On 8/10/21 7:32 PM, raf via bind-users wrote: To get the DS record information to convey to the registrar, after starting to use the default policy. look for the CDS record (the child version of the DS record) with dig: dig CDS

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

Syntax question: In https://bind9.readthedocs.io/en/latest/dnssec-guide.html the double quotes are never used in the zone stanza where the dnssec-policy is referred to. The double quotes sometimes (but not always) appear in the dnssec-policy definition stanza. Are the double quotes optional in bo

RE: advance features of BIND DoT and DoH

Swapneel wrote: > For DoH, please have a look at the following page[1] and BIND9 > documentation[2] and for DoT[3] > [1]: https://www.isc.org/blogs/bind-implements-doh-2021/ > [2]: > https://bind9.readthedocs.io/en/latest/reference.html?highlight=DoH#http-statement-definition-and-usage > [3]: h

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

On Wed, Aug 11, 2021 at 09:40:00AM +0200, Matthijs Mekking wrote: > > Syntax question: > > In https://bind9.readthedocs.io/en/latest/dnssec-guide.html > > the double quotes are never used in the zone stanza > > where the dnssec-policy is referred to. The double > > quotes sometimes (but not alwa

Re: Add DNS records automatically for static IP's

Thank you so much ! El lun, 9 ago 2021 a las 13:40, tale () escribió: > > On Mon, Aug 9, 2021 at 8:46 AM Roberto Carna wrote: > > Thanks to all of you, is it possible to use nslookup in order to > > update DNS records from Linux hosts to a Windows DNS server (not BIND) > > Not nslookup, but nsupd

Debug Approach Help?

I am running bind 9.16.19 on two FreeBSD 13-STABLE instances. The master is on a Digital Ocean droplet and works fine. The slave is hosted on physical machine here in our offices. This has always worked flawlessly until recently. Periodically, the slave refuses to resolve names like 'git.freeb

DKIM setup

I’m trying to set up DNS records for DKIM in our system; we have a hybrid O365/On-Prem Exchange server and separate Mailman list server, all of which send email from our domain (and are in the spf list in DNS.) I’m a little unclear on the syntax described here: (https://kb.isc.org/docs/aa-00725

Re: DKIM setup

Hello. Ve is Venezuela. It’s a country. Alice is the selector name, you can have whatever you want. https://dmarcly.com/blog/what-is-dkim-selector-and-how-does-it-work-dkim-selector-explained For Office365 you should follow Office365 names which are selector1 and selector2. On 11 Aug 2021, at

Re: DKIM setup

LOL what a joke, country blocking: Original Message Details Created Date: 8/11/2021 4:56:17 PM Sender Address: fer...@versatushpc.com.br Recipient Address: john...@pharmacy.arizona.edu Subject:Re: DKIM setup Er

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

On 8/10/21 11:27 PM, raf via bind-users wrote: > Does that help at all? Very much thank you. I have now discovered my DNS key and corresponding DS record. I believe the DS record is what I have to provide my registrar as I understand it. -- ---

RE: Debug Approach Help?

There's a very good article on the ISC website which discusses BIND logging: https://kb.isc.org/docs/aa-01526 I recommend reading and implementing the logging as per their suggestion (backup or make a note of your current logging configuration options in case you want to revert in future) and th

Re: Debug Approach Help?

On 8/11/21 12:49 PM, Richard T.A. Neal wrote: > There's a very good article on the ISC website which discusses BIND logging: > https://kb.isc.org/docs/aa-01526 > > I recommend reading and implementing the logging as per their suggestion > (backup or make a note of your current logging configurati

Failure from rate-limit

Hi, my servers fail to query the upstream servers with these errors: rate-limit: debug 99: rrl=0x0, HAVECOOKIE=0, result=DNS_R_SERVFAIL, fname=0x8027a5450(0), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0 The operator of the upstream servers says it is due to a configuration mis

Re: AW: Deprecating auto-dnssec and inline-signing in 9.18+

On Wed, Aug 11, 2021 at 12:14:38PM -0500, Tim Daneliuk via bind-users wrote: > On 8/10/21 11:27 PM, raf via bind-users wrote: > > Does that help at all? > > Very much thank you. I have now discovered my DNS key and corresponding DS > record. I believe the DS record is what I have to provide