Re: Getting the name of responding server(s)

On Tue, Sep 07, 2021 at 10:48:57AM -0400, Matthew Pounsett wrote a message of 32 lines which said: > Yeah, you can pretty reliably get the answer in one or two steps by > requesting the NS set for the FQDN. You'll either get your answer, or > get an SOA with the name of the enclosing zone. S

Re: Getting the name of responding server(s)

In message , Stephane Bortzmeyer wrote: >On Tue, Sep 07, 2021 at 10:48:57AM -0400, > Matthew Pounsett wrote > a message of 32 lines which said: > >> Yeah, you can pretty reliably get the answer in one or two steps by >> requesting the NS set for the FQDN. You'll either get your answer, or >>

Re: Getting the name of responding server(s)

On Tue, Sep 07, 2021 at 10:48:57AM -0400, Matthew Pounsett wrote a message of 32 lines which said: Yeah, you can pretty reliably get the answer in one or two steps by requesting the NS set for the FQDN. You'll either get your answer, or get an SOA with the name of the enclosing zone. Second lo

Re: Getting the name of responding server(s)

On Thu, Sep 09, 2021 at 03:20:14AM -0700, Ronald F. Guilmette wrote a message of 48 lines which said: > I don't want and don't need SOA records. I want and need only the > relevant NS records. The algorithm proposed by Matt Pounsett uses the SOA but only to find the NS (through the name of t

Re: Getting the name of responding server(s)

On Thu, Sep 09, 2021 at 12:33:22PM +0200, Matus UHLAR - fantomas wrote a message of 59 lines which said: > Note that some domains can be horribly broken and different > nameservers can send different NS, or no NS at all but SOA. Doing this sort of survey on the wild (and wide) Internet leads

GUI tool to help replacing zone file editing by ddns

Hi all, once, I received the advice (from Tony?) to move to ddns. At that time I had trouble with zones no longer being updated from reloaded zone files. (Reloading zone files with inline-signing and autodnssec-maintain could interfere with key-signing activities of the server.) To help admins of

Reloading new certs for DNS over HTTPS

I’ve implemented DNS over HTTPS on two of my servers to get some experience. I’m using LetsEncrypt for the cert issuer. I ran in to an issue where it appears named only reads them on init. The cert expired and certbot faithfully renewed it, but was using the old cert it read at initialization

Re: Reloading new certs for DNS over HTTPS

Hi Eric, please create a GitLab issue for this. I think the rndc reconfig should pick the new cert/key, but I am not sure if we have actually implemented this. Ondřej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply o

Re: Reloading new certs for DNS over HTTPS

On 9/9/21 10:29 AM, Ondřej Surý wrote: I think the rndc reconfig should pick the new cert/key, but I am not sure if we have actually implemented this. Drive by comment: Should BIND /need/ to take any action for a /reconfig/ if it's configuration hasn't change? -- To me the configuration is

Notice of plan to deprecate map zone file format

Greetings bind-users, The `map` zone file format was introduced in BIND 9.10. https://bind9.readthedocs.io/en/v9_16_20/reference.html?highlight=map%20zone#additional-file-formats At the time,

RE: Reloading new certs for DNS over HTTPS

On 9/9/21 06:35 PM, Grant wrote: >> I think the rndc reconfig should pick the new cert/key, but I am not >> sure if we have actually implemented this. > Drive by comment: > Should BIND /need/ to take any action for a /reconfig/ if it's configuration > hasn't change? -- To me the > configurati

Re: Getting the name of responding server(s)

In message <20210909103322.ga27...@fantomas.sk>, Matus UHLAR - fantomas wrote: >On 09.09.21 03:20, Ronald F. Guilmette wrote: >>I don't want and don't need SOA records. I want and need only the relevant >>NS records. > >server in some cases send the SOA. Yes. I am aware of that. Thank you.

Re: Getting the name of responding server(s)

In message , Stephane Bortzmeyer wrote: >Doing this sort of survey on the wild (and wide) Internet leads >rapidly into a deep rabbit hole :-) > >If you go that way, one may also add to the requirments: "test the >name servers returned, to see if they actually reply (and with bit >AA)". Yes. Th