On Wed, Apr 13, 2022 at 9:39 AM Bjørn Mork wrote:
> Timothe Litt writes:
>
> > Anyhow, it's not clear exactly what problem you're asking LOC (or
> > anything) to solve.
>
> Which problems do LOC solve?
>
> I remember adding LOC records for fun?() in the previous millennium when
> RFC 1876 was fr
Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users:
I'm not 100% sure, but I wonder if disabling systemd-resolved may create
issues if, for example, you are using netplan with systemd-networkd as
the renderer? E.g. Will it still be possible to pick up DNS servers from
IPv6 router advertis
Hello,
I have an rPi here at home running as a second DNS server to my main (non-rPi)
bind instance. The pi unfortunately only has 1G ram. I’ve set max-cache-size
to 50% and verified it took effect:
root@ns2:~# grep size /var/log/daemon.log
May 1 12:38:23 ns2 named[6295]: /etc/bind/named.con
I have 2 domains where I switched from Alg 8 to Alg 13, but the old keys
don't seem to be going away.
Attached are the state files, and the rndc dnssec -status outputs.
Ideas?
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 E-Mail: l...@l
On 1/05/2022 9:13 pm, Reindl Harald wrote:
Am 01.05.22 um 06:38 schrieb Nick Tait via bind-users:
I'm not 100% sure, but I wonder if disabling systemd-resolved may
create issues if, for example, you are using netplan with
systemd-networkd as the renderer? E.g. Will it still be possible to
pick
Why should you want them to go away while you still have DS records referencing
them?
You also have a CDS record referencing a DNSKEY that dnssec-policy doesn’t seem
to know about.
sienawx.us. 2892IN CDS 49366 8 2
60E3D64328B3D8929838FD1F2AB03CD5C8C72E3185C667B059E0015
On 2022-04-29 01:18, Mark Andrews wrote:
break-dnssec is about if the client could detect the re-write or not using
DNSSEC. If the client has DO=1 in the request and the normal response is
signed then rewrites can be detected. If break-dnssec is ’no’ the rewrite will
be prevented. If break-
On 05/01/2022 8:53 pm, Mark Andrews wrote:
Why should you want them to go away while you still have DS records
referencing them?
You also have a CDS record referencing a DNSKEY that dnssec-policy
doesn’t seem to know about.
sienawx.us. 2892IN CDS 49366 8 2
60E3D64328B3D
> On 2 May 2022, at 12:28, J Doe wrote:
>
> On 2022-04-29 01:18, Mark Andrews wrote:
>
>> break-dnssec is about if the client could detect the re-write or not using
>> DNSSEC. If the client has DO=1 in the request and the normal response is
>> signed then rewrites can be detected. If break-
9 matches
Mail list logo
