On 14. 12. 22 16:55, Petr Menšík wrote:
Hi Vicky.
Excellent, thank you for the issue link.
Is backport to 9.18 decided already? Would it appear on minor updates in
9.18.x line? I see comment it needs some missing feature. Is that
temporary issue or already decided? It seems to be important
p
Hi,
Ok, I got confused, no need for the keys on the slavs actually.
On the other hand, my slaves should generate the .signed, .signed.jnl and
.jbk files of my zones, no? currently it is not my case, should I copy them
from the master?
moreover, when I test a "dig A" I don't have the associated R
I have a simple “mylocal” zone setup with a primary and secondary server.
my primary has this .jnl file:
mylocal.jnl
My secondary has this similar .jnl file:
mylocal.saved.jnl
which I believe was distributed via zone transfer. You find no such similar
files on your secondary?
If you
dig @
Hi,
I have written a plugin for named and was wondering what the policy behind the
usage of plugin_version() is and what kind of compatibility check it intends to
perform.
It is common for plugins to use query_ctx_t and its members fname, view, client
(client.message, client.query) etc.
Since
Hi Marcus,
I am afraid that we can’t provide any guarantees about the BIND 9 internal
libraries. We made a decision to drop the layers and layers of compatibility
for the sake of maintainability.
That said, once the release is pronounced ESV (roughly a year from initial
release), we try to min
Hi Ondrej,
yeah, I was kinda expecting "no guarantees", but isn't the plugin_version()
function a good method candidate to enforce compatibility?
I mean, isn't increasing NS_PLUGIN_VERSION when a (plugin visible) data
structure changes, a good way to enforce that only compatible plugins are use
I believe that `NS_PLUGIN_VERSION` is reserved for situations
where the **plugin** API itself changes. But I agree with you that
the current situation where the query_ctx_t struct members are
accessed directly isn't ideal.
My recommendation would be to recompile the plugin together
with each new B
Hello,
I changed one of my domains over to dnssec-policy today (in a “nuclear”
fashion) - but everything went surprisingly well. Previous to this, I had
lowered all my TTLs to hopefully help with this process or any errors/mistakes
I might make.
I then went to put the TTLs back to their norma
Sorry to self-reply…
I’m still getting used to dnssec-policy. With the RRSIGs directly in the zone
file now I was having some trouble. I think I got it now - I needed to change
the TTL on a given RR, and delete the RRSIG for that RR. Lather, rinse, repeat
for any/all other RR’s. BIND will
* Sorry to spam the list guys, just really pulling my hair out with some
aspects of this migration I’ve done...
Seems like a simple question ? And maybe it is but I’m just way off track.
I have a DNSSEC signed zone (dnssec-policy). It’s also dynamic. So to make a
change (in this case remove
Stop freezing the zone. Use nsupdate to update the zone. Add a record back in
at the name using nsupdate. Then remove using nsupdate. If you really want to
edit the zone by hand use ‘inline-signing yes;’.
> On 16 Dec 2022, at 14:39, vom513 wrote:
>
> * Sorry to spam the list guys, just rea
> On Dec 15, 2022, at 11:31 PM, Mark Andrews wrote:
>
> Stop freezing the zone. Use nsupdate to update the zone. Add a record back
> in at the name using nsupdate. Then remove using nsupdate. If you really
> want to edit the zone by hand use ‘inline-signing yes;’.
>
Yes, this is exactly
Hi Team,
we have following configuration in my named.conf
where i named process on primary DNS is listening on port 15010.
whereas secondary DNS is running on port 53.
All Notification to secondary DNS is forwarded on destination port 53 from
primary DNS.
Now when i add tag port 15010 in options
Hi,
there’s really nice documentation for BIND 9, and it’s even online and have a
section on the “port”:
https://bind9.readthedocs.io/en/v9_18_9/reference.html#namedconf-statement-port
Also don’t limit the outgoing ports to a single number - that’s a bad security
practice, you should be using
14 matches
Mail list logo
