I was just reading yesterday about one way this can be done. If you are using
DNSSEC, the server, in order to sign a negative result, will use an NSEC record
type which will contain some similar record to the missing record since it
can’t sign an empty record. see below where I dig for MacBook
I have a validating DNSSEC bind server. I get AD (Authenticated Data)
flag when requesting details from a DNSSEC protected domain. Good.
The point is that when the requested DNS name belongs to a domain with
this server is authoritative and that domain is DNSSEC enabled, no AD
flag is provided
On 22/12/2022 13:30, Jesus Cea wrote:
I have a validating DNSSEC bind server. I get AD (Authenticated Data)
flag when requesting details from a DNSSEC protected domain. Good.
The point is that when the requested DNS name belongs to a domain with
this server is authoritative and that domain
Le 22/12/2022 à 14:30, Jesus Cea a écrit :
I have a validating DNSSEC bind server. I get AD (Authenticated Data)
flag when requesting details from a DNSSEC protected domain. Good.
The point is that when the requested DNS name belongs to a domain with
this server is authoritative and that domai
Hi Edwardo,
On 12/22/22 05:01, Edwardo Garcia wrote:
Hi,
I recently upgraded from 9.16 to latest version and changed a zone, ran
verisign test and it said all good, so changed my zones from auto
maintain dnssec to dnssec policy default, what a nightmare, most our
zones vanished few hours late
> On Dec 22, 2022, at 09:32, Matthijs Mekking wrote:
>
>
> I hope you have read our KB article on dnssec-policy before migrating:
>
> https://kb.isc.org/v1/docs/en/dnssec-key-and-signing-policy
>
> It should list the main pitfalls to save you a lot of hassle (I suspect you
> started algori
> On 23 Dec 2022, at 01:13, Emmanuel Fusté wrote:
>
> Le 22/12/2022 à 14:30, Jesus Cea a écrit :
>> I have a validating DNSSEC bind server. I get AD (Authenticated Data) flag
>> when requesting details from a DNSSEC protected domain. Good.
>>
>> The point is that when the requested DNS name b
On Thu, Dec 22, 2022 at 07:16:55AM +, Michael De Roover
wrote:
> So PTR records don't seem to be very useful in getting this information
> either. As such, I am still stranded.
Unless you scan for all (IPv4) PTR records into a
database ready for searches.
Here's a link to a page that lists
On Thu, 22 Dec 2022 05:19:46 +
Michael De Roover wrote:
> I have been running BIND 9 on my external and internal networks for a
> few years now -- as such I have a basic understanding of the most
> common RR types and activities such as zone transfers. However, I have
> been seeing something
9 matches
Mail list logo
