Hi there,
On Sat, 2 Dec 2023, Mark Andrews wrote:
On Fri, 1 Dec 2023, John Thurston wrote:
> Can someone make a good case to me for continuing to perform DNSSEC
> validation on my central resolvers?
Think of a recursive server as a town water treatment plant. You
could filter and treat at ever
Hello Bind Community,
Im trying to resolve sub-subdomain without making each level as separate
zone file.
I have domain.my (name of domain changed) in main zone (the host I serve it
from is ns.domain.my) - this works fine, I delegated sub domain my.domain.my
by adding:
my.domain.my IN NS ns.dom
Ancient BIND version, but won’t mention it beyond that. Others are going to.
This should work fine. Having multiple levels of labels in the zone
shouldn’t be a problem. But you’re not providing enough detail to
troubleshoot. You’re going to have to show the config and zone files to
really get any
Preface: Please don’t read any judgement of DNSSEC’s value into this
question. Just looking for the opportunity to understand DNSSEC better from
some world-class experts if any care to respond.
When a client (or any DNS-speaker) is doing validation, doesn’t it set CD
on queries through a forwarder
Thanks for fast replay.
Yes ancient, because server is also ancient - yet it should work.
I was able to pin point the issue.
Looks like I was editing zone file, saving it, cat-ing it and it was fine,
until it was "recovered" from journal file and overwrited by it each time,
later bind was not loadi
Clients need to send both cd=0 and cd=1 queries. The two types of queries
address different failure scenarios.
I tried hard to prevent the stupid just send cd=1 advice before it was
published. Years before there was a wish to reduce the amount of work a
validating resolver does. There was bad
6 matches
Mail list logo
