Re: How do I debug if the queries are not getting resolved?

That's good advice Greg, I thought I'd read up some more about that in the DNSSEC guide within the Admin. Reference Manual - https://bind9.readthedocs.io/en/v9.18.20/dnssec-guide.html - only it is not mentioned within that section (dnssec-validation is). It is in the Configuration Reference -

Instructions to use delv to test DNS configured domain before DS uploaded to parent

I previously used delv with a manually made trust/key file to test that a DNSSEC-enabled zone was generated correctly. Despite sarching for all kinds of terms I cannot find those instructions (in readthedocs I believe). Could someone please point me there? bind9, bind9-dnsutils: 9.18.15 Tha

Re: Instructions to use delv to test DNS configured domain before DS uploaded to parent

Sorry, I pasted the wrong version (too many remote shells open today) Should be: ii bind9 1:9.18.19-1~deb12u1 amd64Internet Domain Name Server ii bind9-utils1:9.18.19-1~deb12u1 amd64Utilities for BIND 9 On Wed, 13 Dec 2023, Brett Delmage wrote: I previously used

Question about DNS / bind9 / authoritative and NXDOMAIN vs NOERROR (NODATA)

  ‌ Dear Bind user,   I am a teacher and trying to understand how dns works. I am spending hours reading various sources without finding satisfying information. For teaching purposes I have created a virtual machine with isc dhcp server and bind9 and another virtual machine that uses the fir

Re: Question about DNS / bind9 / authoritative and NXDOMAIN vs NOERROR (NODATA)

On Wed, Dec 13, 2023 at 05:29:02PM +0100, Michel Diemer via bind-users wrote a message of 1723 lines which said: > another virtual machine that uses the first one as ics dhcp and dns > server. An important thing about DNS: there are two types of DNS servers, very different. Resolvers and auth

Re: Question about DNS / bind9 / authoritative and NXDOMAIN vs NOERROR (NODATA)

Hi Michel. You will get an authoritative answer (AA bit = 1) if the server is either primary (master) or secondary (slave) for the QNAME (query name); in this case "reseau1.lan". From the config snip you provided this is because you have the config: zone "reseau1.lan" { type master; ... }; If

Re: Question about DNS / bind9 / authoritative and NXDOMAIN vs NOERROR (NODATA)

Hi there, On Wed, 13 Dec 2023, Greg Choules wrote: If your server can reach the Internet it can recurse all on its own. And for extra information, I recommend you give the '+trace' option to dig. I hope that helps. Ditto. :) -- 73, Ged. -- Visit https://lists.isc.org/mailman/listinfo/bi

Re: Instructions to use delv to test DNS configured domain before DS uploaded to parent

and to answer my own question as I finally found the section in the manual here: https://bind9.readthedocs.io/en/latest/dnssec-guide.html#verification On Wed, 13 Dec 2023, Brett Delmage via bind-users wrote: Sorry, I pasted the wrong version (too many remote shells open today) Should be: ii

DNSSec mess with SHA1

Hi Folks, I just wonder what's your take is on the current DNSSec mess with SHA1? There are still a lot of top level domains being signed with SHA1 and look like nobody really cares? Current OS releases like RHEL9 and others simply removed SHA1 from the code so if you're running BIND with "dnss