Yes, but I doubt you would like it more. You can always create your own
parent zone copy and make modified delegation only in it. Then if it
should be DNSSEC signed, you would have to setup trust anchor for your
TLD. But this way, you can test any changes to zone in your lab, without
affecting
Greetings!
I have what is hopefully a simple question regarding proper setup around DNS. I
feel somewhat comfortable navigating around BIND but possibly am getting
confused around the DNSSEC portion.
This is for an internally facing DNS, not exposed to the internet.
High level setup is as foll
I would recommend to start with upgrading BIND (9.16.1) to a version:
- that's not 4 years old
- that's not going to be EOL in just couple of weeks
e.g. latest 9.18.x version.
ISC provides PPA for BIND 9.18 here:
https://launchpad.net/~isc/+archive/ubuntu/bind
Ondřej.
--
Ondřej Surý (He/Him)
on
This is/was the plan when I move to 22.04.
I did a quick test of this (inplace upgrade to 22.04) but the slaves blew up
because I didn’t have inline-signing set to yes on the zones. I rolled my
snapshots back and figured I should sort this first.
Is this issue easier to sort out on 9.18.x? If s
9.16.1 has bugs that have been fixed in more recent releases. There’s no point
in trying to even start thinking what could be wrong in something old as this.
It would be just a waste of time on both sides.
You can do the upgrades in lockstep - first upgrade to latest 9.16 and then to
latest 9.1
Thanks for the recommendation. I will step up to the latest 9.16.X and then
9.18.X and then reassess.
Is there any period I should wait between 9.16 and the 9.18 update?
Thanks!
From: Ondřej Surý
Date: Thursday, February 8, 2024 at 2:18 PM
To: Jordan Larson
Cc: bind-users@lists.isc.org
Subj
have spent a bit searching but no result. so ...
can i use an acl{} or other macro in `also-notify`? i have a bunch of
zones where i want the same `also-notify` list.
thanks
randy
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the developm
Randy,
ra...@psg.com (Randy Bush) wrote:
> can i use an acl{} or other macro in `also-notify`? i have a bunch of
> zones where i want the same `also-notify` list.
Been running into the same issue and tried to find out. My master lists and acls
are identical as yours seem to be. I've been told t
Hi both.
You can't do it using ACLs. But you can do it using primaries. This is
hinted at in the section about the primaries statement, but not clearly
expanded on.
For example:
# define a primaries list called "also-notifed" (or anything you like).
Define as many lists as you need.
primaries also
Jordan Larson via bind-users wrote:
> Was I wrong to enable “inline-signing yes” for my slave zones? I would assume
> each slave would need its own DS key? Can I do that?
That sounds very wrong. Your zone shall have one DNSsec key, or set of
keys, that is the same on all slave servers. A client s
10 matches
Mail list logo
