I'm trying to see DNSSEC response of various sites; my DNS server is
8.8.8.8 (google's public DNS service)
Response is as such -
dig +dnssec -t SOA org
; <<>> DiG 9.8.1 <<>> +dnssec -t SOA org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20306
;; f
On 02/12/12 23:13, Miek Gieben wrote:
[ Quoting at 23:10 on Feb 12 in "dig -- only RRSIG pr..."
]
I'm trying to see DNSSEC response of various sites; my DNS server is
8.8.8.8 (google's public DNS service)
Google's public resolvers don't handle DNSSEC very well...
grtz Miek
On 02/13/12 08:29, Spain, Dr. Jeffry A. wrote:
As Tony Finch pointed out to me a few days ago, the Google public servers don't
understand that fact about DS records, and don't know to ask for them in the
parent. But here's something interesting - as of my testing just now, they *do*
respond wi
ers.net. 86400 IN A 192.41.162.30
m.gtld-servers.net. 86400 IN A 192.55.83.30
;; Query time: 193 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Mon Feb 13 10:41:12 2012
;; MSG SIZE rcvd: 731
de@OLD_BROKEN_LAP ~ $ dig +dnssec -t A dnssec.net @bind.odvr.dns-oarc.ne
On 02/13/12 11:00, Spain, Dr. Jeffry A. wrote:
Using this DNS server, I'm still not getting the DNSKEY for any DNSSEC capable
domain; infact this server has issues -
dig +dnssec -t A dnssec.net @bind.odvr.dns-oarc.net.
I'd be really happy if I could get some domains which are signed.
Try this o
On 02/13/12 18:16, Spain, Dr. Jeffry A. wrote:
Try this one: dig @bind.odvr.dns-oarc.net. isc.org +dnssec You should
get an AD flag returned and a variety of RRSIG records. Jeff.
I hope I'm not missing any concepts here, but there should be a public key to
verify the RRSIG, where's that? Should
On 02/13/12 18:41, Phil Mayers wrote:
On 13/02/12 13:03, dE . wrote:
Ok, thanks a lot. I thought it was a client process. Now I can query for
the DS, DNSKEY records from isc.org.
Final question -- bind.odvr.dns-oarc.net is a cache right? Does bind has
such a caching program? Do we have a
On 02/13/12 18:57, Spain, Dr. Jeffry A. wrote:
Ok, thanks a lot. I thought it was a client process. Now I can query
for the DS, DNSKEY records from isc.org.
Final question -- bind.odvr.dns-oarc.net is a cache right? Does bind
has such a caching program? Do we have a DNSSEC capable resolver in BIN
Firstly, where do we get the public key for the DS records?
Second, why do I get multiple DS records as response? --
dig +dnssec -t DS isc.org @b0.org.afilias-nst.org.
; <<>> DiG 9.8.1 <<>> +dnssec -t DS isc.org @b0.org.afi
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
The DS record is a signature right? It has to be decrypted using a
public key and the decrypted hash has to be compared to the DNSKEY's hash.
So what I'm a
On 02/18/12 02:41, Tony Finch wrote:
dE . wrote:
Firstly, where do we get the public key for the DS records?
A zone's DNSKEY RRset contains its public keys, and these are hashed to
make its DS records. For example,
$ dig +nottl +noall +answer DS isc.org | perl -pe 's/\s+(?!$)/ /
On 02/18/12 22:14, Axel Rau wrote:
Am 18.02.2012 um 17:35 schrieb dE .:
The DS record is a signature right?
No its the hash of a DNSKEY (KSK) in the child zone. The DS is signed with a
RRSIG.
Axel
---
PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius
Thanks for the
On 02/18/12 22:55, Jeremy C. Reed wrote:
I started writing a book introducing DNSSEC a few years ago. Would you
like to read a draft of it?
Book on DNSSEC? Ok. Thanks.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
Second, why do I get multiple DS records as response? --
You will always get a 2 DS Records in response. One for SHA-1 and
second for SHA-256.
I was read
On 03/03/12 12:47, dE . wrote:
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
Second, why do I get multiple DS records as response? --
You will always get a 2 DS Records in response. One for SHA-1 and
Hi all,
In archives of bind-announce, for every release of bind there is a
corresponding message with heading:
"ISC BIND is now available"
In that message a list of chnages that went into the new version is also
mentioned.
But, every chnage mentioned has a tag infront of it.
The tag is either :
Hi all,
In archives of bind-announce, for every release of bind there is a
corresponding message with heading:
"ISC BIND is now available"
In that message a list of chnages that went into the new version is also
mentioned.
But, every chnage mentioned has a tag infront of it.
The tag is either :
e, not
the actual
domain on the internet. The only major issue I've been facing with this so far,
is that AXFR
to secondary and tertiary name servers has some issues, and at least Windows 10
Home
will query those when the primary name server does not give a satisfactory
answer.
--
Met v
};
};
My apologies for not double-checking earlier, but I think this should be
everything.
--
Met vriendelijke groet / Best regards,
Michael De Roover
signature.asc
Description: This is a digitally signed message part.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
Hi List,
We are currently looking at using Bind in a DNS blacklist setup to block
adult content from a network. We can scale outwards as far as we want,
but it's the up sizing that has me worried.
Here is a sample of the zone definitions (names changed :) ):
zone "domain1" { type master; fil
Hi Guys,
I have a requirement to replace certain records in a zone, as e.g:
To the public I want www.domain.com and mail.domain.com to resolve to
1.2.3.4 (Do note that I am not the SOA for domain.com)
To my development environment I would like www.domain.com to resolve to
5.6.7.8, but I still
Add a "www.domain.com" zone to your local server.
OMG - YES!
Thanks !
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/
On Tue, Dec 29, 2015, at 04:40 PM, Diggins Mike wrote:
> What happens if I do one without the other? I guess I don't fully
> understand the relationship between the name servers listed in the zone
> versus the ones found in my domain record. I'm running BIND locally, if
> that matters.
Hi Mike,
implementation in named by the end of
this year.
In the meantime, there are DoH proxies that can run BIND as the back-end.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
9/20 10:19 PM, Tony Finch wrote:
Michael De Roover wrote:
On that subject, how about DoT?
DoT is easier since you only need a raw TLS reverse proxy, and there are
lots of those, for example, nginx:
http://dotat.at/cgi/git/doh101.git/blob/HEAD:/roles/doh101/files/nginx.conf#l48
Note that if you
rsally. There’s
nothing they can do about DoH.
Not that it is all sunshine and rainbows in DoH-land, of course. Use of cookies
is “discouraged” but not prevented, most obviously.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please v
ing but
that requires a list to be hardcoded in every web browser that supports
it. It doesn't scale up at all. At that point we might as well go back
to hosts files.
On 5/2/20 9:28 AM, Reindl Harald wrote:
Am 02.05.20 um 09:00 schrieb Michael De Roover:
That's actually my biggest co
even many
(non-enterprise) business customers can't use port 25.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bin
it good? No, email sucks. If you can get
away with not running a mail server, don't run one. They suck so much.
But if you do, a home IP is not where you'll want to start regardless.
Get a VPS if anything.
On 5/2/20 3:51 PM, Reindl Harald wrote:
Am 02.05.20 um 15:41 schrieb Michae
port numbers.
On Sat, 2 May 2020 15:51:58 +0200
Reindl Harald wrote:
Am 02.05.20 um 15:41 schrieb Michael De Roover:
In my experience and from what I've heard, very few.
if that would be true how comes that most mail clients still default to
25 for submission and years after closing po
way.
Assuming that I check whether my ISP allows 25 in- and outbound first,
that could work.
On 5/2/20 6:25 PM, Brett Delmage wrote:
On Sat, 2 May 2020, Michael De Roover wrote:
Even if your ISP allows it, chances are that other mail servers will
reject it
Nope, not always.
My residential-cl
is to be
installed
E: Unable to correct problems, you have held broken packages.
--
Marcel de Riedmatten
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software w
than to fight a
packaging infrastructure.
--
Marcel de Riedmatten
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https:
firm that i have been able to install
1:9.16.3-1+ubuntu18.04.1+isc+3
without bionic-backports enabled.
Case closed !-)
--
Marcel de Riedmatten
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC fun
ney[*] for small issues like this. They (and other wealthy companies)
should be paying money only for original security research and not this
nonsense.
* $100 is a helluva money in some economies...
Ondrej
--
Ondřej Surý
ond...@isc.org
--
Met vriendelijke groet / Best regards,
Michael
et vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at http
stead. These are not the people I
want to support in my effort to end racism, which I /do/ support, and
quite heavily so.
On 6/15/20 8:00 PM, DeCaro, James John (Jim) CIV DISA FE (USA) wrote:
Or you can call the slave servers 'secondary' servers.
--
Met
suggested alternative too, and it's
nicely terse.
https://www.thesaurus.com/browse/master?s=t
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this lis
s=t>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bin
ptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit h
e not very well documented online (or more likely my
search terms aren't right), so yeah... I wonder why the idea of
recursion became associated with a vulnerable server in the first place.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
tion
from the DNS servers higher up the chain. And another query if needed,
saves traffic either way I suppose.
Thanks a lot for the detailed reply, I really appreciate it :)
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit
t to send mails) that your IP has
a sane PTR and that the name maps back to the IP the dns system couldn't
care less
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
ou
want to set your PTR records to not match at least one of your A records?
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the d
from amplification attack so is there
any method in bind to stop DNS Amplification attack.
I am thinking to stop or drop ANY type queries from our DNS Recursive
resolver , so please tell me how can we drop or stop ANY type queries
from bind.
--
Met vriendelijke groet / Best regards,
Michael De
ote:
Speaking about things to be annoyed over ..
I am still ticked that FreeBSD dropped BIND from the distribution for something
called unwinding or whatever it is.
John
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://l
ribe the same thing. It's
extremely confusing.
On 7/20/20 9:05 PM, Ted Mittelstaedt wrote:
On 7/20/2020 11:23 AM, Michael De Roover wrote:
If that is true, I hereby lost all faith in humanity.. well whatever
faith I had left. This has been going on for like half a decade now.
Nobody ever we
s when a handful of dedicated
compilation servers can do exactly that, and a million times better?
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from thi
tro to turn into a Gentoo for increased merit or
reasons like that. If the distro makes compiling from source (be it
upstream or their downstream version) easy, either to compare or to
actually put it to use, all the better.
(My preferred term for for crashin
se with those
leaked databases and whatnot.
On 7/23/20 2:39 PM, Fred Morris wrote:
Perhaps slightly OT, but here's a company which has a whole business
model based on one nonobvious (?) reason to compile from source:
https://polyverse.com/
--
Fr
repository and will look further into it.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid sup
big and i want to get rid of all the sign keys.
named-compilezone -f raw -F text -o powercraft.nl.text powercraft.nl
/var/cache/bind/db.powercraft.nl.signed
named-checkzone -D -f raw powercraft.nl
/var/cache/bind/db.powercraft.nl.signed
Kind regards,
Jelle de Jong
On 2020-08-09 04:51, Evan Hunt wrote:
On Sat, Aug 08, 2020 at 09:17:09PM +0200, Jelle de Jong wrote:
This will sound counter intuitive but I want to convert a
db.powercraft.nl.signed file to db.powercraft.nl (unsigned without keys). I
do have the keys used, but not the original file that got
__Please visit
> https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> informat
.com.+008+21010.key
should give you the correct timestamp.
--
Marcel de Riedmatten
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscript
are signed by
putting a green square around it (useful for signed emails from e.g.
security mailing lists), and so on. Definitely recommended!
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
m this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mich
just have one server for DNS and that tutorial is about
> secondary DNS server too. Can you show me another tutorial with one
> server and same goal?
> The Internet DNS server for my goal is "Authoritative DNS" ?
--
Michael De Roover
___
walls are cheap and the level of effort to run a bastion host
> > are
> > significant.
>
> Firewalls are useful when you want to protect unamanaged printers and
> Windows boxes (or Web servers with a lot of crappy PHP) but a BIND
> server on a reasonably managed Unix
they are usually UDP based, and every new query is going
> to create state. Read up on state table exhaustion.
>
> Steinar Haug, Nethelp consulting, sth...@nethelp.no
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/
e:
> Absolutely right; I wrote this Linux-centric article about it:
>
> https://kb.isc.org/docs/aa-01183
>
> It has not been updated to cover nftables.
>
> Note also that this is a good reason NOT to use the NAT that
> other posters
something like that).
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.or
here that the DNS protocol has no
> means to distinguish among different types of NS host. (Yes, there
> is
> the SOA MNAME, but that is not used by resolvers.) One NS is as good
> as any other NS.
These (SOA and behavior for resolvers) probably describe where I got
confused, thanks
rg/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bin
For my servers I'm using iptables rules to achieve ratelimiting. They
look as follows:
-A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -m recent --
update --seconds 600 --hitcount 4 --name DEFAULT --mask 255.255.255.255
--rsource -j DROP
-A INPUT -p tcp -m tcp --dport 25 -m state --state NEW
s/ch7/xfer.html
Thank you so much for taking your time to read this, and thanks in advance for
any insights.
--
Met vriendelijke groet / Best regards,
Michael De Roover
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this
ts are set according to
algorithm and usage (ZSK or KSK)
[1] https://www.cyberciti.biz/faq/unix-linux-bind-named-configuring-tsig/
Thanks again for your time to read this email, and for your insights.
--
Met vriendelijke groet / Best regards,
Michael De Roover
--
Visit https://lis
Hello,
I have been running BIND 9 on my external and internal networks for a
few years now -- as such I have a basic understanding of the most
common RR types and activities such as zone transfers. However, I have
been seeing something that's been baffling me for quite a while now.
Somehow there a
On Thu, 2022-12-22 at 05:19 +, Michael De Roover wrote:
> Hello,
>
> I have been running BIND 9 on my external and internal networks for a
> few years now -- as such I have a basic understanding of the most
> common RR types and activities such as zone transfers. However, I
>
plenty of info about that but my binds are running just fine on
linux. The main issue is getting secure dynamic updates working.
Thanks in advance,
Nico
--
With kind regards,
Nico De Ranter
Senior System Administrator
Sony Techsoft Centre
The Corporate Village · Da Vincilaan 7-D1 · B-1935 Zav
Thank you very much for your very detailed instructions. I'm going to
try it right away.
Nico
On Tue, 2008-12-23 at 17:41 -0500, Rob Austein wrote:
> Four things must be done to allow Bind 9 to support GSS-TKEY:
>
> * kinit must work on the host which will run BIND 9. This means
> kr
to run fine. I didn't see any error messages related to
gssapi (configure finds the libraries and header files without
problems.)
named runs fine as long as I don't use the 'tkey' options.
Any idea what might be wrong?
Thanks in advance,
Nico
On Wed, 2008-12-24 at 09:10 +010
2008 10:51:08.373 client 10.10.10.101#1054: view internal: next
30-Dec-2008 10:51:08.373 client 10.10.10.101#1054: view internal:
ns_client_detach: ref = 0
30-Dec-2008 10:51:08.373 client 10.10.10.101#1054: view internal:
endrequest
30-Dec-2008 10:51:08.373 client @0xb604b008: udprecv
On Fri, 2
type master;
file "test.net.zone";
update-policy {
grant TEST.NET krb5-subdomain * A;
};
};
}
But it doesn't seem to help.
Nico
--
With kind regards,
Nico De Ranter
Senior System Adminis
I already tried ms-self and ms-subdomain. Unfortunately that doesn't
seem to make any difference.
Nico
On Tue, 2008-12-30 at 13:44 -0500, Rob Austein wrote:
> At Tue, 30 Dec 2008 16:05:10 +0100, Nico De Ranter wrote:
> >
> > update-policy {
> >
Found some time to work on it again and it seams I did something wrong
last time as ms-subdomain now works!
Thanks for your help!!
I did notice one strange thing when turning on trace mode of named:
Whenever an update request occurs I see a lot of messages like:
-
or
vlan4 but I can't seem to get that working. My /etc/dhcp3/dhcpd.conf is
posted here: http://debian.pastebin.com/xWC1V55z
I would appreciate anyhelp in getting my setup cleaned up so it does not
genereate so many errors.
With kind regards,
Jelle de Jong
_
Hi BIND Users,
I am not sure if my post here is proper or not. If not please kindly
guide me to a correct list.
I have lot of "static" IPv6 address needs to add into DNS PTR record.
Most of them are server IP addresses and addresses on router
interfaces.
Compose proper PTR records, without human
On Tue, Apr 12, 2011 at 2:21 AM, Marco Davids (SIDN)
wrote:
> On 04/12/11 10:50, walter.jontofs...@t-systems.com wrote:
>> you could use ipv6calc (ftp://ftp.bieringer.de/pub/linux/ipv6/ipv6calc) to
>> calculate the reverse strings.
> Yes.
> Or do it 'the BIND way':
> dig -x 2001:7b8:c05::80:1 |
On Tue, Apr 12, 2011 at 3:41 AM, Niall O'Reilly wrote:
> On 12 Apr 2011, at 10:49, Michel de Nostredame wrote:
>> Thanks Walter and Marco. Those two tool/method do resolve short term
>> needs. Thanks again.
>> (btw, the URL form Walter should be
>> ftp://ftp.bier
Hi,
I succeeded in compile ISC Bind for Windows. I'm now trying to enable
"fixed rrset" (--enable-fixed-rrset for the configure file). But I
did'nt find how to change options for a Windows compilation.
Can anyone help me ?
Best regar
Danny Mayer a écrit :
> Romain De Rasse wrote:
>
>> Hi,
>>
>> I succeeded in compile ISC Bind for Windows. I'm now trying to enable
>> "fixed rrset" (--enable-fixed-rrset for the configure file). But I
>> did'nt find how to change opt
lding, alongside burnt libraries),
perhaps we
are now in an ideal position to come back to this issue with the benefit of
hindsight. I for
one look forward to seeing what people from various parts of the world have to
say about
it.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagi
ondary. How ironic that this is probably the
most suitable term here.
Long story short, context matters. Paul Vixie made the context pretty clear,
as an authoritative figure. Perhaps we were mistaken to tie slavery into this
discussion in the first place. Or perhaps the designers at the time were
mist
On Monday, 10 February 2025 15:12:05 CET Turritopsis Dohrnii Teo En Ming
wrote:
> It appears to be too difficult for me to understand.
Not gonna lie, Hyper-V is anything but easy to work with, at least initially.
It was in response to this thread that I realized that I don't even remember
and n
heart).
As with everything engineering, I suppose it's a variety of compromises.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
[1] https://www.youtube.com/watch?v=6bicunweBAQ
--
Visit https://lists.isc.org/mailman/listinfo/
in your
environment and why. Then progressively address them as they happen. Helps to
establish rationale for what you build and why.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users t
On Wednesday, 29 January 2025 11:40:50 CET Michael De Roover wrote:
> Granted, for my own domains, doing zone transfers in plain TLS over a VPN
> connection like WireGuard has never failed me either.
TCP, I meant TCP! Goodness gracious, doing an all-nighter was not a good idea.
-
On Wednesday, 29 January 2025 11:07:51 CET Stephen Farrell wrote:
> Hiya,
>
> On 29/01/2025 02:58, Michael De Roover wrote:
>
> > I appreciate the confirmation of this being about DoT/DoH
>
>
> Do we have any opinions as to whether the document (which
> I've
ve seen a lot
in both tablets and laptops, and that kind of hostile engineering is something
I strongly object to. Heh, maybe I should just go ahead and do that myself
too. Electronics, sysadmin, development... shit never ends, does it.
--
Met vriendelijke groet,
Michael De Roover
Mail: i..
r everything else. Additionally,
this is separated into 3 servers for the network I'm thinking of.. with 1
master and 2 slaves. It's really just a matter of slicing. Your given server
can certainly be a master for one slice, and a slave for another.
--
Met vriendelijke gr
.##;
192.168.##.##;
};
// Masters
// Source: https://www.zytrax.com/books/dns/ch7/masters.html
masters satellite {
192.168.##.#;
};
Hope this helps.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/li
to make? If
so, to what extent? And if authenticity is to be enforced from those with
authoritative servers, to circumvent that problem if identified as such,
wouldn't that just move the ball for ISP's to employ more intrusive methods to
comply with the law?
--
Met vriendelijke
so, it may be
a nuance worthy of note. Granted, even that doesn't mean that there wouldn't
be any spill-over. Identifying those may be able to prove useful. For example,
it wouldn't surprise me to learn that some of these government organizations
are also using BIND? At the end
f that is an undesirable status quo, then perhaps the matter of
actual collaboration is what deserves foreground attention.
For a long time, I've considered the IETF's standards in particular, to be the
"laws of the internet". Perhaps it wouldn't be a bad idea to
any
peers leave after the first month because they thought it was little more than
LAN parties. That is _not_ what this field is about! It's about network
engineering first, entertainment four-hundred-and-fifteenth!
Anyway, (forwarded) rants aside.. that's what it&#x
On Sunday, February 9, 2025 12:54:53 PM CET Michael De Roover wrote:
> Perhaps this would be as good of an email as any to express that I once
> walked the corridors with this teacher-
Not sure to which extent this will be necessary, but by this I meant my own
teacher Gitte. I should
be a physical
limit. Perhaps it's possible to mitigate this with hostapd voodoo, but I have
yet to master that myself.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs
Negative cache TTL 1 minute
IN NS LOCALHOST.
; Examples
example.net IN CNAME localhost.
Note that the public domain name records to be redirected via RPZ cannot have a
trailing
dot.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
ut one I'd rather
push down
until needed. Nonetheless, it can handle zones and has several logic items for
deduplication (e.g. A/PTR, mobility between zone suffixes, etc).
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://list
1 - 100 of 147 matches
Mail list logo
