9/20 10:19 PM, Tony Finch wrote:
Michael De Roover wrote:
On that subject, how about DoT?
DoT is easier since you only need a raw TLS reverse proxy, and there are
lots of those, for example, nginx:
http://dotat.at/cgi/git/doh101.git/blob/HEAD:/roles/doh101/files/nginx.conf#l48
Note that if you
rsally. There’s
nothing they can do about DoH.
Not that it is all sunshine and rainbows in DoH-land, of course. Use of cookies
is “discouraged” but not prevented, most obviously.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please v
ing but
that requires a list to be hardcoded in every web browser that supports
it. It doesn't scale up at all. At that point we might as well go back
to hosts files.
On 5/2/20 9:28 AM, Reindl Harald wrote:
Am 02.05.20 um 09:00 schrieb Michael De Roover:
That's actually my biggest co
even many
(non-enterprise) business customers can't use port 25.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bin
it good? No, email sucks. If you can get
away with not running a mail server, don't run one. They suck so much.
But if you do, a home IP is not where you'll want to start regardless.
Get a VPS if anything.
On 5/2/20 3:51 PM, Reindl Harald wrote:
Am 02.05.20 um 15:41 schrieb Michae
port numbers.
On Sat, 2 May 2020 15:51:58 +0200
Reindl Harald wrote:
Am 02.05.20 um 15:41 schrieb Michael De Roover:
In my experience and from what I've heard, very few.
if that would be true how comes that most mail clients still default to
25 for submission and years after closing po
way.
Assuming that I check whether my ISP allows 25 in- and outbound first,
that could work.
On 5/2/20 6:25 PM, Brett Delmage wrote:
On Sat, 2 May 2020, Michael De Roover wrote:
Even if your ISP allows it, chances are that other mail servers will
reject it
Nope, not always.
My residential-cl
ney[*] for small issues like this. They (and other wealthy companies)
should be paying money only for original security research and not this
nonsense.
* $100 is a helluva money in some economies...
Ondrej
--
Ondřej Surý
ond...@isc.org
--
Met vriendelijke groet / Best regards,
Michael
not OK to break years of terms, software and
documentation just because some people can’t handle terms like master
and slave. Slavery still exists today and making the word disappear
will not solve the issue.
And you’re correct about the BDSM thing. It’s a waste of time, efforts
and lines of code.
--
M
stead. These are not the people I
want to support in my effort to end racism, which I /do/ support, and
quite heavily so.
On 6/15/20 8:00 PM, DeCaro, James John (Jim) CIV DISA FE (USA) wrote:
Or you can call the slave servers 'secondary' servers.
--
Met
suggested alternative too, and it's
nicely terse.
https://www.thesaurus.com/browse/master?s=t
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this lis
s=t>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bin
ptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit h
e not very well documented online (or more likely my
search terms aren't right), so yeah... I wonder why the idea of
recursion became associated with a vulnerable server in the first place.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
tion
from the DNS servers higher up the chain. And another query if needed,
saves traffic either way I suppose.
Thanks a lot for the detailed reply, I really appreciate it :)
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit
t to send mails) that your IP has
a sane PTR and that the name maps back to the IP the dns system couldn't
care less
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
ou
want to set your PTR records to not match at least one of your A records?
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the d
from amplification attack so is there
any method in bind to stop DNS Amplification attack.
I am thinking to stop or drop ANY type queries from our DNS Recursive
resolver , so please tell me how can we drop or stop ANY type queries
from bind.
--
Met vriendelijke groet / Best regards,
Michael De
ote:
Speaking about things to be annoyed over ..
I am still ticked that FreeBSD dropped BIND from the distribution for something
called unwinding or whatever it is.
John
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://l
ribe the same thing. It's
extremely confusing.
On 7/20/20 9:05 PM, Ted Mittelstaedt wrote:
On 7/20/2020 11:23 AM, Michael De Roover wrote:
If that is true, I hereby lost all faith in humanity.. well whatever
faith I had left. This has been going on for like half a decade now.
Nobody ever we
s when a handful of dedicated
compilation servers can do exactly that, and a million times better?
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from thi
tro to turn into a Gentoo for increased merit or
reasons like that. If the distro makes compiling from source (be it
upstream or their downstream version) easy, either to compare or to
actually put it to use, all the better.
(My preferred term for for crashin
se with those
leaked databases and whatnot.
On 7/23/20 2:39 PM, Fred Morris wrote:
Perhaps slightly OT, but here's a company which has a whole business
model based on one nonobvious (?) reason to compile from source:
https://polyverse.com/
--
Fr
repository and will look further into it.
--
Met vriendelijke groet / Best regards,
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid sup
__Please visit
> https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> informat
are signed by
putting a green square around it (useful for signed emails from e.g.
security mailing lists), and so on. Definitely recommended!
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
m this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mich
just have one server for DNS and that tutorial is about
> secondary DNS server too. Can you show me another tutorial with one
> server and same goal?
> The Internet DNS server for my goal is "Authoritative DNS" ?
--
Michael De Roover
___
walls are cheap and the level of effort to run a bastion host
> > are
> > significant.
>
> Firewalls are useful when you want to protect unamanaged printers and
> Windows boxes (or Web servers with a lot of crappy PHP) but a BIND
> server on a reasonably managed Unix
they are usually UDP based, and every new query is going
> to create state. Read up on state table exhaustion.
>
> Steinar Haug, Nethelp consulting, sth...@nethelp.no
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/
e:
> Absolutely right; I wrote this Linux-centric article about it:
>
> https://kb.isc.org/docs/aa-01183
>
> It has not been updated to cover nftables.
>
> Note also that this is a good reason NOT to use the NAT that
> other posters
something like that).
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.or
here that the DNS protocol has no
> means to distinguish among different types of NS host. (Yes, there
> is
> the SOA MNAME, but that is not used by resolvers.) One NS is as good
> as any other NS.
These (SOA and behavior for resolvers) probably describe where I got
confused, thanks
rg/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Michael De Roover
___
Please visit https://lists.isc.org/mailman/listinfo/bin
ore complicated.
Regarding the legitimate queries, it would be prudent to allow common
recursors (Google, Cloudflare, Quad9 etc) to have exceptions to this
rule. Just allow their IP addresses to send traffic either
unrestricted, or using a more relaxed version of the above.
HTH,
Michael
On Tue, 2
s/ch7/xfer.html
Thank you so much for taking your time to read this, and thanks in advance for
any insights.
--
Met vriendelijke groet / Best regards,
Michael De Roover
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this
ts are set according to
algorithm and usage (ZSK or KSK)
[1] https://www.cyberciti.biz/faq/unix-linux-bind-named-configuring-tsig/
Thanks again for your time to read this email, and for your insights.
--
Met vriendelijke groet / Best regards,
Michael De Roover
--
Visit https://lis
ed information disclosure, hence
my curiosity. If it is at all possible to mitigate, I would of course
also appreciate discourse on this matter. Thank you!
[1] https://subdomainfinder.c99.nl
[2] https://criminalip.io/domain
Best regards,
Michael
--
Visit https://lists.isc.org/mailman/listinfo/bind-users
On Thu, 2022-12-22 at 05:19 +, Michael De Roover wrote:
> Hello,
>
> I have been running BIND 9 on my external and internal networks for a
> few years now -- as such I have a basic understanding of the most
> common RR types and activities such as zone transfers. However, I
>
edge about DNS queries.
--
--
Michael van Elst
Internet: mlel...@serpens.de
"A potential Snark may lurk in every tree."
___
bind-users mailing list
bind-users@lists.isc.org
https
"Al Stu" writes:
>"No one is saying a CNAME is not permitted in response to a MX query."
>Well good then, we agree.
Hey troll. Go back to the shadow. You shall not pass!
--
--
Michael van Elst
Internet: mlel...@serpens.de
On 12/13/2011 07:46 AM, babu dheen wrote:
Dear Anand,
In what situation, DNS packet size can exceed more than 512 bytes. In
fact, my gateway DNS server should not contact internal DNS server
except internal domain name resolution if any user access any internal
website through proxy.
My proxy
SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb 1 17:12:21 2012
;; MSG SIZE rcvd: 116
My understanding is that once I get this to work, I use
$ dnssec-dsfromkey -2 Ktransnetworks.net.
and give that to my registrar.
Any suggestions, folks? What am I not understanding?
Thanks,
==ml
--
On Wed, Feb 01, 2012 at 11:51:55PM +, Spain, Dr. Jeffry A. wrote:
> > Any suggestions, folks? What am I not understanding?
>
> Michael: To determine why there is no DNSSEC information being returned by
> your dig query, consider the following:
>
> What are the t
List Members,
This is a new and quite basic install of BIND-9.
I am experiencing a 15 min delay from the time a zone file is updated and
reloaded w/ rndc and transferred to the slave server.
What could cause this delay. I am at a total loss. Please advise.
Michael DiMartino
Snyder [mailto:tsny...@rim.com]
Sent: Thursday, May 28, 2009 10:21 AM
To: Michael Di Martino; bind-users@lists.isc.org
Subject: RE: Transfer delays
Do you have "notify no;" in your config options?
-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun..
I have a Master BIND9 server with 2 active (up) interfaces eth0 and eth1.
I need my zone update notifications and zone transfer to use eth1 instead of
eth0 which is currently using.
How can I change this behavior while still having the server listen on eth0?
Michael DiMartino | Director of IT
ns a bind wizard. Any help would be appreciated.
Many thanks.
--
Michael Fleming, IT Networking, Datacenter & Telecom, CSU, Bakersfield
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing lis
lding, alongside burnt libraries),
perhaps we
are now in an ideal position to come back to this issue with the benefit of
hindsight. I for
one look forward to seeing what people from various parts of the world have to
say about
it.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagi
ondary. How ironic that this is probably the
most suitable term here.
Long story short, context matters. Paul Vixie made the context pretty clear,
as an authoritative figure. Perhaps we were mistaken to tie slavery into this
discussion in the first place. Or perhaps the designers at the time were
mist
r option you choose in the end, I wish you good luck :)
Best regards,
Michael
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/
heart).
As with everything engineering, I suppose it's a variety of compromises.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
[1] https://www.youtube.com/watch?v=6bicunweBAQ
--
Visit https://lists.isc.org/mailman/listinfo/
in your
environment and why. Then progressively address them as they happen. Helps to
establish rationale for what you build and why.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users t
On Wednesday, 29 January 2025 11:40:50 CET Michael De Roover wrote:
> Granted, for my own domains, doing zone transfers in plain TLS over a VPN
> connection like WireGuard has never failed me either.
TCP, I meant TCP! Goodness gracious, doing an all-nighter was not a good idea.
-
On Wednesday, 29 January 2025 11:07:51 CET Stephen Farrell wrote:
> Hiya,
>
> On 29/01/2025 02:58, Michael De Roover wrote:
>
> > I appreciate the confirmation of this being about DoT/DoH
>
>
> Do we have any opinions as to whether the document (which
> I've
ve seen a lot
in both tablets and laptops, and that kind of hostile engineering is something
I strongly object to. Heh, maybe I should just go ahead and do that myself
too. Electronics, sysadmin, development... shit never ends, does it.
--
Met vriendelijke groet,
Michael De Roover
Mail: i..
r everything else. Additionally,
this is separated into 3 servers for the network I'm thinking of.. with 1
master and 2 slaves. It's really just a matter of slicing. Your given server
can certainly be a master for one slice, and a slave for another.
--
Met vriendelijke gr
.##;
192.168.##.##;
};
// Masters
// Source: https://www.zytrax.com/books/dns/ch7/masters.html
masters satellite {
192.168.##.#;
};
Hope this helps.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/li
to make? If
so, to what extent? And if authenticity is to be enforced from those with
authoritative servers, to circumvent that problem if identified as such,
wouldn't that just move the ball for ISP's to employ more intrusive methods to
comply with the law?
--
Met vriendelijke
the Council) too, but they tend to separate
that into their press releases. It's interesting to be able to peek behind the
curtains at how each of these world-leading governments approaches this PR
matter.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: micha
f that is an undesirable status quo, then perhaps the matter of
actual collaboration is what deserves foreground attention.
For a long time, I've considered the IETF's standards in particular, to be the
"laws of the internet". Perhaps it wouldn't be a bad idea to
any
peers leave after the first month because they thought it was little more than
LAN parties. That is _not_ what this field is about! It's about network
engineering first, entertainment four-hundred-and-fifteenth!
Anyway, (forwarded) rants aside.. that's what it&#x
On Sunday, February 9, 2025 12:54:53 PM CET Michael De Roover wrote:
> Perhaps this would be as good of an email as any to express that I once
> walked the corridors with this teacher-
Not sure to which extent this will be necessary, but by this I meant my own
teacher Gitte. I should
be a physical
limit. Perhaps it's possible to mitigate this with hostapd voodoo, but I have
yet to master that myself.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs
Negative cache TTL 1 minute
IN NS LOCALHOST.
; Examples
example.net IN CNAME localhost.
Note that the public domain name records to be redirected via RPZ cannot have a
trailing
dot.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
On Wednesday, March 19, 2025 4:05:29 PM CET you wrote:
> Michael,
>
> you can hardly create a static list from all of the domains that can
> possibly exists.
>
> I do understand the usefulness of dynamic classification.
>
> There’s just not a straightforward interface f
somewhat inaccurate in retrospect, but.. oh well.
Benefit of hindsight I guess. It worked at the time, so back then it should've
been good enough. Either way, I'm glad that such Expert Groups exist. If they
can offer advisory to the politicians themselves and bicker among each other t
Hi Peter, I really appreciate this discourse too. With what's happening in the
world now
and with this particular executive order affecting even something as niche as
DNS, I like
how it offers a vessel to have this public discussion.
On Tuesday, April 8, 2025 7:40:44 PM CEST Peter 'PMc' Much w
xmagic.com (fallback)
168.119.103.78 (/32)
AS24940 (Hetzner)
Falkenstein, Germany
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org--- Begin Message ---
This is the mail system at host nixmagic.com.
I'm sorry to have to inform you that your messa
x27;t going to like
customers who act like that. Those are paid to help you and to be nice to you,
yes, but don't be surprised if it diminishes the quality of the help you are
to receive.
Do consider it, in any case.
N.B.: A trademark office allowed you to get a trademark o
Same here, A returns 147.75.40.150 while returns nothing. MX has records
to Microsoft, as
addressed by Sten.
My chain is recursive to Cloudflare from vantage points at Hetzner, and from
there follows the
usual public chain.
*v...@ideapad.lan* [*~*]
$ dig vodafone.com
; <<>> DiG 9
eir API is. ipinfo.io has
been good for a long time, but their commercialization efforts made me look
elsewhere. That's how iplist.cc came to be in this guy's operations.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://list
On Tuesday, February 18, 2025 8:48:15 PM CET Michael De Roover wrote:
> I find it a shame that this record is no longer in use. GeoIP is anything
> but accurate, and GPS data is not reasonable to request from servers. Not
> like you can just hook up a GPS receiver to a VPS. Even from i
On Tuesday, February 18, 2025 10:06:35 PM CET Peter 'PMc' Much wrote:
> On Tue, Feb 18, 2025 at 09:51:51PM +0100, Michael De Roover wrote:
> ! On Tuesday, February 18, 2025 9:38:58 PM CET Peter 'PMc' Much wrote:
> ! > Then they make a business of selling my own info
regardless, which uh... I don't want to even entertain the idea of for
my business, thank you very much!
Business here, personal there. Overlap yes, but only up to a point.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https
deo about that.
https://www.youtube.com/watch?v=vh6zanS_epw[1]
(Long story short, it's MaxMind's secret sauce and therefore a trade secret)
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
[1] https://www.youtube.com/watch?v=vh
o the operator of this network has decided to add a second DNS
server."
Your work on the ARM is amazing Suzanne, and indeed we/they are :)
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
[1] https://www.ietf.org/rfc/rfc9103
ant here, but it's about as much
head-scratching as I can partake in right now. Pretty much just shooting in
the dark I suppose.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-user
in general, the gateway or
a forward proxy server may be able to give better results (but encrypted
traffic
would be a pain to deal with).
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-
On Saturday, 10 May 2025 01:18:17 CEST Michael De Roover wrote:
[...]
I do remember writing a reply that got lost while drafting my previous email,
but I don't remember what exactly it is. I do, however, remember its contents,
somewhat. I'll just rewrite it in reply to.. this, I gues
On Saturday, 10 May 2025 01:35:28 CEST Greg Choules via bind-users wrote:
> Third, use tcpdump to capture port 53. Do this to a file, then look at it
> offline in Wireshark. (Michael just beat me to that tip). Check how queries
> are arriving into BIND and what it does with them. Particul
e .default-zones file is
> commented out.
>
> If you need other info about my configuration and setup, please feel
> free to ask and I'll do my best to provide it.
>
> Thank you all so much and I look forward to learning from you.
>
> Regards,
> Arnold
--
Met vr
Preposterous. PREPOSTEROUS!!!
Expect no meaningful response other than that, not from here. Such a high horse
mentality, utterly diabolical!
Michael De Roover
> On 16 May 2025, at 03:53, akritrim® Intelligence™
> wrote:
>
> i didn’t receive your reply but saw this on list
hat software in the first place. Which in itself is a multifaceted
policy question.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the develop
hat software in the first place. Which in itself is a multifaceted
policy question.
(Apologies if this is to be sent twice, I was working on my mail servers as I
wrote this message.)
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
--
Visi
der "chaos engineering".
>
> Dnstap offers application-level logging (DNS is an application protocol
> along with a wire protocol) and you can combine that with e.g. fail2ban
> and/or RPZ, or other things if it keeps you up at night and you like
> picking the legs of
#x27;s move on.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
Activisme is pas nuttig, wanneer het kan bereiken wat het wenst te bereiken,
binnen de limieten van het huidige systeem. De rest is geschiedenis.
-- v...@workstation.vm.ideapad.la
On Sunday, July 6, 2025 4:40:37 AM CEST Michael De Roover wrote:
> Omit 127.0.0.53, like so:
>
> options {
> listen-on {
> 192.168.0.155;
> };
> };
>
> Works fine for me using IP addresses 192.168.10.{4-6}, on Alpine edge. You
> can keep
e proven wrong, but this sure seems like just PEBKAC. If not
there, sure maybe here. Prove it.
--
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.eu.org
Activisme is pas nuttig, wanneer het kan bereiken wat het wenst te bereiken,
binnen de limieten van het huidige systeem. De res
};
};
Works fine for me using IP addresses 192.168.10.(4-6}, on Alpine edge. You can
keep v6 none. One of the more basic options that's expected to be stable
across all distributions regardless.
--
Met vriendelijke groet,
Michael De Roover
Mail: i...@nixmagic.com
Web: michael.de.roover.e
On Monday, July 7, 2025 1:54:41 AM CEST Bagas Sanjaya wrote:
> That override won't persist across reboots, though, in my case (I'm using
> NetworkManager).
>
> Thanks.
...--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this
he new names look like? I can certainly create one
directory per fqdn under /var/lib/bind/ and then one subdirectory
ECDSAP384SHA384 but what would be the (two?) files in 41844 and 55203? Is there
a way to convert?
Thank you very much for your efforts!
Michael Schefczyk
convention of K[fqdn]+number+keyid.key or
.private anymore?
Regards,
Michael
Technische Universität Dresden
Fakultät Wirtschaftswissenschaften
Lehrstuhl für Entrepreneurship und Innovation
Prof. Dr. Michael Schefczyk
D-01062 Dresden
Fon: +49
dnssec-validation auto;
auth-nxdomain no;# conform to RFC1035
allow-recursion { any; };
};
/etc/bind/named.conf.local
zone "testzone.com" {
type master;
file "/var/lib/bind/testzone.com.hosts";
update-policy { grant nsupdate zonesub TXT; };
: DNSSEC and nsupdate
Setting the permissions of a *private* key to 0644 sounds like a bad idea.
Maybe you mean 0640?
On Fri, 2 Mar 2018 23:28:28 +
"Prof. Dr. Michael Schefczyk" wrote:
> Dear Mark,
>
> I did get the issue resolved while setting up a test environment.
>
Hello everyone,
This is my first time posting here, and I'm not sure if it's the right
place or not to ask my question. This is a general DNS question,
specifically, I think, SPF.
(Btw, I do use Bind in my system, so that's why I'm here.)
I host email using SmarterMail, and all 400+ customer
r, president
Montague WebWorks
20 River Street, Greenfield, MA
413-320-5336
http://MontagueWebWorks.com
Powered by ROCKETFUSION
On 1/7/2023 6:24 PM, G.W. Haywood via bind-users wrote:
Hi there,
On Sat, 7 Jan 2023, Michael Muller wrote:
This is my first time posting here, and I'm not sure if i
itctel.com.zone.jbk /var/named/forward/itctel.com.zone.new
/var/named/forward/itctel.com.zone.signed.jnl
Michael Martinell
Network/Broadband Technician
Interstate Telecommunications Coop., Inc.
312 4th Street West * Clear Lake, SD 57226
Phone: (605) 874-8313
michael.martin...@itccoop.com
www.itc-w
7#53(2607:d600:9000:330:75:102:160:227)
;; WHEN: Fri Oct 27 09:56:31 CDT 2023
;; MSG SIZE rcvd: 125
[root@brkr-dns2 bind-9.18.12]#
Michael Martinell
Network/Broadband Technician
Interstate Telecommunications Coop., Inc.
312 4th Street West * Clear Lake, SD 57226
Phone: (605) 874-8313
michael
, but it will take a large company to push them to do so.
Michael Martinell
Network/Broadband Technician
Interstate Telecommunications Coop., Inc.
From: bind-users On Behalf Of Paul Stead
Sent: Saturday, October 28, 2023 11:35 AM
Cc: bind-users@lists.isc.org
Subject: Re: 9.18 BIND not iterated
401 - 500 of 507 matches
Mail list logo
