ormation. I do not like the idea of pulling information
from public DNS records for use as configuration data. While an
interesting idea at first glance, I don't think this looks like a good
idea when it is scrutinized.
--
Do things because you should, not just because you can.
John Thurst
e you leveraging your existing configuration management tools (e.g.
Puppet, Ansible, Chef)?
Have you rolled your own using git or rync?
Do you have a script to base64 an 'included' .conf into a TXT record, so
it can be consumed elsewhere?
--
--
Do things because you should, not just b
ndors that are able to consume the named.stats
output.
John
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of
Bischof, Ralph F. (MSFC-IS64)[AEGIS] via bind-users
Sent: Tuesday, September 17, 2024 3:40 PM
To: bind-users@lists.isc.org
Subject: Logging with Unencrypted DNS
When the answer contains an alias to some other
domain, my server hands that name back into its own recursing process.
Is there some way to configure BIND so it will simply pass back to the
customer whatever answer is received from the distant resolver?
--
--
Do things because you should, n
broken trust chain resolving 'scra.dmdc.osd.mil/A/IN': 96.7.136.4#53
;; resolution failed: broken trust chain
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://list
than expected
3. every query to the server will be slower than expected
4. something else
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 8/1/2024 2:03 PM, James Stegemeyer wrote:
Hi Vicky,I received one of these and it felt "phishy." Particularly since they
didn't know the "C" in ISC was for "consortium."Thanks for clarifying./John
Original message From: Victoria Risk Update:
This was not the fraud we thought it
ould, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 6/17/2024 2:32 AM, Michał Kępień wrote:
While I don't have a specific date for you, we plan to do such a
"rollover" again when BIND 9.20.1 or 9.20.
Sorry did not spend too much time thinking about this but if you are checking
DKIM should that be a TXT query instead of an A record?
John
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Thomas
Barth via bind-users
Sent: Friday, May 31, 2024
It doesn't answer your original question, but I suggest looking at the
'algorithm' of that key.
Might it be a hmac-md5 ?
If you 'named-conf -px' does it appear in the list of keys?
--
Do things because you should, not just because you can.
John Thurston
Assurance you are actually trying to compile current code.
A statement of what your operating system is.
Actual output of your compile steps.
Actual logged output of your attempt to launch.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs
uld not just be hammered into our RPZ ?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
will
notice it.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 5/5/2024 8:15 AM, Luca vom Bruch via bind-users wrote:
Hello,
I use bind (stock from alma 9.3) as a nameserver for
};
Can such forward-zones be defined in catalog-zones?
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsu
such
signatures. Is there a way to narrow it down?
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 4/17/2024 9:21 AM, Ondřej Surý wrote:
Let me guess - you are running on RHEL (w
success
17-Apr-2024 08:40:40.323 validating dnssec-failed.org/DS: marking as
secure, noqname proof not needed
17-Apr-2024 08:40:40.323 validator @0x7fb8722b7a00:
dns_validator_destroy
17-Apr-2024 08:40:40.323 validating www.dnssec-failed.org/A: in
validator_callback_ds
17-Apr-2024 08:40:4
ssec-failed.org. IN A
;; ANSWER SECTION:
www.dnssec-failed.org. 7198 IN A 68.87.109.242
www.dnssec-failed.org. 7198 IN A 69.252.193.191
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(localhost) (UDP)
;; WHEN: Tue Apr 16 15:21:46 AKDT 2024
;; MSG
(i.e. We found what we wanted in the cache of bad
entries)
Can anyone confirm my hypothesis?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/ma
I can use dig to request a zone transfer:
dig AXFR foo.com
I am unable to find a simple way to craft a NOTIFY message. Can anyone
help me out?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 2/26/2024 7:35 AM, Victoria Risk wrote:
The BIND 9.16 release branch is approaching EOL as of April, 2024. We
encourage users running 9.16 or
get, why should my clients be trusting *me* to validate them?
Can someone make a good case to me for continuing to perform DNSSEC
validation on my central resolvers?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.go
ones the best way to correct
this?
Or maybe add the un-used RFC 1918 zones to our RPZ?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman/li
ittedly, the second and third hours were of diminishing value, as
my caffeine wore off and my frustration grew. After a night's sleep, and
a pot of fresh tea I figured it out.
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@ala
shing accurate PTRs from all of the
possible DNS services in the environment. But this is achievable, and
will address the problem (of our own making) which is causing pain.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
De
, and accept an NXDOMAIN with
confidence.
And since writing my earlier note, I have re-located the code I think I
stumbled across earlier
Tony Finch's "nsdiff"
https://dotat.at/prog/nsdiff/
--
Do things because you should, not just because you can.
John Thurston907-465
-
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software w
Recommend you turn off DNSSEC validation and see if it starts working.
If it does, then you know the issue is with how DNSSEC is configured on your
server.
John
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Blason R
Sent: Wednesday, August 30, 2023 8:20 AM
To: bind
Huzzah!
Original message From: Greg Choules Please raise
a beverage of choice and celebrate the 25th birthday of BIND9:commit
7ee52cc7d195433bb8f55972e2a8ab29668f7bceDate: Mon Aug 17 22:05:58 1998 +--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe fro
Welp, there I have it. I thought I had until April 2028 :(
Sorry for the noise.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 6/23/2023 12:04 PM, Ondřej Surý wrote
amd64 Packages
500 http://security.ubuntu.com/ubuntu bionic-security/main
amd64 Packages
1:9.11.3+dfsg-1ubuntu1 500
500 http://azure.archive.ubuntu.com/ubuntu bionic/main amd64
Packages
--
Do things because you should, not just because you can.
John Thurston907-465
look at https://launchpad.net/~isc/+archive/ubuntu/bind I think
it is telling me that 1:9.18.16-1+ubuntu22.04.1+isc+1 should be available.
Has anyone successfully updated to 9.18.16 from this PPA? Can you
suggest what I'm doing wrong today?
--
--
Do things because you should, not just be
view testing without
needing to rip n replace DHCP configs.
John
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Kereszt
Vezeték
Sent: Monday, May 15, 2023 1:58 PM
To: bind-users@lists.isc.org
Subject: host restriction
Hi Everybody
Can someone help me with the following
ned appserviceenvironment.net
names? Were you able to do it with your RPZ?
*
https://learn.microsoft.com/en-us/azure/app-service/environment/create-ilb-ase
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Admin
en performing these tests.
Arguments against:
* Maybe I misunderstand, and such NS records aren't actually benign
Unknown:
* Does the answer change if we want to start signing either zone?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
joh
Petr,
Thanks for sharing that tidbit of info. Off the top of your head do you know
if that can be disabled?
John
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Petr
Menšík
Sent: Friday, March 24, 2023 8:32 AM
To: bind-users@lists.isc.org
Keep in mind that SHA1 may not have been included by choice.
If gpo.gov is using Infoblox there is a, what I like to call, Infoblox-ism in
play regarding DNSSEC where even if you choose RSA256 or RSA512 or whatever it
will create a SHA1.
John
-Original Message-
From: bind-users
could be many things but
at least you know your putting them out there. Armed with that info you might
be able to convince the ISP to dig (no pun intended .. okay intended) harder.
Good hunting.
John
Sent from Nine<http://www.9folders.com/>
From: Mike Lie
Fr2+XHeB8O8GTLqk7HgfdM8=
) ; KSK; alg = RSASHA256 ; key
id = 46144
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State o
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software
e you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 2/17/2023 10:46 AM, Ondřej Surý wrote:
Well, the serial number arithmetics is there for a reason - you
usually don’t want to rollback to previous versi
the other views, would be
uninterrupted.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 2/17/2023 10:23 AM, Ondřej Surý wrote:
*CAUTION:* This email originated from o
think of a good way to test this.
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds
At the risk of stating the obvious .. have you tried 9.16.37 or 9.18.11?
While I am usually down for an off in the weeds hardcore root cause analysis of
problem is nice to get a quick win with a different version.
John
-Original Message-
From: bind-users [mailto:bind-users-boun
serial
number, and waiting patiently for the refresh interval to expire before
checking again.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 1/27/2023 1:53 AM, Ondřej Surý wrote:
FTR
zone). Is anyone else seeing similar behavior?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
th
.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 1/25/2023 8:36 AM, John Thurston wrote:
Off-list, it was suggested to me that I _could_ handle this in my RPZ,
by enumerating all 255
D of the numerics I see in my logs, and ignore the
rest. I think this will get me what I want, at a level of complexity I
can accept.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
O
e to do so, and
returns a SERVFAIL to the customer.
I haven't yet tried, but I don't expect I can define an RPZ to trap such
illegal names. Can I? If I could, it would reduce the traffic to Akamai,
and the number of validations I'm trying to do.
--
--
Do things
valid.
I have my suspicions of what's happening, but not enough information to
form a solid hypothesis or perform tests. I want higher confidence that
I'm recognizing the important lines in the logs before I start casting
stones.
--
Do things because you should, not just because you
igning information for wunderkind.co and found
none. That's cool, we didn't expect them to be."
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.
y answers with 421. Or, if you
all are able, you could roll your own SMTP server to answer 421.
Obviously standard do-not-test-in-prod, don’t wing it and hope for the best ..
have a step-by-step playbook disclaimers apply and there is nothing wrong with
a lower TTL of 60 seconds or less to fa
version of BIND?
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 12/7/2022 10:32 AM, Ben Bridges wrote:
The BIND version is 9.16.1 running on a fully patched Ubuntu 20.04.5
server.
other RR types.”
There may be an updated RFC that states the same thing differently but it is a
well-known DNS rule.
valimail.com’s blackbox might be able to get around it but I would not know for
sure.
John
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Chris
Liesfield
Hi Greg,Great points! I must have forgotten how messy this got :) ./John
Original message From: Greg Choules
Hi John.Yes, you *could* forward and that
was a setup I inherited a good few years ago. The appeal is obvious: it's easy
to do; just chuck queries over there an
Hi Bob,I've been able to do this with 'forward' zones. The config would go in
the resolver but the files would not./John
Original message From: Bob McDonald I'm
thinking about redesigning an internal DNS environment. To beginwith, all
internal DNS zones
o the
zone transfers.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
On 9/6/2022 2:31 PM, Greg Choules via bind-users wrote:
Hi Michael.
Have you tried without the "allow-tran
Sandeep,
Are you all using CISA's Protective DNS? If so, there might be a ruleset that
is causing problems.
If not, and I have not checked, but is DNSSEC for SSA working correctly?
John
Sent from Nine<http://www.9folders.com/>
From: "Bhangu
Also John .. how SSHA and TLSA be used if the internal zone fails validation?
John
-Original Message-
From: John Franklin [mailto:frank...@sentaidigital.com]
Sent: Monday, August 1, 2022 12:45 PM
To: John W. Blue
Cc: bind-users@lists.isc.org
Subject: Re: DNSSEC signing of an internal
-only zones
authoritatively from their recursive servers”
John
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Mark
Elkins via bind-users
Sent: Monday, August 1, 2022 1:12 PM
To: bind-users@lists.isc.org
Subject: Re: DNSSEC signing of an internal zone gains nothing (unless
Also do not disagree.
However, the intent of the thread is to talk about the lack of an AD flag from
a non-public internal authoritative server. Based upon what I am seeing only
the AA flag is set.
John
-Original Message-
From: John Franklin [mailto:frank...@sentaidigital.com]
Sent
And that is my point .. show me your +dnssec dig against an internal
authoritative server that has AD set.
John
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Grant
Taylor via bind-users
Sent: Monday, August 1, 2022 11:29 AM
To: bind-users
However, I have not tested it yet, I would assume that if a non-authoritative
internal server was queried it would be able to walk the chain of trust and
return AD.
Thoughts?
John
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the developme
@mail.mil
james.j.decaro3@mail.smil.mil
-Original Message-
From: Michał Kępień
Sent: Monday, May 9, 2022 7:53 AM
To: DeCaro, James John (Jim) CIV DISA FE (USA)
Cc: bind-users@lists.isc.org; Mcallister, Reginald CTR DISA FE (USA)
Subject: Re: [URL Verdict: Neutral][Non-DoD Source] Re
I tried this utility and got the following message: gnutls-cli: command not
found...
Thank you
V/R
Jim DeCaro
-Original Message-
From: Ondřej Surý
Sent: Thursday, April 28, 2022 5:15 PM
Cc: DeCaro, James John (Jim) CIV DISA FE (USA) ;
bind-users@lists.isc.org; Mcallister, Reginald
from rhel-7-server-extras-rpms: [Errno 256] No
more mirrors to try.
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/extras/os/repodata/repomd.xml:
[Errno 14] HTTPS Error 403 - Forbidden
I don't have access to the red hat repos yet.
Is this helpful?
V/R
Jim DeCaro
-O
art to the locally
created repo file for testing. All variations resulted in the same error.
Thank you so much for your input, I will hopefully test it sometime today.
V/R
Jim DeCaro
-Original Message-
From: Michał Kępień
Sent: Thursday, April 28, 2022 4:55 PM
To: DeCaro, James John
Information Systems Agency
☎ 301-225-8180
☎ 301-375-8180
james.j.decaro3@mail.mil
james.j.decaro3@mail.smil.mil
-Original Message-
From: bind-users On Behalf Of DeCaro, James
John (Jim) CIV DISA FE (USA) via bind-users
Sent: Thursday, April 28, 2022 2:29 PM
To: Anand Buddhdev
, James John (Jim) CIV DISA FE (USA) ;
Michal Nowak ; bind-users@lists.isc.org
Subject: Re: [URL Verdict: Neutral][Non-DoD Source] Re: Attempting to configure
an ISC BIND repository on Red Hat Linux 7.9
All active links contained in this email were disabled. Please verify the
identity of the
abled. Please verify the
identity of the sender, and confirm the authenticity of all links contained
within the message prior to copying and pasting the address to a Web browser.
On 28/04/2022 16:52, DeCaro, James John (Jim) CIV DISA FE (USA) via
bind-users wrote:
> Dnf is not available.
james.j.decaro3@mail.mil
james.j.decaro3@mail.smil.mil
-Original Message-
From: Anand Buddhdev
Sent: Thursday, April 28, 2022 11:06 AM
To: DeCaro, James John (Jim) CIV DISA FE (USA) ;
bind-users@lists.isc.org
Cc: Mcallister, Reginald CTR DISA FE (USA)
Subject: [URL Verdict: Neutral
Dnf is not available. Therefore using yum
Linux Red Hat 7.9 virtual machine on VMware, has internet connectivity
Set up local repository in
/etc/yum.repos.d/download.copr.fedorainfracloud.org_results_isc_bind_epel-8-_.repo:
[copr:copr.fedorainfracloud.org:isc:bind]
name=Copr repo for bind owned
esv,
bind, and bind-dev
Is it reasonable to expect these changes will occur in about the middle
of the month?
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lis
command-line parameter, or compiled in), then named-checkconf isn't
going to help. To learn those, I think you'll need to query the
operating system for information about the specif process. I'd be
looking at pgrep and ps, but there's probably better ways to do it.
--
D
On 2/9/2022 2:36 AM, Tony Finch wrote:
John Thurston wrote:
Are we not able to use catalog zones to propagate zone-configuration for
anything other than 'master' zones?
>
It is only for configuring authoritative secondary zones.
That's unfortunate, but thanks for t
uot;db.localhost";
};
while 'ak.gov' is defined on the primary like so:
zone "ak.gov" {type forward;forward only;forwarders
{ 10..11.12.13; };
};
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...
Check the list archives beginning April 2021 for the thread:
Deprecating BIND 9.18+ on Windows (or making it community improved and
supported)
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
overed
by subscribing to 'announce' and 'user' mailing lists. I need to find
and plug this communication hole.)
B) What are the plans for the 'bind-esv' COPR? (Will it soon start
serving 9.16? Do I need to manually switch from 'bind-esv' to 'bind
mail
Am 16.01.22 um 04:47 schrieb John W. Blue via bind-users:
> Lol. I am not going to do that either. Lol.
can you do us all a favor and stop writing useless mails to lists at saturday
night?
that footer is for morons which send messages with "unsubscribe" to mailing
lists
Lol. I am not going to do that either. Lol.
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Reindl
Harald
Sent: Saturday, January 15, 2022 9:44 PM
To: bind-users@lists.isc.org
Subject: Re: your mail
Please visit https://lists.isc.org/mailman/l
x27;t care anymore.
*shrug*
John
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of G.W.
Haywood via bind-users
Sent: Saturday, January 15, 2022 9:29 AM
To: bind-users@lists.isc.org
Subject: Re: your mail
Please do not top post. Some of us are on the d
one from the server is ideal.
John
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Diego
Garcia
Sent: Saturday, January 15, 2022 7:38 AM
To: bind-users@lists.isc.org
Subject: Re: your mail
hello.
really? my first post have a tcpdump capture packet, dig trace...
On Sat
s in those stupid domains; there must be an explicit 'forward' zone
defined.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
__
Define an explicit forward-zone on the recursive server for
private.dns.com In the zone definition, put the addresses of the
servers which can answer for private.dns.com.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
This might be dangerous. If someone spoofs a well formed UDP query
that does what the above does and you block it, what if the spoofed
source is something you don't want blocked? This doesn't happen often,
but I've seen it happen and people have gotten badly burned by it.
John
If you update your resolver to 9.16, I think you can do exactly what you
want with the "validate-execpt" option.
{rolls eyes} been there. done that. for exactly the same reason :/
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
On 11/16/2021 2:41 AM, Tony Finch wrote:
John Thurston wrote:
If I have a Reverse Policy Zone (RPZ) defined, I can define a specific answer
to be sent for a specific record-type for a specific name:
foo.bar.com IN A 10.11.12.13
foo.bar.com IN TXT "Hello World"
But I
ble?
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from
On 11/10/2021 6:25 AM, Giddings, Bret wrote:
Is there any other facility for including effectively the same grant
statements within multiple zones?
I am not aware of any
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
some validity checks
into your edit/deploy process.
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
___
Please visit https://lists.isc.org
Your using the wrong tools to troubleshoot or investigate this error.
Instead of relying upon resolvers to provide situational awareness you need to
inspect DNSSEC itself using dnsviz.net:
https://dnsviz.net/d/pms.psc.gov/dnssec/
psc.gov is giving the world ID 5089 when they need to handing out
e you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the dev
te the desired TXT
records, while letting the current key continue to work.
Is there a way to get the configuration I want? or must I make a
wholesale swap of each md5 key for something newer?
--
--
Do things because you should, not just because you can.
John Thurston907-465
exactly what you are trying to accomplish, I think if you were take
one of those Core2 systems and install PfSense on it you would be very pleased.
John
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Peter
via bind-users
Sent: Thursday, July 22, 2021 2:43 PM
To: bind-users
. Please do not feel
obligated to reply outside your normal working hours.
On 6. 7. 2021, at 14:44, MURTARI, JOHN wrote:
Folks, let me add my desire for a quick download dig supporting DoH. It could
really help with some testing, some ready stuff for Ubuntu 18/20,
Redhat/CentOS, could ma
Folks, let me add my desire for a quick download dig supporting DoH. It could
really help with some testing, some ready stuff for Ubuntu 18/20,
Redhat/CentOS, could make a lot of people happy. Maybe the libs included and
we set the LD_LIBRARY_PATH, or a 'static' link?
It only takes a 'few
Hello Brett,
Have you seen the webinar videos on ISC's youtube channel?
https://www.youtube.com/user/ISCdotorg/search?query=DNSSEC
I would encourage you to attend them as they are presented. One even had a
VM's for the attendees to practice the information presented and ask questi
u've done so and can provide
a config snippet, I would be very eager to receive it.
Thank you,
John
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with p
he two return
BIND 9.16.17 (Stable Release)
BIND 9.16.18-Ubuntu (Stable Release)
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
__
e. This would let
our monitoring application ask for "status" without also letting it ask
for "reload" or "flushname".
--
--
Do things because you should, not just because you can.
John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
S
bothered me for a while I and was hoping for something
a little more elegant.Having said this, your suggestion holds true and is
appreciated!Thanks,John
Original message > From: Tony Finch > You can
sort of do what you want already, by defining> named ACLs. ACLs can refer
1 - 100 of 813 matches
Mail list logo