Re: DNS not resolving for a particular domain only

In message <93595848.2099571.1503336849...@mail.yahoo.com>, U Zee writes: > Thanks Mark, > So mysteriously the problem is now gone and I have no idea how, I know > that I didn't change anything. > While investigating, I tried looking but didn't get anything in packet > capture on the recursive

Re: [DNS] BIND 9.9.9-P8 issue

Hi, We don't have any IPv6 interfaces and normally IPv6 network stack is disabled (kernel module is blacklisted). But we never use this flag, so in doubt I will try this tomorrow. Thank you. Daniel 2017-08-21 11:12 GMT+02:00 Peter : > Hi, > > We had same symptom/issue on

Re: [DNS] BIND 9.9.9-P8 issue

Hi, Thank you for your reply. 1. We got the last version of root.cache file. Using dig, only d.root-servers.net doesn't respond at all. All other root servers answers correclty : e.g # dig ns . @202.12.27.33 +short b.root-servers.net. l.root-servers.net. d.root-servers.net. g.root-servers.net.

Re: DNS not resolving for a particular domain only

Thanks Mark, So mysteriously the problem is now gone and I have no idea how, I know that I didn't change anything. While investigating, I tried looking but didn't get anything in packet capture on the recursive server, I think mainly because I had to grep for something otherwise there was just

Re: botched KSK rollover

On 21/08/2017 14:23, Matthew Pounsett wrote: On 21 August 2017 at 07:18, Phil Mayers > wrote: Gandi are another excellent registrar that I can recommend. They have a comprehensive API for all their features, including

Re: botched KSK rollover

On 21 August 2017 at 07:18, Phil Mayers wrote: > > Gandi are another excellent registrar that I can recommend. They have a > comprehensive API for all their features, including uploading DNSSEC public > keys and consequent creation of the DS record. > > I'm hoping CDS

Re: [DNS] BIND 9.9.9-P8 issue

On Mon, Aug 21, 2017 at 4:33 AM, Daniel Rodrigues wrote: > Hello guys, > > > > We are facing to an important issue which is strongly annoying us on our DNS > resolvers. We saw our cache decrease and we got lot of SERVFAIL/recursion > during this period. The only way to solve it

Re: botched KSK rollover

On 18/08/17 16:25, Carl Byington wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Sigh, it sure would be nice if I had a registrar with a means to automate DS submission. You might want to look at gkg.net Gandi are another excellent registrar that I can recommend. They have a

[DNS] BIND 9.9.9-P8 issue

Hello guys, We are facing to an important issue which is strongly annoying us on our DNS resolvers. We saw our cache decrease and we got lot of SERVFAIL/recursion during this period. The only way to solve it is to flush cache or reboot BIND. Our version is 9.9.9-P8 running on RHEL 6.6. We

Re: How do I reset a DNSSEC zone ?

On 08/20/2017 02:43 PM, Alberto Colosi wrote: is like is missing the file referenced in log SHA-1 RSA signing is obsolete and banned from NIST and ENRISA is a CVE or should if I remember ell All CA only use SHA-2 no more version 1 as said before. SHA-2 and 2048 or greater yor problem