> On 4 Sep 2018, at 8:40 am, Laurent Bigonville wrote:
>
> On 3/09/18 23:38, Tony Finch wrote:
>>> On 3 Sep 2018, at 21:26, Laurent Bigonville wrote:
>>>
>>> The problem is that systemd-resolved (maybe other software are doing the
>>> same?) is asking the DS record to check if the record is
On 3/09/18 23:38, Tony Finch wrote:
On 3 Sep 2018, at 21:26, Laurent Bigonville wrote:
The problem is that systemd-resolved (maybe other software are doing the same?)
is asking the DS record to check if the record is supposed to be signed (well I
think) before trying to do DNSSEC validation o
> On 3 Sep 2018, at 21:26, Laurent Bigonville wrote:
>
> The problem is that systemd-resolved (maybe other software are doing the
> same?) is asking the DS record to check if the record is supposed to be
> signed (well I think) before trying to do DNSSEC validation of the client
> side.
I am
On 3/09/18 21:03, Tony Finch wrote:
Laurent Bigonville wrote:
With bind9 server (I can reproduce that on RHEL7 with 9.9.4, debian stable
with 9.10.3 and also debian unstable with 9.11.4) when doing "dig ds
c10r.facebook.com @10.122.17.186", I get a SERVFAIL.
This is because the authoritative s
Laurent Bigonville wrote:
>
> With bind9 server (I can reproduce that on RHEL7 with 9.9.4, debian stable
> with 9.10.3 and also debian unstable with 9.11.4) when doing "dig ds
> c10r.facebook.com @10.122.17.186", I get a SERVFAIL.
This is because the authoritative servers for facebook.com do not
Hello,
With bind9 server (I can reproduce that on RHEL7 with 9.9.4, debian
stable with 9.10.3 and also debian unstable with 9.11.4) when doing "dig
ds c10r.facebook.com @10.122.17.186", I get a SERVFAIL.
I'm getting this with either a bind acting as a forwarder or as a
recursive server. In t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sun, 2018-09-02 at 21:54 -0400, Alex wrote:
> Do you have any other ideas on how I can isolate this problem?
Run tcpdump on the external ethernet connection.
tcpdump -s0 -vv -i %s -nn -w /tmp/outputfile udp dst port domain
-BEGIN PGP SIGNA
jason polachak via bind-users wrote:
> I am trying to ensure when I look at the SOA records for the zone it
> matches the serial number of the zone file. I have dnssec running but we
> are not using dynamic updates.
If you are using `auto-dnssec` then named is internally using dynamic
updates, a
8 matches
Mail list logo