On 12/23/20 6:53 PM, @lbutlr wrote:
Give that I have a authoritative bind9 server for example.com and
given that I have a home connection that is (technically) dynamic
home.example.com what is the easiest way for me to automatically
update the DNS on the rare occasions that it changes?
I
Give that I have a authoritative bind9 server for example.com and given that I
have a home connection that is (technically) dynamic home.example.com what is
the easiest way for me to automatically update the DNS on the rare occasions
that it changes?
The example.com domain is setup with DNSSEC
On Sun, Dec 20 2020, Mark Andrews wrote:
>> On 21 Dec 2020, at 06:04, Matthew Pounsett wrote:
>>
>>
>>
>> On Fri, 18 Dec 2020 at 18:08, Nicolas Bock
>> wrote:
>> Thanks Mark. Am I correct then that I need to either convince the
>> administrator of that DNS to enable DNSSEC or configure my
On 17.12.20 14:35, Andrew P. wrote:
I was curious about one of the features in BIND. Per the Best Practices,
my on-site primary nameserver for my public domains (the secondaries being
with a large public DNS provider) is configured to only allow queries from
within my LAN and transfers in the
Hi Matthijs,
The zone was not signed before. I enabled DNSSEC by adding the
'dnssec-policy'. I will send you the requested files off list.
Thank you,
Daniel
On 23.12.20 11:39, Matthijs Mekking wrote:
> Hi Daniel,
>
> This zone was signed before, prior to switching to 'dnssec-policy'? Or
> did
Hi Daniel,
This zone was signed before, prior to switching to 'dnssec-policy'? Or
did you enable DNSSEC by adding 'dnssec-policy'?
If you have them, would you be able to share with me (off list) the logs
and the key (state) files?
- Matthijs
On 23-12-2020 10:47, Daniel Stirnimann wrote:
Hello Matthijs,
I'm testing with version 9.16.9.
Ok, I'm more confused now.
For the current key rollover the DNSKEY RRset is not signed with both
the old key 6207 and the new key 15769 but only with the new key 15769.
The domain is now bogus:
https://dnsviz.net/d/badware.ch/X-MRAg/dnssec/
Hi Daniel,
With which specific 9.16 version are you testing? The first versions
used an unsafe time based rollover, assuming the DS would be published
withing a certain time. In 9.16.7 a new rndc command "rndc dnssec
-checkds" was introduced to tell BIND 9 that the DS for a given key has
Hi all,
I'm testing the key rollover behavior of BIND 9.16 with the new
introduced "dnssec-policy" statement.
The ISC DNSSEC Guide, chapter Working with the Parent Zone (2) [1] states:
"At the time of this writing (mid-2020) BIND does not check for the
presence of a DS record in the parent zone
9 matches
Mail list logo
