Re: Configuring the location of named .jnl files

Hi Mark, We are only using update to provision the acme challenge as described by RFC 8555 8.4. Nothing else. If certbot (the acme client) behaves as it should provisioning and deprovisioning the resource record, then our zone file doesn't really change. I will ask my colleague why he feels our

Re: Configuring the location of named .jnl files

Well if you are not allowed to update the zone file for “security reasons” then allowing a journal to be written shouldn’t be allowed for the same “security reasons”. There is no difference between updating a zone file and updating a journal from a security perspective. Additionally you will

NXDOMAIN processing

Hi! BIND 9.11.5, I forward the request ("forward zone" or global "forward first") to another server and I get NXDOMAIN. Is it possible to process NXDOMAIN other than "redirect zone"? I just want to repeat the request to another forwarder. Dmitry

Re: Configuring the location of named .jnl files

Yes, I was using nsupdate to test my implementation. For security reasons the directory that holds the zone file is readonly for named. So named couldn't create its journal file there. I misinterpreted the reference manual for the description of the "journal" command. Where it mentioned that the

Re: Name server delegation

On 26.04.21 16:07, John W. Blue via bind-users wrote: Since "" is a subzone inside of the example.com zone the answer is yes, it can be delegated. however, the delegation must be done on example.com server (1.1.1.1) local forwarding resolution of domains example.com and .example.com

Re: Name server delegation

Since "" is a subzone inside of the example.com zone the answer is yes, it can be delegated. John Sent from Nine From: Karol Nowicki via bind-users Sent: Monday, April 26, 2021 10:24 AM To: bind-users@lists.isc.org Subject: Name

Re: Configuring the location of named .jnl files

Ivan Avery Frey wrote: > I'm trying to obtain certificates from Let's Encrypt using the DNS-01 > challenge method. > > I just want to confirm that there is no option to configure the > directory for the .jnl files independently of the zone files. You have had a bunch of helpful replies already,

Name server delegation

Hi  Its possible to delegate tld domain example.com to 1.1.1.1 name server and .example.com to 2.2.2.2 name server ?  Wysłane z Yahoo Mail do iPhone ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

Re: Using RNDC to control remote access to my BIND server

Anand Buddhdev wrote: > Anand's advice is good, as usual :-) But a small pedantic point: > The DNS protocol itself has recently been updated to allow for > encryption, using DTLS (DNS-over-TLS). DTLS usually means "datagram TLS", i.e. TLS-over-UDP (RFC 6347). There's a spec for DNS-over-DTLS

Re: Configuring the location of named .jnl files

ibe from this list > > > > ISC funds the development of this software with paid support > > subscriptions. Contact us at https://www.isc.org/contact/ for more > > information. > > > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.is

How to interpret BIND 9 JSON Counters

Hi All, Wonder if you can help, I'm looking to input the BIND 9 JSON stats file to our OSS PM tool and I need some basic information on the counter types. Looking at the various counters I need to understand whether they are of type gauge (a snapshot in time) or counter (we need to calculate the

Re: Using RNDC to control remote access to my BIND server

Hi Greg, a TSIG key is *never* transmitted. A sender uses a TSIG key to generate a secure hash over the DNS content being sent, and sends the hash along with the DNS content. A receiver configured with the same key can then verify that hash. If it can, then it can apply the DNS content. If

Re: Using RNDC to control remote access to my BIND server

Thanks Anand. When using this TSIG solution is the key visible (clear) within the DNS packet being sent to the remote server or is it encrypted? Is this communication secure? eg if someone is sitting on the wire sniffing the packets, would they be able to extract the key ? Or is the security of

Re: Configuring the location of named .jnl files

[ Classification Level: GENERAL BUSINESS ] Ivan, I've never done the Let's Encrypt thing myself, but from my skim of the documentation, it appears they want you to place a TXT record in a specific part of your domain's namespace hierarchy. I sincerely hope you're not trying to write

Re: Configuring the location of named .jnl files

Hi Ivan, Visit [1] and search "journal" zone option. Similar as "file". At least BIND 9.16 has support, it is also in man named.conf manual page in BIND 9.11. I think that is what you were looking for. Regards, Petr 1.