Edwardo Garcia wrote:
>
> Many year ago we set up DNSSEC, our key were generated with sha1 as was
> recommended way back all them years. We too are not DNSSEC guru, so some
> answer may be simple
Well, you are going to do an algorithm rollover, which is one of the more
tricky things you can do wi
Halo all,
Many year ago we set up DNSSEC, our key were generated with sha1 as was
recommended way back all them years. We too are not DNSSEC guru, so some
answer may be simple
Now we want to upsecure this to sha256.
Also we use ZSK -b 1024 and KSK -b 4096
even modern google from apnic show examp
Grant Taylor via bind-users wrote:
>
> Do you think that per (mail) server instances of BIND are worth the additional
> administrative overhead as compared to more central shared instances?
Yes, that's what I did when I was doing mail things. There are a few
reasons: reduce load on the shared cen
For me, I run one locally per data center with forwarders, etc. defined
but for a "How to spin up your own mail server", I would likely just
keep it to one per mail server.
For someone more advanced, DNS is lightweight and anti-spam is very
heavy. So anything you can save on anti-spam process
On 4/27/21 10:24 AM, Kevin A. McGrail wrote:
Agreed on the OT and good subject change.
:-)
For me, I wouldn't bind DNS to the eth0, just another attack surface
hence I would use local loopback.
I think the main reason to bind to eth0 / LAN is for when there are
multiple (mail) servers that
On 4/27/2021 12:14 PM, Grant Taylor via bind-users wrote:
and change resolve.conf to 127.0.0.1 for the best RBL performance.
How much effective performance difference does the loopback interface
(lo) vs the local LAN interface (eth0) make?
Similarly, how much effective performance difference
BIND-Users on topic content first:
#1 bind for a local caching DNS query server
I absolutely agree.
and change resolve.conf to 127.0.0.1 for the best RBL performance.
How much effective performance difference does the loopback interface
(lo) vs the local LAN interface (eth0) make?
Simil
On 4/26/21 2:45 PM, bamberg2000 via bind-users wrote:
Hi!
Hi,
BIND 9.11.5, I forward the request ("forward zone" or global "forward
first") to another server and I get NXDOMAIN. Is it possible to process
NXDOMAIN other than "redirect zone"? I just want to repeat the request
to another for
Anders Löwinger wrote:
> Ivan Avery Frey wrote:
> >
> >We are only using update to provision the acme challenge as described
> >by RFC 8555 8.4. Nothing else.
>
> Acme follows CNAMEs. I've redirected all challenges to my domains to a
> separate subdomain, which allows dynamic updates. Works great
Very nice. This was also posted on Postfix's list but nice to hear
firsthand reports as I just read it.
Two minor notes to continue the project that you might consider:
#1 bind for a local caching DNS query server and change resolve.conf to
127.0.0.1 for the best RBL performance.
#2 add the
Subject: [UPDATE 1] How to Easily Set Up a Full-Featured Linux Mail
Server on Ubuntu 18.04.5 LTS with iRedMail 1.4.0
Good day from Singapore,
I followed linuxbabe.com's Xiao Guoan's guide and successfully setup a
full featured Linux mail server on Ubuntu 18.04.5 LTS with IRedMail
1.4.0.
Author:
Hi Greg,
Read the "ddns-confgen" man page. And then read all the material here:
https://bind9.readthedocs.io/en/v9_16_13/advanced.html
Regards,
Anand
On 27/04/2021 11:27, Greg Donohoe wrote:
> Thank you for the excellent advise, it is a lot clearer to me now.
> I am checking the nsupdate & TSI
Thank you for the excellent advise, it is a lot clearer to me now.
I am checking the nsupdate & TSIG man pages for additional knowledge.
Outside of these man pages , are there any other references
(tutorials/videos) that you would recommend?
Particularly around the area of TSIG key generation & man
On 26.04.21 20:45, bamberg2000 via bind-users wrote:
BIND 9.11.5, I forward the request ("forward zone" or global "forward
first") to another server and I get NXDOMAIN. Is it possible to process
NXDOMAIN other than "redirect zone"? I just want to repeat the request to
another forwarder.
It's
14 matches
Mail list logo
