One thing I note, all check say everything is good, but when using dnsviz,
it says secure, shows the ecd... but also puts up warnings that I am using
alg 13 but digest 1 (sha1), which is not allowed, I never use the setting
when create keys as the guide says not needed, if this a problem with
[ Classification Level: GENERAL BUSINESS ]
Duplicate RRs are suppressed, as per the standards.
RFC 2181, Section 5:
Each DNS Resource Record (RR) has a label, class, type, and data. It
is meaningless for two records to ever have label, class, type and
data all equal - servers should
Hello everyone,
There is a round robin resolving mechanism in bind9 where the server
chooses different records to resolve for each request, but is there a way
to assign weights so that the server resolves with different probabilities?
All I could find about the topic was this old mail from the
@lbutlr wrote:
>
> I update the last of my zones over a month ago and they are still
> showing alg-7.
>
> I'm sure I missed a step on these specific domains, but there are only a
> handful that are still using alg-7 and many more that are now on alg-13
> only.
Hmm, curious!
If you have swapped
On 30 Apr 2021, at 12:15, Tony Finch wrote:
>
> dig +ttlunits example.com ds @$(dig +short com ns | head -1)
I update the last of my zones over a month ago and they are still showing
alg-7. The longest TTL int e zone files is 2w, but we're 29 days in.
Te signed file has
On 30 Apr 2021, at 08:21, Jordan Tinsley wrote:
> Is BIND 9.11.6 (Extended Support Version) vulnerable?
>
> Is BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 (Extended Support Version)
> vulnerable?
The CVE descriptions indicates both of those versions are vulnerable.
"In BIND 9.5.0 -> 9.11.29 …
Robert M. Stockmann wrote:
>
> Does bind 9 need C11 atomics ?
Yes. BIND used to have its own atomic implementation but that kind of code
is tricky and arcane, so it's better to use the standard implementations
in the C library.
It is not just a matter of the hardware BIND runs on: atomics rely
Edwardo Garcia wrote:
>
> One question however it talk about longest TTL, does this mean also root
> TLD zones (.com, .net) which from memory are 48 hours, so before we delete
> old keys we need wait 48 hours, even though our zone TTL was 24 ?
When you are waiting after adding and signing with
On 2021-04-30 07:20, Sainik Biswas via bind-users wrote:
I need some help setting up a recursive nameserver for my internal
network using BIND 9. The recursive name server is not resolving any
domains.
I am running the BIND 9 package from the ppa:isc/bind repo.
BIND Version Number: 9.16.15
On 30.04.21 17:50, Sainik Biswas via bind-users wrote:
I need some help setting up a recursive nameserver for my internal
network using BIND 9. The recursive name server is not resolving any
domains.
Error Log [resolver.log]
2021-04-30T11:58:17.784Z notice: DNS format error from
I have a question -
Is BIND 9.11.6 (Extended Support Version) vulnerable?
Is BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 (Extended Support Version)
vulnerable?
Thanks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
Hi,
I need some help setting up a recursive nameserver for my internal
network using BIND 9. The recursive name server is not resolving any
domains.
I am running the BIND 9 package from the ppa:isc/bind repo.
BIND Version Number: 9.16.15
OS: Ubuntu 18.04 LTS
This is the named.conf.options
On Thu, 29 Apr 2021, [utf-8] OndÅej Surý wrote:
> Date: Thu, 29 Apr 2021 13:35:32 +0200
> From: "[utf-8] OndÅej Surý"
> To: BIND Users
> Subject: Deprecating BIND 9.18+ on Windows (or making it community
> improved and supported)
>
> Hi,
>
> we've been discussing the /subj for quite
Hi
After upgrading to BIND-9.16.15, I have the following error in named.log:
30-Apr-2021 12:41:29.194 general: error: managed-keys.bind.jnw: journal
file corrupt: expected serial 1823, got 1824
30-Apr-2021 12:41:29.194 general: error: managed-keys-zone:
dns_journal_compact failed: unexpected
14 matches
Mail list logo