isc.org - error on KB article

ISC folks: can someone take a look at: https://kb.isc.org/docs/dnssec-key-and-signing-policy Seems one of the examples has a “-when” argument to rndc and the time is “1w” rndc seems to want MMDDHHMMSS (UTC) instead. Thanks. -- Visit https://lists.isc.org/mailman/listinfo/bind-users

Migrating to dnssec-policy - existing "stack" of future keys ?

Hello, I’m wanting to go ahead and look at migrating to dnssec-policy for my zones. I currently use “auto-dnssec maintain” and “inline-signing yes”. I also have a “stack” of ZSKs I made that all nicely overlap with their various date settings. I think I made these out to sometime in 2024.

RHEL, Centos, Rocky, Fedora rpm 9.16.35

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://www.five-ten-sg.com/mapper/bind contains links to the source rpm, and build instructions. This .src.rpm contains a .tar.gz file with the ARM documentation, so the rpm rebuild process does not need sphinx- build and associated dependencies.

Re: How to *require* TSIG for NOTIFY

On 15. 11. 22 17:27, Jesus Cea wrote: On 15/11/22 5:40, Ondřej Surý wrote: It’s `also-notify ;` and `notify explicit;` The online documentation is here: https://bind9.readthedocs.io/en/v9_16_34/reference.html That configuration

New BIND Releases are available: 9.16.35, 9.18.9, and 9.19.7

 Our November maintenance releases of BIND are available and can be downloaded from the ISC software download page, https://www.isc.org/download A summary of significant changes in the new releases can be found in their release notes: current supported stable branches:    9.16.35 -

Re: Inconsistent Behavior with 'forward first'

On 15. 11. 22 19:16, Chad Philip Johnson via bind-users wrote: Here are the details of my config--it should be a mostly-vanilla configuration. The design is such that there are two name servers on each subnet and only the name servers of one subnet may issue queries to nameservers on the other