On 8/04/2023 4:27 am, Jason Vas Dias wrote:
I have converted the excellent hosts file at
https://someonewhocares.org/hosts/
to a Response Policy Zone (RPZ) file served by my
local named that ends:
*.google-analytics.com A 0.0.0.0
*.clarity.ms A 0.0.0.0
*.adtelligent.com A 0.0.0.0
On 12/04/2023 7:51 pm, Petr Špaček wrote:
There is a philosophical question whether this is something a DNS
server should do.
You make a very good point.
There are external tools which can automate zone scan, e.g.
https://github.com/CZ-NIC/fred-cdnskey-scanner
It hadn't occurred to me to lo
> On 13 Apr 2023, at 06:44, Mark Andrews wrote:
>
>
>
>> On 13 Apr 2023, at 03:19, Fred Morris wrote:
>>
>> TLDR: NS records occur above and below zone cuts.
>>
>> On Wed, 12 Apr 2023, John Thurston wrote:
>>>
>>> We have authority over state.ak.us, which we publish as a public zone. We
On 13/04/2023 5:58 am, Havard Eidnes via bind-users wrote:
I suspect you don't need the NS records in challenge.state.ak.us and
if you remove them then the records in challenge.state.ak.us are
simply part of the state.ak.us zone since they're served off of the
same server.
Unfortunately "not qui
> On 13 Apr 2023, at 03:19, Fred Morris wrote:
>
> TLDR: NS records occur above and below zone cuts.
>
> On Wed, 12 Apr 2023, John Thurston wrote:
>>
>> We have authority over state.ak.us, which we publish as a public zone. We
>> also publish challenge.state.ak.us as a public zone.
>>
>> Th
> I suspect you don't need the NS records in challenge.state.ak.us and
> if you remove them then the records in challenge.state.ak.us are
> simply part of the state.ak.us zone since they're served off of the
> same server.
Unfortunately "not quite".
While a publishing name server will respond wit
it'll matter when you decide to add DNSSEC to the zone, and it's also
good hygiene in the absence of DNSSEC so that any future maintainer
can be reminded that there is a subdomain at that name when looking at
the parent.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe fro
TLDR: NS records occur above and below zone cuts.
On Wed, 12 Apr 2023, John Thurston wrote:
We have authority over state.ak.us, which we publish as a public zone. We
also publish challenge.state.ak.us as a public zone.
The public NS records for state.ak.us are: ns4.state.ak.us and
ns3.state
On Wed, Apr 12, 2023 at 05:41:33PM +0100, David Carvalho via bind-users wrote:
> After reverting my primary dns configuration, and asking my provider to
> remove the DNSKEY, I had to include dnssec-validation no; otherwise it would
> keep answering with SERVFAIL
>
> I noticed the server was consta
Hello, again.
Guys, sorry once again, but my dnssec implementation didn't work out.
Using 9.16.23 (I have that problem of keys being regenerated every restart,
but I'll learn to sign the zone later using the original key- Bug solved in
version 9.16.30).
After providing my DNSKEY record to
I uncovered an oddity in my zone definitions, which I'm trying to wrap
my head around.
We have authority over state.ak.us, which we publish as a public zone.
We also publish challenge.state.ak.us as a public zone.
The public NS records for state.ak.us are: ns4.state.ak.us and
ns3.state.ak.us
On 12. 04. 23 5:38, Nick Tait via bind-users wrote:
I'm currently running a few DNSSEC zones in BIND using dnssec-policy
option, albeit with an unlimited lifetime on the KSK, so that I can
control KSK roll-overs (which is necessary because my Registrar doesn't
support RFC 7344)...
Anyway I kn
12 matches
Mail list logo