Client object identifier Bind 9.11

Hello, I've been noticed a different information on queries.log file in compare with older bind versions. I was looking for this on internet and I found out it's named as client object identifier and formed by a fixed string @0x7 plus a hexadecimal number, as in the example below. 29-Aug-2019 0

Re: RPZ and forward zone trouble

ollowing if you have not already. I may not be correctly understanding your explanation, and this document is specifically about limitations and unexpected behaviors of this functionality, https://kb.isc.org/docs/aa-00862 ) On Mon, Mar 25, 2019 at 4:45 PM Miguel Mucio Santos Moreira wrote: > >

Re: RPZ and forward zone trouble

nte protegida. O uso impróprio será tratado conforme as normas da empresa e a legislação em vigor. Caso não seja o destinatário, favor notificar o remetente, ficando proibidas a utilização, divulgação, cópia e distribuição. Em Segunda, Março 25, 2019 18:37 -03, Lee escreveu:On 3/25/19, Miguel Mucio S

RPZ and forward zone trouble

Hello everybody! I have a problem with DNS-RPZ and forward zone working together. I've created a rpz zone with the following trigger on my recursive DNS Server: 18.0.0.198.200.rpz-nsip IN CNAME rpz-passthru. It means any query response comming from a DNS Server which IP address matching with th

Re: best security practices

Hi sashk, I recommend NIST Secure Domain Name System Guide, follow bellow link to get it. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-81-2.pdf See ya -- Miguel Moreira Gerente DPR/SRE/GSR - Gerência de Serviços de Rede +55(31)3339-1401 PRODEMGE - Companhia de Tecnolog

Re: NTA (Negative Trust Anchor) lifetime

Thanks everybody. See you! -- Miguel Moreira Gerente DPR/SRE/GSR - Gerência de Serviços de Rede +55(31)3339-1401 PRODEMGE - Companhia de Tecnologia da Informação do Estado de Minas Gerais Aviso: Esta mensagem é destinada exclusivamente para a(s) pessoa(s) a quem é dirigida, podendo conte

NTA (Negative Trust Anchor) lifetime

Hi folks I'd like to know if it's possible to use NTA (Negative Trust Anchor) in a way I can set it's lifetime as unlimited for a specific domain. I have a situation that will be necessary to keep this kind of configuration at least for 3 months. Thanks in advance Cheers!   -- Miguel Moreir

Re: broken trust chain on forwarder

Dears, Once I've tried to use stub zone to solve the same kind of problem with no success. John if it works for you tell us what you did. Thanks -- Miguel Mucio Santos Moreira Gerente GSR - Gerência de Serviços de Rede (31)3339-1401 PRODEMGE - Companhia de Tecnologia da Informaç

Re: broken trust chain on forwarder

recursive server to stc.corp Authoritative Server. When he disables DNSSEC on recursive server the problem doesn't happen. Right John? If you can't sign stc.corp zone because it's not yours, my workaround solution I've sent an email before probably is gonna work. See you

Re: broken trust chain on forwarder

but with DNSSEC disabled and for any other domain (INTERNET) the first layer forward queries to the second layer which has DNSSEC enabled. Obviously the second option is a workaround and should be avoided. Good luck! See you! -- Miguel Mucio Santos Moreira Gerente GSR - Gerência de Serviços de