> Having said that, I wonder if people have some preference or even policy
> which mandates specific base image?
Yes. We're using a certified ubi8-minimal image for the finalized
docker by mandate and a bit of preference. Base image is 90M deployed
with BIND 9.18.29 is 258M (uncompressed). In t
For what it's worth this is how we build our dockers, with a builder
and then the runner. IMO it's cleaner that way and not much more
complicated. We'll continue to roll our own though so no real dog in
this fight.
Peter
On Tue, Aug 27, 2024 at 1:28 PM Ondřej Surý wrote:
>
> > On 27. 8. 2024,
The DS for the new key is only rumored. I believe you want a `rndc
dnssec -checkds -key 48266 published` and maybe another to withdraw
the 50277 key.
Peter
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with
lly
remove that and opt for my own manual rndc config.
Peter
On Tue, Jan 22, 2019 at 12:35 PM Jordan Tinsley
wrote:
> Thank you for the information! Also, do I need to use the {-chroot}
> portion?
>
>
>
> Thanks,
>
> Jordan
>
>
>
> *From:* Peter DeVries
>
You didn't mention your OS. I'm assuming Redhat Linux. The files you are
looking for are /usr/lib/systemd/system/named{-chroot}.service. The files
are not included in the BIND source. The easiest thing is to pull them out
of one of the existing redhat BIND packages and edit for your needs. Th
They are probably using a load balancer of some sort that is choosing
between multiple systems and directing you to the one closest or no under
load at the moment. The low TTL is usually a sign of this as well.
On Mon, Aug 6, 2018 at 2:12 PM, Bhangui, Sandeep - BLS CTR <
bhangui.sand...@bls.go
You're going to have to provide more information than that. What isn't
working from your internet perspective?
Looks fine from where I'm sitting.
; <<>> DiG 9.11.2-P1 <<>> cyberia.net.sa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4586
;; flags: qr
+cd disables DNSSEC validation. You are running some very old versions of
dig in some cases which don't have dnssec support. The 9.9 version of dig
you have on at least one server should work.
What version of BIND server are you running on the problematic system?
On Thu, May 31, 2018 at 8:18 P
It's messy to be sure but it's not failing validation on any of the systems
I'm testing on (no AD bit because the CNAMEs aren't signed but no SERVFAIL
either)(. I see a bunch of dig versions in your posting (9.3?). What
version BIND is the server running?
On Thu, May 31, 2018 at 5:51 PM, Warren
9 matches
Mail list logo
