Hi.
I have a primary and a secondary set up on debian 12.
They both seem to work.
They are authoratative for my own domain that is used to redirect local
traffic to local servers.
There are no (inbound) contact from the outside to bind.
I then have a postfix server, where I need to run a loca
Am Wed, 19 Feb 2025 10:58:14 +0100
schrieb Danjel Jungersen via bind-users :
> But if I change /etc/resolv.conf to 127.0.0.1 something happens
> If I do a dig or ping from my postfixbox to something that the 2 main
> bind-boxes are authoratative for, it doesn't work.
Please sniff the DNS traffic
On 19-02-2025 11:11, Marco Moock wrote:
Am Wed, 19 Feb 2025 10:58:14 +0100
schrieb Danjel Jungersen via bind-users :
But if I change /etc/resolv.conf to 127.0.0.1 something happens
If I do a dig or ping from my postfixbox to something that the 2 main
bind-boxes are authoratative for, it doesn't
The posix boxes are validating the responses and your zone is not properly
delegated/signed so DNSSEC validation fails.
What does the following return?
dig +cd +dnssec mail.jungersen.dk
The answer on the internet is signed.
--
Mark Andrews
> On 19 Feb 2025, at 21:21, Danjel Jungersen via
On 19-02-2025 11:44, Mark Andrews wrote:
The posix boxes are validating the responses and your zone is not properly
delegated/signed so DNSSEC validation fails.
Is there a way to overcome this?
They are not delegated, since they are not public.
- Or am I missing something?
But explains why exte
Hi Danjel.
To obtain a packet capture use tcpdump, which is probably installed
already. If not, add it using your preferred package manager.
You can dump to the screen, but I find it more useful to dump to a file,
which can then be analysed offline in Wireshark.
A typical capture command might be:
You can install a negative trust anchor or sign the zone so that DNSSEC
validation works. The zone exists in the public DNS. You can use the same key
material or use different key material and publish multiple DS records for both
the private and public DNSKEYs.
The later will allow DNSSEC vali
On Tue, Feb 18, 2025 at 07:20:26PM -0500, Michael Richardson wrote:
! There is also https://www.rfc-editor.org/info/rfc9632.
!
! This document specifies how to augment the Routing Policy Specification
! Language (RPSL) inetnum: class to refer specifically to geofeed
! comma-separated values
> From: bind-users on behalf of Duan Duan
> via bind-users
>
> Hey Guys,
>
> I am upgrading my bind version from 9.11.0 to 9.18.31.
>
> But I have some questions about Access Control Lists(acls).
>
> I am in version 9.11.0 acl file is like this
>
> root@hz#cat tsg_acl
> acl "tsg_acl" {
>
Hey Guys,
I am upgrading my bind version from 9.11.0 to 9.18.31.
But I have some questions about Access Control Lists(acls).
I am in version 9.11.0 acl file is like this
root@hz#cat tsg_acl
acl "tsg_acl" {
ecs 10.56.21.236/30;
};
But when I upgraded to version 9.18.31, it reported an
On 19 February 2025 13:01:01 CET, Mark Andrews wrote:
>You can install a negative trust anchor or sign the zone so that DNSSEC
>validation works. The zone exists in the public DNS. You can use the same key
>material or use different key material and publish multiple DS records for
>both the p
1422807...@qq.com
-- --
??:
"stuart@registry.godaddy"
> On 20 Feb 2025, at 17:35, Danjel Jungersen wrote:
>
>
>
> On 19 February 2025 13:01:01 CET, Mark Andrews wrote:
> >You can install a negative trust anchor or sign the zone so that DNSSEC
> >validation works. The zone exists in the public DNS. You can use the same
> >key material or use d
13 matches
Mail list logo
