dnssec-policy default - where/how to determine what all its settings are?
dnssec-policy default - where/how to determine what all its settings are? Documentation doc/bind9-doc/arm/reference.html#dnssec-policy-default https://bind9.readthedocs.io/en/v9.18.27/reference.html#dnssec-policy-default says: A verbose copy of this policy may be found in the source tree, in the file doc/misc/dnssec-policy.default.conf But I'm not finding that in source nor elsewhere. There doesn't even seem to be an rndc command that can list defined dnssec-policy sets that are in place, nor that can list how they're configured. This information should be much more visible/findable, so ... where is it? I'm sure it must be present somewhere in the source, but haven't easily located it by searching. Shouldn't be necessary to run debugging to track down where this is and where in the source it comes from. So ... where does one find it? I've been looking at Debian BIND9 packages: bind9 1:9.18.24-1 bind9-doc 1:9.18.24-1 and also ISC BIND 9.18.24 source and 9.18.27 source and documentation. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dnssec-policy default - where/how to determine what all its settings are?
Ah, thanks! Yeah, that's what I was looking to find: https://github.com/isc-projects/bind9/blob/main/doc/misc/dnssec-policy.default.conf https://gitlab.isc.org/isc-projects/bind9/-/blob/main/doc/misc/dnssec-policy.default.conf Alas, not in the ISC distribution tarballs, and the documentation refers to doc/misc/dnssec-policy.default.conf without indicating where to find that. On Thu, Jun 6, 2024 at 8:31 AM Andrew Latham wrote: > > I took a quick look > > * > https://github.com/isc-projects/bind9/blob/main/doc/misc/dnssec-policy.default.conf > * > https://gitlab.isc.org/isc-projects/bind9/-/blob/main/doc/misc/dnssec-policy.default.conf > > On Thu, Jun 6, 2024 at 8:19 AM Michael Paoli via bind-users > wrote: >> >> dnssec-policy default - where/how to determine what all its settings are? >> Documentation >> doc/bind9-doc/arm/reference.html#dnssec-policy-default >> https://bind9.readthedocs.io/en/v9.18.27/reference.html#dnssec-policy-default >> says: >> A verbose copy of this policy may be found in the source tree, in the >> file doc/misc/dnssec-policy.default.conf >> But I'm not finding that in source nor elsewhere. >> There doesn't even seem to be an rndc command that can list >> defined dnssec-policy sets that are in place, nor that >> can list how they're configured. This information should be much more >> visible/findable, so ... where is it? I'm sure it must be present >> somewhere in the source, but haven't easily located it by searching. >> Shouldn't be necessary to run debugging to track down where this is >> and where in the source it comes from. So ... where does one find it? >> >> I've been looking at Debian BIND9 packages: >> bind9 1:9.18.24-1 >> bind9-doc 1:9.18.24-1 >> and also ISC BIND 9.18.24 source and 9.18.27 source and documentation. >> -- >> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from >> this list >> >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ for more information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > > > > -- > - Andrew "lathama" Latham - -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
named -C, ...: Re: dnssec-policy default - where/how to determine what all its settings are?
Excellent, thanks, looks like that very well covers it (and also the "insecure" policy too). And https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9092/diffs looks good ... including Suzanne Goldlust's additional suggestions too. Thanks! On Fri, Jun 7, 2024 at 1:08 AM Petr Špaček wrote: > > Hello, > > and thank you for reaching out. I agree this was poorly documented. > > In recent versions you can use command `named -C` which prints out > default configuration, including the default DNSSEC policy. > > I'm going to update documentation to reflect that: > https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9092/diffs > > Petr Špaček > Internet Systems Consortium > > On 06. 06. 24 21:01, Michael Paoli via bind-users wrote: > > Ah, thanks! > > > > Yeah, that's what I was looking to find: > > https://github.com/isc-projects/bind9/blob/main/doc/misc/dnssec-policy.default.conf > > https://gitlab.isc.org/isc-projects/bind9/-/blob/main/doc/misc/dnssec-policy.default.conf > > Alas, not in the ISC distribution tarballs, > > and the documentation refers to > > doc/misc/dnssec-policy.default.conf > > without indicating where to find that. > > > > On Thu, Jun 6, 2024 at 8:31 AM Andrew Latham wrote: > >> > >> I took a quick look > >> > >> * > >> https://github.com/isc-projects/bind9/blob/main/doc/misc/dnssec-policy.default.conf > >> * > >> https://gitlab.isc.org/isc-projects/bind9/-/blob/main/doc/misc/dnssec-policy.default.conf > >> > >> On Thu, Jun 6, 2024 at 8:19 AM Michael Paoli via bind-users > >> wrote: > >>> > >>> dnssec-policy default - where/how to determine what all its settings are? > >>> Documentation > >>> doc/bind9-doc/arm/reference.html#dnssec-policy-default > >>> https://bind9.readthedocs.io/en/v9.18.27/reference.html#dnssec-policy-default > >>> says: > >>> A verbose copy of this policy may be found in the source tree, in the > >>> file doc/misc/dnssec-policy.default.conf > >>> But I'm not finding that in source nor elsewhere. > >>> There doesn't even seem to be an rndc command that can list > >>> defined dnssec-policy sets that are in place, nor that > >>> can list how they're configured. This information should be much more > >>> visible/findable, so ... where is it? I'm sure it must be present > >>> somewhere in the source, but haven't easily located it by searching. > >>> Shouldn't be necessary to run debugging to track down where this is > >>> and where in the source it comes from. So ... where does one find it? > >>> > >>> I've been looking at Debian BIND9 packages: > >>> bind9 1:9.18.24-1 > >>> bind9-doc 1:9.18.24-1 > >>> and also ISC BIND 9.18.24 source and 9.18.27 source and documentation. > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
