Re: cname for apex record

2024-12-24 Thread Stephane Bortzmeyer via bind-users 
On Tue, Dec 24, 2024 at 03:22:44PM +,
11;rgb://Cuttler, Brian R (HEALTH) via bind-users 
 wrote 
 a message of 593 lines which said:

> Stefane - thank you for your input as well, I'll recheck my
> delegation and see where we've lost proper delegation.

I used check-soa and a bit of dig but if you want a more
comprehensive report:

https://zonemaster.fr/en/result/d193191af470994d
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: cname for apex record

2024-12-24 Thread Stephane Bortzmeyer via bind-users 
On Tue, Dec 24, 2024 at 03:27:06PM +,
 Cuttler, Brian R (HEALTH) via bind-users  wrote 
 a message of 646 lines which said:

> Apologies, meant to write Stephane and not Stefane.

No problem, US-based people often miswrite it Stephanie :-)

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: cname for apex record

2024-12-24 Thread Stephane Bortzmeyer via bind-users 
On Tue, Dec 24, 2024 at 02:38:51PM +,
 Cuttler, Brian R (HEALTH) via bind-users  wrote 
 a message of 163 lines which said:

> The cname we create for our webserver
> www.wadsworth.org is working well.
> However, I've been asked if we can point the apex record at the
> external webserver.

There are a lot of configuration errors in the domain
wadsworth.org. Discrepancy in the list of authoritative name servers
between your zone and the parents, unresponding name servers,
non-existing name servers (!). I suggest to fix that before adding
things.

> If I'm understanding the docs I've looked at, there are ways if we
> had external DNS services, rather than the on-prem Bind server, or
> if bind supported the Alias RR.

Which is non-standardized and a specific feature of some DNS
hosters. In your case, the fact that you use BIND on the primary is
not the only factor, you would also have to consider your many (!)
secondaries.

> I'm looking for guidance on how to point the named domain name, the
> apex record at the IP addresses provided by the cname name we are
> using for our webserver.

No easy way, even on Christmas.
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Executive Order 14144 - encrypted DNS

2025-01-27 Thread Stephane Bortzmeyer via bind-users 
On Mon, Jan 27, 2025 at 12:55:08PM +,
 Marc  wrote 
 a message of 36 lines which said:

> What is this referring to DNSSEC?

The way I understand it, it is referring to DoH and DoT.

> What is the point of encrypting data with the current implementation
> of certificates.

I fail to see the relationship with certificates. But if you want a
complete analysis of privacy issues in DNS, read RFC 7626
.
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS hiccups

2025-04-15 Thread Stephane Bortzmeyer via bind-users 
On Tue, Apr 15, 2025 at 02:54:33PM +0200,
 Alessandro Vesely  wrote 
 a message of 46 lines which said:

> last night I sent 4 complaint messages to vodafone.com.  The first one 
> bounced like so:

Note that the name servers for mail.protection.outlook.com (the target
of the MX record) are quite broken, they return FORMERR for EDNS
questions. It may create problems.

% dig   @ns2-proddns.glbdns.protection.outlook.com.  
vodafone-com.mail.protection.outlook.com A  

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> 
@ns2-proddns.glbdns.protection.outlook.com. 
vodafone-com.mail.protection.outlook.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 20571
;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; WARNING: EDNS query returned status FORMERR - retry with '+noedns'

;; Query time: 12 msec
;; SERVER: 104.47.72.81#53(ns2-proddns.glbdns.protection.outlook.com.) (UDP)
;; WHEN: Tue Apr 15 15:53:29 CEST 2025
;; MSG SIZE  rcvd: 12


% dig +noedns  @ns2-proddns.glbdns.protection.outlook.com.  
vodafone-com.mail.protection.outlook.com A

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> +noedns 
@ns2-proddns.glbdns.protection.outlook.com. 
vodafone-com.mail.protection.outlook.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57194
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;vodafone-com.mail.protection.outlook.com. IN A

;; ANSWER SECTION:
vodafone-com.mail.protection.outlook.com. 10 IN A 52.101.73.4
vodafone-com.mail.protection.outlook.com. 10 IN A 52.101.68.16
vodafone-com.mail.protection.outlook.com. 10 IN A 52.101.73.11
vodafone-com.mail.protection.outlook.com. 10 IN A 52.101.68.18

;; Query time: 16 msec
;; SERVER: 104.47.72.81#53(ns2-proddns.glbdns.protection.outlook.com.) (UDP)
;; WHEN: Tue Apr 15 15:53:34 CEST 2025
;; MSG SIZE  rcvd: 282
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users