Re: bind vulnerabilities

from isc https://kb.isc.org/docs/aa-00913 [https://cdn.document360.io/956e37e2-5ec0-4942-8b27-35533899f099/Images/Documentation/ISC-logo-rgb-2048x1149.png] BIND 9 Security Vulnerability Matrix - Security Advisories kb.isc.org

bind vulnerabilities

According to the article below, only the: "BIND 9.11.31, 9.16.15, and 9.17.12 all contain patches and the appropriate update should be applied" https://www.zdnet.com/google-amp/article/isc-urges-updates-of-dns-servers-to-wipe-out-new-bind-vulnerabilities/ Is this statement correct? -- Elias Pere

Re: DNSSEC upgrade

Thank you! I have now corrected our ancient internal wiki so we now have learned how it goes Very much appreciate your patience and help, now I can start my weekend :-> On Sat, May 1, 2021 at 10:31 PM Tony Finch wrote: > Edwardo Garcia wrote: > > > > So you mean to say when it print out > > >

Re: DNSSEC upgrade

Edwardo Garcia wrote: > > So you mean to say when it print out > > IN DS 45701 13 1 5422E9... > IN DS 45701 13 2 qwertyE9... > > we never needed 45701 13 1 5422E9 only 45701 13 2 qwertyE9 ? Exactly, yes! > and we only need run > > dig @ns0 dnskey guiltyparty.net | dnssec-dsfromkey -2 -f - g

Re: DNSSEC upgrade

OKi, I assume that was same as dig @ns0 dnskey guiltyparty.net | dnssec-dsfromkey -f - guiltyparty.net Which is in our internals wiki for all these years (predate my employment 2012 ) So you mean to say when it print out IN DS 45701 13 1 5422E9... IN DS 45701 13 2 qwertyE9... we never needed

Re: DNSSEC upgrade

Edwardo Garcia wrote: > One thing I note, all check say everything is good, but when using dnsviz, > it says secure, shows the ecd... but also puts up warnings that I am using > alg 13 but digest 1 (sha1), which is not allowed, I guess the "digest 1" is referring to your DS records. In my guide