Re: after DS RECORD publish/verify, DSStatus stuck @ "rumoured" after manual `rndc dnssec -checkds` update ?

I exec rndc dnssec -checkds -key 63917 published example.com IN external with dnssec loglevel -> debug, on exec, in logs 2022-10-21T16:55:22.690603-04:00 ns named[36683]: 21-Oct-2022 16:55:22.689 dnssec: debug 1: keymgr: examine KSK example.com/ECDSAP256SHA256/63917 type DS in state R

after DS RECORD publish/verify, DSStatus stuck @ "rumoured" after manual `rndc dnssec -checkds` update ?

with bind 9.18, config'd for dnssec-policy automated signing, I've a dnssec signed zone, rndc dnssec -status example.com IN external dnssec-policy: test current time: Fri Oct 21 16:14:06 2022 key: 47219 (ECDSAP256SHA256), ZSK

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

Anand, there are two layers- Google certainly doesn’t do anything wrong, but they would do a world a favor if there was a stronger push towards compliance with DNS protocol. On the authoritative side - it’s certainly true that neither DNS Cookies nor NSID is mandatory, but the part that is man

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

Am Fri, Oct 21, 2022 at 01:21:36PM +0200 schrieb Borja Marcos: > But tell your customer that their email message didn’t arrive on time because > the recipient has a misconfigured DNS server and > try to explain to them that, yes, Google resolved it successfully but you are > working for the commo

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

On 21/10/2022 14:04, Hugo Salgado wrote: But wasn't it exactly the idea with the 2019 DNS Flag Day campaign? http://www.dnsflagday.net/2019/ I see Google's name there, so I would expect their commitment to refuse to solve incorrect domains. They do a skinny favor to all the Internet by retur

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

> > On 21 Oct 2022, at 12:23, Ondřej Surý wrote: > > > > What you are really saying that we should dance how tech giants whistle, > > and I don’t think succumbing to tech giants is a good strategy long term. > > Not at all and I agree with you. > > But tell your customer that their email mess

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

> On 21 Oct 2022, at 12:23, Ondřej Surý wrote: > > What you are really saying that we should dance how tech giants whistle, and > I don’t think succumbing to tech giants is a good strategy long term. Not at all and I agree with you. But tell your customer that their email message didn’t arr

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

What you are really saying that we should dance how tech giants whistle, and I don’t think succumbing to tech giants is a good strategy long term. Ondřej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your no

Re: FORMERR responses after upgrading resolver from 9.16 to 9.18.8

> On 21 Oct 2022, at 03:51, Mark Andrews wrote: > >> >> Of course I would prefer to upgrade back to 9.18.X, but I guess I won't be able to find all EDNS0 incompatible servers and loosing customers to 8.8.8.8 - which is able to resolve these names.. >>> This is kind of moot ar