Re: CNAME and IPv6

2024-05-29 Thread Marco Moock
Am 30.05.2024 um 00:47:56 Uhr schrieb Peter: > On Wed, May 29, 2024 at 12:20:09PM +0200, Matus UHLAR - fantomas > wrote: ! > On Tue, May 28, 2024 at 09:09:20PM +0200, Marco Moock > wrote: ! > > rinetd manages 2 separate connections and should work > with PMTUD. ! > ! On 28.05.24 22:17, Peter wrot

Re: CNAME and IPv6

2024-05-29 Thread Peter
On Wed, May 29, 2024 at 12:20:09PM +0200, Matus UHLAR - fantomas wrote: ! > On Tue, May 28, 2024 at 09:09:20PM +0200, Marco Moock wrote: ! > > rinetd manages 2 separate connections and should work with PMTUD. ! ! On 28.05.24 22:17, Peter wrote: ! > I'm wondering how it would. The connections are T

Re: issue with forwarder zones

2024-05-29 Thread Greg Choules via bind-users
Hi Brian. We're going to need some details please, like for starters: - What's the domain being queried? - A network diagram showing where your BIND server is and what it's forwarding to. - IP addresses of everything. - A packet capture (binary pcap format, not a snippet or a screenshot) from your

issue with forwarder zones

2024-05-29 Thread Cuttler, Brian R (HEALTH) via bind-users
My bad - I'd mailed this mistakenly to an individual and not the list. --- I am currently running BIND 9.18.18-0ubuntu0.22.04.2-Ubuntu. I am sometimes seeing that I don't have resolution for some FQDN in forwarder zones. Usually it works, sometimes I don't get resolution. Interesting I failed

Re: [DNSSEC] testing KASP

2024-05-29 Thread Petr Špaček
On 29. 05. 24 11:31, adrien sipasseuth wrote: Only if KSK has DSState: rumoured. If the DSState is hidden it means that it is not expected to be in the parent (for example because the DNSKEY has not yet been fully propagated). > Do you need to withdraw the old key too immediatly ? anything els

Re: CNAME and IPv6

2024-05-29 Thread Matus UHLAR - fantomas
On Tue, May 28, 2024 at 09:09:20PM +0200, Marco Moock wrote: rinetd manages 2 separate connections and should work with PMTUD. On 28.05.24 22:17, Peter wrote: I'm wondering how it would. The connections are TCP, the PMTU works via ICMP6. No, Path MTU discovery works with TCPv4 using ICMPv4 a

Re: [DNSSEC] testing KASP

2024-05-29 Thread adrien sipasseuth
Only if KSK has DSState: rumoured. If the DSState is hidden it means that it is not expected to be in the parent (for example because the DNSKEY has not yet been fully propagated). > Do you need to withdraw the old key too immediatly ? anything else to do ? >>> Do you mean withdraw the old DS?