Re: .onion and dnssec

2019-11-15 Thread Petr Mensik
Hello Erich, more below. On 11/12/19 2:22 PM, Erich Eckner wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, 12 Nov 2019, Tony Finch wrote: Erich Eckner wrote: I have also a hard time, generating some useful debug output - setting `-d 9` does not give additional information i

Re: .onion and dnssec

2019-11-12 Thread Tony Finch
Erich Eckner wrote: > > To my understanding, the difference between "forward first;" and "forward > only;" is, that the former caches and the latter forwards all queries. > However, I see the same behaviour in the log for both. Where is my mistake? My understanding is that first vs. only is relat

Re: .onion and dnssec

2019-11-12 Thread Erich Eckner
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, 12 Nov 2019, Tony Finch wrote: Erich Eckner wrote: I have also a hard time, generating some useful debug output - setting `-d 9` does not give additional information in the system log. You might find it is being written to the file na

Re: .onion and dnssec

2019-11-12 Thread Tony Finch
Erich Eckner wrote: > I have also a hard time, generating some useful debug output > - setting `-d 9` does not give additional information in the system log. You might find it is being written to the file named.run in named's working directory (this is the default_debug logging channel configura

Re: .onion and dnssec

2019-11-11 Thread Erich Eckner
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Tony, On Mon, 11 Nov 2019, Tony Finch wrote: Erich Eckner wrote: However, I encounter the issue here: https://lists.isc.org/mailman/htdig/bind-users/2011-November/085536.html If you are running 9.14 (or newer) you can use the validate-exc

Re: .onion and dnssec

2019-11-11 Thread Tony Finch
Erich Eckner wrote: > > However, I encounter the issue here: > https://lists.isc.org/mailman/htdig/bind-users/2011-November/085536.html If you are running 9.14 (or newer) you can use the validate-except configuration option. In older versions you can use `rndc nta` but that is very inconvenient i

.onion and dnssec

2019-11-11 Thread Erich Eckner
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I'm running a recursive bind (root hint, several master zones for opennic tlds) and would like to extend it by resolving .onion addresses through my tor node. Naively, I tried to add this to my config file: zone "onion" IN { type forwa