Matus UHLAR - fantomas wrote:
>
> and in case of private/internal domain even logical - it's not useful to
> push DS records to parent, and even possible with 2 versions of the same
> zone.
You can have a secure delegation in the parent if you sign both versions
of the zone with the same KSK. (Th
On 08.02.18 19:12, Mark Andrews wrote:
You break a chain of trust by proving there is a insecure delegation.
that should be expected :-)
and in case of private/internal domain even logical - it's not useful to
push DS records to parent, and even possible with 2 versions of the same
zone.
N
You break a chain of trust by proving there is a insecure delegation.
NXDOMAIN is not a delegation.
The point on OPTOUT is to allow the parent zone to add and remove
insecure delegations without resigning.
Mark
> On 7 Feb 2018, at 11:26 pm, Tony Finch wrote:
>
> Pruned debug logs...
>
> vali
Thankyou,
Am 2018-02-08 hackte Warren Kumari in die Tasten:
> On Wed, Feb 7, 2018 at 7:41 AM, Tony Finch wrote:
>> Michelle Konzack wrote:
>>
>>> If someone is interested making a slave for me, I can do
>>> the same with him/her/whatelse.
>>
>> I'm cheap, so for my personal domains I use free se
On Wed, Feb 7, 2018 at 7:41 AM, Tony Finch wrote:
> Michelle Konzack wrote:
>
>> If someone is interested making a slave for me, I can do
>> the same with him/her/whatelse.
>
> I'm cheap, so for my personal domains I use free secondaries from
> https://puck.nether.net/dns/ and https://admin.grati
Guten Abend,
Am 2018-02-07 hackte Reindl Harald in die Tasten:
> Am 07.02.2018 um 18:38 schrieb Matus UHLAR - fantomas:
>> neither is possible for now. as I said, neither our customer not
>> itsupstream does maintain the domain.
>
> i will point at that case when someone asks why i insist of be re
Am 07.02.2018 um 18:38 schrieb Matus UHLAR - fantomas:
neither is possible for now. as I said, neither our customer not
itsupstream does maintain the domain.
i will point at that case when someone asks why i insist of be registrar
as well as dns-provider for anything i have to deal with it -
Matus UHLAR - fantomas wrote:
I wonder why does it do that. I have configured a zone to be type
forward and expected it to work as confdigured, not be validated
upstream.
On 07.02.18 14:14, Tony Finch wrote:
Validation is mostly independent of resolution, so even if you configure a
zone expli
Matus UHLAR - fantomas wrote:
>
> I wonder why does it do that. I have configured a zone to be type
> forward and expected it to work as confdigured, not be validated
> upstream.
Validation is mostly independent of resolution, so even if you configure a
zone explicitly, the validator will still g
On 07.02.18 12:26, Tony Finch wrote:
Aha! I think what's happening here is that BIND is expecting a NODATA
response, to indicate that there is a delegation without a DS record.
(For an example, `dig +dnssec +multiline europa.eu ds)
However the validator gets an NXDOMAIN response claiming the d
Hi there,
On Wed, 7 Feb 2018, Michelle Konzack wrote:
... Note: If someone is interested making a slave for me ...
Is there a reason you don't use e.g. he.net?
https://dns.he.net/
They do say of DNSSEC that they are "exploring this now" but it seems
to work for me.
--
73,
Ged.
__
Michelle Konzack wrote:
> If someone is interested making a slave for me, I can do
> the same with him/her/whatelse.
I'm cheap, so for my personal domains I use free secondaries from
https://puck.nether.net/dns/ and https://admin.gratisdns.com/
Tony.
--
f.anthony.n.finchhttp://dotat.at/ -
Ahoi Matus,
Am 2018-02-07 hackte Matus UHLAR - fantomas in die Tasten:
> yes. even web whois shows no 'nameserver' information.
>
> the name is "testa.eu".
Oi, the owner is the European Commission!
It seems, they have the privileg,
not to attribute Name Server to the domain.
A normal registrant
Pruned debug logs...
validating testa.eu/DS: looking for closest encloser
validating testa.eu/DS: NSEC3 QBQ65Q6097OCPPR0EUCQNSC1FHE073UA indicates
potential closest encloser: 'eu'
validating testa.eu/DS: NSEC3 QBQ65Q6097OCPPR0EUCQNSC1FHE073UA at super-domain
eu
validating testa.eu/DS: NSEC3 GLIB
Matus UHLAR - fantomas wrote:
>
> the name is "testa.eu".
OK, let's dig it (trimmed for relevance):
; <<>> DiG 9.13.0-dev <<>> +multiline +dnssec testa.eu
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39666
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 1
So we know t
Thanks for providing the domain name in question (testa.eu).
Indeed, port 43 whois shows no nameservers - neither does the web based
whois on whois.eurid.eu, though the name does exist in the 'eu' registry
system.
Dig gives me nothing either...
$ dig testa.eu ns +short
$ dig testa.eu ds +short
Am 07.02.2018 um 12:12 schrieb Reindl Harald:
Am 07.02.2018 um 12:07 schrieb Matus UHLAR - fantomas:
On 06/02/2018 16:31, Matus UHLAR - fantomas wrote:
what's the difference, when the domain doesn't exist?
is it because .eu is signed?
On 06.02.18 16:35, Ray Bellis wrote:
Perhaps, althou
Am 07.02.2018 um 12:07 schrieb Matus UHLAR - fantomas:
On 06/02/2018 16:31, Matus UHLAR - fantomas wrote:
what's the difference, when the domain doesn't exist?
is it because .eu is signed?
On 06.02.18 16:35, Ray Bellis wrote:
Perhaps, although I'm not sure why given that .eu is signed with
On 06/02/2018 16:31, Matus UHLAR - fantomas wrote:
what's the difference, when the domain doesn't exist?
is it because .eu is signed?
On 06.02.18 16:35, Ray Bellis wrote:
Perhaps, although I'm not sure why given that .eu is signed with NSEC3
and opt-out.
Are you *sure* that the domain doesn'
Am DATE hackte AUTHOR in die Tasten: Ray Bellis
> Perhaps, although I'm not sure why given that .eu is signed with NSEC3
> and opt-out.> On 06/02/2018 16:31, Matus UHLAR - fantomas wrote:
>
>> what's the difference, when the domain doesn't exist?
>>
>> is it because .eu is signed?
>
> Are you *sure
Hello Matus,
Am 2018-02-06 hackte Matus UHLAR - fantomas in die Tasten:
>>Am 2018-02-06 hackte Matus UHLAR - fantomas in die Tasten:
>>> our customer uses a domain that is registered, but hidden
>>> (doesn't exist in DNS).
>
> On 06.02.18 18:24, Michelle Konzack wrote:
>>I hope you know what are y
On 06/02/2018 16:31, Matus UHLAR - fantomas wrote:
> what's the difference, when the domain doesn't exist?
>
> is it because .eu is signed?
Perhaps, although I'm not sure why given that .eu is signed with NSEC3
and opt-out.
Are you *sure* that the domain doesn't now actually exist in the DNS?
Am 2018-02-06 hackte Matus UHLAR - fantomas in die Tasten:
our customer uses a domain that is registered, but hidden
(doesn't exist in DNS).
On 06.02.18 18:24, Michelle Konzack wrote:
I hope you know what are you doing, because the DNS MUST exist!
Please read the general conditions for the EU
Am 06.02.2018 um 17:24 schrieb Michelle Konzack:
Good evening,
Am 2018-02-06 hackte Matus UHLAR - fantomas in die Tasten:
Hello,
our customer uses a domain that is registered, but hidden
(doesn't exist in DNS).
I hope you know what are you doing, because the DNS MUST exist!
Please read the
Good evening,
Am 2018-02-06 hackte Matus UHLAR - fantomas in die Tasten:
> Hello,
>
> our customer uses a domain that is registered, but hidden
> (doesn't exist in DNS).
I hope you know what are you doing, because the DNS MUST exist!
Please read the general conditions for the EU Domain Registry!
On 06/02/2018 16:00, Matus UHLAR - fantomas wrote:
our customer uses a domain that is registered, but hidden
(doesn't exist in DNS).
The domain is used by multiple organizations and we are required to forward
lookups for the domain to foreign internal servers.
The problem is, that parent domain
Matus UHLAR - fantomas wrote:
>
> Is it currently possible to avoid validating this particular domain?
BIND 9.11 has support for negative trust anchors, but they are supposed to
be used as a temporary workaround to allow time for breakage to be fixed -
you'll probably find that the NTA support is
On 06/02/2018 16:00, Matus UHLAR - fantomas wrote:
> Hello,
>
> our customer uses a domain that is registered, but hidden
> (doesn't exist in DNS).
>
> The domain is used by multiple organizations and we are required to forward
> lookups for the domain to foreign internal servers.
>
> The proble
Am 06.02.2018 um 17:00 schrieb Matus UHLAR - fantomas:
our customer uses a domain that is registered, but hidden
(doesn't exist in DNS).
The domain is used by multiple organizations and we are required to forward
lookups for the domain to foreign internal servers.
The problem is, that parent
Hello,
our customer uses a domain that is registered, but hidden
(doesn't exist in DNS).
The domain is used by multiple organizations and we are required to forward
lookups for the domain to foreign internal servers.
The problem is, that parent domain (.eu) indicates that the domain is to be
si
30 matches
Mail list logo
